Rebase to Go 1.19.6

Resolves: rhbz#2174429 Apply missing patch Resolves: rhbz#2157602 Enable tests in check phase
2023-03-01 10:59:19 -05:00 · 2023-03-01 10:59:19 -05:00 · 2d68bb23d6
commit 2d68bb23d6
parent ab23206ede
4 changed files with 79 additions and 18 deletions
--- a/.gitignore
+++ b/.gitignore
@ -50,3 +50,5 @@
 /go1.19.2.tar.gz
 /go1.19.4-1-openssl-fips.tar.gz
 /go1.19.4.tar.gz
+/go1.19.6.tar.gz
+/go1.19.6-1-openssl-fips.tar.gz
--- a/fix-memory-leak-evp-sign-verify.patch
+++ b/fix-memory-leak-evp-sign-verify.patch
@ -0,0 +1,48 @@
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+index 2124978..1f853b4 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+@@ -44,7 +44,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
+                              GO_RSA *rsa_key) {
+   int ret = 0;
+   GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
+-  _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
+  if (!pk)
+    return 0;
+
+  if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
+    goto err;
+ 
+   if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
+     goto err;
+@@ -64,6 +68,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
+ err:
+   if (ctx)
+     _goboringcrypto_EVP_PKEY_CTX_free(ctx);
+  if (pk)
+    _goboringcrypto_EVP_PKEY_free(pk);
+ 
+   return ret;
+ }
+@@ -104,7 +110,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
+   int ret = 0;
+   EVP_PKEY_CTX *ctx;
+   GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
+-  _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
+  if (!pk)
+    return 0;
+
+  if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
+    goto err;
+ 
+   if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
+     goto err;
+@@ -124,6 +134,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
+ err:
+   if (ctx)
+     _goboringcrypto_EVP_PKEY_CTX_free(ctx);
+  if (pk)
+    _goboringcrypto_EVP_PKEY_free(pk);
+ 
+   return ret;
+ }
--- a/golang.spec
+++ b/golang.spec
@ -96,7 +96,7 @@
 %endif

 %global go_api 1.19
-%global go_version 1.19.4
+%global go_version 1.19.6
 %global version %{go_version}
 %global pkg_release 1

@ -147,15 +147,12 @@ Patch221:       fix_TestScript_list_std.patch

 Patch1939923:   skip_test_rhbz1939923.patch

-
 # Disables libc static linking tests which
 # are incompatible with dlopen in golang-fips
 Patch2: 	disable_static_tests_part1.patch
 Patch3: 	disable_static_tests_part2.patch

-# https://github.com/golang/go/issues/56834
-# https://github.com/golang/go/commit/1b4db7e46365bbbba479d0689c5699e6c0ba1142
-Patch4:		ppc64le-internal-linker-fix.patch
+Patch4:		fix-memory-leak-evp-sign-verify.patch

 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@ -252,6 +249,12 @@ popd
 patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
 patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch

+# Configure crypto tests
+pushd ../go-go%{version}-%{pkg_release}-openssl-fips
+ln -s ../go-go%{version} go
+./scripts/configure-crypto-tests.sh
+popd
+
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
@ -458,18 +461,19 @@ export GO_TEST_RUN=""

 # Run tests with FIPS enabled.
 export GOLANG_FIPS=1
-#pushd crypto
-#  # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
-#  go test $(go list ./... | grep -v tls) -v
-#  # Check that signature functions have parity between boring and notboring
-#  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
-#popd
-## Run all FIPS specific TLS tests
-#pushd crypto/tls
-#  go test -v -run "Boring"
-#popd
+export OPENSSL_FORCE_FIPS_MODE=1
+pushd crypto
+  # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
+  go test $(go list ./... | grep -v tls) -v
+  # Check that signature functions have parity between boring and notboring
+  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
+popd
+# Run all FIPS specific TLS tests
+pushd crypto/tls
+  go test -v -run "Boring"
+popd
 %else
-#./run.bash --no-rebuild -v -v -v -k || :
+./run.bash --no-rebuild -v -v -v -k || :
 %endif
 cd ..

@ -529,6 +533,13 @@ cd ..
 %endif

 %changelog
+* Wed Mar 01 2023 David Benoit <dbenoit@redhat.com> - 1.19.6-1
+- Rebase to Go 1.19.6
+- Resolves: rhbz#2174429
+- Fix memory leak
+- Resolves: rhbz#2157602
+- Enable tests in check phase
+
 * Wed Dec 21 2022 David Benoit <dbenoit@redhat.com> - 1.19.4-1
 - Rebase to Go 1.19.4
 - Fix ppc64le linker issue
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (go1.19.4-1-openssl-fips.tar.gz) = 03b85de8a672205d2a48d0b316b90e72cc1200b8d307d3e5fefd3adf07033346fa7d78319ab279492a8cfa9ef058468baf1d5134f47bd79bd6c71a2ee62c6dbc
-SHA512 (go1.19.4.tar.gz) = 7e60cbaa6332de2f269f28db17517b25ba954e2d8cd6b7aa9aeed8c396028d03e4b1fb1fa1d5bbbf62174e8bbbfac6f2de47e0c522d4f9c93712ec089fcdb4c7
+SHA512 (go1.19.6.tar.gz) = f8d5585f5ee9b6730eeb0251b482dd7b3858a0223fe841293546989667eb5018844c7fa20c4a533408fbc8276405886517588a17f618c40e95488ca9ecafba35
+SHA512 (go1.19.6-1-openssl-fips.tar.gz) = c60758adaaeba468d5e9cfa50c72b5155c85491c954d1cb75e03c7e3701a41577ccb92fe37681f04da60d57bfad4bcd7a19b233ce6cca944fe6ca076b4e81d90