import golang-1.17.12-1.el9_0
This commit is contained in:
parent
e276c82a43
commit
7c2f01c33c
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/go-go-1.17.7-1-openssl-fips.tar.gz
|
||||
SOURCES/go1.17.12-1-openssl-fips.tar.gz
|
||||
|
@ -1 +1 @@
|
||||
139fe29f985b3feda50c407d194f1a102352388a SOURCES/go-go-1.17.7-1-openssl-fips.tar.gz
|
||||
ba529d47d6ee80a2ddca1a20dd5a5aa72ab9bdbd SOURCES/go1.17.12-1-openssl-fips.tar.gz
|
||||
|
134
SOURCES/openssl_deprecated_algorithm_tests.patch
Normal file
134
SOURCES/openssl_deprecated_algorithm_tests.patch
Normal file
@ -0,0 +1,134 @@
|
||||
diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go
|
||||
index 60c769c..b8aae23 100644
|
||||
--- a/src/crypto/rsa/pkcs1v15_test.go
|
||||
+++ b/src/crypto/rsa/pkcs1v15_test.go
|
||||
@@ -52,6 +52,7 @@ var decryptPKCS1v15Tests = []DecryptPKCS1v15Test{
|
||||
}
|
||||
|
||||
func TestDecryptPKCS1v15(t *testing.T) {
|
||||
+ t.Skip("not supported in FIPS mode")
|
||||
decryptionFuncs := []func([]byte) ([]byte, error){
|
||||
func(ciphertext []byte) (plaintext []byte, err error) {
|
||||
return DecryptPKCS1v15(nil, testRSA2048PrivateKey, ciphertext)
|
||||
@@ -76,6 +77,7 @@ func TestDecryptPKCS1v15(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestEncryptPKCS1v15(t *testing.T) {
|
||||
+ t.Skip("not supported in FIPS mode")
|
||||
random := rand.Reader
|
||||
k := (testRSA2048PrivateKey.N.BitLen() + 7) / 8
|
||||
|
||||
@@ -137,6 +139,7 @@ var decryptPKCS1v15SessionKeyTests = []DecryptPKCS1v15Test{
|
||||
}
|
||||
|
||||
func TestEncryptPKCS1v15SessionKey(t *testing.T) {
|
||||
+ t.Skip("not supported in FIPS mode")
|
||||
for i, test := range decryptPKCS1v15SessionKeyTests {
|
||||
key := []byte("FAIL")
|
||||
err := DecryptPKCS1v15SessionKey(nil, testRSA2048PrivateKey, decodeBase64(test.in), key)
|
||||
@@ -151,6 +154,7 @@ func TestEncryptPKCS1v15SessionKey(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestEncryptPKCS1v15DecrypterSessionKey(t *testing.T) {
|
||||
+ t.Skip("not supported in FIPS mode")
|
||||
for i, test := range decryptPKCS1v15SessionKeyTests {
|
||||
plaintext, err := testRSA2048PrivateKey.Decrypt(rand.Reader, decodeBase64(test.in), &PKCS1v15DecryptOptions{SessionKeyLen: 4})
|
||||
if err != nil {
|
||||
@@ -270,6 +274,7 @@ func TestUnpaddedSignature(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestShortSessionKey(t *testing.T) {
|
||||
+ t.Skip("not supported in FIPS mode")
|
||||
// This tests that attempting to decrypt a session key where the
|
||||
// ciphertext is too small doesn't run outside the array bounds.
|
||||
var keys []*PrivateKey
|
||||
diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go
|
||||
index 2032b4b..fdddfab 100644
|
||||
--- a/src/crypto/rsa/pss_test.go
|
||||
+++ b/src/crypto/rsa/pss_test.go
|
||||
@@ -77,6 +77,7 @@ func TestEMSAPSS(t *testing.T) {
|
||||
// TestPSSGolden tests all the test vectors in pss-vect.txt from
|
||||
// ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip
|
||||
func TestPSSGolden(t *testing.T) {
|
||||
+ t.Skip("SHA1 not supported in boring mode")
|
||||
inFile, err := os.Open("testdata/pss-vect.txt.bz2")
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to open input file: %s", err)
|
||||
diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go
|
||||
index cfe020e..d918841 100644
|
||||
--- a/src/crypto/rsa/rsa_test.go
|
||||
+++ b/src/crypto/rsa/rsa_test.go
|
||||
@@ -123,38 +123,29 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) {
|
||||
t.Errorf("private exponent too large")
|
||||
}
|
||||
|
||||
- if boring.Enabled() {
|
||||
- // Cannot call encrypt/decrypt directly. Test via PKCS1v15.
|
||||
- msg := []byte("hi!")
|
||||
- // Should not accept keys smaller than 2048 bits (256 bytes)
|
||||
- if priv.Size() >= 256 {
|
||||
- enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
|
||||
- if err != nil {
|
||||
- t.Errorf("EncryptPKCS1v15: %v", err)
|
||||
- return
|
||||
- }
|
||||
- dec, err := DecryptPKCS1v15(rand.Reader, priv, enc)
|
||||
- if err != nil {
|
||||
- t.Errorf("DecryptPKCS1v15: %v", err)
|
||||
- return
|
||||
- }
|
||||
- if !bytes.Equal(dec, msg) {
|
||||
- t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
|
||||
- }
|
||||
- } else {
|
||||
- enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
|
||||
- if err == nil {
|
||||
- t.Errorf("EncryptPKCS1v15: Should not accept key of size %v", priv.Size() * 8)
|
||||
- return
|
||||
- }
|
||||
- _ , err = DecryptPKCS1v15(rand.Reader, priv, enc)
|
||||
- if err == nil {
|
||||
- t.Errorf("DecryptPKCS1v15: Should not accept key of size %v", priv.Size() * 8)
|
||||
- return
|
||||
- }
|
||||
- }
|
||||
- return
|
||||
- }
|
||||
+ if boring.Enabled() {
|
||||
+ // Cannot call encrypt/decrypt directly. Test via EncryptOAEP.
|
||||
+ sha256 := sha256.New()
|
||||
+ msg := []byte("hi!")
|
||||
+ if priv.Size() >= 256 {
|
||||
+ enc, err := EncryptOAEP(sha256, rand.Reader, &priv.PublicKey, msg, nil)
|
||||
+ if err != nil {
|
||||
+ t.Errorf("EncryptOAEP: %v", err)
|
||||
+ return
|
||||
+ }
|
||||
+ dec, err := DecryptOAEP(sha256, rand.Reader, priv, enc, nil)
|
||||
+ if err != nil {
|
||||
+ t.Errorf("DecryptOAEP: %v", err)
|
||||
+ return
|
||||
+ }
|
||||
+ if !bytes.Equal(dec, msg) {
|
||||
+ t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
|
||||
+ }
|
||||
+ } else {
|
||||
+ t.Logf("skipping check for unsupported key less than 2048 bits")
|
||||
+ }
|
||||
+ return
|
||||
+ }
|
||||
|
||||
pub := &priv.PublicKey
|
||||
m := big.NewInt(42)
|
||||
@@ -323,6 +314,11 @@ func TestDecryptOAEP(t *testing.T) {
|
||||
private.PublicKey = PublicKey{N: n, E: test.e}
|
||||
private.D = d
|
||||
|
||||
+ if boring.Enabled() && private.PublicKey.Size() < 256 {
|
||||
+ t.Logf("skipping check for unsupported key less than 2048 bits")
|
||||
+ continue;
|
||||
+ }
|
||||
+ t.Logf("running check for supported key size")
|
||||
for j, message := range test.msgs {
|
||||
out, err := DecryptOAEP(sha1, nil, private, message.out, nil)
|
||||
if err != nil {
|
@ -1,151 +0,0 @@
|
||||
diff --git a/src/sync/waitgroup_test.go b/src/sync/waitgroup_test.go
|
||||
index c569e0faa2eb..4ded218d2d8d 100644
|
||||
--- a/src/sync/waitgroup_test.go
|
||||
+++ b/src/sync/waitgroup_test.go
|
||||
@@ -5,8 +5,6 @@
|
||||
package sync_test
|
||||
|
||||
import (
|
||||
- "internal/race"
|
||||
- "runtime"
|
||||
. "sync"
|
||||
"sync/atomic"
|
||||
"testing"
|
||||
@@ -48,12 +46,6 @@ func TestWaitGroup(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
-func knownRacy(t *testing.T) {
|
||||
- if race.Enabled {
|
||||
- t.Skip("skipping known-racy test under the race detector")
|
||||
- }
|
||||
-}
|
||||
-
|
||||
func TestWaitGroupMisuse(t *testing.T) {
|
||||
defer func() {
|
||||
err := recover()
|
||||
@@ -68,124 +60,6 @@ func TestWaitGroupMisuse(t *testing.T) {
|
||||
t.Fatal("Should panic")
|
||||
}
|
||||
|
||||
-// pollUntilEqual blocks until v, loaded atomically, is
|
||||
-// equal to the target.
|
||||
-func pollUntilEqual(v *uint32, target uint32) {
|
||||
- for {
|
||||
- for i := 0; i < 1e3; i++ {
|
||||
- if atomic.LoadUint32(v) == target {
|
||||
- return
|
||||
- }
|
||||
- }
|
||||
- // yield to avoid deadlock with the garbage collector
|
||||
- // see issue #20072
|
||||
- runtime.Gosched()
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-func TestWaitGroupMisuse2(t *testing.T) {
|
||||
- knownRacy(t)
|
||||
- if runtime.NumCPU() <= 4 {
|
||||
- t.Skip("NumCPU<=4, skipping: this test requires parallelism")
|
||||
- }
|
||||
- defer func() {
|
||||
- err := recover()
|
||||
- if err != "sync: negative WaitGroup counter" &&
|
||||
- err != "sync: WaitGroup misuse: Add called concurrently with Wait" &&
|
||||
- err != "sync: WaitGroup is reused before previous Wait has returned" {
|
||||
- t.Fatalf("Unexpected panic: %#v", err)
|
||||
- }
|
||||
- }()
|
||||
- defer runtime.GOMAXPROCS(runtime.GOMAXPROCS(4))
|
||||
- done := make(chan interface{}, 2)
|
||||
- // The detection is opportunistic, so we want it to panic
|
||||
- // at least in one run out of a million.
|
||||
- for i := 0; i < 1e6; i++ {
|
||||
- var wg WaitGroup
|
||||
- var here uint32
|
||||
- wg.Add(1)
|
||||
- go func() {
|
||||
- defer func() {
|
||||
- done <- recover()
|
||||
- }()
|
||||
- atomic.AddUint32(&here, 1)
|
||||
- pollUntilEqual(&here, 3)
|
||||
- wg.Wait()
|
||||
- }()
|
||||
- go func() {
|
||||
- defer func() {
|
||||
- done <- recover()
|
||||
- }()
|
||||
- atomic.AddUint32(&here, 1)
|
||||
- pollUntilEqual(&here, 3)
|
||||
- wg.Add(1) // This is the bad guy.
|
||||
- wg.Done()
|
||||
- }()
|
||||
- atomic.AddUint32(&here, 1)
|
||||
- pollUntilEqual(&here, 3)
|
||||
- wg.Done()
|
||||
- for j := 0; j < 2; j++ {
|
||||
- if err := <-done; err != nil {
|
||||
- panic(err)
|
||||
- }
|
||||
- }
|
||||
- }
|
||||
- t.Fatal("Should panic")
|
||||
-}
|
||||
-
|
||||
-func TestWaitGroupMisuse3(t *testing.T) {
|
||||
- knownRacy(t)
|
||||
- if runtime.NumCPU() <= 1 {
|
||||
- t.Skip("NumCPU==1, skipping: this test requires parallelism")
|
||||
- }
|
||||
- defer func() {
|
||||
- err := recover()
|
||||
- if err != "sync: negative WaitGroup counter" &&
|
||||
- err != "sync: WaitGroup misuse: Add called concurrently with Wait" &&
|
||||
- err != "sync: WaitGroup is reused before previous Wait has returned" {
|
||||
- t.Fatalf("Unexpected panic: %#v", err)
|
||||
- }
|
||||
- }()
|
||||
- defer runtime.GOMAXPROCS(runtime.GOMAXPROCS(4))
|
||||
- done := make(chan interface{}, 3)
|
||||
- // The detection is opportunistically, so we want it to panic
|
||||
- // at least in one run out of a million.
|
||||
- for i := 0; i < 1e6; i++ {
|
||||
- var wg WaitGroup
|
||||
- wg.Add(1)
|
||||
- go func() {
|
||||
- defer func() {
|
||||
- done <- recover()
|
||||
- }()
|
||||
- wg.Done()
|
||||
- }()
|
||||
- go func() {
|
||||
- defer func() {
|
||||
- done <- recover()
|
||||
- }()
|
||||
- wg.Wait()
|
||||
- // Start reusing the wg before waiting for the Wait below to return.
|
||||
- wg.Add(1)
|
||||
- go func() {
|
||||
- wg.Done()
|
||||
- }()
|
||||
- wg.Wait()
|
||||
- }()
|
||||
- go func() {
|
||||
- defer func() {
|
||||
- done <- recover()
|
||||
- }()
|
||||
- wg.Wait()
|
||||
- }()
|
||||
- for j := 0; j < 3; j++ {
|
||||
- if err := <-done; err != nil {
|
||||
- panic(err)
|
||||
- }
|
||||
- }
|
||||
- }
|
||||
- t.Fatal("Should panic")
|
||||
-}
|
||||
-
|
||||
func TestWaitGroupRace(t *testing.T) {
|
||||
// Run this test for about 1ms.
|
||||
for i := 0; i < 1000; i++ {
|
@ -96,7 +96,7 @@
|
||||
%endif
|
||||
|
||||
%global go_api 1.17
|
||||
%global go_version 1.17.7
|
||||
%global go_version 1.17.12
|
||||
%global pkg_release 1
|
||||
|
||||
Name: golang
|
||||
@ -106,7 +106,8 @@ Summary: The Go Programming Language
|
||||
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
|
||||
License: BSD and Public Domain
|
||||
URL: http://golang.org/
|
||||
Source0: https://pagure.io/go/archive/go-%{go_version}-%{pkg_release}-openssl-fips/go-go-%{go_version}-%{pkg_release}-openssl-fips.tar.gz
|
||||
Source0: https://github.com/golang-fips/go/archive/refs/tags/go%{go_version}-%{pkg_release}-openssl-fips.tar.gz
|
||||
|
||||
# make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
|
||||
Source1: fedora.go
|
||||
|
||||
@ -147,9 +148,10 @@ Patch221: fix_TestScript_list_std.patch
|
||||
# Port to openssl 3.0
|
||||
Patch1952381: rhbz1952381.patch
|
||||
|
||||
Patch222: remove_waitgroup_misuse_tests.patch
|
||||
Patch223: remove_ed25519vectors_test.patch
|
||||
|
||||
Patch224: openssl_deprecated_algorithm_tests.patch
|
||||
|
||||
# Having documentation separate was broken
|
||||
Obsoletes: %{name}-docs < 1.1-4
|
||||
|
||||
@ -237,7 +239,8 @@ Requires: %{name} = %{version}-%{release}
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q -n go-go-%{go_version}-%{pkg_release}-openssl-fips
|
||||
%setup -q -n go-go%{go_version}-%{pkg_release}-openssl-fips
|
||||
|
||||
|
||||
%patch215 -p1
|
||||
|
||||
@ -245,10 +248,10 @@ Requires: %{name} = %{version}-%{release}
|
||||
|
||||
%patch1952381 -p1
|
||||
|
||||
%patch222 -p1
|
||||
|
||||
%patch223 -p1
|
||||
|
||||
%patch224 -p1
|
||||
|
||||
cp %{SOURCE1} ./src/runtime/
|
||||
|
||||
%build
|
||||
@ -522,6 +525,14 @@ cd ..
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Jul 20 2022 David Benoit <dbenoit@redhat.com> - 1.17.12-1
|
||||
- Update Go to version 1.17.12
|
||||
- Resolves: rhbz#2109183
|
||||
|
||||
* Wed Jul 20 2022 David Benoit <dbenoit@redhat.com> - 1.17.7-2
|
||||
- Clean up dist-git patches
|
||||
- Resolves: rhbz#2109174
|
||||
|
||||
* Thu Feb 17 2022 David Benoit <dbenoit@redhat.com> - 1.17.7-1
|
||||
- Rebase to Go 1.17.7
|
||||
- Update ecdsa tests to reject SHA1 signatures in boring mode
|
||||
|
Loading…
Reference in New Issue
Block a user