From 35eb386c3a49827b43824bc6ae72e1b74d6b2207 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
Date: Wed, 10 Aug 2022 16:49:25 +0200
Subject: [PATCH] Update to Go 1.18.4

Resolves: rhbz#2109180
Deprecates keys smaller than 2048 bits in TestDecryptOAEP in boring mode
---
 golang.spec                              | 14 +++++++++-----
 openssl_deprecated_algorithm_tests.patch | 12 ++++++++++++
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/golang.spec b/golang.spec
index 9a15bf9..9407f5f 100644
--- a/golang.spec
+++ b/golang.spec
@@ -101,7 +101,7 @@
 
 Name:           golang
 Version:        %{go_version}
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@@ -436,18 +436,17 @@ export GO_TEST_RUN=""
 
 ./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN
 
-#export OPENSSL_FORCE_FIPS_MODE=1
+export OPENSSL_FORCE_FIPS_MODE=1
 # Run tests with FIPS enabled.
-GOLANG_FIPS=1 
 pushd crypto
   # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
-  go test $(go list ./... | grep -v tls) -v
+  GOLANG_FIPS=1 go test $(go list ./... | grep -v tls) -v
   # Check that signature functions have parity between boring and notboring
   CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
 popd
 # Run all FIPS specific TLS tests
 pushd crypto/tls
-  go test -v -run "Boring"
+  GOLANG_FIPS=1 go test -v -run "Boring"
 popd
 %else
 ./run.bash --no-rebuild -v -v -v -k || :
@@ -510,6 +509,11 @@ cd ..
 %endif
 
 %changelog
+* Wed Aug 10 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-2
+- Update to Go 1.18.4
+- Resolves: rhbz#2109180
+- Deprecates keys smaller than 2048 bits in TestDecryptOAEP in boring mode
+
 * Fri Aug 05 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-1
 - Update to Go 1.18.4
 - Resolves: rhbz#2109180
diff --git a/openssl_deprecated_algorithm_tests.patch b/openssl_deprecated_algorithm_tests.patch
index 46f8822..23c55a8 100644
--- a/openssl_deprecated_algorithm_tests.patch
+++ b/openssl_deprecated_algorithm_tests.patch
@@ -110,3 +110,15 @@ index 9aa67655ab..2f4e666abb 100644
  
  	pub := &priv.PublicKey
  	m := big.NewInt(42)
+@@ -312,6 +312,11 @@ func TestDecryptOAEP(t *testing.T) {
+ 		private.PublicKey = PublicKey{N: n, E: test.e}
+ 		private.D = d
+ 
++		if boring.Enabled() && private.PublicKey.Size() < 256 {
++			t.Logf("skipping check for unsupported key less than 2048 bits")
++			continue
++		}
++		t.Logf("running check for supported key size")
+ 		for j, message := range test.msgs {
+ 			out, err := DecryptOAEP(sha1, nil, private, message.out, nil)
+ 			if err != nil {