Update to Go 1.20.7 and fix memory leak

golang-fips · Aug 9, 2023 · a4cac33 · a4cac33
1 parent 96c76ab
commit a4cac33
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 21 deletions.
diff --git a/config/versions.json b/config/versions.json
@@ -1,5 +1,5 @@
 {
     "github.com/golang-fips/go": "go1.20-fips-release",
-    "github.com/golang-fips/openssl-fips": "9051f24728fe7141015889776bc44949c2b4cf1e",
-    "github.com/golang/go": "go1.20.6"
+    "github.com/golang-fips/openssl-fips": "b175be2ccd46683a51cba60a9a2087b09593317d",
+    "github.com/golang/go": "go1.20.7"
 }
diff --git a/patches/001-initial-openssl-for-fips.patch b/patches/001-initial-openssl-for-fips.patch
@@ -2348,24 +2348,24 @@ index 8734dd03c1..22a104f338 100644
  	} else {
  		testCurve = elliptic.P384()
 diff --git a/src/go.mod b/src/go.mod
-index 4697da201c..a3891edd78 100644
+index 4697da201c..791a04b0e5 100644
 --- a/src/go.mod
 +++ b/src/go.mod
 @@ -3,6 +3,7 @@ module std
  go 1.20
 
  require (
-+	github.com/golang-fips/openssl-fips v0.0.0-20230714114059-9051f24728fe
++	github.com/golang-fips/openssl-fips v0.0.0-20230801192317-b175be2ccd46
  	golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a
  	golang.org/x/net v0.4.1-0.20230214201333-88ed8ca3307d
  )
 diff --git a/src/go.sum b/src/go.sum
-index 625f2070b3..2e984ad481 100644
+index 625f2070b3..8cbd8cfb33 100644
 --- a/src/go.sum
 +++ b/src/go.sum
 @@ -1,3 +1,5 @@
-+github.com/golang-fips/openssl-fips v0.0.0-20230714114059-9051f24728fe h1:Zr44HT3VYwYIkT72fyvaqWZN+sO2Saw++e+6PaXapN0=
-+github.com/golang-fips/openssl-fips v0.0.0-20230714114059-9051f24728fe/go.mod h1:V2IU8imz/VkScnIbTOrdYsZ5R88ZFypCE0LzhRJ3HsI=
++github.com/golang-fips/openssl-fips v0.0.0-20230801192317-b175be2ccd46 h1:1oaM7kpYYlqwc6sIROINgj5fUW4CGZGEBwfzIc+TnJI=
++github.com/golang-fips/openssl-fips v0.0.0-20230801192317-b175be2ccd46/go.mod h1:V2IU8imz/VkScnIbTOrdYsZ5R88ZFypCE0LzhRJ3HsI=
  golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a h1:diz9pEYuTIuLMJLs3rGDkeaTsNyRs6duYdFyPAxzE/U=
  golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
  golang.org/x/net v0.4.1-0.20230214201333-88ed8ca3307d h1:KHU/KRz6+/yWyRHEC24m7T5gou5VSh62duch955ktBY=
@@ -3539,7 +3539,7 @@ index 0000000000..a900b3f9e7
 +#endif
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +DEFINEFUNC(void, CRYPTO_set_locking_callback,
-+	(void (*locking_function)(int mode, int n, const char *file, int line)), 
++	(void (*locking_function)(int mode, int n, const char *file, int line)),
 +	(locking_function))
 +#else
 +static inline void
@@ -3916,11 +3916,11 @@ index 0000000000..a900b3f9e7
 +DEFINEFUNC(int, ECDSA_do_verify, (const uint8_t *arg0, size_t arg1, const GO_ECDSA_SIG *arg2, GO_EC_KEY *arg3), (arg0, arg1, arg2, arg3))
 +DEFINEFUNC(size_t, ECDSA_size, (const GO_EC_KEY *arg0), (arg0))
 +
-+DEFINEFUNCINTERNAL(int, ECDSA_sign, 
++DEFINEFUNCINTERNAL(int, ECDSA_sign,
 +	(int type, const unsigned char *dgst, size_t dgstlen, unsigned char *sig, unsigned int *siglen, EC_KEY *eckey),
 +	(type, dgst, dgstlen, sig, siglen, eckey))
 +
-+DEFINEFUNCINTERNAL(int, ECDSA_verify, 
++DEFINEFUNCINTERNAL(int, ECDSA_verify,
 +	(int type, const unsigned char *dgst, size_t dgstlen, const unsigned char *sig, unsigned int siglen, EC_KEY *eckey),
 +	(type, dgst, dgstlen, sig, siglen, eckey))
 +
@@ -4131,7 +4131,7 @@ index 0000000000..a900b3f9e7
 +DEFINEFUNCINTERNAL(void, RSA_get0_factors,
 +		   (const GO_RSA *rsa, const GO_BIGNUM **p, const GO_BIGNUM **q),
 +		   (rsa, p, q))
-+static inline void 
++static inline void
 +_goboringcrypto_RSA_get0_factors(const GO_RSA *rsa, const GO_BIGNUM **p, const GO_BIGNUM **q) {
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +	if (p)
@@ -4146,7 +4146,7 @@ index 0000000000..a900b3f9e7
 +DEFINEFUNCINTERNAL(void, RSA_get0_key,
 +		   (const GO_RSA *rsa, const GO_BIGNUM **n, const GO_BIGNUM **e, const GO_BIGNUM **d),
 +		   (rsa, n, e, d))
-+static inline void 
++static inline void
 +_goboringcrypto_RSA_get0_key(const GO_RSA *rsa, const GO_BIGNUM **n, const GO_BIGNUM **e, const GO_BIGNUM **d) {
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +	if (n)
@@ -4281,9 +4281,9 @@ index 0000000000..a900b3f9e7
 +
 +static inline int
 +_goboringcrypto_EVP_PKEY_CTX_set_rsa_pss_saltlen(GO_EVP_PKEY_CTX * arg0, int arg1) {
-+	return _goboringcrypto_EVP_PKEY_CTX_ctrl(arg0, EVP_PKEY_RSA, 
-+		(EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), 
-+		EVP_PKEY_CTRL_RSA_PSS_SALTLEN, 
++	return _goboringcrypto_EVP_PKEY_CTX_ctrl(arg0, EVP_PKEY_RSA,
++		(EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY),
++		EVP_PKEY_CTRL_RSA_PSS_SALTLEN,
 +		arg1, NULL);
 +}
 +
@@ -5246,10 +5246,10 @@ index 0000000000..714d18f1e8
 +}
 diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
 new file mode 100644
-index 0000000000..76bac5bc01
+index 0000000000..24a9615108
 --- /dev/null
 +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
-@@ -0,0 +1,128 @@
+@@ -0,0 +1,140 @@
 +// +build linux
 +// +build !android
 +// +build !no_openssl
@@ -5295,7 +5295,11 @@ index 0000000000..76bac5bc01
 +                             GO_RSA *rsa_key) {
 +  int ret = 0;
 +  GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
-+  _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
++  if (!pk)
++    return 0;
++
++  if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
++    goto err;
 +
 +  if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
 +    goto err;
@@ -5315,6 +5319,8 @@ index 0000000000..76bac5bc01
 +err:
 +  if (ctx)
 +    _goboringcrypto_EVP_PKEY_CTX_free(ctx);
++  if (pk)
++    _goboringcrypto_EVP_PKEY_free(pk);
 +
 +  return ret;
 +}
@@ -5355,7 +5361,11 @@ index 0000000000..76bac5bc01
 +  int ret = 0;
 +  EVP_PKEY_CTX *ctx;
 +  GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
-+  _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
++  if (!pk)
++    return 0;
++
++  if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
++    goto err;
 +
 +  if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
 +    goto err;
@@ -5375,6 +5385,8 @@ index 0000000000..76bac5bc01
 +err:
 +  if (ctx)
 +    _goboringcrypto_EVP_PKEY_CTX_free(ctx);
++  if (pk)
++    _goboringcrypto_EVP_PKEY_free(pk);
 +
 +  return ret;
 +}
@@ -7152,11 +7164,11 @@ index cf82f3f64f..0b55cedc91 100644
 
  type sha512Ctx struct {
 diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
-index 89a7c86c41..f4f12ecee2 100644
+index 89a7c86c41..ced961d73d 100644
 --- a/src/vendor/modules.txt
 +++ b/src/vendor/modules.txt
 @@ -1,3 +1,6 @@
-+# github.com/golang-fips/openssl-fips v0.0.0-20230714114059-9051f24728fe
++# github.com/golang-fips/openssl-fips v0.0.0-20230801192317-b175be2ccd46
 +## explicit; go 1.18
 +github.com/golang-fips/openssl-fips/openssl
  # golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a