import golang-1.18.9-1.el9_1

2023-01-23 09:34:00 -05:00 · 2023-01-23 09:34:00 -05:00 · 52c02a6fda
commit 52c02a6fda
parent 3c9f46127b
5 changed files with 502 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/go1.18.4-1-openssl-fips.tar.gz
+SOURCES/go1.18.9-1-openssl-fips.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -1 +1 @@
-3798a6b5b37624922f5da08860f39da457caa856 SOURCES/go1.18.4-1-openssl-fips.tar.gz
+ed6295dd73f7b822cd89f4527797ce87271bc672 SOURCES/go1.18.9-1-openssl-fips.tar.gz
--- a/SOURCES/enable-big-endian-fips.patch
+++ b/SOURCES/enable-big-endian-fips.patch
@ -0,0 +1,363 @@
+diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h
+index 4820385f67..2415702b28 100644
+--- a/src/crypto/internal/boring/goopenssl.h
+++ b/src/crypto/internal/boring/goopenssl.h
+@@ -76,7 +76,7 @@ _goboringcrypto_DLOPEN_OPENSSL(void)
+ #include <openssl/opensslv.h>
+ #include <openssl/ssl.h>
+ 
+-DEFINEFUNCINTERNAL(int, OPENSSL_init, (void), ())
+DEFINEFUNCINTERNAL(void, OPENSSL_init, (void), ())
+ 
+ static unsigned long _goboringcrypto_internal_OPENSSL_VERSION_NUMBER(void) {
+ 	return OPENSSL_VERSION_NUMBER;
+@@ -97,35 +97,32 @@ DEFINEFUNCINTERNAL(void, ERR_error_string_n, (unsigned long e, unsigned char *bu
+ 
+ #include <openssl/crypto.h>
+ 
+-DEFINEFUNCINTERNAL(int, CRYPTO_num_locks, (void), ())
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+DEFINEFUNC(int, CRYPTO_num_locks, (void), ())
+#else
+ static inline int
+ _goboringcrypto_CRYPTO_num_locks(void) {
+	return CRYPTO_num_locks(); /* defined as macro */
+}
+#endif
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+-	return _goboringcrypto_internal_CRYPTO_num_locks();
+DEFINEFUNC(void, CRYPTO_set_id_callback, (unsigned long (*id_function)(void)), (id_function))
+ #else
+-	return CRYPTO_num_locks();
+-#endif
+-}
+-DEFINEFUNCINTERNAL(void, CRYPTO_set_id_callback, (unsigned long (*id_function)(void)), (id_function))
+ static inline void
+ _goboringcrypto_CRYPTO_set_id_callback(unsigned long (*id_function)(void)) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+-	_goboringcrypto_internal_CRYPTO_set_id_callback(id_function);
+-#else
+-	CRYPTO_set_id_callback(id_function);
+-#endif
+	CRYPTO_set_id_callback(id_function); /* defined as macro */
+ }
+-DEFINEFUNCINTERNAL(void, CRYPTO_set_locking_callback,
+#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+DEFINEFUNC(void, CRYPTO_set_locking_callback,
+ 	(void (*locking_function)(int mode, int n, const char *file, int line)), 
+ 	(locking_function))
+#else
+ static inline void
+ _goboringcrypto_CRYPTO_set_locking_callback(void (*locking_function)(int mode, int n, const char *file, int line)) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+-	_goboringcrypto_internal_CRYPTO_set_locking_callback(locking_function);
+-#else
+-	CRYPTO_set_locking_callback(locking_function);
+-#endif
+	CRYPTO_set_locking_callback(locking_function); /* defined as macro */
+ }
+#endif
+ 
+ int _goboringcrypto_OPENSSL_thread_setup(void);
+ 
+@@ -206,10 +203,16 @@ DEFINEFUNC(const GO_EVP_MD *, EVP_sha384, (void), ())
+ DEFINEFUNC(const GO_EVP_MD *, EVP_sha512, (void), ())
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
+ DEFINEFUNCINTERNAL(int, EVP_MD_type, (const GO_EVP_MD *arg0), (arg0))
+DEFINEFUNCINTERNAL(size_t, EVP_MD_size, (const GO_EVP_MD *arg0), (arg0))
+static inline int
+_goboringcrypto_EVP_MD_get_size(const GO_EVP_MD *arg0)
+{
+	return _goboringcrypto_internal_EVP_MD_size(arg0);
+}
+ #else
+ DEFINEFUNCINTERNAL(int, EVP_MD_get_type, (const GO_EVP_MD *arg0), (arg0))
+DEFINEFUNC(int, EVP_MD_get_size, (const GO_EVP_MD *arg0), (arg0))
+ #endif
+-DEFINEFUNCINTERNAL(size_t, EVP_MD_size, (const GO_EVP_MD *arg0), (arg0))
+ DEFINEFUNCINTERNAL(const GO_EVP_MD*, EVP_md5_sha1, (void), ())
+ 
+ # include <openssl/md5.h>
+@@ -240,8 +243,6 @@ _goboringcrypto_EVP_md5_sha1(void) {
+ 
+ typedef HMAC_CTX GO_HMAC_CTX;
+ 
+-DEFINEFUNC(void, HMAC_CTX_init, (GO_HMAC_CTX * arg0), (arg0))
+-DEFINEFUNC(void, HMAC_CTX_cleanup, (GO_HMAC_CTX * arg0), (arg0))
+ DEFINEFUNC(int, HMAC_Init_ex,
+ 		   (GO_HMAC_CTX * arg0, const void *arg1, int arg2, const GO_EVP_MD *arg3, ENGINE *arg4),
+ 		   (arg0, arg1, arg2, arg3, arg4))
+@@ -249,59 +250,57 @@ DEFINEFUNC(int, HMAC_Update, (GO_HMAC_CTX * arg0, const uint8_t *arg1, size_t ar
+ DEFINEFUNC(int, HMAC_Final, (GO_HMAC_CTX * arg0, uint8_t *arg1, unsigned int *arg2), (arg0, arg1, arg2))
+ DEFINEFUNC(size_t, HMAC_CTX_copy, (GO_HMAC_CTX *dest, GO_HMAC_CTX *src), (dest, src))
+ 
+-DEFINEFUNCINTERNAL(void, HMAC_CTX_free, (GO_HMAC_CTX * arg0), (arg0))
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+DEFINEFUNCINTERNAL(void, HMAC_CTX_cleanup, (GO_HMAC_CTX * arg0), (arg0))
+ static inline void
+ _goboringcrypto_HMAC_CTX_free(HMAC_CTX *ctx) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    if (ctx != NULL) {
+-       _goboringcrypto_HMAC_CTX_cleanup(ctx);
+       _goboringcrypto_internal_HMAC_CTX_cleanup(ctx);
+        free(ctx);
+    }
+}
+ #else
+-	_goboringcrypto_internal_HMAC_CTX_free(ctx);
+DEFINEFUNC(void, HMAC_CTX_free, (GO_HMAC_CTX * arg0), (arg0))
+ #endif
+-}
+ 
+-DEFINEFUNCINTERNAL(EVP_MD*, HMAC_CTX_get_md, (const GO_HMAC_CTX* ctx), (ctx))
+-DEFINEFUNCINTERNAL(size_t, EVP_MD_get_size, (const GO_EVP_MD *arg0), (arg0))
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ static inline size_t
+ _goboringcrypto_HMAC_size(const GO_HMAC_CTX* arg0) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+-	return _goboringcrypto_internal_EVP_MD_size(arg0->md);
+-#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	const EVP_MD* md;
+-	md = _goboringcrypto_internal_HMAC_CTX_get_md(arg0);
+-	return _goboringcrypto_internal_EVP_MD_get_size(md);
+	return _goboringcrypto_EVP_MD_get_size(arg0->md);
+}
+ #else
+DEFINEFUNCINTERNAL(const EVP_MD*, HMAC_CTX_get_md, (const GO_HMAC_CTX* ctx), (ctx))
+static inline size_t
+_goboringcrypto_HMAC_size(const GO_HMAC_CTX* arg0) {
+ 	const EVP_MD* md;
+ 	md = _goboringcrypto_internal_HMAC_CTX_get_md(arg0);
+-	return _goboringcrypto_internal_EVP_MD_size(md);
+-#endif
+	return _goboringcrypto_EVP_MD_get_size(md);
+ }
+#endif
+ 
+-DEFINEFUNCINTERNAL(GO_HMAC_CTX*, HMAC_CTX_new, (void), ())
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+DEFINEFUNCINTERNAL(void, HMAC_CTX_init, (GO_HMAC_CTX * arg0), (arg0))
+ static inline GO_HMAC_CTX*
+ _goboringcrypto_HMAC_CTX_new(void) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	GO_HMAC_CTX* ctx = malloc(sizeof(GO_HMAC_CTX));
+ 	if (ctx != NULL)
+-		_goboringcrypto_HMAC_CTX_init(ctx);
+		_goboringcrypto_internal_HMAC_CTX_init(ctx);
+ 	return ctx;
+}
+ #else
+-	return _goboringcrypto_internal_HMAC_CTX_new();
+DEFINEFUNC(GO_HMAC_CTX*, HMAC_CTX_new, (void), ())
+ #endif
+-}
+ 
+-DEFINEFUNCINTERNAL(void, HMAC_CTX_reset, (GO_HMAC_CTX * arg0), (arg0))
+-static inline void
+-_goboringcrypto_HMAC_CTX_reset(GO_HMAC_CTX* ctx) {
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+-	_goboringcrypto_HMAC_CTX_cleanup(ctx);
+-	_goboringcrypto_HMAC_CTX_init(ctx);
+static inline int
+_goboringcrypto_HMAC_CTX_reset(GO_HMAC_CTX* ctx) {
+	_goboringcrypto_internal_HMAC_CTX_cleanup(ctx);
+	_goboringcrypto_internal_HMAC_CTX_init(ctx);
+	return 0;
+}
+ #else
+-	_goboringcrypto_internal_HMAC_CTX_reset(ctx);
+DEFINEFUNC(int, HMAC_CTX_reset, (GO_HMAC_CTX * arg0), (arg0))
+ #endif
+-}
+ 
+ int _goboringcrypto_HMAC_CTX_copy_ex(GO_HMAC_CTX *dest, const GO_HMAC_CTX *src);
+ 
+@@ -408,16 +407,14 @@ DEFINEFUNCINTERNAL(int, ECDSA_verify,
+ 	(int type, const unsigned char *dgst, size_t dgstlen, const unsigned char *sig, unsigned int siglen, EC_KEY *eckey),
+ 	(type, dgst, dgstlen, sig, siglen, eckey))
+ 
+-DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_new, (void), ())
+-DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_create, (void), ())
+-
+-static inline EVP_MD_CTX* _goboringcrypto_EVP_MD_CTX_create(void) {
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+-	return _goboringcrypto_internal_EVP_MD_CTX_create();
+DEFINEFUNC(EVP_MD_CTX*, EVP_MD_CTX_create, (void), ())
+ #else
+DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_new, (void), ())
+static inline EVP_MD_CTX* _goboringcrypto_EVP_MD_CTX_create(void) {
+ 	return _goboringcrypto_internal_EVP_MD_CTX_new();
+-#endif
+ }
+#endif
+ 
+ DEFINEFUNCINTERNAL(int, EVP_PKEY_assign,
+ 	(EVP_PKEY *pkey, int type, void *eckey),
+@@ -441,7 +438,7 @@ DEFINEFUNC(int, EVP_DigestUpdate,
+ 	(EVP_MD_CTX* ctx, const void *d, size_t cnt),
+ 	(ctx, d, cnt))
+ DEFINEFUNC(int, EVP_DigestSignFinal,
+-	(EVP_MD_CTX* ctx, unsigned char *sig, unsigned int *siglen),
+	(EVP_MD_CTX* ctx, unsigned char *sig, size_t *siglen),
+ 	(ctx, sig, siglen))
+ 
+ DEFINEFUNC(int, EVP_DigestVerifyInit,
+@@ -451,18 +448,17 @@ DEFINEFUNC(int, EVP_DigestVerifyFinal,
+ 	(EVP_MD_CTX* ctx, const uint8_t *sig, unsigned int siglen),
+ 	(ctx, sig, siglen))
+ 
+-int _goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, unsigned int *slen, EVP_PKEY *eckey);
+int _goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, size_t *slen, EVP_PKEY *eckey);
+ int _goboringcrypto_EVP_verify(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, const uint8_t *sig, unsigned int slen, EVP_PKEY *key);
+ 
+-DEFINEFUNCINTERNAL(void, EVP_MD_CTX_free, (EVP_MD_CTX *ctx), (ctx))
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ DEFINEFUNCINTERNAL(void, EVP_MD_CTX_destroy, (EVP_MD_CTX *ctx), (ctx))
+ static inline void _goboringcrypto_EVP_MD_CTX_free(EVP_MD_CTX *ctx) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	return _goboringcrypto_internal_EVP_MD_CTX_destroy(ctx);
+}
+ #else
+-	return _goboringcrypto_internal_EVP_MD_CTX_free(ctx);
+DEFINEFUNC(void, EVP_MD_CTX_free, (EVP_MD_CTX *ctx), (ctx))
+ #endif
+-}
+ 
+ int _goboringcrypto_ECDSA_sign(EVP_MD *md, const uint8_t *arg1, size_t arg2, uint8_t *arg3, unsigned int *arg4, GO_EC_KEY *arg5);
+ int _goboringcrypto_ECDSA_verify(EVP_MD *md, const uint8_t *arg1, size_t arg2, const uint8_t *arg3, unsigned int arg4, GO_EC_KEY *arg5);
+@@ -473,7 +469,7 @@ int _goboringcrypto_ECDSA_verify(EVP_MD *md, const uint8_t *arg1, size_t arg2, c
+ typedef RSA GO_RSA;
+ typedef BN_GENCB GO_BN_GENCB;
+ 
+-int _goboringcrypto_EVP_RSA_sign(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, unsigned int *slen, RSA *rsa);
+int _goboringcrypto_EVP_RSA_sign(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, size_t *slen, RSA *rsa);
+ int _goboringcrypto_EVP_RSA_verify(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, const uint8_t *sig, unsigned int slen, GO_RSA *rsa);
+ 
+ DEFINEFUNC(GO_RSA *, RSA_new, (void), ())
+@@ -774,10 +770,10 @@ _goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(GO_EVP_PKEY_CTX * ctx, const GO_EVP
+ }
+ 
+ DEFINEFUNC(int, EVP_PKEY_decrypt,
+-		   (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, unsigned int *arg2, const uint8_t *arg3, unsigned int arg4),
+		   (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, size_t *arg2, const uint8_t *arg3, unsigned int arg4),
+ 		   (arg0, arg1, arg2, arg3, arg4))
+ DEFINEFUNC(int, EVP_PKEY_encrypt,
+-		   (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, unsigned int *arg2, const uint8_t *arg3, unsigned int arg4),
+		   (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, size_t *arg2, const uint8_t *arg3, unsigned int arg4),
+ 		   (arg0, arg1, arg2, arg3, arg4))
+ DEFINEFUNC(int, EVP_PKEY_decrypt_init, (GO_EVP_PKEY_CTX * arg0), (arg0))
+ DEFINEFUNC(int, EVP_PKEY_encrypt_init, (GO_EVP_PKEY_CTX * arg0), (arg0))
+diff --git a/src/crypto/internal/boring/openssl_ecdsa_signature.c b/src/crypto/internal/boring/openssl_ecdsa_signature.c
+index 710d0744ff..9d0056c5f7 100644
+--- a/src/crypto/internal/boring/openssl_ecdsa_signature.c
+++ b/src/crypto/internal/boring/openssl_ecdsa_signature.c
+@@ -18,7 +18,9 @@ _goboringcrypto_ECDSA_sign(EVP_MD* md, const uint8_t *msg, size_t msgLen, uint8_
+         result = 0;
+         goto err;
+     }
+-    result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
+    size_t _slen;
+    result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, &_slen, key);
+    *slen = _slen;
+ err:
+     _goboringcrypto_EVP_PKEY_free(key);
+     return result;
+diff --git a/src/crypto/internal/boring/openssl_evp.c b/src/crypto/internal/boring/openssl_evp.c
+index 36be702224..8b81fd71f6 100644
+--- a/src/crypto/internal/boring/openssl_evp.c
+++ b/src/crypto/internal/boring/openssl_evp.c
+@@ -7,7 +7,7 @@
+ #include "goboringcrypto.h"
+ 
+ int
+-_goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, unsigned int *slen, EVP_PKEY *key) {
+_goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, size_t *slen, EVP_PKEY *key) {
+     EVP_MD_CTX *mdctx = NULL;
+     int ret = 0;
+ 
+diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c
+index 5174f662c9..3ad4e69e9d 100644
+--- a/src/crypto/internal/boring/openssl_port_rsa.c
+++ b/src/crypto/internal/boring/openssl_port_rsa.c
+@@ -19,7 +19,7 @@ int _goboringcrypto_RSA_generate_key_fips(GO_RSA *rsa, int size, GO_BN_GENCB *cb
+ 	return ret;
+ }
+ 
+-int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_t *out, size_t max_out,
+int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
+ 		const uint8_t *in, size_t in_len, EVP_MD *md, const EVP_MD *mgf1_md, int salt_len)
+ {
+ 	EVP_PKEY_CTX *ctx;
+@@ -173,7 +173,7 @@ err:
+ 	return ret;
+ }
+ 
+-int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, unsigned int *slen, RSA *rsa)
+int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, size_t *slen, RSA *rsa)
+ {
+ 	int result;
+ 	EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
+diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
+index b1a2f57abd..e47ca3bb63 100644
+--- a/src/crypto/internal/boring/rsa.go
+++ b/src/crypto/internal/boring/rsa.go
+@@ -200,7 +200,7 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
+ func cryptRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
+ 	padding C.int, h hash.Hash, label []byte, saltLen int, ch crypto.Hash,
+ 	init func(*C.GO_EVP_PKEY_CTX) C.int,
+-	crypt func(*C.GO_EVP_PKEY_CTX, *C.uint8_t, *C.uint, *C.uint8_t, C.uint) C.int,
+	crypt func(*C.GO_EVP_PKEY_CTX, *C.uint8_t, *C.size_t, *C.uint8_t, C.uint) C.int,
+ 	in []byte) ([]byte, error) {
+ 
+ 	pkey, ctx, err := setupRSA(withKey, padding, h, label, saltLen, ch, init)
+@@ -210,7 +210,7 @@ func cryptRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
+ 	defer C._goboringcrypto_EVP_PKEY_free(pkey)
+ 	defer C._goboringcrypto_EVP_PKEY_CTX_free(ctx)
+ 
+-	var outLen C.uint
+	var outLen C.size_t
+ 	if crypt(ctx, nil, &outLen, base(in), C.uint(len(in))) == 0 {
+ 		return nil, NewOpenSSLError("EVP_PKEY_decrypt/encrypt failed")
+ 	}
+@@ -251,7 +251,7 @@ func decryptInit(ctx *C.GO_EVP_PKEY_CTX) C.int {
+ 	return C._goboringcrypto_EVP_PKEY_decrypt_init(ctx)
+ }
+ 
+-func decrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.uint, in *C.uint8_t, inLen C.uint) C.int {
+func decrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.size_t, in *C.uint8_t, inLen C.uint) C.int {
+ 	return C._goboringcrypto_EVP_PKEY_decrypt(ctx, out, outLen, in, inLen)
+ }
+ 
+@@ -259,7 +259,7 @@ func encryptInit(ctx *C.GO_EVP_PKEY_CTX) C.int {
+ 	return C._goboringcrypto_EVP_PKEY_encrypt_init(ctx)
+ }
+ 
+-func encrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.uint, in *C.uint8_t, inLen C.uint) C.int {
+func encrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.size_t, in *C.uint8_t, inLen C.uint) C.int {
+ 	return C._goboringcrypto_EVP_PKEY_encrypt(ctx, out, outLen, in, inLen)
+ }
+ 
+@@ -307,10 +307,9 @@ func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte, msgIsHashed
+ 		return nil, errors.New("crypto/rsa: unsupported hash function: " + strconv.Itoa(int(h)))
+ 	}
+ 
+-	var out []byte
+-	var outLen C.uint
+-
+ 	if msgIsHashed {
+		var out []byte
+		var outLen C.uint
+ 		PanicIfStrictFIPS("You must provide a raw unhashed message for PKCS1v15 signing and use HashSignPKCS1v15 instead of SignPKCS1v15")
+ 		nid := C._goboringcrypto_EVP_MD_type(md)
+ 		if priv.withKey(func(key *C.GO_RSA) C.int {
+@@ -323,6 +322,9 @@ func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte, msgIsHashed
+ 		return out[:outLen], nil
+ 	}
+ 
+	var out []byte
+	var outLen C.size_t
+
+ 	if priv.withKey(func(key *C.GO_RSA) C.int {
+ 		return C._goboringcrypto_EVP_RSA_sign(md, base(msg), C.uint(len(msg)), base(out), &outLen, key)
+ 	}) == 0 {
--- a/SOURCES/ppc64le-internal-linker-fix.patch
+++ b/SOURCES/ppc64le-internal-linker-fix.patch
@ -0,0 +1,122 @@
+diff --git a/src/cmd/go/testdata/script/trampoline_reuse_test.txt b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
+new file mode 100644
+index 0000000000000..bca897c16d054
+--- /dev/null
+++ b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
+@@ -0,0 +1,100 @@
+# Verify PPC64 does not reuse a trampoline which is too far away.
+# This tests an edge case where the direct call relocation addend should
+# be ignored when computing the distance from the direct call to the
+# already placed trampoline
+[short] skip
+[!ppc64] [!ppc64le] skip
+[aix] skip
+
+# Note, this program does not run. Presumably, 'DWORD $0' is simpler to
+# assembly 2^26 or so times.
+#
+# We build something which should be laid out as such:
+#
+# bar.Bar
+# main.Func1
+# bar.Bar+400-tramp0
+# main.BigAsm
+# main.Func2
+# bar.Bar+400-tramp1
+#
+# bar.Bar needs to be placed far enough away to generate relocations
+# from main package calls. and main.Func1 and main.Func2 are placed
+# a bit more than the direct call limit apart, but not more than 0x400
+# bytes beyond it (to verify the reloc calc).
+
+go build
+
+-- go.mod --
+
+module foo
+
+go 1.19
+
+-- main.go --
+
+package main
+
+import "foo/bar"
+
+func Func1()
+
+func main() {
+        Func1()
+        bar.Bar2()
+}
+
+-- foo.s --
+
+TEXT main·Func1(SB),0,$0-0
+        CALL bar·Bar+0x400(SB)
+        CALL main·BigAsm(SB)
+// A trampoline will be placed here to bar.Bar
+
+// This creates a gap sufficiently large to prevent trampoline reuse
+#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
+#define NOP256 NOP64 NOP64 NOP64 NOP64
+#define NOP2S10 NOP256 NOP256 NOP256 NOP256
+#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
+#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
+#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
+#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
+#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
+#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
+#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
+#define BIGNOP NOP2S24 NOP2S24
+TEXT main·BigAsm(SB),0,$0-0
+        // Fill to the direct call limit so Func2 must generate a new trampoline.
+        // As the implicit trampoline above is just barely unreachable.
+        BIGNOP
+        MOVD $main·Func2(SB), R3
+
+TEXT main·Func2(SB),0,$0-0
+        CALL bar·Bar+0x400(SB)
+// Another trampoline should be placed here.
+
+-- bar/bar.s --
+
+#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
+#define NOP256 NOP64 NOP64 NOP64 NOP64
+#define NOP2S10 NOP256 NOP256 NOP256 NOP256
+#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
+#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
+#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
+#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
+#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
+#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
+#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
+#define BIGNOP NOP2S24 NOP2S24 NOP2S10
+// A very big not very interesting function.
+TEXT bar·Bar(SB),0,$0-0
+        BIGNOP
+
+-- bar/bar.go --
+
+package bar
+
+func Bar()
+
+func Bar2() {
+}
+diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go
+index 73c2718a3369f..879adaa965050 100644
+--- a/src/cmd/link/internal/ppc64/asm.go
+++ b/src/cmd/link/internal/ppc64/asm.go
+@@ -809,8 +809,9 @@ func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) {
+ 				if ldr.SymValue(tramp) == 0 {
+ 					break
+ 				}
+-
+-				t = ldr.SymValue(tramp) + r.Add() - (ldr.SymValue(s) + int64(r.Off()))
+				// Note, the trampoline is always called directly. The addend of the original relocation is accounted for in the
+				// trampoline itself.
+				t = ldr.SymValue(tramp) - (ldr.SymValue(s) + int64(r.Off()))
+ 
+ 				// With internal linking, the trampoline can be used if it is not too far.
+ 				// With external linking, the trampoline must be in this section for it to be reused.
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@ -96,12 +96,12 @@
 %endif

 %global go_api 1.18
-%global go_version 1.18.4
+%global go_version 1.18.9
 %global pkg_release 1

 Name:           golang
 Version:        %{go_version}
-Release:        3%{?dist}
+Release:        1%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@ -148,6 +148,10 @@ Patch223: remove_ed25519vectors_test.patch

 Patch224: openssl_deprecated_algorithm_tests.patch

+Patch225: enable-big-endian-fips.patch
+
+Patch226: ppc64le-internal-linker-fix.patch
+
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4

@ -241,6 +245,8 @@ Requires:       %{name} = %{version}-%{release}
 %patch221 -p1
 %patch223 -p1
 %patch224 -p1
+%patch225 -p1
+%patch226 -p1

 cp %{SOURCE1} ./src/runtime/

@ -514,6 +520,13 @@ cd ..
 %endif

 %changelog
+* Tue Dec 20 2022 David Benoit <dbenoit@redhat.com> - 1.18.9-1
+- Rebase to Go 1.18.9
+- Enable big endian support for fips mode 
+- Fix ppc64le linker issue
+- Resolves: rhbz#2144547
+- Resolves: rhbz#2149311
+
 * Tue Aug 16 2022 David Benoit <dbenoit@redhat.com> - 1.18.4-3
 - Temporarily disable crypto tests on ppc64le
 - Related: rhbz#2109180