From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 20 Nov 2019 22:16:28 +0000 (-0500)
Subject: [dev.boringcrypto] all: merge master into dev.boringcrypto
X-Git-Tag: go1.19beta1~484^2~96
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=6657395adf;p=gostls13.git

[dev.boringcrypto] all: merge master into dev.boringcrypto

Move the import in cipher_suites.go up where it's less likely to ever
conflict again, and remove the equivalent import from common.go, again
to reduce the likeliness of future conflicts.

Change-Id: Ib05daba7ba6ce81f665a44185b53a6e083f7c693
---

6657395adf3b709b8a196853d87e756288a5d8c8
diff --cc src/crypto/tls/boring.go
index 95256b19f7,0000000000..d61deb5b81
mode 100644,000000..100644
--- a/src/crypto/tls/boring.go
+++ b/src/crypto/tls/boring.go
@@@ -1,128 -1,0 +1,132 @@@
 +// Copyright 2017 The Go Authors. All rights reserved.
 +// Use of this source code is governed by a BSD-style
 +// license that can be found in the LICENSE file.
 +
 +package tls
 +
 +import (
 +	"crypto/ecdsa"
++	"crypto/internal/boring"
 +	"crypto/internal/boring/fipstls"
 +	"crypto/rsa"
 +	"crypto/x509"
 +)
 +
++// boringEnabled is an alias of boring.Enabled to avoid a new import in common.go.
++const boringEnabled = boring.Enabled
++
 +// needFIPS returns fipstls.Required(); it avoids a new import in common.go.
 +func needFIPS() bool {
 +	return fipstls.Required()
 +}
 +
 +// fipsMinVersion replaces c.minVersion in FIPS-only mode.
 +func fipsMinVersion(c *Config) uint16 {
 +	// FIPS requires TLS 1.2.
 +	return VersionTLS12
 +}
 +
 +// fipsMaxVersion replaces c.maxVersion in FIPS-only mode.
 +func fipsMaxVersion(c *Config) uint16 {
 +	// FIPS requires TLS 1.2.
 +	return VersionTLS12
 +}
 +
 +// default defaultFIPSCurvePreferences is the FIPS-allowed curves,
 +// in preference order (most preferable first).
 +var defaultFIPSCurvePreferences = []CurveID{CurveP256, CurveP384, CurveP521}
 +
 +// fipsCurvePreferences replaces c.curvePreferences in FIPS-only mode.
 +func fipsCurvePreferences(c *Config) []CurveID {
 +	if c == nil || len(c.CurvePreferences) == 0 {
 +		return defaultFIPSCurvePreferences
 +	}
 +	var list []CurveID
 +	for _, id := range c.CurvePreferences {
 +		for _, allowed := range defaultFIPSCurvePreferences {
 +			if id == allowed {
 +				list = append(list, id)
 +				break
 +			}
 +		}
 +	}
 +	return list
 +}
 +
 +// default FIPSCipherSuites is the FIPS-allowed cipher suites,
 +// in preference order (most preferable first).
 +var defaultFIPSCipherSuites = []uint16{
 +	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 +	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 +	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 +	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 +	TLS_RSA_WITH_AES_128_GCM_SHA256,
 +	TLS_RSA_WITH_AES_256_GCM_SHA384,
 +}
 +
 +// fipsCipherSuites replaces c.cipherSuites in FIPS-only mode.
 +func fipsCipherSuites(c *Config) []uint16 {
 +	if c == nil || c.CipherSuites == nil {
 +		return defaultFIPSCipherSuites
 +	}
 +	var list []uint16
 +	for _, id := range c.CipherSuites {
 +		for _, allowed := range defaultFIPSCipherSuites {
 +			if id == allowed {
 +				list = append(list, id)
 +				break
 +			}
 +		}
 +	}
 +	return list
 +}
 +
 +// isBoringCertificate reports whether a certificate may be used
 +// when constructing a verified chain.
 +// It is called for each leaf, intermediate, and root certificate.
 +func isBoringCertificate(c *x509.Certificate) bool {
 +	if !needFIPS() {
 +		// Everything is OK if we haven't forced FIPS-only mode.
 +		return true
 +	}
 +
 +	// Otherwise the key must be RSA 2048, RSA 3072, or ECDSA P-256.
 +	switch k := c.PublicKey.(type) {
 +	default:
 +		return false
 +	case *rsa.PublicKey:
 +		if size := k.N.BitLen(); size != 2048 && size != 3072 {
 +			return false
 +		}
 +	case *ecdsa.PublicKey:
 +		if name := k.Curve.Params().Name; name != "P-256" && name != "P-384" {
 +			return false
 +		}
 +	}
 +
 +	return true
 +}
 +
 +// fipsSupportedSignatureAlgorithms currently are a subset of
 +// defaultSupportedSignatureAlgorithms without Ed25519 and SHA-1.
 +var fipsSupportedSignatureAlgorithms = []SignatureScheme{
 +	PSSWithSHA256,
 +	PSSWithSHA384,
 +	PSSWithSHA512,
 +	PKCS1WithSHA256,
 +	ECDSAWithP256AndSHA256,
 +	PKCS1WithSHA384,
 +	ECDSAWithP384AndSHA384,
 +	PKCS1WithSHA512,
 +	ECDSAWithP521AndSHA512,
 +}
 +
 +// supportedSignatureAlgorithms returns the supported signature algorithms.
 +func supportedSignatureAlgorithms() []SignatureScheme {
 +	if !needFIPS() {
 +		return defaultSupportedSignatureAlgorithms
 +	}
 +	return fipsSupportedSignatureAlgorithms
 +}
 +
 +var testingOnlyForceClientHelloSignatureAlgorithms []SignatureScheme
diff --cc src/crypto/tls/cipher_suites.go
index 4cea5dca89,ea16ef95bf..cbe14f8dbd
--- a/src/crypto/tls/cipher_suites.go
+++ b/src/crypto/tls/cipher_suites.go
@@@ -4,6 -4,6 +4,8 @@@
  
  package tls
  
++import "crypto/internal/boring"
++
  import (
  	"crypto"
  	"crypto/aes"
diff --cc src/crypto/tls/common.go
index 9d2651eb7c,1e77d5c67b..cd1fd2aaf8
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@@ -1319,8 -1308,7 +1317,8 @@@ func initDefaultCipherSuites() 
  		hasGCMAsm = hasGCMAsmAMD64 || hasGCMAsmARM64 || hasGCMAsmS390X
  	)
  
- 	if hasGCMAsm || boring.Enabled {
 -	if hasGCMAsm {
++	if hasGCMAsm || boringEnabled {
 +		// If BoringCrypto is enabled, always prioritize AES-GCM.
  		// If AES-GCM hardware is provided then prioritise AES-GCM
  		// cipher suites.
  		topCipherSuites = []uint16{