Compare commits
No commits in common. "imports/c8s-stream-rhel8/golang-1.19.1-2.module+el8.8.0+16778+5fbb74f5" and "c8-stream-rhel8" have entirely different histories.
imports/c8
...
c8-stream-
|
@ -1 +1,2 @@
|
|||
SOURCES/go1.19.1.tar.gz
|
||||
SOURCES/go1.21.9-1-openssl-fips.tar.gz
|
||||
SOURCES/go1.21.9.tar.gz
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
564d4664e5fafb4da637a01aa62501336d79135f SOURCES/go1.19.1.tar.gz
|
||||
1162b641e8b23110eaab7496003585ea6c786158 SOURCES/go1.21.9-1-openssl-fips.tar.gz
|
||||
54c038c82c82ebe2ad4ee2d0a3d7c4d39809f59a SOURCES/go1.21.9.tar.gz
|
||||
|
|
|
@ -1,427 +0,0 @@
|
|||
diff --git a/src/cmd/go/testdata/script/gopath_std_vendor.txt b/src/cmd/go/testdata/script/gopath_std_vendor.txt
|
||||
index a0a41a5..208aa70 100644
|
||||
--- a/src/cmd/go/testdata/script/gopath_std_vendor.txt
|
||||
+++ b/src/cmd/go/testdata/script/gopath_std_vendor.txt
|
||||
@@ -21,11 +21,11 @@ go build .
|
||||
|
||||
go list -deps -f '{{.ImportPath}} {{.Dir}}' .
|
||||
stdout $GOPATH[/\\]src[/\\]vendor[/\\]golang.org[/\\]x[/\\]net[/\\]http2[/\\]hpack
|
||||
-! stdout $GOROOT[/\\]src[/\\]vendor
|
||||
+! stdout $GOROOT[/\\]src[/\\]vendor[/\\]golang.org[/\\]x[/\\]net[/\\]http2[/\\]hpack
|
||||
|
||||
go list -test -deps -f '{{.ImportPath}} {{.Dir}}' .
|
||||
stdout $GOPATH[/\\]src[/\\]vendor[/\\]golang.org[/\\]x[/\\]net[/\\]http2[/\\]hpack
|
||||
-! stdout $GOROOT[/\\]src[/\\]vendor
|
||||
+! stdout $GOROOT[/\\]src[/\\]vendor[/\\]golang.org[/\\]x[/\\]net[/\\]http2[/\\]hpack
|
||||
|
||||
-- issue16333/issue16333.go --
|
||||
package vendoring17
|
||||
diff --git a/src/crypto/ed25519/ed25519_test.go b/src/crypto/ed25519/ed25519_test.go
|
||||
index 7c51817..102c4e5 100644
|
||||
--- a/src/crypto/ed25519/ed25519_test.go
|
||||
+++ b/src/crypto/ed25519/ed25519_test.go
|
||||
@@ -187,6 +187,7 @@ func TestMalleability(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestAllocations(t *testing.T) {
|
||||
+ t.Skip("Allocations test broken with openssl linkage")
|
||||
if boring.Enabled {
|
||||
t.Skip("skipping allocations test with BoringCrypto")
|
||||
}
|
||||
diff --git a/src/crypto/ed25519/ed25519vectors_test.go b/src/crypto/ed25519/ed25519vectors_test.go
|
||||
index f933f28..223ce04 100644
|
||||
--- a/src/crypto/ed25519/ed25519vectors_test.go
|
||||
+++ b/src/crypto/ed25519/ed25519vectors_test.go
|
||||
@@ -72,6 +72,7 @@ func TestEd25519Vectors(t *testing.T) {
|
||||
}
|
||||
|
||||
func downloadEd25519Vectors(t *testing.T) []byte {
|
||||
+ t.Skip("skipping test that downloads external data")
|
||||
testenv.MustHaveExternalNetwork(t)
|
||||
|
||||
// Create a temp dir and modcache subdir.
|
||||
diff --git a/src/crypto/internal/backend/bbig/big.go b/src/crypto/internal/backend/bbig/big.go
|
||||
new file mode 100644
|
||||
index 0000000..c0800df
|
||||
--- /dev/null
|
||||
+++ b/src/crypto/internal/backend/bbig/big.go
|
||||
@@ -0,0 +1,38 @@
|
||||
+// Copyright 2022 The Go Authors. All rights reserved.
|
||||
+// Use of this source code is governed by a BSD-style
|
||||
+// license that can be found in the LICENSE file.
|
||||
+
|
||||
+// This is a mirror of crypto/internal/boring/bbig/big.go.
|
||||
+
|
||||
+package bbig
|
||||
+
|
||||
+import (
|
||||
+ "math/big"
|
||||
+ "unsafe"
|
||||
+
|
||||
+ "github.com/golang-fips/openssl-fips/openssl"
|
||||
+)
|
||||
+
|
||||
+func Enc(b *big.Int) openssl.BigInt {
|
||||
+ if b == nil {
|
||||
+ return nil
|
||||
+ }
|
||||
+ x := b.Bits()
|
||||
+ if len(x) == 0 {
|
||||
+ return openssl.BigInt{}
|
||||
+ }
|
||||
+ // TODO: Use unsafe.Slice((*uint)(&x[0]), len(x)) once go1.16 is no longer supported.
|
||||
+ return (*(*[]uint)(unsafe.Pointer(&x)))[:len(x)]
|
||||
+}
|
||||
+
|
||||
+func Dec(b openssl.BigInt) *big.Int {
|
||||
+ if b == nil {
|
||||
+ return nil
|
||||
+ }
|
||||
+ if len(b) == 0 {
|
||||
+ return new(big.Int)
|
||||
+ }
|
||||
+ // TODO: Use unsafe.Slice((*uint)(&b[0]), len(b)) once go1.16 is no longer supported.
|
||||
+ x := (*(*[]big.Word)(unsafe.Pointer(&b)))[:len(b)]
|
||||
+ return new(big.Int).SetBits(x)
|
||||
+}
|
||||
diff --git a/src/crypto/internal/backend/dummy.s b/src/crypto/internal/backend/dummy.s
|
||||
new file mode 100644
|
||||
index 0000000..e69de29
|
||||
diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
|
||||
new file mode 100644
|
||||
index 0000000..1d75287
|
||||
--- /dev/null
|
||||
+++ b/src/crypto/internal/backend/nobackend.go
|
||||
@@ -0,0 +1,140 @@
|
||||
+// Copyright 2017 The Go Authors. All rights reserved.
|
||||
+// Use of this source code is governed by a BSD-style
|
||||
+// license that can be found in the LICENSE file.
|
||||
+
|
||||
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
|
||||
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
|
||||
+
|
||||
+package backend
|
||||
+
|
||||
+import (
|
||||
+ "crypto"
|
||||
+ "crypto/cipher"
|
||||
+ "crypto/internal/boring/sig"
|
||||
+ "github.com/golang-fips/openssl-fips/openssl"
|
||||
+ "hash"
|
||||
+)
|
||||
+
|
||||
+var enabled = false
|
||||
+
|
||||
+// Unreachable marks code that should be unreachable
|
||||
+// when BoringCrypto is in use. It is a no-op without BoringCrypto.
|
||||
+func Unreachable() {
|
||||
+ // Code that's unreachable when using BoringCrypto
|
||||
+ // is exactly the code we want to detect for reporting
|
||||
+ // standard Go crypto.
|
||||
+ sig.StandardCrypto()
|
||||
+}
|
||||
+
|
||||
+// UnreachableExceptTests marks code that should be unreachable
|
||||
+// when BoringCrypto is in use. It is a no-op without BoringCrypto.
|
||||
+func UnreachableExceptTests() {}
|
||||
+
|
||||
+func ExecutingTest() bool { return false }
|
||||
+
|
||||
+// This is a noop withotu BoringCrytpo.
|
||||
+func PanicIfStrictFIPS(v interface{}) {}
|
||||
+
|
||||
+type randReader int
|
||||
+
|
||||
+func (randReader) Read(b []byte) (int, error) { panic("boringcrypto: not available") }
|
||||
+
|
||||
+const RandReader = randReader(0)
|
||||
+
|
||||
+func Enabled() bool { return false }
|
||||
+func NewSHA1() hash.Hash { panic("boringcrypto: not available") }
|
||||
+func NewSHA224() hash.Hash { panic("boringcrypto: not available") }
|
||||
+func NewSHA256() hash.Hash { panic("boringcrypto: not available") }
|
||||
+func NewSHA384() hash.Hash { panic("boringcrypto: not available") }
|
||||
+func NewSHA512() hash.Hash { panic("boringcrypto: not available") }
|
||||
+func SHA1(_ []byte) [20]byte { panic("boringcrypto: not available") }
|
||||
+func SHA224(_ []byte) [28]byte { panic("boringcrypto: not available") }
|
||||
+func SHA256(_ []byte) [32]byte { panic("boringcrypto: not available") }
|
||||
+func SHA384(_ []byte) [48]byte { panic("boringcrypto: not available") }
|
||||
+func SHA512(_ []byte) [64]byte { panic("boringcrypto: not available") }
|
||||
+
|
||||
+func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { panic("boringcrypto: not available") }
|
||||
+
|
||||
+func NewAESCipher(key []byte) (cipher.Block, error) { panic("boringcrypto: not available") }
|
||||
+
|
||||
+type PublicKeyECDSA struct{ _ int }
|
||||
+type PrivateKeyECDSA struct{ _ int }
|
||||
+
|
||||
+func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func GenerateKeyECDSA(curve string) (X, Y, D openssl.BigInt, err error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func NewPrivateKeyECDSA(curve string, X, Y, D openssl.BigInt) (*PrivateKeyECDSA, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func NewPublicKeyECDSA(curve string, X, Y openssl.BigInt) (*PublicKeyECDSA, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func SignECDSA(priv *PrivateKeyECDSA, hash []byte, h crypto.Hash) (r, s openssl.BigInt, err error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func VerifyECDSA(pub *PublicKeyECDSA, hash, sig []byte) bool {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+
|
||||
+type PublicKeyECDH struct{ _ int }
|
||||
+type PrivateKeyECDH struct{ _ int }
|
||||
+
|
||||
+func GenerateKeyECDH(curve string) (X, Y, D openssl.BigInt, err error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func NewPrivateKeyECDH(curve string, X, Y, D openssl.BigInt) (*PrivateKeyECDH, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func NewPublicKeyECDH(curve string, X, Y openssl.BigInt) (*PublicKeyECDH, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func SharedKeyECDH(priv *PrivateKeyECDH, peerPublicKey []byte) ([]byte, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+
|
||||
+type PublicKeyRSA struct{ _ int }
|
||||
+type PrivateKeyRSA struct{ _ int }
|
||||
+
|
||||
+func DecryptRSAOAEP(h hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func EncryptRSAOAEP(h hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv openssl.BigInt, err error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv openssl.BigInt) (*PrivateKeyRSA, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func NewPublicKeyRSA(N, E openssl.BigInt) (*PublicKeyRSA, error) { panic("boringcrypto: not available") }
|
||||
+func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, msgHashed bool) ([]byte, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, msgHashed bool) error {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
+func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
|
||||
new file mode 100644
|
||||
index 0000000..4c327e0
|
||||
--- /dev/null
|
||||
+++ b/src/crypto/internal/backend/openssl.go
|
||||
@@ -0,0 +1,92 @@
|
||||
+// Copyright 2017 The Go Authors. All rights reserved.
|
||||
+// Use of this source code is governed by a BSD-style
|
||||
+// license that can be found in the LICENSE file.
|
||||
+
|
||||
+//go:build linux && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl
|
||||
+// +build linux,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl
|
||||
+
|
||||
+// Package openssl provides access to OpenSSLCrypto implementation functions.
|
||||
+// Check the variable Enabled to find out whether OpenSSLCrypto is available.
|
||||
+// If OpenSSLCrypto is not available, the functions in this package all panic.
|
||||
+package backend
|
||||
+
|
||||
+import (
|
||||
+ "github.com/golang-fips/openssl-fips/openssl"
|
||||
+)
|
||||
+
|
||||
+// Enabled controls whether FIPS crypto is enabled.
|
||||
+var Enabled = openssl.Enabled
|
||||
+
|
||||
+// Unreachable marks code that should be unreachable
|
||||
+// when OpenSSLCrypto is in use. It panics only when
|
||||
+// the system is in FIPS mode.
|
||||
+func Unreachable() {
|
||||
+ if Enabled() {
|
||||
+ panic("opensslcrypto: invalid code execution")
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+// Provided by runtime.crypto_backend_runtime_arg0 to avoid os import.
|
||||
+func runtime_arg0() string
|
||||
+
|
||||
+func hasSuffix(s, t string) bool {
|
||||
+ return len(s) > len(t) && s[len(s)-len(t):] == t
|
||||
+}
|
||||
+
|
||||
+// UnreachableExceptTests marks code that should be unreachable
|
||||
+// when OpenSSLCrypto is in use. It panics.
|
||||
+func UnreachableExceptTests() {
|
||||
+ name := runtime_arg0()
|
||||
+ // If OpenSSLCrypto ran on Windows we'd need to allow _test.exe and .test.exe as well.
|
||||
+ if Enabled() && !hasSuffix(name, "_test") && !hasSuffix(name, ".test") {
|
||||
+ println("opensslcrypto: unexpected code execution in", name)
|
||||
+ panic("opensslcrypto: invalid code execution")
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+var ExecutingTest = openssl.ExecutingTest
|
||||
+
|
||||
+const RandReader = openssl.RandReader
|
||||
+
|
||||
+var NewGCMTLS = openssl.NewGCMTLS
|
||||
+var NewSHA1 = openssl.NewSHA1
|
||||
+var NewSHA224 = openssl.NewSHA224
|
||||
+var NewSHA256 = openssl.NewSHA256
|
||||
+var NewSHA384 = openssl.NewSHA384
|
||||
+var NewSHA512 = openssl.NewSHA512
|
||||
+
|
||||
+var SHA1 = openssl.SHA1
|
||||
+var SHA224 = openssl.SHA224
|
||||
+var SHA256 = openssl.SHA256
|
||||
+var SHA384 = openssl.SHA384
|
||||
+var SHA512 = openssl.SHA512
|
||||
+
|
||||
+var NewHMAC = openssl.NewHMAC
|
||||
+
|
||||
+var NewAESCipher = openssl.NewAESCipher
|
||||
+
|
||||
+type PublicKeyECDSA = openssl.PublicKeyECDSA
|
||||
+type PrivateKeyECDSA = openssl.PrivateKeyECDSA
|
||||
+
|
||||
+var GenerateKeyECDSA = openssl.GenerateKeyECDSA
|
||||
+var NewPrivateKeyECDSA = openssl.NewPrivateKeyECDSA
|
||||
+var NewPublicKeyECDSA = openssl.NewPublicKeyECDSA
|
||||
+var SignMarshalECDSA = openssl.SignMarshalECDSA
|
||||
+var VerifyECDSA = openssl.VerifyECDSA
|
||||
+
|
||||
+type PublicKeyRSA = openssl.PublicKeyRSA
|
||||
+type PrivateKeyRSA = openssl.PrivateKeyRSA
|
||||
+
|
||||
+var DecryptRSAOAEP = openssl.DecryptRSAOAEP
|
||||
+var DecryptRSAPKCS1 = openssl.DecryptRSAPKCS1
|
||||
+var DecryptRSANoPadding = openssl.DecryptRSANoPadding
|
||||
+var EncryptRSAOAEP = openssl.EncryptRSAOAEP
|
||||
+var EncryptRSAPKCS1 = openssl.EncryptRSAPKCS1
|
||||
+var EncryptRSANoPadding = openssl.EncryptRSANoPadding
|
||||
+var GenerateKeyRSA = openssl.GenerateKeyRSA
|
||||
+var NewPrivateKeyRSA = openssl.NewPrivateKeyRSA
|
||||
+var NewPublicKeyRSA = openssl.NewPublicKeyRSA
|
||||
+var SignRSAPKCS1v15 = openssl.SignRSAPKCS1v15
|
||||
+var SignRSAPSS = openssl.SignRSAPSS
|
||||
+var VerifyRSAPKCS1v15 = openssl.VerifyRSAPKCS1v15
|
||||
+var VerifyRSAPSS = openssl.VerifyRSAPSS
|
||||
diff --git a/src/crypto/tls/boring.go b/src/crypto/tls/boring.go
|
||||
index 1827f76..239e6a2 100644
|
||||
--- a/src/crypto/tls/boring.go
|
||||
+++ b/src/crypto/tls/boring.go
|
||||
@@ -8,8 +8,15 @@ package tls
|
||||
|
||||
import (
|
||||
"crypto/internal/boring/fipstls"
|
||||
+ boring "crypto/internal/backend"
|
||||
)
|
||||
|
||||
+func init() {
|
||||
+ if boring.Enabled && !boring.ExecutingTest() {
|
||||
+ fipstls.Force()
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
// needFIPS returns fipstls.Required(); it avoids a new import in common.go.
|
||||
func needFIPS() bool {
|
||||
return fipstls.Required()
|
||||
diff --git a/src/crypto/tls/handshake_client_test.go b/src/crypto/tls/handshake_client_test.go
|
||||
index 380de9f..02b4ac8 100644
|
||||
--- a/src/crypto/tls/handshake_client_test.go
|
||||
+++ b/src/crypto/tls/handshake_client_test.go
|
||||
@@ -2135,6 +2135,7 @@ func testBuffering(t *testing.T, version uint16) {
|
||||
}
|
||||
|
||||
func TestAlertFlushing(t *testing.T) {
|
||||
+ t.Skip("unsupported in FIPS mode, different error returned")
|
||||
c, s := localPipe(t)
|
||||
done := make(chan bool)
|
||||
|
||||
diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
|
||||
index 141fdb9..71434f2 100644
|
||||
--- a/src/go/build/deps_test.go
|
||||
+++ b/src/go/build/deps_test.go
|
||||
@@ -414,19 +414,23 @@ var depsRules = `
|
||||
< crypto/internal/edwards25519
|
||||
< crypto/cipher;
|
||||
|
||||
- crypto/cipher,
|
||||
+ fmt, crypto/cipher,
|
||||
crypto/internal/boring/bcache
|
||||
< crypto/internal/boring
|
||||
+ < github.com/golang-fips/openssl-fips/openssl
|
||||
+ < crypto/internal/backend
|
||||
< crypto/boring
|
||||
< crypto/aes, crypto/des, crypto/hmac, crypto/md5, crypto/rc4,
|
||||
crypto/sha1, crypto/sha256, crypto/sha512
|
||||
< CRYPTO;
|
||||
|
||||
- CGO, fmt, net !< CRYPTO;
|
||||
+ CGO, net !< CRYPTO;
|
||||
|
||||
# CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok.
|
||||
CRYPTO, FMT, math/big, embed
|
||||
+ < github.com/golang-fips/openssl-fips/openssl/bbig
|
||||
< crypto/internal/boring/bbig
|
||||
+ < crypto/internal/backend/bbig
|
||||
< crypto/internal/randutil
|
||||
< crypto/rand
|
||||
< crypto/ed25519
|
||||
@@ -644,7 +648,7 @@ var buildIgnore = []byte("\n//go:build ignore")
|
||||
|
||||
func findImports(pkg string) ([]string, error) {
|
||||
vpkg := pkg
|
||||
- if strings.HasPrefix(pkg, "golang.org") {
|
||||
+ if strings.HasPrefix(pkg, "golang.org") || strings.HasPrefix(pkg, "github.com") {
|
||||
vpkg = "vendor/" + pkg
|
||||
}
|
||||
dir := filepath.Join(Default.GOROOT, "src", vpkg)
|
||||
@@ -654,7 +658,7 @@ func findImports(pkg string) ([]string, error) {
|
||||
}
|
||||
var imports []string
|
||||
var haveImport = map[string]bool{}
|
||||
- if pkg == "crypto/internal/boring" {
|
||||
+ if pkg == "crypto/internal/boring" || pkg == "github.com/golang-fips/openssl-fips/openssl" {
|
||||
haveImport["C"] = true // kludge: prevent C from appearing in crypto/internal/boring imports
|
||||
}
|
||||
fset := token.NewFileSet()
|
||||
diff --git a/src/runtime/runtime_boring.go b/src/runtime/runtime_boring.go
|
||||
index 5a98b20..dc25cdc 100644
|
||||
--- a/src/runtime/runtime_boring.go
|
||||
+++ b/src/runtime/runtime_boring.go
|
||||
@@ -17,3 +17,8 @@ func boring_runtime_arg0() string {
|
||||
|
||||
//go:linkname fipstls_runtime_arg0 crypto/internal/boring/fipstls.runtime_arg0
|
||||
func fipstls_runtime_arg0() string { return boring_runtime_arg0() }
|
||||
+
|
||||
+//go:linkname crypto_backend_runtime_arg0 crypto/internal/backend.runtime_arg0
|
||||
+func crypto_backend_runtime_arg0() string {
|
||||
+ return boring_runtime_arg0()
|
||||
+}
|
||||
\ No newline at end of file
|
File diff suppressed because it is too large
Load Diff
|
@ -1,53 +0,0 @@
|
|||
From 241192ecd31ca03a6f68fa7e55bb9f66040d3a2f Mon Sep 17 00:00:00 2001
|
||||
From: Lynn Boger <laboger@linux.vnet.ibm.com>
|
||||
Date: Thu, 14 Jul 2022 10:47:28 -0500
|
||||
Subject: [PATCH] cmd/link: use correct path for dynamic loader on ppc64le
|
||||
|
||||
The setting of the path for the dynamic loader when building for
|
||||
linux/ppc64le ELF v2 was incorrectly set to the path for
|
||||
PPC64 ELF v1. This has not caused issues in the common cases
|
||||
because this string can be set based on the default GO_LDSO setting.
|
||||
It does result in an incorrect value when cross compiling binaries
|
||||
with -buildmode=pie.
|
||||
|
||||
Updates #53813
|
||||
|
||||
Change-Id: I84de1c97b42e0434760b76a57c5a05e055fbb730
|
||||
---
|
||||
src/cmd/link/internal/ppc64/obj.go | 13 +++++++------
|
||||
1 file changed, 7 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/cmd/link/internal/ppc64/obj.go b/src/cmd/link/internal/ppc64/obj.go
|
||||
index b6d5ad92af..bca8fa9212 100644
|
||||
--- a/src/cmd/link/internal/ppc64/obj.go
|
||||
+++ b/src/cmd/link/internal/ppc64/obj.go
|
||||
@@ -38,9 +38,12 @@ import (
|
||||
)
|
||||
|
||||
func Init() (*sys.Arch, ld.Arch) {
|
||||
- arch := sys.ArchPPC64
|
||||
- if buildcfg.GOARCH == "ppc64le" {
|
||||
- arch = sys.ArchPPC64LE
|
||||
+ arch := sys.ArchPPC64LE
|
||||
+ dynld := "/lib64/ld64.so.2"
|
||||
+
|
||||
+ if buildcfg.GOARCH == "ppc64" {
|
||||
+ arch = sys.ArchPPC64
|
||||
+ dynld = "/lib64/ld64.so.1"
|
||||
}
|
||||
|
||||
theArch := ld.Arch{
|
||||
@@ -64,9 +67,7 @@ func Init() (*sys.Arch, ld.Arch) {
|
||||
Machoreloc1: machoreloc1,
|
||||
Xcoffreloc1: xcoffreloc1,
|
||||
|
||||
- // TODO(austin): ABI v1 uses /usr/lib/ld.so.1,
|
||||
- Linuxdynld: "/lib64/ld64.so.1",
|
||||
-
|
||||
+ Linuxdynld: dynld,
|
||||
Freebsddynld: "XXX",
|
||||
Openbsddynld: "XXX",
|
||||
Netbsddynld: "XXX",
|
||||
--
|
||||
2.35.3
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
|
||||
index 1d75287..2b99ea2 100644
|
||||
index 5f258a2..5dbbc42 100644
|
||||
--- a/src/crypto/internal/backend/nobackend.go
|
||||
+++ b/src/crypto/internal/backend/nobackend.go
|
||||
@@ -2,8 +2,8 @@
|
||||
|
@ -13,21 +13,6 @@ index 1d75287..2b99ea2 100644
|
|||
|
||||
package backend
|
||||
|
||||
diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
|
||||
index 4c327e0..6786c1f 100644
|
||||
--- a/src/crypto/internal/backend/openssl.go
|
||||
+++ b/src/crypto/internal/backend/openssl.go
|
||||
@@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
-//go:build linux && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl
|
||||
-// +build linux,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl
|
||||
+//go:build linux && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
||||
+// +build linux,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
||||
|
||||
// Package openssl provides access to OpenSSLCrypto implementation functions.
|
||||
// Check the variable Enabled to find out whether OpenSSLCrypto is available.
|
||||
diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
|
||||
index d6d99b1..f2fe332 100644
|
||||
--- a/src/crypto/internal/boring/goboringcrypto.h
|
||||
|
@ -82,7 +67,7 @@ index 0b61e79..94d0c98 100644
|
|||
package openssl
|
||||
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
|
||||
index eb63507..a3aeed1 100644
|
||||
index afec529..d822152 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
|
||||
@@ -2,8 +2,8 @@
|
||||
|
|
|
@ -1,36 +1,13 @@
|
|||
diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
|
||||
index da5b179..6a772df 100644
|
||||
index 36a20e8b2a..8c2dd1b44b 100644
|
||||
--- a/src/cmd/dist/test.go
|
||||
+++ b/src/cmd/dist/test.go
|
||||
@@ -1247,18 +1247,20 @@ func (t *tester) cgoTest(dt *distTest) error {
|
||||
fmt.Println("No support for static linking found (lacks libc.a?), skip cgo static linking test.")
|
||||
@@ -1125,7 +1125,7 @@ func (t *tester) registerCgoTests(heading string) {
|
||||
} else {
|
||||
if goos != "android" {
|
||||
- t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
|
||||
+ t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
|
||||
}
|
||||
t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), ".")
|
||||
t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external`, ".")
|
||||
if goos != "android" {
|
||||
- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
|
||||
+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
|
||||
+ /*
|
||||
t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
|
||||
// -static in CGO_LDFLAGS triggers a different code path
|
||||
// than -static in -extldflags, so test both.
|
||||
// See issue #16651.
|
||||
cmd := t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", ".")
|
||||
setEnv(cmd, "CGO_LDFLAGS", "-static -pthread")
|
||||
+ */
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1268,7 +1270,7 @@ func (t *tester) cgoTest(dt *distTest) error {
|
||||
t.addCmd(dt, "misc/cgo/test", t.goTest(), "-buildmode=pie", "-ldflags=-linkmode=internal", "-tags=internal,internal_pie", ".")
|
||||
}
|
||||
t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-buildmode=pie", ".")
|
||||
- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", ".")
|
||||
+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", "-tags=no_openssl")
|
||||
panic("unknown linkmode with static build: " + linkmode)
|
||||
}
|
||||
- gt.tags = append(gt.tags, "static")
|
||||
+ gt.tags = append(gt.tags, "static", "no_openssl")
|
||||
}
|
||||
}
|
||||
gt.ldflags = strings.Join(ldflags, " ")
|
||||
|
||||
|
|
|
@ -0,0 +1,172 @@
|
|||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
|
||||
index 56adf47bf6..9537870e3c 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
|
||||
@@ -22,22 +22,10 @@ var (
|
||||
type PublicKeyECDH struct {
|
||||
_pkey *C.GO_EVP_PKEY
|
||||
bytes []byte
|
||||
-
|
||||
- // priv is only set when PublicKeyECDH is derived from a private key,
|
||||
- // in which case priv's finalizer is responsible for freeing _pkey.
|
||||
- // This ensures priv is not finalized while the public key is alive,
|
||||
- // which could cause use-after-free and double-free behavior.
|
||||
- //
|
||||
- // We could avoid this altogether by using EVP_PKEY_up_ref
|
||||
- // when instantiating a derived public key, unfortunately
|
||||
- // it is not available on OpenSSL 1.0.2.
|
||||
- priv *PrivateKeyECDH
|
||||
}
|
||||
|
||||
func (k *PublicKeyECDH) finalize() {
|
||||
- if k.priv == nil {
|
||||
- C._goboringcrypto_EVP_PKEY_free(k._pkey)
|
||||
- }
|
||||
+ C._goboringcrypto_EVP_PKEY_free(k._pkey)
|
||||
}
|
||||
|
||||
type PrivateKeyECDH struct {
|
||||
@@ -58,7 +46,7 @@ func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
- k := &PublicKeyECDH{pkey, append([]byte(nil), bytes...), nil}
|
||||
+ k := &PublicKeyECDH{pkey, append([]byte(nil), bytes...)}
|
||||
runtime.SetFinalizer(k, (*PublicKeyECDH).finalize)
|
||||
return k, nil
|
||||
}
|
||||
@@ -87,14 +75,22 @@ func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) {
|
||||
var bytes []byte
|
||||
var cbytes *C.uchar
|
||||
|
||||
- n := C._goboringcrypto_EVP_PKEY_get1_encoded_ecdh_public_key(k._pkey, &cbytes)
|
||||
+ pkey := C._goboringcrypto_EVP_PKEY_ref(k._pkey)
|
||||
+ if pkey == nil {
|
||||
+ return nil, NewOpenSSLError("EVP_PKEY_ref")
|
||||
+ }
|
||||
+ defer func() {
|
||||
+ C._goboringcrypto_EVP_PKEY_free(pkey)
|
||||
+ }()
|
||||
+ n := C._goboringcrypto_EVP_PKEY_get1_encoded_ecdh_public_key(pkey, &cbytes)
|
||||
if n == 0 {
|
||||
return nil, NewOpenSSLError("EVP_PKEY_get1_encoded_ecdh_public_key")
|
||||
}
|
||||
bytes = C.GoBytes(unsafe.Pointer(cbytes), C.int(n))
|
||||
C.free(unsafe.Pointer(cbytes))
|
||||
|
||||
- pub := &PublicKeyECDH{k._pkey, bytes, k}
|
||||
+ pub := &PublicKeyECDH{pkey, bytes}
|
||||
+ pkey = nil
|
||||
runtime.SetFinalizer(pub, (*PublicKeyECDH).finalize)
|
||||
return pub, nil
|
||||
}
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
|
||||
index a900b3f9e7..03367d5520 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
|
||||
@@ -827,6 +827,9 @@ DEFINEFUNC(GO_EVP_PKEY *, EVP_PKEY_new, (void), ())
|
||||
DEFINEFUNC(void, EVP_PKEY_free, (GO_EVP_PKEY * arg0), (arg0))
|
||||
DEFINEFUNC(int, EVP_PKEY_set1_RSA, (GO_EVP_PKEY * arg0, GO_RSA *arg1), (arg0, arg1))
|
||||
DEFINEFUNC(int, EVP_PKEY_set1_EC_KEY, (GO_EVP_PKEY * arg0, GO_EC_KEY *arg1), (arg0, arg1))
|
||||
+DEFINEFUNC(const GO_EC_KEY *, EVP_PKEY_get0_EC_KEY, (const GO_EVP_PKEY *pkey), (pkey))
|
||||
+GO_EVP_PKEY *_goboringcrypto_EVP_PKEY_ref(GO_EVP_PKEY *pkey);
|
||||
+
|
||||
DEFINEFUNC(int, EVP_PKEY_verify,
|
||||
(EVP_PKEY_CTX *ctx, const unsigned char *sig, unsigned int siglen, const unsigned char *tbs, size_t tbslen),
|
||||
(ctx, sig, siglen, tbs, tbslen))
|
||||
@@ -1083,15 +1086,6 @@ enum {
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
DEFINEFUNC(int, EVP_PKEY_set1_encoded_public_key, (GO_EVP_PKEY *pkey, const unsigned char *pub, size_t publen), (pkey, pub, publen))
|
||||
DEFINEFUNC(size_t, EVP_PKEY_get1_encoded_public_key, (GO_EVP_PKEY *pkey, unsigned char **ppub), (pkey, ppub))
|
||||
-
|
||||
-DEFINEFUNC(const GO_EC_KEY *, EVP_PKEY_get0_EC_KEY, (const GO_EVP_PKEY *pkey), (pkey))
|
||||
-#else
|
||||
-DEFINEFUNCINTERNAL(void *, EVP_PKEY_get0, (const GO_EVP_PKEY *pkey), (pkey))
|
||||
-static const GO_EC_KEY *
|
||||
-_goboringcrypto_EVP_PKEY_get0_EC_KEY(const GO_EVP_PKEY *pkey)
|
||||
-{
|
||||
- return _goboringcrypto_internal_EVP_PKEY_get0(pkey);
|
||||
-}
|
||||
#endif
|
||||
|
||||
GO_EVP_PKEY *_goboringcrypto_EVP_PKEY_new_for_ecdh(int nid, const uint8_t *bytes, size_t len, int is_private);
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
|
||||
index 24a9615108..c6b23a984b 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
|
||||
@@ -5,6 +5,7 @@
|
||||
// +build !msan
|
||||
|
||||
#include "goopenssl.h"
|
||||
+#include <assert.h>
|
||||
|
||||
int _goboringcrypto_EVP_sign(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *msg,
|
||||
size_t msgLen, uint8_t *sig, size_t *slen,
|
||||
@@ -138,3 +139,52 @@ err:
|
||||
|
||||
return ret;
|
||||
}
|
||||
+
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
+DEFINEFUNCINTERNAL(int, EVP_PKEY_up_ref, (GO_EVP_PKEY *pkey), (pkey))
|
||||
+
|
||||
+GO_EVP_PKEY *
|
||||
+_goboringcrypto_EVP_PKEY_ref(GO_EVP_PKEY *pkey)
|
||||
+{
|
||||
+ if (_goboringcrypto_internal_EVP_PKEY_up_ref(pkey) != 1)
|
||||
+ return NULL;
|
||||
+
|
||||
+ return pkey;
|
||||
+}
|
||||
+
|
||||
+#else
|
||||
+GO_EVP_PKEY *
|
||||
+_goboringcrypto_EVP_PKEY_ref(GO_EVP_PKEY *pkey)
|
||||
+{
|
||||
+ GO_EVP_PKEY *result = NULL;
|
||||
+
|
||||
+ if (pkey->type != EVP_PKEY_EC && pkey->type != EVP_PKEY_RSA)
|
||||
+ return NULL;
|
||||
+
|
||||
+ result = _goboringcrypto_EVP_PKEY_new();
|
||||
+ if (!result)
|
||||
+ goto err;
|
||||
+
|
||||
+ switch (pkey->type) {
|
||||
+ case EVP_PKEY_EC:
|
||||
+ if (_goboringcrypto_EVP_PKEY_set1_EC_KEY(result, _goboringcrypto_EVP_PKEY_get0_EC_KEY()) != 1)
|
||||
+ goto err;
|
||||
+ break;
|
||||
+
|
||||
+ case EVP_PKEY_RSA:
|
||||
+ if (_goboringcrypto_EVP_PKEY_set1_RSA_KEY(result, _goboringcrypto_EVP_PKEY_get0_RSA_KEY()) != 1)
|
||||
+ goto err;
|
||||
+
|
||||
+ break;
|
||||
+
|
||||
+ default:
|
||||
+ assert(0);
|
||||
+ }
|
||||
+
|
||||
+ return result;
|
||||
+
|
||||
+err:
|
||||
+ _goboringcrypto_EVP_PKEY_free(result);
|
||||
+ return NULL;
|
||||
+}
|
||||
+#endif
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
|
||||
index 75ba7a8a59..1e016676a0 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
|
||||
@@ -116,7 +116,9 @@ func (k *PrivateKeyRSA) withKey(f func(*C.GO_RSA) C.int) C.int {
|
||||
|
||||
func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
|
||||
padding C.int, h hash.Hash, label []byte, saltLen int, ch crypto.Hash,
|
||||
- init func(*C.GO_EVP_PKEY_CTX) C.int) (pkey *C.GO_EVP_PKEY, ctx *C.GO_EVP_PKEY_CTX, err error) {
|
||||
+ init func(*C.GO_EVP_PKEY_CTX) C.int) (_ *C.GO_EVP_PKEY,_ *C.GO_EVP_PKEY_CTX, err error) {
|
||||
+ var pkey *C.GO_EVP_PKEY
|
||||
+ var ctx *C.GO_EVP_PKEY_CTX
|
||||
defer func() {
|
||||
if err != nil {
|
||||
if pkey != nil {
|
|
@ -0,0 +1,22 @@
|
|||
From eab9004c072200e58df83ab94678bda1faa7b229 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
|
||||
Date: Fri, 9 Feb 2024 20:06:16 +0100
|
||||
Subject: [PATCH] Set GOTOOLCHAIN to local
|
||||
|
||||
---
|
||||
go.env | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/go.env b/go.env
|
||||
index 6ff2b921d4..e87f6e7b6d 100644
|
||||
--- a/go.env
|
||||
+++ b/go.env
|
||||
@@ -9,4 +9,4 @@ GOSUMDB=sum.golang.org
|
||||
|
||||
# Automatically download newer toolchains as directed by go.mod files.
|
||||
# See https://go.dev/doc/toolchain for details.
|
||||
-GOTOOLCHAIN=auto
|
||||
+GOTOOLCHAIN=local
|
||||
--
|
||||
2.43.0
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
|
||||
index 6786c1f..5a330cf 100644
|
||||
--- a/src/crypto/internal/backend/openssl.go
|
||||
+++ b/src/crypto/internal/backend/openssl.go
|
||||
@@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
-//go:build linux && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
||||
-// +build linux,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
||||
+//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
||||
+// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
||||
|
||||
// Package openssl provides access to OpenSSLCrypto implementation functions.
|
||||
// Check the variable Enabled to find out whether OpenSSLCrypto is available.
|
|
@ -0,0 +1,15 @@
|
|||
diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go
|
||||
index 0853178e3a..16eb37734b 100644
|
||||
--- a/src/crypto/rsa/pkcs1v15_test.go
|
||||
+++ b/src/crypto/rsa/pkcs1v15_test.go
|
||||
@@ -247,6 +247,10 @@ func TestVerifyPKCS1v15(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestOverlongMessagePKCS1v15(t *testing.T) {
|
||||
+ // OpenSSL now returns a random string instead of an error
|
||||
+ if boring.Enabled() {
|
||||
+ t.Skip("Not relevant in boring mode")
|
||||
+ }
|
||||
ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==")
|
||||
_, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext)
|
||||
if err == nil {
|
|
@ -56,7 +56,7 @@
|
|||
%endif
|
||||
|
||||
# Controls what ever we fail on failed tests
|
||||
%ifarch x86_64 %{arm} aarch64 ppc64le
|
||||
%ifarch x86_64 %{arm} ppc64le s390x
|
||||
%global fail_on_tests 1
|
||||
%else
|
||||
%global fail_on_tests 0
|
||||
|
@ -69,12 +69,8 @@
|
|||
%global shared 0
|
||||
%endif
|
||||
|
||||
# Pre build std lib with -race enabled
|
||||
%ifarch x86_64
|
||||
%global race 1
|
||||
%else
|
||||
# Disabled due to 1.20 new cache usage, see 1.20 upstream release notes
|
||||
%global race 0
|
||||
%endif
|
||||
|
||||
%ifarch x86_64
|
||||
%global gohostarch amd64
|
||||
|
@ -95,20 +91,28 @@
|
|||
%global gohostarch s390x
|
||||
%endif
|
||||
|
||||
%global go_api 1.19
|
||||
%global version 1.19.1
|
||||
%global go_api 1.21
|
||||
%global version 1.21.9
|
||||
%global pkg_release 1
|
||||
|
||||
Name: golang
|
||||
Version: %{version}
|
||||
Release: 2%{?dist}
|
||||
Release: 1%{?dist}
|
||||
|
||||
Summary: The Go Programming Language
|
||||
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
|
||||
License: BSD and Public Domain
|
||||
URL: http://golang.org/
|
||||
Source0: https://github.com/golang/go/archive/refs/tags/go%{version}.tar.gz
|
||||
# Go's FIPS mode bindings are now provided as a standalone
|
||||
# module instead of in tree. This makes it easier to see
|
||||
# the actual changes vs upstream Go. The module source is
|
||||
# located at https://github.com/golang-fips/openssl-fips,
|
||||
# And pre-genetated patches to set up the module for a given
|
||||
# Go release are located at https://github.com/golang-fips/go.
|
||||
Source1: https://github.com/golang-fips/go/archive/refs/tags/go%{version}-%{pkg_release}-openssl-fips.tar.gz
|
||||
# make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
|
||||
Source1: fedora.go
|
||||
Source2: fedora.go
|
||||
|
||||
# The compiler is written in Go. Needs go(1.4+) compiler for build.
|
||||
# Actual Go based bootstrap compiler provided by above source.
|
||||
|
@ -133,19 +137,16 @@ Requires: %{name}-src = %{version}-%{release}
|
|||
Requires: openssl-devel
|
||||
Requires: diffutils
|
||||
|
||||
|
||||
# Proposed patch by jcajka https://golang.org/cl/86541
|
||||
Patch221: fix_TestScript_list_std.patch
|
||||
Patch229: fix-memleak-setupRSA.patch
|
||||
|
||||
Patch1939923: skip_test_rhbz1939923.patch
|
||||
|
||||
Patch0: 000-initial-setup.patch
|
||||
Patch1: 001-initial-openssl-for-fips.patch
|
||||
Patch2: disable_static_tests_part1.patch
|
||||
Patch3: disable_static_tests_part2.patch
|
||||
Patch4: openssl_cgo_build_tag.patch
|
||||
|
||||
Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
|
||||
Patch2: disable_static_tests_part1.patch
|
||||
Patch3: disable_static_tests_part2.patch
|
||||
Patch4: skip-test-overlong-message.patch
|
||||
Patch5: modify_go.env.patch
|
||||
|
||||
# Having documentation separate was broken
|
||||
Obsoletes: %{name}-docs < 1.1-4
|
||||
|
@ -153,6 +154,9 @@ Obsoletes: %{name}-docs < 1.1-4
|
|||
# RPM can't handle symlink -> dir with subpackages, so merge back
|
||||
Obsoletes: %{name}-data < 1.1.1-4
|
||||
|
||||
# We don't build golang-race anymore, rhbz#2230599
|
||||
Obsoletes: golang-race < 1.20.0
|
||||
|
||||
# These are the only RHEL/Fedora architectures that we compile this package for
|
||||
ExclusiveArch: %{golang_arches}
|
||||
|
||||
|
@ -234,20 +238,26 @@ Requires: %{name} = %{version}-%{release}
|
|||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q -n go-go1.19.1
|
||||
%setup -q -n go-go%{version}
|
||||
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
pushd ..
|
||||
tar -xf %{SOURCE1}
|
||||
popd
|
||||
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
|
||||
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
|
||||
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch
|
||||
|
||||
%patch221 -p1
|
||||
# Configure crypto tests
|
||||
pushd ../go-go%{version}-%{pkg_release}-openssl-fips
|
||||
ln -s ../go-go%{version} go
|
||||
./scripts/configure-crypto-tests.sh
|
||||
popd
|
||||
|
||||
%patch1939923 -p1
|
||||
%patch227 -p1
|
||||
%autopatch -p1
|
||||
|
||||
cp %{SOURCE1} ./src/runtime/
|
||||
sed -i '1s/$/ (%{?rhel:Red Hat} %{version}-%{release})/' VERSION
|
||||
|
||||
cp %{SOURCE2} ./src/runtime/
|
||||
|
||||
%build
|
||||
set -xe
|
||||
|
@ -316,7 +326,7 @@ rm -rf pkg/bootstrap/bin
|
|||
|
||||
# install everything into libdir (until symlink problems are fixed)
|
||||
# https://code.google.com/p/go/issues/detail?id=5830
|
||||
cp -apv api bin doc lib pkg src misc test VERSION \
|
||||
cp -apv api bin doc lib pkg src misc test go.env VERSION \
|
||||
$RPM_BUILD_ROOT%{goroot}
|
||||
|
||||
# bz1099206
|
||||
|
@ -329,12 +339,11 @@ cwd=$(pwd)
|
|||
src_list=$cwd/go-src.list
|
||||
pkg_list=$cwd/go-pkg.list
|
||||
shared_list=$cwd/go-shared.list
|
||||
race_list=$cwd/go-race.list
|
||||
misc_list=$cwd/go-misc.list
|
||||
docs_list=$cwd/go-docs.list
|
||||
tests_list=$cwd/go-tests.list
|
||||
rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list
|
||||
touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list
|
||||
rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list
|
||||
touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list
|
||||
pushd $RPM_BUILD_ROOT%{goroot}
|
||||
find src/ -type d -a \( ! -name testdata -a ! -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $src_list
|
||||
find src/ ! -type d -a \( ! -ipath '*/testdata/*' -a ! -name '*_test*.go' \) -printf '%{goroot}/%p\n' >> $src_list
|
||||
|
@ -365,13 +374,6 @@ pushd $RPM_BUILD_ROOT%{goroot}
|
|||
find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
|
||||
%endif
|
||||
|
||||
%if %{race}
|
||||
|
||||
find pkg/*_race/ -type d -printf '%%%dir %{goroot}/%p\n' >> $race_list
|
||||
find pkg/*_race/ ! -type d -printf '%{goroot}/%p\n' >> $race_list
|
||||
|
||||
%endif
|
||||
|
||||
find test/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
|
||||
find test/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
|
||||
find src/ -type d -a \( -name testdata -o -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $tests_list
|
||||
|
@ -509,16 +511,95 @@ cd ..
|
|||
%files -f go-pkg.list bin
|
||||
%{_bindir}/go
|
||||
%{_bindir}/gofmt
|
||||
%{goroot}/go.env
|
||||
|
||||
%if %{shared}
|
||||
%files -f go-shared.list shared
|
||||
%endif
|
||||
|
||||
%if %{race}
|
||||
%files -f go-race.list race
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Apr 12 2024 David Benoit <dbenoit@redhat.com> - 1.21.9-1
|
||||
- Fix CVE-2023-45288
|
||||
- Resolves: RHEL-31915
|
||||
|
||||
* Mon Apr 1 2024 Archana Ravindar <aravinda@redhat.com> - 1.21.7-2
|
||||
- Fix CVE-2024-1394
|
||||
- Resolves RHEL-24300
|
||||
|
||||
* Tue Feb 13 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
|
||||
- Rebase to Go 1.21.7
|
||||
- Add release information
|
||||
- Set GOTOOLCHAIN to local
|
||||
- Skip TestOverlongMessagePKCS1v15
|
||||
- Resolves: RHEL-24082
|
||||
- Resolves: RHEL-18363
|
||||
- Resolves: RHEL-18382
|
||||
|
||||
* Wed Nov 08 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-4
|
||||
- Do not remove GOPROXY/GOSUMDB
|
||||
- Related: RHEL-12620
|
||||
|
||||
* Thu Nov 02 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-3
|
||||
- Fix go.env in Go 1.21
|
||||
- Related: RHEL-12620
|
||||
|
||||
* Tue Oct 31 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-2
|
||||
- Rebase disable_static_tests_part2.patch to Go 1.21.3
|
||||
- Add missing strict fips runtime detection patch
|
||||
- Temporarily disable FIPS tests on aarch64 due to builder kernel bugs
|
||||
- Remove fix-memory-leak patch as it is fixed upstream
|
||||
- Resolves: RHEL-12620
|
||||
|
||||
* Fri Oct 20 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-1
|
||||
- Rebase Go to 1.21.3
|
||||
- Resolves: RHEL-12620
|
||||
|
||||
* Mon Aug 14 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-2
|
||||
- Retire golang-race package
|
||||
- Resolves: rhbz#2230599
|
||||
|
||||
* Tue Jul 25 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-1
|
||||
- Rebase to Go 1.20.6
|
||||
- Resolves: rhbz#2217596
|
||||
|
||||
* Mon May 29 2023 Alejandro Sáez <asm@redhat.com> - 1.20.4-1
|
||||
- Rebase to Go 1.20.4
|
||||
- Resolves: rhbz#2204474
|
||||
|
||||
* Tue Apr 11 2023 David Benoit <dbenoit@redhat.com> - 1.20.3-1
|
||||
- Rebase to Go 1.20.3
|
||||
- Remove race archives
|
||||
- Update static tests patches
|
||||
- Resolves: rhbz#2185260
|
||||
|
||||
* Tue Jan 3 2023 David Benoit <dbenoit@redhat.com> - 1.19.4-2
|
||||
- Fix memory leaks in EVP_{sign,verify}_raw
|
||||
- Resolves: rhbz#2132767
|
||||
|
||||
* Wed Dec 21 2022 David Benoit <dbenoit@redhat.com> - 1.19.4-1
|
||||
- Rebase to Go 1.19.4
|
||||
- Fix ppc64le linker issue
|
||||
- Remove defunct patches
|
||||
- Remove downstream generated FIPS mode patches
|
||||
- Add golang-fips/go as the source for FIPS mode patches
|
||||
- Resolves: rhbz#2144542
|
||||
|
||||
* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-4
|
||||
- Enable big endian support in FIPS mode
|
||||
- Resolves: rhbz#1969844
|
||||
|
||||
* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-3
|
||||
- Restore old HashSign/HashVerify API
|
||||
- Resolves: rhbz#2132730
|
||||
|
||||
* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-2
|
||||
- Add support for 4096 bit keys in x509
|
||||
- Resolves: rhbz#2132694
|
||||
|
||||
* Thu Oct 13 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-1
|
||||
- Rebase to Go 1.19.2
|
||||
- Resolves: rhbz#2132730
|
||||
|
||||
* Wed Sep 14 2022 David Benoit <dbenoit@redhat.com> - 1.19.1-2
|
||||
- Rebase to Go 1.19.1
|
||||
- Resolves: rhbz#2131026
|
||||
|
|
Loading…
Reference in New Issue