diff --git a/.gitignore b/.gitignore index 1b2c26f..addc649 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/go1.18.4-1-openssl-fips.tar.gz +SOURCES/go1.18.9-1-openssl-fips.tar.gz diff --git a/.golang.metadata b/.golang.metadata index a07c38b..95a8576 100644 --- a/.golang.metadata +++ b/.golang.metadata @@ -1 +1 @@ -3798a6b5b37624922f5da08860f39da457caa856 SOURCES/go1.18.4-1-openssl-fips.tar.gz +ed6295dd73f7b822cd89f4527797ce87271bc672 SOURCES/go1.18.9-1-openssl-fips.tar.gz diff --git a/SOURCES/big-endian.patch b/SOURCES/big-endian.patch new file mode 100644 index 0000000..57e1d68 --- /dev/null +++ b/SOURCES/big-endian.patch @@ -0,0 +1,363 @@ +diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h +index 4820385f67..2415702b28 100644 +--- a/src/crypto/internal/boring/goopenssl.h ++++ b/src/crypto/internal/boring/goopenssl.h +@@ -76,7 +76,7 @@ _goboringcrypto_DLOPEN_OPENSSL(void) + #include + #include + +-DEFINEFUNCINTERNAL(int, OPENSSL_init, (void), ()) ++DEFINEFUNCINTERNAL(void, OPENSSL_init, (void), ()) + + static unsigned long _goboringcrypto_internal_OPENSSL_VERSION_NUMBER(void) { + return OPENSSL_VERSION_NUMBER; +@@ -97,35 +97,32 @@ DEFINEFUNCINTERNAL(void, ERR_error_string_n, (unsigned long e, unsigned char *bu + + #include + +-DEFINEFUNCINTERNAL(int, CRYPTO_num_locks, (void), ()) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++DEFINEFUNC(int, CRYPTO_num_locks, (void), ()) ++#else + static inline int + _goboringcrypto_CRYPTO_num_locks(void) { ++ return CRYPTO_num_locks(); /* defined as macro */ ++} ++#endif + #if OPENSSL_VERSION_NUMBER < 0x10100000L +- return _goboringcrypto_internal_CRYPTO_num_locks(); ++DEFINEFUNC(void, CRYPTO_set_id_callback, (unsigned long (*id_function)(void)), (id_function)) + #else +- return CRYPTO_num_locks(); +-#endif +-} +-DEFINEFUNCINTERNAL(void, CRYPTO_set_id_callback, (unsigned long (*id_function)(void)), (id_function)) + static inline void + _goboringcrypto_CRYPTO_set_id_callback(unsigned long (*id_function)(void)) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L +- _goboringcrypto_internal_CRYPTO_set_id_callback(id_function); +-#else +- CRYPTO_set_id_callback(id_function); +-#endif ++ CRYPTO_set_id_callback(id_function); /* defined as macro */ + } +-DEFINEFUNCINTERNAL(void, CRYPTO_set_locking_callback, ++#endif ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++DEFINEFUNC(void, CRYPTO_set_locking_callback, + (void (*locking_function)(int mode, int n, const char *file, int line)), + (locking_function)) ++#else + static inline void + _goboringcrypto_CRYPTO_set_locking_callback(void (*locking_function)(int mode, int n, const char *file, int line)) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L +- _goboringcrypto_internal_CRYPTO_set_locking_callback(locking_function); +-#else +- CRYPTO_set_locking_callback(locking_function); +-#endif ++ CRYPTO_set_locking_callback(locking_function); /* defined as macro */ + } ++#endif + + int _goboringcrypto_OPENSSL_thread_setup(void); + +@@ -206,10 +203,16 @@ DEFINEFUNC(const GO_EVP_MD *, EVP_sha384, (void), ()) + DEFINEFUNC(const GO_EVP_MD *, EVP_sha512, (void), ()) + #if OPENSSL_VERSION_NUMBER < 0x30000000L + DEFINEFUNCINTERNAL(int, EVP_MD_type, (const GO_EVP_MD *arg0), (arg0)) ++DEFINEFUNCINTERNAL(size_t, EVP_MD_size, (const GO_EVP_MD *arg0), (arg0)) ++static inline int ++_goboringcrypto_EVP_MD_get_size(const GO_EVP_MD *arg0) ++{ ++ return _goboringcrypto_internal_EVP_MD_size(arg0); ++} + #else + DEFINEFUNCINTERNAL(int, EVP_MD_get_type, (const GO_EVP_MD *arg0), (arg0)) ++DEFINEFUNC(int, EVP_MD_get_size, (const GO_EVP_MD *arg0), (arg0)) + #endif +-DEFINEFUNCINTERNAL(size_t, EVP_MD_size, (const GO_EVP_MD *arg0), (arg0)) + DEFINEFUNCINTERNAL(const GO_EVP_MD*, EVP_md5_sha1, (void), ()) + + # include +@@ -240,8 +243,6 @@ _goboringcrypto_EVP_md5_sha1(void) { + + typedef HMAC_CTX GO_HMAC_CTX; + +-DEFINEFUNC(void, HMAC_CTX_init, (GO_HMAC_CTX * arg0), (arg0)) +-DEFINEFUNC(void, HMAC_CTX_cleanup, (GO_HMAC_CTX * arg0), (arg0)) + DEFINEFUNC(int, HMAC_Init_ex, + (GO_HMAC_CTX * arg0, const void *arg1, int arg2, const GO_EVP_MD *arg3, ENGINE *arg4), + (arg0, arg1, arg2, arg3, arg4)) +@@ -249,59 +250,57 @@ DEFINEFUNC(int, HMAC_Update, (GO_HMAC_CTX * arg0, const uint8_t *arg1, size_t ar + DEFINEFUNC(int, HMAC_Final, (GO_HMAC_CTX * arg0, uint8_t *arg1, unsigned int *arg2), (arg0, arg1, arg2)) + DEFINEFUNC(size_t, HMAC_CTX_copy, (GO_HMAC_CTX *dest, GO_HMAC_CTX *src), (dest, src)) + +-DEFINEFUNCINTERNAL(void, HMAC_CTX_free, (GO_HMAC_CTX * arg0), (arg0)) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++DEFINEFUNCINTERNAL(void, HMAC_CTX_cleanup, (GO_HMAC_CTX * arg0), (arg0)) + static inline void + _goboringcrypto_HMAC_CTX_free(HMAC_CTX *ctx) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (ctx != NULL) { +- _goboringcrypto_HMAC_CTX_cleanup(ctx); ++ _goboringcrypto_internal_HMAC_CTX_cleanup(ctx); + free(ctx); + } ++} + #else +- _goboringcrypto_internal_HMAC_CTX_free(ctx); ++DEFINEFUNC(void, HMAC_CTX_free, (GO_HMAC_CTX * arg0), (arg0)) + #endif +-} + +-DEFINEFUNCINTERNAL(EVP_MD*, HMAC_CTX_get_md, (const GO_HMAC_CTX* ctx), (ctx)) +-DEFINEFUNCINTERNAL(size_t, EVP_MD_get_size, (const GO_EVP_MD *arg0), (arg0)) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + static inline size_t + _goboringcrypto_HMAC_size(const GO_HMAC_CTX* arg0) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L +- return _goboringcrypto_internal_EVP_MD_size(arg0->md); +-#elif OPENSSL_VERSION_NUMBER >= 0x30000000L +- const EVP_MD* md; +- md = _goboringcrypto_internal_HMAC_CTX_get_md(arg0); +- return _goboringcrypto_internal_EVP_MD_get_size(md); ++ return _goboringcrypto_EVP_MD_get_size(arg0->md); ++} + #else ++DEFINEFUNCINTERNAL(const EVP_MD*, HMAC_CTX_get_md, (const GO_HMAC_CTX* ctx), (ctx)) ++static inline size_t ++_goboringcrypto_HMAC_size(const GO_HMAC_CTX* arg0) { + const EVP_MD* md; + md = _goboringcrypto_internal_HMAC_CTX_get_md(arg0); +- return _goboringcrypto_internal_EVP_MD_size(md); +-#endif ++ return _goboringcrypto_EVP_MD_get_size(md); + } ++#endif + +-DEFINEFUNCINTERNAL(GO_HMAC_CTX*, HMAC_CTX_new, (void), ()) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++DEFINEFUNCINTERNAL(void, HMAC_CTX_init, (GO_HMAC_CTX * arg0), (arg0)) + static inline GO_HMAC_CTX* + _goboringcrypto_HMAC_CTX_new(void) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L + GO_HMAC_CTX* ctx = malloc(sizeof(GO_HMAC_CTX)); + if (ctx != NULL) +- _goboringcrypto_HMAC_CTX_init(ctx); ++ _goboringcrypto_internal_HMAC_CTX_init(ctx); + return ctx; ++} + #else +- return _goboringcrypto_internal_HMAC_CTX_new(); ++DEFINEFUNC(GO_HMAC_CTX*, HMAC_CTX_new, (void), ()) + #endif +-} + +-DEFINEFUNCINTERNAL(void, HMAC_CTX_reset, (GO_HMAC_CTX * arg0), (arg0)) +-static inline void +-_goboringcrypto_HMAC_CTX_reset(GO_HMAC_CTX* ctx) { + #if OPENSSL_VERSION_NUMBER < 0x10100000L +- _goboringcrypto_HMAC_CTX_cleanup(ctx); +- _goboringcrypto_HMAC_CTX_init(ctx); ++static inline int ++_goboringcrypto_HMAC_CTX_reset(GO_HMAC_CTX* ctx) { ++ _goboringcrypto_internal_HMAC_CTX_cleanup(ctx); ++ _goboringcrypto_internal_HMAC_CTX_init(ctx); ++ return 0; ++} + #else +- _goboringcrypto_internal_HMAC_CTX_reset(ctx); ++DEFINEFUNC(int, HMAC_CTX_reset, (GO_HMAC_CTX * arg0), (arg0)) + #endif +-} + + int _goboringcrypto_HMAC_CTX_copy_ex(GO_HMAC_CTX *dest, const GO_HMAC_CTX *src); + +@@ -408,16 +407,14 @@ DEFINEFUNCINTERNAL(int, ECDSA_verify, + (int type, const unsigned char *dgst, size_t dgstlen, const unsigned char *sig, unsigned int siglen, EC_KEY *eckey), + (type, dgst, dgstlen, sig, siglen, eckey)) + +-DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_new, (void), ()) +-DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_create, (void), ()) +- +-static inline EVP_MD_CTX* _goboringcrypto_EVP_MD_CTX_create(void) { + #if OPENSSL_VERSION_NUMBER < 0x10100000L +- return _goboringcrypto_internal_EVP_MD_CTX_create(); ++DEFINEFUNC(EVP_MD_CTX*, EVP_MD_CTX_create, (void), ()) + #else ++DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_new, (void), ()) ++static inline EVP_MD_CTX* _goboringcrypto_EVP_MD_CTX_create(void) { + return _goboringcrypto_internal_EVP_MD_CTX_new(); +-#endif + } ++#endif + + DEFINEFUNCINTERNAL(int, EVP_PKEY_assign, + (EVP_PKEY *pkey, int type, void *eckey), +@@ -441,7 +438,7 @@ DEFINEFUNC(int, EVP_DigestUpdate, + (EVP_MD_CTX* ctx, const void *d, size_t cnt), + (ctx, d, cnt)) + DEFINEFUNC(int, EVP_DigestSignFinal, +- (EVP_MD_CTX* ctx, unsigned char *sig, unsigned int *siglen), ++ (EVP_MD_CTX* ctx, unsigned char *sig, size_t *siglen), + (ctx, sig, siglen)) + + DEFINEFUNC(int, EVP_DigestVerifyInit, +@@ -451,18 +448,17 @@ DEFINEFUNC(int, EVP_DigestVerifyFinal, + (EVP_MD_CTX* ctx, const uint8_t *sig, unsigned int siglen), + (ctx, sig, siglen)) + +-int _goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, unsigned int *slen, EVP_PKEY *eckey); ++int _goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, size_t *slen, EVP_PKEY *eckey); + int _goboringcrypto_EVP_verify(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, const uint8_t *sig, unsigned int slen, EVP_PKEY *key); + +-DEFINEFUNCINTERNAL(void, EVP_MD_CTX_free, (EVP_MD_CTX *ctx), (ctx)) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + DEFINEFUNCINTERNAL(void, EVP_MD_CTX_destroy, (EVP_MD_CTX *ctx), (ctx)) + static inline void _goboringcrypto_EVP_MD_CTX_free(EVP_MD_CTX *ctx) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L + return _goboringcrypto_internal_EVP_MD_CTX_destroy(ctx); ++} + #else +- return _goboringcrypto_internal_EVP_MD_CTX_free(ctx); ++DEFINEFUNC(void, EVP_MD_CTX_free, (EVP_MD_CTX *ctx), (ctx)) + #endif +-} + + int _goboringcrypto_ECDSA_sign(EVP_MD *md, const uint8_t *arg1, size_t arg2, uint8_t *arg3, unsigned int *arg4, GO_EC_KEY *arg5); + int _goboringcrypto_ECDSA_verify(EVP_MD *md, const uint8_t *arg1, size_t arg2, const uint8_t *arg3, unsigned int arg4, GO_EC_KEY *arg5); +@@ -473,7 +469,7 @@ int _goboringcrypto_ECDSA_verify(EVP_MD *md, const uint8_t *arg1, size_t arg2, c + typedef RSA GO_RSA; + typedef BN_GENCB GO_BN_GENCB; + +-int _goboringcrypto_EVP_RSA_sign(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, unsigned int *slen, RSA *rsa); ++int _goboringcrypto_EVP_RSA_sign(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, size_t *slen, RSA *rsa); + int _goboringcrypto_EVP_RSA_verify(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, const uint8_t *sig, unsigned int slen, GO_RSA *rsa); + + DEFINEFUNC(GO_RSA *, RSA_new, (void), ()) +@@ -774,10 +770,10 @@ _goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(GO_EVP_PKEY_CTX * ctx, const GO_EVP + } + + DEFINEFUNC(int, EVP_PKEY_decrypt, +- (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, unsigned int *arg2, const uint8_t *arg3, unsigned int arg4), ++ (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, size_t *arg2, const uint8_t *arg3, unsigned int arg4), + (arg0, arg1, arg2, arg3, arg4)) + DEFINEFUNC(int, EVP_PKEY_encrypt, +- (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, unsigned int *arg2, const uint8_t *arg3, unsigned int arg4), ++ (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, size_t *arg2, const uint8_t *arg3, unsigned int arg4), + (arg0, arg1, arg2, arg3, arg4)) + DEFINEFUNC(int, EVP_PKEY_decrypt_init, (GO_EVP_PKEY_CTX * arg0), (arg0)) + DEFINEFUNC(int, EVP_PKEY_encrypt_init, (GO_EVP_PKEY_CTX * arg0), (arg0)) +diff --git a/src/crypto/internal/boring/openssl_ecdsa_signature.c b/src/crypto/internal/boring/openssl_ecdsa_signature.c +index 710d0744ff..9d0056c5f7 100644 +--- a/src/crypto/internal/boring/openssl_ecdsa_signature.c ++++ b/src/crypto/internal/boring/openssl_ecdsa_signature.c +@@ -18,7 +18,9 @@ _goboringcrypto_ECDSA_sign(EVP_MD* md, const uint8_t *msg, size_t msgLen, uint8_ + result = 0; + goto err; + } +- result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key); ++ size_t _slen; ++ result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, &_slen, key); ++ *slen = _slen; + err: + _goboringcrypto_EVP_PKEY_free(key); + return result; +diff --git a/src/crypto/internal/boring/openssl_evp.c b/src/crypto/internal/boring/openssl_evp.c +index 36be702224..8b81fd71f6 100644 +--- a/src/crypto/internal/boring/openssl_evp.c ++++ b/src/crypto/internal/boring/openssl_evp.c +@@ -7,7 +7,7 @@ + #include "goboringcrypto.h" + + int +-_goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, unsigned int *slen, EVP_PKEY *key) { ++_goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, size_t *slen, EVP_PKEY *key) { + EVP_MD_CTX *mdctx = NULL; + int ret = 0; + +diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c +index 5174f662c9..3ad4e69e9d 100644 +--- a/src/crypto/internal/boring/openssl_port_rsa.c ++++ b/src/crypto/internal/boring/openssl_port_rsa.c +@@ -19,7 +19,7 @@ int _goboringcrypto_RSA_generate_key_fips(GO_RSA *rsa, int size, GO_BN_GENCB *cb + return ret; + } + +-int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_t *out, size_t max_out, ++int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, + const uint8_t *in, size_t in_len, EVP_MD *md, const EVP_MD *mgf1_md, int salt_len) + { + EVP_PKEY_CTX *ctx; +@@ -173,7 +173,7 @@ err: + return ret; + } + +-int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, unsigned int *slen, RSA *rsa) ++int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, size_t *slen, RSA *rsa) + { + int result; + EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new(); +diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go +index b1a2f57abd..e47ca3bb63 100644 +--- a/src/crypto/internal/boring/rsa.go ++++ b/src/crypto/internal/boring/rsa.go +@@ -200,7 +200,7 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int, + func cryptRSA(withKey func(func(*C.GO_RSA) C.int) C.int, + padding C.int, h hash.Hash, label []byte, saltLen int, ch crypto.Hash, + init func(*C.GO_EVP_PKEY_CTX) C.int, +- crypt func(*C.GO_EVP_PKEY_CTX, *C.uint8_t, *C.uint, *C.uint8_t, C.uint) C.int, ++ crypt func(*C.GO_EVP_PKEY_CTX, *C.uint8_t, *C.size_t, *C.uint8_t, C.uint) C.int, + in []byte) ([]byte, error) { + + pkey, ctx, err := setupRSA(withKey, padding, h, label, saltLen, ch, init) +@@ -210,7 +210,7 @@ func cryptRSA(withKey func(func(*C.GO_RSA) C.int) C.int, + defer C._goboringcrypto_EVP_PKEY_free(pkey) + defer C._goboringcrypto_EVP_PKEY_CTX_free(ctx) + +- var outLen C.uint ++ var outLen C.size_t + if crypt(ctx, nil, &outLen, base(in), C.uint(len(in))) == 0 { + return nil, NewOpenSSLError("EVP_PKEY_decrypt/encrypt failed") + } +@@ -251,7 +251,7 @@ func decryptInit(ctx *C.GO_EVP_PKEY_CTX) C.int { + return C._goboringcrypto_EVP_PKEY_decrypt_init(ctx) + } + +-func decrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.uint, in *C.uint8_t, inLen C.uint) C.int { ++func decrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.size_t, in *C.uint8_t, inLen C.uint) C.int { + return C._goboringcrypto_EVP_PKEY_decrypt(ctx, out, outLen, in, inLen) + } + +@@ -259,7 +259,7 @@ func encryptInit(ctx *C.GO_EVP_PKEY_CTX) C.int { + return C._goboringcrypto_EVP_PKEY_encrypt_init(ctx) + } + +-func encrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.uint, in *C.uint8_t, inLen C.uint) C.int { ++func encrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.size_t, in *C.uint8_t, inLen C.uint) C.int { + return C._goboringcrypto_EVP_PKEY_encrypt(ctx, out, outLen, in, inLen) + } + +@@ -307,10 +307,9 @@ func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte, msgIsHashed + return nil, errors.New("crypto/rsa: unsupported hash function: " + strconv.Itoa(int(h))) + } + +- var out []byte +- var outLen C.uint +- + if msgIsHashed { ++ var out []byte ++ var outLen C.uint + PanicIfStrictFIPS("You must provide a raw unhashed message for PKCS1v15 signing and use HashSignPKCS1v15 instead of SignPKCS1v15") + nid := C._goboringcrypto_EVP_MD_type(md) + if priv.withKey(func(key *C.GO_RSA) C.int { +@@ -323,6 +322,9 @@ func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte, msgIsHashed + return out[:outLen], nil + } + ++ var out []byte ++ var outLen C.size_t ++ + if priv.withKey(func(key *C.GO_RSA) C.int { + return C._goboringcrypto_EVP_RSA_sign(md, base(msg), C.uint(len(msg)), base(out), &outLen, key) + }) == 0 { diff --git a/SOURCES/cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch b/SOURCES/cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch new file mode 100644 index 0000000..25294d3 --- /dev/null +++ b/SOURCES/cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch @@ -0,0 +1,53 @@ +From 241192ecd31ca03a6f68fa7e55bb9f66040d3a2f Mon Sep 17 00:00:00 2001 +From: Lynn Boger +Date: Thu, 14 Jul 2022 10:47:28 -0500 +Subject: [PATCH] cmd/link: use correct path for dynamic loader on ppc64le + +The setting of the path for the dynamic loader when building for +linux/ppc64le ELF v2 was incorrectly set to the path for +PPC64 ELF v1. This has not caused issues in the common cases +because this string can be set based on the default GO_LDSO setting. +It does result in an incorrect value when cross compiling binaries +with -buildmode=pie. + +Updates #53813 + +Change-Id: I84de1c97b42e0434760b76a57c5a05e055fbb730 +--- + src/cmd/link/internal/ppc64/obj.go | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/src/cmd/link/internal/ppc64/obj.go b/src/cmd/link/internal/ppc64/obj.go +index b6d5ad92af..bca8fa9212 100644 +--- a/src/cmd/link/internal/ppc64/obj.go ++++ b/src/cmd/link/internal/ppc64/obj.go +@@ -38,9 +38,12 @@ import ( + ) + + func Init() (*sys.Arch, ld.Arch) { +- arch := sys.ArchPPC64 +- if buildcfg.GOARCH == "ppc64le" { +- arch = sys.ArchPPC64LE ++ arch := sys.ArchPPC64LE ++ dynld := "/lib64/ld64.so.2" ++ ++ if buildcfg.GOARCH == "ppc64" { ++ arch = sys.ArchPPC64 ++ dynld = "/lib64/ld64.so.1" + } + + theArch := ld.Arch{ +@@ -64,9 +67,7 @@ func Init() (*sys.Arch, ld.Arch) { + Machoreloc1: machoreloc1, + Xcoffreloc1: xcoffreloc1, + +- // TODO(austin): ABI v1 uses /usr/lib/ld.so.1, +- Linuxdynld: "/lib64/ld64.so.1", +- ++ Linuxdynld: dynld, + Freebsddynld: "XXX", + Openbsddynld: "XXX", + Netbsddynld: "XXX", +-- +2.35.3 + diff --git a/SOURCES/do-not-reuse-far-trampolines.patch b/SOURCES/do-not-reuse-far-trampolines.patch new file mode 100644 index 0000000..8d8d806 --- /dev/null +++ b/SOURCES/do-not-reuse-far-trampolines.patch @@ -0,0 +1,160 @@ +From 63dd776220bb3a443e6b5c0766a389ec33dc4b69 Mon Sep 17 00:00:00 2001 +From: "Paul E. Murphy" +Date: Wed, 16 Nov 2022 14:53:39 -0600 +Subject: [PATCH] [release-branch.go1.18] cmd/link/internal/ppc64: fix + trampoline reuse distance calculation + +If a compatible trampoline has been inserted by a previously laid +function in the same section, and is known to be sufficiently close, +it can be reused. + +When testing if the trampoline can be reused, the addend of the direct +call should be ignored. It is already encoded in the trampoline. If the +addend is non-zero, and the target sufficiently far away, and just +beyond direct call reach, this may cause the trampoline to be +incorrectly reused. + +This was observed on go1.17.13 and openshift-installer commit f3c53b382 +building in release mode with the following error: + +github.com/aliyun/alibaba-cloud-sdk-go/services/cms.(*Client).DescribeMonitoringAgentAccessKeyWithChan.func1: direct call too far: runtime.duffzero+1f0-tramp0-1 -2000078 + +Fixes #56833 + +Change-Id: I54af957302506d4e3cd5d3121542c83fe980e912 +Reviewed-on: https://go-review.googlesource.com/c/go/+/451415 +Reviewed-by: Cherry Mui +Run-TryBot: Paul Murphy +TryBot-Result: Gopher Robot +Reviewed-by: Lynn Boger +Reviewed-by: Than McIntosh +Reviewed-on: https://go-review.googlesource.com/c/go/+/451916 +Reviewed-by: Joedian Reid +--- + .../testdata/script/trampoline_reuse_test.txt | 100 ++++++++++++++++++ + src/cmd/link/internal/ppc64/asm.go | 5 +- + 2 files changed, 103 insertions(+), 2 deletions(-) + create mode 100644 src/cmd/go/testdata/script/trampoline_reuse_test.txt + +diff --git a/src/cmd/go/testdata/script/trampoline_reuse_test.txt b/src/cmd/go/testdata/script/trampoline_reuse_test.txt +new file mode 100644 +index 0000000000000..bca897c16d054 +--- /dev/null ++++ b/src/cmd/go/testdata/script/trampoline_reuse_test.txt +@@ -0,0 +1,100 @@ ++# Verify PPC64 does not reuse a trampoline which is too far away. ++# This tests an edge case where the direct call relocation addend should ++# be ignored when computing the distance from the direct call to the ++# already placed trampoline ++[short] skip ++[!ppc64] [!ppc64le] skip ++[aix] skip ++ ++# Note, this program does not run. Presumably, 'DWORD $0' is simpler to ++# assembly 2^26 or so times. ++# ++# We build something which should be laid out as such: ++# ++# bar.Bar ++# main.Func1 ++# bar.Bar+400-tramp0 ++# main.BigAsm ++# main.Func2 ++# bar.Bar+400-tramp1 ++# ++# bar.Bar needs to be placed far enough away to generate relocations ++# from main package calls. and main.Func1 and main.Func2 are placed ++# a bit more than the direct call limit apart, but not more than 0x400 ++# bytes beyond it (to verify the reloc calc). ++ ++go build ++ ++-- go.mod -- ++ ++module foo ++ ++go 1.19 ++ ++-- main.go -- ++ ++package main ++ ++import "foo/bar" ++ ++func Func1() ++ ++func main() { ++ Func1() ++ bar.Bar2() ++} ++ ++-- foo.s -- ++ ++TEXT main·Func1(SB),0,$0-0 ++ CALL bar·Bar+0x400(SB) ++ CALL main·BigAsm(SB) ++// A trampoline will be placed here to bar.Bar ++ ++// This creates a gap sufficiently large to prevent trampoline reuse ++#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; ++#define NOP256 NOP64 NOP64 NOP64 NOP64 ++#define NOP2S10 NOP256 NOP256 NOP256 NOP256 ++#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10 ++#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12 ++#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14 ++#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16 ++#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18 ++#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20 ++#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22 ++#define BIGNOP NOP2S24 NOP2S24 ++TEXT main·BigAsm(SB),0,$0-0 ++ // Fill to the direct call limit so Func2 must generate a new trampoline. ++ // As the implicit trampoline above is just barely unreachable. ++ BIGNOP ++ MOVD $main·Func2(SB), R3 ++ ++TEXT main·Func2(SB),0,$0-0 ++ CALL bar·Bar+0x400(SB) ++// Another trampoline should be placed here. ++ ++-- bar/bar.s -- ++ ++#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; ++#define NOP256 NOP64 NOP64 NOP64 NOP64 ++#define NOP2S10 NOP256 NOP256 NOP256 NOP256 ++#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10 ++#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12 ++#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14 ++#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16 ++#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18 ++#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20 ++#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22 ++#define BIGNOP NOP2S24 NOP2S24 NOP2S10 ++// A very big not very interesting function. ++TEXT bar·Bar(SB),0,$0-0 ++ BIGNOP ++ ++-- bar/bar.go -- ++ ++package bar ++ ++func Bar() ++ ++func Bar2() { ++} +diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go +index 73c2718a3369f..879adaa965050 100644 +--- a/src/cmd/link/internal/ppc64/asm.go ++++ b/src/cmd/link/internal/ppc64/asm.go +@@ -809,8 +809,9 @@ func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) { + if ldr.SymValue(tramp) == 0 { + break + } +- +- t = ldr.SymValue(tramp) + r.Add() - (ldr.SymValue(s) + int64(r.Off())) ++ // Note, the trampoline is always called directly. The addend of the original relocation is accounted for in the ++ // trampoline itself. ++ t = ldr.SymValue(tramp) - (ldr.SymValue(s) + int64(r.Off())) + + // With internal linking, the trampoline can be used if it is not too far. + // With external linking, the trampoline must be in this section for it to be reused. diff --git a/SPECS/golang.spec b/SPECS/golang.spec index 877796d..4095e22 100644 --- a/SPECS/golang.spec +++ b/SPECS/golang.spec @@ -96,7 +96,7 @@ %endif %global go_api 1.18 -%global go_version 1.18.4 +%global go_version 1.18.9 %global pkg_release 1 Name: golang @@ -145,6 +145,11 @@ Patch226: disable_static_external_tests.patch Patch223: remove_ed25519vectors_test.patch +Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch + +Patch228: do-not-reuse-far-trampolines.patch +Patch229: big-endian.patch + # Having documentation separate was broken Obsoletes: %{name}-docs < 1.1-4 @@ -238,6 +243,9 @@ Requires: %{name} = %{version}-%{release} %patch221 -p1 %patch223 -p1 %patch226 -p1 +%patch227 -p1 +%patch228 -p1 +%patch229 -p1 cp %{SOURCE1} ./src/runtime/ @@ -424,7 +432,7 @@ export CGO_ENABLED=0 %endif # make sure to not timeout -export GO_TEST_TIMEOUT_SCALE=2 +export GO_TEST_TIMEOUT_SCALE=10 export GO_TEST_RUN="" %ifarch aarch64 @@ -512,6 +520,25 @@ cd .. %endif %changelog +* Thu Dec 22 2022 Alejandro Sáez - 1.18.9-1 +- Update to Go 1.18.9 +- Add big-endian.patch +- Increase GO_TEST_TIMEOUT_SCALE due to a Brew issue +- Add do-not-reuse-far-trampolines.patch +- Resolves: rhbz#2149313 + +* Tue Oct 25 2022 David Benoit - 1.18.7-2 +- Fix version mismatch from previous rebase +- Related: rhbz#2136719 + +* Fri Oct 21 2022 David Benoit - 1.18.7-1 +- Update to Go 1.18.7 +- Resolves: rhbz#2136719 + +* Wed Aug 03 2022 Alejandro Sáez - 1.18.4-2 +- Adds patch for PIE mode issues on PPC64LE +- Resolves: rhbz#2111593 + * Wed Jul 20 2022 David Benoit - 1.18.4-1 - Update Go to version 1.18.4 - Resolves: rhbz#2109179