microsoft · qmuntal · Jan 7, 2025 · Jan 3, 2025 · Jan 6, 2025 · Jan 7, 2025
@@ -556,7 +556,7 @@ index 275c60b4de49eb..ff8bddf28c4545 100644
  	"math/big"
  )
 diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go
-index 77727aaf96befb..dedaa0fe4100b1 100644
+index 0f9749975ffba9..41ac17df22d7d7 100644
 --- a/src/crypto/ecdsa/ecdsa.go
 +++ b/src/crypto/ecdsa/ecdsa.go
 @@ -18,8 +18,8 @@ import (
@@ -1502,18 +1502,18 @@ index 437d9b9d4c0e0d..5bc3e7b0f8435f 100644
 
  		h := New()
 diff --git a/src/crypto/pbkdf2/pbkdf2.go b/src/crypto/pbkdf2/pbkdf2.go
-index 0fdd9e822d40a5..bc8e560487a6ef 100644
+index d40daab5e5b879..c32b3fd82b99b0 100644
 --- a/src/crypto/pbkdf2/pbkdf2.go
 +++ b/src/crypto/pbkdf2/pbkdf2.go
-@@ -19,6 +19,7 @@ pbkdf2.Key.
+@@ -11,6 +11,7 @@
  package pbkdf2
 
  import (
 +	boring "crypto/internal/backend"
  	"crypto/internal/fips140/pbkdf2"
  	"crypto/internal/fips140only"
  	"errors"
-@@ -53,5 +54,8 @@ func Key[Hash hash.Hash](h func() Hash, password string, salt []byte, iter, keyL
+@@ -45,5 +46,8 @@ func Key[Hash hash.Hash](h func() Hash, password string, salt []byte, iter, keyL
  			return nil, errors.New("crypto/pbkdf2: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode")
  		}
  	}
@@ -1812,7 +1812,7 @@ index fb23f003a6f217..be374dad6969d5 100644
  	"crypto/internal/fips140/rsa"
  	"crypto/internal/fips140only"
 diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go
-index 2474ab82dfa207..78e9b47f051484 100644
+index 2535661040273a..f9543d9cc89e7b 100644
 --- a/src/crypto/rsa/rsa_test.go
 +++ b/src/crypto/rsa/rsa_test.go
 @@ -8,7 +8,7 @@ import (
@@ -2084,10 +2084,10 @@ index 027bc22c33c921..eba08da985f832 100644
  package fipsonly
 
 diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
-index ecc62ff2edefc0..776fec96f0f349 100644
+index 38bd417a0dca72..9eec202234fa94 100644
 --- a/src/crypto/tls/handshake_client.go
 +++ b/src/crypto/tls/handshake_client.go
-@@ -548,7 +548,15 @@ func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error {
+@@ -549,7 +549,15 @@ func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error {
 
  // Does the handshake, either a full one or resumes old session. Requires hs.c,
  // hs.hello, hs.serverHello, and, optionally, hs.session to be set.
@@ -2105,7 +2105,7 @@ index ecc62ff2edefc0..776fec96f0f349 100644
 
  	isResume, err := hs.processServerHello()
 diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go
-index 38c6025db74ee8..356036321d6283 100644
+index c0396e75796add..819bc54822f0cb 100644
 --- a/src/crypto/tls/handshake_client_tls13.go
 +++ b/src/crypto/tls/handshake_client_tls13.go
 @@ -8,8 +8,8 @@ import (
@@ -2118,7 +2118,7 @@ index 38c6025db74ee8..356036321d6283 100644
  	"crypto/internal/fips140/mlkem"
  	"crypto/internal/fips140/tls13"
  	"crypto/rsa"
-@@ -91,8 +91,12 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
+@@ -90,8 +90,12 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
  		confTranscript.Write(hs.serverHello.original[:30])
  		confTranscript.Write(make([]byte, 8))
  		confTranscript.Write(hs.serverHello.original[38:])
@@ -2132,7 +2132,7 @@ index 38c6025db74ee8..356036321d6283 100644
  			"ech accept confirmation",
  			confTranscript.Sum(nil),
  			8,
-@@ -268,8 +272,12 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error {
+@@ -264,8 +268,12 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error {
  			copy(hrrHello, hs.serverHello.original)
  			hrrHello = bytes.Replace(hrrHello, hs.serverHello.encryptedClientHello, make([]byte, 8), 1)
  			confTranscript.Write(hrrHello)
@@ -2168,7 +2168,7 @@ index 7c75977ad3ffb2..b9db95ca7b9d5a 100644
 
  	if err := hs.processClientHello(); err != nil {
 diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
-index 3552d89ba3bc6f..b3c4c8261887d0 100644
+index 76fff6974e7403..218d40171d2567 100644
 --- a/src/crypto/tls/handshake_server_tls13.go
 +++ b/src/crypto/tls/handshake_server_tls13.go
 @@ -8,8 +8,9 @@ import (
@@ -2318,48 +2318,51 @@ index e7369542a73270..ff52175e4ac636 100644
  	}
  }
 diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
-index cc7f4df7f388ea..58082b3636f209 100644
+index d9d985dca4ade4..de88160bcf3a1c 100644
 --- a/src/go/build/deps_test.go
 +++ b/src/go/build/deps_test.go
-@@ -491,9 +491,11 @@ var depsRules = `
+@@ -493,6 +493,8 @@ var depsRules = `
  	< crypto/internal/fips140/rsa
  	< FIPS;
 
 +	syscall < crypto/internal/backend/fips140;
 +
- 	FIPS < crypto/internal/fips140/check/checktest;
-
--	FIPS, sync/atomic < crypto/tls/internal/fips140tls;
-+	FIPS, sync/atomic, crypto/internal/backend/fips140 < crypto/tls/internal/fips140tls;
+ 	FIPS, internal/godebug < crypto/fips140;
 
- 	FIPS, internal/godebug, hash < crypto/fips140, crypto/internal/fips140only;
-
-@@ -505,6 +507,7 @@ var depsRules = `
- 	FIPS, crypto/internal/fips140only,
+ 	crypto, hash !< FIPS;
+@@ -506,12 +508,15 @@ var depsRules = `
+ 	FIPS, internal/godebug, hash, embed,
  	crypto/internal/boring/sig,
  	crypto/internal/boring/syso,
 +	encoding/binary,
- 	golang.org/x/sys/cpu,
- 	hash, embed
- 	< crypto
-@@ -514,7 +517,9 @@ var depsRules = `
-
- 	crypto/cipher,
  	crypto/internal/boring/bcache
 +	crypto/internal/backend/fips140
+ 	< crypto/internal/fips140only
+ 	< crypto
+ 	< crypto/subtle
+ 	< crypto/cipher
  	< crypto/internal/boring
 +	< crypto/internal/backend
- 	< crypto/boring;
+ 	< crypto/boring
+ 	< crypto/aes,
+ 	  crypto/des,
+@@ -534,6 +539,7 @@ var depsRules = `
 
- 	crypto/boring
-@@ -546,6 +551,7 @@ var depsRules = `
- 	# CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok.
  	CRYPTO, FMT, math/big
  	< crypto/internal/boring/bbig
 +	< crypto/internal/backend/bbig
  	< crypto/rand
- 	< crypto/ed25519
+ 	< crypto/ed25519 # depends on crypto/rand.Reader
  	< encoding/asn1
+@@ -547,7 +553,7 @@ var depsRules = `
+
+ 	# TLS, Prince of Dependencies.
+
+-	FIPS, sync/atomic < crypto/tls/internal/fips140tls;
++	FIPS, sync/atomic, crypto/internal/backend/fips140 < crypto/tls/internal/fips140tls;
+
+ 	crypto/internal/boring/sig, crypto/tls/internal/fips140tls < crypto/tls/fipsonly;
+
 diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go
 new file mode 100644
 index 00000000000000..52748c44698076

@@ -27,10 +27,10 @@ Subject: [PATCH] Add OpenSSL crypto backend
  create mode 100644 src/internal/goexperiment/exp_opensslcrypto_on.go
 
 diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
-index 5a981f8bc147de..b38d84db20172a 100644
+index 06bd01bc5bb995..9561bf2bca9a9d 100644
 --- a/src/cmd/dist/test.go
 +++ b/src/cmd/dist/test.go
-@@ -1322,12 +1322,11 @@ func (t *tester) registerCgoTests(heading string) {
+@@ -1324,12 +1324,11 @@ func (t *tester) registerCgoTests(heading string) {
  			// a C linker warning on Linux.
  			// in function `bio_ip_and_port_to_socket_and_addr':
  			// warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
@@ -478,7 +478,7 @@ index 00000000000000..d3a663737a1ce3
 +	return openssl.VerifyDSA(pub, hashed, sig)
 +}
 diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go
-index 78e9b47f051484..4fdfcdc4c91004 100644
+index f9543d9cc89e7b..f07c75821aab13 100644
 --- a/src/crypto/rsa/rsa_test.go
 +++ b/src/crypto/rsa/rsa_test.go
 @@ -846,6 +846,9 @@ func TestDecryptOAEP(t *testing.T) {
@@ -514,30 +514,34 @@ index 9e661352f16e0b..0a58eccb57a869 100644
  golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
  golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ=
 diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
-index 58082b3636f209..37cb128ba9409a 100644
+index de88160bcf3a1c..339cb53d8a1468 100644
 --- a/src/go/build/deps_test.go
 +++ b/src/go/build/deps_test.go
-@@ -516,8 +516,10 @@ var depsRules = `
- 	< crypto/sha3;
-
- 	crypto/cipher,
+@@ -509,12 +509,14 @@ var depsRules = `
+ 	crypto/internal/boring/sig,
+ 	crypto/internal/boring/syso,
+ 	encoding/binary,
 -	crypto/internal/boring/bcache
 +	crypto/internal/boring/bcache,
  	crypto/internal/backend/fips140
+ 	< crypto/internal/fips140only
+ 	< crypto
+ 	< crypto/subtle
+ 	< crypto/cipher
 +	< github.com/golang-fips/openssl/v2/internal/subtle
 +	< github.com/golang-fips/openssl/v2
  	< crypto/internal/boring
  	< crypto/internal/backend
- 	< crypto/boring;
-@@ -550,6 +552,7 @@ var depsRules = `
+ 	< crypto/boring
+@@ -538,6 +540,7 @@ var depsRules = `
+ 	# CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok.
 
- 	# CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok.
  	CRYPTO, FMT, math/big
 +	< github.com/golang-fips/openssl/v2/bbig
  	< crypto/internal/boring/bbig
  	< crypto/internal/backend/bbig
  	< crypto/rand
-@@ -845,7 +848,7 @@ var buildIgnore = []byte("\n//go:build ignore")
+@@ -842,7 +845,7 @@ var buildIgnore = []byte("\n//go:build ignore")
 
  func findImports(pkg string) ([]string, error) {
  	vpkg := pkg
@@ -546,7 +550,7 @@ index 58082b3636f209..37cb128ba9409a 100644
  		vpkg = "vendor/" + pkg
  	}
  	dir := filepath.Join(Default.GOROOT, "src", vpkg)
-@@ -855,7 +858,7 @@ func findImports(pkg string) ([]string, error) {
+@@ -852,7 +855,7 @@ func findImports(pkg string) ([]string, error) {
  	}
  	var imports []string
  	var haveImport = map[string]bool{}

@@ -507,23 +507,23 @@ index 0a58eccb57a869..b464f023942b74 100644
  golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
  golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ=
 diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
-index 37cb128ba9409a..3ceabaebc7ea46 100644
+index 339cb53d8a1468..1fcadbf6c19d79 100644
 --- a/src/go/build/deps_test.go
 +++ b/src/go/build/deps_test.go
-@@ -518,6 +518,10 @@ var depsRules = `
- 	crypto/cipher,
- 	crypto/internal/boring/bcache,
- 	crypto/internal/backend/fips140
+@@ -515,6 +515,10 @@ var depsRules = `
+ 	< crypto
+ 	< crypto/subtle
+ 	< crypto/cipher
 +	< github.com/microsoft/go-crypto-winnative/internal/subtle
 +	< github.com/microsoft/go-crypto-winnative/internal/sysdll
 +	< github.com/microsoft/go-crypto-winnative/internal/bcrypt
 +	< github.com/microsoft/go-crypto-winnative/cng
  	< github.com/golang-fips/openssl/v2/internal/subtle
  	< github.com/golang-fips/openssl/v2
  	< crypto/internal/boring
-@@ -552,6 +556,7 @@ var depsRules = `
+@@ -540,6 +544,7 @@ var depsRules = `
+ 	# CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok.
 
- 	# CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok.
  	CRYPTO, FMT, math/big
 +	< github.com/microsoft/go-crypto-winnative/cng/bbig
  	< github.com/golang-fips/openssl/v2/bbig