rpms/golang
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase to Go 1.18.2

Browse Source 
Move to github.com/golang-fips/go
Resolves: rhbz#2075169
Resolves: rhbz#2060769
Resolves: rhbz#2067531
Resolves: rhbz#2067536
Resolves: rhbz#2067552
Resolves: rhbz#2025637
This commit is contained in:
David Benoit 2022-05-31 16:25:35 -04:00
parent 3a0f5dedeb
commit fec89770f6
No known key found for this signature in database
GPG Key ID: 58EDBABB7196BDD3
8 changed files with 136 additions and 1266 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -40,3 +40,4 @@
/go-go-1.16.6-3-openssl-fips.tar.gz
/go-go-1.17.2-1-openssl-fips.tar.gz
/go-go-1.17.5-1-openssl-fips.tar.gz
/go1.18.2-1-openssl-fips.tar.gz

100
deprecate_pkcs_tests.patch Normal file
View File

@ -0,0 +1,100 @@
diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go
index a4f2e2d..76701d2 100644
--- a/src/crypto/rsa/pkcs1v15_test.go
+++ b/src/crypto/rsa/pkcs1v15_test.go
@@ -52,6 +52,7 @@ var decryptPKCS1v15Tests = []DecryptPKCS1v15Test{
}
func TestDecryptPKCS1v15(t *testing.T) {
+ t.Skip("not supported in FIPS mode")
decryptionFuncs := []func([]byte) ([]byte, error){
func(ciphertext []byte) (plaintext []byte, err error) {
return DecryptPKCS1v15(nil, testRSA2048PrivateKey, ciphertext)
@@ -76,6 +77,7 @@ func TestDecryptPKCS1v15(t *testing.T) {
}
func TestEncryptPKCS1v15(t *testing.T) {
+ t.Skip("not supported in FIPS mode")
random := rand.Reader
k := (testRSA2048PrivateKey.N.BitLen() + 7) / 8
@@ -137,6 +139,7 @@ var decryptPKCS1v15SessionKeyTests = []DecryptPKCS1v15Test{
}
func TestEncryptPKCS1v15SessionKey(t *testing.T) {
+ t.Skip("not supported in FIPS mode")
for i, test := range decryptPKCS1v15SessionKeyTests {
key := []byte("FAIL")
err := DecryptPKCS1v15SessionKey(nil, testRSA2048PrivateKey, decodeBase64(test.in), key)
@@ -151,6 +154,7 @@ func TestEncryptPKCS1v15SessionKey(t *testing.T) {
}
func TestEncryptPKCS1v15DecrypterSessionKey(t *testing.T) {
+ t.Skip("not supported in FIPS mode")
for i, test := range decryptPKCS1v15SessionKeyTests {
plaintext, err := testRSA2048PrivateKey.Decrypt(rand.Reader, decodeBase64(test.in), &PKCS1v15DecryptOptions{SessionKeyLen: 4})
if err != nil {
@@ -270,6 +274,7 @@ func TestUnpaddedSignature(t *testing.T) {
}
func TestShortSessionKey(t *testing.T) {
+ t.Skip("not supported in FIPS mode")
// This tests that attempting to decrypt a session key where the
// ciphertext is too small doesn't run outside the array bounds.
ciphertext, err := EncryptPKCS1v15(rand.Reader, &testRSA2048PrivateKey.PublicKey, []byte{1})
diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go
index 9aa6765..2f4e666 100644
--- a/src/crypto/rsa/rsa_test.go
+++ b/src/crypto/rsa/rsa_test.go
@@ -123,28 +123,29 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) {
t.Errorf("private exponent too large")
}
- if boring.Enabled() {
- // Cannot call encrypt/decrypt directly. Test via PKCS1v15.
- msg := []byte("hi!")
- if priv.Size() >= 256 {
- enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
- if err != nil {
- t.Errorf("EncryptPKCS1v15: %v", err)
- return
- }
- dec, err := DecryptPKCS1v15(rand.Reader, priv, enc)
- if err != nil {
- t.Errorf("DecryptPKCS1v15: %v", err)
- return
- }
- if !bytes.Equal(dec, msg) {
- t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
- }
- } else {
- t.Logf("skipping check for unsupported key less than 2048 bits")
- }
- return
- }
+ if boring.Enabled() {
+ // Cannot call encrypt/decrypt directly. Test via EncryptOAEP.
+ sha256 := sha256.New()
+ msg := []byte("hi!")
+ if priv.Size() >= 256 {
+ enc, err := EncryptOAEP(sha256, rand.Reader, &priv.PublicKey, msg, nil)
+ if err != nil {
+ t.Errorf("EncryptOAEP: %v", err)
+ return
+ }
+ dec, err := DecryptOAEP(sha256, rand.Reader, priv, enc, nil)
+ if err != nil {
+ t.Errorf("DecryptOAEP: %v", err)
+ return
+ }
+ if !bytes.Equal(dec, msg) {
+ t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
+ }
+ } else {
+ t.Logf("skipping check for unsupported key less than 2048 bits")
+ }
+ return
+ }
pub := &priv.PublicKey
m := big.NewInt(42)

2
fix_TestScript_list_std.patch
View File

@ -1,5 +1,5 @@
diff --git a/src/cmd/go/testdata/script/list_std.txt b/src/cmd/go/testdata/script/list_std.txt
index 6ab1bd1674..4a00e436fd 100644
index 6ab1bd1..4a00e43 100644
--- a/src/cmd/go/testdata/script/list_std.txt
+++ b/src/cmd/go/testdata/script/list_std.txt
@@ -6,7 +6,7 @@ env GO111MODULE=off

27
go1.5-zoneinfo_testing_only.patch
View File

@ -1,6 +1,7 @@
diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go
--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go.time 2017-12-05 01:10:10.000000000 +0100
+++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go 2017-12-05 14:55:10.574637475 +0100
diff --git a/src/time/internal_test.go b/src/time/internal_test.go
index f0dddb7..415949a 100644
--- a/src/time/internal_test.go
+++ b/src/time/internal_test.go
@@ -4,13 +4,15 @@
package time
@ -16,7 +17,7 @@ diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go.t
- z, err := loadLocation("America/Los_Angeles", zoneSources[len(zoneSources)-1:])
+ z, err := loadLocation("America/Los_Angeles", zoneSources)
if err != nil {
panic("cannot load America/Los_Angeles for testing: " + err.Error())
panic("cannot load America/Los_Angeles for testing: " + err.Error() + "; you may want to use -tags=timetzdata")
}
@@ -21,8 +23,9 @@ func initTestingZone() {
var OrigZoneSources = zoneSources
@ -29,10 +30,11 @@ diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go.t
if zipOnly {
zoneSources = zoneSources[len(zoneSources)-1:]
}
diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go
--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go.time 2017-12-05 01:10:10.000000000 +0100
+++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go 2017-12-05 14:58:09.823109248 +0100
@@ -8,6 +8,7 @@ import (
diff --git a/src/time/zoneinfo_test.go b/src/time/zoneinfo_test.go
index f032aa7..e3e5547 100644
--- a/src/time/zoneinfo_test.go
+++ b/src/time/zoneinfo_test.go
@@ -9,6 +9,7 @@ import (
"fmt"
"os"
"reflect"
@ -40,7 +42,7 @@ diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go.t
"testing"
"time"
)
@@ -128,7 +129,7 @@ func TestLoadLocationFromTZData(t *testi
@@ -137,7 +138,7 @@ func TestLoadLocationFromTZData(t *testing.T) {
t.Fatal(err)
}
@ -49,9 +51,10 @@ diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go.t
if err != nil {
t.Fatal(err)
}
diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go
--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go.time 2017-12-05 01:10:10.000000000 +0100
+++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go 2017-12-05 14:55:10.574637475 +0100
diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go
index 23f8b3c..228db1b 100644
--- a/src/time/zoneinfo_unix.go
+++ b/src/time/zoneinfo_unix.go
@@ -12,7 +12,6 @@
package time

36
golang.spec
View File

@ -95,8 +95,8 @@
%global gohostarch s390x
%endif
%global go_api 1.17
%global go_version 1.17.5
%global go_api 1.18
%global go_version 1.18.2
%global pkg_release 1
Name: golang
@ -106,7 +106,7 @@ Summary: The Go Programming Language
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
License: BSD and Public Domain
URL: http://golang.org/
Source0: https://pagure.io/go/archive/go-%{go_version}-%{pkg_release}-openssl-fips/go-go-%{go_version}-%{pkg_release}-openssl-fips.tar.gz
Source0: https://github.com/golang-fips/go/archive/refs/tags/go%{go_version}-%{pkg_release}-openssl-fips.tar.gz
# make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
Source1: fedora.go
@ -144,12 +144,10 @@ Patch215: go1.5-zoneinfo_testing_only.patch
# Proposed patch by jcajka https://golang.org/cl/86541
Patch221: fix_TestScript_list_std.patch
# Port to openssl 3.0
Patch1952381: rhbz1952381.patch
Patch222: remove_waitgroup_misuse_tests.patch
Patch223: remove_ed25519vectors_test.patch
Patch224: deprecate_pkcs_tests.patch
# Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4
@ -237,18 +235,16 @@ Requires: %{name} = %{version}-%{release}
%endif
%prep
%setup -q -n go-go-%{go_version}-%{pkg_release}-openssl-fips
%setup -q -n go-go%{go_version}-%{pkg_release}-openssl-fips
%patch215 -p1
%patch221 -p1
%patch1952381 -p1
%patch222 -p1
%patch223 -p1
%patch224 -p1
cp %{SOURCE1} ./src/runtime/
%build
@ -431,12 +427,6 @@ export GO_LDFLAGS="-extldflags '$RPM_LD_FLAGS'"
export CGO_ENABLED=0
%endif
# work around aarch64 issue
# https://src.fedoraproject.org/rpms/golang/c/ea99ebaff6b9561243bb43039458771edb691eaf?branch=f32
%ifarch aarch64
export CGO_CFLAGS="-mno-outline-atomics"
%endif
# make sure to not timeout
export GO_TEST_TIMEOUT_SCALE=2
@ -522,6 +512,16 @@ cd ..
%endif
%changelog
* Mon May 02 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-1
- Rebase to Go 1.18.2
- Move to github.com/golang-fips/go
- Resolves: rhbz#2075169
- Resolves: rhbz#2060769
- Resolves: rhbz#2067531
- Resolves: rhbz#2067536
- Resolves: rhbz#2067552
- Resolves: rhbz#2025637
* Mon Dec 13 2021 Alejandro Sáez <asm@redhat.com> - 1.17.5-1
- Rebase to Go 1.17.5
- Add remove_waitgroup_misuse_tests patch

151
remove_waitgroup_misuse_tests.patch
View File

@ -1,151 +0,0 @@
diff --git a/src/sync/waitgroup_test.go b/src/sync/waitgroup_test.go
index c569e0faa2eb..4ded218d2d8d 100644
--- a/src/sync/waitgroup_test.go
+++ b/src/sync/waitgroup_test.go
@@ -5,8 +5,6 @@
package sync_test
import (
- "internal/race"
- "runtime"
. "sync"
"sync/atomic"
"testing"
@@ -48,12 +46,6 @@ func TestWaitGroup(t *testing.T) {
}
}
-func knownRacy(t *testing.T) {
- if race.Enabled {
- t.Skip("skipping known-racy test under the race detector")
- }
-}
-
func TestWaitGroupMisuse(t *testing.T) {
defer func() {
err := recover()
@@ -68,124 +60,6 @@ func TestWaitGroupMisuse(t *testing.T) {
t.Fatal("Should panic")
}
-// pollUntilEqual blocks until v, loaded atomically, is
-// equal to the target.
-func pollUntilEqual(v *uint32, target uint32) {
- for {
- for i := 0; i < 1e3; i++ {
- if atomic.LoadUint32(v) == target {
- return
- }
- }
- // yield to avoid deadlock with the garbage collector
- // see issue #20072
- runtime.Gosched()
- }
-}
-
-func TestWaitGroupMisuse2(t *testing.T) {
- knownRacy(t)
- if runtime.NumCPU() <= 4 {
- t.Skip("NumCPU<=4, skipping: this test requires parallelism")
- }
- defer func() {
- err := recover()
- if err != "sync: negative WaitGroup counter" &&
- err != "sync: WaitGroup misuse: Add called concurrently with Wait" &&
- err != "sync: WaitGroup is reused before previous Wait has returned" {
- t.Fatalf("Unexpected panic: %#v", err)
- }
- }()
- defer runtime.GOMAXPROCS(runtime.GOMAXPROCS(4))
- done := make(chan interface{}, 2)
- // The detection is opportunistic, so we want it to panic
- // at least in one run out of a million.
- for i := 0; i < 1e6; i++ {
- var wg WaitGroup
- var here uint32
- wg.Add(1)
- go func() {
- defer func() {
- done <- recover()
- }()
- atomic.AddUint32(&here, 1)
- pollUntilEqual(&here, 3)
- wg.Wait()
- }()
- go func() {
- defer func() {
- done <- recover()
- }()
- atomic.AddUint32(&here, 1)
- pollUntilEqual(&here, 3)
- wg.Add(1) // This is the bad guy.
- wg.Done()
- }()
- atomic.AddUint32(&here, 1)
- pollUntilEqual(&here, 3)
- wg.Done()
- for j := 0; j < 2; j++ {
- if err := <-done; err != nil {
- panic(err)
- }
- }
- }
- t.Fatal("Should panic")
-}
-
-func TestWaitGroupMisuse3(t *testing.T) {
- knownRacy(t)
- if runtime.NumCPU() <= 1 {
- t.Skip("NumCPU==1, skipping: this test requires parallelism")
- }
- defer func() {
- err := recover()
- if err != "sync: negative WaitGroup counter" &&
- err != "sync: WaitGroup misuse: Add called concurrently with Wait" &&
- err != "sync: WaitGroup is reused before previous Wait has returned" {
- t.Fatalf("Unexpected panic: %#v", err)
- }
- }()
- defer runtime.GOMAXPROCS(runtime.GOMAXPROCS(4))
- done := make(chan interface{}, 3)
- // The detection is opportunistically, so we want it to panic
- // at least in one run out of a million.
- for i := 0; i < 1e6; i++ {
- var wg WaitGroup
- wg.Add(1)
- go func() {
- defer func() {
- done <- recover()
- }()
- wg.Done()
- }()
- go func() {
- defer func() {
- done <- recover()
- }()
- wg.Wait()
- // Start reusing the wg before waiting for the Wait below to return.
- wg.Add(1)
- go func() {
- wg.Done()
- }()
- wg.Wait()
- }()
- go func() {
- defer func() {
- done <- recover()
- }()
- wg.Wait()
- }()
- for j := 0; j < 3; j++ {
- if err := <-done; err != nil {
- panic(err)
- }
- }
- }
- t.Fatal("Should panic")
-}
-
func TestWaitGroupRace(t *testing.T) {
// Run this test for about 1ms.
for i := 0; i < 1000; i++ {

1083
rhbz1952381.patch
View File

File diff suppressed because it is too large Load Diff

2
sources
View File

@ -1 +1 @@
SHA512 (go-go-1.17.5-1-openssl-fips.tar.gz) = c73f0909b614fcc098c3bce48dbea97cc1638a69189d5326a4745c1a2120af290878e36f69391ab1b0c3c6f5fb23c7b179e7cf61e7db47372fa0d751b48345cc
SHA512 (go1.18.2-1-openssl-fips.tar.gz) = 419221baddafd0654132f5f85001bdfe81691d73fa91f05150c9d39fdacce5acb2140cbfe5f9fa11f7934bde9554cea3eded493069162eebe554bf1e3b917302