Merge pull request #1125 from microsoft/dev/qmuntal/go120tls13

[release-branch.go1.20] Support TLS 1.3 in fipstls mode
microsoft · Feb 5, 2024 · 3fffba3 · 3fffba3
2 parents 947ab30 + 9ecc1ca
commit 3fffba3
Show file tree

Hide file tree

Showing 4 changed files with 365 additions and 13 deletions.
diff --git a/eng/doc/fips/UserGuide.md b/eng/doc/fips/UserGuide.md
@@ -53,12 +53,12 @@ The Go crypto documentation is available online at https://pkg.go.dev/crypto.
     - [crypto/sha512](#cryptosha512)
       - [func New](#func-new-3)
       - [func New384](#func-new384)
-      - [func New512_224](#func-new512_224)
-      - [func New512_256](#func-new512_256)
+      - [func New512\_224](#func-new512_224)
+      - [func New512\_256](#func-new512_256)
       - [func Sum384](#func-sum384)
       - [func Sum512](#func-sum512)
-      - [func Sum512_224](#func-sum512_224)
-      - [func Sum512_256](#func-sum512_256)
+      - [func Sum512\_224](#func-sum512_224)
+      - [func Sum512\_256](#func-sum512_256)
     - [crypto/rsa](#cryptorsa)
       - [func DecryptOAEP](#func-decryptoaep)
       - [func DecryptPKCS1v15](#func-decryptpkcs1v15)
@@ -1235,18 +1235,22 @@ Package tls will automatically use FIPS compliant primitives implemented in othe
 
 When using TLS in FIPS-only mode the TLS handshake has the following restrictions:
 
-- TLS versions: `tls.VersionTLS12`
+- TLS versions:
+  - `tls.VersionTLS12`
+  - `tls.VersionTLS13`
 - ECDSA elliptic curves:
   - `tls.CurveP256`
   - `tls.CurveP384`
   - `tls.CurveP521`
 - Cipher suites:
-  - `tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
-  - `tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
-  - `tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`
-  - `tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`
-  - `tls.TLS_RSA_WITH_AES_128_GCM_SHA256`
-  - `tls.TLS_RSA_WITH_AES_256_GCM_SHA384`
+  - TLS 1.2:
+    - `tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`
+    - `tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`
+    - `tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
+    - `tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
+  - TLS 1.3:
+    - `tls.TLS_AES_128_GCM_SHA256`
+    - `tls.TLS_AES_256_GCM_SHA384`
 - x509 certificate public key:
   - `rsa.PublicKey` with a bit length of 2048 or 3072. Bit length of 4096 is still not supported, see [this issue](https://github.com/golang/go/issues/41147) for more info.
   - `ecdsa.PublicKey`  with a supported elliptic curve.

diff --git a/go b/go
diff --git a/patches/0004-Add-BoringSSL-crypto-backend.patch b/patches/0004-Add-BoringSSL-crypto-backend.patch
@@ -72,7 +72,7 @@ index 00000000000000..ba4f290a8e394d
 +
 +func NewAESCipher(key []byte) (cipher.Block, error) { return boring.NewAESCipher(key) }
 +func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { return boring.NewGCMTLS(c) }
-+func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { return boring.NewGCMTLS13(c) }
++func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { panic("cryptobackend: not available") }
 +
 +type PublicKeyECDSA = boring.PublicKeyECDSA
 +type PrivateKeyECDSA = boring.PrivateKeyECDSA
+11 −17		src/crypto/internal/boring/Dockerfile
+1 −1		src/crypto/internal/boring/LICENSE
+3 −4		src/crypto/internal/boring/README.md
+7 −22		src/crypto/internal/boring/aes.go
+1 −1		src/crypto/internal/boring/build-goboring.sh
+0 −6		src/crypto/internal/boring/build.sh
+0 −2		src/crypto/internal/boring/goboringcrypto.h
+0 −1		src/crypto/internal/boring/notboring.go
+ −		src/crypto/internal/boring/syso/goboringcrypto_linux_amd64.syso
+ −		src/crypto/internal/boring/syso/goboringcrypto_linux_arm64.syso
+11 −15		src/crypto/tls/boring.go
+18 −51		src/crypto/tls/boring_test.go
+1 −7		src/crypto/tls/cipher_suites.go
+1 −3		src/crypto/tls/handshake_client.go
+4 −0		src/crypto/tls/handshake_client_tls13.go
+9 −19		src/crypto/tls/handshake_server_test.go
+4 −3		src/crypto/tls/handshake_server_tls13.go
+0 −2		src/crypto/tls/notboring.go
+2 −2		src/crypto/x509/boring.go
+30 −5		src/crypto/x509/verify_test.go
+4 −0		src/runtime/export_test.go
+115 −93		src/runtime/lockrank.go
+34 −8		src/runtime/mklockrank.go
+2 −0		src/runtime/proc.go
+47 −5		src/runtime/rwmutex.go
+4 −0		src/runtime/rwmutex_test.go