Upgrade backends

patches/0002-Add-crypto-backend-foundation.patch

@@ -26,7 +26,7 @@ Subject: [PATCH] Add crypto backend foundation
  src/crypto/internal/backend/bbig/big.go      |  17 ++
  src/crypto/internal/backend/common.go        |  92 ++++++++
  src/crypto/internal/backend/isrequirefips.go |   9 +
- src/crypto/internal/backend/nobackend.go     | 224 +++++++++++++++++++
+ src/crypto/internal/backend/nobackend.go     | 223 +++++++++++++++++++
  src/crypto/internal/backend/norequirefips.go |   9 +
  src/crypto/internal/backend/stub.s           |  10 +
  src/crypto/md5/md5.go                        |   7 +
@@ -40,6 +40,7 @@ Subject: [PATCH] Add crypto backend foundation
  src/crypto/rsa/pkcs1v15.go                   |  10 +-
  src/crypto/rsa/pkcs1v15_test.go              |   5 +
  src/crypto/rsa/pss.go                        |   8 +-
+ src/crypto/rsa/pss_test.go                   |   3 +
  src/crypto/rsa/rsa.go                        |  21 +-
  src/crypto/rsa/rsa_test.go                   |  12 +-
  src/crypto/sha1/sha1.go                      |   2 +-
@@ -53,8 +54,8 @@ Subject: [PATCH] Add crypto backend foundation
  src/crypto/tls/handshake_client.go           |  25 ++-
  src/crypto/tls/handshake_server.go           |  25 ++-
  src/crypto/tls/handshake_server_tls13.go     |  10 +
- src/crypto/tls/key_schedule.go               |  18 +-
- src/crypto/tls/prf.go                        |  77 +++++--
+ src/crypto/tls/key_schedule.go               |  23 ++-
+ src/crypto/tls/prf.go                        |  77 ++++---
  src/crypto/tls/prf_test.go                   |  12 +-
  src/crypto/x509/boring_test.go               |   5 +
  src/go/build/deps_test.go                    |   4 +
@@ -63,7 +64,7 @@ Subject: [PATCH] Add crypto backend foundation
  src/hash/notboring_test.go                   |   9 +
  src/net/smtp/smtp_test.go                    |  72 +++---
  src/runtime/runtime_boring.go                |   5 +
- 59 files changed, 1145 insertions(+), 106 deletions(-)
+ 60 files changed, 1148 insertions(+), 106 deletions(-)
  create mode 100644 src/crypto/dsa/boring.go
  create mode 100644 src/crypto/dsa/notboring.go
  create mode 100644 src/crypto/ed25519/boring.go
@@ -269,7 +270,7 @@ index 00000000000000..3be888a0104809
 +	}
 +}
 diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go
-index 4524bd492feba0..f8e20be38a3794 100644
+index 4524bd492feba0..19f3a125017b61 100644
 --- a/src/crypto/dsa/dsa.go
 +++ b/src/crypto/dsa/dsa.go
 @@ -18,7 +18,12 @@ import (
@@ -290,7 +291,7 @@ index 4524bd492feba0..f8e20be38a3794 100644
  	}
 
 +	if boring.Enabled && boring.SupportsDSA(L, N) {
-+		p, q, g, err := boring.GenerateDSAParameters(L, N)
++		p, q, g, err := boring.GenerateParametersDSA(L, N)
 +		if err != nil {
 +			return err
 +		}
@@ -938,7 +939,7 @@ new file mode 100644
 index 00000000000000..5a1f8da56d4fed
 --- /dev/null
 +++ b/src/crypto/internal/backend/nobackend.go
-@@ -0,0 +1,224 @@
+@@ -0,0 +1,223 @@
 +// Copyright 2017 The Go Authors. All rights reserved.
 +// Use of this source code is governed by a BSD-style
 +// license that can be found in the LICENSE file.
@@ -953,7 +954,6 @@ index 00000000000000..5a1f8da56d4fed
 +	"crypto"
 +	"crypto/cipher"
 +	"hash"
-+	"io"
 +)
 +
 +const Enabled = false
@@ -1064,7 +1064,7 @@ index 00000000000000..5a1f8da56d4fed
 +
 +func SupportsHKDF() bool { panic("cryptobackend: not available") }
 +
-+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) {
++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) {
 +	panic("cryptobackend: not available")
 +}
 +
@@ -1137,7 +1137,7 @@ index 00000000000000..5a1f8da56d4fed
 +	panic("cryptobackend: not available")
 +}
 +
-+func GenerateDSAParameters(l, n int) (p, q, g BigInt, err error) {
++func GenerateParametersDSA(l, n int) (p, q, g BigInt, err error) {
 +	panic("cryptobackend: not available")
 +}
 +
@@ -1508,6 +1508,20 @@ index 5716c464ca0a33..4aac87d7952081 100644
  		bkey, err := boringPublicKey(pub)
  		if err != nil {
  			return err
+diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go
+index 637d07e18cff2e..2c82f50adf38b8 100644
+--- a/src/crypto/rsa/pss_test.go
++++ b/src/crypto/rsa/pss_test.go
+@@ -296,6 +296,9 @@ func TestInvalidPSSSaltLength(t *testing.T) {
+ 		SaltLength: -2,
+ 		Hash:       crypto.SHA256,
+ 	}); err.Error() != InvalidSaltLenErr.Error() {
++		// The OpenSSL and CNG backend returns the error required in Go tip.
++		// This change will conflict with the upstream sync PR, where we will be able to remove this.
++		t.Skip("TODO: unskip when upstream sync PR is merged")
+ 		t.Fatalf("SignPSS unexpected error: got %v, want %v", err, InvalidSaltLenErr)
+ 	}
+
 diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go
 index 4d78d1eaaa6be0..a016c4f8362cf5 100644
 --- a/src/crypto/rsa/rsa.go
@@ -1984,28 +1998,33 @@ index b8cf4c3fa50b24..bc5d32a29c50c4 100644
  	}
  	state, err := marshaler.MarshalBinary()
 diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go
-index 1636baf79e7288..c9a5877d3d504f 100644
+index 1636baf79e7288..747c3c0883230c 100644
 --- a/src/crypto/tls/key_schedule.go
 +++ b/src/crypto/tls/key_schedule.go
-@@ -61,7 +61,16 @@ func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []by
+@@ -60,10 +60,18 @@ func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []by
+ 		// significantly more confusing to users.
  		panic(fmt.Errorf("failed to construct HKDF label: %s", err))
  	}
- 	out := make([]byte, length)
+-	out := make([]byte, length)
 -	n, err := hkdf.Expand(c.hash.New, secret, hkdfLabelBytes).Read(out)
-+	var r io.Reader
+-	if err != nil || n != length {
+-		panic("tls: HKDF-Expand-Label invocation failed unexpectedly")
++	var out []byte
 +	if boring.Enabled && boring.SupportsHKDF() {
-+		r, err = boring.ExpandHKDF(c.hash.New, secret, hkdfLabelBytes)
++		out, err = boring.ExpandHKDF(c.hash.New, secret, hkdfLabelBytes, length)
 +		if err != nil {
 +			panic(fmt.Errorf("tls: HKDF-Expand-Label invocation failed unexpectedly: %s", err))
 +		}
 +	} else {
-+		r = hkdf.Expand(c.hash.New, secret, hkdfLabelBytes)
-+	}
-+	n, err := r.Read(out)
- 	if err != nil || n != length {
- 		panic("tls: HKDF-Expand-Label invocation failed unexpectedly")
++		out = make([]byte, length)
++		n, err := hkdf.Expand(c.hash.New, secret, hkdfLabelBytes).Read(out)
++		if err != nil || n != length {
++			panic("tls: HKDF-Expand-Label invocation failed unexpectedly")
++		}
  	}
-@@ -81,6 +90,13 @@ func (c *cipherSuiteTLS13) extract(newSecret, currentSecret []byte) []byte {
+ 	return out
+ }
+@@ -81,6 +89,13 @@ func (c *cipherSuiteTLS13) extract(newSecret, currentSecret []byte) []byte {
  	if newSecret == nil {
  		newSecret = make([]byte, c.hash.Size())
  	}

patches/0003-Add-BoringSSL-crypto-backend.patch

@@ -5,7 +5,7 @@ Subject: [PATCH] Add BoringSSL crypto backend
 
 ---
  .../internal/backend/bbig/big_boring.go       |  12 +
- src/crypto/internal/backend/boring_linux.go   | 258 ++++++++++++++++++
+ src/crypto/internal/backend/boring_linux.go   | 257 ++++++++++++++++++
  2 files changed, 270 insertions(+)
  create mode 100644 src/crypto/internal/backend/bbig/big_boring.go
  create mode 100644 src/crypto/internal/backend/boring_linux.go
@@ -33,7 +33,7 @@ new file mode 100644
 index 00000000000000..31e57a8dffd4c3
 --- /dev/null
 +++ b/src/crypto/internal/backend/boring_linux.go
-@@ -0,0 +1,258 @@
+@@ -0,0 +1,257 @@
 +// Copyright 2017 The Go Authors. All rights reserved.
 +// Use of this source code is governed by a BSD-style
 +// license that can be found in the LICENSE file.
@@ -50,7 +50,6 @@ index 00000000000000..31e57a8dffd4c3
 +	"crypto/cipher"
 +	"crypto/internal/boring"
 +	"hash"
-+	"io"
 +)
 +
 +const Enabled = true
@@ -187,7 +186,7 @@ index 00000000000000..31e57a8dffd4c3
 +
 +func SupportsHKDF() bool { return false }
 +
-+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) {
++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) {
 +	panic("cryptobackend: not available")
 +}
 +
@@ -266,7 +265,7 @@ index 00000000000000..31e57a8dffd4c3
 +	return false
 +}
 +
-+func GenerateDSAParameters(l, n int) (p, q, g boring.BigInt, err error) {
++func GenerateParametersDSA(l, n int) (p, q, g boring.BigInt, err error) {
 +	panic("cryptobackend: not available")
 +}
 +

patches/0004-Add-OpenSSL-crypto-backend.patch

@@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend
  src/crypto/ecdsa/notboring.go                 |   2 +-
  src/crypto/internal/backend/bbig/big.go       |   2 +-
  .../internal/backend/bbig/big_openssl.go      |  12 +
- src/crypto/internal/backend/openssl_linux.go  | 377 ++++++++++++++++++
+ src/crypto/internal/backend/openssl_linux.go  | 371 ++++++++++++++++++
  src/crypto/internal/boring/fipstls/stub.s     |   2 +-
  src/crypto/internal/boring/fipstls/tls.go     |   2 +-
  src/crypto/rsa/boring.go                      |   2 +-
@@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend
  .../goexperiment/exp_opensslcrypto_on.go      |   9 +
  src/internal/goexperiment/flags.go            |   1 +
  src/os/exec/exec_test.go                      |   9 +
- 36 files changed, 462 insertions(+), 25 deletions(-)
+ 36 files changed, 456 insertions(+), 25 deletions(-)
  create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go
  create mode 100644 src/crypto/internal/backend/openssl_linux.go
  create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go
@@ -193,10 +193,10 @@ index 00000000000000..e6695dd66b1d02
 +var Dec = bbig.Dec
 diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go
 new file mode 100644
-index 00000000000000..85856d3c900eb8
+index 00000000000000..57af729e1458f5
 --- /dev/null
 +++ b/src/crypto/internal/backend/openssl_linux.go
-@@ -0,0 +1,377 @@
+@@ -0,0 +1,371 @@
 +// Copyright 2017 The Go Authors. All rights reserved.
 +// Use of this source code is governed by a BSD-style
 +// license that can be found in the LICENSE file.
@@ -214,7 +214,6 @@ index 00000000000000..85856d3c900eb8
 +	"crypto/internal/boring/fipstls"
 +	"crypto/internal/boring/sig"
 +	"hash"
-+	"io"
 +	"syscall"
 +
 +	"github.com/golang-fips/openssl/v2"
@@ -454,8 +453,8 @@ index 00000000000000..85856d3c900eb8
 +	return openssl.SupportsHKDF()
 +}
 +
-+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) {
-+	return openssl.ExpandHKDF(h, pseudorandomKey, info)
++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) {
++	return openssl.ExpandHKDFOneShot(h, pseudorandomKey, info, keyLength)
 +}
 +
 +func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) {
@@ -530,18 +529,13 @@ index 00000000000000..85856d3c900eb8
 +	return openssl.SupportsDSA()
 +}
 +
-+func GenerateDSAParameters(l, n int) (p, q, g openssl.BigInt, err error) {
-+	params, err := openssl.GenerateDSAParameters(l, n)
++func GenerateParametersDSA(l, n int) (p, q, g openssl.BigInt, err error) {
++	params, err := openssl.GenerateParametersDSA(l, n)
 +	return params.P, params.Q, params.G, err
 +}
 +
 +func GenerateKeyDSA(p, q, g openssl.BigInt) (x, y openssl.BigInt, err error) {
-+	generatedKey, err := openssl.GenerateKeyDSA(openssl.DSAParameters{P: p, Q: q, G: g})
-+	if err != nil {
-+		return nil, nil, err
-+	}
-+
-+	return generatedKey.X, generatedKey.Y, nil
++	return openssl.GenerateKeyDSA(openssl.DSAParameters{P: p, Q: q, G: g})
 +}
 +
 +func NewPrivateKeyDSA(p, q, g, x, y openssl.BigInt) (*openssl.PrivateKeyDSA, error) {
@@ -706,7 +700,7 @@ index f8485dc3ca1c29..9c1d3d279c472f 100644
  package fipsonly
 
 diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go
-index c9a5877d3d504f..952eadd09e38ab 100644
+index 747c3c0883230c..ee9274bb63b9b4 100644
 --- a/src/crypto/tls/key_schedule.go
 +++ b/src/crypto/tls/key_schedule.go
 @@ -7,6 +7,7 @@ package tls
@@ -770,24 +764,24 @@ index c83a7272c9f01f..a0548a7f9179c5 100644
  package x509
 
 diff --git a/src/go.mod b/src/go.mod
-index df27f25e789f05..12d8c8f4f97321 100644
+index df27f25e789f05..30e45951c763fa 100644
 --- a/src/go.mod
 +++ b/src/go.mod
 @@ -3,6 +3,7 @@ module std
  go 1.24
 
  require (
-+	github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3
++	github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf
  	golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0
  	golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd
  )
 diff --git a/src/go.sum b/src/go.sum
-index b4efd6d3c50c11..4c3ca847c21cd2 100644
+index b4efd6d3c50c11..fd8881e46df76e 100644
 --- a/src/go.sum
 +++ b/src/go.sum
 @@ -1,3 +1,5 @@
-+github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 h1:5QU8ZbOJ8pUBEhxIOm6+teyQMgeBFu3Gos5ue7Rvlgg=
-+github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0=
++github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf h1:gkjE7LMxjlaSn8fdvbT/HJrpGcW/ZnwYpps7sSBhLD4=
++github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0=
  golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM=
  golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
  golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro=