Add the active crypto backend to build info (go version -m app)

patches/0001-Add-systemcrypto-GOEXPERIMENT.patch

@@ -8,9 +8,15 @@ goexperiment.systemcrypto behave as an alias that enables the recommended
 backend for the target GOOS. See src/internal/goexperiment/flags.go for more
 information about the behavior.
 
+Includes active crypto backend in the build info accessible in the
+binary, for example by "go version -m". This makes it easy to determine
+which backend is being used by a compiled Go program no matter which
+GOEXPERIMENT or build tag was used to enable it.
+
 Includes new tests in "build_test.go" and "buildbackend_test.go" to help
 maintain this feature. For more information, see the test files.
 ---
+ src/cmd/go/internal/load/pkg.go               | 21 ++++++
  src/cmd/go/internal/modindex/build.go         | 54 ++++++++++++++
  src/cmd/go/internal/modindex/build_test.go    | 73 +++++++++++++++++++
  src/go/build/build.go                         | 54 ++++++++++++++
@@ -22,7 +28,7 @@ maintain this feature. For more information, see the test files.
  .../goexperiment/exp_systemcrypto_off.go      |  9 +++
  .../goexperiment/exp_systemcrypto_on.go       |  9 +++
  src/internal/goexperiment/flags.go            | 15 ++++
- 11 files changed, 292 insertions(+)
+ 12 files changed, 313 insertions(+)
  create mode 100644 src/cmd/go/internal/modindex/build_test.go
  create mode 100644 src/go/build/buildbackend_test.go
  create mode 100644 src/go/build/testdata/backendtags_openssl/main.go
@@ -32,6 +38,45 @@ maintain this feature. For more information, see the test files.
  create mode 100644 src/internal/goexperiment/exp_systemcrypto_off.go
  create mode 100644 src/internal/goexperiment/exp_systemcrypto_on.go
 
+diff --git a/src/cmd/go/internal/load/pkg.go b/src/cmd/go/internal/load/pkg.go
+index c0e6265e29d065..12e6ab92363024 100644
+--- a/src/cmd/go/internal/load/pkg.go
++++ b/src/cmd/go/internal/load/pkg.go
+@@ -16,6 +16,7 @@ import (
+ 	"go/scanner"
+ 	"go/token"
+ 	"internal/platform"
++	"io"
+ 	"io/fs"
+ 	"os"
+ 	"os/exec"
+@@ -2431,6 +2432,26 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) {
+ 		appendSetting(key, val)
+ 	}
+
++	// Use build constraint evaluation to find which crypto backend is enabled
++	// in this build context (e.g. "openssl"). Only includes actual backends,
++	// not the "systemcrypto" alias. Test build constraints by copying the build
++	// context and assigning OpenFile to avoid reading actual files.
++	backendCheckContext := cfg.BuildContext
++	for _, b := range []string{"openssl", "cng", "boring"} {
++		backendCheckContext.OpenFile = func(path string) (io.ReadCloser, error) {
++			source := "//go:build goexperiment." + b + "crypto"
++			return io.NopCloser(strings.NewReader(source)), nil
++		}
++		if match, err := backendCheckContext.MatchFile("", "backendcheck.go"); err != nil {
++			setPkgErrorf("error checking for crypto backend %q: %v", b, err)
++			return
++		} else if match {
++			// It is an error to specify multiple backends, but this is reported
++			// by a source file with a build constraint, not detected here.
++			appendSetting("cryptobackend", b)
++		}
++	}
++
+ 	// Add VCS status if all conditions are true:
+ 	//
+ 	// - -buildvcs is enabled.
 diff --git a/src/cmd/go/internal/modindex/build.go b/src/cmd/go/internal/modindex/build.go
 index b57f2f6368f0fe..9ddde1ce9a2286 100644
 --- a/src/cmd/go/internal/modindex/build.go