Enable GODEBUG=fips140=only with systemcrypto backends

patches/0001-Vendor-external-dependencies.patch

@@ -41,7 +41,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result
  .../golang-fips/openssl/v2/.gitleaks.toml     |    9 +
  .../github.com/golang-fips/openssl/v2/LICENSE |   20 +
  .../golang-fips/openssl/v2/README.md          |   66 +
- .../github.com/golang-fips/openssl/v2/aes.go  |  145 +
+ .../github.com/golang-fips/openssl/v2/aes.go  |  157 ++
  .../golang-fips/openssl/v2/bbig/big.go        |   37 +
  .../github.com/golang-fips/openssl/v2/big.go  |   11 +
  .../openssl/v2/chacha20poly1305.go            |  149 +
@@ -55,7 +55,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result
  .../golang-fips/openssl/v2/ecdsa.go           |  222 ++
  .../golang-fips/openssl/v2/ed25519.go         |  210 ++
  .../github.com/golang-fips/openssl/v2/evp.go  |  620 +++++
- .../github.com/golang-fips/openssl/v2/hash.go |  502 ++++
+ .../github.com/golang-fips/openssl/v2/hash.go |  514 ++++
  .../golang-fips/openssl/v2/hashclone.go       |   14 +
  .../golang-fips/openssl/v2/hashclone_go125.go |    9 +
  .../github.com/golang-fips/openssl/v2/hkdf.go |  455 ++++
@@ -226,7 +226,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result
  .../internal/xsyscall/xsyscall.go             |    6 +
  .../go-crypto-darwin/internal/xsyscall/zdl.s  |   56 +
  .../internal/xsyscall/zdl_nocgo.go            |   48 +
- .../microsoft/go-crypto-darwin/xcrypto/aes.go |  144 +
+ .../microsoft/go-crypto-darwin/xcrypto/aes.go |  152 ++
  .../microsoft/go-crypto-darwin/xcrypto/big.go |   16 +
  .../xcrypto/chacha20poly1305.go               |   88 +
  .../go-crypto-darwin/xcrypto/cipher.go        |  114 +
@@ -237,7 +237,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result
  .../go-crypto-darwin/xcrypto/ed25519.go       |  124 +
  .../microsoft/go-crypto-darwin/xcrypto/evp.go |  339 +++
  .../microsoft/go-crypto-darwin/xcrypto/gcm.go |  218 ++
- .../go-crypto-darwin/xcrypto/hash.go          |  320 +++
+ .../go-crypto-darwin/xcrypto/hash.go          |  331 +++
  .../go-crypto-darwin/xcrypto/hashclone.go     |   17 +
  .../xcrypto/hashclone_go125.go                |   12 +
  .../go-crypto-darwin/xcrypto/hkdf.go          |  103 +
@@ -248,7 +248,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result
  .../microsoft/go-crypto-darwin/xcrypto/rc4.go |   81 +
  .../microsoft/go-crypto-darwin/xcrypto/rsa.go |  208 ++
  .../microsoft/go-crypto-winnative/LICENSE     |   21 +
- .../microsoft/go-crypto-winnative/cng/aes.go  |  427 +++
+ .../microsoft/go-crypto-winnative/cng/aes.go  |  435 +++
  .../go-crypto-winnative/cng/bbig/big.go       |   31 +
  .../microsoft/go-crypto-winnative/cng/big.go  |   30 +
  .../cng/chacha20poly1305.go                   |  119 +
@@ -258,7 +258,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result
  .../microsoft/go-crypto-winnative/cng/dsa.go  |  465 ++++
  .../microsoft/go-crypto-winnative/cng/ecdh.go |  255 ++
  .../go-crypto-winnative/cng/ecdsa.go          |  169 ++
- .../microsoft/go-crypto-winnative/cng/hash.go |  327 +++
+ .../microsoft/go-crypto-winnative/cng/hash.go |  338 +++
  .../go-crypto-winnative/cng/hashclone.go      |   18 +
  .../cng/hashclone_go125.go                    |   13 +
  .../microsoft/go-crypto-winnative/cng/hkdf.go |  133 +
@@ -277,7 +277,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result
  .../internal/subtle/aliasing.go               |   32 +
  .../internal/sysdll/sys_windows.go            |   55 +
  src/vendor/modules.txt                        |   23 +
- 269 files changed, 34097 insertions(+), 7 deletions(-)
+ 269 files changed, 34159 insertions(+), 7 deletions(-)
  create mode 100644 src/cmd/internal/telemetry/counter/deps_ignore.go
  create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/LICENSE
  create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/README.md
@@ -2213,7 +2213,7 @@ index 00000000000000..ae4055d2d71303
 +// that are used by the backend package. This allows to track
 +// their versions in a single patch file.
 diff --git a/src/go.mod b/src/go.mod
-index d6c515017a7009..15ab996b3e47e5 100644
+index d6c515017a7009..93c9d054b91532 100644
 --- a/src/go.mod
 +++ b/src/go.mod
 @@ -11,3 +11,9 @@ require (
@@ -2222,21 +2222,21 @@ index d6c515017a7009..15ab996b3e47e5 100644
  )
 +
 +require (
-+	github.com/golang-fips/openssl/v2 v2.0.4-0.20260217140351-4e237614ceb4
-+	github.com/microsoft/go-crypto-darwin v0.0.3-0.20260130143703-78cb726ef357
-+	github.com/microsoft/go-crypto-winnative v0.0.0-20260127024749-832b168a84e9
++	github.com/golang-fips/openssl/v2 v2.0.4-0.20260218141142-bc5414004e2c
++	github.com/microsoft/go-crypto-darwin v0.0.3-0.20260223145157-54623a1fb9a6
++	github.com/microsoft/go-crypto-winnative v0.0.0-20260218135539-0dea5b47f571
 +)
 diff --git a/src/go.sum b/src/go.sum
-index 2223d2a7c231c1..11a1b9af830278 100644
+index 2223d2a7c231c1..c7794fd8b3d33e 100644
 --- a/src/go.sum
 +++ b/src/go.sum
 @@ -1,3 +1,9 @@
-+github.com/golang-fips/openssl/v2 v2.0.4-0.20260217140351-4e237614ceb4 h1:2kbDvyeg2zT1dsjfp6I445SCP4ryK88vnIODU+x0W3o=
-+github.com/golang-fips/openssl/v2 v2.0.4-0.20260217140351-4e237614ceb4/go.mod h1:EtVnMfLGkB4pihGOH+tXEV0WlXxewWdT1n3GLJEHvpw=
-+github.com/microsoft/go-crypto-darwin v0.0.3-0.20260130143703-78cb726ef357 h1:ILqgGD8SGjjtSweSBanrXyX8Aco33yFSJEqsnJgmXHU=
-+github.com/microsoft/go-crypto-darwin v0.0.3-0.20260130143703-78cb726ef357/go.mod h1:MTii5PQwRlfUjYpGoF8CPLGwXSHTbLHGRN9FVNML5N0=
-+github.com/microsoft/go-crypto-winnative v0.0.0-20260127024749-832b168a84e9 h1:joliMChkkfHV3vAPKzu9kefdw0K+d89A8r9gTm3MFS4=
-+github.com/microsoft/go-crypto-winnative v0.0.0-20260127024749-832b168a84e9/go.mod h1:gD686525Li/blRSYwSzFJ6/LJQVFJp7Y0MKp+dmqFbc=
++github.com/golang-fips/openssl/v2 v2.0.4-0.20260218141142-bc5414004e2c h1:E5YJQAqiQiW0Ab5Kx+PT1rJqmp5IRgdGh2qFCKTc9yA=
++github.com/golang-fips/openssl/v2 v2.0.4-0.20260218141142-bc5414004e2c/go.mod h1:EtVnMfLGkB4pihGOH+tXEV0WlXxewWdT1n3GLJEHvpw=
++github.com/microsoft/go-crypto-darwin v0.0.3-0.20260223145157-54623a1fb9a6 h1:Oj6SxHvv3XsWcwn6NEL5IJxWdRgOyg+Mb9ikxhqHIbU=
++github.com/microsoft/go-crypto-darwin v0.0.3-0.20260223145157-54623a1fb9a6/go.mod h1:MTii5PQwRlfUjYpGoF8CPLGwXSHTbLHGRN9FVNML5N0=
++github.com/microsoft/go-crypto-winnative v0.0.0-20260218135539-0dea5b47f571 h1:OPx6ADUNbW8X6KRZjafdJPsMY7EoffIrMTwJ1pDrMcE=
++github.com/microsoft/go-crypto-winnative v0.0.0-20260218135539-0dea5b47f571/go.mod h1:gD686525Li/blRSYwSzFJ6/LJQVFJp7Y0MKp+dmqFbc=
  golang.org/x/crypto v0.47.1-0.20260113154411-7d0074ccc6f1 h1:peTBrYsTa5Rr+jB2pbgd7X08cFAun6ME4So3jfEkYL4=
  golang.org/x/crypto v0.47.1-0.20260113154411-7d0074ccc6f1/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
  golang.org/x/net v0.49.1-0.20260122225915-f2078620ee33 h1:pNHjOZ0w6qb8R9EDmEsBXmV4o2YKLvtRiEk4q5gN5Hg=
@@ -2478,10 +2478,10 @@ index 00000000000000..0a6d0d0ef2c0c6
 +This project adopts the Go code of conduct: https://go.dev/conduct.
 diff --git a/src/vendor/github.com/golang-fips/openssl/v2/aes.go b/src/vendor/github.com/golang-fips/openssl/v2/aes.go
 new file mode 100644
-index 00000000000000..654566d2bff4e0
+index 00000000000000..8d5d44db2ba360
 --- /dev/null
 +++ b/src/vendor/github.com/golang-fips/openssl/v2/aes.go
-@@ -0,0 +1,145 @@
+@@ -0,0 +1,157 @@
 +//go:build !cmd_go_bootstrap
 +
 +package openssl
@@ -2574,14 +2574,26 @@ index 00000000000000..654566d2bff4e0
 +	return c.cipher.newCBC(iv, cipherOpEncrypt)
 +}
 +
++func (c cipherWithCBC) NewFIPSCBCEncrypter(iv []byte) cipher.BlockMode {
++	return c.cipher.newCBC(iv, cipherOpEncrypt)
++}
++
 +func (c cipherWithCBC) NewCBCDecrypter(iv []byte) cipher.BlockMode {
 +	return c.cipher.newCBC(iv, cipherOpDecrypt)
 +}
 +
++func (c cipherWithCBC) NewFIPSCBCDecrypter(iv []byte) cipher.BlockMode {
++	return c.cipher.newCBC(iv, cipherOpDecrypt)
++}
++
 +func (c cipherWithCTR) NewCTR(iv []byte) cipher.Stream {
 +	return c.cipher.newCTR(iv)
 +}
 +
++func (c cipherWithCTR) NewFIPSCTR(iv []byte) cipher.Stream {
++	return c.cipher.newCTR(iv)
++}
++
 +func (c cipherWithGCM) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) {
 +	return c.cipher.newGCMChecked(nonceSize, tagSize)
 +}
@@ -5858,10 +5870,10 @@ index 00000000000000..4c70cd75a1a553
 +}
 diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hash.go b/src/vendor/github.com/golang-fips/openssl/v2/hash.go
 new file mode 100644
-index 00000000000000..eb0a84acf2232f
+index 00000000000000..d9195a1ddfa0a5
 --- /dev/null
 +++ b/src/vendor/github.com/golang-fips/openssl/v2/hash.go
-@@ -0,0 +1,502 @@
+@@ -0,0 +1,514 @@
 +//go:build !cmd_go_bootstrap
 +
 +package openssl
@@ -6089,6 +6101,18 @@ index 00000000000000..eb0a84acf2232f
 +var _ hash.Hash = (*Hash)(nil)
 +var _ HashCloner = (*Hash)(nil)
 +
++// FIPSApproved reports whether this hash algorithm is FIPS 140-3 approved.
++func (h *Hash) FIPSApproved() bool {
++	switch h.alg.ch {
++	case crypto.SHA224, crypto.SHA256, crypto.SHA384, crypto.SHA512,
++		crypto.SHA512_224, crypto.SHA512_256,
++		crypto.SHA3_224, crypto.SHA3_256, crypto.SHA3_384, crypto.SHA3_512:
++		return true
++	default:
++		return false
++	}
++}
++
 +// hashBufSize is the size of the buffer used for hashing.
 +// 256 bytes is a reasonable compromise for general purpose use,
 +// and the resulting evpHash size is still similar to the
@@ -30464,10 +30488,10 @@ index 00000000000000..a30d07b27ed848
 +}
 diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go
 new file mode 100644
-index 00000000000000..cc4bc4f25fefa4
+index 00000000000000..5f005eda956f2c
 --- /dev/null
 +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go
-@@ -0,0 +1,144 @@
+@@ -0,0 +1,152 @@
 +// Copyright (c) Microsoft Corporation.
 +// Licensed under the MIT License.
 +
@@ -30591,10 +30615,18 @@ index 00000000000000..cc4bc4f25fefa4
 +	return newCBC(commoncrypto.KCCEncrypt, c.kind, c.key, iv)
 +}
 +
++func (c *aesCipher) NewFIPSCBCEncrypter(iv []byte) cipher.BlockMode {
++	return newCBC(commoncrypto.KCCEncrypt, c.kind, c.key, iv)
++}
++
 +func (c *aesCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode {
 +	return newCBC(commoncrypto.KCCDecrypt, c.kind, c.key, iv)
 +}
 +
++func (c *aesCipher) NewFIPSCBCDecrypter(iv []byte) cipher.BlockMode {
++	return newCBC(commoncrypto.KCCDecrypt, c.kind, c.key, iv)
++}
++
 +// sliceForAppend is a mirror of crypto/cipher.sliceForAppend.
 +func sliceForAppend(in []byte, n int) (head, tail []byte) {
 +	if total := len(in) + n; cap(in) >= total {
@@ -32023,10 +32055,10 @@ index 00000000000000..82a961d974f129
 +}
 diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go
 new file mode 100644
-index 00000000000000..e03ae435ac563f
+index 00000000000000..a9726c4f8c7590
 --- /dev/null
 +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go
-@@ -0,0 +1,320 @@
+@@ -0,0 +1,331 @@
 +// Copyright (c) Microsoft Corporation.
 +// Licensed under the MIT License.
 +
@@ -32264,6 +32296,17 @@ index 00000000000000..e03ae435ac563f
 +	return h.alg.size
 +}
 +
++// FIPSApproved reports whether this hash algorithm is FIPS 140-3 approved.
++func (h *Hash) FIPSApproved() bool {
++	switch h.alg.ch {
++	case crypto.SHA256, crypto.SHA384, crypto.SHA512,
++		crypto.SHA3_256, crypto.SHA3_384, crypto.SHA3_512:
++		return true
++	default:
++		return false
++	}
++}
++
 +var _ hash.Hash = (*Hash)(nil)
 +var _ HashCloner = (*Hash)(nil)
 +
@@ -33327,10 +33370,10 @@ index 00000000000000..9e841e7a26e4eb
 +    SOFTWARE
 diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go
 new file mode 100644
-index 00000000000000..99fe3c7189d9d2
+index 00000000000000..3c235d27562871
 --- /dev/null
 +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go
-@@ -0,0 +1,427 @@
+@@ -0,0 +1,435 @@
 +// Copyright (c) Microsoft Corporation.
 +// Licensed under the MIT License.
 +
@@ -33424,10 +33467,18 @@ index 00000000000000..99fe3c7189d9d2
 +	return newCBC(true, bcrypt.AES_ALGORITHM, c.key, iv)
 +}
 +
++func (c *aesCipher) NewFIPSCBCEncrypter(iv []byte) cipher.BlockMode {
++	return newCBC(true, bcrypt.AES_ALGORITHM, c.key, iv)
++}
++
 +func (c *aesCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode {
 +	return newCBC(false, bcrypt.AES_ALGORITHM, c.key, iv)
 +}
 +
++func (c *aesCipher) NewFIPSCBCDecrypter(iv []byte) cipher.BlockMode {
++	return newCBC(false, bcrypt.AES_ALGORITHM, c.key, iv)
++}
++
 +type noGCM struct {
 +	cipher.Block
 +}
@@ -35181,10 +35232,10 @@ index 00000000000000..586e9ae2ebb0c9
 +}
 diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go
 new file mode 100644
-index 00000000000000..124f7418740ef4
+index 00000000000000..94572966b49ebf
 --- /dev/null
 +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go
-@@ -0,0 +1,327 @@
+@@ -0,0 +1,338 @@
 +// Copyright (c) Microsoft Corporation.
 +// Licensed under the MIT License.
 +
@@ -35347,6 +35398,17 @@ index 00000000000000..124f7418740ef4
 +var _ hash.Hash = (*Hash)(nil)
 +var _ HashCloner = (*Hash)(nil)
 +
++// FIPSApproved reports whether this hash algorithm is FIPS 140-3 approved.
++func (h *Hash) FIPSApproved() bool {
++	switch h.alg.id {
++	case bcrypt.SHA256_ALGORITHM, bcrypt.SHA384_ALGORITHM, bcrypt.SHA512_ALGORITHM,
++		bcrypt.SHA3_256_ALGORITHM, bcrypt.SHA3_384_ALGORITHM, bcrypt.SHA3_512_ALGORITHM:
++		return true
++	default:
++		return false
++	}
++}
++
 +// Hash implements [hash.Hash].
 +type Hash struct {
 +	alg *hashAlgorithm
@@ -38317,18 +38379,18 @@ index 00000000000000..1722410e5af193
 +	return getSystemDirectory() + "\\" + dll
 +}
 diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
-index 48967bc9ee3bd2..1f87e000dbdbc9 100644
+index 48967bc9ee3bd2..6610ce9386adc8 100644
 --- a/src/vendor/modules.txt
 +++ b/src/vendor/modules.txt
 @@ -1,3 +1,26 @@
-+# github.com/golang-fips/openssl/v2 v2.0.4-0.20260217140351-4e237614ceb4
++# github.com/golang-fips/openssl/v2 v2.0.4-0.20260218141142-bc5414004e2c
 +## explicit; go 1.24
 +github.com/golang-fips/openssl/v2
 +github.com/golang-fips/openssl/v2/bbig
 +github.com/golang-fips/openssl/v2/internal/fakecgo
 +github.com/golang-fips/openssl/v2/internal/ossl
 +github.com/golang-fips/openssl/v2/osslsetup
-+# github.com/microsoft/go-crypto-darwin v0.0.3-0.20260130143703-78cb726ef357
++# github.com/microsoft/go-crypto-darwin v0.0.3-0.20260223145157-54623a1fb9a6
 +## explicit; go 1.24
 +github.com/microsoft/go-crypto-darwin/bbig
 +github.com/microsoft/go-crypto-darwin/internal/commoncrypto
@@ -38337,7 +38399,7 @@ index 48967bc9ee3bd2..1f87e000dbdbc9 100644
 +github.com/microsoft/go-crypto-darwin/internal/security
 +github.com/microsoft/go-crypto-darwin/internal/xsyscall
 +github.com/microsoft/go-crypto-darwin/xcrypto
-+# github.com/microsoft/go-crypto-winnative v0.0.0-20260127024749-832b168a84e9
++# github.com/microsoft/go-crypto-winnative v0.0.0-20260218135539-0dea5b47f571
 +## explicit; go 1.24
 +github.com/microsoft/go-crypto-winnative/cng
 +github.com/microsoft/go-crypto-winnative/cng/bbig