From b120773f0a296147393956763f5c2a1c954a5207 Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 2 Jul 2026 12:12:22 +0100 Subject: [PATCH 1/2] openssl: re-vendor backend to include FreeBSD gating --- .../aes/{aes_linux.go => aes_openssl.go} | 2 +- .../aes/gcm/{gcm_linux.go => gcm_openssl.go} | 2 +- .../{backend_linux.go => backend_openssl.go} | 2 +- .../bbig/{big_linux.go => big_openssl.go} | 2 +- ...5_linux.go => chacha20poly1305_openssl.go} | 2 +- .../des/{des_linux.go => des_openssl.go} | 2 +- .../drbg/{rand_linux.go => rand_openssl.go} | 2 +- .../dsa/{dsa_linux.go => dsa_openssl.go} | 2 +- .../ecdh/{ecdh_linux.go => ecdh_openssl.go} | 2 +- .../{ecdsa_linux.go => ecdsa_openssl.go} | 2 +- .../{ed25519_linux.go => ed25519_openssl.go} | 2 +- .../hash/{hash_linux.go => hash_openssl.go} | 2 +- .../hkdf/{hkdf_linux.go => hkdf_openssl.go} | 2 +- .../hmac/{hmac_linux.go => hmac_openssl.go} | 2 +- ...temfips_linux.go => systemfips_openssl.go} | 2 +- ...setup_linux.go => opensslsetup_openssl.go} | 2 +- .../md5/{md5_linux.go => md5_openssl.go} | 2 +- .../{mldsa_linux.go => mldsa_openssl.go} | 2 +- .../{mlkem_linux.go => mlkem_openssl.go} | 2 +- .../{pbkdf2_linux.go => pbkdf2_openssl.go} | 2 +- .../rc4/{rc4_linux.go => rc4_openssl.go} | 2 +- .../rsa/{rsa_linux.go => rsa_openssl.go} | 2 +- .../sha1/{sha1_linux.go => sha1_openssl.go} | 2 +- .../{sha256_linux.go => sha256_openssl.go} | 2 +- .../sha3/{sha3_linux.go => sha3_openssl.go} | 2 +- .../{sha512_linux.go => sha512_openssl.go} | 2 +- .../{tls12_linux.go => tls12_openssl.go} | 2 +- .../{tls13_linux.go => tls13_openssl.go} | 2 +- eng/_util/cmd/updatecryptodocs/header.md | 5 + eng/doc/CrossPlatformCryptography.md | 5 + eng/doc/NocgoOpenSSL.md | 17 +- eng/doc/fips/README.md | 1 + .../0001-Vendor-external-dependencies.patch | 444 +++++++++--------- patches/0002-Add-crypto-backends.patch | 46 +- 34 files changed, 302 insertions(+), 272 deletions(-) rename cryptobackend/aes/{aes_linux.go => aes_openssl.go} (84%) rename cryptobackend/aes/gcm/{gcm_linux.go => gcm_openssl.go} (87%) rename cryptobackend/{backend_linux.go => backend_openssl.go} (95%) rename cryptobackend/bbig/{big_linux.go => big_openssl.go} (81%) rename cryptobackend/chacha20poly1305/{chacha20poly1305_linux.go => chacha20poly1305_openssl.go} (90%) rename cryptobackend/des/{des_linux.go => des_openssl.go} (90%) rename cryptobackend/drbg/{rand_linux.go => rand_openssl.go} (85%) rename cryptobackend/dsa/{dsa_linux.go => dsa_openssl.go} (97%) rename cryptobackend/ecdh/{ecdh_linux.go => ecdh_openssl.go} (93%) rename cryptobackend/ecdsa/{ecdsa_linux.go => ecdsa_openssl.go} (94%) rename cryptobackend/ed25519/{ed25519_linux.go => ed25519_openssl.go} (94%) rename cryptobackend/hash/{hash_linux.go => hash_openssl.go} (84%) rename cryptobackend/hkdf/{hkdf_linux.go => hkdf_openssl.go} (91%) rename cryptobackend/hmac/{hmac_linux.go => hmac_openssl.go} (85%) rename cryptobackend/internal/fips140state/{systemfips_linux.go => systemfips_openssl.go} (96%) rename cryptobackend/internal/opensslsetup/{opensslsetup_linux.go => opensslsetup_openssl.go} (97%) rename cryptobackend/md5/{md5_linux.go => md5_openssl.go} (87%) rename cryptobackend/mldsa/{mldsa_linux.go => mldsa_openssl.go} (95%) rename cryptobackend/mlkem/{mlkem_linux.go => mlkem_openssl.go} (95%) rename cryptobackend/pbkdf2/{pbkdf2_linux.go => pbkdf2_openssl.go} (88%) rename cryptobackend/rc4/{rc4_linux.go => rc4_openssl.go} (86%) rename cryptobackend/rsa/{rsa_linux.go => rsa_openssl.go} (97%) rename cryptobackend/sha1/{sha1_linux.go => sha1_openssl.go} (85%) rename cryptobackend/sha256/{sha256_linux.go => sha256_openssl.go} (90%) rename cryptobackend/sha3/{sha3_linux.go => sha3_openssl.go} (97%) rename cryptobackend/sha512/{sha512_linux.go => sha512_openssl.go} (94%) rename cryptobackend/tls12/{tls12_linux.go => tls12_openssl.go} (88%) rename cryptobackend/tls13/{tls13_linux.go => tls13_openssl.go} (89%) diff --git a/cryptobackend/aes/aes_linux.go b/cryptobackend/aes/aes_openssl.go similarity index 84% rename from cryptobackend/aes/aes_linux.go rename to cryptobackend/aes/aes_openssl.go index a261f6401db..dde2958ce3e 100644 --- a/cryptobackend/aes/aes_linux.go +++ b/cryptobackend/aes/aes_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package aes diff --git a/cryptobackend/aes/gcm/gcm_linux.go b/cryptobackend/aes/gcm/gcm_openssl.go similarity index 87% rename from cryptobackend/aes/gcm/gcm_linux.go rename to cryptobackend/aes/gcm/gcm_openssl.go index 3d12e434718..b34a74dafaf 100644 --- a/cryptobackend/aes/gcm/gcm_linux.go +++ b/cryptobackend/aes/gcm/gcm_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package gcm diff --git a/cryptobackend/backend_linux.go b/cryptobackend/backend_openssl.go similarity index 95% rename from cryptobackend/backend_linux.go rename to cryptobackend/backend_openssl.go index 60bf13c11a6..a41ff9438d3 100644 --- a/cryptobackend/backend_linux.go +++ b/cryptobackend/backend_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package backend diff --git a/cryptobackend/bbig/big_linux.go b/cryptobackend/bbig/big_openssl.go similarity index 81% rename from cryptobackend/bbig/big_linux.go rename to cryptobackend/bbig/big_openssl.go index 1b515fe6244..1dd13cecbd0 100644 --- a/cryptobackend/bbig/big_linux.go +++ b/cryptobackend/bbig/big_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package bbig diff --git a/cryptobackend/chacha20poly1305/chacha20poly1305_linux.go b/cryptobackend/chacha20poly1305/chacha20poly1305_openssl.go similarity index 90% rename from cryptobackend/chacha20poly1305/chacha20poly1305_linux.go rename to cryptobackend/chacha20poly1305/chacha20poly1305_openssl.go index abfe43803b8..222c4ae29ce 100644 --- a/cryptobackend/chacha20poly1305/chacha20poly1305_linux.go +++ b/cryptobackend/chacha20poly1305/chacha20poly1305_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package chacha20poly1305 diff --git a/cryptobackend/des/des_linux.go b/cryptobackend/des/des_openssl.go similarity index 90% rename from cryptobackend/des/des_linux.go rename to cryptobackend/des/des_openssl.go index f3d505d7b44..e608ed381f4 100644 --- a/cryptobackend/des/des_linux.go +++ b/cryptobackend/des/des_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package des diff --git a/cryptobackend/drbg/rand_linux.go b/cryptobackend/drbg/rand_openssl.go similarity index 85% rename from cryptobackend/drbg/rand_linux.go rename to cryptobackend/drbg/rand_openssl.go index f46fcaaab05..b7b0f6c1430 100644 --- a/cryptobackend/drbg/rand_linux.go +++ b/cryptobackend/drbg/rand_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package drbg diff --git a/cryptobackend/dsa/dsa_linux.go b/cryptobackend/dsa/dsa_openssl.go similarity index 97% rename from cryptobackend/dsa/dsa_linux.go rename to cryptobackend/dsa/dsa_openssl.go index b4f281495b2..d73a67db28d 100644 --- a/cryptobackend/dsa/dsa_linux.go +++ b/cryptobackend/dsa/dsa_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package dsa diff --git a/cryptobackend/ecdh/ecdh_linux.go b/cryptobackend/ecdh/ecdh_openssl.go similarity index 93% rename from cryptobackend/ecdh/ecdh_linux.go rename to cryptobackend/ecdh/ecdh_openssl.go index 0c46cb3858c..2a87a84dd86 100644 --- a/cryptobackend/ecdh/ecdh_linux.go +++ b/cryptobackend/ecdh/ecdh_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package ecdh diff --git a/cryptobackend/ecdsa/ecdsa_linux.go b/cryptobackend/ecdsa/ecdsa_openssl.go similarity index 94% rename from cryptobackend/ecdsa/ecdsa_linux.go rename to cryptobackend/ecdsa/ecdsa_openssl.go index 5781c3280d6..943b2f79c87 100644 --- a/cryptobackend/ecdsa/ecdsa_linux.go +++ b/cryptobackend/ecdsa/ecdsa_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package ecdsa diff --git a/cryptobackend/ed25519/ed25519_linux.go b/cryptobackend/ed25519/ed25519_openssl.go similarity index 94% rename from cryptobackend/ed25519/ed25519_linux.go rename to cryptobackend/ed25519/ed25519_openssl.go index 2a396ab5a7e..b66d987ca87 100644 --- a/cryptobackend/ed25519/ed25519_linux.go +++ b/cryptobackend/ed25519/ed25519_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package ed25519 diff --git a/cryptobackend/hash/hash_linux.go b/cryptobackend/hash/hash_openssl.go similarity index 84% rename from cryptobackend/hash/hash_linux.go rename to cryptobackend/hash/hash_openssl.go index 453a666f292..91d61d0606b 100644 --- a/cryptobackend/hash/hash_linux.go +++ b/cryptobackend/hash/hash_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package hash diff --git a/cryptobackend/hkdf/hkdf_linux.go b/cryptobackend/hkdf/hkdf_openssl.go similarity index 91% rename from cryptobackend/hkdf/hkdf_linux.go rename to cryptobackend/hkdf/hkdf_openssl.go index 672cb263fac..eedae4374d9 100644 --- a/cryptobackend/hkdf/hkdf_linux.go +++ b/cryptobackend/hkdf/hkdf_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package hkdf diff --git a/cryptobackend/hmac/hmac_linux.go b/cryptobackend/hmac/hmac_openssl.go similarity index 85% rename from cryptobackend/hmac/hmac_linux.go rename to cryptobackend/hmac/hmac_openssl.go index c5f029b2c61..0d4c6133f54 100644 --- a/cryptobackend/hmac/hmac_linux.go +++ b/cryptobackend/hmac/hmac_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package hmac diff --git a/cryptobackend/internal/fips140state/systemfips_linux.go b/cryptobackend/internal/fips140state/systemfips_openssl.go similarity index 96% rename from cryptobackend/internal/fips140state/systemfips_linux.go rename to cryptobackend/internal/fips140state/systemfips_openssl.go index 943cee52233..1b1814533bf 100644 --- a/cryptobackend/internal/fips140state/systemfips_linux.go +++ b/cryptobackend/internal/fips140state/systemfips_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package fips140state diff --git a/cryptobackend/internal/opensslsetup/opensslsetup_linux.go b/cryptobackend/internal/opensslsetup/opensslsetup_openssl.go similarity index 97% rename from cryptobackend/internal/opensslsetup/opensslsetup_linux.go rename to cryptobackend/internal/opensslsetup/opensslsetup_openssl.go index 350c8ee7fa2..759261ffefa 100644 --- a/cryptobackend/internal/opensslsetup/opensslsetup_linux.go +++ b/cryptobackend/internal/opensslsetup/opensslsetup_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) // opensslsetup is a package that initializes the OpenSSL library. // It doesn't export any symbol, but blank importing it has the diff --git a/cryptobackend/md5/md5_linux.go b/cryptobackend/md5/md5_openssl.go similarity index 87% rename from cryptobackend/md5/md5_linux.go rename to cryptobackend/md5/md5_openssl.go index 99c922e5040..7a669c9a12e 100644 --- a/cryptobackend/md5/md5_linux.go +++ b/cryptobackend/md5/md5_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package md5 diff --git a/cryptobackend/mldsa/mldsa_linux.go b/cryptobackend/mldsa/mldsa_openssl.go similarity index 95% rename from cryptobackend/mldsa/mldsa_linux.go rename to cryptobackend/mldsa/mldsa_openssl.go index 51b08c69dd8..c119affb439 100644 --- a/cryptobackend/mldsa/mldsa_linux.go +++ b/cryptobackend/mldsa/mldsa_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package mldsa diff --git a/cryptobackend/mlkem/mlkem_linux.go b/cryptobackend/mlkem/mlkem_openssl.go similarity index 95% rename from cryptobackend/mlkem/mlkem_linux.go rename to cryptobackend/mlkem/mlkem_openssl.go index f8320035cc8..879ed20a606 100644 --- a/cryptobackend/mlkem/mlkem_linux.go +++ b/cryptobackend/mlkem/mlkem_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package mlkem diff --git a/cryptobackend/pbkdf2/pbkdf2_linux.go b/cryptobackend/pbkdf2/pbkdf2_openssl.go similarity index 88% rename from cryptobackend/pbkdf2/pbkdf2_linux.go rename to cryptobackend/pbkdf2/pbkdf2_openssl.go index 6a5ce007955..dee614057e9 100644 --- a/cryptobackend/pbkdf2/pbkdf2_linux.go +++ b/cryptobackend/pbkdf2/pbkdf2_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package pbkdf2 diff --git a/cryptobackend/rc4/rc4_linux.go b/cryptobackend/rc4/rc4_openssl.go similarity index 86% rename from cryptobackend/rc4/rc4_linux.go rename to cryptobackend/rc4/rc4_openssl.go index b1229abc6cb..16decd66f39 100644 --- a/cryptobackend/rc4/rc4_linux.go +++ b/cryptobackend/rc4/rc4_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package rc4 diff --git a/cryptobackend/rsa/rsa_linux.go b/cryptobackend/rsa/rsa_openssl.go similarity index 97% rename from cryptobackend/rsa/rsa_linux.go rename to cryptobackend/rsa/rsa_openssl.go index f375e7ad6e4..dd4d28d2769 100644 --- a/cryptobackend/rsa/rsa_linux.go +++ b/cryptobackend/rsa/rsa_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package rsa diff --git a/cryptobackend/sha1/sha1_linux.go b/cryptobackend/sha1/sha1_openssl.go similarity index 85% rename from cryptobackend/sha1/sha1_linux.go rename to cryptobackend/sha1/sha1_openssl.go index 739b0dd8e01..70ef0b15f73 100644 --- a/cryptobackend/sha1/sha1_linux.go +++ b/cryptobackend/sha1/sha1_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package sha1 diff --git a/cryptobackend/sha256/sha256_linux.go b/cryptobackend/sha256/sha256_openssl.go similarity index 90% rename from cryptobackend/sha256/sha256_linux.go rename to cryptobackend/sha256/sha256_openssl.go index a146988a347..83fa0abfcae 100644 --- a/cryptobackend/sha256/sha256_linux.go +++ b/cryptobackend/sha256/sha256_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package sha256 diff --git a/cryptobackend/sha3/sha3_linux.go b/cryptobackend/sha3/sha3_openssl.go similarity index 97% rename from cryptobackend/sha3/sha3_linux.go rename to cryptobackend/sha3/sha3_openssl.go index 8aa8a443a46..b5095e5c9cf 100644 --- a/cryptobackend/sha3/sha3_linux.go +++ b/cryptobackend/sha3/sha3_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package sha3 diff --git a/cryptobackend/sha512/sha512_linux.go b/cryptobackend/sha512/sha512_openssl.go similarity index 94% rename from cryptobackend/sha512/sha512_linux.go rename to cryptobackend/sha512/sha512_openssl.go index d2f65c859ca..eb0dde0002c 100644 --- a/cryptobackend/sha512/sha512_linux.go +++ b/cryptobackend/sha512/sha512_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package sha512 diff --git a/cryptobackend/tls12/tls12_linux.go b/cryptobackend/tls12/tls12_openssl.go similarity index 88% rename from cryptobackend/tls12/tls12_linux.go rename to cryptobackend/tls12/tls12_openssl.go index 6196bc62437..64c33bc0c6b 100644 --- a/cryptobackend/tls12/tls12_linux.go +++ b/cryptobackend/tls12/tls12_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package tls12 diff --git a/cryptobackend/tls13/tls13_linux.go b/cryptobackend/tls13/tls13_openssl.go similarity index 89% rename from cryptobackend/tls13/tls13_linux.go rename to cryptobackend/tls13/tls13_openssl.go index 08a66f65da9..d980d147d60 100644 --- a/cryptobackend/tls13/tls13_linux.go +++ b/cryptobackend/tls13/tls13_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto +//go:build goexperiment.systemcrypto && (linux || freebsd) package tls13 diff --git a/eng/_util/cmd/updatecryptodocs/header.md b/eng/_util/cmd/updatecryptodocs/header.md index c2ef73d0739..afca2a24382 100644 --- a/eng/_util/cmd/updatecryptodocs/header.md +++ b/eng/_util/cmd/updatecryptodocs/header.md @@ -26,6 +26,11 @@ OpenSSL 3 implements all the cryptographic algorithms using [Providers](https:// The Microsoft build of Go officially supports the built-in providers and [SCOSSL (SymCrypt provider for OpenSSL)](https://github.com/microsoft/SymCrypt-OpenSSL) v1.6.1 or later. SCOSSL is expected to be used with the default built-in provider enabled as a fallback (which is the case when using [Azure Linux 3](https://github.com/microsoft/AzureLinux)). +### FreeBSD + +Since Go 1.27, the Microsoft build of Go uses the [OpenSSL crypto library](https://docs.openssl.org/3.0/man7/crypto/) on FreeBSD (`amd64` and `arm64`), the same backend as on Linux. +The algorithm support listed in the Linux column of the tables below also applies to FreeBSD. + ### macOS On macOS, the Microsoft build of Go uses [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) for cryptographic operations. diff --git a/eng/doc/CrossPlatformCryptography.md b/eng/doc/CrossPlatformCryptography.md index 5cc611a494a..38d3a4a4a31 100644 --- a/eng/doc/CrossPlatformCryptography.md +++ b/eng/doc/CrossPlatformCryptography.md @@ -28,6 +28,11 @@ OpenSSL 3 implements all the cryptographic algorithms using [Providers](https:// The Microsoft build of Go officially supports the built-in providers and [SCOSSL (SymCrypt provider for OpenSSL)](https://github.com/microsoft/SymCrypt-OpenSSL) v1.6.1 or later. SCOSSL is expected to be used with the default built-in provider enabled as a fallback (which is the case when using [Azure Linux 3](https://github.com/microsoft/AzureLinux)). +### FreeBSD + +Since Go 1.27, the Microsoft build of Go uses the [OpenSSL crypto library](https://docs.openssl.org/3.0/man7/crypto/) on FreeBSD (`amd64` and `arm64`), the same backend as on Linux. +The algorithm support listed in the Linux column of the tables below also applies to FreeBSD. + ### macOS On macOS, the Microsoft build of Go uses [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) for cryptographic operations. diff --git a/eng/doc/NocgoOpenSSL.md b/eng/doc/NocgoOpenSSL.md index e87fbc75cf8..d010446e7f1 100644 --- a/eng/doc/NocgoOpenSSL.md +++ b/eng/doc/NocgoOpenSSL.md @@ -1,22 +1,26 @@ # No-cgo OpenSSL Backend -This document describes how the Microsoft build of Go uses the cgo-less OpenSSL backend on Linux. +This document describes how the Microsoft build of Go uses the cgo-less OpenSSL backend on Linux and FreeBSD. ## Overview -In Go 1.27 and later, the cgo-less OpenSSL backend is part of `systemcrypto` on Linux. +In Go 1.27 and later, the cgo-less OpenSSL backend is part of `systemcrypto` on Linux and FreeBSD. It is selected automatically when cgo is disabled and the target architecture is supported. > [!NOTE] -> In Go 1.26, this backend was available as the experimental `GOEXPERIMENT=ms_nocgo_opensslcrypto` feature. +> In Go 1.26, this backend was available as the experimental `GOEXPERIMENT=ms_nocgo_opensslcrypto` feature on Linux only. > > In Go 1.27, that experiment has been removed because the cgo-less backend is selected automatically when needed. +> +> FreeBSD support was added in Go 1.27. This allows the use of OpenSSL without requiring cgo. ## Supported architectures -The cgo-less OpenSSL backend is supported on the following architectures: +The cgo-less OpenSSL backend is supported on the following architectures. + +On Linux: - 386 - **amd64** @@ -27,6 +31,11 @@ The cgo-less OpenSSL backend is supported on the following architectures: - riscv64 - s390x (added in Go 1.27) +On FreeBSD (added in Go 1.27): + +- **amd64** +- **arm64** + The set of supported architectures is limited because each architecture requires a unique assembly implementation to call OpenSSL. Architectures are added based on demand and available resources. To see existing requests or request support for additional architectures, use the [![](https://img.shields.io/github/labels/microsoft/go/Area-Nocgo)](https://github.com/microsoft/go/labels/Area-Nocgo) label. diff --git a/eng/doc/fips/README.md b/eng/doc/fips/README.md index f5e01175424..8ed1fc4afe5 100644 --- a/eng/doc/fips/README.md +++ b/eng/doc/fips/README.md @@ -119,6 +119,7 @@ The `systemcrypto` experiment uses platform-specific code via build constraints. | Target platform | Library | | --- | --- | | Linux | OpenSSL | +| FreeBSD (amd64 and arm64, since Go 1.27) | OpenSSL | | Windows | CNG | | macOS | CommonCrypto & CryptoKit | diff --git a/patches/0001-Vendor-external-dependencies.patch b/patches/0001-Vendor-external-dependencies.patch index 71320d90a81..90d66720cbe 100644 --- a/patches/0001-Vendor-external-dependencies.patch +++ b/patches/0001-Vendor-external-dependencies.patch @@ -167,7 +167,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/fakecgo/trampolines_loong64.s | 80 + .../internal/fakecgo/trampolines_ppc64le.s | 134 + .../internal/fakecgo/trampolines_riscv64.s | 78 + - .../internal/fakecgo/trampolines_s390x.s | 158 ++ + .../internal/fakecgo/trampolines_s390x.s | 160 ++ .../internal/fakecgo/zsymbols.go | 167 ++ .../internal/fakecgo/zsymbols_darwin.go | 61 + .../internal/fakecgo/zsymbols_freebsd.go | 50 + @@ -272,73 +272,73 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/sysdll/sys_windows.go | 55 + .../microsoft/go/cryptobackend/README.md | 21 + .../go/cryptobackend/aes/aes_darwin.go | 15 + - .../go/cryptobackend/aes/aes_linux.go | 15 + + .../go/cryptobackend/aes/aes_openssl.go | 15 + .../go/cryptobackend/aes/aes_windows.go | 15 + .../go/cryptobackend/aes/gcm/gcm_darwin.go | 17 + - .../go/cryptobackend/aes/gcm/gcm_linux.go | 17 + + .../go/cryptobackend/aes/gcm/gcm_openssl.go | 17 + .../go/cryptobackend/aes/gcm/gcm_windows.go | 17 + .../go/cryptobackend/aes/gcm/init.go | 7 + .../go/cryptobackend/aes/gcm/nobackend.go | 13 + .../microsoft/go/cryptobackend/aes/init.go | 7 + .../go/cryptobackend/aes/nobackend.go | 11 + .../go/cryptobackend/backend_darwin.go | 17 + - .../go/cryptobackend/backend_linux.go | 27 + .../go/cryptobackend/backend_msgostd.go | 17 + + .../go/cryptobackend/backend_openssl.go | 27 + .../go/cryptobackend/backend_windows.go | 17 + .../microsoft/go/cryptobackend/bbig/big.go | 17 + .../go/cryptobackend/bbig/big_darwin.go | 12 + - .../go/cryptobackend/bbig/big_linux.go | 12 + + .../go/cryptobackend/bbig/big_openssl.go | 12 + .../go/cryptobackend/bbig/big_windows.go | 12 + .../microsoft/go/cryptobackend/bbig/init.go | 7 + .../chacha20poly1305_darwin.go | 24 + - .../chacha20poly1305_linux.go | 24 + + .../chacha20poly1305_openssl.go | 24 + .../chacha20poly1305_windows.go | 24 + .../go/cryptobackend/chacha20poly1305/init.go | 7 + .../chacha20poly1305/nobackend.go | 13 + .../microsoft/go/cryptobackend/common.go | 47 + .../go/cryptobackend/des/des_darwin.go | 21 + - .../go/cryptobackend/des/des_linux.go | 21 + + .../go/cryptobackend/des/des_openssl.go | 21 + .../go/cryptobackend/des/des_windows.go | 21 + .../microsoft/go/cryptobackend/des/init.go | 7 + .../go/cryptobackend/des/nobackend.go | 17 + .../microsoft/go/cryptobackend/drbg/init.go | 7 + .../go/cryptobackend/drbg/nobackend.go | 9 + .../go/cryptobackend/drbg/rand_darwin.go | 19 + - .../go/cryptobackend/drbg/rand_linux.go | 19 + + .../go/cryptobackend/drbg/rand_openssl.go | 19 + .../go/cryptobackend/drbg/rand_windows.go | 19 + .../go/cryptobackend/dsa/dsa_darwin.go | 25 + - .../go/cryptobackend/dsa/dsa_linux.go | 93 + + .../go/cryptobackend/dsa/dsa_openssl.go | 93 + .../go/cryptobackend/dsa/dsa_windows.go | 37 + .../microsoft/go/cryptobackend/dsa/init.go | 7 + .../go/cryptobackend/dsa/nobackend.go | 23 + .../go/cryptobackend/ecdh/ecdh_darwin.go | 32 + - .../go/cryptobackend/ecdh/ecdh_linux.go | 26 + + .../go/cryptobackend/ecdh/ecdh_openssl.go | 26 + .../go/cryptobackend/ecdh/ecdh_windows.go | 32 + .../microsoft/go/cryptobackend/ecdh/init.go | 7 + .../go/cryptobackend/ecdh/nobackend.go | 22 + .../go/cryptobackend/ecdsa/ecdsa_darwin.go | 39 + - .../go/cryptobackend/ecdsa/ecdsa_linux.go | 33 + + .../go/cryptobackend/ecdsa/ecdsa_openssl.go | 33 + .../go/cryptobackend/ecdsa/ecdsa_windows.go | 91 + .../microsoft/go/cryptobackend/ecdsa/init.go | 7 + .../go/cryptobackend/ecdsa/nobackend.go | 26 + .../cryptobackend/ed25519/ed25519_darwin.go | 24 + - .../go/cryptobackend/ed25519/ed25519_linux.go | 24 + + .../cryptobackend/ed25519/ed25519_openssl.go | 24 + .../cryptobackend/ed25519/ed25519_windows.go | 21 + .../go/cryptobackend/ed25519/init.go | 7 + .../go/cryptobackend/ed25519/nobackend.go | 21 + .../go/cryptobackend/fips140/fips140.go | 15 + .../go/cryptobackend/hash/hash_darwin.go | 15 + - .../go/cryptobackend/hash/hash_linux.go | 15 + + .../go/cryptobackend/hash/hash_openssl.go | 15 + .../go/cryptobackend/hash/hash_windows.go | 15 + .../go/cryptobackend/hash/nobackend.go | 11 + .../microsoft/go/cryptobackend/hkdf/hkdf.go | 15 + .../go/cryptobackend/hkdf/hkdf_darwin.go | 21 + - .../go/cryptobackend/hkdf/hkdf_linux.go | 21 + + .../go/cryptobackend/hkdf/hkdf_openssl.go | 21 + .../go/cryptobackend/hkdf/hkdf_windows.go | 21 + .../microsoft/go/cryptobackend/hkdf/init.go | 7 + .../go/cryptobackend/hkdf/nobackend.go | 17 + .../go/cryptobackend/hmac/hmac_darwin.go | 17 + - .../go/cryptobackend/hmac/hmac_linux.go | 17 + + .../go/cryptobackend/hmac/hmac_openssl.go | 17 + .../go/cryptobackend/hmac/hmac_windows.go | 17 + .../microsoft/go/cryptobackend/hmac/init.go | 7 + .../go/cryptobackend/hmac/nobackend.go | 11 + @@ -352,75 +352,75 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/fips140state/state_msgostd.go | 11 + .../internal/fips140state/state_nomsgostd.go | 9 + .../fips140state/systemfips_darwin.go | 11 + - .../internal/fips140state/systemfips_linux.go | 57 + + .../fips140state/systemfips_openssl.go | 57 + .../fips140state/systemfips_windows.go | 32 + - .../opensslsetup/opensslsetup_linux.go | 68 + + .../opensslsetup/opensslsetup_openssl.go | 68 + .../internal/opensslsetup/stub.go | 8 + .../microsoft/go/cryptobackend/md5/init.go | 7 + .../go/cryptobackend/md5/md5_darwin.go | 20 + - .../go/cryptobackend/md5/md5_linux.go | 20 + + .../go/cryptobackend/md5/md5_openssl.go | 20 + .../go/cryptobackend/md5/md5_windows.go | 20 + .../go/cryptobackend/md5/nobackend.go | 15 + .../microsoft/go/cryptobackend/mldsa/init.go | 7 + .../go/cryptobackend/mldsa/mldsa_darwin.go | 26 + - .../go/cryptobackend/mldsa/mldsa_linux.go | 26 + + .../go/cryptobackend/mldsa/mldsa_openssl.go | 26 + .../go/cryptobackend/mldsa/mldsa_windows.go | 26 + .../go/cryptobackend/mldsa/nobackend.go | 44 + .../microsoft/go/cryptobackend/mlkem/init.go | 7 + .../go/cryptobackend/mlkem/mlkem_darwin.go | 31 + - .../go/cryptobackend/mlkem/mlkem_linux.go | 31 + + .../go/cryptobackend/mlkem/mlkem_openssl.go | 31 + .../go/cryptobackend/mlkem/mlkem_windows.go | 31 + .../go/cryptobackend/mlkem/nobackend.go | 51 + .../microsoft/go/cryptobackend/nobackend.go | 15 + .../microsoft/go/cryptobackend/pbkdf2/init.go | 7 + .../go/cryptobackend/pbkdf2/nobackend.go | 14 + .../go/cryptobackend/pbkdf2/pbkdf2_darwin.go | 18 + - .../go/cryptobackend/pbkdf2/pbkdf2_linux.go | 18 + + .../go/cryptobackend/pbkdf2/pbkdf2_openssl.go | 18 + .../go/cryptobackend/pbkdf2/pbkdf2_windows.go | 18 + .../microsoft/go/cryptobackend/rc4/init.go | 7 + .../go/cryptobackend/rc4/nobackend.go | 17 + .../go/cryptobackend/rc4/rc4_darwin.go | 15 + - .../go/cryptobackend/rc4/rc4_linux.go | 15 + + .../go/cryptobackend/rc4/rc4_openssl.go | 15 + .../go/cryptobackend/rc4/rc4_windows.go | 15 + .../microsoft/go/cryptobackend/rsa/init.go | 7 + .../go/cryptobackend/rsa/nobackend.go | 61 + .../go/cryptobackend/rsa/rsa_darwin.go | 150 + - .../go/cryptobackend/rsa/rsa_linux.go | 85 + + .../go/cryptobackend/rsa/rsa_openssl.go | 85 + .../go/cryptobackend/rsa/rsa_windows.go | 77 + .../microsoft/go/cryptobackend/sha1/init.go | 7 + .../go/cryptobackend/sha1/nobackend.go | 13 + .../go/cryptobackend/sha1/sha1_darwin.go | 17 + - .../go/cryptobackend/sha1/sha1_linux.go | 17 + + .../go/cryptobackend/sha1/sha1_openssl.go | 17 + .../go/cryptobackend/sha1/sha1_windows.go | 17 + .../microsoft/go/cryptobackend/sha256/init.go | 7 + .../go/cryptobackend/sha256/nobackend.go | 16 + .../go/cryptobackend/sha256/sha256_darwin.go | 20 + - .../go/cryptobackend/sha256/sha256_linux.go | 21 + + .../go/cryptobackend/sha256/sha256_openssl.go | 21 + .../go/cryptobackend/sha256/sha256_windows.go | 20 + .../microsoft/go/cryptobackend/sha3/init.go | 7 + .../go/cryptobackend/sha3/nobackend.go | 50 + .../go/cryptobackend/sha3/sha3_darwin.go | 50 + - .../go/cryptobackend/sha3/sha3_linux.go | 40 + + .../go/cryptobackend/sha3/sha3_openssl.go | 40 + .../go/cryptobackend/sha3/sha3_windows.go | 40 + .../microsoft/go/cryptobackend/sha512/init.go | 7 + .../go/cryptobackend/sha512/nobackend.go | 21 + .../go/cryptobackend/sha512/sha512_darwin.go | 25 + - .../go/cryptobackend/sha512/sha512_linux.go | 26 + + .../go/cryptobackend/sha512/sha512_openssl.go | 26 + .../go/cryptobackend/sha512/sha512_windows.go | 25 + .../microsoft/go/cryptobackend/stub.s | 10 + .../microsoft/go/cryptobackend/tls12/init.go | 7 + .../go/cryptobackend/tls12/nobackend.go | 14 + .../go/cryptobackend/tls12/tls12_darwin.go | 14 + - .../go/cryptobackend/tls12/tls12_linux.go | 18 + + .../go/cryptobackend/tls12/tls12_openssl.go | 18 + .../go/cryptobackend/tls12/tls12_windows.go | 18 + .../microsoft/go/cryptobackend/tls13/init.go | 7 + .../go/cryptobackend/tls13/nobackend.go | 14 + .../microsoft/go/cryptobackend/tls13/tls13.go | 192 ++ .../go/cryptobackend/tls13/tls13_darwin.go | 14 + - .../go/cryptobackend/tls13/tls13_linux.go | 18 + + .../go/cryptobackend/tls13/tls13_openssl.go | 18 + .../go/cryptobackend/tls13/tls13_windows.go | 14 + src/vendor/modules.txt | 55 + - 412 files changed, 39649 insertions(+), 11 deletions(-) + 412 files changed, 39651 insertions(+), 11 deletions(-) create mode 100644 src/cmd/internal/telemetry/counter/deps_ignore.go create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/LICENSE create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/README.md @@ -678,73 +678,73 @@ Use a 'go' that was recently built by the current branch to ensure stable result create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/internal/sysdll/sys_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/README.md create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/aes/aes_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/aes/aes_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/aes/aes_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/aes/aes_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/gcm_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/gcm_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/gcm_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/gcm_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/aes/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/aes/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/backend_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/backend_linux.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/backend_msgostd.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/backend_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/backend_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/bbig/big.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/bbig/big_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/bbig/big_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/bbig/big_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/bbig/big_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/bbig/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/chacha20poly1305_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/chacha20poly1305_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/chacha20poly1305_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/chacha20poly1305_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/common.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/des/des_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/des/des_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/des/des_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/des/des_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/des/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/des/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/drbg/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/drbg/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/drbg/rand_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/drbg/rand_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/drbg/rand_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/drbg/rand_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/dsa/dsa_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/dsa/dsa_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/dsa/dsa_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/dsa/dsa_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/dsa/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/dsa/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ecdh/ecdh_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ecdh/ecdh_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ecdh/ecdh_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ecdh/ecdh_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ecdh/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ecdh/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/ecdsa_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/ecdsa_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/ecdsa_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/ecdsa_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ed25519/ed25519_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ed25519/ed25519_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ed25519/ed25519_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ed25519/ed25519_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ed25519/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/ed25519/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/fips140/fips140.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hash/hash_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hash/hash_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hash/hash_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hash/hash_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hash/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hkdf/hkdf.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hkdf/hkdf_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hkdf/hkdf_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hkdf/hkdf_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hkdf/hkdf_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hkdf/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hkdf/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hmac/hmac_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hmac/hmac_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hmac/hmac_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hmac/hmac_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hmac/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/hmac/nobackend.go @@ -758,72 +758,72 @@ Use a 'go' that was recently built by the current branch to ensure stable result create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/state_msgostd.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/state_nomsgostd.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/systemfips_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/systemfips_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/systemfips_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/systemfips_windows.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/internal/opensslsetup/opensslsetup_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/internal/opensslsetup/opensslsetup_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/internal/opensslsetup/stub.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/md5/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/md5/md5_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/md5/md5_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/md5/md5_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/md5/md5_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/md5/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/mldsa/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/mldsa/mldsa_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/mldsa/mldsa_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/mldsa/mldsa_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/mldsa/mldsa_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/mldsa/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/mlkem/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/mlkem/mlkem_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/mlkem/mlkem_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/mlkem/mlkem_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/mlkem/mlkem_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/mlkem/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/pbkdf2_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/pbkdf2_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/pbkdf2_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/pbkdf2_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/rc4/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/rc4/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/rc4/rc4_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/rc4/rc4_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/rc4/rc4_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/rc4/rc4_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/rsa/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/rsa/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/rsa/rsa_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/rsa/rsa_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/rsa/rsa_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/rsa/rsa_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha1/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha1/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha1/sha1_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha1/sha1_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha1/sha1_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha1/sha1_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha256/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha256/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha256/sha256_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha256/sha256_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha256/sha256_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha256/sha256_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha3/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha3/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha3/sha3_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha3/sha3_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha3/sha3_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha3/sha3_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha512/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha512/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha512/sha512_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha512/sha512_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha512/sha512_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/sha512/sha512_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/stub.s create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/tls12/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/tls12/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/tls12/tls12_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/tls12/tls12_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/tls12/tls12_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/tls12/tls12_windows.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/tls13/init.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/tls13/nobackend.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/tls13/tls13.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/tls13/tls13_darwin.go - create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/tls13/tls13_linux.go + create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/tls13/tls13_openssl.go create mode 100644 src/vendor/github.com/microsoft/go/cryptobackend/tls13/tls13_windows.go diff --git a/src/cmd/go.mod b/src/cmd/go.mod @@ -2734,7 +2734,7 @@ index 00000000000000..d4671e1584dfa8 +// This file is here just to declare cryptobackend dependencies. +// This allows tracking their versions in a single patch file. diff --git a/src/go.mod b/src/go.mod -index bb6abc93792f39..bba6003d5f951c 100644 +index bb6abc93792f39..0e38b0d76e9ea6 100644 --- a/src/go.mod +++ b/src/go.mod @@ -3,11 +3,17 @@ module std @@ -2744,7 +2744,7 @@ index bb6abc93792f39..bba6003d5f951c 100644 - golang.org/x/crypto v0.52.1-0.20260526024921-9beb694f9766 - golang.org/x/net v0.55.1-0.20260526154343-657eb1317b5d + github.com/microsoft/go-crypto-darwin v0.0.3-0.20260619075948-e554deeefa9f // indirect -+ github.com/microsoft/go-crypto-openssl v0.5.0 // indirect ++ github.com/microsoft/go-crypto-openssl v0.5.1-0.20260702080831-779d2f80165b // indirect + github.com/microsoft/go-crypto-winnative v0.0.0-20260605073512-713d2add0825 // indirect + golang.org/x/sys v0.45.0 // indirect + golang.org/x/text v0.37.0 // indirect @@ -2760,21 +2760,21 @@ index bb6abc93792f39..bba6003d5f951c 100644 + +replace github.com/microsoft/go/cryptobackend => ../../cryptobackend diff --git a/src/go.sum b/src/go.sum -index ab34844da17757..cc1f0e6b1d95a3 100644 +index ab34844da17757..d67f6d6610de55 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,9 @@ +github.com/microsoft/go-crypto-darwin v0.0.3-0.20260619075948-e554deeefa9f h1:ksW7MznRoTYAoBaNIKyjqxR0Tp0aUqY1eALRaerngnk= +github.com/microsoft/go-crypto-darwin v0.0.3-0.20260619075948-e554deeefa9f/go.mod h1:QahyqOoEDhEJ08aC1WtiWq691LyNgXq3qrjI4QmdPzM= -+github.com/microsoft/go-crypto-openssl v0.5.0 h1:wTcBB5QN4YtsKcZdqWojL5pWIF/P+PVGNBZ/SQOFiuQ= -+github.com/microsoft/go-crypto-openssl v0.5.0/go.mod h1:gJrjX+yWGi9pkbfPVDDh+ZbgjtQoRSXHjb/ZyjwKk34= ++github.com/microsoft/go-crypto-openssl v0.5.1-0.20260702080831-779d2f80165b h1:l2QuDBwmReDtL/D0Rzj4N3sitiHLJbGdU8dA9Y13K7s= ++github.com/microsoft/go-crypto-openssl v0.5.1-0.20260702080831-779d2f80165b/go.mod h1:gJrjX+yWGi9pkbfPVDDh+ZbgjtQoRSXHjb/ZyjwKk34= +github.com/microsoft/go-crypto-winnative v0.0.0-20260605073512-713d2add0825 h1:nmQ1K/L5GISW8UwbUwE376h3WXREEpREFdc3fNklcXc= +github.com/microsoft/go-crypto-winnative v0.0.0-20260605073512-713d2add0825/go.mod h1:a1Z07CJIuWa8WT/pzFIGNTTKS96s8o1B1TPOziAHUxw= golang.org/x/crypto v0.52.1-0.20260526024921-9beb694f9766 h1:ABD+jVg0H4Hwu2sGcUtKeb3T8mlS+jS3uWrkTAPcXjs= golang.org/x/crypto v0.52.1-0.20260526024921-9beb694f9766/go.mod h1:1QgfPxDqh0T2M/elOJtp9RvuR95kVjir0e6/BvEmGbc= golang.org/x/net v0.55.1-0.20260526154343-657eb1317b5d h1:G6GZDsxGyGK2SxMEqnPJfBWRKGCNpWheup5btZYkYpw= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index f65e709a72f6af..a71759adcb7363 100644 +index 4959a421892996..67627cdb93ff22 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -153,6 +153,13 @@ var depsRules = ` @@ -2854,7 +2854,7 @@ index f65e709a72f6af..a71759adcb7363 100644 CRYPTO, FMT, math/big, internal/saferio < crypto/internal/boring/bbig < crypto/internal/fips140cache -@@ -951,7 +992,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -954,7 +995,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -2863,7 +2863,7 @@ index f65e709a72f6af..a71759adcb7363 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -961,7 +1002,7 @@ func findImports(pkg string) ([]string, error) { +@@ -964,7 +1005,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} @@ -15620,12 +15620,12 @@ index 00000000000000..17c6f83475ce5e +func call5(fn, a1, a2, a3, a4, a5 uintptr) uintptr diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/fakecgo.lock b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/fakecgo.lock new file mode 100644 -index 00000000000000..3a842170f1f5e8 +index 00000000000000..c0625f7dd69a23 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/fakecgo.lock @@ -0,0 +1,3 @@ +{ -+ "commit_hash": "1512f327e9958354283654ee4497800e33a7b838" ++ "commit_hash": "48e0d42a22d76a4a9cd880be7eceea443a26b34b" +} diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/freebsd.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/freebsd.go new file mode 100644 @@ -15772,7 +15772,7 @@ index 00000000000000..e49117058f381e +} diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_freebsd.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_freebsd.go new file mode 100644 -index 00000000000000..928c5245c84d29 +index 00000000000000..37c6b50e2e6e85 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_freebsd.go @@ -0,0 +1,81 @@ @@ -15782,7 +15782,7 @@ index 00000000000000..928c5245c84d29 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build !cgo ++//go:build !cgo && (amd64 || arm64) + +package fakecgo + @@ -16481,7 +16481,7 @@ index 00000000000000..30b9e8eb88c83d +var _cgo_unsetenv = &x_cgo_unsetenv_trampoline diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_386.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_386.s new file mode 100644 -index 00000000000000..5067c5533d14ae +index 00000000000000..80a9e968c6a8cd --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_386.s @@ -0,0 +1,123 @@ @@ -16490,7 +16490,7 @@ index 00000000000000..5067c5533d14ae +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2026 The Ebitengine Authors + -+//go:build !cgo && (darwin || freebsd || linux) ++//go:build !cgo && (freebsd || linux) + +#include "textflag.h" +#include "go_asm.h" @@ -16725,7 +16725,7 @@ index 00000000000000..049e2bbb1e7f44 + RET diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_arm.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_arm.s new file mode 100644 -index 00000000000000..3c0e1d00bd90f6 +index 00000000000000..ae989a4e0e18c9 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_arm.s @@ -0,0 +1,124 @@ @@ -16734,7 +16734,7 @@ index 00000000000000..3c0e1d00bd90f6 +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2026 The Ebitengine Authors + -+//go:build !cgo && (darwin || freebsd || linux) ++//go:build !cgo && (freebsd || linux) + +#include "textflag.h" +#include "go_asm.h" @@ -17465,11 +17465,11 @@ index 00000000000000..c78f98e8c89c09 + RET diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_s390x.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_s390x.s new file mode 100644 -index 00000000000000..ce4247c989f4c1 +index 00000000000000..be563c097fc0a0 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_s390x.s @@ -0,0 +1,53 @@ -+// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++// Code generated by update_tool.go from ebitengine/purego; DO NOT EDIT. + +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2022 The Ebitengine Authors @@ -17524,7 +17524,7 @@ index 00000000000000..ce4247c989f4c1 + BR R1 diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_loong64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_loong64.s new file mode 100644 -index 00000000000000..512a8dddf0be56 +index 00000000000000..750e297dcd375e --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_loong64.s @@ -0,0 +1,80 @@ @@ -17533,7 +17533,7 @@ index 00000000000000..512a8dddf0be56 +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2025 The Ebitengine Authors + -+//go:build !cgo && (darwin || freebsd || linux) ++//go:build !cgo && linux + +#include "textflag.h" +#include "go_asm.h" @@ -17610,7 +17610,7 @@ index 00000000000000..512a8dddf0be56 + RET diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_ppc64le.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_ppc64le.s new file mode 100644 -index 00000000000000..55f88c03cd4795 +index 00000000000000..e3d1bf2305809c --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_ppc64le.s @@ -0,0 +1,134 @@ @@ -17619,7 +17619,7 @@ index 00000000000000..55f88c03cd4795 +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2026 The Ebitengine Authors + -+//go:build !cgo && (darwin || freebsd || linux) ++//go:build !cgo && linux + +#include "textflag.h" +#include "go_asm.h" @@ -17750,7 +17750,7 @@ index 00000000000000..55f88c03cd4795 + RET diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_riscv64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_riscv64.s new file mode 100644 -index 00000000000000..2e4f60db002a44 +index 00000000000000..5a7dccde039cec --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_riscv64.s @@ -0,0 +1,78 @@ @@ -17759,7 +17759,7 @@ index 00000000000000..2e4f60db002a44 +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2026 The Ebitengine Authors + -+//go:build !cgo && (darwin || freebsd || linux) ++//go:build !cgo && linux + +#include "textflag.h" +#include "go_asm.h" @@ -17834,10 +17834,12 @@ index 00000000000000..2e4f60db002a44 + RET diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_s390x.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_s390x.s new file mode 100644 -index 00000000000000..258c4a33c368e4 +index 00000000000000..9b3aa12bbb7883 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_s390x.s -@@ -0,0 +1,158 @@ +@@ -0,0 +1,160 @@ ++// Code generated by update_tool.go from ebitengine/purego; DO NOT EDIT. ++ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2026 The Ebitengine Authors + @@ -40938,17 +40940,17 @@ index 00000000000000..97d73de468500c +) + +func New(key []byte) (cipher.Block, error) { return xcrypto.NewAESCipher(key) } -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/aes/aes_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/aes/aes_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/aes/aes_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/aes/aes_openssl.go new file mode 100644 -index 00000000000000..a261f6401dbdda +index 00000000000000..dde2958ce3e060 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/aes/aes_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/aes/aes_openssl.go @@ -0,0 +1,15 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package aes + @@ -41003,17 +41005,17 @@ index 00000000000000..a05c567366845c +func NewTLS(c cipher.Block) (cipher.AEAD, error) { return xcrypto.NewGCMTLS(c) } + +func NewTLS13(c cipher.Block) (cipher.AEAD, error) { return xcrypto.NewGCMTLS13(c) } -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/gcm_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/gcm_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/gcm_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/gcm_openssl.go new file mode 100644 -index 00000000000000..3d12e43471870b +index 00000000000000..b34a74dafaf358 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/gcm_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/gcm_openssl.go @@ -0,0 +1,17 @@ +// Copyright 2013 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package gcm + @@ -41134,17 +41136,40 @@ index 00000000000000..3b552bc0b06596 + +// Enabled controls whether FIPS crypto is enabled. +const Enabled = true -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/backend_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/backend_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/backend_msgostd.go b/src/vendor/github.com/microsoft/go/cryptobackend/backend_msgostd.go +new file mode 100644 +index 00000000000000..a9ee1b58fd4ce1 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/backend_msgostd.go +@@ -0,0 +1,17 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.systemcrypto && msgostd ++ ++package backend ++ ++import ( ++ "crypto/internal/fips140only" ++ ++ bhash "github.com/microsoft/go/cryptobackend/hash" ++) ++ ++func init() { ++ fips140only.BackendApprovedHash = bhash.Approved ++} +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/backend_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/backend_openssl.go new file mode 100644 -index 00000000000000..60bf13c11a6a1f +index 00000000000000..a41ff9438d31b6 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/backend_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/backend_openssl.go @@ -0,0 +1,27 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package backend + @@ -41167,29 +41192,6 @@ index 00000000000000..60bf13c11a6a1f + panic("opensslcrypto: " + err.Error() + ": " + osslsetup.VersionText()) + } +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/backend_msgostd.go b/src/vendor/github.com/microsoft/go/cryptobackend/backend_msgostd.go -new file mode 100644 -index 00000000000000..a9ee1b58fd4ce1 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/backend_msgostd.go -@@ -0,0 +1,17 @@ -+// Copyright 2017 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.systemcrypto && msgostd -+ -+package backend -+ -+import ( -+ "crypto/internal/fips140only" -+ -+ bhash "github.com/microsoft/go/cryptobackend/hash" -+) -+ -+func init() { -+ fips140only.BackendApprovedHash = bhash.Approved -+} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/backend_windows.go b/src/vendor/github.com/microsoft/go/cryptobackend/backend_windows.go new file mode 100644 index 00000000000000..a660f516b3527c @@ -41254,17 +41256,17 @@ index 00000000000000..889f2ff7c703d8 + +var Enc = bbig.Enc +var Dec = bbig.Dec -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/bbig/big_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/bbig/big_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/bbig/big_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/bbig/big_openssl.go new file mode 100644 -index 00000000000000..1b515fe6244a52 +index 00000000000000..1dd13cecbd026d --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/bbig/big_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/bbig/big_openssl.go @@ -0,0 +1,12 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package bbig + @@ -41333,17 +41335,17 @@ index 00000000000000..0ce838f9a5f7d3 + } + return xcrypto.NewChaCha20Poly1305(key) +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/chacha20poly1305_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/chacha20poly1305_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/chacha20poly1305_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/chacha20poly1305_openssl.go new file mode 100644 -index 00000000000000..abfe43803b806b +index 00000000000000..222c4ae29ce878 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/chacha20poly1305_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/chacha20poly1305_openssl.go @@ -0,0 +1,24 @@ +// Copyright 2026 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package chacha20poly1305 + @@ -41505,17 +41507,17 @@ index 00000000000000..9df97e1cabc36c +func NewDES(key []byte) (cipher.Block, error) { return xcrypto.NewDESCipher(key) } + +func NewTripleDES(key []byte) (cipher.Block, error) { return xcrypto.NewTripleDESCipher(key) } -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/des/des_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/des/des_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/des/des_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/des/des_openssl.go new file mode 100644 -index 00000000000000..f3d505d7b444f1 +index 00000000000000..e608ed381f4d4b --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/des/des_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/des/des_openssl.go @@ -0,0 +1,21 @@ +// Copyright 2026 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package des + @@ -41648,17 +41650,17 @@ index 00000000000000..be7f0f574c9486 + panic(err) + } +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/drbg/rand_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/drbg/rand_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/drbg/rand_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/drbg/rand_openssl.go new file mode 100644 -index 00000000000000..f46fcaaab05cfc +index 00000000000000..b7b0f6c1430676 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/drbg/rand_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/drbg/rand_openssl.go @@ -0,0 +1,19 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package drbg + @@ -41729,17 +41731,17 @@ index 00000000000000..36db87c344ad67 +func Verify(pub *PublicKey, hashed []byte, r, s BigInt) bool { + panic("cryptobackend: not available") +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/dsa/dsa_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/dsa/dsa_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/dsa/dsa_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/dsa/dsa_openssl.go new file mode 100644 -index 00000000000000..b4f281495b2713 +index 00000000000000..d73a67db28d010 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/dsa/dsa_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/dsa/dsa_openssl.go @@ -0,0 +1,93 @@ +// Copyright 2026 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package dsa + @@ -41951,17 +41953,17 @@ index 00000000000000..67de2e7bb2098e +} + +func ECDH(priv *PrivateKey, pub *PublicKey) ([]byte, error) { return xcrypto.ECDH(priv, pub) } -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/ecdh/ecdh_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/ecdh/ecdh_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/ecdh/ecdh_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/ecdh/ecdh_openssl.go new file mode 100644 -index 00000000000000..0c46cb3858c955 +index 00000000000000..2a87a84dd86db2 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/ecdh/ecdh_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/ecdh/ecdh_openssl.go @@ -0,0 +1,26 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package ecdh + @@ -42107,17 +42109,17 @@ index 00000000000000..2bce40cb490cdb +func VerifyASN1(pub *PublicKey, hash, sig []byte) (bool, error) { + return xcrypto.VerifyECDSA(pub, hash, sig), nil +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/ecdsa_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/ecdsa_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/ecdsa_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/ecdsa_openssl.go new file mode 100644 -index 00000000000000..5781c3280d6c78 +index 00000000000000..943b2f79c874c6 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/ecdsa_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/ecdsa_openssl.go @@ -0,0 +1,33 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package ecdsa + @@ -42318,17 +42320,17 @@ index 00000000000000..339ad263058c45 +func Verify(pub PublicKey, message, sig []byte) error { + return xcrypto.VerifyEd25519(pub, message, sig) +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/ed25519/ed25519_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/ed25519/ed25519_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/ed25519/ed25519_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/ed25519/ed25519_openssl.go new file mode 100644 -index 00000000000000..2a396ab5a7e6aa +index 00000000000000..b66d987ca87b15 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/ed25519/ed25519_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/ed25519/ed25519_openssl.go @@ -0,0 +1,24 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package ed25519 + @@ -42457,17 +42459,17 @@ index 00000000000000..30b7bebbacd109 +) + +func Approved(h hash.Hash) bool { return xcrypto.FIPSApprovedHash(h) } -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/hash/hash_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/hash/hash_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/hash/hash_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/hash/hash_openssl.go new file mode 100644 -index 00000000000000..453a666f292419 +index 00000000000000..91d61d0606ba7d --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/hash/hash_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/hash/hash_openssl.go @@ -0,0 +1,15 @@ +// Copyright 2026 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package hash + @@ -42564,17 +42566,17 @@ index 00000000000000..c6d8af02b74f53 +func Expand[H hash.Hash](h func() H, pseudorandomKey []byte, info string, keyLen int) ([]byte, error) { + return xcrypto.ExpandHKDF(h, pseudorandomKey, []byte(info), keyLen) +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/hkdf/hkdf_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/hkdf/hkdf_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/hkdf/hkdf_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/hkdf/hkdf_openssl.go new file mode 100644 -index 00000000000000..672cb263fac81c +index 00000000000000..eedae4374d91e1 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/hkdf/hkdf_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/hkdf/hkdf_openssl.go @@ -0,0 +1,21 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package hkdf + @@ -42677,17 +42679,17 @@ index 00000000000000..9623b2e99b8cad +func New[H hash.Hash](h func() H, key []byte) hash.Hash { + return xcrypto.NewHMAC(h, key) +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/hmac/hmac_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/hmac/hmac_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/hmac/hmac_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/hmac/hmac_openssl.go new file mode 100644 -index 00000000000000..c5f029b2c61fb3 +index 00000000000000..0d4c6133f5434d --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/hmac/hmac_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/hmac/hmac_openssl.go @@ -0,0 +1,17 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package hmac + @@ -42994,17 +42996,17 @@ index 00000000000000..a6fba27162a6ef +func systemFIPSMode() bool { + return false +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/systemfips_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/systemfips_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/systemfips_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/systemfips_openssl.go new file mode 100644 -index 00000000000000..943cee5223368c +index 00000000000000..1b1814533bf60d --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/systemfips_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/systemfips_openssl.go @@ -0,0 +1,57 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package fips140state + @@ -43095,17 +43097,17 @@ index 00000000000000..2dc899297e4c3d + } + return enabled != 0 +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/internal/opensslsetup/opensslsetup_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/internal/opensslsetup/opensslsetup_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/internal/opensslsetup/opensslsetup_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/internal/opensslsetup/opensslsetup_openssl.go new file mode 100644 -index 00000000000000..350c8ee7fa2bc6 +index 00000000000000..759261ffefa52d --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/internal/opensslsetup/opensslsetup_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/internal/opensslsetup/opensslsetup_openssl.go @@ -0,0 +1,68 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +// opensslsetup is a package that initializes the OpenSSL library. +// It doesn't export any symbol, but blank importing it has the @@ -43222,17 +43224,17 @@ index 00000000000000..2d5cd1659573c5 +func New() hash.Hash { return xcrypto.NewMD5() } + +func Sum(data []byte) [16]byte { return xcrypto.MD5(data) } -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/md5/md5_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/md5/md5_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/md5/md5_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/md5/md5_openssl.go new file mode 100644 -index 00000000000000..99c922e5040b16 +index 00000000000000..7a669c9a12ec85 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/md5/md5_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/md5/md5_openssl.go @@ -0,0 +1,20 @@ +// Copyright 2026 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package md5 + @@ -43340,17 +43342,17 @@ index 00000000000000..2888d5253905d0 +func NewPublicKey(params Parameters, publicKey []byte) (*PublicKey, error) { + return xcrypto.NewPublicKeyMLDSA(params, publicKey) +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/mldsa/mldsa_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/mldsa/mldsa_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/mldsa/mldsa_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/mldsa/mldsa_openssl.go new file mode 100644 -index 00000000000000..51b08c69dd8226 +index 00000000000000..c119affb439541 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/mldsa/mldsa_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/mldsa/mldsa_openssl.go @@ -0,0 +1,26 @@ +// Copyright 2026 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package mldsa + @@ -43504,17 +43506,17 @@ index 00000000000000..9a0cc2702913db +func NewEncapsulationKey1024(encapsulationKey []byte) (EncapsulationKey1024, error) { + return xcrypto.NewEncapsulationKeyMLKEM1024(encapsulationKey) +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/mlkem/mlkem_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/mlkem/mlkem_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/mlkem/mlkem_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/mlkem/mlkem_openssl.go new file mode 100644 -index 00000000000000..f8320035cc8a6d +index 00000000000000..879ed20a60698b --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/mlkem/mlkem_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/mlkem/mlkem_openssl.go @@ -0,0 +1,31 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package mlkem + @@ -43713,17 +43715,17 @@ index 00000000000000..df3b087cbc3758 +func Key[H hash.Hash](h func() H, password string, salt []byte, iter, keyLength int) ([]byte, error) { + return xcrypto.PBKDF2([]byte(password), salt, iter, keyLength, h) +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/pbkdf2_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/pbkdf2_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/pbkdf2_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/pbkdf2_openssl.go new file mode 100644 -index 00000000000000..6a5ce007955522 +index 00000000000000..dee614057e924f --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/pbkdf2_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/pbkdf2_openssl.go @@ -0,0 +1,18 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package pbkdf2 + @@ -43818,17 +43820,17 @@ index 00000000000000..ddcff4caa4da2e +func Supports() bool { return true } + +func New(key []byte) (*Cipher, error) { return xcrypto.NewRC4Cipher(key) } -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/rc4/rc4_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/rc4/rc4_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/rc4/rc4_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/rc4/rc4_openssl.go new file mode 100644 -index 00000000000000..b1229abc6cb995 +index 00000000000000..16decd66f39659 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/rc4/rc4_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/rc4/rc4_openssl.go @@ -0,0 +1,15 @@ +// Copyright 2026 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package rc4 + @@ -44096,17 +44098,17 @@ index 00000000000000..b932d97b59d71a +func VerifyPSS(pub *PublicKey, h crypto.Hash, hashed, sig []byte, saltLen int) error { + return xcrypto.VerifyRSAPSS(pub, h, hashed, sig, saltLen) +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/rsa/rsa_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/rsa/rsa_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/rsa/rsa_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/rsa/rsa_openssl.go new file mode 100644 -index 00000000000000..f375e7ad6e4959 +index 00000000000000..dd4d28d2769a21 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/rsa/rsa_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/rsa/rsa_openssl.go @@ -0,0 +1,85 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package rsa + @@ -44325,17 +44327,17 @@ index 00000000000000..db59a9d7047daf +func New() hash.Hash { return xcrypto.NewSHA1() } + +func Sum(data []byte) [20]byte { return xcrypto.SHA1(data) } -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/sha1/sha1_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/sha1/sha1_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/sha1/sha1_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/sha1/sha1_openssl.go new file mode 100644 -index 00000000000000..739b0dd8e013e6 +index 00000000000000..70ef0b15f73efd --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/sha1/sha1_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/sha1/sha1_openssl.go @@ -0,0 +1,17 @@ +// Copyright 2026 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package sha1 + @@ -44432,17 +44434,17 @@ index 00000000000000..24998928a3e884 +func New224() hash.Hash { panic("cryptobackend: not available") } +func Sum256(data []byte) [32]byte { return xcrypto.SHA256(data) } +func Sum224(data []byte) [28]byte { panic("cryptobackend: not available") } -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/sha256/sha256_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/sha256/sha256_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/sha256/sha256_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/sha256/sha256_openssl.go new file mode 100644 -index 00000000000000..a146988a3477cd +index 00000000000000..83fa0abfcae7c6 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/sha256/sha256_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/sha256/sha256_openssl.go @@ -0,0 +1,21 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package sha256 + @@ -44610,17 +44612,17 @@ index 00000000000000..d0eda8e86b877b +func Sum512(data []byte) [64]byte { return xcrypto.SumSHA3_512(data) } +func SumSHAKE128(data []byte, length int) []byte { panic("cryptobackend: not available") } +func SumSHAKE256(data []byte, length int) []byte { panic("cryptobackend: not available") } -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/sha3/sha3_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/sha3/sha3_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/sha3/sha3_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/sha3/sha3_openssl.go new file mode 100644 -index 00000000000000..8aa8a443a46039 +index 00000000000000..b5095e5c9cf570 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/sha3/sha3_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/sha3/sha3_openssl.go @@ -0,0 +1,40 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package sha3 + @@ -44773,17 +44775,17 @@ index 00000000000000..9f243570638d35 +func Sum384(data []byte) [48]byte { return xcrypto.SHA384(data) } +func Sum512_224(data []byte) [28]byte { panic("cryptobackend: not available") } +func Sum512_256(data []byte) [32]byte { panic("cryptobackend: not available") } -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/sha512/sha512_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/sha512/sha512_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/sha512/sha512_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/sha512/sha512_openssl.go new file mode 100644 -index 00000000000000..d2f65c859caa38 +index 00000000000000..eb0dde0002c106 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/sha512/sha512_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/sha512/sha512_openssl.go @@ -0,0 +1,26 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package sha512 + @@ -44905,17 +44907,17 @@ index 00000000000000..78014828c62b5e +func PRF(result, secret []byte, label string, seed []byte, h func() hash.Hash) error { + panic("cryptobackend: not available") +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/tls12/tls12_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/tls12/tls12_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/tls12/tls12_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/tls12/tls12_openssl.go new file mode 100644 -index 00000000000000..6196bc62437f04 +index 00000000000000..64c33bc0c6bb87 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/tls12/tls12_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/tls12/tls12_openssl.go @@ -0,0 +1,18 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package tls12 + @@ -45204,17 +45206,17 @@ index 00000000000000..b7ffeea07c6b8d +func expandKDF[H hash.Hash](h func() H, pseudorandomKey []byte, label string, context []byte, keyLen int) ([]byte, error) { + panic("cryptobackend: not available") +} -diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/tls13/tls13_linux.go b/src/vendor/github.com/microsoft/go/cryptobackend/tls13/tls13_linux.go +diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/tls13/tls13_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/tls13/tls13_openssl.go new file mode 100644 -index 00000000000000..08a66f65da98e6 +index 00000000000000..d980d147d6022e --- /dev/null -+++ b/src/vendor/github.com/microsoft/go/cryptobackend/tls13/tls13_linux.go ++++ b/src/vendor/github.com/microsoft/go/cryptobackend/tls13/tls13_openssl.go @@ -0,0 +1,18 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto ++//go:build goexperiment.systemcrypto && (linux || freebsd) + +package tls13 + @@ -45249,7 +45251,7 @@ index 00000000000000..b7ffeea07c6b8d + panic("cryptobackend: not available") +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index 54fcbab6a221c0..39610bdc11ea29 100644 +index 54fcbab6a221c0..37d28d98d59f38 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,57 @@ @@ -45262,7 +45264,7 @@ index 54fcbab6a221c0..39610bdc11ea29 100644 +github.com/microsoft/go-crypto-darwin/internal/security +github.com/microsoft/go-crypto-darwin/internal/xsyscall +github.com/microsoft/go-crypto-darwin/xcrypto -+# github.com/microsoft/go-crypto-openssl v0.5.0 ++# github.com/microsoft/go-crypto-openssl v0.5.1-0.20260702080831-779d2f80165b +## explicit; go 1.25 +github.com/microsoft/go-crypto-openssl/bbig +github.com/microsoft/go-crypto-openssl/internal/fakecgo diff --git a/patches/0002-Add-crypto-backends.patch b/patches/0002-Add-crypto-backends.patch index 6c7ac3ca0f3..303dd7e130e 100644 --- a/patches/0002-Add-crypto-backends.patch +++ b/patches/0002-Add-crypto-backends.patch @@ -10,18 +10,18 @@ Subject: [PATCH] Add crypto backends src/cmd/compile/script_test.go | 8 + src/cmd/compile/testdata/script/README | 2 + src/cmd/dist/build.go | 68 ++++- - src/cmd/dist/test.go | 48 +++- + src/cmd/dist/test.go | 48 ++- src/cmd/go/alldocs.go | 3 + src/cmd/go/go_boring_test.go | 6 +- src/cmd/go/go_test.go | 11 + - src/cmd/go/internal/cfg/cfg.go | 32 ++- + src/cmd/go/internal/cfg/cfg.go | 32 +- src/cmd/go/internal/envcmd/env.go | 3 +- src/cmd/go/internal/help/helpdoc.go | 3 + src/cmd/go/internal/load/pkg.go | 50 +++- src/cmd/go/internal/tool/tool.go | 9 +- .../verylongtest/testdata/script/README | 2 + src/cmd/go/script_test.go | 3 + - src/cmd/go/systemcrypto_test.go | 272 ++++++++++++++++++ + src/cmd/go/systemcrypto_test.go | 278 ++++++++++++++++++ src/cmd/go/testdata/script/README | 2 + src/cmd/go/testdata/script/darwin_no_cgo.txt | 1 + src/cmd/go/testdata/script/env_changed.txt | 3 + @@ -40,16 +40,16 @@ Subject: [PATCH] Add crypto backends src/crypto/aes/aes.go | 6 +- src/crypto/aes/aes_test.go | 2 +- src/crypto/boring/boring.go | 4 +- - src/crypto/cipher/cbc.go | 16 ++ + src/crypto/cipher/cbc.go | 16 + src/crypto/cipher/ctr.go | 7 + src/crypto/cipher/ctr_aes_test.go | 2 +- src/crypto/cipher/gcm.go | 59 +++- src/crypto/cipher/gcm_test.go | 9 +- src/crypto/des/cipher.go | 9 + - src/crypto/dsa/boring.go | 114 ++++++++ + src/crypto/dsa/boring.go | 114 +++++++ src/crypto/dsa/dsa.go | 47 +++ src/crypto/dsa/dsa_test.go | 8 + - src/crypto/dsa/notboring.go | 16 ++ + src/crypto/dsa/notboring.go | 16 + src/crypto/ecdh/ecdh.go | 7 +- src/crypto/ecdh/ecdh_test.go | 19 +- src/crypto/ecdh/nist.go | 54 ++-- @@ -60,7 +60,7 @@ Subject: [PATCH] Add crypto backends src/crypto/ed25519/boring.go | 73 +++++ src/crypto/ed25519/ed25519.go | 73 +++++ src/crypto/ed25519/ed25519_test.go | 14 +- - src/crypto/ed25519/notboring.go | 16 ++ + src/crypto/ed25519/notboring.go | 16 + src/crypto/fips140/enforcement_test.go | 4 + src/crypto/fips140/fips140.go | 3 +- src/crypto/hkdf/hkdf.go | 12 + @@ -81,7 +81,7 @@ Subject: [PATCH] Add crypto backends src/crypto/internal/rand/rand.go | 8 +- src/crypto/md5/md5.go | 12 + src/crypto/md5/md5_test.go | 18 +- - src/crypto/mldsa/mldsa_fips140v1.26.go | 177 +++++++++++- + src/crypto/mldsa/mldsa_fips140v1.26.go | 177 ++++++++++- src/crypto/mldsa/mldsa_test.go | 67 ++++- src/crypto/mlkem/mlkem.go | 120 +++++++- src/crypto/mlkem/mlkem_test.go | 8 + @@ -93,7 +93,7 @@ Subject: [PATCH] Add crypto backends src/crypto/rc4/rc4.go | 20 ++ src/crypto/rsa/boring.go | 25 +- src/crypto/rsa/boring_test.go | 2 +- - src/crypto/rsa/fips.go | 162 +++++------ + src/crypto/rsa/fips.go | 162 +++++----- src/crypto/rsa/notboring.go | 8 +- src/crypto/rsa/pkcs1v15.go | 24 +- src/crypto/rsa/pkcs1v15_test.go | 5 + @@ -107,7 +107,7 @@ Subject: [PATCH] Add crypto backends src/crypto/sha3/sha3.go | 131 ++++++++- src/crypto/sha3/sha3_test.go | 18 +- src/crypto/sha512/sha512.go | 24 +- - src/crypto/sha512/sha512_test.go | 32 ++- + src/crypto/sha512/sha512_test.go | 32 +- src/crypto/systemcrypto_nocgo_linux.go | 18 ++ src/crypto/tls/cipher_suites.go | 17 +- src/crypto/tls/fipsonly/fipsonly.go | 2 +- @@ -133,12 +133,12 @@ Subject: [PATCH] Add crypto backends src/internal/cfg/cfg.go | 1 + src/internal/platform/supported.go | 12 + src/internal/systemcrypto/systemcrypto.go | 20 ++ - .../systemcrypto/systemcrypto_test.go | 58 ++++ + .../systemcrypto/systemcrypto_test.go | 60 ++++ src/net/lookup_test.go | 3 + src/os/exec/exec_test.go | 9 + src/runtime/runtime_boring.go | 5 + src/syscall/syscall_windows.go | 3 + - 134 files changed, 2511 insertions(+), 378 deletions(-) + 134 files changed, 2519 insertions(+), 378 deletions(-) create mode 100644 src/cmd/go/systemcrypto_test.go create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go @@ -763,10 +763,10 @@ index 088b9a8b5fdb2e..4e1e545367afef 100644 // updateSum runs 'go mod tidy', 'go list -mod=mod -m all', or diff --git a/src/cmd/go/systemcrypto_test.go b/src/cmd/go/systemcrypto_test.go new file mode 100644 -index 00000000000000..eeb0ee9c3c9396 +index 00000000000000..797d560bd74929 --- /dev/null +++ b/src/cmd/go/systemcrypto_test.go -@@ -0,0 +1,272 @@ +@@ -0,0 +1,278 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -864,6 +864,8 @@ index 00000000000000..eeb0ee9c3c9396 + {"linux", "riscv64"}, + {"linux", "s390x"}, + {"linux", "arm"}, ++ {"freebsd", "amd64"}, ++ {"freebsd", "arm64"}, + {"darwin", "amd64"}, + {"darwin", "arm64"}, + {"windows", "386"}, @@ -917,6 +919,8 @@ index 00000000000000..eeb0ee9c3c9396 + test := []testCase{ + {"linux", "amd64"}, + {"linux", "arm64"}, ++ {"freebsd", "amd64"}, ++ {"freebsd", "arm64"}, + {"darwin", "amd64"}, + {"darwin", "arm64"}, + {"windows", "amd64"}, @@ -947,6 +951,8 @@ index 00000000000000..eeb0ee9c3c9396 + }{ + {"linux", "amd64"}, + {"linux", "arm64"}, ++ {"freebsd", "amd64"}, ++ {"freebsd", "arm64"}, + {"darwin", "amd64"}, + {"darwin", "arm64"}, + {"windows", "amd64"}, @@ -6493,7 +6499,7 @@ index 9329769721b7de..1724afb71b851e 100644 PKG_CONFIG ` diff --git a/src/internal/platform/supported.go b/src/internal/platform/supported.go -index 6f37e368596498..471c5cc430bb29 100644 +index 6f37e368596498..a1f0382ea2d18b 100644 --- a/src/internal/platform/supported.go +++ b/src/internal/platform/supported.go @@ -279,3 +279,15 @@ func FirstClass(goos, goarch string) bool { @@ -6506,7 +6512,7 @@ index 6f37e368596498..471c5cc430bb29 100644 + switch goos { + case "linux", "darwin": + return true -+ case "windows": ++ case "freebsd", "windows": + return goarch == "amd64" || goarch == "arm64" + default: + return false @@ -6540,10 +6546,10 @@ index 00000000000000..71c1923a270646 +} diff --git a/src/internal/systemcrypto/systemcrypto_test.go b/src/internal/systemcrypto/systemcrypto_test.go new file mode 100644 -index 00000000000000..c37e436bf274e4 +index 00000000000000..5e95772e82cf6e --- /dev/null +++ b/src/internal/systemcrypto/systemcrypto_test.go -@@ -0,0 +1,58 @@ +@@ -0,0 +1,60 @@ +// Copyright 2026 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -6571,7 +6577,9 @@ index 00000000000000..c37e436bf274e4 + {"darwin", "arm64", true}, + {"windows", "amd64", true}, + {"windows", "386", false}, -+ {"freebsd", "amd64", false}, ++ {"freebsd", "amd64", true}, ++ {"freebsd", "arm64", true}, ++ {"freebsd", "386", false}, + } + for _, tt := range tests { + if got := EnabledFor(tt.goos, tt.goarch); got != tt.want { From 7b72771cbfd3d87bafdfa4435d8a1e98baa0efc0 Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 2 Jul 2026 13:42:40 +0100 Subject: [PATCH 2/2] switch to opensslcrypto tag --- cryptobackend/aes/aes_openssl.go | 2 +- cryptobackend/aes/gcm/gcm_openssl.go | 2 +- cryptobackend/backend_openssl.go | 2 +- cryptobackend/bbig/big_openssl.go | 2 +- .../chacha20poly1305_openssl.go | 2 +- cryptobackend/des/des_openssl.go | 2 +- cryptobackend/drbg/rand_openssl.go | 2 +- cryptobackend/dsa/dsa_openssl.go | 2 +- cryptobackend/ecdh/ecdh_openssl.go | 2 +- cryptobackend/ecdsa/ecdsa_openssl.go | 2 +- cryptobackend/ed25519/ed25519_openssl.go | 2 +- cryptobackend/hash/hash_openssl.go | 2 +- cryptobackend/hkdf/hkdf_openssl.go | 2 +- cryptobackend/hmac/hmac_openssl.go | 2 +- .../fips140state/systemfips_openssl.go | 2 +- .../opensslsetup/opensslsetup_openssl.go | 2 +- cryptobackend/md5/md5_openssl.go | 2 +- cryptobackend/mldsa/mldsa_openssl.go | 2 +- cryptobackend/mlkem/mlkem_openssl.go | 2 +- cryptobackend/pbkdf2/pbkdf2_openssl.go | 2 +- cryptobackend/rc4/rc4_openssl.go | 2 +- cryptobackend/rsa/rsa_openssl.go | 2 +- cryptobackend/sha1/sha1_openssl.go | 2 +- cryptobackend/sha256/sha256_openssl.go | 2 +- cryptobackend/sha3/sha3_openssl.go | 2 +- cryptobackend/sha512/sha512_openssl.go | 2 +- cryptobackend/tls12/tls12_openssl.go | 2 +- cryptobackend/tls13/tls13_openssl.go | 2 +- .../0001-Vendor-external-dependencies.patch | 112 +++++++++--------- patches/0002-Add-crypto-backends.patch | 28 +++-- 30 files changed, 101 insertions(+), 95 deletions(-) diff --git a/cryptobackend/aes/aes_openssl.go b/cryptobackend/aes/aes_openssl.go index dde2958ce3e..753814eb397 100644 --- a/cryptobackend/aes/aes_openssl.go +++ b/cryptobackend/aes/aes_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package aes diff --git a/cryptobackend/aes/gcm/gcm_openssl.go b/cryptobackend/aes/gcm/gcm_openssl.go index b34a74dafaf..28223eaadfb 100644 --- a/cryptobackend/aes/gcm/gcm_openssl.go +++ b/cryptobackend/aes/gcm/gcm_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package gcm diff --git a/cryptobackend/backend_openssl.go b/cryptobackend/backend_openssl.go index a41ff9438d3..77ad00bf10b 100644 --- a/cryptobackend/backend_openssl.go +++ b/cryptobackend/backend_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package backend diff --git a/cryptobackend/bbig/big_openssl.go b/cryptobackend/bbig/big_openssl.go index 1dd13cecbd0..13f667a140e 100644 --- a/cryptobackend/bbig/big_openssl.go +++ b/cryptobackend/bbig/big_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package bbig diff --git a/cryptobackend/chacha20poly1305/chacha20poly1305_openssl.go b/cryptobackend/chacha20poly1305/chacha20poly1305_openssl.go index 222c4ae29ce..6002a4a8121 100644 --- a/cryptobackend/chacha20poly1305/chacha20poly1305_openssl.go +++ b/cryptobackend/chacha20poly1305/chacha20poly1305_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package chacha20poly1305 diff --git a/cryptobackend/des/des_openssl.go b/cryptobackend/des/des_openssl.go index e608ed381f4..3d93d355667 100644 --- a/cryptobackend/des/des_openssl.go +++ b/cryptobackend/des/des_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package des diff --git a/cryptobackend/drbg/rand_openssl.go b/cryptobackend/drbg/rand_openssl.go index b7b0f6c1430..2d8be29ec09 100644 --- a/cryptobackend/drbg/rand_openssl.go +++ b/cryptobackend/drbg/rand_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package drbg diff --git a/cryptobackend/dsa/dsa_openssl.go b/cryptobackend/dsa/dsa_openssl.go index d73a67db28d..b40a0834f99 100644 --- a/cryptobackend/dsa/dsa_openssl.go +++ b/cryptobackend/dsa/dsa_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package dsa diff --git a/cryptobackend/ecdh/ecdh_openssl.go b/cryptobackend/ecdh/ecdh_openssl.go index 2a87a84dd86..ff426cb50bb 100644 --- a/cryptobackend/ecdh/ecdh_openssl.go +++ b/cryptobackend/ecdh/ecdh_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package ecdh diff --git a/cryptobackend/ecdsa/ecdsa_openssl.go b/cryptobackend/ecdsa/ecdsa_openssl.go index 943b2f79c87..2db2525ff91 100644 --- a/cryptobackend/ecdsa/ecdsa_openssl.go +++ b/cryptobackend/ecdsa/ecdsa_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package ecdsa diff --git a/cryptobackend/ed25519/ed25519_openssl.go b/cryptobackend/ed25519/ed25519_openssl.go index b66d987ca87..38a71066a5f 100644 --- a/cryptobackend/ed25519/ed25519_openssl.go +++ b/cryptobackend/ed25519/ed25519_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package ed25519 diff --git a/cryptobackend/hash/hash_openssl.go b/cryptobackend/hash/hash_openssl.go index 91d61d0606b..ec708faf535 100644 --- a/cryptobackend/hash/hash_openssl.go +++ b/cryptobackend/hash/hash_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package hash diff --git a/cryptobackend/hkdf/hkdf_openssl.go b/cryptobackend/hkdf/hkdf_openssl.go index eedae4374d9..f21b6d450aa 100644 --- a/cryptobackend/hkdf/hkdf_openssl.go +++ b/cryptobackend/hkdf/hkdf_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package hkdf diff --git a/cryptobackend/hmac/hmac_openssl.go b/cryptobackend/hmac/hmac_openssl.go index 0d4c6133f54..59454fc96c7 100644 --- a/cryptobackend/hmac/hmac_openssl.go +++ b/cryptobackend/hmac/hmac_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package hmac diff --git a/cryptobackend/internal/fips140state/systemfips_openssl.go b/cryptobackend/internal/fips140state/systemfips_openssl.go index 1b1814533bf..1caa5b810ef 100644 --- a/cryptobackend/internal/fips140state/systemfips_openssl.go +++ b/cryptobackend/internal/fips140state/systemfips_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package fips140state diff --git a/cryptobackend/internal/opensslsetup/opensslsetup_openssl.go b/cryptobackend/internal/opensslsetup/opensslsetup_openssl.go index 759261ffefa..b3f09bd0985 100644 --- a/cryptobackend/internal/opensslsetup/opensslsetup_openssl.go +++ b/cryptobackend/internal/opensslsetup/opensslsetup_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto // opensslsetup is a package that initializes the OpenSSL library. // It doesn't export any symbol, but blank importing it has the diff --git a/cryptobackend/md5/md5_openssl.go b/cryptobackend/md5/md5_openssl.go index 7a669c9a12e..acc826f3317 100644 --- a/cryptobackend/md5/md5_openssl.go +++ b/cryptobackend/md5/md5_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package md5 diff --git a/cryptobackend/mldsa/mldsa_openssl.go b/cryptobackend/mldsa/mldsa_openssl.go index c119affb439..426b4a80c91 100644 --- a/cryptobackend/mldsa/mldsa_openssl.go +++ b/cryptobackend/mldsa/mldsa_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package mldsa diff --git a/cryptobackend/mlkem/mlkem_openssl.go b/cryptobackend/mlkem/mlkem_openssl.go index 879ed20a606..bc5dab7f155 100644 --- a/cryptobackend/mlkem/mlkem_openssl.go +++ b/cryptobackend/mlkem/mlkem_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package mlkem diff --git a/cryptobackend/pbkdf2/pbkdf2_openssl.go b/cryptobackend/pbkdf2/pbkdf2_openssl.go index dee614057e9..308d9d9b8ad 100644 --- a/cryptobackend/pbkdf2/pbkdf2_openssl.go +++ b/cryptobackend/pbkdf2/pbkdf2_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package pbkdf2 diff --git a/cryptobackend/rc4/rc4_openssl.go b/cryptobackend/rc4/rc4_openssl.go index 16decd66f39..6cc638d8c7e 100644 --- a/cryptobackend/rc4/rc4_openssl.go +++ b/cryptobackend/rc4/rc4_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package rc4 diff --git a/cryptobackend/rsa/rsa_openssl.go b/cryptobackend/rsa/rsa_openssl.go index dd4d28d2769..e1791c20548 100644 --- a/cryptobackend/rsa/rsa_openssl.go +++ b/cryptobackend/rsa/rsa_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package rsa diff --git a/cryptobackend/sha1/sha1_openssl.go b/cryptobackend/sha1/sha1_openssl.go index 70ef0b15f73..14a92364256 100644 --- a/cryptobackend/sha1/sha1_openssl.go +++ b/cryptobackend/sha1/sha1_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package sha1 diff --git a/cryptobackend/sha256/sha256_openssl.go b/cryptobackend/sha256/sha256_openssl.go index 83fa0abfcae..c5797a6aba6 100644 --- a/cryptobackend/sha256/sha256_openssl.go +++ b/cryptobackend/sha256/sha256_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package sha256 diff --git a/cryptobackend/sha3/sha3_openssl.go b/cryptobackend/sha3/sha3_openssl.go index b5095e5c9cf..12d5ce0f8ea 100644 --- a/cryptobackend/sha3/sha3_openssl.go +++ b/cryptobackend/sha3/sha3_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package sha3 diff --git a/cryptobackend/sha512/sha512_openssl.go b/cryptobackend/sha512/sha512_openssl.go index eb0dde0002c..de85ce201fe 100644 --- a/cryptobackend/sha512/sha512_openssl.go +++ b/cryptobackend/sha512/sha512_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package sha512 diff --git a/cryptobackend/tls12/tls12_openssl.go b/cryptobackend/tls12/tls12_openssl.go index 64c33bc0c6b..a1c4e380e39 100644 --- a/cryptobackend/tls12/tls12_openssl.go +++ b/cryptobackend/tls12/tls12_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package tls12 diff --git a/cryptobackend/tls13/tls13_openssl.go b/cryptobackend/tls13/tls13_openssl.go index d980d147d60..29d97cd38cb 100644 --- a/cryptobackend/tls13/tls13_openssl.go +++ b/cryptobackend/tls13/tls13_openssl.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build goexperiment.systemcrypto && (linux || freebsd) +//go:build goexperiment.opensslcrypto package tls13 diff --git a/patches/0001-Vendor-external-dependencies.patch b/patches/0001-Vendor-external-dependencies.patch index 90d66720cbe..1321a188129 100644 --- a/patches/0001-Vendor-external-dependencies.patch +++ b/patches/0001-Vendor-external-dependencies.patch @@ -40942,7 +40942,7 @@ index 00000000000000..97d73de468500c +func New(key []byte) (cipher.Block, error) { return xcrypto.NewAESCipher(key) } diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/aes/aes_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/aes/aes_openssl.go new file mode 100644 -index 00000000000000..dde2958ce3e060 +index 00000000000000..753814eb397c77 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/aes/aes_openssl.go @@ -0,0 +1,15 @@ @@ -40950,7 +40950,7 @@ index 00000000000000..dde2958ce3e060 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package aes + @@ -41007,7 +41007,7 @@ index 00000000000000..a05c567366845c +func NewTLS13(c cipher.Block) (cipher.AEAD, error) { return xcrypto.NewGCMTLS13(c) } diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/gcm_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/gcm_openssl.go new file mode 100644 -index 00000000000000..b34a74dafaf358 +index 00000000000000..28223eaadfb7b3 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/aes/gcm/gcm_openssl.go @@ -0,0 +1,17 @@ @@ -41015,7 +41015,7 @@ index 00000000000000..b34a74dafaf358 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package gcm + @@ -41161,7 +41161,7 @@ index 00000000000000..a9ee1b58fd4ce1 +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/backend_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/backend_openssl.go new file mode 100644 -index 00000000000000..a41ff9438d31b6 +index 00000000000000..77ad00bf10b6c1 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/backend_openssl.go @@ -0,0 +1,27 @@ @@ -41169,7 +41169,7 @@ index 00000000000000..a41ff9438d31b6 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package backend + @@ -41258,7 +41258,7 @@ index 00000000000000..889f2ff7c703d8 +var Dec = bbig.Dec diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/bbig/big_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/bbig/big_openssl.go new file mode 100644 -index 00000000000000..1dd13cecbd026d +index 00000000000000..13f667a140e05f --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/bbig/big_openssl.go @@ -0,0 +1,12 @@ @@ -41266,7 +41266,7 @@ index 00000000000000..1dd13cecbd026d +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package bbig + @@ -41337,7 +41337,7 @@ index 00000000000000..0ce838f9a5f7d3 +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/chacha20poly1305_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/chacha20poly1305_openssl.go new file mode 100644 -index 00000000000000..222c4ae29ce878 +index 00000000000000..6002a4a8121bd8 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/chacha20poly1305/chacha20poly1305_openssl.go @@ -0,0 +1,24 @@ @@ -41345,7 +41345,7 @@ index 00000000000000..222c4ae29ce878 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package chacha20poly1305 + @@ -41509,7 +41509,7 @@ index 00000000000000..9df97e1cabc36c +func NewTripleDES(key []byte) (cipher.Block, error) { return xcrypto.NewTripleDESCipher(key) } diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/des/des_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/des/des_openssl.go new file mode 100644 -index 00000000000000..e608ed381f4d4b +index 00000000000000..3d93d355667bf6 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/des/des_openssl.go @@ -0,0 +1,21 @@ @@ -41517,7 +41517,7 @@ index 00000000000000..e608ed381f4d4b +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package des + @@ -41652,7 +41652,7 @@ index 00000000000000..be7f0f574c9486 +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/drbg/rand_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/drbg/rand_openssl.go new file mode 100644 -index 00000000000000..b7b0f6c1430676 +index 00000000000000..2d8be29ec09e75 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/drbg/rand_openssl.go @@ -0,0 +1,19 @@ @@ -41660,7 +41660,7 @@ index 00000000000000..b7b0f6c1430676 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package drbg + @@ -41733,7 +41733,7 @@ index 00000000000000..36db87c344ad67 +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/dsa/dsa_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/dsa/dsa_openssl.go new file mode 100644 -index 00000000000000..d73a67db28d010 +index 00000000000000..b40a0834f9918d --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/dsa/dsa_openssl.go @@ -0,0 +1,93 @@ @@ -41741,7 +41741,7 @@ index 00000000000000..d73a67db28d010 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package dsa + @@ -41955,7 +41955,7 @@ index 00000000000000..67de2e7bb2098e +func ECDH(priv *PrivateKey, pub *PublicKey) ([]byte, error) { return xcrypto.ECDH(priv, pub) } diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/ecdh/ecdh_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/ecdh/ecdh_openssl.go new file mode 100644 -index 00000000000000..2a87a84dd86db2 +index 00000000000000..ff426cb50bb437 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/ecdh/ecdh_openssl.go @@ -0,0 +1,26 @@ @@ -41963,7 +41963,7 @@ index 00000000000000..2a87a84dd86db2 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package ecdh + @@ -42111,7 +42111,7 @@ index 00000000000000..2bce40cb490cdb +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/ecdsa_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/ecdsa_openssl.go new file mode 100644 -index 00000000000000..943b2f79c874c6 +index 00000000000000..2db2525ff91db1 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/ecdsa/ecdsa_openssl.go @@ -0,0 +1,33 @@ @@ -42119,7 +42119,7 @@ index 00000000000000..943b2f79c874c6 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package ecdsa + @@ -42322,7 +42322,7 @@ index 00000000000000..339ad263058c45 +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/ed25519/ed25519_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/ed25519/ed25519_openssl.go new file mode 100644 -index 00000000000000..b66d987ca87b15 +index 00000000000000..38a71066a5fe99 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/ed25519/ed25519_openssl.go @@ -0,0 +1,24 @@ @@ -42330,7 +42330,7 @@ index 00000000000000..b66d987ca87b15 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package ed25519 + @@ -42461,7 +42461,7 @@ index 00000000000000..30b7bebbacd109 +func Approved(h hash.Hash) bool { return xcrypto.FIPSApprovedHash(h) } diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/hash/hash_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/hash/hash_openssl.go new file mode 100644 -index 00000000000000..91d61d0606ba7d +index 00000000000000..ec708faf535cb4 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/hash/hash_openssl.go @@ -0,0 +1,15 @@ @@ -42469,7 +42469,7 @@ index 00000000000000..91d61d0606ba7d +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package hash + @@ -42568,7 +42568,7 @@ index 00000000000000..c6d8af02b74f53 +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/hkdf/hkdf_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/hkdf/hkdf_openssl.go new file mode 100644 -index 00000000000000..eedae4374d91e1 +index 00000000000000..f21b6d450aabd2 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/hkdf/hkdf_openssl.go @@ -0,0 +1,21 @@ @@ -42576,7 +42576,7 @@ index 00000000000000..eedae4374d91e1 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package hkdf + @@ -42681,7 +42681,7 @@ index 00000000000000..9623b2e99b8cad +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/hmac/hmac_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/hmac/hmac_openssl.go new file mode 100644 -index 00000000000000..0d4c6133f5434d +index 00000000000000..59454fc96c76f1 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/hmac/hmac_openssl.go @@ -0,0 +1,17 @@ @@ -42689,7 +42689,7 @@ index 00000000000000..0d4c6133f5434d +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package hmac + @@ -42998,7 +42998,7 @@ index 00000000000000..a6fba27162a6ef +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/systemfips_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/systemfips_openssl.go new file mode 100644 -index 00000000000000..1b1814533bf60d +index 00000000000000..1caa5b810ef380 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/internal/fips140state/systemfips_openssl.go @@ -0,0 +1,57 @@ @@ -43006,7 +43006,7 @@ index 00000000000000..1b1814533bf60d +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package fips140state + @@ -43099,7 +43099,7 @@ index 00000000000000..2dc899297e4c3d +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/internal/opensslsetup/opensslsetup_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/internal/opensslsetup/opensslsetup_openssl.go new file mode 100644 -index 00000000000000..759261ffefa52d +index 00000000000000..b3f09bd0985254 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/internal/opensslsetup/opensslsetup_openssl.go @@ -0,0 +1,68 @@ @@ -43107,7 +43107,7 @@ index 00000000000000..759261ffefa52d +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +// opensslsetup is a package that initializes the OpenSSL library. +// It doesn't export any symbol, but blank importing it has the @@ -43226,7 +43226,7 @@ index 00000000000000..2d5cd1659573c5 +func Sum(data []byte) [16]byte { return xcrypto.MD5(data) } diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/md5/md5_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/md5/md5_openssl.go new file mode 100644 -index 00000000000000..7a669c9a12ec85 +index 00000000000000..acc826f3317158 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/md5/md5_openssl.go @@ -0,0 +1,20 @@ @@ -43234,7 +43234,7 @@ index 00000000000000..7a669c9a12ec85 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package md5 + @@ -43344,7 +43344,7 @@ index 00000000000000..2888d5253905d0 +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/mldsa/mldsa_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/mldsa/mldsa_openssl.go new file mode 100644 -index 00000000000000..c119affb439541 +index 00000000000000..426b4a80c91192 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/mldsa/mldsa_openssl.go @@ -0,0 +1,26 @@ @@ -43352,7 +43352,7 @@ index 00000000000000..c119affb439541 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package mldsa + @@ -43508,7 +43508,7 @@ index 00000000000000..9a0cc2702913db +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/mlkem/mlkem_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/mlkem/mlkem_openssl.go new file mode 100644 -index 00000000000000..879ed20a60698b +index 00000000000000..bc5dab7f155d89 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/mlkem/mlkem_openssl.go @@ -0,0 +1,31 @@ @@ -43516,7 +43516,7 @@ index 00000000000000..879ed20a60698b +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package mlkem + @@ -43717,7 +43717,7 @@ index 00000000000000..df3b087cbc3758 +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/pbkdf2_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/pbkdf2_openssl.go new file mode 100644 -index 00000000000000..dee614057e924f +index 00000000000000..308d9d9b8adc2f --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/pbkdf2/pbkdf2_openssl.go @@ -0,0 +1,18 @@ @@ -43725,7 +43725,7 @@ index 00000000000000..dee614057e924f +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package pbkdf2 + @@ -43822,7 +43822,7 @@ index 00000000000000..ddcff4caa4da2e +func New(key []byte) (*Cipher, error) { return xcrypto.NewRC4Cipher(key) } diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/rc4/rc4_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/rc4/rc4_openssl.go new file mode 100644 -index 00000000000000..16decd66f39659 +index 00000000000000..6cc638d8c7e640 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/rc4/rc4_openssl.go @@ -0,0 +1,15 @@ @@ -43830,7 +43830,7 @@ index 00000000000000..16decd66f39659 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package rc4 + @@ -44100,7 +44100,7 @@ index 00000000000000..b932d97b59d71a +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/rsa/rsa_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/rsa/rsa_openssl.go new file mode 100644 -index 00000000000000..dd4d28d2769a21 +index 00000000000000..e1791c2054808b --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/rsa/rsa_openssl.go @@ -0,0 +1,85 @@ @@ -44108,7 +44108,7 @@ index 00000000000000..dd4d28d2769a21 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package rsa + @@ -44329,7 +44329,7 @@ index 00000000000000..db59a9d7047daf +func Sum(data []byte) [20]byte { return xcrypto.SHA1(data) } diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/sha1/sha1_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/sha1/sha1_openssl.go new file mode 100644 -index 00000000000000..70ef0b15f73efd +index 00000000000000..14a923642567c5 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/sha1/sha1_openssl.go @@ -0,0 +1,17 @@ @@ -44337,7 +44337,7 @@ index 00000000000000..70ef0b15f73efd +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package sha1 + @@ -44436,7 +44436,7 @@ index 00000000000000..24998928a3e884 +func Sum224(data []byte) [28]byte { panic("cryptobackend: not available") } diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/sha256/sha256_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/sha256/sha256_openssl.go new file mode 100644 -index 00000000000000..83fa0abfcae7c6 +index 00000000000000..c5797a6aba6551 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/sha256/sha256_openssl.go @@ -0,0 +1,21 @@ @@ -44444,7 +44444,7 @@ index 00000000000000..83fa0abfcae7c6 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package sha256 + @@ -44614,7 +44614,7 @@ index 00000000000000..d0eda8e86b877b +func SumSHAKE256(data []byte, length int) []byte { panic("cryptobackend: not available") } diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/sha3/sha3_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/sha3/sha3_openssl.go new file mode 100644 -index 00000000000000..b5095e5c9cf570 +index 00000000000000..12d5ce0f8ea0e3 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/sha3/sha3_openssl.go @@ -0,0 +1,40 @@ @@ -44622,7 +44622,7 @@ index 00000000000000..b5095e5c9cf570 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package sha3 + @@ -44777,7 +44777,7 @@ index 00000000000000..9f243570638d35 +func Sum512_256(data []byte) [32]byte { panic("cryptobackend: not available") } diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/sha512/sha512_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/sha512/sha512_openssl.go new file mode 100644 -index 00000000000000..eb0dde0002c106 +index 00000000000000..de85ce201fee50 --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/sha512/sha512_openssl.go @@ -0,0 +1,26 @@ @@ -44785,7 +44785,7 @@ index 00000000000000..eb0dde0002c106 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package sha512 + @@ -44909,7 +44909,7 @@ index 00000000000000..78014828c62b5e +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/tls12/tls12_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/tls12/tls12_openssl.go new file mode 100644 -index 00000000000000..64c33bc0c6bb87 +index 00000000000000..a1c4e380e3909b --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/tls12/tls12_openssl.go @@ -0,0 +1,18 @@ @@ -44917,7 +44917,7 @@ index 00000000000000..64c33bc0c6bb87 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package tls12 + @@ -45208,7 +45208,7 @@ index 00000000000000..b7ffeea07c6b8d +} diff --git a/src/vendor/github.com/microsoft/go/cryptobackend/tls13/tls13_openssl.go b/src/vendor/github.com/microsoft/go/cryptobackend/tls13/tls13_openssl.go new file mode 100644 -index 00000000000000..d980d147d6022e +index 00000000000000..29d97cd38cb6bc --- /dev/null +++ b/src/vendor/github.com/microsoft/go/cryptobackend/tls13/tls13_openssl.go @@ -0,0 +1,18 @@ @@ -45216,7 +45216,7 @@ index 00000000000000..d980d147d6022e +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.systemcrypto && (linux || freebsd) ++//go:build goexperiment.opensslcrypto + +package tls13 + diff --git a/patches/0002-Add-crypto-backends.patch b/patches/0002-Add-crypto-backends.patch index 303dd7e130e..545bfb9e6f2 100644 --- a/patches/0002-Add-crypto-backends.patch +++ b/patches/0002-Add-crypto-backends.patch @@ -17,11 +17,11 @@ Subject: [PATCH] Add crypto backends src/cmd/go/internal/cfg/cfg.go | 32 +- src/cmd/go/internal/envcmd/env.go | 3 +- src/cmd/go/internal/help/helpdoc.go | 3 + - src/cmd/go/internal/load/pkg.go | 50 +++- + src/cmd/go/internal/load/pkg.go | 50 ++- src/cmd/go/internal/tool/tool.go | 9 +- .../verylongtest/testdata/script/README | 2 + src/cmd/go/script_test.go | 3 + - src/cmd/go/systemcrypto_test.go | 278 ++++++++++++++++++ + src/cmd/go/systemcrypto_test.go | 284 ++++++++++++++++++ src/cmd/go/testdata/script/README | 2 + src/cmd/go/testdata/script/darwin_no_cgo.txt | 1 + src/cmd/go/testdata/script/env_changed.txt | 3 + @@ -104,7 +104,7 @@ Subject: [PATCH] Add crypto backends src/crypto/sha1/sha1_test.go | 11 +- src/crypto/sha256/sha256.go | 16 +- src/crypto/sha256/sha256_test.go | 44 ++- - src/crypto/sha3/sha3.go | 131 ++++++++- + src/crypto/sha3/sha3.go | 131 +++++++- src/crypto/sha3/sha3_test.go | 18 +- src/crypto/sha512/sha512.go | 24 +- src/crypto/sha512/sha512_test.go | 32 +- @@ -121,7 +121,7 @@ Subject: [PATCH] Add crypto backends src/crypto/tls/prf.go | 26 ++ src/crypto/tls/prf_test.go | 9 + src/crypto/x509/verify_test.go | 2 +- - src/go/build/buildbackend_test.go | 50 ++++ + src/go/build/buildbackend_test.go | 50 +++ src/go/build/deps_test.go | 94 +++++- .../build/testdata/backendtags_system/main.go | 3 + .../backendtags_system/systemcrypto.go | 3 + @@ -138,7 +138,7 @@ Subject: [PATCH] Add crypto backends src/os/exec/exec_test.go | 9 + src/runtime/runtime_boring.go | 5 + src/syscall/syscall_windows.go | 3 + - 134 files changed, 2519 insertions(+), 378 deletions(-) + 134 files changed, 2525 insertions(+), 378 deletions(-) create mode 100644 src/cmd/go/systemcrypto_test.go create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go @@ -504,7 +504,7 @@ index 47839e0229b951..99ac16a3951934 100644 tg.parallel() defer tg.cleanup() diff --git a/src/cmd/go/internal/cfg/cfg.go b/src/cmd/go/internal/cfg/cfg.go -index 78cbbb949e7c27..f8b16160f50713 100644 +index 78cbbb949e7c27..38bf1efb8794da 100644 --- a/src/cmd/go/internal/cfg/cfg.go +++ b/src/cmd/go/internal/cfg/cfg.go @@ -14,11 +14,13 @@ import ( @@ -559,7 +559,7 @@ index 78cbbb949e7c27..f8b16160f50713 100644 + switch Goos { + case "darwin": + expTags = append(expTags, "goexperiment.darwincrypto") -+ case "linux": ++ case "linux", "freebsd": + expTags = append(expTags, "goexperiment.opensslcrypto") + case "windows": + expTags = append(expTags, "goexperiment.cngcrypto") @@ -763,10 +763,10 @@ index 088b9a8b5fdb2e..4e1e545367afef 100644 // updateSum runs 'go mod tidy', 'go list -mod=mod -m all', or diff --git a/src/cmd/go/systemcrypto_test.go b/src/cmd/go/systemcrypto_test.go new file mode 100644 -index 00000000000000..797d560bd74929 +index 00000000000000..8e7f07fe1f758c --- /dev/null +++ b/src/cmd/go/systemcrypto_test.go -@@ -0,0 +1,278 @@ +@@ -0,0 +1,284 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -1016,6 +1016,12 @@ index 00000000000000..797d560bd74929 + badFiles: []string{"without_system.go", "with_openssl.go", "with_darwin.go"}, + }, + { ++ name: "freebsd_supported", ++ env: []string{"GOOS=freebsd", "GOARCH=amd64", "MS_GO_NOSYSTEMCRYPTO=0"}, ++ wantFiles: []string{"with_system.go", "with_openssl.go"}, ++ badFiles: []string{"without_system.go", "with_cng.go", "with_darwin.go"}, ++ }, ++ { + name: "disabled", + env: []string{"GOOS=linux", "GOARCH=amd64", "MS_GO_NOSYSTEMCRYPTO=1"}, + wantFiles: []string{"without_system.go"}, @@ -6546,7 +6552,7 @@ index 00000000000000..71c1923a270646 +} diff --git a/src/internal/systemcrypto/systemcrypto_test.go b/src/internal/systemcrypto/systemcrypto_test.go new file mode 100644 -index 00000000000000..5e95772e82cf6e +index 00000000000000..38c7bfa3c0b7b1 --- /dev/null +++ b/src/internal/systemcrypto/systemcrypto_test.go @@ -0,0 +1,60 @@ @@ -6611,7 +6617,7 @@ index 00000000000000..5e95772e82cf6e + } +} diff --git a/src/net/lookup_test.go b/src/net/lookup_test.go -index 42211ed099ed1e..e6d185374ffe6d 100644 +index afa7e4c14aaf1f..0583582295c751 100644 --- a/src/net/lookup_test.go +++ b/src/net/lookup_test.go @@ -1500,6 +1500,9 @@ func TestLookupPortIPNetworkString(t *testing.T) {