From 159b5fedf5e5dd6cca1bd6a0d9f0aee30ca98da8 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jan 06 2023 06:14:41 +0000
Subject: import golang-1.19.4-2.module+el8.8.0+17709+252fe516


---

diff --git a/SOURCES/fix-memory-leak-evp-sign-verify.patch b/SOURCES/fix-memory-leak-evp-sign-verify.patch
new file mode 100644
index 0000000..ef231bf
--- /dev/null
+++ b/SOURCES/fix-memory-leak-evp-sign-verify.patch
@@ -0,0 +1,48 @@
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+index 2124978..1f853b4 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+@@ -44,7 +44,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
+                              GO_RSA *rsa_key) {
+   int ret = 0;
+   GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
+-  _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
++  if (!pk)
++    return 0;
++
++  if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
++    goto err;
+ 
+   if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
+     goto err;
+@@ -64,6 +68,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
+ err:
+   if (ctx)
+     _goboringcrypto_EVP_PKEY_CTX_free(ctx);
++  if (pk)
++    _goboringcrypto_EVP_PKEY_free(pk);
+ 
+   return ret;
+ }
+@@ -104,7 +110,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
+   int ret = 0;
+   EVP_PKEY_CTX *ctx;
+   GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
+-  _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
++  if (!pk)
++    return 0;
++
++  if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
++    goto err;
+ 
+   if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
+     goto err;
+@@ -124,6 +134,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
+ err:
+   if (ctx)
+     _goboringcrypto_EVP_PKEY_CTX_free(ctx);
++  if (pk)
++    _goboringcrypto_EVP_PKEY_free(pk);
+ 
+   return ret;
+ }
diff --git a/SPECS/golang.spec b/SPECS/golang.spec
index 87abaa8..eb60a6d 100644
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@@ -101,7 +101,7 @@
 
 Name:           golang
 Version:        %{version}
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@@ -150,6 +150,7 @@ Patch2: 	disable_static_tests_part1.patch
 Patch3: 	disable_static_tests_part2.patch
 Patch4:		ppc64le-internal-linker-fix.patch
 Patch5:		fix-test-1024-leaf-certs.patch
+Patch6:		fix-memory-leak-evp-sign-verify.patch
 
 Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
 
@@ -252,6 +253,7 @@ patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-o
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 %patch221 -p1
 
@@ -530,6 +532,10 @@ cd ..
 %endif
 
 %changelog
+* Tue Jan 3 2023 David Benoit <dbenoit@redhat.com> - 1.19.4-2
+- Fix memory leaks in EVP_{sign,verify}_raw
+- Resolves: rhbz#2132767
+
 * Wed Dec 21 2022 David Benoit <dbenoit@redhat.com> - 1.19.4-1
 - Rebase to Go 1.19.4
 - Fix ppc64le linker issue