crypto/internal/fips140,cmd/link: fips140 broken on RISC-V with -buildmode=pie #74683
Description
$ export GOFIPS140=v1.0.0
$ CGO_ENABLED=1 go build -work -x -mod=vendor -buildmode=pie -trimpath -ldflags '-X sigs.k8s.io/release-utils/version.gitVersion=2.5.3 -X sigs.k8s.io/release-utils/version.gitCommit=488ef8ceed5ab5d77379e9077a124a0d0df41d06 -X sigs.k8s.io/release-utils/version.gitTreeState=release -X sigs.k8s.io/release-utils/version.buildDate=2025-07-18T11:54:31Z -fipso=fips.o' -o cosign ./cmd/cosign
...
mkdir -p $WORK/b001/exe/
cd .
GOROOT='' /usr/lib64/go/1.25/pkg/tool/linux_riscv64/link -o $WORK/b001/exe/a.out -importcfg $WORK/b001/importcfg.link -installsuffix shared -fipso $WORK/b001/fips.o -X=runtime.godebugDefault=containermaxprocs=0,decoratemappings=0,fips140=on,tlssha1=1,updatemaxprocs=0,x509sha256skid=0 -buildmode=pie -buildid=YdBCliVHbgIwhf_PmFIV/iFXXcEKh67L09M2LW7tv/xLgdAbFK-18k9Ji2J4ZH/YdBCliVHbgIwhf_PmFIV -X sigs.k8s.io/release-utils/version.gitVersion=2.5.3 -X sigs.k8s.io/release-utils/version.gitCommit=488ef8ceed5ab5d77379e9077a124a0d0df41d06 -X sigs.k8s.io/release-utils/version.gitTreeState=release -X sigs.k8s.io/release-utils/version.buildDate=2025-07-18T11:54:31Z -fipso=fips.o -extld=gcc $WORK/b001/_pkg_.a
go tool buildid -w $WORK/b001/exe/a.out # internal
mv $WORK/b001/exe/a.out cosign
$ od -tx1z fips.o
0000000 67 6f 20 66 69 70 73 20 6f 62 6a 65 63 74 20 76 >go fips object v<
0000020 31 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >1...............<
0000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >................<
0000060 00 00 >..<
0000062
$ ./cosign version
panic: fips140: verification mismatch
goroutine 1 [running]:
crypto/internal/fips140/v1.0.0/check.init.0()
crypto/internal/fips140/v1.0.0/check/check.go:92 +0x550