rpms
/
golang
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import golang-1.19.4-2.module+el8.8.0+17709+252fe516

This commit is contained in:
CentOS Sources 2023-05-16 06:04:32 +00:00 committed by Stepan Oksanichenko
parent 00b4a8b35b
commit 2fbe7455e9
13 changed files with 594 additions and 921 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1 +1,2 @@
SOURCES/go1.18.10-1-openssl-fips.tar.gz
SOURCES/go1.19.4-1-openssl-fips.tar.gz
SOURCES/go1.19.4.tar.gz

3
.golang.metadata
View File

@ -1 +1,2 @@
d12404b2ef5e4e0ed1d9f735cb487812c1c6ceb1 SOURCES/go1.18.10-1-openssl-fips.tar.gz
9463e718b1a8daa61009caa6c113197cbefbe9eb SOURCES/go1.19.4-1-openssl-fips.tar.gz
6debf76aa6fb97daff4d49502153a47093883c28 SOURCES/go1.19.4.tar.gz

363
SOURCES/big-endian.patch
View File

@ -1,363 +0,0 @@
diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h
index 4820385f67..2415702b28 100644
--- a/src/crypto/internal/boring/goopenssl.h
+++ b/src/crypto/internal/boring/goopenssl.h
@@ -76,7 +76,7 @@ _goboringcrypto_DLOPEN_OPENSSL(void)
#include <openssl/opensslv.h>
#include <openssl/ssl.h>
-DEFINEFUNCINTERNAL(int, OPENSSL_init, (void), ())
+DEFINEFUNCINTERNAL(void, OPENSSL_init, (void), ())
static unsigned long _goboringcrypto_internal_OPENSSL_VERSION_NUMBER(void) {
return OPENSSL_VERSION_NUMBER;
@@ -97,35 +97,32 @@ DEFINEFUNCINTERNAL(void, ERR_error_string_n, (unsigned long e, unsigned char *bu
#include <openssl/crypto.h>
-DEFINEFUNCINTERNAL(int, CRYPTO_num_locks, (void), ())
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+DEFINEFUNC(int, CRYPTO_num_locks, (void), ())
+#else
static inline int
_goboringcrypto_CRYPTO_num_locks(void) {
+ return CRYPTO_num_locks(); /* defined as macro */
+}
+#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L
- return _goboringcrypto_internal_CRYPTO_num_locks();
+DEFINEFUNC(void, CRYPTO_set_id_callback, (unsigned long (*id_function)(void)), (id_function))
#else
- return CRYPTO_num_locks();
-#endif
-}
-DEFINEFUNCINTERNAL(void, CRYPTO_set_id_callback, (unsigned long (*id_function)(void)), (id_function))
static inline void
_goboringcrypto_CRYPTO_set_id_callback(unsigned long (*id_function)(void)) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- _goboringcrypto_internal_CRYPTO_set_id_callback(id_function);
-#else
- CRYPTO_set_id_callback(id_function);
-#endif
+ CRYPTO_set_id_callback(id_function); /* defined as macro */
}
-DEFINEFUNCINTERNAL(void, CRYPTO_set_locking_callback,
+#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+DEFINEFUNC(void, CRYPTO_set_locking_callback,
(void (*locking_function)(int mode, int n, const char *file, int line)),
(locking_function))
+#else
static inline void
_goboringcrypto_CRYPTO_set_locking_callback(void (*locking_function)(int mode, int n, const char *file, int line)) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- _goboringcrypto_internal_CRYPTO_set_locking_callback(locking_function);
-#else
- CRYPTO_set_locking_callback(locking_function);
-#endif
+ CRYPTO_set_locking_callback(locking_function); /* defined as macro */
}
+#endif
int _goboringcrypto_OPENSSL_thread_setup(void);
@@ -206,10 +203,16 @@ DEFINEFUNC(const GO_EVP_MD *, EVP_sha384, (void), ())
DEFINEFUNC(const GO_EVP_MD *, EVP_sha512, (void), ())
#if OPENSSL_VERSION_NUMBER < 0x30000000L
DEFINEFUNCINTERNAL(int, EVP_MD_type, (const GO_EVP_MD *arg0), (arg0))
+DEFINEFUNCINTERNAL(size_t, EVP_MD_size, (const GO_EVP_MD *arg0), (arg0))
+static inline int
+_goboringcrypto_EVP_MD_get_size(const GO_EVP_MD *arg0)
+{
+ return _goboringcrypto_internal_EVP_MD_size(arg0);
+}
#else
DEFINEFUNCINTERNAL(int, EVP_MD_get_type, (const GO_EVP_MD *arg0), (arg0))
+DEFINEFUNC(int, EVP_MD_get_size, (const GO_EVP_MD *arg0), (arg0))
#endif
-DEFINEFUNCINTERNAL(size_t, EVP_MD_size, (const GO_EVP_MD *arg0), (arg0))
DEFINEFUNCINTERNAL(const GO_EVP_MD*, EVP_md5_sha1, (void), ())
# include <openssl/md5.h>
@@ -240,8 +243,6 @@ _goboringcrypto_EVP_md5_sha1(void) {
typedef HMAC_CTX GO_HMAC_CTX;
-DEFINEFUNC(void, HMAC_CTX_init, (GO_HMAC_CTX * arg0), (arg0))
-DEFINEFUNC(void, HMAC_CTX_cleanup, (GO_HMAC_CTX * arg0), (arg0))
DEFINEFUNC(int, HMAC_Init_ex,
(GO_HMAC_CTX * arg0, const void *arg1, int arg2, const GO_EVP_MD *arg3, ENGINE *arg4),
(arg0, arg1, arg2, arg3, arg4))
@@ -249,59 +250,57 @@ DEFINEFUNC(int, HMAC_Update, (GO_HMAC_CTX * arg0, const uint8_t *arg1, size_t ar
DEFINEFUNC(int, HMAC_Final, (GO_HMAC_CTX * arg0, uint8_t *arg1, unsigned int *arg2), (arg0, arg1, arg2))
DEFINEFUNC(size_t, HMAC_CTX_copy, (GO_HMAC_CTX *dest, GO_HMAC_CTX *src), (dest, src))
-DEFINEFUNCINTERNAL(void, HMAC_CTX_free, (GO_HMAC_CTX * arg0), (arg0))
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+DEFINEFUNCINTERNAL(void, HMAC_CTX_cleanup, (GO_HMAC_CTX * arg0), (arg0))
static inline void
_goboringcrypto_HMAC_CTX_free(HMAC_CTX *ctx) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (ctx != NULL) {
- _goboringcrypto_HMAC_CTX_cleanup(ctx);
+ _goboringcrypto_internal_HMAC_CTX_cleanup(ctx);
free(ctx);
}
+}
#else
- _goboringcrypto_internal_HMAC_CTX_free(ctx);
+DEFINEFUNC(void, HMAC_CTX_free, (GO_HMAC_CTX * arg0), (arg0))
#endif
-}
-DEFINEFUNCINTERNAL(EVP_MD*, HMAC_CTX_get_md, (const GO_HMAC_CTX* ctx), (ctx))
-DEFINEFUNCINTERNAL(size_t, EVP_MD_get_size, (const GO_EVP_MD *arg0), (arg0))
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
static inline size_t
_goboringcrypto_HMAC_size(const GO_HMAC_CTX* arg0) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- return _goboringcrypto_internal_EVP_MD_size(arg0->md);
-#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
- const EVP_MD* md;
- md = _goboringcrypto_internal_HMAC_CTX_get_md(arg0);
- return _goboringcrypto_internal_EVP_MD_get_size(md);
+ return _goboringcrypto_EVP_MD_get_size(arg0->md);
+}
#else
+DEFINEFUNCINTERNAL(const EVP_MD*, HMAC_CTX_get_md, (const GO_HMAC_CTX* ctx), (ctx))
+static inline size_t
+_goboringcrypto_HMAC_size(const GO_HMAC_CTX* arg0) {
const EVP_MD* md;
md = _goboringcrypto_internal_HMAC_CTX_get_md(arg0);
- return _goboringcrypto_internal_EVP_MD_size(md);
-#endif
+ return _goboringcrypto_EVP_MD_get_size(md);
}
+#endif
-DEFINEFUNCINTERNAL(GO_HMAC_CTX*, HMAC_CTX_new, (void), ())
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+DEFINEFUNCINTERNAL(void, HMAC_CTX_init, (GO_HMAC_CTX * arg0), (arg0))
static inline GO_HMAC_CTX*
_goboringcrypto_HMAC_CTX_new(void) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
GO_HMAC_CTX* ctx = malloc(sizeof(GO_HMAC_CTX));
if (ctx != NULL)
- _goboringcrypto_HMAC_CTX_init(ctx);
+ _goboringcrypto_internal_HMAC_CTX_init(ctx);
return ctx;
+}
#else
- return _goboringcrypto_internal_HMAC_CTX_new();
+DEFINEFUNC(GO_HMAC_CTX*, HMAC_CTX_new, (void), ())
#endif
-}
-DEFINEFUNCINTERNAL(void, HMAC_CTX_reset, (GO_HMAC_CTX * arg0), (arg0))
-static inline void
-_goboringcrypto_HMAC_CTX_reset(GO_HMAC_CTX* ctx) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
- _goboringcrypto_HMAC_CTX_cleanup(ctx);
- _goboringcrypto_HMAC_CTX_init(ctx);
+static inline int
+_goboringcrypto_HMAC_CTX_reset(GO_HMAC_CTX* ctx) {
+ _goboringcrypto_internal_HMAC_CTX_cleanup(ctx);
+ _goboringcrypto_internal_HMAC_CTX_init(ctx);
+ return 0;
+}
#else
- _goboringcrypto_internal_HMAC_CTX_reset(ctx);
+DEFINEFUNC(int, HMAC_CTX_reset, (GO_HMAC_CTX * arg0), (arg0))
#endif
-}
int _goboringcrypto_HMAC_CTX_copy_ex(GO_HMAC_CTX *dest, const GO_HMAC_CTX *src);
@@ -408,16 +407,14 @@ DEFINEFUNCINTERNAL(int, ECDSA_verify,
(int type, const unsigned char *dgst, size_t dgstlen, const unsigned char *sig, unsigned int siglen, EC_KEY *eckey),
(type, dgst, dgstlen, sig, siglen, eckey))
-DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_new, (void), ())
-DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_create, (void), ())
-
-static inline EVP_MD_CTX* _goboringcrypto_EVP_MD_CTX_create(void) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
- return _goboringcrypto_internal_EVP_MD_CTX_create();
+DEFINEFUNC(EVP_MD_CTX*, EVP_MD_CTX_create, (void), ())
#else
+DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_new, (void), ())
+static inline EVP_MD_CTX* _goboringcrypto_EVP_MD_CTX_create(void) {
return _goboringcrypto_internal_EVP_MD_CTX_new();
-#endif
}
+#endif
DEFINEFUNCINTERNAL(int, EVP_PKEY_assign,
(EVP_PKEY *pkey, int type, void *eckey),
@@ -441,7 +438,7 @@ DEFINEFUNC(int, EVP_DigestUpdate,
(EVP_MD_CTX* ctx, const void *d, size_t cnt),
(ctx, d, cnt))
DEFINEFUNC(int, EVP_DigestSignFinal,
- (EVP_MD_CTX* ctx, unsigned char *sig, unsigned int *siglen),
+ (EVP_MD_CTX* ctx, unsigned char *sig, size_t *siglen),
(ctx, sig, siglen))
DEFINEFUNC(int, EVP_DigestVerifyInit,
@@ -451,18 +448,17 @@ DEFINEFUNC(int, EVP_DigestVerifyFinal,
(EVP_MD_CTX* ctx, const uint8_t *sig, unsigned int siglen),
(ctx, sig, siglen))
-int _goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, unsigned int *slen, EVP_PKEY *eckey);
+int _goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, size_t *slen, EVP_PKEY *eckey);
int _goboringcrypto_EVP_verify(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, const uint8_t *sig, unsigned int slen, EVP_PKEY *key);
-DEFINEFUNCINTERNAL(void, EVP_MD_CTX_free, (EVP_MD_CTX *ctx), (ctx))
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
DEFINEFUNCINTERNAL(void, EVP_MD_CTX_destroy, (EVP_MD_CTX *ctx), (ctx))
static inline void _goboringcrypto_EVP_MD_CTX_free(EVP_MD_CTX *ctx) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
return _goboringcrypto_internal_EVP_MD_CTX_destroy(ctx);
+}
#else
- return _goboringcrypto_internal_EVP_MD_CTX_free(ctx);
+DEFINEFUNC(void, EVP_MD_CTX_free, (EVP_MD_CTX *ctx), (ctx))
#endif
-}
int _goboringcrypto_ECDSA_sign(EVP_MD *md, const uint8_t *arg1, size_t arg2, uint8_t *arg3, unsigned int *arg4, GO_EC_KEY *arg5);
int _goboringcrypto_ECDSA_verify(EVP_MD *md, const uint8_t *arg1, size_t arg2, const uint8_t *arg3, unsigned int arg4, GO_EC_KEY *arg5);
@@ -473,7 +469,7 @@ int _goboringcrypto_ECDSA_verify(EVP_MD *md, const uint8_t *arg1, size_t arg2, c
typedef RSA GO_RSA;
typedef BN_GENCB GO_BN_GENCB;
-int _goboringcrypto_EVP_RSA_sign(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, unsigned int *slen, RSA *rsa);
+int _goboringcrypto_EVP_RSA_sign(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, size_t *slen, RSA *rsa);
int _goboringcrypto_EVP_RSA_verify(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, const uint8_t *sig, unsigned int slen, GO_RSA *rsa);
DEFINEFUNC(GO_RSA *, RSA_new, (void), ())
@@ -774,10 +770,10 @@ _goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(GO_EVP_PKEY_CTX * ctx, const GO_EVP
}
DEFINEFUNC(int, EVP_PKEY_decrypt,
- (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, unsigned int *arg2, const uint8_t *arg3, unsigned int arg4),
+ (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, size_t *arg2, const uint8_t *arg3, unsigned int arg4),
(arg0, arg1, arg2, arg3, arg4))
DEFINEFUNC(int, EVP_PKEY_encrypt,
- (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, unsigned int *arg2, const uint8_t *arg3, unsigned int arg4),
+ (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, size_t *arg2, const uint8_t *arg3, unsigned int arg4),
(arg0, arg1, arg2, arg3, arg4))
DEFINEFUNC(int, EVP_PKEY_decrypt_init, (GO_EVP_PKEY_CTX * arg0), (arg0))
DEFINEFUNC(int, EVP_PKEY_encrypt_init, (GO_EVP_PKEY_CTX * arg0), (arg0))
diff --git a/src/crypto/internal/boring/openssl_ecdsa_signature.c b/src/crypto/internal/boring/openssl_ecdsa_signature.c
index 710d0744ff..9d0056c5f7 100644
--- a/src/crypto/internal/boring/openssl_ecdsa_signature.c
+++ b/src/crypto/internal/boring/openssl_ecdsa_signature.c
@@ -18,7 +18,9 @@ _goboringcrypto_ECDSA_sign(EVP_MD* md, const uint8_t *msg, size_t msgLen, uint8_
result = 0;
goto err;
}
- result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
+ size_t _slen;
+ result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, &_slen, key);
+ *slen = _slen;
err:
_goboringcrypto_EVP_PKEY_free(key);
return result;
diff --git a/src/crypto/internal/boring/openssl_evp.c b/src/crypto/internal/boring/openssl_evp.c
index 36be702224..8b81fd71f6 100644
--- a/src/crypto/internal/boring/openssl_evp.c
+++ b/src/crypto/internal/boring/openssl_evp.c
@@ -7,7 +7,7 @@
#include "goboringcrypto.h"
int
-_goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, unsigned int *slen, EVP_PKEY *key) {
+_goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, size_t *slen, EVP_PKEY *key) {
EVP_MD_CTX *mdctx = NULL;
int ret = 0;
diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c
index 5174f662c9..3ad4e69e9d 100644
--- a/src/crypto/internal/boring/openssl_port_rsa.c
+++ b/src/crypto/internal/boring/openssl_port_rsa.c
@@ -19,7 +19,7 @@ int _goboringcrypto_RSA_generate_key_fips(GO_RSA *rsa, int size, GO_BN_GENCB *cb
return ret;
}
-int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_t *out, size_t max_out,
+int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
const uint8_t *in, size_t in_len, EVP_MD *md, const EVP_MD *mgf1_md, int salt_len)
{
EVP_PKEY_CTX *ctx;
@@ -173,7 +173,7 @@ err:
return ret;
}
-int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, unsigned int *slen, RSA *rsa)
+int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, size_t *slen, RSA *rsa)
{
int result;
EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
index b1a2f57abd..e47ca3bb63 100644
--- a/src/crypto/internal/boring/rsa.go
+++ b/src/crypto/internal/boring/rsa.go
@@ -200,7 +200,7 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
func cryptRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
padding C.int, h hash.Hash, label []byte, saltLen int, ch crypto.Hash,
init func(*C.GO_EVP_PKEY_CTX) C.int,
- crypt func(*C.GO_EVP_PKEY_CTX, *C.uint8_t, *C.uint, *C.uint8_t, C.uint) C.int,
+ crypt func(*C.GO_EVP_PKEY_CTX, *C.uint8_t, *C.size_t, *C.uint8_t, C.uint) C.int,
in []byte) ([]byte, error) {
pkey, ctx, err := setupRSA(withKey, padding, h, label, saltLen, ch, init)
@@ -210,7 +210,7 @@ func cryptRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
defer C._goboringcrypto_EVP_PKEY_free(pkey)
defer C._goboringcrypto_EVP_PKEY_CTX_free(ctx)
- var outLen C.uint
+ var outLen C.size_t
if crypt(ctx, nil, &outLen, base(in), C.uint(len(in))) == 0 {
return nil, NewOpenSSLError("EVP_PKEY_decrypt/encrypt failed")
}
@@ -251,7 +251,7 @@ func decryptInit(ctx *C.GO_EVP_PKEY_CTX) C.int {
return C._goboringcrypto_EVP_PKEY_decrypt_init(ctx)
}
-func decrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.uint, in *C.uint8_t, inLen C.uint) C.int {
+func decrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.size_t, in *C.uint8_t, inLen C.uint) C.int {
return C._goboringcrypto_EVP_PKEY_decrypt(ctx, out, outLen, in, inLen)
}
@@ -259,7 +259,7 @@ func encryptInit(ctx *C.GO_EVP_PKEY_CTX) C.int {
return C._goboringcrypto_EVP_PKEY_encrypt_init(ctx)
}
-func encrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.uint, in *C.uint8_t, inLen C.uint) C.int {
+func encrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.size_t, in *C.uint8_t, inLen C.uint) C.int {
return C._goboringcrypto_EVP_PKEY_encrypt(ctx, out, outLen, in, inLen)
}
@@ -307,10 +307,9 @@ func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte, msgIsHashed
return nil, errors.New("crypto/rsa: unsupported hash function: " + strconv.Itoa(int(h)))
}
- var out []byte
- var outLen C.uint
-
if msgIsHashed {
+ var out []byte
+ var outLen C.uint
PanicIfStrictFIPS("You must provide a raw unhashed message for PKCS1v15 signing and use HashSignPKCS1v15 instead of SignPKCS1v15")
nid := C._goboringcrypto_EVP_MD_type(md)
if priv.withKey(func(key *C.GO_RSA) C.int {
@@ -323,6 +322,9 @@ func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte, msgIsHashed
return out[:outLen], nil
}
+ var out []byte
+ var outLen C.size_t
+
if priv.withKey(func(key *C.GO_RSA) C.int {
return C._goboringcrypto_EVP_RSA_sign(md, base(msg), C.uint(len(msg)), base(out), &outLen, key)
}) == 0 {

310
SOURCES/disable_static_external_tests.patch
View File

@ -1,310 +0,0 @@
diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
index d9eb9c3..506f979 100644
--- a/src/cmd/dist/test.go
+++ b/src/cmd/dist/test.go
@@ -1180,18 +1180,20 @@ func (t *tester) cgoTest(dt *distTest) error {
fmt.Println("No support for static linking found (lacks libc.a?), skip cgo static linking test.")
} else {
if goos != "android" {
- t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`)
+ t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
}
t.addCmd(dt, "misc/cgo/nocgo", t.goTest())
t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external`)
if goos != "android" {
- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`)
+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
+ /*
t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", "-ldflags", `-linkmode=external -extldflags "-static -pthread"`)
// -static in CGO_LDFLAGS triggers a different code path
// than -static in -extldflags, so test both.
// See issue #16651.
cmd := t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static")
setEnv(cmd, "CGO_LDFLAGS", "-static -pthread")
+ */
}
}
@@ -1201,7 +1203,7 @@ func (t *tester) cgoTest(dt *distTest) error {
t.addCmd(dt, "misc/cgo/test", t.goTest(), "-buildmode=pie", "-ldflags=-linkmode=internal", "-tags=internal,internal_pie")
}
t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-buildmode=pie")
- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie")
+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", "-tags=no_openssl")
}
}
}
diff --git a/src/crypto/internal/boring/aes.go b/src/crypto/internal/boring/aes.go
index a495bd7..2c6107b 100644
--- a/src/crypto/internal/boring/aes.go
+++ b/src/crypto/internal/boring/aes.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package boring
diff --git a/src/crypto/internal/boring/aes_test.go b/src/crypto/internal/boring/aes_test.go
index 3b4c364..371bc20 100644
--- a/src/crypto/internal/boring/aes_test.go
+++ b/src/crypto/internal/boring/aes_test.go
@@ -1,9 +1,5 @@
-// +build linux
-// +build !android
-// +build !no_openssl
-// +build !cmd_go_bootstrap
-// +build !msan
-// +build cgo
+//go:build linux && !android && !no_openssl && !cmd_go_bootstrap && !msan && cgo && !static
+// +build linux,!android,!no_openssl,!cmd_go_bootstrap,!msan,cgo,!static
package boring
diff --git a/src/crypto/internal/boring/boring.go b/src/crypto/internal/boring/boring.go
index ec6e80c..05431b1 100644
--- a/src/crypto/internal/boring/boring.go
+++ b/src/crypto/internal/boring/boring.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package boring
diff --git a/src/crypto/internal/boring/ecdsa.go b/src/crypto/internal/boring/ecdsa.go
index f72da41..33ee442 100644
--- a/src/crypto/internal/boring/ecdsa.go
+++ b/src/crypto/internal/boring/ecdsa.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package boring
diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
index 4547ade..b8aaae4 100644
--- a/src/crypto/internal/boring/goboringcrypto.h
+++ b/src/crypto/internal/boring/goboringcrypto.h
@@ -1,6 +1,12 @@
// Copyright 2017 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// +build linux
+// +build !android
+// +build !no_openssl
+// +build !cmd_go_bootstrap
+// +build !msan
+// +build !static
// This header file describes the BoringCrypto ABI as built for use in Go.
// The BoringCrypto build for Go (which generates goboringcrypto_*.syso)
diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h
index 4820385..ac41482 100644
--- a/src/crypto/internal/boring/goopenssl.h
+++ b/src/crypto/internal/boring/goopenssl.h
@@ -6,6 +6,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
// This header file describes the OpenSSL ABI as built for use in Go.
diff --git a/src/crypto/internal/boring/hmac.go b/src/crypto/internal/boring/hmac.go
index 4e913c3..10cfbb3 100644
--- a/src/crypto/internal/boring/hmac.go
+++ b/src/crypto/internal/boring/hmac.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package boring
diff --git a/src/crypto/internal/boring/notboring.go b/src/crypto/internal/boring/notboring.go
index e513834..08c5245 100644
--- a/src/crypto/internal/boring/notboring.go
+++ b/src/crypto/internal/boring/notboring.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
package boring
diff --git a/src/crypto/internal/boring/openssl_ecdsa_signature.c b/src/crypto/internal/boring/openssl_ecdsa_signature.c
index 710d074..853be3d 100644
--- a/src/crypto/internal/boring/openssl_ecdsa_signature.c
+++ b/src/crypto/internal/boring/openssl_ecdsa_signature.c
@@ -3,6 +3,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
#include "goboringcrypto.h"
diff --git a/src/crypto/internal/boring/openssl_evp.c b/src/crypto/internal/boring/openssl_evp.c
index 36be702..331dfd3 100644
--- a/src/crypto/internal/boring/openssl_evp.c
+++ b/src/crypto/internal/boring/openssl_evp.c
@@ -3,6 +3,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
#include "goboringcrypto.h"
diff --git a/src/crypto/internal/boring/openssl_lock_setup.c b/src/crypto/internal/boring/openssl_lock_setup.c
index 955924e..c0f3435 100644
--- a/src/crypto/internal/boring/openssl_lock_setup.c
+++ b/src/crypto/internal/boring/openssl_lock_setup.c
@@ -3,6 +3,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
#include "goboringcrypto.h"
#include <stdio.h>
diff --git a/src/crypto/internal/boring/openssl_port_aead_gcm.c b/src/crypto/internal/boring/openssl_port_aead_gcm.c
index b39bf54..80c933a 100644
--- a/src/crypto/internal/boring/openssl_port_aead_gcm.c
+++ b/src/crypto/internal/boring/openssl_port_aead_gcm.c
@@ -4,6 +4,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
#include "goboringcrypto.h"
#include <openssl/err.h>
diff --git a/src/crypto/internal/boring/openssl_port_ctr128.c b/src/crypto/internal/boring/openssl_port_ctr128.c
index abaff5c..e2263a5 100644
--- a/src/crypto/internal/boring/openssl_port_ctr128.c
+++ b/src/crypto/internal/boring/openssl_port_ctr128.c
@@ -3,6 +3,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
#include "goboringcrypto.h"
diff --git a/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c b/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c
index 8418c38..39bf3ae 100644
--- a/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c
+++ b/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c
@@ -4,6 +4,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
// The following is a partial backport of crypto/evp/m_md5_sha1.c,
// commit cbc8a839959418d8a2c2e3ec6bdf394852c9501e on the
diff --git a/src/crypto/internal/boring/openssl_port_hmac.c b/src/crypto/internal/boring/openssl_port_hmac.c
index be7c71a..35e1860 100644
--- a/src/crypto/internal/boring/openssl_port_hmac.c
+++ b/src/crypto/internal/boring/openssl_port_hmac.c
@@ -4,6 +4,8 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
+
#include "goboringcrypto.h"
diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c
index 5174f66..a8008e9 100644
--- a/src/crypto/internal/boring/openssl_port_rsa.c
+++ b/src/crypto/internal/boring/openssl_port_rsa.c
@@ -4,6 +4,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
#include "goboringcrypto.h"
diff --git a/src/crypto/internal/boring/openssl_stub_rand.c b/src/crypto/internal/boring/openssl_stub_rand.c
index 18d6777..e8ac53b 100644
--- a/src/crypto/internal/boring/openssl_stub_rand.c
+++ b/src/crypto/internal/boring/openssl_stub_rand.c
@@ -3,6 +3,7 @@
// +build !no_openssl
// +build !cmd_go_bootstrap
// +build !msan
+// +build !static
#include "goboringcrypto.h"
#include <openssl/rand.h>
diff --git a/src/crypto/internal/boring/rand.go b/src/crypto/internal/boring/rand.go
index e9c334f..3adbd4d 100644
--- a/src/crypto/internal/boring/rand.go
+++ b/src/crypto/internal/boring/rand.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package boring
diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
index b1a2f57..0cabadb 100644
--- a/src/crypto/internal/boring/rsa.go
+++ b/src/crypto/internal/boring/rsa.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package boring
diff --git a/src/crypto/internal/boring/sha.go b/src/crypto/internal/boring/sha.go
index bdcc782..6184d6c 100644
--- a/src/crypto/internal/boring/sha.go
+++ b/src/crypto/internal/boring/sha.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package boring

288
SOURCES/disable_static_tests_part1.patch Normal file
View File

@ -0,0 +1,288 @@
diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
index 5f258a2..5dbbc42 100644
--- a/src/crypto/internal/backend/nobackend.go
+++ b/src/crypto/internal/backend/nobackend.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
package backend
diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
index d6d99b1..f2fe332 100644
--- a/src/crypto/internal/boring/goboringcrypto.h
+++ b/src/crypto/internal/boring/goboringcrypto.h
@@ -1,4 +1,5 @@
// Copyright 2017 The Go Authors. All rights reserved.
+// +build !static
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
diff --git a/src/crypto/internal/boring/syso/syso.go b/src/crypto/internal/boring/syso/syso.go
index b338754..db5ea1e 100644
--- a/src/crypto/internal/boring/syso/syso.go
+++ b/src/crypto/internal/boring/syso/syso.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build boringcrypto
+//go:build boringcrypto && !static
// This package only exists with GOEXPERIMENT=boringcrypto.
// It provides the actual syso file.
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
index 079fc3c..e826d0b 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
index 0b61e79..94d0c98 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
index afec529..d822152 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
index 6d6a562..17cc314 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
@@ -1,4 +1,5 @@
// Copyright 2017 The Go Authors. All rights reserved.
+// +build !static
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// +build linux
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
index ae40b93..17bc075 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
index 6f00177..f466b18 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
index 7c0b5d6..262af07 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
index d49194d..ff15054 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
index 2349db1..57fbb04 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
index 4379019..5034c46 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
index 49d40a7..3b3dbf8 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
index 7eb645e..1c3225a 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
@@ -1,4 +1,5 @@
// This file contains a port of the BoringSSL AEAD interface.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
index df4ebe3..876393b 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
index 2eedd5b..04510d3 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
@@ -1,4 +1,5 @@
// This file contains a backport of the EVP_md5_sha1 method.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
index 362d9e5..bebafef 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
@@ -1,4 +1,5 @@
// This file contains HMAC portability wrappers.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
index 2824147..8bc1d85 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
@@ -1,4 +1,5 @@
// This file contains RSA portability wrappers.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
index 22bd865..b7aa26b 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
index b3668b8..dcdae70 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
index 915c840..8623d9d 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
index 0b55ced..57309c0 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl

36
SOURCES/disable_static_tests_part2.patch Normal file
View File

@ -0,0 +1,36 @@
diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
index da5b179..6a772df 100644
--- a/src/cmd/dist/test.go
+++ b/src/cmd/dist/test.go
@@ -1247,18 +1247,20 @@ func (t *tester) cgoTest(dt *distTest) error {
fmt.Println("No support for static linking found (lacks libc.a?), skip cgo static linking test.")
} else {
if goos != "android" {
- t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
+ t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
}
t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), ".")
t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external`, ".")
if goos != "android" {
- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
+ /*
t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
// -static in CGO_LDFLAGS triggers a different code path
// than -static in -extldflags, so test both.
// See issue #16651.
cmd := t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", ".")
setEnv(cmd, "CGO_LDFLAGS", "-static -pthread")
+ */
}
}
@@ -1268,7 +1270,7 @@ func (t *tester) cgoTest(dt *distTest) error {
t.addCmd(dt, "misc/cgo/test", t.goTest(), "-buildmode=pie", "-ldflags=-linkmode=internal", "-tags=internal,internal_pie", ".")
}
t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-buildmode=pie", ".")
- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", ".")
+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", "-tags=no_openssl")
}
}
}

48
SOURCES/fix-memory-leak-evp-sign-verify.patch Normal file
View File

@ -0,0 +1,48 @@
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
index 2124978..1f853b4 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
@@ -44,7 +44,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
GO_RSA *rsa_key) {
int ret = 0;
GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
+ if (!pk)
+ return 0;
+
+ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
+ goto err;
if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
goto err;
@@ -64,6 +68,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
err:
if (ctx)
_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (pk)
+ _goboringcrypto_EVP_PKEY_free(pk);
return ret;
}
@@ -104,7 +110,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
int ret = 0;
EVP_PKEY_CTX *ctx;
GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
+ if (!pk)
+ return 0;
+
+ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
+ goto err;
if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
goto err;
@@ -124,6 +134,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
err:
if (ctx)
_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (pk)
+ _goboringcrypto_EVP_PKEY_free(pk);
return ret;
}

13
SOURCES/fix-test-1024-leaf-certs.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go
index 10d1cf0..51feb3b 100644
--- a/src/crypto/tls/boring_test.go
+++ b/src/crypto/tls/boring_test.go
@@ -326,7 +326,7 @@ func TestBoringCertAlgs(t *testing.T) {
I_M2 := boringCert(t, "I_M2", I_R1.key, M2_R1, boringCertCA|boringCertFIPSOK)
L1_I := boringCert(t, "L1_I", boringECDSAKey(t, elliptic.P384()), I_R1, boringCertLeaf|boringCertFIPSOK)
- L2_I := boringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf|boringCertNotBoring)
+ L2_I := boringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf)
// client verifying server cert
testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {

73
SOURCES/go1.5-zoneinfo_testing_only.patch
View File

@ -1,73 +0,0 @@
diff --git a/src/time/internal_test.go b/src/time/internal_test.go
index f0dddb7..415949a 100644
--- a/src/time/internal_test.go
+++ b/src/time/internal_test.go
@@ -4,13 +4,15 @@
package time
+import "runtime"
+
func init() {
// force US/Pacific for time zone tests
ForceUSPacificForTesting()
}
func initTestingZone() {
- z, err := loadLocation("America/Los_Angeles", zoneSources[len(zoneSources)-1:])
+ z, err := loadLocation("America/Los_Angeles", zoneSources)
if err != nil {
panic("cannot load America/Los_Angeles for testing: " + err.Error() + "; you may want to use -tags=timetzdata")
}
@@ -21,8 +23,9 @@ func initTestingZone() {
var OrigZoneSources = zoneSources
func forceZipFileForTesting(zipOnly bool) {
- zoneSources = make([]string, len(OrigZoneSources))
+ zoneSources = make([]string, len(OrigZoneSources)+1)
copy(zoneSources, OrigZoneSources)
+ zoneSources = append(zoneSources, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
if zipOnly {
zoneSources = zoneSources[len(zoneSources)-1:]
}
diff --git a/src/time/zoneinfo_test.go b/src/time/zoneinfo_test.go
index f032aa7..e3e5547 100644
--- a/src/time/zoneinfo_test.go
+++ b/src/time/zoneinfo_test.go
@@ -9,6 +9,7 @@ import (
"fmt"
"os"
"reflect"
+ "runtime"
"testing"
"time"
)
@@ -137,7 +138,7 @@ func TestLoadLocationFromTZData(t *testing.T) {
t.Fatal(err)
}
- tzinfo, err := time.LoadTzinfo(locationName, time.OrigZoneSources[len(time.OrigZoneSources)-1])
+ tzinfo, err := time.LoadTzinfo(locationName, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
if err != nil {
t.Fatal(err)
}
diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go
index 23f8b3c..228db1b 100644
--- a/src/time/zoneinfo_unix.go
+++ b/src/time/zoneinfo_unix.go
@@ -12,7 +12,6 @@
package time
import (
- "runtime"
"syscall"
)
@@ -22,7 +21,6 @@ var zoneSources = []string{
"/usr/share/zoneinfo/",
"/usr/share/lib/zoneinfo/",
"/usr/lib/locale/TZ/",
- runtime.GOROOT() + "/lib/time/zoneinfo.zip",
}
func initLocal() {

122
SOURCES/ppc64le-internal-linker-fix.patch Normal file
View File

@ -0,0 +1,122 @@
diff --git a/src/cmd/go/testdata/script/trampoline_reuse_test.txt b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
new file mode 100644
index 0000000000000..bca897c16d054
--- /dev/null
+++ b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
@@ -0,0 +1,100 @@
+# Verify PPC64 does not reuse a trampoline which is too far away.
+# This tests an edge case where the direct call relocation addend should
+# be ignored when computing the distance from the direct call to the
+# already placed trampoline
+[short] skip
+[!ppc64] [!ppc64le] skip
+[aix] skip
+
+# Note, this program does not run. Presumably, 'DWORD $0' is simpler to
+# assembly 2^26 or so times.
+#
+# We build something which should be laid out as such:
+#
+# bar.Bar
+# main.Func1
+# bar.Bar+400-tramp0
+# main.BigAsm
+# main.Func2
+# bar.Bar+400-tramp1
+#
+# bar.Bar needs to be placed far enough away to generate relocations
+# from main package calls. and main.Func1 and main.Func2 are placed
+# a bit more than the direct call limit apart, but not more than 0x400
+# bytes beyond it (to verify the reloc calc).
+
+go build
+
+-- go.mod --
+
+module foo
+
+go 1.19
+
+-- main.go --
+
+package main
+
+import "foo/bar"
+
+func Func1()
+
+func main() {
+ Func1()
+ bar.Bar2()
+}
+
+-- foo.s --
+
+TEXT main·Func1(SB),0,$0-0
+ CALL bar·Bar+0x400(SB)
+ CALL main·BigAsm(SB)
+// A trampoline will be placed here to bar.Bar
+
+// This creates a gap sufficiently large to prevent trampoline reuse
+#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
+#define NOP256 NOP64 NOP64 NOP64 NOP64
+#define NOP2S10 NOP256 NOP256 NOP256 NOP256
+#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
+#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
+#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
+#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
+#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
+#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
+#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
+#define BIGNOP NOP2S24 NOP2S24
+TEXT main·BigAsm(SB),0,$0-0
+ // Fill to the direct call limit so Func2 must generate a new trampoline.
+ // As the implicit trampoline above is just barely unreachable.
+ BIGNOP
+ MOVD $main·Func2(SB), R3
+
+TEXT main·Func2(SB),0,$0-0
+ CALL bar·Bar+0x400(SB)
+// Another trampoline should be placed here.
+
+-- bar/bar.s --
+
+#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
+#define NOP256 NOP64 NOP64 NOP64 NOP64
+#define NOP2S10 NOP256 NOP256 NOP256 NOP256
+#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
+#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
+#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
+#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
+#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
+#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
+#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
+#define BIGNOP NOP2S24 NOP2S24 NOP2S10
+// A very big not very interesting function.
+TEXT bar·Bar(SB),0,$0-0
+ BIGNOP
+
+-- bar/bar.go --
+
+package bar
+
+func Bar()
+
+func Bar2() {
+}
diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go
index 5d5fbe2a97735..6313879da083c 100644
--- a/src/cmd/link/internal/ppc64/asm.go
+++ b/src/cmd/link/internal/ppc64/asm.go
@@ -900,8 +900,9 @@ func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) {
if ldr.SymValue(tramp) == 0 {
break
}
-
- t = ldr.SymValue(tramp) + r.Add() - (ldr.SymValue(s) + int64(r.Off()))
+ // Note, the trampoline is always called directly. The addend of the original relocation is accounted for in the
+ // trampoline itself.
+ t = ldr.SymValue(tramp) - (ldr.SymValue(s) + int64(r.Off()))
// With internal linking, the trampoline can be used if it is not too far.
// With external linking, the trampoline must be in this section for it to be reused.

128
SOURCES/remove_ed25519vectors_test.patch
View File

@ -1,128 +0,0 @@
From d7cad65ab9179804e9f089ce97bc124e9ef79494 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
Date: Wed, 15 Dec 2021 16:02:15 +0100
Subject: [PATCH] Remove ed25519vectors_test.go
---
src/crypto/ed25519/ed25519vectors_test.go | 109 ----------------------
1 file changed, 109 deletions(-)
delete mode 100644 src/crypto/ed25519/ed25519vectors_test.go
diff --git a/src/crypto/ed25519/ed25519vectors_test.go b/src/crypto/ed25519/ed25519vectors_test.go
deleted file mode 100644
index 74fcdcdf4e..0000000000
--- a/src/crypto/ed25519/ed25519vectors_test.go
+++ /dev/null
@@ -1,109 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ed25519_test
-
-import (
- "crypto/ed25519"
- "encoding/hex"
- "encoding/json"
- "internal/testenv"
- "os"
- "os/exec"
- "path/filepath"
- "testing"
-)
-
-// TestEd25519Vectors runs a very large set of test vectors that exercise all
-// combinations of low-order points, low-order components, and non-canonical
-// encodings. These vectors lock in unspecified and spec-divergent behaviors in
-// edge cases that are not security relevant in most contexts, but that can
-// cause issues in consensus applications if changed.
-//
-// Our behavior matches the "classic" unwritten verification rules of the
-// "ref10" reference implementation.
-//
-// Note that although we test for these edge cases, they are not covered by the
-// Go 1 Compatibility Promise. Applications that need stable verification rules
-// should use github.com/hdevalence/ed25519consensus.
-//
-// See https://hdevalence.ca/blog/2020-10-04-its-25519am for more details.
-func TestEd25519Vectors(t *testing.T) {
- jsonVectors := downloadEd25519Vectors(t)
- var vectors []struct {
- A, R, S, M string
- Flags []string
- }
- if err := json.Unmarshal(jsonVectors, &vectors); err != nil {
- t.Fatal(err)
- }
- for i, v := range vectors {
- expectedToVerify := true
- for _, f := range v.Flags {
- switch f {
- // We use the simplified verification formula that doesn't multiply
- // by the cofactor, so any low order residue will cause the
- // signature not to verify.
- //
- // This is allowed, but not required, by RFC 8032.
- case "LowOrderResidue":
- expectedToVerify = false
- // Our point decoding allows non-canonical encodings (in violation
- // of RFC 8032) but R is not decoded: instead, R is recomputed and
- // compared bytewise against the canonical encoding.
- case "NonCanonicalR":
- expectedToVerify = false
- }
- }
-
- publicKey := decodeHex(t, v.A)
- signature := append(decodeHex(t, v.R), decodeHex(t, v.S)...)
- message := []byte(v.M)
-
- didVerify := ed25519.Verify(publicKey, message, signature)
- if didVerify && !expectedToVerify {
- t.Errorf("#%d: vector with flags %s unexpectedly verified", i, v.Flags)
- }
- if !didVerify && expectedToVerify {
- t.Errorf("#%d: vector with flags %s unexpectedly rejected", i, v.Flags)
- }
- }
-}
-
-func downloadEd25519Vectors(t *testing.T) []byte {
- testenv.MustHaveExternalNetwork(t)
-
- // Download the JSON test file from the GOPROXY with `go mod download`,
- // pinning the version so test and module caching works as expected.
- goTool := testenv.GoToolPath(t)
- path := "filippo.io/mostly-harmless/ed25519vectors@v0.0.0-20210322192420-30a2d7243a94"
- cmd := exec.Command(goTool, "mod", "download", "-json", path)
- // TODO: enable the sumdb once the TryBots proxy supports it.
- cmd.Env = append(os.Environ(), "GONOSUMDB=*")
- output, err := cmd.Output()
- if err != nil {
- t.Fatalf("failed to run `go mod download -json %s`, output: %s", path, output)
- }
- var dm struct {
- Dir string // absolute path to cached source root directory
- }
- if err := json.Unmarshal(output, &dm); err != nil {
- t.Fatal(err)
- }
-
- jsonVectors, err := os.ReadFile(filepath.Join(dm.Dir, "ed25519vectors.json"))
- if err != nil {
- t.Fatalf("failed to read ed25519vectors.json: %v", err)
- }
- return jsonVectors
-}
-
-func decodeHex(t *testing.T, s string) []byte {
- t.Helper()
- b, err := hex.DecodeString(s)
- if err != nil {
- t.Errorf("invalid hex: %v", err)
- }
- return b
-}
--
2.33.1

12
SOURCES/skip_test_rhbz1939923.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index b1cdabb..09eaace 100644
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -2993,6 +2993,7 @@ func (bs *brokenSigner) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) ([]byte
}
func TestCreateCertificateBrokenSigner(t *testing.T) {
+ t.Skip("TODO Fix me: rhbz#1939923")
template := &Certificate{
SerialNumber: big.NewInt(10),
DNSNames: []string{"example.com"},

116
SPECS/golang.spec
View File

@ -56,7 +56,7 @@
%endif
# Controls what ever we fail on failed tests
%ifarch x86_64 %{arm} aarch64 ppc64le
%ifarch x86_64 %{arm} aarch64 ppc64le s390x
%global fail_on_tests 1
%else
%global fail_on_tests 0
@ -95,20 +95,27 @@
%global gohostarch s390x
%endif
%global go_api 1.18
%global go_version 1.18.10
%global go_api 1.19
%global version 1.19.4
%global pkg_release 1
Name: golang
Version: %{go_version}
Release: 1%{?dist}
Version: %{version}
Release: 2%{?dist}
Summary: The Go Programming Language
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
License: BSD and Public Domain
URL: http://golang.org/
Source0: https://github.com/golang-fips/go/archive/refs/tags/go%{go_version}-%{pkg_release}-openssl-fips.tar.gz
Source0: https://github.com/golang/go/archive/refs/tags/go%{version}.tar.gz
# Go's FIPS mode bindings are now provided as a standalone
# module instead of in tree. This makes it easier to see
# the actual changes vs upstream Go. The module source is
# located at https://github.com/golang-fips/openssl-fips,
# And pre-genetated patches to set up the module for a given
# Go release are located at https://github.com/golang-fips/go.
Source1: https://github.com/golang-fips/go/archive/refs/tags/go%{version}-%{pkg_release}-openssl-fips.tar.gz
# make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
Source1: fedora.go
Source2: fedora.go
# The compiler is written in Go. Needs go(1.4+) compiler for build.
# Actual Go based bootstrap compiler provided by above source.
@ -133,22 +140,20 @@ Requires: %{name}-src = %{version}-%{release}
Requires: openssl-devel
Requires: diffutils
# we had been just removing the zoneinfo.zip, but that caused tests to fail for users that
# later run `go test -a std`. This makes it only use the zoneinfo.zip where needed in tests.
Patch215: go1.5-zoneinfo_testing_only.patch
# Proposed patch by jcajka https://golang.org/cl/86541
Patch221: fix_TestScript_list_std.patch
# static linking of dlopen is unsupported
Patch226: disable_static_external_tests.patch
Patch1939923: skip_test_rhbz1939923.patch
Patch223: remove_ed25519vectors_test.patch
Patch2: disable_static_tests_part1.patch
Patch3: disable_static_tests_part2.patch
Patch4: ppc64le-internal-linker-fix.patch
Patch5: fix-test-1024-leaf-certs.patch
Patch6: fix-memory-leak-evp-sign-verify.patch
Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
Patch229: big-endian.patch
# Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4
@ -236,16 +241,26 @@ Requires: %{name} = %{version}-%{release}
%endif
%prep
%setup -q -n go-go%{go_version}-%{pkg_release}-openssl-fips
%setup -q -n go-go%{version}
pushd ..
tar -xf %{SOURCE1}
popd
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch215 -p1
%patch221 -p1
%patch223 -p1
%patch226 -p1
%patch227 -p1
%patch229 -p1
cp %{SOURCE1} ./src/runtime/
%patch1939923 -p1
%patch227 -p1
cp %{SOURCE2} ./src/runtime/
%build
set -xe
@ -430,7 +445,7 @@ export CGO_ENABLED=0
%endif
# make sure to not timeout
export GO_TEST_TIMEOUT_SCALE=10
export GO_TEST_TIMEOUT_SCALE=2
export GO_TEST_RUN=""
%ifarch aarch64
@ -441,21 +456,20 @@ export GO_TEST_RUN=""
# TestEd25519Vectors needs network connectivity but it should be cover by
# this test https://pkgs.devel.redhat.com/cgit/tests/golang/tree/Regression/internal-testsuite/runtest.sh#n127
export DISABLE_Ed25519_TEST="-run=!^TestEd25519Vectors$"
./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN $DISABLE_Ed25519_TEST
./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN
# Run tests with FIPS enabled.
export GOLANG_FIPS=1
pushd crypto
# Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
go test $(go list ./... | grep -v tls) -v
# Check that signature functions have parity between boring and notboring
CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
popd
# Run all FIPS specific TLS tests
pushd crypto/tls
go test -v -run "Boring" $DISABLE_Ed25519_TEST
go test -v -run "Boring"
popd
%else
./run.bash --no-rebuild -v -v -v -k || :
@ -464,7 +478,7 @@ cd ..
%files
%doc AUTHORS CONTRIBUTORS LICENSE PATENTS
%doc LICENSE PATENTS
# VERSION has to be present in the GOROOT, for `go install std` to work
%doc %{goroot}/VERSION
%dir %{goroot}/doc
@ -518,25 +532,37 @@ cd ..
%endif
%changelog
* Thu Mar 02 2023 Alejandro Sáez <asm@redhat.com> - 1.18.10-1
- Update to Go 1.18.10
- Remove ./do-not-reuse-far-trampolines.patch
- Resolves: rhbz#2174417
* Tue Jan 3 2023 David Benoit <dbenoit@redhat.com> - 1.19.4-2
- Fix memory leaks in EVP_{sign,verify}_raw
- Resolves: rhbz#2132767
* Thu Dec 22 2022 Alejandro Sáez <asm@redhat.com> - 1.18.9-1
- Update to Go 1.18.9
- Add big-endian.patch
- Increase GO_TEST_TIMEOUT_SCALE due to a Brew issue
- Add do-not-reuse-far-trampolines.patch
- Resolves: rhbz#2149313
* Wed Dec 21 2022 David Benoit <dbenoit@redhat.com> - 1.19.4-1
- Rebase to Go 1.19.4
- Fix ppc64le linker issue
- Remove defunct patches
- Remove downstream generated FIPS mode patches
- Add golang-fips/go as the source for FIPS mode patches
- Resolves: rhbz#2144542
* Tue Oct 25 2022 David Benoit <dbenoit@redhat.com> - 1.18.7-2
- Fix version mismatch from previous rebase
- Related: rhbz#2136719
* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-4
- Enable big endian support in FIPS mode
- Resolves: rhbz#1969844
* Fri Oct 21 2022 David Benoit <dbenoit@redhat.com> - 1.18.7-1
- Update to Go 1.18.7
- Resolves: rhbz#2136719
* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-3
- Restore old HashSign/HashVerify API
- Resolves: rhbz#2132730
* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-2
- Add support for 4096 bit keys in x509
- Resolves: rhbz#2132694
* Thu Oct 13 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-1
- Rebase to Go 1.19.2
- Resolves: rhbz#2132730
* Wed Sep 14 2022 David Benoit <dbenoit@redhat.com> - 1.19.1-2
- Rebase to Go 1.19.1
- Resolves: rhbz#2131026
* Wed Aug 03 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-2
- Adds patch for PIE mode issues on PPC64LE