diff options
| author | Cuong Manh Le <cuong.manhle.vn@gmail.com> | 2024-09-04 18:30:35 +0700 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2024-09-04 18:23:49 +0000 |
| commit | 4fd73e5d4ca8c87efa127ee7a3290b1d0fdae313 (patch) | |
| tree | 454d18c4074ce87ae00638fb9e61f7058eb13cf8 /src/cmd/internal/codesign | |
| parent | ad8b5f7fe91bdb0afc9dad72a0ba3ac46ce0167c (diff) | |
| download | go-4fd73e5d4ca8c87efa127ee7a3290b1d0fdae313.tar.xz | |
cmd: do not use notsha256
CL 402595 used notsha256 to prevent the compiler from depending on
cgo-based implementations of sha1 and sha256.
However, since CL 454836, cmd is built with CGO_ENABLED=0, which
will disable boringcrypto. Thus all usages of notsha256 is not necessary
anymore.
Updates #51940
Updates #64751
Change-Id: I503090f7a2efb5723e8a79523b143dc7cdb4edd0
Reviewed-on: https://go-review.googlesource.com/c/go/+/610596
Auto-Submit: Cuong Manh Le <cuong.manhle.vn@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
Diffstat (limited to 'src/cmd/internal/codesign')
| -rw-r--r-- | src/cmd/internal/codesign/codesign.go | 19 |
1 files changed, 5 insertions, 14 deletions
diff --git a/src/cmd/internal/codesign/codesign.go b/src/cmd/internal/codesign/codesign.go index 1116393b5c..24496e2000 100644 --- a/src/cmd/internal/codesign/codesign.go +++ b/src/cmd/internal/codesign/codesign.go @@ -11,11 +11,12 @@ package codesign import ( + "crypto/sha256" "debug/macho" "encoding/binary" "io" - "cmd/internal/notsha256" + "cmd/internal/hash" ) // Code signature layout. @@ -191,7 +192,7 @@ func Size(codeSize int64, id string) int64 { nhashes := (codeSize + pageSize - 1) / pageSize idOff := int64(codeDirectorySize) hashOff := idOff + int64(len(id)+1) - cdirSz := hashOff + nhashes*notsha256.Size + cdirSz := hashOff + nhashes*hash.Size32 return int64(superBlobSize+blobSize) + cdirSz } @@ -227,7 +228,7 @@ func Sign(out []byte, data io.Reader, id string, codeSize, textOff, textSize int identOffset: uint32(idOff), nCodeSlots: uint32(nhashes), codeLimit: uint32(codeSize), - hashSize: notsha256.Size, + hashSize: hash.Size32, hashType: CS_HASHTYPE_SHA256, pageSize: uint8(pageSizeBits), execSegBase: uint64(textOff), @@ -246,12 +247,7 @@ func Sign(out []byte, data io.Reader, id string, codeSize, textOff, textSize int outp = puts(outp, []byte(id+"\000")) // emit hashes - // NOTE(rsc): These must be SHA256, but for cgo bootstrap reasons - // we cannot import crypto/sha256 when GOEXPERIMENT=boringcrypto - // and the host is linux/amd64. So we use NOT-SHA256 - // and then apply a NOT ourselves to get SHA256. Sigh. var buf [pageSize]byte - h := notsha256.New() p := 0 for p < int(codeSize) { n, err := io.ReadFull(data, buf[:]) @@ -265,12 +261,7 @@ func Sign(out []byte, data io.Reader, id string, codeSize, textOff, textSize int n = int(codeSize) - p } p += n - h.Reset() - h.Write(buf[:n]) - b := h.Sum(nil) - for i := range b { - b[i] ^= 0xFF // convert notsha256 to sha256 - } + b := sha256.Sum256(buf[:n]) outp = puts(outp, b[:]) } } |