From a4202a957fd3e81c9f1c0fd7f2df46c9ba508ba3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Aug 2025 01:41:32 +0000 Subject: [PATCH 01/12] build(deps): bump golang.org/x/crypto from 0.40.0 to 0.41.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.40.0 to 0.41.0. - [Commits](https://github.com/golang/crypto/compare/v0.40.0...v0.41.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.41.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 703acc0..27292e2 100644 --- a/go.mod +++ b/go.mod @@ -2,6 +2,6 @@ module github.com/emmansun/gmsm go 1.23.0 -require golang.org/x/crypto v0.40.0 +require golang.org/x/crypto v0.41.0 -require golang.org/x/sys v0.34.0 // indirect +require golang.org/x/sys v0.35.0 // indirect diff --git a/go.sum b/go.sum index 6051326..9e67244 100644 --- a/go.sum +++ b/go.sum @@ -1,4 +1,4 @@ -golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= -golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= -golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= -golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= +golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= +golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= +golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= From 641a6fa205ad596aac9a349d4b018d41e881c75e Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Fri, 8 Aug 2025 09:48:58 +0800 Subject: [PATCH 02/12] ci: add branch protection --- .github/dependabot.yml | 3 +++ .github/workflows/ci.yml | 4 ++-- .github/workflows/licenses.yml | 2 +- .github/workflows/macos.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- .github/workflows/test_ppc64.yaml | 20 ++++++++++---------- .github/workflows/test_qemu.yml | 4 ++-- .github/workflows/test_riscv64.yaml | 20 ++++++++++---------- .github/workflows/test_s390x.yaml | 4 ++-- .github/workflows/test_sm_ni.yml | 4 ++-- 10 files changed, 35 insertions(+), 32 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 36265d2..d673a11 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,13 +9,16 @@ updates: directory: "/" # Location of package manifests schedule: interval: "weekly" + target-branch: develop - package-ecosystem: github-actions directory: / schedule: interval: daily + target-branch: develop - package-ecosystem: docker directory: /internal/sm2ec/fiat schedule: interval: daily + target-branch: develop diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 38248dd..e2fc02d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,9 +2,9 @@ name: ci on: push: - branches: [ main ] + branches: [ "develop", "main" ] pull_request: - branches: [ main ] + branches: [ "develop", "main" ] permissions: contents: read diff --git a/.github/workflows/licenses.yml b/.github/workflows/licenses.yml index c1164f5..551e2a0 100644 --- a/.github/workflows/licenses.yml +++ b/.github/workflows/licenses.yml @@ -1,7 +1,7 @@ name: Update License File on: push: - branches: [ main ] + branches: [ "develop" ] paths: - 'go.mod' - 'go.sum' diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 03bcbd5..547af65 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -2,9 +2,9 @@ name: macOs on: push: - branches: [ "main" ] + branches: [ "develop", "main" ] pull_request: - branches: [ "main" ] + branches: [ "develop", "main" ] permissions: contents: read diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7cc9325..a898084 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -12,7 +12,7 @@ on: schedule: - cron: '32 2 * * 2' push: - branches: [ "main" ] + branches: [ "develop", "main" ] # Declare default permissions as read only. permissions: read-all diff --git a/.github/workflows/test_ppc64.yaml b/.github/workflows/test_ppc64.yaml index 2b03da6..41a227d 100644 --- a/.github/workflows/test_ppc64.yaml +++ b/.github/workflows/test_ppc64.yaml @@ -5,13 +5,13 @@ name: ppc64le-qemu on: push: - branches: [ "main" ] + branches: [ "develop", "main" ] pull_request: - branches: [ "main" ] + branches: [ "develop", "main" ] + +permissions: + contents: read -permissions: - contents: read - jobs: test: @@ -22,11 +22,11 @@ jobs: ppc64: [power8] runs-on: ubuntu-latest steps: - - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: audit - + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + with: + egress-policy: audit + - name: Set up Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: diff --git a/.github/workflows/test_qemu.yml b/.github/workflows/test_qemu.yml index 02a3a1f..79c79e6 100644 --- a/.github/workflows/test_qemu.yml +++ b/.github/workflows/test_qemu.yml @@ -5,9 +5,9 @@ name: arm64-qemu on: push: - branches: [ "main" ] + branches: [ "develop", "main" ] pull_request: - branches: [ "main" ] + branches: [ "develop", "main" ] permissions: contents: read diff --git a/.github/workflows/test_riscv64.yaml b/.github/workflows/test_riscv64.yaml index 6446c7a..3d2d47e 100644 --- a/.github/workflows/test_riscv64.yaml +++ b/.github/workflows/test_riscv64.yaml @@ -5,13 +5,13 @@ name: riscv64-qemu on: push: - branches: [ "main" ] + branches: [ "develop", "main" ] pull_request: - branches: [ "main" ] + branches: [ "develop", "main" ] + +permissions: + contents: read -permissions: - contents: read - jobs: test: @@ -21,11 +21,11 @@ jobs: arch: [riscv64] runs-on: ubuntu-latest steps: - - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: audit - + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + with: + egress-policy: audit + - name: Set up Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: diff --git a/.github/workflows/test_s390x.yaml b/.github/workflows/test_s390x.yaml index d15f149..2c834e8 100644 --- a/.github/workflows/test_s390x.yaml +++ b/.github/workflows/test_s390x.yaml @@ -5,9 +5,9 @@ name: s390x-qemu on: push: - branches: [ "main" ] + branches: [ "develop", "main" ] pull_request: - branches: [ "main" ] + branches: [ "develop", "main" ] permissions: contents: read diff --git a/.github/workflows/test_sm_ni.yml b/.github/workflows/test_sm_ni.yml index 4e63f61..2733c26 100644 --- a/.github/workflows/test_sm_ni.yml +++ b/.github/workflows/test_sm_ni.yml @@ -5,9 +5,9 @@ name: sm3-sm4-ni-qemu on: push: - branches: [ "main" ] + branches: [ "develop", "main" ] pull_request: - branches: [ "main" ] + branches: [ "develop", "main" ] permissions: contents: read From 9d0281942dd99aa60243c7e28b68f82cbc0b227d Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Fri, 8 Aug 2025 09:56:00 +0800 Subject: [PATCH 03/12] ci: add pre-release for code merge --- .github/workflows/pre-release.yml | 32 +++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/pre-release.yml diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml new file mode 100644 index 0000000..c0c51b8 --- /dev/null +++ b/.github/workflows/pre-release.yml @@ -0,0 +1,32 @@ +name: Pre-Release Sync + +on: + workflow_dispatch: # Manual trigger + +permissions: + contents: write + pull-requests: write + +jobs: + develop-to-main-sync: + runs-on: ubuntu-latest + + steps: + - name: Checkout main branch + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + ref: main + + - name: Reset develop branch + run: | + git fetch origin develop:develop + git reset --hard develop + + - name: Create PR from develop to main + uses: peter-evans/create-pull-request@v7 + with: + token: ${{ secrets.GITHUB_TOKEN }} + title: "Merge develop into main" + body: "This PR merges changes from develop into main." + branch: sync-develop-to-main + delete-branch: true From 7c05d175f30a538ee655d3dd9cece4a4a77132d0 Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Fri, 8 Aug 2025 02:08:01 +0000 Subject: [PATCH 04/12] [StepSecurity] ci: Harden GitHub Actions Signed-off-by: StepSecurity Bot --- .github/workflows/pre-release.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml index c0c51b8..2c92426 100644 --- a/.github/workflows/pre-release.yml +++ b/.github/workflows/pre-release.yml @@ -12,6 +12,11 @@ jobs: runs-on: ubuntu-latest steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + with: + egress-policy: audit + - name: Checkout main branch uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: @@ -23,7 +28,7 @@ jobs: git reset --hard develop - name: Create PR from develop to main - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 with: token: ${{ secrets.GITHUB_TOKEN }} title: "Merge develop into main" From f4df8cfffa250ec41cc6fd163c812654e0f25168 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Aug 2025 23:38:18 +0000 Subject: [PATCH 05/12] build(deps): bump github/codeql-action from 3.29.7 to 3.29.8 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.7 to 3.29.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/51f77329afa6477de8c49fc9c7046c15b9a4e79d...76621b61decf072c1cee8dd1ce2d2a82d33c17ed) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 48c4834..8cbbf01 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -37,12 +37,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/autobuild@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a898084..8cab326 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -78,6 +78,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 with: sarif_file: results.sarif From 3e079e2ec3158dd1c9a3375184ce0532343de376 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 10:01:21 +0000 Subject: [PATCH 06/12] build(deps): bump actions/checkout from 4.2.2 to 5.0.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 5.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...08c6903cd8c0fde910a37f88322edcfb5dd907a8) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/licenses.yml | 2 +- .github/workflows/macos.yml | 2 +- .github/workflows/pre-release.yml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/test_ppc64.yaml | 2 +- .github/workflows/test_qemu.yml | 2 +- .github/workflows/test_riscv64.yaml | 2 +- .github/workflows/test_s390x.yaml | 2 +- .github/workflows/test_sm_ni.yml | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e2fc02d..dd8e0d3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,7 +23,7 @@ jobs: egress-policy: audit - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8cbbf01..3fc9a7f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -33,7 +33,7 @@ jobs: egress-policy: audit - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/licenses.yml b/.github/workflows/licenses.yml index 551e2a0..7a4726a 100644 --- a/.github/workflows/licenses.yml +++ b/.github/workflows/licenses.yml @@ -18,7 +18,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version: '1.23' diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 547af65..cc6549b 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -19,7 +19,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml index 2c92426..d5ae8b3 100644 --- a/.github/workflows/pre-release.yml +++ b/.github/workflows/pre-release.yml @@ -18,7 +18,7 @@ jobs: egress-policy: audit - name: Checkout main branch - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: main diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8cab326..f8ad7af 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -39,7 +39,7 @@ jobs: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false diff --git a/.github/workflows/test_ppc64.yaml b/.github/workflows/test_ppc64.yaml index 41a227d..a8dba35 100644 --- a/.github/workflows/test_ppc64.yaml +++ b/.github/workflows/test_ppc64.yaml @@ -36,7 +36,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Test internal run: go test -v ./internal/... diff --git a/.github/workflows/test_qemu.yml b/.github/workflows/test_qemu.yml index 79c79e6..e358eb8 100644 --- a/.github/workflows/test_qemu.yml +++ b/.github/workflows/test_qemu.yml @@ -35,7 +35,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Test run: go test -v -short ./... diff --git a/.github/workflows/test_riscv64.yaml b/.github/workflows/test_riscv64.yaml index 3d2d47e..75d56ef 100644 --- a/.github/workflows/test_riscv64.yaml +++ b/.github/workflows/test_riscv64.yaml @@ -35,7 +35,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Test run: go test -v -short ./internal/... diff --git a/.github/workflows/test_s390x.yaml b/.github/workflows/test_s390x.yaml index 2c834e8..2a105ab 100644 --- a/.github/workflows/test_s390x.yaml +++ b/.github/workflows/test_s390x.yaml @@ -35,7 +35,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Test internal run: go test -v ./internal/... diff --git a/.github/workflows/test_sm_ni.yml b/.github/workflows/test_sm_ni.yml index 2733c26..37a71bf 100644 --- a/.github/workflows/test_sm_ni.yml +++ b/.github/workflows/test_sm_ni.yml @@ -35,7 +35,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Test run: go test -v -short ./... From a0d7cd2c71cf723a1cece71141b3ab1a4d2088f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Aug 2025 01:46:00 +0000 Subject: [PATCH 07/12] build(deps): bump github/codeql-action from 3.29.8 to 3.29.9 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.8 to 3.29.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/76621b61decf072c1cee8dd1ce2d2a82d33c17ed...df559355d593797519d70b90fc8edd5db049e7a2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8cbbf01..2d560ff 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -37,12 +37,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 + uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 + uses: github/codeql-action/autobuild@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 + uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8cab326..3affb2d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -78,6 +78,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 + uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 with: sarif_file: results.sarif From 76840ad8cc20f67fcd245839134c968993562d84 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Aug 2025 03:31:11 +0000 Subject: [PATCH 08/12] build(deps): bump github/codeql-action from 3.29.9 to 3.29.10 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.9 to 3.29.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/df559355d593797519d70b90fc8edd5db049e7a2...96f518a34f7a870018057716cc4d7a5c014bd61c) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8207345..e2c5216 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -37,12 +37,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 + uses: github/codeql-action/init@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.5 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 + uses: github/codeql-action/autobuild@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 + uses: github/codeql-action/analyze@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8f77da4..f323ed1 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -78,6 +78,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5 + uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.5 with: sarif_file: results.sarif From 8b9c7a84e42a6da117ef083047d77973ba2cc93d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Aug 2025 00:58:33 +0000 Subject: [PATCH 09/12] build(deps): bump codecov/codecov-action from 5.4.3 to 5.5.0 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.4.3 to 5.5.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/18283e04ce6e62d37312384ff67231eb8fd56d24...fdcc8476540edceab3de004e990f80d881c6cc00) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 5.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dd8e0d3..67e2993 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -44,7 +44,7 @@ jobs: - name: Upload coverage to Codecov if: ${{ matrix.goVer == '1.24' }} - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 + uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0 with: files: ./coverage1.txt,./coverage2.txt env: From bad9a10ec415d864821ee5f1327ac03fb058ab4c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Aug 2025 00:09:22 +0000 Subject: [PATCH 10/12] build(deps): bump github/codeql-action from 3.29.10 to 3.29.11 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.10 to 3.29.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/96f518a34f7a870018057716cc4d7a5c014bd61c...3c3833e0f8c1c83d449a7478aa59c036a9165498) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e2c5216..a959a3c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -37,12 +37,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.5 + uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.5 + uses: github/codeql-action/autobuild@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.5 + uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f323ed1..f28eacb 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -78,6 +78,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.5 + uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 with: sarif_file: results.sarif From 3e4f64ef4c4adef0cef244853b13b52e7df70d5c Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Fri, 29 Aug 2025 10:34:47 +0800 Subject: [PATCH 11/12] sm9: add back SetMasterPublic methods --- sm9/sm9_key.go | 14 ++++++++++++++ sm9/sm9_test.go | 14 ++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/sm9/sm9_key.go b/sm9/sm9_key.go index bd63679..f449365 100644 --- a/sm9/sm9_key.go +++ b/sm9/sm9_key.go @@ -235,6 +235,13 @@ func (priv *SignPrivateKey) MasterPublic() *SignMasterPublicKey { return &SignMasterPublicKey{internal: masterKey, publicKey: masterKey.Bytes()} } +// SetMasterPublic sets the master public key for the SignPrivateKey. +// The caller should ensure that the provided master public key is valid and corresponds +// to the SignPrivateKey. This method is NOT safe for concurrent use. +func (priv *SignPrivateKey) SetMasterPublic(master *SignMasterPublicKey) { + priv.internal.SetMasterPublicKey(master.internal) +} + // MarshalASN1 marshal signature private key to asn.1 format data according // SM9 cryptographic algorithm application specification func (priv *SignPrivateKey) MarshalASN1() ([]byte, error) { @@ -463,6 +470,13 @@ func (priv *EncryptPrivateKey) MasterPublic() *EncryptMasterPublicKey { return &EncryptMasterPublicKey{publicKey: master.Bytes(), internal: master} } +// SetMasterPublic sets the master public key for the EncryptPrivateKey. +// The caller should ensure that the provided master public key is valid and corresponds +// to the EncryptPrivateKey. This method is NOT safe for concurrent use. +func (priv *EncryptPrivateKey) SetMasterPublic(master *EncryptMasterPublicKey) { + priv.internal.SetMasterPublicKey(master.internal) +} + // MarshalASN1 marshal encryption private key to asn.1 format data according // SM9 cryptographic algorithm application specification func (priv *EncryptPrivateKey) MarshalASN1() ([]byte, error) { diff --git a/sm9/sm9_test.go b/sm9/sm9_test.go index efa1c22..2913d9e 100644 --- a/sm9/sm9_test.go +++ b/sm9/sm9_test.go @@ -21,6 +21,13 @@ func TestSignASN1(t *testing.T) { if err != nil { t.Fatal(err) } + // Test Marshal and Unmarshal + userKeyBytes := userKey.Bytes() + userKey, err = sm9.UnmarshalSignPrivateKeyRaw(userKeyBytes) + if err != nil { + t.Fatal(err) + } + userKey.SetMasterPublic(masterKey.PublicKey()) sig, err := userKey.Sign(rand.Reader, hashed, nil) if err != nil { t.Fatal(err) @@ -103,6 +110,13 @@ func TestEncryptDecrypt(t *testing.T) { if err != nil { t.Fatal(err) } + // Test Marshal and Unmarshal + userKeyBytes := userKey.Bytes() + userKey, err = sm9.UnmarshalEncryptPrivateKeyRaw(userKeyBytes) + if err != nil { + t.Fatal(err) + } + userKey.SetMasterPublic(masterKey.PublicKey()) encTypes := []sm9.EncrypterOpts{ sm9.DefaultEncrypterOpts, sm9.SM4ECBEncrypterOpts, sm9.SM4CBCEncrypterOpts, sm9.SM4CFBEncrypterOpts, sm9.SM4OFBEncrypterOpts, }