diff --git a/.gitignore b/.gitignore
index 1b2c26f..addc649 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/go1.18.4-1-openssl-fips.tar.gz
+SOURCES/go1.18.9-1-openssl-fips.tar.gz
diff --git a/.golang.metadata b/.golang.metadata
index a07c38b..95a8576 100644
--- a/.golang.metadata
+++ b/.golang.metadata
@@ -1 +1 @@
-3798a6b5b37624922f5da08860f39da457caa856 SOURCES/go1.18.4-1-openssl-fips.tar.gz
+ed6295dd73f7b822cd89f4527797ce87271bc672 SOURCES/go1.18.9-1-openssl-fips.tar.gz
diff --git a/SOURCES/big-endian.patch b/SOURCES/big-endian.patch
new file mode 100644
index 0000000..57e1d68
--- /dev/null
+++ b/SOURCES/big-endian.patch
@@ -0,0 +1,363 @@
+diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h
+index 4820385f67..2415702b28 100644
+--- a/src/crypto/internal/boring/goopenssl.h
++++ b/src/crypto/internal/boring/goopenssl.h
+@@ -76,7 +76,7 @@ _goboringcrypto_DLOPEN_OPENSSL(void)
+ #include <openssl/opensslv.h>
+ #include <openssl/ssl.h>
+
+-DEFINEFUNCINTERNAL(int, OPENSSL_init, (void), ())
++DEFINEFUNCINTERNAL(void, OPENSSL_init, (void), ())
+
+ static unsigned long _goboringcrypto_internal_OPENSSL_VERSION_NUMBER(void) {
+ return OPENSSL_VERSION_NUMBER;
+@@ -97,35 +97,32 @@ DEFINEFUNCINTERNAL(void, ERR_error_string_n, (unsigned long e, unsigned char *bu
+
+ #include <openssl/crypto.h>
+
+-DEFINEFUNCINTERNAL(int, CRYPTO_num_locks, (void), ())
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++DEFINEFUNC(int, CRYPTO_num_locks, (void), ())
++#else
+ static inline int
+ _goboringcrypto_CRYPTO_num_locks(void) {
++ return CRYPTO_num_locks(); /* defined as macro */
++}
++#endif
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+- return _goboringcrypto_internal_CRYPTO_num_locks();
++DEFINEFUNC(void, CRYPTO_set_id_callback, (unsigned long (*id_function)(void)), (id_function))
+ #else
+- return CRYPTO_num_locks();
+-#endif
+-}
+-DEFINEFUNCINTERNAL(void, CRYPTO_set_id_callback, (unsigned long (*id_function)(void)), (id_function))
+ static inline void
+ _goboringcrypto_CRYPTO_set_id_callback(unsigned long (*id_function)(void)) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+- _goboringcrypto_internal_CRYPTO_set_id_callback(id_function);
+-#else
+- CRYPTO_set_id_callback(id_function);
+-#endif
++ CRYPTO_set_id_callback(id_function); /* defined as macro */
+ }
+-DEFINEFUNCINTERNAL(void, CRYPTO_set_locking_callback,
++#endif
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++DEFINEFUNC(void, CRYPTO_set_locking_callback,
+ (void (*locking_function)(int mode, int n, const char *file, int line)),
+ (locking_function))
++#else
+ static inline void
+ _goboringcrypto_CRYPTO_set_locking_callback(void (*locking_function)(int mode, int n, const char *file, int line)) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+- _goboringcrypto_internal_CRYPTO_set_locking_callback(locking_function);
+-#else
+- CRYPTO_set_locking_callback(locking_function);
+-#endif
++ CRYPTO_set_locking_callback(locking_function); /* defined as macro */
+ }
++#endif
+
+ int _goboringcrypto_OPENSSL_thread_setup(void);
+
+@@ -206,10 +203,16 @@ DEFINEFUNC(const GO_EVP_MD *, EVP_sha384, (void), ())
+ DEFINEFUNC(const GO_EVP_MD *, EVP_sha512, (void), ())
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
+ DEFINEFUNCINTERNAL(int, EVP_MD_type, (const GO_EVP_MD *arg0), (arg0))
++DEFINEFUNCINTERNAL(size_t, EVP_MD_size, (const GO_EVP_MD *arg0), (arg0))
++static inline int
++_goboringcrypto_EVP_MD_get_size(const GO_EVP_MD *arg0)
++{
++ return _goboringcrypto_internal_EVP_MD_size(arg0);
++}
+ #else
+ DEFINEFUNCINTERNAL(int, EVP_MD_get_type, (const GO_EVP_MD *arg0), (arg0))
++DEFINEFUNC(int, EVP_MD_get_size, (const GO_EVP_MD *arg0), (arg0))
+ #endif
+-DEFINEFUNCINTERNAL(size_t, EVP_MD_size, (const GO_EVP_MD *arg0), (arg0))
+ DEFINEFUNCINTERNAL(const GO_EVP_MD*, EVP_md5_sha1, (void), ())
+
+ # include <openssl/md5.h>
+@@ -240,8 +243,6 @@ _goboringcrypto_EVP_md5_sha1(void) {
+
+ typedef HMAC_CTX GO_HMAC_CTX;
+
+-DEFINEFUNC(void, HMAC_CTX_init, (GO_HMAC_CTX * arg0), (arg0))
+-DEFINEFUNC(void, HMAC_CTX_cleanup, (GO_HMAC_CTX * arg0), (arg0))
+ DEFINEFUNC(int, HMAC_Init_ex,
+ (GO_HMAC_CTX * arg0, const void *arg1, int arg2, const GO_EVP_MD *arg3, ENGINE *arg4),
+ (arg0, arg1, arg2, arg3, arg4))
+@@ -249,59 +250,57 @@ DEFINEFUNC(int, HMAC_Update, (GO_HMAC_CTX * arg0, const uint8_t *arg1, size_t ar
+ DEFINEFUNC(int, HMAC_Final, (GO_HMAC_CTX * arg0, uint8_t *arg1, unsigned int *arg2), (arg0, arg1, arg2))
+ DEFINEFUNC(size_t, HMAC_CTX_copy, (GO_HMAC_CTX *dest, GO_HMAC_CTX *src), (dest, src))
+
+-DEFINEFUNCINTERNAL(void, HMAC_CTX_free, (GO_HMAC_CTX * arg0), (arg0))
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++DEFINEFUNCINTERNAL(void, HMAC_CTX_cleanup, (GO_HMAC_CTX * arg0), (arg0))
+ static inline void
+ _goboringcrypto_HMAC_CTX_free(HMAC_CTX *ctx) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if (ctx != NULL) {
+- _goboringcrypto_HMAC_CTX_cleanup(ctx);
++ _goboringcrypto_internal_HMAC_CTX_cleanup(ctx);
+ free(ctx);
+ }
++}
+ #else
+- _goboringcrypto_internal_HMAC_CTX_free(ctx);
++DEFINEFUNC(void, HMAC_CTX_free, (GO_HMAC_CTX * arg0), (arg0))
+ #endif
+-}
+
+-DEFINEFUNCINTERNAL(EVP_MD*, HMAC_CTX_get_md, (const GO_HMAC_CTX* ctx), (ctx))
+-DEFINEFUNCINTERNAL(size_t, EVP_MD_get_size, (const GO_EVP_MD *arg0), (arg0))
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ static inline size_t
+ _goboringcrypto_HMAC_size(const GO_HMAC_CTX* arg0) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+- return _goboringcrypto_internal_EVP_MD_size(arg0->md);
+-#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
+- const EVP_MD* md;
+- md = _goboringcrypto_internal_HMAC_CTX_get_md(arg0);
+- return _goboringcrypto_internal_EVP_MD_get_size(md);
++ return _goboringcrypto_EVP_MD_get_size(arg0->md);
++}
+ #else
++DEFINEFUNCINTERNAL(const EVP_MD*, HMAC_CTX_get_md, (const GO_HMAC_CTX* ctx), (ctx))
++static inline size_t
++_goboringcrypto_HMAC_size(const GO_HMAC_CTX* arg0) {
+ const EVP_MD* md;
+ md = _goboringcrypto_internal_HMAC_CTX_get_md(arg0);
+- return _goboringcrypto_internal_EVP_MD_size(md);
+-#endif
++ return _goboringcrypto_EVP_MD_get_size(md);
+ }
++#endif
+
+-DEFINEFUNCINTERNAL(GO_HMAC_CTX*, HMAC_CTX_new, (void), ())
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++DEFINEFUNCINTERNAL(void, HMAC_CTX_init, (GO_HMAC_CTX * arg0), (arg0))
+ static inline GO_HMAC_CTX*
+ _goboringcrypto_HMAC_CTX_new(void) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ GO_HMAC_CTX* ctx = malloc(sizeof(GO_HMAC_CTX));
+ if (ctx != NULL)
+- _goboringcrypto_HMAC_CTX_init(ctx);
++ _goboringcrypto_internal_HMAC_CTX_init(ctx);
+ return ctx;
++}
+ #else
+- return _goboringcrypto_internal_HMAC_CTX_new();
++DEFINEFUNC(GO_HMAC_CTX*, HMAC_CTX_new, (void), ())
+ #endif
+-}
+
+-DEFINEFUNCINTERNAL(void, HMAC_CTX_reset, (GO_HMAC_CTX * arg0), (arg0))
+-static inline void
+-_goboringcrypto_HMAC_CTX_reset(GO_HMAC_CTX* ctx) {
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+- _goboringcrypto_HMAC_CTX_cleanup(ctx);
+- _goboringcrypto_HMAC_CTX_init(ctx);
++static inline int
++_goboringcrypto_HMAC_CTX_reset(GO_HMAC_CTX* ctx) {
++ _goboringcrypto_internal_HMAC_CTX_cleanup(ctx);
++ _goboringcrypto_internal_HMAC_CTX_init(ctx);
++ return 0;
++}
+ #else
+- _goboringcrypto_internal_HMAC_CTX_reset(ctx);
++DEFINEFUNC(int, HMAC_CTX_reset, (GO_HMAC_CTX * arg0), (arg0))
+ #endif
+-}
+
+ int _goboringcrypto_HMAC_CTX_copy_ex(GO_HMAC_CTX *dest, const GO_HMAC_CTX *src);
+
+@@ -408,16 +407,14 @@ DEFINEFUNCINTERNAL(int, ECDSA_verify,
+ (int type, const unsigned char *dgst, size_t dgstlen, const unsigned char *sig, unsigned int siglen, EC_KEY *eckey),
+ (type, dgst, dgstlen, sig, siglen, eckey))
+
+-DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_new, (void), ())
+-DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_create, (void), ())
+-
+-static inline EVP_MD_CTX* _goboringcrypto_EVP_MD_CTX_create(void) {
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+- return _goboringcrypto_internal_EVP_MD_CTX_create();
++DEFINEFUNC(EVP_MD_CTX*, EVP_MD_CTX_create, (void), ())
+ #else
++DEFINEFUNCINTERNAL(EVP_MD_CTX*, EVP_MD_CTX_new, (void), ())
++static inline EVP_MD_CTX* _goboringcrypto_EVP_MD_CTX_create(void) {
+ return _goboringcrypto_internal_EVP_MD_CTX_new();
+-#endif
+ }
++#endif
+
+ DEFINEFUNCINTERNAL(int, EVP_PKEY_assign,
+ (EVP_PKEY *pkey, int type, void *eckey),
+@@ -441,7 +438,7 @@ DEFINEFUNC(int, EVP_DigestUpdate,
+ (EVP_MD_CTX* ctx, const void *d, size_t cnt),
+ (ctx, d, cnt))
+ DEFINEFUNC(int, EVP_DigestSignFinal,
+- (EVP_MD_CTX* ctx, unsigned char *sig, unsigned int *siglen),
++ (EVP_MD_CTX* ctx, unsigned char *sig, size_t *siglen),
+ (ctx, sig, siglen))
+
+ DEFINEFUNC(int, EVP_DigestVerifyInit,
+@@ -451,18 +448,17 @@ DEFINEFUNC(int, EVP_DigestVerifyFinal,
+ (EVP_MD_CTX* ctx, const uint8_t *sig, unsigned int siglen),
+ (ctx, sig, siglen))
+
+-int _goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, unsigned int *slen, EVP_PKEY *eckey);
++int _goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, size_t *slen, EVP_PKEY *eckey);
+ int _goboringcrypto_EVP_verify(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, const uint8_t *sig, unsigned int slen, EVP_PKEY *key);
+
+-DEFINEFUNCINTERNAL(void, EVP_MD_CTX_free, (EVP_MD_CTX *ctx), (ctx))
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ DEFINEFUNCINTERNAL(void, EVP_MD_CTX_destroy, (EVP_MD_CTX *ctx), (ctx))
+ static inline void _goboringcrypto_EVP_MD_CTX_free(EVP_MD_CTX *ctx) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ return _goboringcrypto_internal_EVP_MD_CTX_destroy(ctx);
++}
+ #else
+- return _goboringcrypto_internal_EVP_MD_CTX_free(ctx);
++DEFINEFUNC(void, EVP_MD_CTX_free, (EVP_MD_CTX *ctx), (ctx))
+ #endif
+-}
+
+ int _goboringcrypto_ECDSA_sign(EVP_MD *md, const uint8_t *arg1, size_t arg2, uint8_t *arg3, unsigned int *arg4, GO_EC_KEY *arg5);
+ int _goboringcrypto_ECDSA_verify(EVP_MD *md, const uint8_t *arg1, size_t arg2, const uint8_t *arg3, unsigned int arg4, GO_EC_KEY *arg5);
+@@ -473,7 +469,7 @@ int _goboringcrypto_ECDSA_verify(EVP_MD *md, const uint8_t *arg1, size_t arg2, c
+ typedef RSA GO_RSA;
+ typedef BN_GENCB GO_BN_GENCB;
+
+-int _goboringcrypto_EVP_RSA_sign(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, unsigned int *slen, RSA *rsa);
++int _goboringcrypto_EVP_RSA_sign(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, size_t *slen, RSA *rsa);
+ int _goboringcrypto_EVP_RSA_verify(EVP_MD* md, const uint8_t *msg, unsigned int msgLen, const uint8_t *sig, unsigned int slen, GO_RSA *rsa);
+
+ DEFINEFUNC(GO_RSA *, RSA_new, (void), ())
+@@ -774,10 +770,10 @@ _goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(GO_EVP_PKEY_CTX * ctx, const GO_EVP
+ }
+
+ DEFINEFUNC(int, EVP_PKEY_decrypt,
+- (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, unsigned int *arg2, const uint8_t *arg3, unsigned int arg4),
++ (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, size_t *arg2, const uint8_t *arg3, unsigned int arg4),
+ (arg0, arg1, arg2, arg3, arg4))
+ DEFINEFUNC(int, EVP_PKEY_encrypt,
+- (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, unsigned int *arg2, const uint8_t *arg3, unsigned int arg4),
++ (GO_EVP_PKEY_CTX * arg0, uint8_t *arg1, size_t *arg2, const uint8_t *arg3, unsigned int arg4),
+ (arg0, arg1, arg2, arg3, arg4))
+ DEFINEFUNC(int, EVP_PKEY_decrypt_init, (GO_EVP_PKEY_CTX * arg0), (arg0))
+ DEFINEFUNC(int, EVP_PKEY_encrypt_init, (GO_EVP_PKEY_CTX * arg0), (arg0))
+diff --git a/src/crypto/internal/boring/openssl_ecdsa_signature.c b/src/crypto/internal/boring/openssl_ecdsa_signature.c
+index 710d0744ff..9d0056c5f7 100644
+--- a/src/crypto/internal/boring/openssl_ecdsa_signature.c
++++ b/src/crypto/internal/boring/openssl_ecdsa_signature.c
+@@ -18,7 +18,9 @@ _goboringcrypto_ECDSA_sign(EVP_MD* md, const uint8_t *msg, size_t msgLen, uint8_
+ result = 0;
+ goto err;
+ }
+- result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
++ size_t _slen;
++ result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, &_slen, key);
++ *slen = _slen;
+ err:
+ _goboringcrypto_EVP_PKEY_free(key);
+ return result;
+diff --git a/src/crypto/internal/boring/openssl_evp.c b/src/crypto/internal/boring/openssl_evp.c
+index 36be702224..8b81fd71f6 100644
+--- a/src/crypto/internal/boring/openssl_evp.c
++++ b/src/crypto/internal/boring/openssl_evp.c
+@@ -7,7 +7,7 @@
+ #include "goboringcrypto.h"
+
+ int
+-_goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, unsigned int *slen, EVP_PKEY *key) {
++_goboringcrypto_EVP_sign(EVP_MD* md, EVP_PKEY_CTX *ctx, const uint8_t *msg, size_t msgLen, uint8_t *sig, size_t *slen, EVP_PKEY *key) {
+ EVP_MD_CTX *mdctx = NULL;
+ int ret = 0;
+
+diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c
+index 5174f662c9..3ad4e69e9d 100644
+--- a/src/crypto/internal/boring/openssl_port_rsa.c
++++ b/src/crypto/internal/boring/openssl_port_rsa.c
+@@ -19,7 +19,7 @@ int _goboringcrypto_RSA_generate_key_fips(GO_RSA *rsa, int size, GO_BN_GENCB *cb
+ return ret;
+ }
+
+-int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_t *out, size_t max_out,
++int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
+ const uint8_t *in, size_t in_len, EVP_MD *md, const EVP_MD *mgf1_md, int salt_len)
+ {
+ EVP_PKEY_CTX *ctx;
+@@ -173,7 +173,7 @@ err:
+ return ret;
+ }
+
+-int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, unsigned int *slen, RSA *rsa)
++int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, size_t *slen, RSA *rsa)
+ {
+ int result;
+ EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
+diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
+index b1a2f57abd..e47ca3bb63 100644
+--- a/src/crypto/internal/boring/rsa.go
++++ b/src/crypto/internal/boring/rsa.go
+@@ -200,7 +200,7 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
+ func cryptRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
+ padding C.int, h hash.Hash, label []byte, saltLen int, ch crypto.Hash,
+ init func(*C.GO_EVP_PKEY_CTX) C.int,
+- crypt func(*C.GO_EVP_PKEY_CTX, *C.uint8_t, *C.uint, *C.uint8_t, C.uint) C.int,
++ crypt func(*C.GO_EVP_PKEY_CTX, *C.uint8_t, *C.size_t, *C.uint8_t, C.uint) C.int,
+ in []byte) ([]byte, error) {
+
+ pkey, ctx, err := setupRSA(withKey, padding, h, label, saltLen, ch, init)
+@@ -210,7 +210,7 @@ func cryptRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
+ defer C._goboringcrypto_EVP_PKEY_free(pkey)
+ defer C._goboringcrypto_EVP_PKEY_CTX_free(ctx)
+
+- var outLen C.uint
++ var outLen C.size_t
+ if crypt(ctx, nil, &outLen, base(in), C.uint(len(in))) == 0 {
+ return nil, NewOpenSSLError("EVP_PKEY_decrypt/encrypt failed")
+ }
+@@ -251,7 +251,7 @@ func decryptInit(ctx *C.GO_EVP_PKEY_CTX) C.int {
+ return C._goboringcrypto_EVP_PKEY_decrypt_init(ctx)
+ }
+
+-func decrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.uint, in *C.uint8_t, inLen C.uint) C.int {
++func decrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.size_t, in *C.uint8_t, inLen C.uint) C.int {
+ return C._goboringcrypto_EVP_PKEY_decrypt(ctx, out, outLen, in, inLen)
+ }
+
+@@ -259,7 +259,7 @@ func encryptInit(ctx *C.GO_EVP_PKEY_CTX) C.int {
+ return C._goboringcrypto_EVP_PKEY_encrypt_init(ctx)
+ }
+
+-func encrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.uint, in *C.uint8_t, inLen C.uint) C.int {
++func encrypt(ctx *C.GO_EVP_PKEY_CTX, out *C.uint8_t, outLen *C.size_t, in *C.uint8_t, inLen C.uint) C.int {
+ return C._goboringcrypto_EVP_PKEY_encrypt(ctx, out, outLen, in, inLen)
+ }
+
+@@ -307,10 +307,9 @@ func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte, msgIsHashed
+ return nil, errors.New("crypto/rsa: unsupported hash function: " + strconv.Itoa(int(h)))
+ }
+
+- var out []byte
+- var outLen C.uint
+-
+ if msgIsHashed {
++ var out []byte
++ var outLen C.uint
+ PanicIfStrictFIPS("You must provide a raw unhashed message for PKCS1v15 signing and use HashSignPKCS1v15 instead of SignPKCS1v15")
+ nid := C._goboringcrypto_EVP_MD_type(md)
+ if priv.withKey(func(key *C.GO_RSA) C.int {
+@@ -323,6 +322,9 @@ func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte, msgIsHashed
+ return out[:outLen], nil
+ }
+
++ var out []byte
++ var outLen C.size_t
++
+ if priv.withKey(func(key *C.GO_RSA) C.int {
+ return C._goboringcrypto_EVP_RSA_sign(md, base(msg), C.uint(len(msg)), base(out), &outLen, key)
+ }) == 0 {
diff --git a/SOURCES/cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch b/SOURCES/cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
new file mode 100644
index 0000000..25294d3
--- /dev/null
+++ b/SOURCES/cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
@@ -0,0 +1,53 @@
+From 241192ecd31ca03a6f68fa7e55bb9f66040d3a2f Mon Sep 17 00:00:00 2001
+From: Lynn Boger <laboger@linux.vnet.ibm.com>
+Date: Thu, 14 Jul 2022 10:47:28 -0500
+Subject: [PATCH] cmd/link: use correct path for dynamic loader on ppc64le
+
+The setting of the path for the dynamic loader when building for
+linux/ppc64le ELF v2 was incorrectly set to the path for
+PPC64 ELF v1. This has not caused issues in the common cases
+because this string can be set based on the default GO_LDSO setting.
+It does result in an incorrect value when cross compiling binaries
+with -buildmode=pie.
+
+Updates #53813
+
+Change-Id: I84de1c97b42e0434760b76a57c5a05e055fbb730
+---
+ src/cmd/link/internal/ppc64/obj.go | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/src/cmd/link/internal/ppc64/obj.go b/src/cmd/link/internal/ppc64/obj.go
+index b6d5ad92af..bca8fa9212 100644
+--- a/src/cmd/link/internal/ppc64/obj.go
++++ b/src/cmd/link/internal/ppc64/obj.go
+@@ -38,9 +38,12 @@ import (
+ )
+
+ func Init() (*sys.Arch, ld.Arch) {
+- arch := sys.ArchPPC64
+- if buildcfg.GOARCH == "ppc64le" {
+- arch = sys.ArchPPC64LE
++ arch := sys.ArchPPC64LE
++ dynld := "/lib64/ld64.so.2"
++
++ if buildcfg.GOARCH == "ppc64" {
++ arch = sys.ArchPPC64
++ dynld = "/lib64/ld64.so.1"
+ }
+
+ theArch := ld.Arch{
+@@ -64,9 +67,7 @@ func Init() (*sys.Arch, ld.Arch) {
+ Machoreloc1: machoreloc1,
+ Xcoffreloc1: xcoffreloc1,
+
+- // TODO(austin): ABI v1 uses /usr/lib/ld.so.1,
+- Linuxdynld: "/lib64/ld64.so.1",
+-
++ Linuxdynld: dynld,
+ Freebsddynld: "XXX",
+ Openbsddynld: "XXX",
+ Netbsddynld: "XXX",
+--
+2.35.3
+
diff --git a/SOURCES/do-not-reuse-far-trampolines.patch b/SOURCES/do-not-reuse-far-trampolines.patch
new file mode 100644
index 0000000..8d8d806
--- /dev/null
+++ b/SOURCES/do-not-reuse-far-trampolines.patch
@@ -0,0 +1,160 @@
+From 63dd776220bb3a443e6b5c0766a389ec33dc4b69 Mon Sep 17 00:00:00 2001
+From: "Paul E. Murphy" <murp@ibm.com>
+Date: Wed, 16 Nov 2022 14:53:39 -0600
+Subject: [PATCH] [release-branch.go1.18] cmd/link/internal/ppc64: fix
+ trampoline reuse distance calculation
+
+If a compatible trampoline has been inserted by a previously laid
+function in the same section, and is known to be sufficiently close,
+it can be reused.
+
+When testing if the trampoline can be reused, the addend of the direct
+call should be ignored. It is already encoded in the trampoline. If the
+addend is non-zero, and the target sufficiently far away, and just
+beyond direct call reach, this may cause the trampoline to be
+incorrectly reused.
+
+This was observed on go1.17.13 and openshift-installer commit f3c53b382
+building in release mode with the following error:
+
+github.com/aliyun/alibaba-cloud-sdk-go/services/cms.(*Client).DescribeMonitoringAgentAccessKeyWithChan.func1: direct call too far: runtime.duffzero+1f0-tramp0-1 -2000078
+
+Fixes #56833
+
+Change-Id: I54af957302506d4e3cd5d3121542c83fe980e912
+Reviewed-on: https://go-review.googlesource.com/c/go/+/451415
+Reviewed-by: Cherry Mui <cherryyz@google.com>
+Run-TryBot: Paul Murphy <murp@ibm.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Reviewed-by: Lynn Boger <laboger@linux.vnet.ibm.com>
+Reviewed-by: Than McIntosh <thanm@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/451916
+Reviewed-by: Joedian Reid <joedian@golang.org>
+---
+ .../testdata/script/trampoline_reuse_test.txt | 100 ++++++++++++++++++
+ src/cmd/link/internal/ppc64/asm.go | 5 +-
+ 2 files changed, 103 insertions(+), 2 deletions(-)
+ create mode 100644 src/cmd/go/testdata/script/trampoline_reuse_test.txt
+
+diff --git a/src/cmd/go/testdata/script/trampoline_reuse_test.txt b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
+new file mode 100644
+index 0000000000000..bca897c16d054
+--- /dev/null
++++ b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
+@@ -0,0 +1,100 @@
++# Verify PPC64 does not reuse a trampoline which is too far away.
++# This tests an edge case where the direct call relocation addend should
++# be ignored when computing the distance from the direct call to the
++# already placed trampoline
++[short] skip
++[!ppc64] [!ppc64le] skip
++[aix] skip
++
++# Note, this program does not run. Presumably, 'DWORD $0' is simpler to
++# assembly 2^26 or so times.
++#
++# We build something which should be laid out as such:
++#
++# bar.Bar
++# main.Func1
++# bar.Bar+400-tramp0
++# main.BigAsm
++# main.Func2
++# bar.Bar+400-tramp1
++#
++# bar.Bar needs to be placed far enough away to generate relocations
++# from main package calls. and main.Func1 and main.Func2 are placed
++# a bit more than the direct call limit apart, but not more than 0x400
++# bytes beyond it (to verify the reloc calc).
++
++go build
++
++-- go.mod --
++
++module foo
++
++go 1.19
++
++-- main.go --
++
++package main
++
++import "foo/bar"
++
++func Func1()
++
++func main() {
++ Func1()
++ bar.Bar2()
++}
++
++-- foo.s --
++
++TEXT main·Func1(SB),0,$0-0
++ CALL bar·Bar+0x400(SB)
++ CALL main·BigAsm(SB)
++// A trampoline will be placed here to bar.Bar
++
++// This creates a gap sufficiently large to prevent trampoline reuse
++#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
++#define NOP256 NOP64 NOP64 NOP64 NOP64
++#define NOP2S10 NOP256 NOP256 NOP256 NOP256
++#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
++#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
++#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
++#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
++#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
++#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
++#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
++#define BIGNOP NOP2S24 NOP2S24
++TEXT main·BigAsm(SB),0,$0-0
++ // Fill to the direct call limit so Func2 must generate a new trampoline.
++ // As the implicit trampoline above is just barely unreachable.
++ BIGNOP
++ MOVD $main·Func2(SB), R3
++
++TEXT main·Func2(SB),0,$0-0
++ CALL bar·Bar+0x400(SB)
++// Another trampoline should be placed here.
++
++-- bar/bar.s --
++
++#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
++#define NOP256 NOP64 NOP64 NOP64 NOP64
++#define NOP2S10 NOP256 NOP256 NOP256 NOP256
++#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
++#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
++#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
++#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
++#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
++#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
++#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
++#define BIGNOP NOP2S24 NOP2S24 NOP2S10
++// A very big not very interesting function.
++TEXT bar·Bar(SB),0,$0-0
++ BIGNOP
++
++-- bar/bar.go --
++
++package bar
++
++func Bar()
++
++func Bar2() {
++}
+diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go
+index 73c2718a3369f..879adaa965050 100644
+--- a/src/cmd/link/internal/ppc64/asm.go
++++ b/src/cmd/link/internal/ppc64/asm.go
+@@ -809,8 +809,9 @@ func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) {
+ if ldr.SymValue(tramp) == 0 {
+ break
+ }
+-
+- t = ldr.SymValue(tramp) + r.Add() - (ldr.SymValue(s) + int64(r.Off()))
++ // Note, the trampoline is always called directly. The addend of the original relocation is accounted for in the
++ // trampoline itself.
++ t = ldr.SymValue(tramp) - (ldr.SymValue(s) + int64(r.Off()))
+
+ // With internal linking, the trampoline can be used if it is not too far.
+ // With external linking, the trampoline must be in this section for it to be reused.
diff --git a/SPECS/golang.spec b/SPECS/golang.spec
index 877796d..4095e22 100644
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@@ -96,7 +96,7 @@
%endif
%global go_api 1.18
-%global go_version 1.18.4
+%global go_version 1.18.9
%global pkg_release 1
Name: golang
@@ -145,6 +145,11 @@ Patch226: disable_static_external_tests.patch
Patch223: remove_ed25519vectors_test.patch
+Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
+
+Patch228: do-not-reuse-far-trampolines.patch
+Patch229: big-endian.patch
+
# Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4
@@ -238,6 +243,9 @@ Requires: %{name} = %{version}-%{release}
%patch221 -p1
%patch223 -p1
%patch226 -p1
+%patch227 -p1
+%patch228 -p1
+%patch229 -p1
cp %{SOURCE1} ./src/runtime/
@@ -424,7 +432,7 @@ export CGO_ENABLED=0
%endif
# make sure to not timeout
-export GO_TEST_TIMEOUT_SCALE=2
+export GO_TEST_TIMEOUT_SCALE=10
export GO_TEST_RUN=""
%ifarch aarch64
@@ -512,6 +520,25 @@ cd ..
%endif
%changelog
+* Thu Dec 22 2022 Alejandro Sáez <asm@redhat.com> - 1.18.9-1
+- Update to Go 1.18.9
+- Add big-endian.patch
+- Increase GO_TEST_TIMEOUT_SCALE due to a Brew issue
+- Add do-not-reuse-far-trampolines.patch
+- Resolves: rhbz#2149313
+
+* Tue Oct 25 2022 David Benoit <dbenoit@redhat.com> - 1.18.7-2
+- Fix version mismatch from previous rebase
+- Related: rhbz#2136719
+
+* Fri Oct 21 2022 David Benoit <dbenoit@redhat.com> - 1.18.7-1
+- Update to Go 1.18.7
+- Resolves: rhbz#2136719
+
+* Wed Aug 03 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-2
+- Adds patch for PIE mode issues on PPC64LE
+- Resolves: rhbz#2111593
+
* Wed Jul 20 2022 David Benoit <dbenoit@redhat.com> - 1.18.4-1
- Update Go to version 1.18.4
- Resolves: rhbz#2109179