From 0e0a7cdc0fd7d7888dc3a45e347fc6cdc0cedd7a Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 5 Apr 2022 06:13:33 -0400
Subject: [PATCH] import golang-1.17.7-1.el9_0

---
 .gitignore                |   2 +-
 .golang.metadata          |   2 +-
 SOURCES/rhbz1952381.patch | 161 ++++++++++++++++++++++++++------------
 SPECS/golang.spec         |   8 +-
 4 files changed, 119 insertions(+), 54 deletions(-)

diff --git a/.gitignore b/.gitignore
index a14ac52..4f71bcf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/go-go-1.17.5-1-openssl-fips.tar.gz
+SOURCES/go-go-1.17.7-1-openssl-fips.tar.gz
diff --git a/.golang.metadata b/.golang.metadata
index e1b760c..fde6008 100644
--- a/.golang.metadata
+++ b/.golang.metadata
@@ -1 +1 @@
-f0b72c96855f50d91288f1226a7660b97c1fdd73 SOURCES/go-go-1.17.5-1-openssl-fips.tar.gz
+139fe29f985b3feda50c407d194f1a102352388a SOURCES/go-go-1.17.7-1-openssl-fips.tar.gz
diff --git a/SOURCES/rhbz1952381.patch b/SOURCES/rhbz1952381.patch
index 8aa92cc..6e1b7f0 100644
--- a/SOURCES/rhbz1952381.patch
+++ b/SOURCES/rhbz1952381.patch
@@ -1,3 +1,18 @@
+diff --git a/src/crypto/ecdsa/ecdsa_test.go b/src/crypto/ecdsa/ecdsa_test.go
+index d60fdb8..b90782a 100644
+--- a/src/crypto/ecdsa/ecdsa_test.go
++++ b/src/crypto/ecdsa/ecdsa_test.go
+@@ -323,6 +323,10 @@ func TestVectors(t *testing.T) {
+ 			h.Write(msg)
+ 			hashed := h.Sum(hashed[:0])
+ 			if boring.Enabled() {
++				// SHA-1 signatures not supported in OpenSSL 3.0
++			        if ch == crypto.SHA1 {
++					expected = false
++				}
+ 				if HashVerify(pub, msg, r, s, ch) != expected {
+ 					t.Fatalf("incorrect result on line %d", lineNo)
+ 				}
 diff --git a/src/crypto/internal/boring/aes.go b/src/crypto/internal/boring/aes.go
 index 457decf..961795a 100644
 --- a/src/crypto/internal/boring/aes.go
@@ -108,7 +123,7 @@ index e7ae80c..45c856b 100644
  
  type fail string
 diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h
-index 745e8a4..284e845 100644
+index 355638b..2737441 100644
 --- a/src/crypto/internal/boring/goopenssl.h
 +++ b/src/crypto/internal/boring/goopenssl.h
 @@ -14,6 +14,15 @@
@@ -202,7 +217,23 @@ index 745e8a4..284e845 100644
  
  #include <openssl/rand.h>
  
-@@ -735,6 +759,7 @@ static inline int
+@@ -711,12 +735,9 @@ _goboringcrypto_EVP_PKEY_CTX_set_rsa_padding(GO_EVP_PKEY_CTX* ctx, int pad) {
+ #endif
+ }
+ 
+-static inline int
+-_goboringcrypto_EVP_PKEY_CTX_set0_rsa_oaep_label(GO_EVP_PKEY_CTX *ctx, uint8_t *l, int llen)
+-{
+-
+-	return _goboringcrypto_EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)l);
+-}
++DEFINEFUNC(int, EVP_PKEY_CTX_set0_rsa_oaep_label,
++		(GO_EVP_PKEY_CTX *ctx, uint8_t *l, int llen),
++		(ctx, l, llen))
+ 
+ static inline int
+ _goboringcrypto_EVP_PKEY_CTX_set_rsa_oaep_md(GO_EVP_PKEY_CTX *ctx, const GO_EVP_MD *md)
+@@ -736,6 +757,7 @@ static inline int
  _goboringcrypto_EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) {
  	return _goboringcrypto_EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD, 0, (void *)md);
  }
@@ -211,122 +242,98 @@ index 745e8a4..284e845 100644
  _goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(GO_EVP_PKEY_CTX * ctx, const GO_EVP_MD *md) {
  	return _goboringcrypto_EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA,
 diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c
-index a8d047d..1936d5d 100644
+index 92fbb36..781975c 100644
 --- a/src/crypto/internal/boring/openssl_port_rsa.c
 +++ b/src/crypto/internal/boring/openssl_port_rsa.c
-@@ -83,34 +83,51 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_
- 		return 0;
+@@ -91,31 +91,40 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_
  
  	if (_goboringcrypto_EVP_PKEY_set1_RSA(pkey, rsa) <= 0)
--		return 0;
-+		return -1;
- 	
+ 		goto err;
+-
++	
  	ctx = _goboringcrypto_EVP_PKEY_CTX_new(pkey, NULL /* no engine */);
  	if (!ctx)
--		return 0;
-+		return -2;
- 
- 	int ret = 0;
+ 		goto err;
  
 -	if (_goboringcrypto_EVP_PKEY_sign_init(ctx) <= 0)
 -		goto err;
 -	if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) <= 0)
 +	if (_goboringcrypto_EVP_PKEY_sign_init(ctx) <= 0) {
-+		ret = -3;
  		goto err;
 -	if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, salt_len) <= 0)
 +	}
 +	// This is moved earlier because openssl 3.0 alpha defaults
 +	// to sha1 in EVP_PKEY_CTRL_RSA_PADDING if unset and produces an error
 +	if (_goboringcrypto_EVP_PKEY_CTX_set_signature_md(ctx, md) <= 0) {
-+		ret = -4;
  		goto err;
 -	if (_goboringcrypto_EVP_PKEY_CTX_set_signature_md(ctx, md) <= 0)
 +	}
 +	if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) <= 0) {
-+		ret = -5;
  		goto err;
 -	if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, mgf1_md) <= 0)
 +	}
 +	if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, salt_len) <= 0) {
-+		ret = -6;
  		goto err;
--	
+-
 +	}
 +	// doesnt take null anymore
 +	if (mgf1_md)
 +		if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, mgf1_md) <= 0) {
-+			ret = -7;
 +			goto err;
 +		}
  	/* Determine buffer length */
 -	if (_goboringcrypto_EVP_PKEY_sign(ctx, NULL, &siglen, in, in_len) <= 0)
 +	if (_goboringcrypto_EVP_PKEY_sign(ctx, NULL, &siglen, in, in_len) <= 0) {
-+		ret = -8;
  		goto err;
 -
 -	if (max_out < siglen)
 +	}
 +	if (max_out < siglen) {
-+		ret = -9;
  		goto err;
 -
 -	if (_goboringcrypto_EVP_PKEY_sign(ctx, out, &siglen, in, in_len) <= 0)
 +	}
 +	if (_goboringcrypto_EVP_PKEY_sign(ctx, out, &siglen, in, in_len) <= 0) {
-+		ret = -10;
  		goto err;
 +	}
  
  	*out_len = siglen;
  	ret = 1;
-@@ -130,27 +147,41 @@ int _goboringcrypto_RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg, unsigned i
- 
- 	pkey = _goboringcrypto_EVP_PKEY_new();
- 	if (!pkey)
--		return 0;
-+		return -1;
+@@ -142,23 +151,31 @@ int _goboringcrypto_RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg, unsigned i
  
  	if (_goboringcrypto_EVP_PKEY_set1_RSA(pkey, rsa) <= 0)
--		return 0;
-+		return -2;
- 	
+ 		goto err;
+-
++	
  	ctx = _goboringcrypto_EVP_PKEY_CTX_new(pkey, NULL /* no engine */);
  	if (!ctx)
--		return 0;
-+		return -3;
+ 		goto err;
  
 -	if (_goboringcrypto_EVP_PKEY_verify_init(ctx) <= 0)
--		goto err;
--	if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) <= 0)
 +	if (_goboringcrypto_EVP_PKEY_verify_init(ctx) <= 0) {
-+		ret = -4;
  		goto err;
+-	if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) <= 0)
+-		goto err;
 -	if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, salt_len) <= 0)
 +	}
 +	if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) <= 0) {
-+		ret = -5;
  		goto err;
 -	if (_goboringcrypto_EVP_PKEY_CTX_set_signature_md(ctx, md) <= 0)
 +	}
 +	if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, salt_len) <= 0) {
-+		ret = -6;
  		goto err;
 -	if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, mgf1_md) <= 0)
 +	}
 +	if (_goboringcrypto_EVP_PKEY_CTX_set_signature_md(ctx, md) <= 0) {
-+		ret = -7;
  		goto err;
 -	if (_goboringcrypto_EVP_PKEY_verify(ctx, sig, sig_len, msg, msg_len) <= 0)
 +	}
 +	// doesnt take null anymore
 +	if (mgf1_md)
 +		if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, mgf1_md) <= 0) {
-+			ret = -8;
 +			goto err;
 +		}
 +	if (_goboringcrypto_EVP_PKEY_verify(ctx, sig, sig_len, msg, msg_len) <= 0) {
-+		ret = -9;
  		goto err;
 +	}
  
@@ -346,10 +353,21 @@ index ff5c439..6047d65 100644
  	return len(b), nil
  }
 diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
-index 0223243..b72af0d 100644
+index b3a907f..b74e7a9 100644
 --- a/src/crypto/internal/boring/rsa.go
 +++ b/src/crypto/internal/boring/rsa.go
-@@ -141,7 +141,7 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
+@@ -120,7 +120,9 @@ func (k *PrivateKeyRSA) withKey(f func(*C.GO_RSA) C.int) C.int {
+ 
+ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
+ 	padding C.int, h hash.Hash, label []byte, saltLen int, ch crypto.Hash,
+-	init func(*C.GO_EVP_PKEY_CTX) C.int) (pkey *C.GO_EVP_PKEY, ctx *C.GO_EVP_PKEY_CTX, err error) {
++	init func(*C.GO_EVP_PKEY_CTX) C.int) (_pkey *C.GO_EVP_PKEY, _ctx *C.GO_EVP_PKEY_CTX, err error) {
++	var pkey *C.GO_EVP_PKEY
++	var ctx *C.GO_EVP_PKEY_CTX
+ 	defer func() {
+ 		if err != nil {
+ 			if pkey != nil {
+@@ -141,7 +143,7 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
  	if withKey(func(key *C.GO_RSA) C.int {
  		return C._goboringcrypto_EVP_PKEY_set1_RSA(pkey, key)
  	}) == 0 {
@@ -358,16 +376,36 @@ index 0223243..b72af0d 100644
  	}
  	ctx = C._goboringcrypto_EVP_PKEY_CTX_new(pkey, nil)
  	if ctx == nil {
-@@ -164,7 +164,7 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
+@@ -162,23 +164,12 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
+ 			return nil, nil, NewOpenSSLError("EVP_PKEY_set_rsa_oaep_md failed")
+ 		}
  		// ctx takes ownership of label, so malloc a copy for BoringCrypto to free.
- 		clabel := (*C.uint8_t)(C.malloc(C.size_t(len(label))))
- 		if clabel == nil {
--			return nil, nil, fail("OPENSSL_malloc")
+-		var clabel *C.uint8_t
+-		clabel = nil
+-		// OpenSSL 1.1.1 does not take ownership of the label if the length is zero.
+-		// Depending on the malloc implementation, if clabel is allocated with malloc(0),
+-		// metadata for the size-zero allocation is never cleaned up, which is a memory leak.
+-		// As such, we must only allocate clabel if the label is of non zero length.
+-		if len(label) > 0 {
+-			clabel = (*C.uint8_t)(C.malloc(C.size_t(len(label))))
+-			if clabel == nil {
+-				return nil, nil, fail("OPENSSL_malloc")
+-			}
+-			copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label)
++		clabel := (*C.uint8_t)(C.malloc(C.size_t(len(label))))
++		if clabel == nil {
 +			return nil, nil, NewOpenSSLError("OPENSSL_malloc")
  		}
- 		copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label)
- 		if C._goboringcrypto_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, clabel, C.int(len(label))) == 0 {
-@@ -265,12 +265,13 @@ func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int)
+-		if C._goboringcrypto_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, clabel, C.int(len(label))) != 1 {
+-			if clabel != nil {
+-				C.free(unsafe.Pointer(clabel))
+-			}
++		copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label)
++		if C._goboringcrypto_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, clabel, C.int(len(label))) == 0 {
+ 			return nil, nil, NewOpenSSLError("EVP_PKEY_CTX_set0_rsa_oaep_label failed")
+ 		}
+ 	}
+@@ -276,12 +267,13 @@ func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int)
  	}
  	var out []byte
  	var outLen C.uint
@@ -384,7 +422,7 @@ index 0223243..b72af0d 100644
  	}
  
  	return out[:outLen], nil
-@@ -284,11 +285,12 @@ func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen
+@@ -295,11 +287,12 @@ func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen
  	if saltLen == 0 {
  		saltLen = -2 // auto-recover
  	}
@@ -770,6 +808,27 @@ index 6a5a93f..2032b4b 100644
  		}
  	}
  }
+diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go
+index 24e2d22..1fd5a9a 100644
+--- a/src/crypto/rsa/rsa.go
++++ b/src/crypto/rsa/rsa.go
+@@ -35,6 +35,7 @@ import (
+ 	"crypto/internal/boring"
+ 	"crypto/internal/randutil"
+ 	"unsafe"
++	"fmt"
+ )
+ 
+ var bigZero = big.NewInt(0)
+@@ -664,7 +665,7 @@ func DecryptOAEP(hash hash.Hash, random io.Reader, priv *PrivateKey, ciphertext
+ 		}
+ 		out, err := boring.DecryptRSAOAEP(hash, bkey, ciphertext, label)
+ 		if err != nil {
+-			return nil, ErrDecryption
++			return nil, fmt.Errorf("decryption error: %s", err)
+ 		}
+ 		return out, nil
+ 	}
 diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go
 index d9693a7..cfe020e 100644
 --- a/src/crypto/rsa/rsa_test.go
@@ -1048,7 +1107,7 @@ index 94a24ff..577bc73 100644
  	block, _ := pem.Decode([]byte(`
  -----BEGIN CERTIFICATE-----
 diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
-index a4053ab..aff4ff2 100644
+index 449379f..801a954 100644
 --- a/src/crypto/x509/x509_test.go
 +++ b/src/crypto/x509/x509_test.go
 @@ -151,6 +151,7 @@ func TestPKIXMismatchPublicKeyFormat(t *testing.T) {
diff --git a/SPECS/golang.spec b/SPECS/golang.spec
index 711a3a5..bbea5fb 100644
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@@ -96,7 +96,7 @@
 %endif
 
 %global go_api 1.17
-%global go_version 1.17.5
+%global go_version 1.17.7
 %global pkg_release 1
 
 Name:           golang
@@ -522,6 +522,12 @@ cd ..
 %endif
 
 %changelog
+* Thu Feb 17 2022 David Benoit <dbenoit@redhat.com> - 1.17.7-1
+- Rebase to Go 1.17.7
+- Update ecdsa tests to reject SHA1 signatures in boring mode
+- Resolves: rhbz#2025637
+- Resolves: rhbz#1975396
+
 * Mon Dec 13 2021 Alejandro Sáez <asm@redhat.com> - 1.17.5-1
 - Rebase to Go 1.17.5
 - Add remove_waitgroup_misuse_tests patch