Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package aes

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package gcm

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package backend

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package bbig

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package chacha20poly1305

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package des

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package drbg

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package dsa

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package ecdh

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package ecdsa

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package ed25519

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package hash

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package hkdf

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package hmac

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package fips140state

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

// opensslsetup is a package that initializes the OpenSSL library.
// It doesn't export any symbol, but blank importing it has the
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package md5

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package mldsa

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package mlkem

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package pbkdf2

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package rc4

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package rsa

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package sha1

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package sha256

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package sha3

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package sha512

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package tls12

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build goexperiment.systemcrypto
//go:build goexperiment.opensslcrypto

package tls13

Expand Down
5 changes: 5 additions & 0 deletions eng/_util/cmd/updatecryptodocs/header.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,11 @@ OpenSSL 3 implements all the cryptographic algorithms using [Providers](https://
The Microsoft build of Go officially supports the built-in providers and [SCOSSL (SymCrypt provider for OpenSSL)](https://github.com/microsoft/SymCrypt-OpenSSL) v1.6.1 or later.
SCOSSL is expected to be used with the default built-in provider enabled as a fallback (which is the case when using [Azure Linux 3](https://github.com/microsoft/AzureLinux)).

### FreeBSD

Since Go 1.27, the Microsoft build of Go uses the [OpenSSL crypto library](https://docs.openssl.org/3.0/man7/crypto/) on FreeBSD (`amd64` and `arm64`), the same backend as on Linux.
The algorithm support listed in the Linux column of the tables below also applies to FreeBSD.

### macOS

On macOS, the Microsoft build of Go uses [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) for cryptographic operations.
Expand Down
5 changes: 5 additions & 0 deletions eng/doc/CrossPlatformCryptography.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ OpenSSL 3 implements all the cryptographic algorithms using [Providers](https://
The Microsoft build of Go officially supports the built-in providers and [SCOSSL (SymCrypt provider for OpenSSL)](https://github.com/microsoft/SymCrypt-OpenSSL) v1.6.1 or later.
SCOSSL is expected to be used with the default built-in provider enabled as a fallback (which is the case when using [Azure Linux 3](https://github.com/microsoft/AzureLinux)).

### FreeBSD

Since Go 1.27, the Microsoft build of Go uses the [OpenSSL crypto library](https://docs.openssl.org/3.0/man7/crypto/) on FreeBSD (`amd64` and `arm64`), the same backend as on Linux.
The algorithm support listed in the Linux column of the tables below also applies to FreeBSD.

### macOS

On macOS, the Microsoft build of Go uses [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) for cryptographic operations.
Expand Down
17 changes: 13 additions & 4 deletions eng/doc/NocgoOpenSSL.md
Original file line number Diff line number Diff line change
@@ -1,22 +1,26 @@
# No-cgo OpenSSL Backend

This document describes how the Microsoft build of Go uses the cgo-less OpenSSL backend on Linux.
This document describes how the Microsoft build of Go uses the cgo-less OpenSSL backend on Linux and FreeBSD.

## Overview

In Go 1.27 and later, the cgo-less OpenSSL backend is part of `systemcrypto` on Linux.
In Go 1.27 and later, the cgo-less OpenSSL backend is part of `systemcrypto` on Linux and FreeBSD.
It is selected automatically when cgo is disabled and the target architecture is supported.

> [!NOTE]
> In Go 1.26, this backend was available as the experimental `GOEXPERIMENT=ms_nocgo_opensslcrypto` feature.
> In Go 1.26, this backend was available as the experimental `GOEXPERIMENT=ms_nocgo_opensslcrypto` feature on Linux only.
>
> In Go 1.27, that experiment has been removed because the cgo-less backend is selected automatically when needed.
>
> FreeBSD support was added in Go 1.27.

This allows the use of OpenSSL without requiring cgo.

## Supported architectures

The cgo-less OpenSSL backend is supported on the following architectures:
The cgo-less OpenSSL backend is supported on the following architectures.

On Linux:

- 386
- **amd64**
Expand All @@ -27,6 +31,11 @@ The cgo-less OpenSSL backend is supported on the following architectures:
- riscv64
- s390x (added in Go 1.27)

On FreeBSD (added in Go 1.27):

- **amd64**
- **arm64**

The set of supported architectures is limited because each architecture requires a unique assembly implementation to call OpenSSL.
Architectures are added based on demand and available resources.
To see existing requests or request support for additional architectures, use the [![](https://img.shields.io/github/labels/microsoft/go/Area-Nocgo)](https://github.com/microsoft/go/labels/Area-Nocgo) label.
Expand Down
1 change: 1 addition & 0 deletions eng/doc/fips/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ The `systemcrypto` experiment uses platform-specific code via build constraints.
| Target platform | Library |
| --- | --- |
| Linux | OpenSSL |
| FreeBSD (amd64 and arm64, since Go 1.27) | OpenSSL |
| Windows | CNG |
| macOS | CommonCrypto & CryptoKit |

Expand Down
Loading
Loading