import golang-1.18.9-1.module+el8.7.0+17640+84246675

2023-01-25 04:00:14 -05:00 · 2023-01-25 04:00:14 -05:00 · 61d02fbf0e
commit 61d02fbf0e
parent 745e4f82ea
6 changed files with 607 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/go1.18.4-1-openssl-fips.tar.gz
+SOURCES/go1.18.9-1-openssl-fips.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -1 +1 @@
-3798a6b5b37624922f5da08860f39da457caa856 SOURCES/go1.18.4-1-openssl-fips.tar.gz
+ed6295dd73f7b822cd89f4527797ce87271bc672 SOURCES/go1.18.9-1-openssl-fips.tar.gz
--- a/SOURCES/big-endian.patch
+++ b/SOURCES/big-endian.patch
@ -0,0 +1,363 @@
 diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h
 index 4820385f67..2415702b28 100644
 --- a/src/crypto/internal/boring/goopenssl.h
 +++ b/src/crypto/internal/boring/goopenssl.h
@@ -76,7 +76,7 @@ _goboringcrypto_DLOPEN_OPENSSL(void)
 #include <openssl/opensslv.h>
 #include <openssl/ssl.h>
 -DEFINEFUNCINTERNAL(int, OPENSSL_init, (void), ())
 +DEFINEFUNCINTERNAL(void, OPENSSL_init, (void), ())
 static unsigned long _goboringcrypto_internal_OPENSSL_VERSION_NUMBER(void) {
 	return OPENSSL_VERSION_NUMBER;
@@ -97,35 +97,32 @@ DEFINEFUNCINTERNAL(void, ERR_error_string_n, (unsigned long e, unsigned char *bu
 #include <openssl/crypto.h>
 -DEFINEFUNCINTERNAL(int, CRYPTO_num_locks, (void), ())
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +DEFINEFUNC(int, CRYPTO_num_locks, (void), ())
 +#else
 static inline int
 _goboringcrypto_CRYPTO_num_locks(void) {
 +	return CRYPTO_num_locks(); /* defined as macro */
 +}
 +#endif
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 -	return _goboringcrypto_internal_CRYPTO_num_locks();
 +DEFINEFUNC(void, CRYPTO_set_id_callback, (unsigned long (*id_function)(void)), (id_function))
 #else
 -	return CRYPTO_num_locks();
 -#endif
 -}
 -DEFINEFUNCINTERNAL(void, CRYPTO_set_id_callback, (unsigned long (*id_function)(void)), (id_function))
 static inline void
 _goboringcrypto_CRYPTO_set_id_callback(unsigned long (*id_function)(void)) {
 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
 -	_goboringcrypto_internal_CRYPTO_set_id_callback(id_function);
 -#else
 -	CRYPTO_set_id_callback(id_function);
 -#endif
 +	CRYPTO_set_id_callback(id_function); /* defined as macro */
 }
 -DEFINEFUNCINTERNAL(void, CRYPTO_set_locking_callback,
 +#endif
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +DEFINEFUNC(void, CRYPTO_set_locking_callback,
 	(void (*locking_function)(int mode, int n, const char *file, int line)), 
 	(locking_function))
 +#else
 static inline void
 _goboringcrypto_CRYPTO_set_locking_callback(void (*locking_function)(int mode, int n, const char *file, int line)) {
 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
 -	_goboringcrypto_internal_CRYPTO_set_locking_callback(locking_function);
 -#else
 -	CRYPTO_set_locking_callback(locking_function);
 -#endif
 +	CRYPTO_set_locking_callback(locking_function); /* defined as macro */
 }
 +#endif
 int _goboringcrypto_OPENSSL_thread_setup(void);
@@ -206,10 +203,16 @@ DEFINEFUNC(const GO_EVP_MD *, EVP_sha384, (void), ())
 DEFINEFUNC(const GO_EVP_MD *, EVP_sha512, (void), ())
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
 DEFINEFUNCINTERNAL(int, EVP_MD_type, (const GO_EVP_MD *arg0), (arg0))
 +DEFINEFUNCINTERNAL(size_t, EVP_MD_size, (const GO_EVP_MD *arg0), (arg0))
 +static inline int
 +_goboringcrypto_EVP_MD_get_size(const GO_EVP_MD *arg0)
 +{
 +	return _goboringcrypto_internal_EVP_MD_size(arg0);
 +}
 #else
 DEFINEFUNCINTERNAL(int, EVP_MD_get_type, (const GO_EVP_MD *arg0), (arg0))
 +DEFINEFUNC(int, EVP_MD_get_size, (const GO_EVP_MD *arg0), (arg0))
 #endif
 -DEFINEFUNCINTERNAL(size_t, EVP_MD_size, (const GO_EVP_MD *arg0), (arg0))
 DEFINEFUNCINTERNAL(const GO_EVP_MD*, EVP_md5_sha1, (void), ())
 # include <openssl/md5.h>
@@ -240,8 +243,6 @@ _goboringcrypto_EVP_md5_sha1(void) {
 typedef HMAC_CTX GO_HMAC_CTX;
 -DEFINEFUNC(void, HMAC_CTX_init, (GO_HMAC_CTX * arg0), (arg0))
 -DEFINEFUNC(void, HMAC_CTX_cleanup, (GO_HMAC_CTX * arg0), (arg0))
 DEFINEFUNC(int, HMAC_Init_ex,
 		   (GO_HMAC_CTX * arg0, const void *arg1, int arg2, const GO_EVP_MD *arg3, ENGINE *arg4),
 		   (arg0, arg1, arg2, arg3, arg4))
@@ -249,59 +250,57 @@ DEFINEFUNC(int, HMAC_Update, (GO_HMAC_CTX * arg0, const uint8_t *arg1, size_t ar
 DEFINEFUNC(int, HMAC_Final, (GO_HMAC_CTX * arg0, uint8_t *arg1, unsigned int *arg2), (arg0, arg1, arg2))
 DEFINEFUNC(size_t, HMAC_CTX_copy, (GO_HMAC_CTX *dest, GO_HMAC_CTX *src), (dest, src))
 -DEFINEFUNCINTERNAL(void, HMAC_CTX_free, (GO_HMAC_CTX * arg0), (arg0))
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +DEFINEFUNCINTERNAL(void, HMAC_CTX_cleanup, (GO_HMAC_CTX * arg0), (arg0))
 static inline void
 _goboringcrypto_HMAC_CTX_free(HMAC_CTX *ctx) {
 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
    if (ctx != NULL) {
 -       _goboringcrypto_HMAC_CTX_cleanup(ctx);
 +       _goboringcrypto_internal_HMAC_CTX_cleanup(ctx);
        free(ctx);
    }
 +}
 #else
 -	_goboringcrypto_internal_HMAC_CTX_free(ctx);
 +DEFINEFUNC(void, HMAC_CTX_free, (GO_HMAC_CTX * arg0), (arg0))
 #endif
 -}
 -DEFINEFUNCINTERNAL(EVP_MD*, HMAC_CTX_get_md, (const GO_HMAC_CTX* ctx), (ctx))
 -DEFINEFUNCINTERNAL(size_t, EVP_MD_get_size, (const GO_EVP_MD *arg0), (arg0))
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static inline size_t
 _goboringcrypto_HMAC_size(const GO_HMAC_CTX* arg0) {
 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
 -	return _goboringcrypto_internal_EVP_MD_size(arg0->md);
 -#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
 -	const EVP_MD* md;
 -	md = _goboringcrypto_internal_HMAC_CTX_get_md(arg0);
 -	return _goboringcrypto_internal_EVP_MD_get_size(md);
 +	return _goboringcrypto_EVP_MD_get_size(arg0->md);
 +}
 #else
 +DEFINEFUNCINTERNAL(const EVP_MD*, HMAC_CTX_get_md, (const GO_HMAC_CTX* ctx), (ctx))
 +static inline size_t
 +_goboringcrypto_HMAC_size(const GO_HMAC_CTX* arg0) {
 	const EVP_MD* md;
 	md = _goboringcrypto_internal_HMAC_CTX_get_md(arg0);
 -	return _goboringcrypto_internal_EVP_MD_size(md);
 -#endif
 +	return _goboringcrypto_EVP_MD_get_size(md);
 }
 +#endif
 -DEFINEFUNCINTERNAL(GO_HMAC_CTX*, HMAC_CTX_new, (void), ())
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +DEFINEFUNCINTERNAL(void, HMAC_CTX_init, (GO_HMAC_CTX * arg0), (arg0))
 static inline GO_HMAC_CTX*
 _goboringcrypto_HMAC_CTX_new(void) {
 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	GO_HMAC_CTX* ctx = malloc(sizeof(GO_HMAC_CTX));
 	if (ctx != NULL)
 -		_goboringcrypto_HMAC_CTX_init(ctx);
 +		_goboringcrypto_internal_HMAC_CTX_init(ctx);
 	return ctx;
 +}
 #else
 -	return _goboringcrypto_internal_HMAC_CTX_new();
 +DEFINEFUNC(GO_HMAC_CTX*, HMAC_CTX_new, (void), ())
 #endif
 -}
 -DEFINEFUNCINTERNAL(void, HMAC_CTX_reset, (GO_HMAC_CTX * arg0), (arg0))
 -static inline void
 -_goboringcrypto_HMAC_CTX_reset(GO_HMAC_CTX* ctx) {
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 -	_goboringcrypto_HMAC_CTX_cleanup(ctx);
 -	_goboringcrypto_HMAC_CTX_init(ctx);
 +static inline int
 +_goboringcrypto_HMAC_CTX_reset(GO_HMAC_CTX* ctx) {
 +	_goboringcrypto_internal_HMAC_CTX_cleanup(ctx);
 +	_goboringcrypto_internal_HMAC_CTX_init(ctx);
 +	return 0;
 +}
 #else
 -	_goboringcrypto_internal_HMAC_CTX_reset(ctx);
 +DEFINEFUNC(int, HMAC_CTX_reset, (GO_HMAC_CTX * arg0), (arg0))
 #endif
 -}
 int _goboringcrypto_HMAC_CTX_copy_ex(GO_HMAC_CTX *dest, const GO_HMAC_CTX *src);
@@ -408,16 +407,14 @@ DEFINEFUNCINTERNAL(int, ECDSA_verify,
 	(int type, const unsigned char *dgst, size_t dgstlen, const unsigned char *sig, unsigned int siglen, EC_KEY *eckey),
 	(type, dgst, dgstlen, sig, siglen, eckey))
 -DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_new, (void), ())
 -DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_create, (void), ())
 -
 -static inline EVP_MD_CTX* _goboringcrypto_EVP_MD_CTX_create(void) {
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 -	return _goboringcrypto_internal_EVP_MD_CTX_create();
 +DEFINEFUNC(EVP_MD_CTX*, EVP_MD_CTX_create, (void), ())
 #else
 +DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_new, (void), ())
 +static inline EVP_MD_CTX* _goboringcrypto_EVP_MD_CTX_create(void) {
 	return _goboringcrypto_internal_EVP_MD_CTX_new();
 -#endif
 }
 +#endif
 DEFINEFUNCINTERNAL(int, EVP_PKEY_assign,
 	(EVP_PKEY *pkey, int type, void *eckey),
@@ -441,7 +438,7 @@ DEFINEFUNC(int, EVP_DigestUpdate,
 	(EVP_MD_CTX* ctx, const void *d, size_t cnt),
 	(ctx, d, cnt))
 DEFINEFUNC(int, EVP_DigestSignFinal,
 -	(EVP_MD_CTX* ctx, unsigned char *sig, unsigned int *siglen),
 +	(EVP_MD_CTX* ctx, unsigned char *sig, size_t *siglen),
 	(ctx, sig, siglen))
 DEFINEFUNC(int, EVP_DigestVerifyInit,
@@ -451,18 +448,17 @@ DEFINEFUNC(int, EVP_DigestVerifyFinal,
 	(EVP_MD_CTX* ctx, const uint8_t *sig, unsigned int siglen),
 	(ctx, sig, siglen))
 -int _goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, unsigned int *slen, EVP_PKEY *eckey);
 +int _goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, size_t *slen, EVP_PKEY *eckey);
 int _goboringcrypto_EVP_verify(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, const uint8_t *sig, unsigned int slen, EVP_PKEY *key);
 -DEFINEFUNCINTERNAL(void, EVP_MD_CTX_free, (EVP_MD_CTX *ctx), (ctx))
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 DEFINEFUNCINTERNAL(void, EVP_MD_CTX_destroy, (EVP_MD_CTX *ctx), (ctx))
 static inline void _goboringcrypto_EVP_MD_CTX_free(EVP_MD_CTX *ctx) {
 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	return _goboringcrypto_internal_EVP_MD_CTX_destroy(ctx);
 +}
 #else
 -	return _goboringcrypto_internal_EVP_MD_CTX_free(ctx);
 +DEFINEFUNC(void, EVP_MD_CTX_free, (EVP_MD_CTX *ctx), (ctx))
 #endif
 -}
 int _goboringcrypto_ECDSA_sign(EVP_MD *md, const uint8_t *arg1, size_t arg2, uint8_t *arg3, unsigned int *arg4, GO_EC_KEY *arg5);
 int _goboringcrypto_ECDSA_verify(EVP_MD *md, const uint8_t *arg1, size_t arg2, const uint8_t *arg3, unsigned int arg4, GO_EC_KEY *arg5);
@@ -473,7 +469,7 @@ int _goboringcrypto_ECDSA_verify(EVP_MD *md, const uint8_t *arg1, size_t arg2, c
 typedef RSA GO_RSA;
 typedef BN_GENCB GO_BN_GENCB;
 -int _goboringcrypto_EVP_RSA_sign(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, unsigned int *slen, RSA *rsa);
 +int _goboringcrypto_EVP_RSA_sign(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, size_t *slen, RSA *rsa);
 int _goboringcrypto_EVP_RSA_verify(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, const uint8_t *sig, unsigned int slen, GO_RSA *rsa);
 DEFINEFUNC(GO_RSA *, RSA_new, (void), ())
@@ -774,10 +770,10 @@ _goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(GO_EVP_PKEY_CTX * ctx, const GO_EVP
 }
 DEFINEFUNC(int, EVP_PKEY_decrypt,
 -		   (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, unsigned int *arg2, const uint8_t *arg3, unsigned int arg4),
 +		   (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, size_t *arg2, const uint8_t *arg3, unsigned int arg4),
 		   (arg0, arg1, arg2, arg3, arg4))
 DEFINEFUNC(int, EVP_PKEY_encrypt,
 -		   (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, unsigned int *arg2, const uint8_t *arg3, unsigned int arg4),
 +		   (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, size_t *arg2, const uint8_t *arg3, unsigned int arg4),
 		   (arg0, arg1, arg2, arg3, arg4))
 DEFINEFUNC(int, EVP_PKEY_decrypt_init, (GO_EVP_PKEY_CTX * arg0), (arg0))
 DEFINEFUNC(int, EVP_PKEY_encrypt_init, (GO_EVP_PKEY_CTX * arg0), (arg0))
 diff --git a/src/crypto/internal/boring/openssl_ecdsa_signature.c b/src/crypto/internal/boring/openssl_ecdsa_signature.c
 index 710d0744ff..9d0056c5f7 100644
 --- a/src/crypto/internal/boring/openssl_ecdsa_signature.c
 +++ b/src/crypto/internal/boring/openssl_ecdsa_signature.c
@@ -18,7 +18,9 @@ _goboringcrypto_ECDSA_sign(EVP_MD* md, const uint8_t *msg, size_t msgLen, uint8_
         result = 0;
         goto err;
     }
 -    result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
 +    size_t _slen;
 +    result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, &_slen, key);
 +    *slen = _slen;
 err:
     _goboringcrypto_EVP_PKEY_free(key);
     return result;
 diff --git a/src/crypto/internal/boring/openssl_evp.c b/src/crypto/internal/boring/openssl_evp.c
 index 36be702224..8b81fd71f6 100644
 --- a/src/crypto/internal/boring/openssl_evp.c
 +++ b/src/crypto/internal/boring/openssl_evp.c
@@ -7,7 +7,7 @@
 #include "goboringcrypto.h"
 int
 -_goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, unsigned int *slen, EVP_PKEY *key) {
 +_goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, size_t *slen, EVP_PKEY *key) {
     EVP_MD_CTX *mdctx = NULL;
     int ret = 0;
 diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c
 index 5174f662c9..3ad4e69e9d 100644
 --- a/src/crypto/internal/boring/openssl_port_rsa.c
 +++ b/src/crypto/internal/boring/openssl_port_rsa.c
@@ -19,7 +19,7 @@ int _goboringcrypto_RSA_generate_key_fips(GO_RSA *rsa, int size, GO_BN_GENCB *cb
 	return ret;
 }
 -int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_t *out, size_t max_out,
 +int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
 		const uint8_t *in, size_t in_len, EVP_MD *md, const EVP_MD *mgf1_md, int salt_len)
 {
 	EVP_PKEY_CTX *ctx;
@@ -173,7 +173,7 @@ err:
 	return ret;
 }
 -int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, unsigned int *slen, RSA *rsa)
 +int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, size_t *slen, RSA *rsa)
 {
 	int result;
 	EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
 diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
 index b1a2f57abd..e47ca3bb63 100644
 --- a/src/crypto/internal/boring/rsa.go
 +++ b/src/crypto/internal/boring/rsa.go
@@ -200,7 +200,7 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
 func cryptRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
 	padding C.int, h hash.Hash, label []byte, saltLen int, ch crypto.Hash,
 	init func(*C.GO_EVP_PKEY_CTX) C.int,
 -	crypt func(*C.GO_EVP_PKEY_CTX, *C.uint8_t, *C.uint, *C.uint8_t, C.uint) C.int,
 +	crypt func(*C.GO_EVP_PKEY_CTX, *C.uint8_t, *C.size_t, *C.uint8_t, C.uint) C.int,
 	in []byte) ([]byte, error) {
 	pkey, ctx, err := setupRSA(withKey, padding, h, label, saltLen, ch, init)
@@ -210,7 +210,7 @@ func cryptRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
 	defer C._goboringcrypto_EVP_PKEY_free(pkey)
 	defer C._goboringcrypto_EVP_PKEY_CTX_free(ctx)
 -	var outLen C.uint
 +	var outLen C.size_t
 	if crypt(ctx, nil, &outLen, base(in), C.uint(len(in))) == 0 {
 		return nil, NewOpenSSLError("EVP_PKEY_decrypt/encrypt failed")
 	}
@@ -251,7 +251,7 @@ func decryptInit(ctx *C.GO_EVP_PKEY_CTX) C.int {
 	return C._goboringcrypto_EVP_PKEY_decrypt_init(ctx)
 }
 -func decrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.uint, in *C.uint8_t, inLen C.uint) C.int {
 +func decrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.size_t, in *C.uint8_t, inLen C.uint) C.int {
 	return C._goboringcrypto_EVP_PKEY_decrypt(ctx, out, outLen, in, inLen)
 }
@@ -259,7 +259,7 @@ func encryptInit(ctx *C.GO_EVP_PKEY_CTX) C.int {
 	return C._goboringcrypto_EVP_PKEY_encrypt_init(ctx)
 }
 -func encrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.uint, in *C.uint8_t, inLen C.uint) C.int {
 +func encrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.size_t, in *C.uint8_t, inLen C.uint) C.int {
 	return C._goboringcrypto_EVP_PKEY_encrypt(ctx, out, outLen, in, inLen)
 }
@@ -307,10 +307,9 @@ func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte, msgIsHashed
 		return nil, errors.New("crypto/rsa: unsupported hash function: " + strconv.Itoa(int(h)))
 	}
 -	var out []byte
 -	var outLen C.uint
 -
 	if msgIsHashed {
 +		var out []byte
 +		var outLen C.uint
 		PanicIfStrictFIPS("You must provide a raw unhashed message for PKCS1v15 signing and use HashSignPKCS1v15 instead of SignPKCS1v15")
 		nid := C._goboringcrypto_EVP_MD_type(md)
 		if priv.withKey(func(key *C.GO_RSA) C.int {
@@ -323,6 +322,9 @@ func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte, msgIsHashed
 		return out[:outLen], nil
 	}
 +	var out []byte
 +	var outLen C.size_t
 +
 	if priv.withKey(func(key *C.GO_RSA) C.int {
 		return C._goboringcrypto_EVP_RSA_sign(md, base(msg), C.uint(len(msg)), base(out), &outLen, key)
 	}) == 0 {
--- a/SOURCES/cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
+++ b/SOURCES/cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
@ -0,0 +1,53 @@
 From 241192ecd31ca03a6f68fa7e55bb9f66040d3a2f Mon Sep 17 00:00:00 2001
 From: Lynn Boger <laboger@linux.vnet.ibm.com>
 Date: Thu, 14 Jul 2022 10:47:28 -0500
 Subject: [PATCH] cmd/link: use correct path for dynamic loader on ppc64le
 The setting of the path for the dynamic loader when building for
 linux/ppc64le ELF v2 was incorrectly set to the path for
 PPC64 ELF v1. This has not caused issues in the common cases
 because this string can be set based on the default GO_LDSO setting.
 It does result in an incorrect value when cross compiling binaries
 with -buildmode=pie.
 Updates #53813
 Change-Id: I84de1c97b42e0434760b76a57c5a05e055fbb730
 ---
 src/cmd/link/internal/ppc64/obj.go | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)
 diff --git a/src/cmd/link/internal/ppc64/obj.go b/src/cmd/link/internal/ppc64/obj.go
 index b6d5ad92af..bca8fa9212 100644
 --- a/src/cmd/link/internal/ppc64/obj.go
 +++ b/src/cmd/link/internal/ppc64/obj.go
@@ -38,9 +38,12 @@ import (
 )
 func Init() (*sys.Arch, ld.Arch) {
 -	arch := sys.ArchPPC64
 -	if buildcfg.GOARCH == "ppc64le" {
 -		arch = sys.ArchPPC64LE
 +	arch := sys.ArchPPC64LE
 +	dynld := "/lib64/ld64.so.2"
 +
 +	if buildcfg.GOARCH == "ppc64" {
 +		arch = sys.ArchPPC64
 +		dynld = "/lib64/ld64.so.1"
 	}
 	theArch := ld.Arch{
@@ -64,9 +67,7 @@ func Init() (*sys.Arch, ld.Arch) {
 		Machoreloc1:      machoreloc1,
 		Xcoffreloc1:      xcoffreloc1,
 -		// TODO(austin): ABI v1 uses /usr/lib/ld.so.1,
 -		Linuxdynld: "/lib64/ld64.so.1",
 -
 +		Linuxdynld:     dynld,
 		Freebsddynld:   "XXX",
 		Openbsddynld:   "XXX",
 		Netbsddynld:    "XXX",
 -- 
 2.35.3
--- a/SOURCES/do-not-reuse-far-trampolines.patch
+++ b/SOURCES/do-not-reuse-far-trampolines.patch
@ -0,0 +1,160 @@
 From 63dd776220bb3a443e6b5c0766a389ec33dc4b69 Mon Sep 17 00:00:00 2001
 From: "Paul E. Murphy" <murp@ibm.com>
 Date: Wed, 16 Nov 2022 14:53:39 -0600
 Subject: [PATCH] [release-branch.go1.18] cmd/link/internal/ppc64: fix
 trampoline reuse distance calculation
 If a compatible trampoline has been inserted by a previously laid
 function in the same section, and is known to be sufficiently close,
 it can be reused.
 When testing if the trampoline can be reused, the addend of the direct
 call should be ignored. It is already encoded in the trampoline. If the
 addend is non-zero, and the target sufficiently far away, and just
 beyond direct call reach, this may cause the trampoline to be
 incorrectly reused.
 This was observed on go1.17.13 and openshift-installer commit f3c53b382
 building in release mode with the following error:
 github.com/aliyun/alibaba-cloud-sdk-go/services/cms.(*Client).DescribeMonitoringAgentAccessKeyWithChan.func1: direct call too far: runtime.duffzero+1f0-tramp0-1 -2000078
 Fixes #56833
 Change-Id: I54af957302506d4e3cd5d3121542c83fe980e912
 Reviewed-on: https://go-review.googlesource.com/c/go/+/451415
 Reviewed-by: Cherry Mui <cherryyz@google.com>
 Run-TryBot: Paul Murphy <murp@ibm.com>
 TryBot-Result: Gopher Robot <gobot@golang.org>
 Reviewed-by: Lynn Boger <laboger@linux.vnet.ibm.com>
 Reviewed-by: Than McIntosh <thanm@google.com>
 Reviewed-on: https://go-review.googlesource.com/c/go/+/451916
 Reviewed-by: Joedian Reid <joedian@golang.org>
 ---
 .../testdata/script/trampoline_reuse_test.txt | 100 ++++++++++++++++++
 src/cmd/link/internal/ppc64/asm.go            |   5 +-
 2 files changed, 103 insertions(+), 2 deletions(-)
 create mode 100644 src/cmd/go/testdata/script/trampoline_reuse_test.txt
 diff --git a/src/cmd/go/testdata/script/trampoline_reuse_test.txt b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
 new file mode 100644
 index 0000000000000..bca897c16d054
 --- /dev/null
 +++ b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
@@ -0,0 +1,100 @@
 +# Verify PPC64 does not reuse a trampoline which is too far away.
 +# This tests an edge case where the direct call relocation addend should
 +# be ignored when computing the distance from the direct call to the
 +# already placed trampoline
 +[short] skip
 +[!ppc64] [!ppc64le] skip
 +[aix] skip
 +
 +# Note, this program does not run. Presumably, 'DWORD $0' is simpler to
 +# assembly 2^26 or so times.
 +#
 +# We build something which should be laid out as such:
 +#
 +# bar.Bar
 +# main.Func1
 +# bar.Bar+400-tramp0
 +# main.BigAsm
 +# main.Func2
 +# bar.Bar+400-tramp1
 +#
 +# bar.Bar needs to be placed far enough away to generate relocations
 +# from main package calls. and main.Func1 and main.Func2 are placed
 +# a bit more than the direct call limit apart, but not more than 0x400
 +# bytes beyond it (to verify the reloc calc).
 +
 +go build
 +
 +-- go.mod --
 +
 +module foo
 +
 +go 1.19
 +
 +-- main.go --
 +
 +package main
 +
 +import "foo/bar"
 +
 +func Func1()
 +
 +func main() {
 +        Func1()
 +        bar.Bar2()
 +}
 +
 +-- foo.s --
 +
 +TEXT main·Func1(SB),0,$0-0
 +        CALL bar·Bar+0x400(SB)
 +        CALL main·BigAsm(SB)
 +// A trampoline will be placed here to bar.Bar
 +
 +// This creates a gap sufficiently large to prevent trampoline reuse
 +#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
 +#define NOP256 NOP64 NOP64 NOP64 NOP64
 +#define NOP2S10 NOP256 NOP256 NOP256 NOP256
 +#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
 +#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
 +#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
 +#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
 +#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
 +#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
 +#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
 +#define BIGNOP NOP2S24 NOP2S24
 +TEXT main·BigAsm(SB),0,$0-0
 +        // Fill to the direct call limit so Func2 must generate a new trampoline.
 +        // As the implicit trampoline above is just barely unreachable.
 +        BIGNOP
 +        MOVD $main·Func2(SB), R3
 +
 +TEXT main·Func2(SB),0,$0-0
 +        CALL bar·Bar+0x400(SB)
 +// Another trampoline should be placed here.
 +
 +-- bar/bar.s --
 +
 +#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
 +#define NOP256 NOP64 NOP64 NOP64 NOP64
 +#define NOP2S10 NOP256 NOP256 NOP256 NOP256
 +#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
 +#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
 +#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
 +#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
 +#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
 +#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
 +#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
 +#define BIGNOP NOP2S24 NOP2S24 NOP2S10
 +// A very big not very interesting function.
 +TEXT bar·Bar(SB),0,$0-0
 +        BIGNOP
 +
 +-- bar/bar.go --
 +
 +package bar
 +
 +func Bar()
 +
 +func Bar2() {
 +}
 diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go
 index 73c2718a3369f..879adaa965050 100644
 --- a/src/cmd/link/internal/ppc64/asm.go
 +++ b/src/cmd/link/internal/ppc64/asm.go
@@ -809,8 +809,9 @@ func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) {
 				if ldr.SymValue(tramp) == 0 {
 					break
 				}
 -
 -				t = ldr.SymValue(tramp) + r.Add() - (ldr.SymValue(s) + int64(r.Off()))
 +				// Note, the trampoline is always called directly. The addend of the original relocation is accounted for in the
 +				// trampoline itself.
 +				t = ldr.SymValue(tramp) - (ldr.SymValue(s) + int64(r.Off()))
 				// With internal linking, the trampoline can be used if it is not too far.
 				// With external linking, the trampoline must be in this section for it to be reused.
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@ -96,7 +96,7 @@
 %endif
 %global go_api 1.18
-%global go_version 1.18.4
+%global go_version 1.18.9
 %global pkg_release 1
 Name:           golang
@ -145,6 +145,11 @@ Patch226:	disable_static_external_tests.patch
 Patch223: remove_ed25519vectors_test.patch
 Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
 Patch228: do-not-reuse-far-trampolines.patch
 Patch229: big-endian.patch
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@ -238,6 +243,9 @@ Requires:       %{name} = %{version}-%{release}
 %patch221 -p1
 %patch223 -p1
 %patch226 -p1
 %patch227 -p1
 %patch228 -p1
 %patch229 -p1
 cp %{SOURCE1} ./src/runtime/
@ -424,7 +432,7 @@ export CGO_ENABLED=0
 %endif
 # make sure to not timeout
-export GO_TEST_TIMEOUT_SCALE=2
+export GO_TEST_TIMEOUT_SCALE=10
 export GO_TEST_RUN=""
 %ifarch aarch64
@ -512,6 +520,25 @@ cd ..
 %endif
 %changelog
 * Thu Dec 22 2022 Alejandro Sáez <asm@redhat.com> - 1.18.9-1
 - Update to Go 1.18.9
 - Add big-endian.patch
 - Increase GO_TEST_TIMEOUT_SCALE due to a Brew issue
 - Add do-not-reuse-far-trampolines.patch
 - Resolves: rhbz#2149313
 * Tue Oct 25 2022 David Benoit <dbenoit@redhat.com> - 1.18.7-2
 - Fix version mismatch from previous rebase
 - Related: rhbz#2136719
 * Fri Oct 21 2022 David Benoit <dbenoit@redhat.com> - 1.18.7-1
 - Update to Go 1.18.7
 - Resolves: rhbz#2136719
 * Wed Aug 03 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-2
 - Adds patch for PIE mode issues on PPC64LE
 - Resolves: rhbz#2111593
 * Wed Jul 20 2022 David Benoit <dbenoit@redhat.com> - 1.18.4-1
 - Update Go to version 1.18.4
 - Resolves: rhbz#2109179
`@ -1 +1 @@`
	`SOURCES/go1.18.4-1-openssl-fips.tar.gz`	`SOURCES/go1.18.9-1-openssl-fips.tar.gz`
`@ -1 +1 @@`
	`3798a6b5b37624922f5da08860f39da457caa856 SOURCES/go1.18.4-1-openssl-fips.tar.gz`	`ed6295dd73f7b822cd89f4527797ce87271bc672 SOURCES/go1.18.9-1-openssl-fips.tar.gz`