diff --git a/SOURCES/fix-memory-leak-evp-sign-verify.patch b/SOURCES/fix-memory-leak-evp-sign-verify.patch new file mode 100644 index 0000000..ef231bf --- /dev/null +++ b/SOURCES/fix-memory-leak-evp-sign-verify.patch @@ -0,0 +1,48 @@ +diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c +index 2124978..1f853b4 100644 +--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c ++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c +@@ -44,7 +44,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m + GO_RSA *rsa_key) { + int ret = 0; + GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new(); +- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key); ++ if (!pk) ++ return 0; ++ ++ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key))) ++ goto err; + + if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL))) + goto err; +@@ -64,6 +68,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m + err: + if (ctx) + _goboringcrypto_EVP_PKEY_CTX_free(ctx); ++ if (pk) ++ _goboringcrypto_EVP_PKEY_free(pk); + + return ret; + } +@@ -104,7 +110,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen, + int ret = 0; + EVP_PKEY_CTX *ctx; + GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new(); +- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key); ++ if (!pk) ++ return 0; ++ ++ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key))) ++ goto err; + + if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL))) + goto err; +@@ -124,6 +134,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen, + err: + if (ctx) + _goboringcrypto_EVP_PKEY_CTX_free(ctx); ++ if (pk) ++ _goboringcrypto_EVP_PKEY_free(pk); + + return ret; + } diff --git a/SPECS/golang.spec b/SPECS/golang.spec index 87abaa8..eb60a6d 100644 --- a/SPECS/golang.spec +++ b/SPECS/golang.spec @@ -101,7 +101,7 @@ Name: golang Version: %{version} -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Go Programming Language # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain License: BSD and Public Domain @@ -150,6 +150,7 @@ Patch2: disable_static_tests_part1.patch Patch3: disable_static_tests_part2.patch Patch4: ppc64le-internal-linker-fix.patch Patch5: fix-test-1024-leaf-certs.patch +Patch6: fix-memory-leak-evp-sign-verify.patch Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch @@ -252,6 +253,7 @@ patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-o %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %patch221 -p1 @@ -530,6 +532,10 @@ cd .. %endif %changelog +* Tue Jan 3 2023 David Benoit - 1.19.4-2 +- Fix memory leaks in EVP_{sign,verify}_raw +- Resolves: rhbz#2132767 + * Wed Dec 21 2022 David Benoit - 1.19.4-1 - Rebase to Go 1.19.4 - Fix ppc64le linker issue