diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch
index 93536512b2..7b01d3a140 100644
--- a/patches/0002-Add-crypto-backend-foundation.patch
+++ b/patches/0002-Add-crypto-backend-foundation.patch
@@ -38,7 +38,7 @@ Subject: [PATCH] Add crypto backend foundation
  src/crypto/rsa/pkcs1v15_test.go              |   5 +
  src/crypto/rsa/pss.go                        |   8 +-
  src/crypto/rsa/rsa.go                        |  21 +-
- src/crypto/rsa/rsa_test.go                   |   2 +-
+ src/crypto/rsa/rsa_test.go                   |  12 +-
  src/crypto/sha1/sha1.go                      |   2 +-
  src/crypto/sha1/sha1_test.go                 |  12 +-
  src/crypto/sha256/sha256.go                  |   6 +-
@@ -59,7 +59,7 @@ Subject: [PATCH] Add crypto backend foundation
  src/hash/notboring_test.go                   |   5 +
  src/net/smtp/smtp_test.go                    |  72 ++++---
  src/runtime/runtime_boring.go                |   5 +
- 55 files changed, 873 insertions(+), 106 deletions(-)
+ 55 files changed, 883 insertions(+), 106 deletions(-)
  create mode 100644 src/crypto/ed25519/boring.go
  create mode 100644 src/crypto/ed25519/notboring.go
  create mode 100644 src/crypto/internal/backend/backend_test.go
@@ -1258,7 +1258,7 @@ index 4d78d1eaaa6be0..a016c4f8362cf5 100644
  		if err != nil {
  			return nil, err
 diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go
-index 2afa045a3a0bd2..86466e67e87eeb 100644
+index 2afa045a3a0bd2..c6294694521c69 100644
 --- a/src/crypto/rsa/rsa_test.go
 +++ b/src/crypto/rsa/rsa_test.go
 @@ -8,7 +8,7 @@ import (
@@ -1270,6 +1270,30 @@ index 2afa045a3a0bd2..86466e67e87eeb 100644
  	"crypto/rand"
  	. "crypto/rsa"
  	"crypto/sha1"
+@@ -113,6 +113,11 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) {
+ 	if priv.D.Cmp(priv.N) > 0 {
+ 		t.Errorf("private exponent too large")
+ 	}
++	if boring.Enabled && priv.N.BitLen() < 512 {
++		// Some crypto backends (e.g. CNG and OpenSSL with SymCrypt) don't support key sizes
++		// lower than 512 and intentionally fail rather than fall back to Go crypto.
++		t.Skip("skipping allocations test with BoringCrypto")
++	}
+ 
+ 	msg := []byte("hi!")
+ 	enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
+@@ -187,6 +192,11 @@ func testEverything(t *testing.T, priv *PrivateKey) {
+ 	if err := priv.Validate(); err != nil {
+ 		t.Errorf("Validate() failed: %s", err)
+ 	}
++	if boring.Enabled && priv.N.BitLen() < 512 {
++		// Some crypto backends (e.g. CNG and OpenSSL with SymCrypt) don't support key sizes
++		// lower than 512 and intentionally fail rather than fall back to Go crypto.
++		t.Skip("skipping allocations test with BoringCrypto")
++	}
+ 
+ 	msg := []byte("test")
+ 	enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
 diff --git a/src/crypto/sha1/sha1.go b/src/crypto/sha1/sha1.go
 index 8189d1946d8ea5..8f5f7f27f26fea 100644
 --- a/src/crypto/sha1/sha1.go
diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch
index aac1155e60..4c8556f13b 100644
--- a/patches/0005-Add-CNG-crypto-backend.patch
+++ b/patches/0005-Add-CNG-crypto-backend.patch
@@ -22,7 +22,6 @@ Subject: [PATCH] Add CNG crypto backend
  src/crypto/rsa/notboring.go                   |   2 +-
  src/crypto/rsa/pss.go                         |   2 +-
  src/crypto/rsa/pss_test.go                    |   2 +-
- src/crypto/rsa/rsa_test.go                    |   8 +-
  src/crypto/tls/boring.go                      |   2 +-
  src/crypto/tls/boring_test.go                 |   2 +-
  src/crypto/tls/fipsonly/fipsonly.go           |   2 +-
@@ -42,7 +41,7 @@ Subject: [PATCH] Add CNG crypto backend
  .../goexperiment/exp_cngcrypto_off.go         |   9 +
  src/internal/goexperiment/exp_cngcrypto_on.go |   9 +
  src/internal/goexperiment/flags.go            |   1 +
- 38 files changed, 392 insertions(+), 28 deletions(-)
+ 37 files changed, 385 insertions(+), 27 deletions(-)
  create mode 100644 src/crypto/ecdsa/badlinkname.go
  create mode 100644 src/crypto/internal/backend/bbig/big_cng.go
  create mode 100644 src/crypto/internal/backend/cng_windows.go
@@ -588,39 +587,6 @@ index 637d07e18cff2e..21435b86b52dad 100644
  	if err != nil {
  		t.Fatal(err)
  	}
-diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go
-index dbcc1bec58bd46..b1e9d8e94c2c9e 100644
---- a/src/crypto/rsa/rsa_test.go
-+++ b/src/crypto/rsa/rsa_test.go
-@@ -17,6 +17,7 @@ import (
- 	"encoding/pem"
- 	"flag"
- 	"fmt"
-+	"internal/goexperiment"
- 	"internal/testenv"
- 	"math/big"
- 	"strings"
-@@ -113,6 +114,9 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) {
- 	if priv.D.Cmp(priv.N) > 0 {
- 		t.Errorf("private exponent too large")
- 	}
-+	if goexperiment.CNGCrypto && priv.N.BitLen() < 512 {
-+		t.Skip("CNGCrypto does not support key sizes lower than 512 and intentionally fails rather than fall back to Go crypto")
-+	}
- 
- 	msg := []byte("hi!")
- 	enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
-@@ -187,7 +191,9 @@ func testEverything(t *testing.T, priv *PrivateKey) {
- 	if err := priv.Validate(); err != nil {
- 		t.Errorf("Validate() failed: %s", err)
- 	}
--
-+	if goexperiment.CNGCrypto && priv.N.BitLen() < 512 {
-+		t.Skip("CNGCrypto does not support key sizes lower than 512 and intentionally fails rather than fall back to Go crypto")
-+	}
- 	msg := []byte("test")
- 	enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
- 	if err == ErrMessageTooLong {
 diff --git a/src/crypto/tls/boring.go b/src/crypto/tls/boring.go
 index 698efc6751e12c..575d51b02298c8 100644
 --- a/src/crypto/tls/boring.go