diff --git a/.gitignore b/.gitignore index a08f77a..c5f42e5 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/go1.18.0-1-openssl-fips.tar.gz +SOURCES/go1.18.2-1-openssl-fips.tar.gz diff --git a/.golang.metadata b/.golang.metadata index 46de8e5..76efea9 100644 --- a/.golang.metadata +++ b/.golang.metadata @@ -1 +1 @@ -c1c1dfe3d4fd1c653f0a4eeeb01e2a07d3d06b1c SOURCES/go1.18.0-1-openssl-fips.tar.gz +2982f1fe39b59089eab5469bb6b3bb9f462abe45 SOURCES/go1.18.2-1-openssl-fips.tar.gz diff --git a/SOURCES/relax_sha1_restriction.patch b/SOURCES/relax_sha1_restriction.patch deleted file mode 100644 index a620b27..0000000 --- a/SOURCES/relax_sha1_restriction.patch +++ /dev/null @@ -1,224 +0,0 @@ -diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go -index 98778fe..71ab62a 100644 ---- a/src/crypto/x509/verify.go -+++ b/src/crypto/x509/verify.go -@@ -736,6 +736,9 @@ func (c *Certificate) isValid(certType int, currentChain []*Certificate, opts *V - // list. (While this is not specified, it is common practice in order to limit - // the types of certificates a CA can issue.) - // -+// Certificates that use SHA1WithRSA and ECDSAWithSHA1 signatures are not supported, -+// and will not be used to build chains. -+// - // WARNING: this function doesn't do any revocation checking. - func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err error) { - // Platform-specific verification needs the ASN.1 contents so -diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go -index 47be77d..85720b3 100644 ---- a/src/crypto/x509/x509.go -+++ b/src/crypto/x509/x509.go -@@ -184,13 +184,13 @@ const ( - - MD2WithRSA // Unsupported. - MD5WithRSA // Only supported for signing, not verification. -- SHA1WithRSA // Only supported for signing, not verification. -+ SHA1WithRSA // Only supported for signing, and verification of CRLs, CSRs, and OCSP responses. - SHA256WithRSA - SHA384WithRSA - SHA512WithRSA - DSAWithSHA1 // Unsupported. - DSAWithSHA256 // Unsupported. -- ECDSAWithSHA1 // Only supported for signing, not verification. -+ ECDSAWithSHA1 // Only supported for signing, and verification of CRLs, CSRs, and OCSP responses. - ECDSAWithSHA256 - ECDSAWithSHA384 - ECDSAWithSHA512 -@@ -770,7 +770,7 @@ func (c *Certificate) hasSANExtension() bool { - } - - // CheckSignatureFrom verifies that the signature on c is a valid signature --// from parent. -+// from parent. SHA1WithRSA and ECDSAWithSHA1 signatures are not supported. - func (c *Certificate) CheckSignatureFrom(parent *Certificate) error { - // RFC 5280, 4.2.1.9: - // "If the basic constraints extension is not present in a version 3 -@@ -792,13 +792,13 @@ func (c *Certificate) CheckSignatureFrom(parent *Certificate) error { - - // TODO(agl): don't ignore the path length constraint. - -- return parent.CheckSignature(c.SignatureAlgorithm, c.RawTBSCertificate, c.Signature) -+ return checkSignature(c.SignatureAlgorithm, c.RawTBSCertificate, c.Signature, parent.PublicKey, debugAllowSHA1) - } - - // CheckSignature verifies that signature is a valid signature over signed from - // c's public key. - func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) error { -- return checkSignature(algo, signed, signature, c.PublicKey) -+ return checkSignature(algo, signed, signature, c.PublicKey, true) - } - - func (c *Certificate) hasNameConstraints() bool { -@@ -818,9 +818,9 @@ func signaturePublicKeyAlgoMismatchError(expectedPubKeyAlgo PublicKeyAlgorithm, - return fmt.Errorf("x509: signature algorithm specifies an %s public key, but have public key of type %T", expectedPubKeyAlgo.String(), pubKey) - } - --// CheckSignature verifies that signature is a valid signature over signed from -+// checkSignature verifies that signature is a valid signature over signed from - // a crypto.PublicKey. --func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey) (err error) { -+func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey, allowSHA1 bool) (err error) { - var hashType crypto.Hash - var pubKeyAlgo PublicKeyAlgorithm - -@@ -839,7 +839,7 @@ func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey - case crypto.MD5: - return InsecureAlgorithmError(algo) - case crypto.SHA1: -- if !debugAllowSHA1 { -+ if !allowSHA1 { - return InsecureAlgorithmError(algo) - } - fallthrough -@@ -1599,11 +1599,11 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv - // Check the signature to ensure the crypto.Signer behaved correctly. - sigAlg := getSignatureAlgorithmFromAI(signatureAlgorithm) - switch sigAlg { -- case MD5WithRSA, SHA1WithRSA, ECDSAWithSHA1: -+ case MD5WithRSA: - // We skip the check if the signature algorithm is only supported for - // signing, not verification. - default: -- if err := checkSignature(sigAlg, c.Raw, signature, key.Public()); err != nil { -+ if err := checkSignature(sigAlg, c.Raw, signature, key.Public(), true); err != nil { - return nil, fmt.Errorf("x509: signature over certificate returned by signer is invalid: %w", err) - } - } -@@ -2082,7 +2082,7 @@ func parseCertificateRequest(in *certificateRequest) (*CertificateRequest, error - - // CheckSignature reports whether the signature on c is valid. - func (c *CertificateRequest) CheckSignature() error { -- return checkSignature(c.SignatureAlgorithm, c.RawTBSCertificateRequest, c.Signature, c.PublicKey) -+ return checkSignature(c.SignatureAlgorithm, c.RawTBSCertificateRequest, c.Signature, c.PublicKey, true) - } - - // RevocationList contains the fields used to create an X.509 v2 Certificate -diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go -index f3e2a77..d31f70d 100644 ---- a/src/crypto/x509/x509_test.go -+++ b/src/crypto/x509/x509_test.go -@@ -13,6 +13,7 @@ import ( - "crypto/elliptic" - "crypto/rand" - "crypto/rsa" -+ "crypto/boring" - _ "crypto/sha256" - _ "crypto/sha512" - "crypto/x509/pkix" -@@ -2940,30 +2941,15 @@ func TestCreateCertificateBrokenSigner(t *testing.T) { - } - - func TestCreateCertificateLegacy(t *testing.T) { -- ecdsaPriv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) -- if err != nil { -- t.Fatalf("Failed to generate ECDSA key: %s", err) -+ sigAlg := MD5WithRSA -+ template := &Certificate{ -+ SerialNumber: big.NewInt(10), -+ DNSNames: []string{"example.com"}, -+ SignatureAlgorithm: sigAlg, - } -- -- for _, sigAlg := range []SignatureAlgorithm{ -- MD5WithRSA, SHA1WithRSA, ECDSAWithSHA1, -- } { -- template := &Certificate{ -- SerialNumber: big.NewInt(10), -- DNSNames: []string{"example.com"}, -- SignatureAlgorithm: sigAlg, -- } -- var k crypto.Signer -- switch sigAlg { -- case MD5WithRSA, SHA1WithRSA: -- k = testPrivateKey -- case ECDSAWithSHA1: -- k = ecdsaPriv -- } -- _, err := CreateCertificate(rand.Reader, template, template, k.Public(), &brokenSigner{k.Public()}) -- if err != nil { -- t.Fatalf("CreateCertificate failed when SignatureAlgorithm = %v: %s", sigAlg, err) -- } -+ _, err := CreateCertificate(rand.Reader, template, template, testPrivateKey.Public(), &brokenSigner{testPrivateKey.Public()}) -+ if err != nil { -+ t.Fatalf("CreateCertificate failed when SignatureAlgorithm = %v: %s", sigAlg, err) - } - } - -@@ -3364,3 +3350,69 @@ func TestLargeOID(t *testing.T) { - t.Fatalf("ParseCertificate to failed to parse certificate with large OID: %s", err) - } - } -+ -+func TestDisableSHA1ForCertOnly(t *testing.T) { -+ if boring.Enabled() { -+ t.Skip("not supported in boring mode") -+ } -+ defer func(old bool) { debugAllowSHA1 = old }(debugAllowSHA1) -+ debugAllowSHA1 = false -+ -+ tmpl := &Certificate{ -+ SerialNumber: big.NewInt(1), -+ NotBefore: time.Now().Add(-time.Hour), -+ NotAfter: time.Now().Add(time.Hour), -+ SignatureAlgorithm: SHA1WithRSA, -+ BasicConstraintsValid: true, -+ IsCA: true, -+ KeyUsage: KeyUsageCertSign | KeyUsageCRLSign, -+ } -+ certDER, err := CreateCertificate(rand.Reader, tmpl, tmpl, rsaPrivateKey.Public(), rsaPrivateKey) -+ if err != nil { -+ t.Fatalf("failed to generate test cert: %s", err) -+ } -+ cert, err := ParseCertificate(certDER) -+ if err != nil { -+ t.Fatalf("failed to parse test cert: %s", err) -+ } -+ -+ err = cert.CheckSignatureFrom(cert) -+ if err == nil { -+ t.Error("expected CheckSignatureFrom to fail") -+ } else if _, ok := err.(InsecureAlgorithmError); !ok { -+ t.Errorf("expected InsecureAlgorithmError error, got %T", err) -+ } -+ -+ crlDER, err := CreateRevocationList(rand.Reader, &RevocationList{ -+ SignatureAlgorithm: SHA1WithRSA, -+ Number: big.NewInt(1), -+ ThisUpdate: time.Now().Add(-time.Hour), -+ NextUpdate: time.Now().Add(time.Hour), -+ }, cert, rsaPrivateKey) -+ if err != nil { -+ t.Fatalf("failed to generate test CRL: %s", err) -+ } -+ // TODO(rolandshoemaker): this should be ParseRevocationList once it lands -+ crl, err := ParseCRL(crlDER) -+ if err != nil { -+ t.Fatalf("failed to parse test CRL: %s", err) -+ } -+ -+ if err = cert.CheckCRLSignature(crl); err != nil { -+ t.Errorf("unexpected error: %s", err) -+ } -+ -+ // This is an unrelated OCSP response, which will fail signature verification -+ // but shouldn't return a InsecureAlgorithmError, since SHA1 should be allowed -+ // for OCSP. -+ ocspTBSHex := "30819fa2160414884451ff502a695e2d88f421bad90cf2cecbea7c180f32303133303631383037323434335a30743072304a300906052b0e03021a0500041448b60d38238df8456e4ee5843ea394111802979f0414884451ff502a695e2d88f421bad90cf2cecbea7c021100f78b13b946fc9635d8ab49de9d2148218000180f32303133303631383037323434335aa011180f32303133303632323037323434335a" -+ ocspTBS, err := hex.DecodeString(ocspTBSHex) -+ if err != nil { -+ t.Fatalf("failed to decode OCSP response TBS hex: %s", err) -+ } -+ -+ err = cert.CheckSignature(SHA1WithRSA, ocspTBS, nil) -+ if err != rsa.ErrVerification { -+ t.Errorf("unexpected error: %s", err) -+ } -+} diff --git a/SOURCES/remove_ed25519vectors_test.patch b/SOURCES/remove_ed25519vectors_test.patch new file mode 100644 index 0000000..45e3182 --- /dev/null +++ b/SOURCES/remove_ed25519vectors_test.patch @@ -0,0 +1,128 @@ +From d7cad65ab9179804e9f089ce97bc124e9ef79494 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= +Date: Wed, 15 Dec 2021 16:02:15 +0100 +Subject: [PATCH] Remove ed25519vectors_test.go + +--- + src/crypto/ed25519/ed25519vectors_test.go | 109 ---------------------- + 1 file changed, 109 deletions(-) + delete mode 100644 src/crypto/ed25519/ed25519vectors_test.go + +diff --git a/src/crypto/ed25519/ed25519vectors_test.go b/src/crypto/ed25519/ed25519vectors_test.go +deleted file mode 100644 +index 74fcdcdf4e..0000000000 +--- a/src/crypto/ed25519/ed25519vectors_test.go ++++ /dev/null +@@ -1,109 +0,0 @@ +-// Copyright 2021 The Go Authors. All rights reserved. +-// Use of this source code is governed by a BSD-style +-// license that can be found in the LICENSE file. +- +-package ed25519_test +- +-import ( +- "crypto/ed25519" +- "encoding/hex" +- "encoding/json" +- "internal/testenv" +- "os" +- "os/exec" +- "path/filepath" +- "testing" +-) +- +-// TestEd25519Vectors runs a very large set of test vectors that exercise all +-// combinations of low-order points, low-order components, and non-canonical +-// encodings. These vectors lock in unspecified and spec-divergent behaviors in +-// edge cases that are not security relevant in most contexts, but that can +-// cause issues in consensus applications if changed. +-// +-// Our behavior matches the "classic" unwritten verification rules of the +-// "ref10" reference implementation. +-// +-// Note that although we test for these edge cases, they are not covered by the +-// Go 1 Compatibility Promise. Applications that need stable verification rules +-// should use github.com/hdevalence/ed25519consensus. +-// +-// See https://hdevalence.ca/blog/2020-10-04-its-25519am for more details. +-func TestEd25519Vectors(t *testing.T) { +- jsonVectors := downloadEd25519Vectors(t) +- var vectors []struct { +- A, R, S, M string +- Flags []string +- } +- if err := json.Unmarshal(jsonVectors, &vectors); err != nil { +- t.Fatal(err) +- } +- for i, v := range vectors { +- expectedToVerify := true +- for _, f := range v.Flags { +- switch f { +- // We use the simplified verification formula that doesn't multiply +- // by the cofactor, so any low order residue will cause the +- // signature not to verify. +- // +- // This is allowed, but not required, by RFC 8032. +- case "LowOrderResidue": +- expectedToVerify = false +- // Our point decoding allows non-canonical encodings (in violation +- // of RFC 8032) but R is not decoded: instead, R is recomputed and +- // compared bytewise against the canonical encoding. +- case "NonCanonicalR": +- expectedToVerify = false +- } +- } +- +- publicKey := decodeHex(t, v.A) +- signature := append(decodeHex(t, v.R), decodeHex(t, v.S)...) +- message := []byte(v.M) +- +- didVerify := ed25519.Verify(publicKey, message, signature) +- if didVerify && !expectedToVerify { +- t.Errorf("#%d: vector with flags %s unexpectedly verified", i, v.Flags) +- } +- if !didVerify && expectedToVerify { +- t.Errorf("#%d: vector with flags %s unexpectedly rejected", i, v.Flags) +- } +- } +-} +- +-func downloadEd25519Vectors(t *testing.T) []byte { +- testenv.MustHaveExternalNetwork(t) +- +- // Download the JSON test file from the GOPROXY with `go mod download`, +- // pinning the version so test and module caching works as expected. +- goTool := testenv.GoToolPath(t) +- path := "filippo.io/mostly-harmless/ed25519vectors@v0.0.0-20210322192420-30a2d7243a94" +- cmd := exec.Command(goTool, "mod", "download", "-json", path) +- // TODO: enable the sumdb once the TryBots proxy supports it. +- cmd.Env = append(os.Environ(), "GONOSUMDB=*") +- output, err := cmd.Output() +- if err != nil { +- t.Fatalf("failed to run `go mod download -json %s`, output: %s", path, output) +- } +- var dm struct { +- Dir string // absolute path to cached source root directory +- } +- if err := json.Unmarshal(output, &dm); err != nil { +- t.Fatal(err) +- } +- +- jsonVectors, err := os.ReadFile(filepath.Join(dm.Dir, "ed25519vectors.json")) +- if err != nil { +- t.Fatalf("failed to read ed25519vectors.json: %v", err) +- } +- return jsonVectors +-} +- +-func decodeHex(t *testing.T, s string) []byte { +- t.Helper() +- b, err := hex.DecodeString(s) +- if err != nil { +- t.Errorf("invalid hex: %v", err) +- } +- return b +-} +-- +2.33.1 + diff --git a/SOURCES/skip_test_rhbz1939923.patch b/SOURCES/skip_test_rhbz1939923.patch deleted file mode 100644 index e5d52eb..0000000 --- a/SOURCES/skip_test_rhbz1939923.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go -index f3e2a77..57434b5 100644 ---- a/src/crypto/x509/x509_test.go -+++ b/src/crypto/x509/x509_test.go -@@ -2922,6 +2922,7 @@ func (bs *brokenSigner) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) ([]byte - } - - func TestCreateCertificateBrokenSigner(t *testing.T) { -+ t.Skip("TODO Fix me: rhbz#1939923") - template := &Certificate{ - SerialNumber: big.NewInt(10), - DNSNames: []string{"example.com"}, diff --git a/SPECS/golang.spec b/SPECS/golang.spec index 4fdb729..0beb42b 100644 --- a/SPECS/golang.spec +++ b/SPECS/golang.spec @@ -96,12 +96,12 @@ %endif %global go_api 1.18 -%global go_version 1.18.0 +%global go_version 1.18.2 %global pkg_release 1 Name: golang Version: %{go_version} -Release: 2%{?dist} +Release: 1%{?dist} Summary: The Go Programming Language # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain License: BSD and Public Domain @@ -143,9 +143,7 @@ Patch221: fix_TestScript_list_std.patch # static linking of dlopen is unsupported Patch226: disable_static_external_tests.patch -Patch1939923: skip_test_rhbz1939923.patch - -Patch51852: relax_sha1_restriction.patch +Patch223: remove_ed25519vectors_test.patch # Having documentation separate was broken Obsoletes: %{name}-docs < 1.1-4 @@ -237,15 +235,10 @@ Requires: %{name} = %{version}-%{release} %setup -q -n go-go%{go_version}-%{pkg_release}-openssl-fips %patch215 -p1 - %patch221 -p1 - +%patch223 -p1 %patch226 -p1 -%patch1939923 -p1 - -%patch51852 -p1 - cp %{SOURCE1} ./src/runtime/ %build @@ -519,6 +512,10 @@ cd .. %endif %changelog +* Thu Jun 16 2022 David Benoit - 1.18.2-1 +- Update to Go 1.18.2 +- Related: rhbz#2075162 + * Mon Apr 18 2022 David Benoit - 1.18.0-2 - Enable SHA1 in some contexts - Related: rhbz#2075162