import golang-1.19.4-2.module+el8.8.0+17709+252fe516

This commit is contained in:
CentOS Sources 2023-03-28 10:28:52 +00:00 committed by Stepan Oksanichenko
parent 58b6abd111
commit 0bf4328d7b
13 changed files with 656 additions and 537 deletions

3
.gitignore vendored
View File

@ -1 +1,2 @@
SOURCES/go1.18.4-1-openssl-fips.tar.gz
SOURCES/go1.19.4-1-openssl-fips.tar.gz
SOURCES/go1.19.4.tar.gz

View File

@ -1 +1,2 @@
3798a6b5b37624922f5da08860f39da457caa856 SOURCES/go1.18.4-1-openssl-fips.tar.gz
9463e718b1a8daa61009caa6c113197cbefbe9eb SOURCES/go1.19.4-1-openssl-fips.tar.gz
6debf76aa6fb97daff4d49502153a47093883c28 SOURCES/go1.19.4.tar.gz

View File

@ -0,0 +1,53 @@
From 241192ecd31ca03a6f68fa7e55bb9f66040d3a2f Mon Sep 17 00:00:00 2001
From: Lynn Boger <laboger@linux.vnet.ibm.com>
Date: Thu, 14 Jul 2022 10:47:28 -0500
Subject: [PATCH] cmd/link: use correct path for dynamic loader on ppc64le
The setting of the path for the dynamic loader when building for
linux/ppc64le ELF v2 was incorrectly set to the path for
PPC64 ELF v1. This has not caused issues in the common cases
because this string can be set based on the default GO_LDSO setting.
It does result in an incorrect value when cross compiling binaries
with -buildmode=pie.
Updates #53813
Change-Id: I84de1c97b42e0434760b76a57c5a05e055fbb730
---
src/cmd/link/internal/ppc64/obj.go | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/cmd/link/internal/ppc64/obj.go b/src/cmd/link/internal/ppc64/obj.go
index b6d5ad92af..bca8fa9212 100644
--- a/src/cmd/link/internal/ppc64/obj.go
+++ b/src/cmd/link/internal/ppc64/obj.go
@@ -38,9 +38,12 @@ import (
)
func Init() (*sys.Arch, ld.Arch) {
- arch := sys.ArchPPC64
- if buildcfg.GOARCH == "ppc64le" {
- arch = sys.ArchPPC64LE
+ arch := sys.ArchPPC64LE
+ dynld := "/lib64/ld64.so.2"
+
+ if buildcfg.GOARCH == "ppc64" {
+ arch = sys.ArchPPC64
+ dynld = "/lib64/ld64.so.1"
}
theArch := ld.Arch{
@@ -64,9 +67,7 @@ func Init() (*sys.Arch, ld.Arch) {
Machoreloc1: machoreloc1,
Xcoffreloc1: xcoffreloc1,
- // TODO(austin): ABI v1 uses /usr/lib/ld.so.1,
- Linuxdynld: "/lib64/ld64.so.1",
-
+ Linuxdynld: dynld,
Freebsddynld: "XXX",
Openbsddynld: "XXX",
Netbsddynld: "XXX",
--
2.35.3

View File

@ -1,310 +0,0 @@
diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
index d9eb9c3..506f979 100644
--- a/src/cmd/dist/test.go
+++ b/src/cmd/dist/test.go
@@ -1180,18 +1180,20 @@ func (t *tester) cgoTest(dt *distTest) error {
fmt.Println("No support for static linking found (lacks libc.a?), skip cgo static linking test.")
} else {
if goos != "android" {
- t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`)
+ t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
}
t.addCmd(dt, "misc/cgo/nocgo", t.goTest())
t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external`)
if goos != "android" {
- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`)
+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
+ /*
t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", "-ldflags", `-linkmode=external -extldflags "-static -pthread"`)
// -static in CGO_LDFLAGS triggers a different code path
// than -static in -extldflags, so test both.
// See issue #16651.
cmd := t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static")
setEnv(cmd, "CGO_LDFLAGS", "-static -pthread")
+ */
}
}
@@ -1201,7 +1203,7 @@ func (t *tester) cgoTest(dt *distTest) error {
t.addCmd(dt, "misc/cgo/test", t.goTest(), "-buildmode=pie", "-ldflags=-linkmode=internal", "-tags=internal,internal_pie")
}
t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-buildmode=pie")
- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie")
+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", "-tags=no_openssl")
}
}
}
diff --git a/src/crypto/internal/boring/aes.go b/src/crypto/internal/boring/aes.go
index a495bd7..2c6107b 100644
--- a/src/crypto/internal/boring/aes.go
+++ b/src/crypto/internal/boring/aes.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package boring
diff --git a/src/crypto/internal/boring/aes_test.go b/src/crypto/internal/boring/aes_test.go
index 3b4c364..371bc20 100644
--- a/src/crypto/internal/boring/aes_test.go
+++ b/src/crypto/internal/boring/aes_test.go
@@ -1,9 +1,5 @@
-// +build linux
-// +build !android
-// +build !no_openssl
-// +build !cmd_go_bootstrap
-// +build !msan
-// +build cgo
+//go:build linux && !android && !no_openssl && !cmd_go_bootstrap && !msan && cgo && !static
+// +build linux,!android,!no_openssl,!cmd_go_bootstrap,!msan,cgo,!static
package boring
diff --git a/src/crypto/internal/boring/boring.go b/src/crypto/internal/boring/boring.go
index ec6e80c..05431b1 100644
--- a/src/crypto/internal/boring/boring.go
+++ b/src/crypto/internal/boring/boring.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package boring
diff --git a/src/crypto/internal/boring/ecdsa.go b/src/crypto/internal/boring/ecdsa.go
index f72da41..33ee442 100644
--- a/src/crypto/internal/boring/ecdsa.go
+++ b/src/crypto/internal/boring/ecdsa.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package boring
diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
index 4547ade..b8aaae4 100644
--- a/src/crypto/internal/boring/goboringcrypto.h
+++ b/src/crypto/internal/boring/goboringcrypto.h
@@ -1,6 +1,12 @@
// Copyright 2017 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// +build linux
+// +build !android
+// +build !no_openssl
+// +build !cmd_go_bootstrap
+// +build !msan
+// +build !static
// This header file describes the BoringCrypto ABI as built for use in Go.
// The BoringCrypto build for Go (which generates goboringcrypto_*.syso)
diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h
index 4820385..ac41482 100644
--- a/src/crypto/internal/boring/goopenssl.h
+++ b/src/crypto/internal/boring/goopenssl.h
@@ -6,6 +6,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
// This header file describes the OpenSSL ABI as built for use in Go.
diff --git a/src/crypto/internal/boring/hmac.go b/src/crypto/internal/boring/hmac.go
index 4e913c3..10cfbb3 100644
--- a/src/crypto/internal/boring/hmac.go
+++ b/src/crypto/internal/boring/hmac.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package boring
diff --git a/src/crypto/internal/boring/notboring.go b/src/crypto/internal/boring/notboring.go
index e513834..08c5245 100644
--- a/src/crypto/internal/boring/notboring.go
+++ b/src/crypto/internal/boring/notboring.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
package boring
diff --git a/src/crypto/internal/boring/openssl_ecdsa_signature.c b/src/crypto/internal/boring/openssl_ecdsa_signature.c
index 710d074..853be3d 100644
--- a/src/crypto/internal/boring/openssl_ecdsa_signature.c
+++ b/src/crypto/internal/boring/openssl_ecdsa_signature.c
@@ -3,6 +3,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
#include "goboringcrypto.h"
diff --git a/src/crypto/internal/boring/openssl_evp.c b/src/crypto/internal/boring/openssl_evp.c
index 36be702..331dfd3 100644
--- a/src/crypto/internal/boring/openssl_evp.c
+++ b/src/crypto/internal/boring/openssl_evp.c
@@ -3,6 +3,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
#include "goboringcrypto.h"
diff --git a/src/crypto/internal/boring/openssl_lock_setup.c b/src/crypto/internal/boring/openssl_lock_setup.c
index 955924e..c0f3435 100644
--- a/src/crypto/internal/boring/openssl_lock_setup.c
+++ b/src/crypto/internal/boring/openssl_lock_setup.c
@@ -3,6 +3,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
#include "goboringcrypto.h"
#include <stdio.h>
diff --git a/src/crypto/internal/boring/openssl_port_aead_gcm.c b/src/crypto/internal/boring/openssl_port_aead_gcm.c
index b39bf54..80c933a 100644
--- a/src/crypto/internal/boring/openssl_port_aead_gcm.c
+++ b/src/crypto/internal/boring/openssl_port_aead_gcm.c
@@ -4,6 +4,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
#include "goboringcrypto.h"
#include <openssl/err.h>
diff --git a/src/crypto/internal/boring/openssl_port_ctr128.c b/src/crypto/internal/boring/openssl_port_ctr128.c
index abaff5c..e2263a5 100644
--- a/src/crypto/internal/boring/openssl_port_ctr128.c
+++ b/src/crypto/internal/boring/openssl_port_ctr128.c
@@ -3,6 +3,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
#include "goboringcrypto.h"
diff --git a/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c b/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c
index 8418c38..39bf3ae 100644
--- a/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c
+++ b/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c
@@ -4,6 +4,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
// The following is a partial backport of crypto/evp/m_md5_sha1.c,
// commit cbc8a839959418d8a2c2e3ec6bdf394852c9501e on the
diff --git a/src/crypto/internal/boring/openssl_port_hmac.c b/src/crypto/internal/boring/openssl_port_hmac.c
index be7c71a..35e1860 100644
--- a/src/crypto/internal/boring/openssl_port_hmac.c
+++ b/src/crypto/internal/boring/openssl_port_hmac.c
@@ -4,6 +4,8 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
+
#include "goboringcrypto.h"
diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c
index 5174f66..a8008e9 100644
--- a/src/crypto/internal/boring/openssl_port_rsa.c
+++ b/src/crypto/internal/boring/openssl_port_rsa.c
@@ -4,6 +4,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
#include "goboringcrypto.h"
diff --git a/src/crypto/internal/boring/openssl_stub_rand.c b/src/crypto/internal/boring/openssl_stub_rand.c
index 18d6777..e8ac53b 100644
--- a/src/crypto/internal/boring/openssl_stub_rand.c
+++ b/src/crypto/internal/boring/openssl_stub_rand.c
@@ -3,6 +3,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
#include "goboringcrypto.h"
#include <openssl/rand.h>
diff --git a/src/crypto/internal/boring/rand.go b/src/crypto/internal/boring/rand.go
index e9c334f..3adbd4d 100644
--- a/src/crypto/internal/boring/rand.go
+++ b/src/crypto/internal/boring/rand.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package boring
diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
index b1a2f57..0cabadb 100644
--- a/src/crypto/internal/boring/rsa.go
+++ b/src/crypto/internal/boring/rsa.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package boring
diff --git a/src/crypto/internal/boring/sha.go b/src/crypto/internal/boring/sha.go
index bdcc782..6184d6c 100644
--- a/src/crypto/internal/boring/sha.go
+++ b/src/crypto/internal/boring/sha.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package boring

View File

@ -0,0 +1,288 @@
diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
index 5f258a2..5dbbc42 100644
--- a/src/crypto/internal/backend/nobackend.go
+++ b/src/crypto/internal/backend/nobackend.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
package backend
diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
index d6d99b1..f2fe332 100644
--- a/src/crypto/internal/boring/goboringcrypto.h
+++ b/src/crypto/internal/boring/goboringcrypto.h
@@ -1,4 +1,5 @@
// Copyright 2017 The Go Authors. All rights reserved.
+// +build !static
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/src/crypto/internal/boring/syso/syso.go b/src/crypto/internal/boring/syso/syso.go
index b338754..db5ea1e 100644
--- a/src/crypto/internal/boring/syso/syso.go
+++ b/src/crypto/internal/boring/syso/syso.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build boringcrypto
+//go:build boringcrypto && !static
// This package only exists with GOEXPERIMENT=boringcrypto.
// It provides the actual syso file.
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
index 079fc3c..e826d0b 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
index 0b61e79..94d0c98 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
index afec529..d822152 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
index 6d6a562..17cc314 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
@@ -1,4 +1,5 @@
// Copyright 2017 The Go Authors. All rights reserved.
+// +build !static
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// +build linux
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
index ae40b93..17bc075 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
index 6f00177..f466b18 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
index 7c0b5d6..262af07 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
index d49194d..ff15054 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
index 2349db1..57fbb04 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
index 4379019..5034c46 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
index 49d40a7..3b3dbf8 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
index 7eb645e..1c3225a 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
@@ -1,4 +1,5 @@
// This file contains a port of the BoringSSL AEAD interface.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
index df4ebe3..876393b 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
index 2eedd5b..04510d3 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
@@ -1,4 +1,5 @@
// This file contains a backport of the EVP_md5_sha1 method.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
index 362d9e5..bebafef 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
@@ -1,4 +1,5 @@
// This file contains HMAC portability wrappers.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
index 2824147..8bc1d85 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
@@ -1,4 +1,5 @@
// This file contains RSA portability wrappers.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
index 22bd865..b7aa26b 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
index b3668b8..dcdae70 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
index 915c840..8623d9d 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
index 0b55ced..57309c0 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl

View File

@ -0,0 +1,36 @@
diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
index da5b179..6a772df 100644
--- a/src/cmd/dist/test.go
+++ b/src/cmd/dist/test.go
@@ -1247,18 +1247,20 @@ func (t *tester) cgoTest(dt *distTest) error {
fmt.Println("No support for static linking found (lacks libc.a?), skip cgo static linking test.")
} else {
if goos != "android" {
- t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
+ t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
}
t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), ".")
t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external`, ".")
if goos != "android" {
- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
+ /*
t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
// -static in CGO_LDFLAGS triggers a different code path
// than -static in -extldflags, so test both.
// See issue #16651.
cmd := t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", ".")
setEnv(cmd, "CGO_LDFLAGS", "-static -pthread")
+ */
}
}
@@ -1268,7 +1270,7 @@ func (t *tester) cgoTest(dt *distTest) error {
t.addCmd(dt, "misc/cgo/test", t.goTest(), "-buildmode=pie", "-ldflags=-linkmode=internal", "-tags=internal,internal_pie", ".")
}
t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-buildmode=pie", ".")
- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", ".")
+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", "-tags=no_openssl")
}
}
}

View File

@ -0,0 +1,48 @@
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
index 2124978..1f853b4 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
@@ -44,7 +44,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
GO_RSA *rsa_key) {
int ret = 0;
GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
+ if (!pk)
+ return 0;
+
+ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
+ goto err;
if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
goto err;
@@ -64,6 +68,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
err:
if (ctx)
_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (pk)
+ _goboringcrypto_EVP_PKEY_free(pk);
return ret;
}
@@ -104,7 +110,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
int ret = 0;
EVP_PKEY_CTX *ctx;
GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
+ if (!pk)
+ return 0;
+
+ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
+ goto err;
if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
goto err;
@@ -124,6 +134,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
err:
if (ctx)
_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (pk)
+ _goboringcrypto_EVP_PKEY_free(pk);
return ret;
}

View File

@ -0,0 +1,13 @@
diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go
index 10d1cf0..51feb3b 100644
--- a/src/crypto/tls/boring_test.go
+++ b/src/crypto/tls/boring_test.go
@@ -326,7 +326,7 @@ func TestBoringCertAlgs(t *testing.T) {
I_M2 := boringCert(t, "I_M2", I_R1.key, M2_R1, boringCertCA|boringCertFIPSOK)
L1_I := boringCert(t, "L1_I", boringECDSAKey(t, elliptic.P384()), I_R1, boringCertLeaf|boringCertFIPSOK)
- L2_I := boringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf|boringCertNotBoring)
+ L2_I := boringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf)
// client verifying server cert
testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {

View File

@ -1,73 +0,0 @@
diff --git a/src/time/internal_test.go b/src/time/internal_test.go
index f0dddb7..415949a 100644
--- a/src/time/internal_test.go
+++ b/src/time/internal_test.go
@@ -4,13 +4,15 @@
package time
+import "runtime"
+
func init() {
// force US/Pacific for time zone tests
ForceUSPacificForTesting()
}
func initTestingZone() {
- z, err := loadLocation("America/Los_Angeles", zoneSources[len(zoneSources)-1:])
+ z, err := loadLocation("America/Los_Angeles", zoneSources)
if err != nil {
panic("cannot load America/Los_Angeles for testing: " + err.Error() + "; you may want to use -tags=timetzdata")
}
@@ -21,8 +23,9 @@ func initTestingZone() {
var OrigZoneSources = zoneSources
func forceZipFileForTesting(zipOnly bool) {
- zoneSources = make([]string, len(OrigZoneSources))
+ zoneSources = make([]string, len(OrigZoneSources)+1)
copy(zoneSources, OrigZoneSources)
+ zoneSources = append(zoneSources, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
if zipOnly {
zoneSources = zoneSources[len(zoneSources)-1:]
}
diff --git a/src/time/zoneinfo_test.go b/src/time/zoneinfo_test.go
index f032aa7..e3e5547 100644
--- a/src/time/zoneinfo_test.go
+++ b/src/time/zoneinfo_test.go
@@ -9,6 +9,7 @@ import (
"fmt"
"os"
"reflect"
+ "runtime"
"testing"
"time"
)
@@ -137,7 +138,7 @@ func TestLoadLocationFromTZData(t *testing.T) {
t.Fatal(err)
}
- tzinfo, err := time.LoadTzinfo(locationName, time.OrigZoneSources[len(time.OrigZoneSources)-1])
+ tzinfo, err := time.LoadTzinfo(locationName, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
if err != nil {
t.Fatal(err)
}
diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go
index 23f8b3c..228db1b 100644
--- a/src/time/zoneinfo_unix.go
+++ b/src/time/zoneinfo_unix.go
@@ -12,7 +12,6 @@
package time
import (
- "runtime"
"syscall"
)
@@ -22,7 +21,6 @@ var zoneSources = []string{
"/usr/share/zoneinfo/",
"/usr/share/lib/zoneinfo/",
"/usr/lib/locale/TZ/",
- runtime.GOROOT() + "/lib/time/zoneinfo.zip",
}
func initLocal() {

View File

@ -0,0 +1,122 @@
diff --git a/src/cmd/go/testdata/script/trampoline_reuse_test.txt b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
new file mode 100644
index 0000000000000..bca897c16d054
--- /dev/null
+++ b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
@@ -0,0 +1,100 @@
+# Verify PPC64 does not reuse a trampoline which is too far away.
+# This tests an edge case where the direct call relocation addend should
+# be ignored when computing the distance from the direct call to the
+# already placed trampoline
+[short] skip
+[!ppc64] [!ppc64le] skip
+[aix] skip
+
+# Note, this program does not run. Presumably, 'DWORD $0' is simpler to
+# assembly 2^26 or so times.
+#
+# We build something which should be laid out as such:
+#
+# bar.Bar
+# main.Func1
+# bar.Bar+400-tramp0
+# main.BigAsm
+# main.Func2
+# bar.Bar+400-tramp1
+#
+# bar.Bar needs to be placed far enough away to generate relocations
+# from main package calls. and main.Func1 and main.Func2 are placed
+# a bit more than the direct call limit apart, but not more than 0x400
+# bytes beyond it (to verify the reloc calc).
+
+go build
+
+-- go.mod --
+
+module foo
+
+go 1.19
+
+-- main.go --
+
+package main
+
+import "foo/bar"
+
+func Func1()
+
+func main() {
+ Func1()
+ bar.Bar2()
+}
+
+-- foo.s --
+
+TEXT main·Func1(SB),0,$0-0
+ CALL bar·Bar+0x400(SB)
+ CALL main·BigAsm(SB)
+// A trampoline will be placed here to bar.Bar
+
+// This creates a gap sufficiently large to prevent trampoline reuse
+#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
+#define NOP256 NOP64 NOP64 NOP64 NOP64
+#define NOP2S10 NOP256 NOP256 NOP256 NOP256
+#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
+#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
+#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
+#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
+#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
+#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
+#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
+#define BIGNOP NOP2S24 NOP2S24
+TEXT main·BigAsm(SB),0,$0-0
+ // Fill to the direct call limit so Func2 must generate a new trampoline.
+ // As the implicit trampoline above is just barely unreachable.
+ BIGNOP
+ MOVD $main·Func2(SB), R3
+
+TEXT main·Func2(SB),0,$0-0
+ CALL bar·Bar+0x400(SB)
+// Another trampoline should be placed here.
+
+-- bar/bar.s --
+
+#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
+#define NOP256 NOP64 NOP64 NOP64 NOP64
+#define NOP2S10 NOP256 NOP256 NOP256 NOP256
+#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
+#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
+#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
+#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
+#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
+#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
+#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
+#define BIGNOP NOP2S24 NOP2S24 NOP2S10
+// A very big not very interesting function.
+TEXT bar·Bar(SB),0,$0-0
+ BIGNOP
+
+-- bar/bar.go --
+
+package bar
+
+func Bar()
+
+func Bar2() {
+}
diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go
index 5d5fbe2a97735..6313879da083c 100644
--- a/src/cmd/link/internal/ppc64/asm.go
+++ b/src/cmd/link/internal/ppc64/asm.go
@@ -900,8 +900,9 @@ func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) {
if ldr.SymValue(tramp) == 0 {
break
}
-
- t = ldr.SymValue(tramp) + r.Add() - (ldr.SymValue(s) + int64(r.Off()))
+ // Note, the trampoline is always called directly. The addend of the original relocation is accounted for in the
+ // trampoline itself.
+ t = ldr.SymValue(tramp) - (ldr.SymValue(s) + int64(r.Off()))
// With internal linking, the trampoline can be used if it is not too far.
// With external linking, the trampoline must be in this section for it to be reused.

View File

@ -1,128 +0,0 @@
From d7cad65ab9179804e9f089ce97bc124e9ef79494 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
Date: Wed, 15 Dec 2021 16:02:15 +0100
Subject: [PATCH] Remove ed25519vectors_test.go
---
src/crypto/ed25519/ed25519vectors_test.go | 109 ----------------------
1 file changed, 109 deletions(-)
delete mode 100644 src/crypto/ed25519/ed25519vectors_test.go
diff --git a/src/crypto/ed25519/ed25519vectors_test.go b/src/crypto/ed25519/ed25519vectors_test.go
deleted file mode 100644
index 74fcdcdf4e..0000000000
--- a/src/crypto/ed25519/ed25519vectors_test.go
+++ /dev/null
@@ -1,109 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ed25519_test
-
-import (
- "crypto/ed25519"
- "encoding/hex"
- "encoding/json"
- "internal/testenv"
- "os"
- "os/exec"
- "path/filepath"
- "testing"
-)
-
-// TestEd25519Vectors runs a very large set of test vectors that exercise all
-// combinations of low-order points, low-order components, and non-canonical
-// encodings. These vectors lock in unspecified and spec-divergent behaviors in
-// edge cases that are not security relevant in most contexts, but that can
-// cause issues in consensus applications if changed.
-//
-// Our behavior matches the "classic" unwritten verification rules of the
-// "ref10" reference implementation.
-//
-// Note that although we test for these edge cases, they are not covered by the
-// Go 1 Compatibility Promise. Applications that need stable verification rules
-// should use github.com/hdevalence/ed25519consensus.
-//
-// See https://hdevalence.ca/blog/2020-10-04-its-25519am for more details.
-func TestEd25519Vectors(t *testing.T) {
- jsonVectors := downloadEd25519Vectors(t)
- var vectors []struct {
- A, R, S, M string
- Flags []string
- }
- if err := json.Unmarshal(jsonVectors, &vectors); err != nil {
- t.Fatal(err)
- }
- for i, v := range vectors {
- expectedToVerify := true
- for _, f := range v.Flags {
- switch f {
- // We use the simplified verification formula that doesn't multiply
- // by the cofactor, so any low order residue will cause the
- // signature not to verify.
- //
- // This is allowed, but not required, by RFC 8032.
- case "LowOrderResidue":
- expectedToVerify = false
- // Our point decoding allows non-canonical encodings (in violation
- // of RFC 8032) but R is not decoded: instead, R is recomputed and
- // compared bytewise against the canonical encoding.
- case "NonCanonicalR":
- expectedToVerify = false
- }
- }
-
- publicKey := decodeHex(t, v.A)
- signature := append(decodeHex(t, v.R), decodeHex(t, v.S)...)
- message := []byte(v.M)
-
- didVerify := ed25519.Verify(publicKey, message, signature)
- if didVerify && !expectedToVerify {
- t.Errorf("#%d: vector with flags %s unexpectedly verified", i, v.Flags)
- }
- if !didVerify && expectedToVerify {
- t.Errorf("#%d: vector with flags %s unexpectedly rejected", i, v.Flags)
- }
- }
-}
-
-func downloadEd25519Vectors(t *testing.T) []byte {
- testenv.MustHaveExternalNetwork(t)
-
- // Download the JSON test file from the GOPROXY with `go mod download`,
- // pinning the version so test and module caching works as expected.
- goTool := testenv.GoToolPath(t)
- path := "filippo.io/mostly-harmless/ed25519vectors@v0.0.0-20210322192420-30a2d7243a94"
- cmd := exec.Command(goTool, "mod", "download", "-json", path)
- // TODO: enable the sumdb once the TryBots proxy supports it.
- cmd.Env = append(os.Environ(), "GONOSUMDB=*")
- output, err := cmd.Output()
- if err != nil {
- t.Fatalf("failed to run `go mod download -json %s`, output: %s", path, output)
- }
- var dm struct {
- Dir string // absolute path to cached source root directory
- }
- if err := json.Unmarshal(output, &dm); err != nil {
- t.Fatal(err)
- }
-
- jsonVectors, err := os.ReadFile(filepath.Join(dm.Dir, "ed25519vectors.json"))
- if err != nil {
- t.Fatalf("failed to read ed25519vectors.json: %v", err)
- }
- return jsonVectors
-}
-
-func decodeHex(t *testing.T, s string) []byte {
- t.Helper()
- b, err := hex.DecodeString(s)
- if err != nil {
- t.Errorf("invalid hex: %v", err)
- }
- return b
-}
--
2.33.1

View File

@ -0,0 +1,12 @@
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index b1cdabb..09eaace 100644
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -2993,6 +2993,7 @@ func (bs *brokenSigner) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) ([]byte
}
func TestCreateCertificateBrokenSigner(t *testing.T) {
+ t.Skip("TODO Fix me: rhbz#1939923")
template := &Certificate{
SerialNumber: big.NewInt(10),
DNSNames: []string{"example.com"},

View File

@ -56,7 +56,7 @@
%endif
# Controls what ever we fail on failed tests
%ifarch x86_64 %{arm} aarch64 ppc64le
%ifarch x86_64 %{arm} aarch64 ppc64le s390x
%global fail_on_tests 1
%else
%global fail_on_tests 0
@ -95,20 +95,27 @@
%global gohostarch s390x
%endif
%global go_api 1.18
%global go_version 1.18.4
%global go_api 1.19
%global version 1.19.4
%global pkg_release 1
Name: golang
Version: %{go_version}
Release: 1%{?dist}
Version: %{version}
Release: 2%{?dist}
Summary: The Go Programming Language
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
License: BSD and Public Domain
URL: http://golang.org/
Source0: https://github.com/golang-fips/go/archive/refs/tags/go%{go_version}-%{pkg_release}-openssl-fips.tar.gz
Source0: https://github.com/golang/go/archive/refs/tags/go%{version}.tar.gz
# Go's FIPS mode bindings are now provided as a standalone
# module instead of in tree. This makes it easier to see
# the actual changes vs upstream Go. The module source is
# located at https://github.com/golang-fips/openssl-fips,
# And pre-genetated patches to set up the module for a given
# Go release are located at https://github.com/golang-fips/go.
Source1: https://github.com/golang-fips/go/archive/refs/tags/go%{version}-%{pkg_release}-openssl-fips.tar.gz
# make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
Source1: fedora.go
Source2: fedora.go
# The compiler is written in Go. Needs go(1.4+) compiler for build.
# Actual Go based bootstrap compiler provided by above source.
@ -133,17 +140,19 @@ Requires: %{name}-src = %{version}-%{release}
Requires: openssl-devel
Requires: diffutils
# we had been just removing the zoneinfo.zip, but that caused tests to fail for users that
# later run `go test -a std`. This makes it only use the zoneinfo.zip where needed in tests.
Patch215: go1.5-zoneinfo_testing_only.patch
# Proposed patch by jcajka https://golang.org/cl/86541
Patch221: fix_TestScript_list_std.patch
# static linking of dlopen is unsupported
Patch226: disable_static_external_tests.patch
Patch1939923: skip_test_rhbz1939923.patch
Patch223: remove_ed25519vectors_test.patch
Patch2: disable_static_tests_part1.patch
Patch3: disable_static_tests_part2.patch
Patch4: ppc64le-internal-linker-fix.patch
Patch5: fix-test-1024-leaf-certs.patch
Patch6: fix-memory-leak-evp-sign-verify.patch
Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
# Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4
@ -232,14 +241,26 @@ Requires: %{name} = %{version}-%{release}
%endif
%prep
%setup -q -n go-go%{go_version}-%{pkg_release}-openssl-fips
%setup -q -n go-go%{version}
pushd ..
tar -xf %{SOURCE1}
popd
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch215 -p1
%patch221 -p1
%patch223 -p1
%patch226 -p1
cp %{SOURCE1} ./src/runtime/
%patch1939923 -p1
%patch227 -p1
cp %{SOURCE2} ./src/runtime/
%build
set -xe
@ -435,21 +456,20 @@ export GO_TEST_RUN=""
# TestEd25519Vectors needs network connectivity but it should be cover by
# this test https://pkgs.devel.redhat.com/cgit/tests/golang/tree/Regression/internal-testsuite/runtest.sh#n127
export DISABLE_Ed25519_TEST="-run=!^TestEd25519Vectors$"
./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN $DISABLE_Ed25519_TEST
./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN
# Run tests with FIPS enabled.
export GOLANG_FIPS=1
pushd crypto
# Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
go test $(go list ./... | grep -v tls) -v
# Check that signature functions have parity between boring and notboring
CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
popd
# Run all FIPS specific TLS tests
pushd crypto/tls
go test -v -run "Boring" $DISABLE_Ed25519_TEST
go test -v -run "Boring"
popd
%else
./run.bash --no-rebuild -v -v -v -k || :
@ -458,7 +478,7 @@ cd ..
%files
%doc AUTHORS CONTRIBUTORS LICENSE PATENTS
%doc LICENSE PATENTS
# VERSION has to be present in the GOROOT, for `go install std` to work
%doc %{goroot}/VERSION
%dir %{goroot}/doc
@ -512,6 +532,42 @@ cd ..
%endif
%changelog
* Tue Jan 3 2023 David Benoit <dbenoit@redhat.com> - 1.19.4-2
- Fix memory leaks in EVP_{sign,verify}_raw
- Resolves: rhbz#2132767
* Wed Dec 21 2022 David Benoit <dbenoit@redhat.com> - 1.19.4-1
- Rebase to Go 1.19.4
- Fix ppc64le linker issue
- Remove defunct patches
- Remove downstream generated FIPS mode patches
- Add golang-fips/go as the source for FIPS mode patches
- Resolves: rhbz#2144542
* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-4
- Enable big endian support in FIPS mode
- Resolves: rhbz#1969844
* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-3
- Restore old HashSign/HashVerify API
- Resolves: rhbz#2132730
* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-2
- Add support for 4096 bit keys in x509
- Resolves: rhbz#2132694
* Thu Oct 13 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-1
- Rebase to Go 1.19.2
- Resolves: rhbz#2132730
* Wed Sep 14 2022 David Benoit <dbenoit@redhat.com> - 1.19.1-2
- Rebase to Go 1.19.1
- Resolves: rhbz#2131026
* Wed Aug 03 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-2
- Adds patch for PIE mode issues on PPC64LE
- Resolves: rhbz#2111593
* Wed Jul 20 2022 David Benoit <dbenoit@redhat.com> - 1.18.4-1
- Update Go to version 1.18.4
- Resolves: rhbz#2109179