diff --git a/eng/doc/fips/README.md b/eng/doc/fips/README.md index 3addcf40d6d..bd38c21f555 100644 --- a/eng/doc/fips/README.md +++ b/eng/doc/fips/README.md @@ -32,7 +32,7 @@ The Microsoft build of Go modifies the Go runtime to call into a platform-provid Depending on the platform, this is done using cgo or syscalls. This allows Go programs to use a platform-provided FIPS 140 certified crypto library. -On Linux, the fork uses [OpenSSL](https://www.openssl.org/) through the [golang-fips/openssl] module in Go 1.21+ and the [go-crypto-openssl] module in earlier versions. On Windows, [CNG](https://docs.microsoft.com/en-us/windows/win32/seccng/about-cng), using [go-crypto-winnative]. Since 1.24, on macOS, [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) using [go-crypto-darwin]. Similar to BoringSSL, certain OpenSSL, CNG and CommonCrypto/CryptoKit versions are FIPS 140 certified. +On Linux, the fork uses [OpenSSL](https://www.openssl.org/) through the [go-crypto-openssl] module in Go 1.21+ and the [go-crypto-openssl] module in earlier versions. On Windows, [CNG](https://docs.microsoft.com/en-us/windows/win32/seccng/about-cng), using [go-crypto-winnative]. On macOS, [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) using [go-crypto-darwin]. Similar to BoringSSL, certain OpenSSL, CNG and CommonCrypto/CryptoKit versions are FIPS 140 certified. > [!IMPORTANT] > An application built with Microsoft's Go toolchain and running in FIPS compatible mode is not FIPS compliant _per-se_. @@ -394,7 +394,7 @@ The `opensslcrypto` Go runtime supports multiple OpenSSL versions. It discovers Not all OpenSSL versions are supported. OpenSSL does not maintain ABI compatibility between different releases, even if only the patch version is increased, it needs specific attention to implement support. The relative importance of each version also results in a different amount of automated testing that has been implemented for various supported version. These are supported versions and the amount of automated validation for each one: - OpenSSL 1.1.1: the Microsoft CI builds official releases and runs the Go toolset test suite with this version. -- OpenSSL 1.1.0, 1.1.1, and 3.0.2: the [golang-fips/openssl] and [go-crypto-openssl] repository CI tests basic operation, but not the integration with the Go runtime. +- OpenSSL 1.1.0, 1.1.1, and 3.0.2: the [go-crypto-openssl] repository CI tests basic operation, but not the integration with the Go runtime. - Prior to Go 1.25, this list includes 1.0.2. Versions not listed above are not supported at all. @@ -522,7 +522,6 @@ See the [Microsoft build of Go 1.24 FIPS changes](https://devblogs.microsoft.com - For historical information about Go 1.16-1.18, see [the FIPS documentation in the 1.20 release branch](https://github.com/microsoft/go/tree/microsoft/release-branch.go1.20/eng/doc/fips). It includes details about FIPS in 1.18 and the changes in 1.19. [go-crypto-openssl]: https://github.com/microsoft/go-crypto-openssl -[golang-fips/openssl]: https://github.com/golang-fips/openssl [go-crypto-winnative]: https://github.com/microsoft/go-crypto-winnative [go-crypto-darwin]: https://github.com/microsoft/go-crypto-darwin [dlopen]: https://man7.org/linux/man-pages/man3/dlopen.3.html diff --git a/eng/doc/fips/UserGuide.md b/eng/doc/fips/UserGuide.md index af6c9599579..91f9c5b5c5c 100644 --- a/eng/doc/fips/UserGuide.md +++ b/eng/doc/fips/UserGuide.md @@ -97,11 +97,11 @@ The Go crypto documentation is available online at https://pkg.go.dev/crypto. ## The Microsoft build of Go crypto backends -The OpenSSL backend uses [golang-fips/openssl]. +The OpenSSL backend uses [go-crypto-openssl]. The CNG backend uses [go-crypto-winnative]. For more general information about the backends, such as how to enable them, see the [Microsoft build of Go FIPS README](./README.md). -[golang-fips/openssl]: https://github.com/golang-fips/openssl +[go-crypto-openssl]: https://github.com/microsoft/go-crypto-openssl [go-crypto-winnative]: https://github.com/microsoft/go-crypto-winnative > [!NOTE] diff --git a/patches/0001-Vendor-external-dependencies.patch b/patches/0001-Vendor-external-dependencies.patch index d916b69a288..88aad3a50c1 100644 --- a/patches/0001-Vendor-external-dependencies.patch +++ b/patches/0001-Vendor-external-dependencies.patch @@ -37,47 +37,6 @@ Use a 'go' that was recently built by the current branch to ensure stable result src/go.sum | 6 + src/go/build/deps_test.go | 35 +- src/go/build/vendor_test.go | 4 + - .../golang-fips/openssl/v2/.gitignore | 2 + - .../golang-fips/openssl/v2/.gitleaks.toml | 9 + - .../github.com/golang-fips/openssl/v2/LICENSE | 20 + - .../golang-fips/openssl/v2/README.md | 66 + - .../github.com/golang-fips/openssl/v2/aes.go | 146 ++ - .../golang-fips/openssl/v2/bbig/big.go | 37 + - .../github.com/golang-fips/openssl/v2/big.go | 11 + - .../golang-fips/openssl/v2/cipher.go | 654 ++++++ - .../golang-fips/openssl/v2/const.go | 93 + - .../github.com/golang-fips/openssl/v2/des.go | 113 + - .../github.com/golang-fips/openssl/v2/dsa.go | 309 +++ - .../github.com/golang-fips/openssl/v2/ec.go | 67 + - .../github.com/golang-fips/openssl/v2/ecdh.go | 306 +++ - .../golang-fips/openssl/v2/ecdsa.go | 226 ++ - .../golang-fips/openssl/v2/ed25519.go | 229 ++ - .../github.com/golang-fips/openssl/v2/evp.go | 590 +++++ - .../github.com/golang-fips/openssl/v2/hash.go | 455 ++++ - .../golang-fips/openssl/v2/hashclone.go | 14 + - .../golang-fips/openssl/v2/hashclone_go125.go | 9 + - .../github.com/golang-fips/openssl/v2/hkdf.go | 434 ++++ - .../github.com/golang-fips/openssl/v2/hmac.go | 283 +++ - .../github.com/golang-fips/openssl/v2/init.go | 157 ++ - .../golang-fips/openssl/v2/init_unix.go | 31 + - .../golang-fips/openssl/v2/init_windows.go | 36 + - .../openssl/v2/internal/ossl/errors.go | 119 + - .../openssl/v2/internal/ossl/ossl.go | 81 + - .../openssl/v2/internal/ossl/shims.h | 399 ++++ - .../openssl/v2/internal/ossl/zossl.c | 1924 +++++++++++++++++ - .../openssl/v2/internal/ossl/zossl.go | 1329 ++++++++++++ - .../openssl/v2/internal/ossl/zossl.h | 335 +++ - .../openssl/v2/internal/ossl/zossl_go124.go | 37 + - .../golang-fips/openssl/v2/openssl.go | 384 ++++ - .../golang-fips/openssl/v2/params.go | 195 ++ - .../golang-fips/openssl/v2/pbkdf2.go | 55 + - .../golang-fips/openssl/v2/provideropenssl.go | 239 ++ - .../openssl/v2/providersymcrypt.go | 338 +++ - .../github.com/golang-fips/openssl/v2/rand.go | 22 + - .../github.com/golang-fips/openssl/v2/rc4.go | 69 + - .../github.com/golang-fips/openssl/v2/rsa.go | 366 ++++ - .../golang-fips/openssl/v2/tls1prf.go | 159 ++ - .../github.com/golang-fips/openssl/v2/zaes.go | 86 + .../microsoft/go-crypto-darwin/LICENSE | 21 + .../microsoft/go-crypto-darwin/bbig/big.go | 31 + .../internal/cryptokit/CryptoKit.o | Bin 0 -> 208856 bytes @@ -109,6 +68,44 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../microsoft/go-crypto-darwin/xcrypto/rc4.go | 83 + .../microsoft/go-crypto-darwin/xcrypto/rsa.go | 194 ++ .../go-crypto-darwin/xcrypto/xcrypto.go | 49 + + .../microsoft/go-crypto-openssl/LICENSE | 20 + + .../microsoft/go-crypto-openssl/bbig/big.go | 37 + + .../go-crypto-openssl/internal/ossl/errors.go | 119 + + .../go-crypto-openssl/internal/ossl/ossl.go | 81 + + .../go-crypto-openssl/internal/ossl/shims.h | 399 ++++ + .../go-crypto-openssl/internal/ossl/zossl.c | 1924 +++++++++++++++++ + .../go-crypto-openssl/internal/ossl/zossl.go | 1329 ++++++++++++ + .../go-crypto-openssl/internal/ossl/zossl.h | 335 +++ + .../internal/ossl/zossl_go124.go | 37 + + .../go-crypto-openssl/openssl/aes.go | 146 ++ + .../go-crypto-openssl/openssl/big.go | 11 + + .../go-crypto-openssl/openssl/cipher.go | 654 ++++++ + .../go-crypto-openssl/openssl/const.go | 93 + + .../go-crypto-openssl/openssl/des.go | 113 + + .../go-crypto-openssl/openssl/dsa.go | 309 +++ + .../microsoft/go-crypto-openssl/openssl/ec.go | 67 + + .../go-crypto-openssl/openssl/ecdh.go | 306 +++ + .../go-crypto-openssl/openssl/ecdsa.go | 226 ++ + .../go-crypto-openssl/openssl/ed25519.go | 229 ++ + .../go-crypto-openssl/openssl/evp.go | 590 +++++ + .../go-crypto-openssl/openssl/hash.go | 455 ++++ + .../go-crypto-openssl/openssl/hashclone.go | 14 + + .../openssl/hashclone_go125.go | 9 + + .../go-crypto-openssl/openssl/hkdf.go | 434 ++++ + .../go-crypto-openssl/openssl/hmac.go | 283 +++ + .../go-crypto-openssl/openssl/init.go | 157 ++ + .../go-crypto-openssl/openssl/init_unix.go | 31 + + .../go-crypto-openssl/openssl/init_windows.go | 36 + + .../go-crypto-openssl/openssl/openssl.go | 384 ++++ + .../go-crypto-openssl/openssl/params.go | 195 ++ + .../go-crypto-openssl/openssl/pbkdf2.go | 55 + + .../openssl/provideropenssl.go | 239 ++ + .../openssl/providersymcrypt.go | 338 +++ + .../go-crypto-openssl/openssl/rand.go | 22 + + .../go-crypto-openssl/openssl/rc4.go | 69 + + .../go-crypto-openssl/openssl/rsa.go | 366 ++++ + .../go-crypto-openssl/openssl/tls1prf.go | 159 ++ + .../go-crypto-openssl/openssl/zaes.go | 86 + .../microsoft/go-crypto-winnative/LICENSE | 21 + .../microsoft/go-crypto-winnative/cng/aes.go | 427 ++++ .../go-crypto-winnative/cng/bbig/big.go | 31 + @@ -137,7 +134,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 + src/vendor/modules.txt | 17 + - 129 files changed, 19092 insertions(+), 7 deletions(-) + 126 files changed, 19015 insertions(+), 7 deletions(-) create mode 100644 src/cmd/internal/telemetry/counter/deps_ignore.go create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/LICENSE create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/README.md @@ -160,47 +157,6 @@ Use a 'go' that was recently built by the current branch to ensure stable result create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/internal/telemetry/telemetry.go create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/telemetry.go create mode 100644 src/crypto/internal/backend/deps_ignore.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/LICENSE - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/README.md - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/aes.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/bbig/big.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/big.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/cipher.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/const.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/des.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/dsa.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/ec.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/ecdh.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/ed25519.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/evp.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/hash.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/hashclone.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/hashclone_go125.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/hkdf.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/hmac.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/init.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/init_unix.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/init_windows.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/ossl.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/shims.h - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.c - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.h - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_go124.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/openssl.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/params.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/provideropenssl.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/providersymcrypt.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/rand.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/rc4.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/rsa.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/zaes.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit.o @@ -232,6 +188,44 @@ Use a 'go' that was recently built by the current branch to ensure stable result create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/xcrypto.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/LICENSE + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/bbig/big.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/ossl.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/shims.h + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.c + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.h + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl_go124.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/aes.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/big.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/cipher.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/const.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/des.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/dsa.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ec.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdh.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdsa.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ed25519.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/evp.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hash.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hashclone.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hashclone_go125.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hkdf.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hmac.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/init.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/init_unix.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/init_windows.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/params.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/pbkdf2.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/provideropenssl.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/providersymcrypt.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rand.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rc4.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rsa.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/tls1prf.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/zaes.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/LICENSE create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/bbig/big.go @@ -1893,7 +1887,7 @@ index 542b27f2be9fe5..3d920e92c51813 100644 golang.org/x/arch/arm/armasm diff --git a/src/crypto/internal/backend/deps_ignore.go b/src/crypto/internal/backend/deps_ignore.go new file mode 100644 -index 00000000000000..ae4055d2d71303 +index 00000000000000..f5dc9afe4b0ead --- /dev/null +++ b/src/crypto/internal/backend/deps_ignore.go @@ -0,0 +1,22 @@ @@ -1906,8 +1900,8 @@ index 00000000000000..ae4055d2d71303 +package main + +import ( -+ _ "github.com/golang-fips/openssl/v2" -+ _ "github.com/golang-fips/openssl/v2/bbig" ++ _ "github.com/microsoft/go-crypto-openssl/bbig" ++ _ "github.com/microsoft/go-crypto-openssl/openssl" + + _ "github.com/microsoft/go-crypto-darwin/bbig" + _ "github.com/microsoft/go-crypto-darwin/xcrypto" @@ -1920,7 +1914,7 @@ index 00000000000000..ae4055d2d71303 +// that are used by the backend package. This allows to track +// their versions in a single patch file. diff --git a/src/go.mod b/src/go.mod -index 83bcb73a5d1fd5..7c485f1c2c45a2 100644 +index 83bcb73a5d1fd5..1eb2a37cfd88d1 100644 --- a/src/go.mod +++ b/src/go.mod @@ -11,3 +11,9 @@ require ( @@ -1929,26 +1923,26 @@ index 83bcb73a5d1fd5..7c485f1c2c45a2 100644 ) + +require ( -+ github.com/golang-fips/openssl/v2 v2.0.4-0.20260419202439-d4b2f5e5072f + github.com/microsoft/go-crypto-darwin v0.0.2-0.20250714125817-871ed82e87d7 ++ github.com/microsoft/go-crypto-openssl v0.0.0-20260521141647-8d2a891ca446 + github.com/microsoft/go-crypto-winnative v0.0.0-20250703113837-e4483837c98b +) diff --git a/src/go.sum b/src/go.sum -index e61a311a128012..1bd71a30ee7881 100644 +index e61a311a128012..42117e45cb313a 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,9 @@ -+github.com/golang-fips/openssl/v2 v2.0.4-0.20260419202439-d4b2f5e5072f h1:jcrhdAeUfhJg4QUhbYv0nNSvxz7DqAM4jtgesR0PVOg= -+github.com/golang-fips/openssl/v2 v2.0.4-0.20260419202439-d4b2f5e5072f/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= +github.com/microsoft/go-crypto-darwin v0.0.2-0.20250714125817-871ed82e87d7 h1:6a0YcJOAJWLtEqDW55bUhhe4Nx/9Rpmm80KVMUxD6B4= +github.com/microsoft/go-crypto-darwin v0.0.2-0.20250714125817-871ed82e87d7/go.mod h1:LyP4oZ0QcysEJdqUTOk9ngNFArRFK94YRImkoJ8julQ= ++github.com/microsoft/go-crypto-openssl v0.0.0-20260521141647-8d2a891ca446 h1:2DvoWXOQqjeb/Tjlvg46BEXNMcm+KtjtD4IG6kyDiy8= ++github.com/microsoft/go-crypto-openssl v0.0.0-20260521141647-8d2a891ca446/go.mod h1:zcqLMscmUJNmPj62PZjpwThp7/Un27PHel+yazZdMzs= +github.com/microsoft/go-crypto-winnative v0.0.0-20250703113837-e4483837c98b h1:Yf6lm9r6Aid3PG5FoeSX2v4iU+xWnAmCRQNjBxgceWI= +github.com/microsoft/go-crypto-winnative v0.0.0-20250703113837-e4483837c98b/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= golang.org/x/net v0.41.1-0.20260417201234-a9171bc8c6f1 h1:m1pqrn0a8dUQblLBpuciZTjkJ34uU561s+HLlQi2Kec= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 641d1a325a5c07..9bfef9e125e8d3 100644 +index 641d1a325a5c07..4145c70f62440e 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -521,6 +521,24 @@ var depsRules = ` @@ -1964,8 +1958,8 @@ index 641d1a325a5c07..9bfef9e125e8d3 100644 + crypto/subtle, + hash, + crypto/cipher -+ < github.com/golang-fips/openssl/v2/internal/ossl -+ < github.com/golang-fips/openssl/v2 ++ < github.com/microsoft/go-crypto-openssl/internal/ossl ++ < github.com/microsoft/go-crypto-openssl/openssl + < github.com/microsoft/go-crypto-darwin/internal/cryptokit + < github.com/microsoft/go-crypto-darwin/xcrypto + < github.com/microsoft/go-crypto-winnative/internal/subtle @@ -1998,7 +1992,7 @@ index 641d1a325a5c07..9bfef9e125e8d3 100644 # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. -+ math/big, github.com/golang-fips/openssl/v2 < github.com/golang-fips/openssl/v2/bbig; ++ math/big, github.com/microsoft/go-crypto-openssl/openssl < github.com/microsoft/go-crypto-openssl/bbig; + math/big, github.com/microsoft/go-crypto-darwin/xcrypto < github.com/microsoft/go-crypto-darwin/bbig; + math/big, github.com/microsoft/go-crypto-winnative/cng < github.com/microsoft/go-crypto-winnative/cng/bbig; + @@ -2019,10771 +2013,90 @@ index 641d1a325a5c07..9bfef9e125e8d3 100644 var imports []string var haveImport = map[string]bool{} - if pkg == "crypto/internal/boring" { -+ if pkg == "crypto/internal/boring" || strings.HasPrefix(pkg, "github.com/golang-fips/openssl/v2") || strings.HasPrefix(pkg, "github.com/microsoft/go-crypto-darwin") { ++ if pkg == "crypto/internal/boring" || strings.HasPrefix(pkg, "github.com/microsoft/go-crypto-openssl/") || strings.HasPrefix(pkg, "github.com/microsoft/go-crypto-darwin") { haveImport["C"] = true // kludge: prevent C from appearing in crypto/internal/boring imports } fset := token.NewFileSet() diff --git a/src/go/build/vendor_test.go b/src/go/build/vendor_test.go -index 7f6237ffd59c11..8f68bc361081f1 100644 +index 7f6237ffd59c11..18a3b42927d800 100644 --- a/src/go/build/vendor_test.go +++ b/src/go/build/vendor_test.go @@ -22,6 +22,10 @@ var allowedPackagePrefixes = []string{ "github.com/google/pprof", "github.com/ianlancetaylor/demangle", "rsc.io/markdown", -+ "github.com/golang-fips/openssl", ++ "github.com/microsoft/go-crypto-openssl", + "github.com/microsoft/go-crypto-winnative", + "github.com/microsoft/go-crypto-darwin", + "github.com/microsoft/go-infra/telemetry", } // Verify that the vendor directories contain only packages matching the list above. -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/.gitignore b/src/vendor/github.com/golang-fips/openssl/v2/.gitignore -new file mode 100644 -index 00000000000000..b6c942fc91eec7 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/.gitignore -@@ -0,0 +1,2 @@ -+**/.DS_Store -+.vscode/ -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml b/src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml -new file mode 100644 -index 00000000000000..aed2e22df2d555 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml -@@ -0,0 +1,9 @@ -+# -+# GitLeaks Repo Specific Configuration -+# -+# This allowlist is used to ignore false positives during secret scans. -+ -+[allowlist] -+paths = [ -+ 'ecdh_test.go', -+] -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/LICENSE b/src/vendor/github.com/golang-fips/openssl/v2/LICENSE -new file mode 100644 -index 00000000000000..97e85154015761 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/LICENSE -@@ -0,0 +1,20 @@ -+The MIT License (MIT) -+ -+Copyright (c) 2022 The Golang FIPS Authors -+ -+Permission is hereby granted, free of charge, to any person obtaining a copy of -+this software and associated documentation files (the "Software"), to deal in -+the Software without restriction, including without limitation the rights to -+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -+the Software, and to permit persons to whom the Software is furnished to do so, -+subject to the following conditions: -+ -+The above copyright notice and this permission notice shall be included in all -+copies or substantial portions of the Software. -+ -+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -\ No newline at end of file -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/README.md b/src/vendor/github.com/golang-fips/openssl/v2/README.md -new file mode 100644 -index 00000000000000..f63cf39e70c064 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/README.md -@@ -0,0 +1,66 @@ -+# Go OpenSSL bindings for FIPS compliance -+ -+[![Go Reference](https://pkg.go.dev/badge/github.com/golang-fips/openssl.svg)](https://pkg.go.dev/github.com/golang-fips/openssl) -+ -+The `openssl` package implements Go crypto primitives using OpenSSL shared libraries and cgo. When configured correctly, OpenSSL can be executed in FIPS mode, making the `openssl` package FIPS compliant. -+ -+The `openssl` package is designed to be used as a drop-in replacement for the [boring](https://pkg.go.dev/crypto/internal/boring) package in order to facilitate integrating `openssl` inside a forked Go toolchain. -+ -+## Disclaimer -+ -+A program directly or indirectly using this package in FIPS mode can claim it is using a FIPS-certified cryptographic module (OpenSSL), but it can't claim the program as a whole is FIPS certified without passing the certification process, nor claim it is FIPS compliant without ensuring all crypto APIs and workflows are implemented in a FIPS-compliant manner. -+ -+## Background -+ -+FIPS 140-2 is a U.S. government computer security standard used to approve cryptographic modules. FIPS compliance may come up when working with U.S. government and other regulated industries. -+ -+### Go FIPS compliance -+ -+The Go `crypto` package is not FIPS certified, and the Go team has stated that it won't be, e.g. in [golang/go/issues/21734](https://github.com/golang/go/issues/21734#issuecomment-326980213) Adam Langley says: -+ -+> The status of FIPS 140 for Go itself remains "no plans, basically zero chance". -+ -+On the other hand, Google maintains a branch that uses cgo and BoringSSL to implement various crypto primitives: https://github.com/golang/go/blob/dev.boringcrypto/README.boringcrypto.md. As BoringSSL is FIPS 140-2 certified, an application using that branch is more likely to be FIPS 140-2 compliant, yet Google does not provide any liability about the suitability of this code in relation to the FIPS 140-2 standard. -+ -+## Features -+ -+### Multiple OpenSSL versions supported -+ -+The `openssl` package has support for multiple OpenSSL versions, namely 1.1.0, 1.1.1 and 3.x. -+ -+All supported OpenSSL versions pass a small set of automatic tests that ensure they can be built and that there are no major regressions. -+These tests do not validate the cryptographic correctness of the `openssl` package. -+ -+On top of that, the [golang-fips Go fork](https://github.com/golang-fips/go) (maintained by Red Hat) and the [Microsoft build of Go](https://github.com/microsoft/go) test a subset of the supported OpenSSL versions when integrated with the Go `crypto` package. -+These tests are much more exhaustive and validate a specific OpenSSL version can produce working applications. -+ -+### Building without OpenSSL headers -+ -+The `openssl` package does not use any symbol from the OpenSSL headers. There is no need that have them installed to build an application which imports this library. -+ -+The CI tests in this repository verify that all the functions and constants defined in our headers match the ones in the OpenSSL headers for every supported OpenSSL version. -+ -+### Portable OpenSSL -+ -+The OpenSSL bindings are implemented in such a way that the OpenSSL version available when building a program does not have to match with the OpenSSL version used when running it. -+In fact, OpenSSL doesn't need to be present on the builder. -+For example, using the `openssl` package and `go build .` on a Windows host with `GOOS=linux` can produce a program that successfully runs on Linux and uses OpenSSL. -+ -+This feature does not require any additional configuration, but it only works with OpenSSL versions known and supported by the Go toolchain that integrates the `openssl` package. -+ -+## Limitations -+ -+- Only Unix, Unix-like and Windows platforms are supported. -+- The build must set `CGO_ENABLED=1`. -+ -+## Acknowledgements -+ -+The work done to support FIPS compatibility mode leverages code and ideas from other open-source projects: -+ -+- All crypto stubs are a mirror of Google's [dev.boringcrypto branch](https://github.com/golang/go/tree/dev.boringcrypto) and the release branch ports of that branch. -+- The mapping between BoringSSL and OpenSSL APIs is taken from the former [Red Hat Go fork](https://pagure.io/go). -+- The portable OpenSSL implementation is ported from Microsoft's [.NET runtime](https://github.com/dotnet/runtime) cryptography module. -+ -+## Code of Conduct -+ -+This project adopts the Go code of conduct: https://go.dev/conduct. -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/aes.go b/src/vendor/github.com/golang-fips/openssl/v2/aes.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE b/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE new file mode 100644 -index 00000000000000..3b3e247e86c8ae +index 00000000000000..9e841e7a26e4eb --- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/aes.go -@@ -0,0 +1,146 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "crypto/cipher" -+ "errors" -+) -+ -+//go:generate go run github.com/golang-fips/openssl/v2/cmd/genaesmodes -in aes.go -modes CBC,CTR,GCM -out zaes.go -+//go:generate go run github.com/golang-fips/openssl/v2/cmd/gentestvectors -out vectors_test.go -+ -+// Steps to support a new AES mode, e.g. `FOO`: -+// 1. Add `FOO` to the list of modes in the `genaesmodes` command. -+// 2. Run `go generate` to update the generated code. -+// 3. Implement the necessary interfaces for the new struct, which will be named `cipherWithFOO`. -+ -+// NewAESCipher creates and returns a new AES cipher.Block. -+// The key argument should be the AES key, either 16, 24, or 32 bytes to select -+// AES-128, AES-192, or AES-256. -+// The returned cipher.Block implements the CBC, CTR, and/or GCM modes if -+// the underlying OpenSSL library supports them. -+func NewAESCipher(key []byte) (cipher.Block, error) { -+ var kind cipherKind -+ switch len(key) * 8 { -+ case 128: -+ kind = cipherAES128 -+ case 192: -+ kind = cipherAES192 -+ case 256: -+ kind = cipherAES256 -+ default: -+ return nil, errors.New("crypto/aes: invalid key size") -+ } -+ c, err := newEVPCipher(key, kind) -+ if err != nil { -+ return nil, err -+ } -+ return newAESBlock(c, kind), nil -+} -+ -+// NewGCMTLS returns a GCM cipher specific to TLS -+// and should not be used for non-TLS purposes. -+func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { -+ if c, ok := c.(interface { -+ NewGCMTLS() (cipher.AEAD, error) -+ }); ok { -+ return c.NewGCMTLS() -+ } -+ return nil, errors.New("GCM not supported") -+} -+ -+// NewGCMTLS13 returns a GCM cipher specific to TLS 1.3 and should not be used -+// for non-TLS purposes. -+func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { -+ if c, ok := c.(interface { -+ NewGCMTLS13() (cipher.AEAD, error) -+ }); ok { -+ return c.NewGCMTLS13() -+ } -+ return nil, errors.New("GCM not supported") -+} -+ -+// aesCipher implements the cipher.Block interface. -+type aesCipher struct { -+ cipher *evpCipher -+} -+ -+func (c aesCipher) BlockSize() int { -+ return c.cipher.blockSize -+} -+ -+func (c aesCipher) Encrypt(dst, src []byte) { -+ if err := c.cipher.encrypt(dst, src); err != nil { -+ // crypto/aes expects that the panic message starts with "crypto/aes: ". -+ panic("crypto/aes: " + err.Error()) -+ } -+} -+ -+func (c aesCipher) Decrypt(dst, src []byte) { -+ if err := c.cipher.decrypt(dst, src); err != nil { -+ // crypto/aes expects that the panic message starts with "crypto/aes: ". -+ panic("crypto/aes: " + err.Error()) -+ } -+} -+ -+// Implement optional interfaces for AES modes. -+ -+func (c cipherWithCBC) NewCBCEncrypter(iv []byte) cipher.BlockMode { -+ return c.cipher.newCBC(iv, cipherOpEncrypt) -+} -+ -+func (c cipherWithCBC) NewCBCDecrypter(iv []byte) cipher.BlockMode { -+ return c.cipher.newCBC(iv, cipherOpDecrypt) -+} -+ -+func (c cipherWithCTR) NewCTR(iv []byte) cipher.Stream { -+ return c.cipher.newCTR(iv) -+} -+ -+func (c cipherWithGCM) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) { -+ return c.cipher.newGCMChecked(nonceSize, tagSize) -+} -+ -+func (c cipherWithGCM) NewGCMTLS() (cipher.AEAD, error) { -+ return c.cipher.newGCM(cipherGCMTLS12) -+} -+ -+func (c cipherWithGCM) NewGCMTLS13() (cipher.AEAD, error) { -+ return c.cipher.newGCM(cipherGCMTLS13) -+} -+ -+// The following interfaces have been copied out of crypto/aes/modes.go. -+ -+type gcmAble interface { -+ NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) -+} -+ -+type cbcEncAble interface { -+ NewCBCEncrypter(iv []byte) cipher.BlockMode -+} -+ -+type cbcDecAble interface { -+ NewCBCDecrypter(iv []byte) cipher.BlockMode -+} -+ -+type ctrAble interface { -+ NewCTR(iv []byte) cipher.Stream -+} -+ -+// Test that the interfaces are implemented. ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE +@@ -0,0 +1,21 @@ ++ MIT License + -+var ( -+ _ cipher.Block = (*aesCipher)(nil) ++ Copyright (c) Microsoft Corporation. + -+ _ cipher.Block = (*cipherWithCBC)(nil) -+ _ cbcEncAble = (*cipherWithCBC)(nil) -+ _ cbcDecAble = (*cipherWithCBC)(nil) ++ Permission is hereby granted, free of charge, to any person obtaining a copy ++ of this software and associated documentation files (the "Software"), to deal ++ in the Software without restriction, including without limitation the rights ++ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ copies of the Software, and to permit persons to whom the Software is ++ furnished to do so, subject to the following conditions: + -+ _ cipher.Block = (*cipherWithCTR)(nil) -+ _ ctrAble = (*cipherWithCTR)(nil) ++ The above copyright notice and this permission notice shall be included in all ++ copies or substantial portions of the Software. + -+ _ cipher.Block = (*cipherWithGCM)(nil) -+ _ gcmAble = (*cipherWithGCM)(nil) -+) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/bbig/big.go b/src/vendor/github.com/golang-fips/openssl/v2/bbig/big.go ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ SOFTWARE +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go b/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go new file mode 100644 -index 00000000000000..a81cbdbef93148 +index 00000000000000..73891afeab93d7 --- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/bbig/big.go -@@ -0,0 +1,37 @@ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This is a mirror of -+// https://github.com/golang/go/blob/36b87f273cc43e21685179dc1664ebb5493d26ae/src/crypto/internal/boring/bbig/big.go. ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go +@@ -0,0 +1,31 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + +package bbig + +import ( + "math/big" -+ "unsafe" + -+ "github.com/golang-fips/openssl/v2" ++ "github.com/microsoft/go-crypto-darwin/xcrypto" +) + -+func Enc(b *big.Int) openssl.BigInt { ++func Enc(b *big.Int) xcrypto.BigInt { + if b == nil { + return nil + } -+ x := b.Bits() ++ x := b.Bytes() + if len(x) == 0 { -+ return openssl.BigInt{} ++ return xcrypto.BigInt{} + } -+ return unsafe.Slice((*uint)(&x[0]), len(x)) ++ return x +} + -+func Dec(b openssl.BigInt) *big.Int { ++func Dec(b xcrypto.BigInt) *big.Int { + if b == nil { + return nil + } + if len(b) == 0 { + return new(big.Int) + } -+ x := unsafe.Slice((*big.Word)(&b[0]), len(b)) -+ return new(big.Int).SetBits(x) ++ return new(big.Int).SetBytes(b) +} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/big.go b/src/vendor/github.com/golang-fips/openssl/v2/big.go -new file mode 100644 -index 00000000000000..6461f241f863fc ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/big.go -@@ -0,0 +1,11 @@ -+package openssl -+ -+// This file does not have build constraints to -+// facilitate using BigInt in Go crypto. -+// Go crypto references BigInt unconditionally, -+// even if it is not finally used. -+ -+// A BigInt is the raw words from a BigInt. -+// This definition allows us to avoid importing math/big. -+// Conversion between BigInt and *big.Int is in openssl/bbig. -+type BigInt []uint -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/cipher.go b/src/vendor/github.com/golang-fips/openssl/v2/cipher.go -new file mode 100644 -index 00000000000000..e2b90fc0e9bfd4 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/cipher.go -@@ -0,0 +1,654 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+ -+import ( -+ "crypto/cipher" -+ "errors" -+ "runtime" -+ "strconv" -+ "sync" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+type cipherKind int8 -+ -+const ( -+ cipherAES128 cipherKind = iota -+ cipherAES192 -+ cipherAES256 -+ cipherDES -+ cipherDES3 -+ cipherRC4 -+) -+ -+func (c cipherKind) String() string { -+ switch c { -+ case cipherAES128: -+ return "AES-128" -+ case cipherAES192: -+ return "AES-192" -+ case cipherAES256: -+ return "AES-256" -+ case cipherDES: -+ return "DES" -+ case cipherDES3: -+ return "DES3" -+ case cipherRC4: -+ return "RC4" -+ default: -+ panic("unknown cipher kind: " + strconv.Itoa(int(c))) -+ } -+} -+ -+type cipherMode int8 -+ -+const ( -+ cipherModeNone cipherMode = -1 -+ cipherModeECB cipherMode = iota -+ cipherModeCBC -+ cipherModeCTR -+ cipherModeGCM -+) -+ -+// cipherOp is the allowed operations for a cipher, -+// as documented in [EVP_CipherInit_ex]. -+// -+// [EVP_CipherInit_ex]: https://www.openssl.org/docs/man3.0/man3/EVP_CipherInit_ex.html -+type cipherOp int8 -+ -+const ( -+ cipherOpNone cipherOp = -1 // leaves the value of the previous call, if any. -+ cipherOpDecrypt cipherOp = 0 -+ cipherOpEncrypt cipherOp = 1 -+) -+ -+// cacheCipher is a cache of cipherKind to GO_EVP_CIPHER_PTR. -+var cacheCipher sync.Map -+ -+type cacheCipherKey struct { -+ kind cipherKind -+ mode cipherMode -+} -+ -+// loadCipher returns a cipher object for the given k. -+func loadCipher(k cipherKind, mode cipherMode) (cipher ossl.EVP_CIPHER_PTR) { -+ if v, ok := cacheCipher.Load(cacheCipherKey{k, mode}); ok { -+ return v.(ossl.EVP_CIPHER_PTR) -+ } -+ defer func() { -+ if cipher != nil && vMajor == 3 { -+ // On OpenSSL 3, directly operating on a EVP_CIPHER object -+ // not created by EVP_CIPHER has negative performance -+ // implications, as cipher operations will have -+ // to fetch it on every call. Better to just fetch it once here. -+ cipher, _ = ossl.EVP_CIPHER_fetch(nil, ossl.EVP_CIPHER_get0_name(cipher), nil) -+ } -+ cacheCipher.Store(cacheCipherKey{k, mode}, cipher) -+ }() -+ switch k { -+ case cipherAES128: -+ switch mode { -+ case cipherModeECB: -+ cipher = ossl.EVP_aes_128_ecb() -+ case cipherModeCBC: -+ cipher = ossl.EVP_aes_128_cbc() -+ case cipherModeCTR: -+ cipher = ossl.EVP_aes_128_ctr() -+ case cipherModeGCM: -+ cipher = ossl.EVP_aes_128_gcm() -+ } -+ case cipherAES192: -+ switch mode { -+ case cipherModeECB: -+ cipher = ossl.EVP_aes_192_ecb() -+ case cipherModeCBC: -+ cipher = ossl.EVP_aes_192_cbc() -+ case cipherModeCTR: -+ cipher = ossl.EVP_aes_192_ctr() -+ case cipherModeGCM: -+ cipher = ossl.EVP_aes_192_gcm() -+ } -+ case cipherAES256: -+ switch mode { -+ case cipherModeECB: -+ cipher = ossl.EVP_aes_256_ecb() -+ case cipherModeCBC: -+ cipher = ossl.EVP_aes_256_cbc() -+ case cipherModeCTR: -+ cipher = ossl.EVP_aes_256_ctr() -+ case cipherModeGCM: -+ cipher = ossl.EVP_aes_256_gcm() -+ } -+ case cipherDES: -+ switch mode { -+ case cipherModeECB: -+ cipher = ossl.EVP_des_ecb() -+ case cipherModeCBC: -+ cipher = ossl.EVP_des_cbc() -+ } -+ case cipherDES3: -+ switch mode { -+ case cipherModeECB: -+ cipher = ossl.EVP_des_ede3_ecb() -+ case cipherModeCBC: -+ cipher = ossl.EVP_des_ede3_cbc() -+ } -+ case cipherRC4: -+ cipher = ossl.EVP_rc4() -+ } -+ return cipher -+} -+ -+type evpCipher struct { -+ key []byte -+ kind cipherKind -+ blockSize int -+} -+ -+func newEVPCipher(key []byte, kind cipherKind) (*evpCipher, error) { -+ cipher := loadCipher(kind, cipherModeECB) -+ if cipher == nil { -+ return nil, errors.New("crypto/cipher: unsupported cipher: " + kind.String()) -+ } -+ c := &evpCipher{key: make([]byte, len(key)), kind: kind} -+ copy(c.key, key) -+ c.blockSize = int(ossl.EVP_CIPHER_get_block_size(cipher)) -+ return c, nil -+} -+ -+func (c *evpCipher) encrypt(dst, src []byte) error { -+ if len(src) < c.blockSize { -+ return errors.New("input not full block") -+ } -+ if len(dst) < c.blockSize { -+ return errors.New("output not full block") -+ } -+ // Only check for overlap between the parts of src and dst that will actually be used. -+ // This matches Go standard library behavior. -+ if inexactOverlap(dst[:c.blockSize], src[:c.blockSize]) { -+ return errors.New("invalid buffer overlap") -+ } -+ enc_ctx, err := newCipherCtx(c.kind, cipherModeECB, cipherOpEncrypt, c.key, nil) -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_CIPHER_CTX_free(enc_ctx) -+ -+ var outl int32 -+ if _, err := ossl.EVP_EncryptUpdate(enc_ctx, base(dst), &outl, base(src), int32(c.blockSize)); err != nil { -+ return err -+ } -+ runtime.KeepAlive(c) -+ return nil -+} -+ -+func (c *evpCipher) decrypt(dst, src []byte) error { -+ if len(src) < c.blockSize { -+ return errors.New("input not full block") -+ } -+ if len(dst) < c.blockSize { -+ return errors.New("output not full block") -+ } -+ // Only check for overlap between the parts of src and dst that will actually be used. -+ // This matches Go standard library behavior. -+ if inexactOverlap(dst[:c.blockSize], src[:c.blockSize]) { -+ return errors.New("invalid buffer overlap") -+ } -+ dec_ctx, err := newCipherCtx(c.kind, cipherModeECB, cipherOpDecrypt, c.key, nil) -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_CIPHER_CTX_free(dec_ctx) -+ -+ if _, err := ossl.EVP_CIPHER_CTX_set_padding(dec_ctx, 0); err != nil { -+ return err -+ } -+ -+ var outl int32 -+ ossl.EVP_DecryptUpdate(dec_ctx, base(dst), &outl, base(src), int32(c.blockSize)) -+ runtime.KeepAlive(c) -+ return nil -+} -+ -+type cipherCBC struct { -+ ctx ossl.EVP_CIPHER_CTX_PTR -+ blockSize int -+} -+ -+func (c *cipherCBC) finalize() { -+ ossl.EVP_CIPHER_CTX_free(c.ctx) -+} -+ -+func (x *cipherCBC) BlockSize() int { return x.blockSize } -+ -+func (x *cipherCBC) CryptBlocks(dst, src []byte) { -+ if inexactOverlap(dst, src) { -+ panic("crypto/cipher: invalid buffer overlap") -+ } -+ if len(src)%x.blockSize != 0 { -+ panic("crypto/cipher: input not full blocks") -+ } -+ if len(dst) < len(src) { -+ panic("crypto/cipher: output smaller than input") -+ } -+ if len(src) > 0 { -+ var outl int32 -+ if _, err := ossl.EVP_CipherUpdate(x.ctx, base(dst), &outl, base(src), int32(len(src))); err != nil { -+ panic("crypto/cipher: " + err.Error()) -+ } -+ runtime.KeepAlive(x) -+ } -+} -+ -+func (x *cipherCBC) SetIV(iv []byte) { -+ if len(iv) != x.blockSize { -+ panic("crypto/cipher: incorrect length IV") -+ } -+ if _, err := ossl.EVP_CipherInit_ex(x.ctx, nil, nil, nil, base(iv), int32(cipherOpNone)); err != nil { -+ panic("crypto/cipher: " + err.Error()) -+ } -+} -+ -+func (c *evpCipher) newCBC(iv []byte, op cipherOp) cipher.BlockMode { -+ ctx, err := newCipherCtx(c.kind, cipherModeCBC, op, c.key, iv) -+ if err != nil { -+ panic(err) -+ } -+ x := &cipherCBC{ctx: ctx, blockSize: c.blockSize} -+ runtime.SetFinalizer(x, (*cipherCBC).finalize) -+ if _, err := ossl.EVP_CIPHER_CTX_set_padding(x.ctx, 0); err != nil { -+ panic("crypto/cipher: " + err.Error()) -+ } -+ return x -+} -+ -+type cipherCTR struct { -+ ctx ossl.EVP_CIPHER_CTX_PTR -+} -+ -+func (x *cipherCTR) XORKeyStream(dst, src []byte) { -+ if inexactOverlap(dst, src) { -+ panic("crypto/cipher: invalid buffer overlap") -+ } -+ if len(dst) < len(src) { -+ panic("crypto/cipher: output smaller than input") -+ } -+ if len(src) == 0 { -+ return -+ } -+ var outl int32 -+ if _, err := ossl.EVP_EncryptUpdate(x.ctx, base(dst), &outl, base(src), int32(len(src))); err != nil { -+ panic("crypto/cipher: " + err.Error()) -+ } -+ runtime.KeepAlive(x) -+} -+ -+func (c *evpCipher) newCTR(iv []byte) cipher.Stream { -+ ctx, err := newCipherCtx(c.kind, cipherModeCTR, cipherOpEncrypt, c.key, iv) -+ if err != nil { -+ panic(err) -+ } -+ x := &cipherCTR{ctx: ctx} -+ runtime.SetFinalizer(x, (*cipherCTR).finalize) -+ return x -+} -+ -+func (c *cipherCTR) finalize() { -+ ossl.EVP_CIPHER_CTX_free(c.ctx) -+} -+ -+type cipherGCMTLS uint8 -+ -+const ( -+ cipherGCMTLSNone cipherGCMTLS = iota -+ cipherGCMTLS12 -+ cipherGCMTLS13 -+) -+ -+type cipherGCM struct { -+ c *evpCipher -+ tls cipherGCMTLS -+ // minNextNonce is the minimum value that the next nonce can be, enforced by -+ // all TLS modes. -+ minNextNonce uint64 -+ // mask is the nonce mask used in TLS 1.3 mode. -+ mask uint64 -+ // maskInitialized is true if mask has been initialized. This happens during -+ // the first Seal. The initialized mask may be 0. Used by TLS 1.3 mode. -+ maskInitialized bool -+ blockSize int -+} -+ -+const ( -+ aesBlockSize = 16 -+ gcmTagSize = 16 -+ gcmStandardNonceSize = 12 -+ // TLS 1.2 additional data is constructed as: -+ // -+ // additional_data = seq_num(8) + TLSCompressed.type(1) + TLSCompressed.version(2) + TLSCompressed.length(2); -+ gcmTls12AddSize = 13 -+ // TLS 1.3 additional data is constructed as: -+ // -+ // additional_data = TLSCiphertext.opaque_type(1) || TLSCiphertext.legacy_record_version(2) || TLSCiphertext.length(2) -+ gcmTls13AddSize = 5 -+ gcmTlsFixedNonceSize = 4 -+) -+ -+type noGCM struct { -+ *evpCipher -+} -+ -+func (g *noGCM) BlockSize() int { -+ return g.blockSize -+} -+ -+func (g *noGCM) Encrypt(dst, src []byte) { -+ g.encrypt(dst, src) -+} -+ -+func (g *noGCM) Decrypt(dst, src []byte) { -+ g.decrypt(dst, src) -+} -+ -+func (c *evpCipher) newGCMChecked(nonceSize, tagSize int) (cipher.AEAD, error) { -+ if nonceSize != gcmStandardNonceSize && tagSize != gcmTagSize { -+ return nil, errors.New("crypto/cipher: GCM tag and nonce sizes can't be non-standard at the same time") -+ } -+ // Fall back to standard library for GCM with non-standard nonce or tag size. -+ if nonceSize != gcmStandardNonceSize { -+ return cipher.NewGCMWithNonceSize(&noGCM{c}, nonceSize) -+ } -+ if tagSize != gcmTagSize { -+ return cipher.NewGCMWithTagSize(&noGCM{c}, tagSize) -+ } -+ return c.newGCM(cipherGCMTLSNone) -+} -+ -+func (c *evpCipher) newGCM(tls cipherGCMTLS) (cipher.AEAD, error) { -+ g := &cipherGCM{c: c, tls: tls, blockSize: c.blockSize} -+ return g, nil -+} -+ -+func (g *cipherGCM) NonceSize() int { -+ return gcmStandardNonceSize -+} -+ -+func (g *cipherGCM) Overhead() int { -+ return gcmTagSize -+} -+ -+func (g *cipherGCM) Seal(dst, nonce, plaintext, aad []byte) []byte { -+ if len(nonce) != gcmStandardNonceSize { -+ panic("cipher: incorrect nonce length given to GCM") -+ } -+ if uint64(len(plaintext)) > ((1<<32)-2)*uint64(g.blockSize) || len(plaintext)+gcmTagSize < len(plaintext) { -+ panic("cipher: message too large for GCM") -+ } -+ if len(dst)+len(plaintext)+gcmTagSize < len(dst) { -+ panic("cipher: message too large for buffer") -+ } -+ if g.tls != cipherGCMTLSNone { -+ if g.tls == cipherGCMTLS12 && len(aad) != gcmTls12AddSize { -+ panic("cipher: incorrect additional data length given to GCM TLS 1.2") -+ } else if g.tls == cipherGCMTLS13 && len(aad) != gcmTls13AddSize { -+ panic("cipher: incorrect additional data length given to GCM TLS 1.3") -+ } -+ counter := bigEndianUint64(nonce[gcmTlsFixedNonceSize:]) -+ if g.tls == cipherGCMTLS13 { -+ // In TLS 1.3, the counter in the nonce has a mask and requires -+ // further decoding. -+ if !g.maskInitialized { -+ // According to TLS 1.3 nonce construction details at -+ // https://tools.ietf.org/html/rfc8446#section-5.3: -+ // -+ // the first record transmitted under a particular traffic -+ // key MUST use sequence number 0. -+ // -+ // The padded sequence number is XORed with [a mask]. -+ // -+ // The resulting quantity (of length iv_length) is used as -+ // the per-record nonce. -+ // -+ // We need to convert from the given nonce to sequence numbers -+ // to keep track of minNextNonce and enforce the counter -+ // maximum. On the first call, we know counter^mask is 0^mask, -+ // so we can simply store it as the mask. -+ g.mask = counter -+ g.maskInitialized = true -+ } -+ counter ^= g.mask -+ } -+ // BoringCrypto enforces strictly monotonically increasing explicit nonces -+ // and to fail after 2^64 - 1 keys as per FIPS 140-2 IG A.5, -+ // but OpenSSL does not perform this check, so it is implemented here. -+ const maxUint64 = 1<<64 - 1 -+ if counter == maxUint64 { -+ panic("cipher: nonce counter must be less than 2^64 - 1") -+ } -+ if counter < g.minNextNonce { -+ panic("cipher: nonce counter must be strictly monotonically increasing") -+ } -+ defer func() { -+ g.minNextNonce = counter + 1 -+ }() -+ } -+ -+ // Make room in dst to append plaintext+overhead. -+ ret, out := sliceForAppend(dst, len(plaintext)+gcmTagSize) -+ -+ // Check delayed until now to make sure len(dst) is accurate. -+ if inexactOverlap(out, plaintext) { -+ panic("cipher: invalid buffer overlap") -+ } -+ -+ ctx, err := newCipherCtx(g.c.kind, cipherModeGCM, cipherOpNone, g.c.key, nil) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.EVP_CIPHER_CTX_free(ctx) -+ // Encrypt additional data. -+ // When sealing a TLS payload, OpenSSL app sets the additional data using -+ // '_EVP_CIPHER_CTX_ctrl(g.ctx, _EVP_CTRL_AEAD_TLS1_AAD, _EVP_AEAD_TLS1_AAD_LEN, base(additionalData))'. -+ // This makes the explicit nonce component to monotonically increase on every Seal operation without -+ // relying in the explicit nonce being securely set externally, -+ // and it also gives some interesting speed gains. -+ // Unfortunately we can't use it because Go expects AEAD.Seal to honor the provided nonce. -+ if _, err := ossl.EVP_EncryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { -+ panic(err) -+ } -+ var outl, discard int32 -+ if _, err := ossl.EVP_EncryptUpdate(ctx, nil, &discard, baseNeverEmpty(aad), int32(len(aad))); err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_EncryptUpdate(ctx, base(out), &outl, baseNeverEmpty(plaintext), int32(len(plaintext))); err != nil { -+ panic(err) -+ } -+ if len(plaintext) != int(outl) { -+ panic("cipher: incorrect length returned from GCM EncryptUpdate") -+ } -+ if _, err := ossl.EVP_EncryptFinal_ex(ctx, base(out[outl:]), &discard); err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_GCM_GET_TAG, 16, unsafe.Pointer(base(out[outl:]))); err != nil { -+ panic(err) -+ } -+ runtime.KeepAlive(g) -+ return ret -+} -+ -+func (g *cipherGCM) SealWithRandomNonce(out, nonce, plaintext, aad []byte) { -+ if uint64(len(plaintext)) > uint64((1<<32)-2)*aesBlockSize { -+ panic("crypto/cipher: message too large for GCM") -+ } -+ if len(nonce) != gcmStandardNonceSize { -+ panic("crypto/cipher: incorrect nonce length given to GCMWithRandomNonce") -+ } -+ if len(out) != len(plaintext)+gcmTagSize { -+ panic("crypto/cipher: incorrect output length given to GCMWithRandomNonce") -+ } -+ if inexactOverlap(out, plaintext) { -+ panic("crypto/cipher: invalid buffer overlap of output and input") -+ } -+ if anyOverlap(out, aad) { -+ panic("crypto/cipher: invalid buffer overlap of output and additional data") -+ } -+ -+ if g.tls != cipherGCMTLSNone { -+ panic("cipher: encryption failed") -+ } -+ -+ RandReader.Read(nonce) -+ ctx, err := newCipherCtx(g.c.kind, cipherModeGCM, cipherOpNone, g.c.key, nil) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.EVP_CIPHER_CTX_free(ctx) -+ -+ if _, err := ossl.EVP_EncryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { -+ panic(err) -+ } -+ var outl, discard int32 -+ if _, err := ossl.EVP_EncryptUpdate(ctx, nil, &discard, baseNeverEmpty(aad), int32(len(aad))); err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_EncryptUpdate(ctx, base(out), &outl, baseNeverEmpty(plaintext), int32(len(plaintext))); err != nil { -+ panic(err) -+ } -+ if len(plaintext) != int(outl) { -+ panic("cipher: incorrect length returned from GCM EncryptUpdate") -+ } -+ if _, err := ossl.EVP_EncryptFinal_ex(ctx, base(out[outl:]), &discard); err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_GCM_GET_TAG, 16, unsafe.Pointer(base(out[outl:]))); err != nil { -+ panic(err) -+ } -+ runtime.KeepAlive(g) -+} -+ -+var errOpen = errors.New("cipher: message authentication failed") -+ -+func (g *cipherGCM) Open(dst, nonce, ciphertext, aad []byte) (_ []byte, err error) { -+ if len(nonce) != gcmStandardNonceSize { -+ panic("cipher: incorrect nonce length given to GCM") -+ } -+ if len(ciphertext) < gcmTagSize { -+ return nil, errOpen -+ } -+ if uint64(len(ciphertext)) > ((1<<32)-2)*uint64(g.blockSize)+gcmTagSize { -+ return nil, errOpen -+ } -+ // BoringCrypto does not do any TLS check when decrypting, neither do we. -+ -+ tag := ciphertext[len(ciphertext)-gcmTagSize:] -+ ciphertext = ciphertext[:len(ciphertext)-gcmTagSize] -+ -+ // Make room in dst to append ciphertext without tag. -+ ret, out := sliceForAppend(dst, len(ciphertext)) -+ -+ // Check delayed until now to make sure len(dst) is accurate. -+ if inexactOverlap(out, ciphertext) { -+ panic("cipher: invalid buffer overlap") -+ } -+ -+ ctx, err := newCipherCtx(g.c.kind, cipherModeGCM, cipherOpNone, g.c.key, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_CIPHER_CTX_free(ctx) -+ -+ defer func() { -+ if err != nil { -+ // Zero output buffer on error. -+ for i := range out { -+ out[i] = 0 -+ } -+ } -+ }() -+ if _, err := ossl.EVP_DecryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { -+ return nil, errOpen -+ } -+ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_GCM_SET_TAG, 16, unsafe.Pointer(base(tag))); err != nil { -+ return nil, errOpen -+ } -+ var outl, discard int32 -+ if _, err := ossl.EVP_DecryptUpdate(ctx, nil, &discard, baseNeverEmpty(aad), int32(len(aad))); err != nil { -+ return nil, errOpen -+ } -+ if _, err := ossl.EVP_DecryptUpdate(ctx, base(out), &outl, baseNeverEmpty(ciphertext), int32(len(ciphertext))); err != nil { -+ return nil, errOpen -+ } -+ if len(ciphertext) != int(outl) { -+ return nil, errOpen -+ } -+ if _, err := ossl.EVP_DecryptFinal_ex(ctx, base(out[outl:]), &discard); err != nil { -+ return nil, errOpen -+ } -+ runtime.KeepAlive(g) -+ return ret, nil -+} -+ -+// sliceForAppend is a mirror of crypto/cipher.sliceForAppend. -+func sliceForAppend(in []byte, n int) (head, tail []byte) { -+ if total := len(in) + n; cap(in) >= total { -+ head = in[:total] -+ } else { -+ head = make([]byte, total) -+ copy(head, in) -+ } -+ tail = head[len(in):] -+ return -+} -+ -+func newCipherCtx(kind cipherKind, mode cipherMode, encrypt cipherOp, key, iv []byte) (_ ossl.EVP_CIPHER_CTX_PTR, err error) { -+ cipher := loadCipher(kind, mode) -+ if cipher == nil { -+ panic("crypto/cipher: unsupported cipher: " + kind.String()) -+ } -+ ctx, err := ossl.EVP_CIPHER_CTX_new() -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if err != nil { -+ ossl.EVP_CIPHER_CTX_free(ctx) -+ } -+ }() -+ if kind == cipherRC4 { -+ // RC4 cipher supports a variable key length. -+ // We need to set the key length before setting the key, -+ // and to do so we need to have an initialized cipher ctx. -+ if _, err := ossl.EVP_CipherInit_ex(ctx, cipher, nil, nil, nil, int32(encrypt)); err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EVP_CIPHER_CTX_set_key_length(ctx, int32(len(key))); err != nil { -+ return nil, err -+ } -+ // Pass nil to the next call to EVP_CipherInit_ex to avoid resetting ctx's cipher. -+ cipher = nil -+ } -+ if _, err := ossl.EVP_CipherInit_ex(ctx, cipher, nil, base(key), base(iv), int32(encrypt)); err != nil { -+ return nil, err -+ } -+ return ctx, nil -+} -+ -+// The following two functions are a mirror of golang.org/x/crypto/internal/subtle. -+ -+func anyOverlap(x, y []byte) bool { -+ return len(x) > 0 && len(y) > 0 && -+ uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) && -+ uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1])) -+} -+ -+func inexactOverlap(x, y []byte) bool { -+ if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] { -+ return false -+ } -+ return anyOverlap(x, y) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/const.go b/src/vendor/github.com/golang-fips/openssl/v2/const.go -new file mode 100644 -index 00000000000000..9f99a9dc456242 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/const.go -@@ -0,0 +1,93 @@ -+package openssl -+ -+import "C" -+import "unsafe" -+ -+// cString is a null-terminated string, -+// akin to C's char*. -+type cString string -+ -+// str returns the string value. -+func (s cString) str() string { -+ return string(s) -+} -+ -+// ptr returns a pointer to the string data. -+// It panics if the string is not null-terminated. -+// -+// The memory pointed to by the returned pointer should -+// not be modified and it must only be passed to -+// "const char*" parameters. Any attempt to modify it -+// will result in a runtime panic, as Go strings are -+// allocated in read-only memory. -+func (s cString) ptr() *byte { -+ if len(s) == 0 { -+ return nil -+ } -+ if s[len(s)-1] != 0 { -+ panic("must be null-terminated") -+ } -+ return unsafe.StringData(string(s)) -+} -+ -+const ( //checkheader:ignore -+ // Provider names -+ _ProviderNameFips cString = "fips\x00" -+ _ProviderNameDefault cString = "default\x00" -+ -+ // Property strings -+ _PropFIPSYes cString = "fips=yes\x00" -+ _PropFIPSNo cString = "-fips\x00" -+ -+ // Key types -+ _KeyTypeRSA cString = "RSA\x00" -+ _KeyTypeEC cString = "EC\x00" -+ _KeyTypeED25519 cString = "ED25519\x00" -+ -+ // Digest Names -+ _DigestNameSHA2_256 cString = "SHA2-256\x00" -+ -+ // KDF names -+ _OSSL_KDF_NAME_HKDF cString = "HKDF\x00" -+ _OSSL_KDF_NAME_PBKDF2 cString = "PBKDF2\x00" -+ _OSSL_KDF_NAME_TLS1_PRF cString = "TLS1-PRF\x00" -+ _OSSL_KDF_NAME_TLS13_KDF cString = "TLS13-KDF\x00" -+ _OSSL_MAC_NAME_HMAC cString = "HMAC\x00" -+ -+ // KDF parameters -+ _OSSL_KDF_PARAM_DIGEST cString = "digest\x00" -+ _OSSL_KDF_PARAM_SECRET cString = "secret\x00" -+ _OSSL_KDF_PARAM_SEED cString = "seed\x00" -+ _OSSL_KDF_PARAM_KEY cString = "key\x00" -+ _OSSL_KDF_PARAM_INFO cString = "info\x00" -+ _OSSL_KDF_PARAM_SALT cString = "salt\x00" -+ _OSSL_KDF_PARAM_MODE cString = "mode\x00" -+ -+ // TLS3-KDF parameters -+ _OSSL_KDF_PARAM_PREFIX cString = "prefix\x00" -+ _OSSL_KDF_PARAM_LABEL cString = "label\x00" -+ _OSSL_KDF_PARAM_DATA cString = "data\x00" -+ -+ // PKEY parameters -+ _OSSL_PKEY_PARAM_PUB_KEY cString = "pub\x00" -+ _OSSL_PKEY_PARAM_PRIV_KEY cString = "priv\x00" -+ _OSSL_PKEY_PARAM_GROUP_NAME cString = "group\x00" -+ _OSSL_PKEY_PARAM_EC_PUB_X cString = "qx\x00" -+ _OSSL_PKEY_PARAM_EC_PUB_Y cString = "qy\x00" -+ _OSSL_PKEY_PARAM_FFC_PBITS cString = "pbits\x00" -+ _OSSL_PKEY_PARAM_FFC_QBITS cString = "qbits\x00" -+ _OSSL_PKEY_PARAM_RSA_N cString = "n\x00" -+ _OSSL_PKEY_PARAM_RSA_E cString = "e\x00" -+ _OSSL_PKEY_PARAM_RSA_D cString = "d\x00" -+ _OSSL_PKEY_PARAM_FFC_P cString = "p\x00" -+ _OSSL_PKEY_PARAM_FFC_Q cString = "q\x00" -+ _OSSL_PKEY_PARAM_FFC_G cString = "g\x00" -+ _OSSL_PKEY_PARAM_RSA_FACTOR1 cString = "rsa-factor1\x00" -+ _OSSL_PKEY_PARAM_RSA_FACTOR2 cString = "rsa-factor2\x00" -+ _OSSL_PKEY_PARAM_RSA_EXPONENT1 cString = "rsa-exponent1\x00" -+ _OSSL_PKEY_PARAM_RSA_EXPONENT2 cString = "rsa-exponent2\x00" -+ _OSSL_PKEY_PARAM_RSA_COEFFICIENT1 cString = "rsa-coefficient1\x00" -+ -+ // MAC parameters -+ _OSSL_MAC_PARAM_DIGEST cString = "digest\x00" -+) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/des.go b/src/vendor/github.com/golang-fips/openssl/v2/des.go -new file mode 100644 -index 00000000000000..78ecb9888e18cb ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/des.go -@@ -0,0 +1,113 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "crypto/cipher" -+ "errors" -+) -+ -+// SupportsDESCipher returns true if NewDESCipher is supported, -+// which uses ECB mode. -+// If CBC is also supported, then the returned cipher.Block -+// will also implement NewCBCEncrypter and NewCBCDecrypter. -+func SupportsDESCipher() bool { -+ // True for stock OpenSSL 1 w/o FIPS. -+ // False for stock OpenSSL 3 unless the legacy provider is available. -+ return (versionAtOrAbove(3, 0, 0) || !FIPS()) && loadCipher(cipherDES, cipherModeECB) != nil -+} -+ -+// SupportsTripleDESCipher returns true if NewTripleDESCipher is supported, -+// which uses ECB mode. -+// If CBC is also supported, then the returned cipher.Block -+// will also implement NewCBCEncrypter and NewCBCDecrypter. -+func SupportsTripleDESCipher() bool { -+ // Should always be true for stock OpenSSL, -+ // even when using the FIPS provider. -+ return loadCipher(cipherDES3, cipherModeECB) != nil -+} -+ -+func NewDESCipher(key []byte) (cipher.Block, error) { -+ if len(key) != 8 { -+ return nil, errors.New("crypto/des: invalid key size") -+ } -+ return newDESCipher(key, cipherDES) -+} -+ -+func NewTripleDESCipher(key []byte) (cipher.Block, error) { -+ if len(key) != 24 { -+ return nil, errors.New("crypto/des: invalid key size") -+ } -+ return newDESCipher(key, cipherDES3) -+} -+ -+func newDESCipher(key []byte, kind cipherKind) (cipher.Block, error) { -+ c, err := newEVPCipher(key, kind) -+ if err != nil { -+ return nil, err -+ } -+ if loadCipher(kind, cipherModeCBC) == nil { -+ return &desCipherWithoutCBC{c}, nil -+ } -+ return &desCipher{c}, nil -+} -+ -+type desExtraModes interface { -+ NewCBCEncrypter(iv []byte) cipher.BlockMode -+ NewCBCDecrypter(iv []byte) cipher.BlockMode -+} -+ -+var _ desExtraModes = (*desCipher)(nil) -+ -+type desCipher struct { -+ *evpCipher -+} -+ -+func (c *desCipher) BlockSize() int { -+ return c.blockSize -+} -+ -+func (c *desCipher) Encrypt(dst, src []byte) { -+ if err := c.encrypt(dst, src); err != nil { -+ // crypto/des expects that the panic message starts with "crypto/des: ". -+ panic("crypto/des: " + err.Error()) -+ } -+} -+ -+func (c *desCipher) Decrypt(dst, src []byte) { -+ if err := c.decrypt(dst, src); err != nil { -+ // crypto/des expects that the panic message starts with "crypto/des: ". -+ panic("crypto/des: " + err.Error()) -+ } -+} -+ -+func (c *desCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { -+ return c.newCBC(iv, cipherOpEncrypt) -+} -+ -+func (c *desCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { -+ return c.newCBC(iv, cipherOpDecrypt) -+} -+ -+type desCipherWithoutCBC struct { -+ *evpCipher -+} -+ -+func (c *desCipherWithoutCBC) BlockSize() int { -+ return c.blockSize -+} -+ -+func (c *desCipherWithoutCBC) Encrypt(dst, src []byte) { -+ if err := c.encrypt(dst, src); err != nil { -+ // crypto/des expects that the panic message starts with "crypto/des: ". -+ panic("crypto/des: " + err.Error()) -+ } -+} -+ -+func (c *desCipherWithoutCBC) Decrypt(dst, src []byte) { -+ if err := c.decrypt(dst, src); err != nil { -+ // crypto/des expects that the panic message starts with "crypto/des: ". -+ panic("crypto/des: " + err.Error()) -+ } -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/dsa.go b/src/vendor/github.com/golang-fips/openssl/v2/dsa.go -new file mode 100644 -index 00000000000000..37663591d7568a ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/dsa.go -@@ -0,0 +1,309 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "runtime" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// SupportsDSA returns true if the OpenSSL library supports DSA. -+func SupportsDSA() bool { -+ ctx, err := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_DSA, nil) -+ if err != nil { -+ return false -+ } -+ ossl.EVP_PKEY_CTX_free(ctx) -+ return true -+} -+ -+// DSAParameters contains the DSA parameters. -+type DSAParameters struct { -+ P, Q, G BigInt -+} -+ -+// PrivateKeyDSA represents a DSA private key. -+type PrivateKeyDSA struct { -+ DSAParameters -+ X, Y BigInt -+ -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func (k *PrivateKeyDSA) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PrivateKeyDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} -+ -+// PublicKeyDSA represents a DSA public key. -+type PublicKeyDSA struct { -+ DSAParameters -+ Y BigInt -+ -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func (k *PublicKeyDSA) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PublicKeyDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} -+ -+// GenerateParametersDSA generates a set of DSA parameters. -+func GenerateParametersDSA(l, n int) (DSAParameters, error) { -+ // The DSA parameters are generated by creating a new DSA key and -+ // extracting the domain parameters from it. -+ -+ // Generate a new DSA key context and set the known parameters. -+ ctx, err := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_DSA, nil) -+ if err != nil { -+ return DSAParameters{}, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if _, err := ossl.EVP_PKEY_paramgen_init(ctx); err != nil { -+ return DSAParameters{}, err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_DSA, -1, ossl.EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, int32(l), nil); err != nil { -+ return DSAParameters{}, err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_DSA, -1, ossl.EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, int32(n), nil); err != nil { -+ return DSAParameters{}, err -+ } -+ var pkey ossl.EVP_PKEY_PTR -+ if _, err := ossl.EVP_PKEY_paramgen(ctx, &pkey); err != nil { -+ return DSAParameters{}, err -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ -+ // Extract the domain parameters from the generated key. -+ var p, q, g ossl.BIGNUM_PTR -+ switch vMajor { -+ case 1: -+ dsa := getDSA(pkey) -+ ossl.DSA_get0_pqg(dsa, &p, &q, &g) -+ case 3: -+ defer func() { -+ ossl.BN_free(p) -+ ossl.BN_free(q) -+ ossl.BN_free(g) -+ }() -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_P.ptr(), &p); err != nil { -+ return DSAParameters{}, err -+ } -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_Q.ptr(), &q); err != nil { -+ return DSAParameters{}, err -+ } -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_G.ptr(), &g); err != nil { -+ return DSAParameters{}, err -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ -+ return DSAParameters{ -+ P: bnToBig(p), -+ Q: bnToBig(q), -+ G: bnToBig(g), -+ }, nil -+} -+ -+// NewPrivateKeyDSA creates a new DSA private key from the given parameters. -+func NewPrivateKeyDSA(params DSAParameters, x, y BigInt) (*PrivateKeyDSA, error) { -+ if x == nil || y == nil { -+ panic("x and y must not be nil") -+ } -+ pkey, err := newDSA(params, x, y) -+ if err != nil { -+ return nil, err -+ } -+ k := &PrivateKeyDSA{params, x, y, pkey} -+ runtime.SetFinalizer(k, (*PrivateKeyDSA).finalize) -+ return k, nil -+} -+ -+// NewPublicKeyDSA creates a new DSA public key from the given parameters. -+func NewPublicKeyDSA(params DSAParameters, y BigInt) (*PublicKeyDSA, error) { -+ if y == nil { -+ panic("y must not be nil") -+ } -+ pkey, err := newDSA(params, nil, y) -+ if err != nil { -+ return nil, err -+ } -+ k := &PublicKeyDSA{params, y, pkey} -+ runtime.SetFinalizer(k, (*PublicKeyDSA).finalize) -+ return k, nil -+} -+ -+// GenerateKeyDSA generates a new private DSA key using the given parameters. -+func GenerateKeyDSA(params DSAParameters) (x, y BigInt, err error) { -+ pkey, err := newDSA(params, nil, nil) -+ if err != nil { -+ return nil, nil, err -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ var bx, by ossl.BIGNUM_PTR -+ switch vMajor { -+ case 1: -+ dsa := getDSA(pkey) -+ ossl.DSA_get0_key(dsa, &by, &bx) -+ case 3: -+ defer func() { -+ ossl.BN_clear_free(bx) -+ ossl.BN_free(by) -+ }() -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PUB_KEY.ptr(), &by); err != nil { -+ return nil, nil, err -+ } -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &bx); err != nil { -+ return nil, nil, err -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ return bnToBig(bx), bnToBig(by), nil -+} -+ -+// SignDSA signs a hash (which should be the result of hashing a larger message). -+func SignDSA(priv *PrivateKeyDSA, hash []byte) ([]byte, error) { -+ return evpSign(priv.withKey, 0, 0, 0, hash) -+} -+ -+// VerifyDSA verifiessig using the public key, pub. -+func VerifyDSA(pub *PublicKeyDSA, hash []byte, sig []byte) bool { -+ return evpVerify(pub.withKey, 0, 0, 0, sig, hash) == nil -+} -+ -+func newDSA(params DSAParameters, x, y BigInt) (ossl.EVP_PKEY_PTR, error) { -+ switch vMajor { -+ case 1: -+ return newDSA1(params, x, y) -+ case 3: -+ return newDSA3(params, x, y) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+func newDSA1(params DSAParameters, x, y BigInt) (pkey ossl.EVP_PKEY_PTR, err error) { -+ checkMajorVersion(1) -+ -+ dsa, err := ossl.DSA_new() -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if pkey == nil { -+ ossl.DSA_free(dsa) -+ } -+ }() -+ // No need to check for errors here, DSA_set0_* functions will fail -+ // if the BNs are NULL and we will free non-NULL BNs in the error handling. -+ p, _ := bigToBN(params.P) -+ q, _ := bigToBN(params.Q) -+ g, _ := bigToBN(params.G) -+ if _, err := ossl.DSA_set0_pqg(dsa, p, q, g); err != nil { -+ ossl.BN_free(p) -+ ossl.BN_free(q) -+ ossl.BN_free(g) -+ return nil, err -+ } -+ if y != nil { -+ pub, _ := bigToBN(y) -+ priv, _ := bigToBN(x) -+ if _, err := ossl.DSA_set0_key(dsa, pub, priv); err != nil { -+ ossl.BN_free(pub) -+ ossl.BN_clear_free(priv) -+ return nil, err -+ } -+ } else { -+ if _, err := ossl.DSA_generate_key(dsa); err != nil { -+ return nil, err -+ } -+ } -+ pkey, err = ossl.EVP_PKEY_new() -+ if err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_DSA, unsafe.Pointer(dsa)); err != nil { -+ ossl.EVP_PKEY_free(pkey) -+ return nil, err -+ } -+ return pkey, nil -+} -+ -+func newDSA3(params DSAParameters, x, y BigInt) (ossl.EVP_PKEY_PTR, error) { -+ checkMajorVersion(3) -+ -+ bld, err := newParamBuilder() -+ if err != nil { -+ return nil, err -+ } -+ defer bld.finalize() -+ -+ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_P, params.P, false) -+ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_Q, params.Q, false) -+ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_G, params.G, false) -+ selection := int32(ossl.EVP_PKEY_KEYPAIR) -+ if y != nil { -+ bld.addBigInt(_OSSL_PKEY_PARAM_PUB_KEY, y, false) -+ if x == nil { -+ selection = ossl.EVP_PKEY_PUBLIC_KEY -+ } -+ } -+ if x != nil { -+ bld.addBigInt(_OSSL_PKEY_PARAM_PRIV_KEY, x, true) -+ } -+ bldparams, err := bld.build() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.OSSL_PARAM_free(bldparams) -+ pkey, err := newEvpFromParams(ossl.EVP_PKEY_DSA, selection, bldparams) -+ if err != nil { -+ return nil, err -+ } -+ if y != nil { -+ return pkey, nil -+ } -+ // pkey doesn't contain the public component, but the crypto/dsa package -+ // expects it to be always there. Generate a new key using pkey as domain -+ // parameters placeholder. -+ defer ossl.EVP_PKEY_free(pkey) -+ ctx, err := ossl.EVP_PKEY_CTX_new_from_pkey(nil, pkey, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if _, err := ossl.EVP_PKEY_keygen_init(ctx); err != nil { -+ return nil, err -+ } -+ var gkey ossl.EVP_PKEY_PTR -+ if _, err := ossl.EVP_PKEY_keygen(ctx, &gkey); err != nil { -+ return nil, err -+ } -+ return gkey, nil -+} -+ -+// getDSA returns the DSA from pkey. -+// If pkey does not contain an DSA it panics. -+// The returned key should not be freed. -+func getDSA(pkey ossl.EVP_PKEY_PTR) ossl.DSA_PTR { -+ key, err := ossl.EVP_PKEY_get0_DSA(pkey) -+ if err != nil { -+ panic(err) -+ } -+ return key -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ec.go b/src/vendor/github.com/golang-fips/openssl/v2/ec.go -new file mode 100644 -index 00000000000000..1a4e89dc5790b6 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/ec.go -@@ -0,0 +1,67 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import "github.com/golang-fips/openssl/v2/internal/ossl" -+ -+func curveNID(curve string) int32 { -+ switch curve { -+ case "P-224": -+ return ossl.NID_secp224r1 -+ case "P-256": -+ return ossl.NID_X9_62_prime256v1 -+ case "P-384": -+ return ossl.NID_secp384r1 -+ case "P-521": -+ return ossl.NID_secp521r1 -+ default: -+ panic("openssl: unknown curve " + curve) -+ } -+} -+ -+// curveSize returns the size of the curve in bytes. -+func curveSize(curve string) int { -+ switch curve { -+ case "P-224": -+ return 224 / 8 -+ case "P-256": -+ return 256 / 8 -+ case "P-384": -+ return 384 / 8 -+ case "P-521": -+ return (521 + 7) / 8 -+ default: -+ panic("openssl: unknown curve " + curve) -+ } -+} -+ -+// encodeEcPoint encodes pt. -+func encodeEcPoint(group ossl.EC_GROUP_PTR, pt ossl.EC_POINT_PTR) ([]byte, error) { -+ // Get encoded point size. -+ n, err := ossl.EC_POINT_point2oct(group, pt, ossl.POINT_CONVERSION_UNCOMPRESSED, nil, 0, nil) -+ if err != nil { -+ return nil, err -+ } -+ // Encode point into bytes. -+ bytes := make([]byte, n) -+ if _, err = ossl.EC_POINT_point2oct(group, pt, ossl.POINT_CONVERSION_UNCOMPRESSED, base(bytes), n, nil); err != nil { -+ return nil, err -+ } -+ return bytes, nil -+} -+ -+// generateAndEncodeEcPublicKey calls newPubKeyPointFn to generate a public key point and then encodes it. -+func generateAndEncodeEcPublicKey(nid int32, newPubKeyPointFn func(group ossl.EC_GROUP_PTR) (ossl.EC_POINT_PTR, error)) ([]byte, error) { -+ group, err := ossl.EC_GROUP_new_by_curve_name(nid) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EC_GROUP_free(group) -+ pt, err := newPubKeyPointFn(group) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EC_POINT_free(pt) -+ return encodeEcPoint(group, pt) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go b/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go -new file mode 100644 -index 00000000000000..d80d8b153f5a84 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go -@@ -0,0 +1,306 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "errors" -+ "runtime" -+ "slices" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+type PublicKeyECDH struct { -+ _pkey ossl.EVP_PKEY_PTR -+ bytes []byte -+} -+ -+func (k *PublicKeyECDH) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+type PrivateKeyECDH struct { -+ _pkey ossl.EVP_PKEY_PTR -+ curve string -+} -+ -+func (k *PrivateKeyECDH) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) { -+ if len(bytes) != 1+2*curveSize(curve) { -+ return nil, errors.New("NewPublicKeyECDH: wrong key length") -+ } -+ pkey, err := newECDHPkey(curve, bytes, false) -+ if err != nil { -+ return nil, err -+ } -+ k := &PublicKeyECDH{pkey, slices.Clone(bytes)} -+ runtime.SetFinalizer(k, (*PublicKeyECDH).finalize) -+ return k, nil -+} -+ -+func (k *PublicKeyECDH) Bytes() []byte { return k.bytes } -+ -+func NewPrivateKeyECDH(curve string, bytes []byte) (*PrivateKeyECDH, error) { -+ if len(bytes) != curveSize(curve) { -+ return nil, errors.New("NewPrivateKeyECDH: wrong key length") -+ } -+ pkey, err := newECDHPkey(curve, bytes, true) -+ if err != nil { -+ return nil, err -+ } -+ k := &PrivateKeyECDH{pkey, curve} -+ runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize) -+ return k, nil -+} -+ -+func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { -+ defer runtime.KeepAlive(k) -+ var pkey ossl.EVP_PKEY_PTR -+ defer func() { -+ ossl.EVP_PKEY_free(pkey) -+ }() -+ -+ var bytes []byte -+ switch vMajor { -+ case 1: -+ var err error -+ pkey, err = ossl.EVP_PKEY_new() -+ if err != nil { -+ return nil, err -+ } -+ key := getECKey(k._pkey) -+ if _, err := ossl.EVP_PKEY_set1_EC_KEY(pkey, key); err != nil { -+ return nil, err -+ } -+ pt := ossl.EC_KEY_get0_public_key(key) -+ if pt == nil { -+ return nil, fail("missing ECDH public key") -+ } -+ group := ossl.EC_KEY_get0_group(key) -+ if bytes, err = encodeEcPoint(group, pt); err != nil { -+ return nil, err -+ } -+ case 3: -+ pkey = k._pkey -+ if _, err := ossl.EVP_PKEY_up_ref(pkey); err != nil { -+ return nil, err -+ } -+ -+ var cbytes *byte -+ n, err := ossl.EVP_PKEY_get1_encoded_public_key(k._pkey, &cbytes) -+ if err != nil { -+ return nil, err -+ } -+ bytes = C.GoBytes(unsafe.Pointer(cbytes), C.int(n)) -+ cryptoFree(unsafe.Pointer(cbytes)) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ pub := &PublicKeyECDH{pkey, bytes} -+ pkey = nil -+ runtime.SetFinalizer(pub, (*PublicKeyECDH).finalize) -+ return pub, nil -+} -+ -+func newECDHPkey(curve string, bytes []byte, isPrivate bool) (ossl.EVP_PKEY_PTR, error) { -+ nid := curveNID(curve) -+ switch vMajor { -+ case 1: -+ return newECDHPkey1(nid, bytes, isPrivate) -+ case 3: -+ return newECDHPkey3(nid, bytes, isPrivate) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+func newECDHPkey1(nid int32, bytes []byte, isPrivate bool) (pkey ossl.EVP_PKEY_PTR, err error) { -+ checkMajorVersion(1) -+ -+ key, err := ossl.EC_KEY_new_by_curve_name(nid) -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if pkey == nil { -+ ossl.EC_KEY_free(key) -+ } -+ }() -+ group := ossl.EC_KEY_get0_group(key) -+ if isPrivate { -+ priv, err := ossl.BN_bin2bn(base(bytes), int32(len(bytes)), nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.BN_clear_free(priv) -+ if _, err := ossl.EC_KEY_set_private_key(key, priv); err != nil { -+ return nil, err -+ } -+ pub, err := pointMult(group, priv) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EC_POINT_free(pub) -+ if _, err := ossl.EC_KEY_set_public_key(key, pub); err != nil { -+ return nil, err -+ } -+ } else { -+ pub, err := ossl.EC_POINT_new(group) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EC_POINT_free(pub) -+ if _, err := ossl.EC_POINT_oct2point(group, pub, base(bytes), len(bytes), nil); err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EC_KEY_set_public_key(key, pub); err != nil { -+ return nil, err -+ } -+ } -+ if _, err := ossl.EC_KEY_check_key(key); err != nil { -+ // Match upstream error message. -+ if isPrivate { -+ return nil, errors.New("crypto/ecdh: invalid private key") -+ } else { -+ return nil, errors.New("crypto/ecdh: invalid public key") -+ } -+ } -+ return newEVPPKEY(key) -+} -+ -+func newECDHPkey3(nid int32, bytes []byte, isPrivate bool) (ossl.EVP_PKEY_PTR, error) { -+ checkMajorVersion(3) -+ -+ bld, err := newParamBuilder() -+ if err != nil { -+ return nil, err -+ } -+ defer bld.finalize() -+ bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, ossl.OBJ_nid2sn(nid), 0) -+ var selection int32 -+ if isPrivate { -+ priv, err := ossl.BN_bin2bn(base(bytes), int32(len(bytes)), nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.BN_clear_free(priv) -+ pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group ossl.EC_GROUP_PTR) (ossl.EC_POINT_PTR, error) { -+ return pointMult(group, priv) -+ }) -+ if err != nil { -+ return nil, err -+ } -+ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubBytes) -+ bld.addBN(_OSSL_PKEY_PARAM_PRIV_KEY, priv) -+ selection = ossl.EVP_PKEY_KEYPAIR -+ } else { -+ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, bytes) -+ selection = ossl.EVP_PKEY_PUBLIC_KEY -+ } -+ -+ params, err := bld.build() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ pkey, err := newEvpFromParams(ossl.EVP_PKEY_EC, selection, params) -+ if err != nil { -+ return nil, err -+ } -+ -+ if err := checkPkey(pkey, isPrivate); err != nil { -+ ossl.EVP_PKEY_free(pkey) -+ return nil, errors.New("crypto/ecdh: " + err.Error()) -+ } -+ return pkey, nil -+} -+ -+func pointMult(group ossl.EC_GROUP_PTR, priv ossl.BIGNUM_PTR) (ossl.EC_POINT_PTR, error) { -+ // OpenSSL does not expose any method to generate the public -+ // key from the private key [1], so we have to calculate it here. -+ // [1] https://github.com/openssl/openssl/issues/18437#issuecomment-1144717206 -+ pt, err := ossl.EC_POINT_new(group) -+ if err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EC_POINT_mul(group, pt, priv, nil, nil, nil); err != nil { -+ ossl.EC_POINT_free(pt) -+ return nil, err -+ } -+ return pt, nil -+} -+ -+func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) { -+ defer runtime.KeepAlive(priv) -+ defer runtime.KeepAlive(pub) -+ ctx, err := ossl.EVP_PKEY_CTX_new(priv._pkey, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if _, err := ossl.EVP_PKEY_derive_init(ctx); err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EVP_PKEY_derive_set_peer(ctx, pub._pkey); err != nil { -+ return nil, err -+ } -+ var keylen int -+ if _, err := ossl.EVP_PKEY_derive(ctx, nil, &keylen); err != nil { -+ return nil, err -+ } -+ out := make([]byte, keylen) -+ if _, err := ossl.EVP_PKEY_derive(ctx, base(out), &keylen); err != nil { -+ return nil, err -+ } -+ return out, nil -+} -+ -+func GenerateKeyECDH(curve string) (*PrivateKeyECDH, []byte, error) { -+ pkey, err := generateEVPPKey(ossl.EVP_PKEY_EC, 0, curve) -+ if err != nil { -+ return nil, nil, err -+ } -+ var k *PrivateKeyECDH -+ defer func() { -+ if k == nil { -+ ossl.EVP_PKEY_free(pkey) -+ } -+ }() -+ var priv ossl.BIGNUM_PTR -+ switch vMajor { -+ case 1: -+ key := getECKey(pkey) -+ priv = ossl.EC_KEY_get0_private_key(key) -+ if priv == nil { -+ return nil, nil, fail("missing ECDH private key") -+ } -+ case 3: -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &priv); err != nil { -+ return nil, nil, err -+ } -+ defer ossl.BN_clear_free(priv) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ // We should not leak bit length of the secret scalar in the key. -+ // For this reason, we use BN_bn2binpad instead of BN_bn2bin with fixed length. -+ // The fixed length is the order of the large prime subgroup of the curve, -+ // returned by EVP_PKEY_get_bits, which is generally the upper bound for -+ // generating a private ECDH key. -+ bits, err := ossl.EVP_PKEY_get_bits(pkey) -+ if err != nil { -+ return nil, nil, err -+ } -+ bytes := make([]byte, (bits+7)/8) -+ if err := bnToBinPad(priv, bytes); err != nil { -+ return nil, nil, err -+ } -+ k = &PrivateKeyECDH{pkey, curve} -+ runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize) -+ return k, bytes, nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go b/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go -new file mode 100644 -index 00000000000000..e4d504de2146ba ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go -@@ -0,0 +1,226 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "crypto" -+ "errors" -+ "runtime" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+type PrivateKeyECDSA struct { -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func (k *PrivateKeyECDSA) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PrivateKeyECDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} -+ -+type PublicKeyECDSA struct { -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func (k *PublicKeyECDSA) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PublicKeyECDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} -+ -+var errUnknownCurve = errors.New("openssl: unknown elliptic curve") -+ -+func NewPublicKeyECDSA(curve string, x, y BigInt) (*PublicKeyECDSA, error) { -+ pkey, err := newECDSAKey(curve, x, y, nil) -+ if err != nil { -+ return nil, err -+ } -+ k := &PublicKeyECDSA{_pkey: pkey} -+ runtime.SetFinalizer(k, (*PublicKeyECDSA).finalize) -+ return k, nil -+} -+ -+func NewPrivateKeyECDSA(curve string, x, y, d BigInt) (*PrivateKeyECDSA, error) { -+ pkey, err := newECDSAKey(curve, x, y, d) -+ if err != nil { -+ return nil, err -+ } -+ k := &PrivateKeyECDSA{_pkey: pkey} -+ runtime.SetFinalizer(k, (*PrivateKeyECDSA).finalize) -+ return k, nil -+} -+ -+func GenerateKeyECDSA(curve string) (x, y, d BigInt, err error) { -+ // Generate the private key. -+ pkey, err := generateEVPPKey(ossl.EVP_PKEY_EC, 0, curve) -+ if err != nil { -+ return nil, nil, nil, err -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ -+ var bx, by, bd ossl.BIGNUM_PTR -+ defer func() { -+ ossl.BN_free(bx) -+ ossl.BN_free(by) -+ }() -+ switch vMajor { -+ case 1: -+ // Retrieve the internal EC_KEY, which holds the X, Y, and D coordinates. -+ key := getECKey(pkey) -+ group := ossl.EC_KEY_get0_group(key) -+ pt := ossl.EC_KEY_get0_public_key(key) -+ // Allocate two big numbers to store the X and Y coordinates. -+ bx, err = ossl.BN_new() -+ if err != nil { -+ return nil, nil, nil, err -+ } -+ by, err = ossl.BN_new() -+ if err != nil { -+ return nil, nil, nil, err -+ } -+ // Get X and Y. -+ if _, err := ossl.EC_POINT_get_affine_coordinates_GFp(group, pt, bx, by, nil); err != nil { -+ return nil, nil, nil, err -+ } -+ // Get Z. We don't need to free it, get0 does not increase the reference count. -+ bd = ossl.EC_KEY_get0_private_key(key) -+ case 3: -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_X.ptr(), &bx); err != nil { -+ return nil, nil, nil, err -+ } -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_Y.ptr(), &by); err != nil { -+ return nil, nil, nil, err -+ } -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &bd); err != nil { -+ return nil, nil, nil, err -+ } -+ defer ossl.BN_clear_free(bd) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ -+ // Get D. -+ return bnToBig(bx), bnToBig(by), bnToBig(bd), nil -+} -+ -+func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) { -+ return evpSign(priv.withKey, 0, 0, 0, hash) -+} -+ -+func HashSignECDSA(priv *PrivateKeyECDSA, h crypto.Hash, msg []byte) ([]byte, error) { -+ return evpHashSign(priv.withKey, h, msg) -+} -+ -+func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool { -+ return evpVerify(pub.withKey, 0, 0, 0, sig, hash) == nil -+} -+ -+func HashVerifyECDSA(pub *PublicKeyECDSA, h crypto.Hash, msg, sig []byte) bool { -+ return evpHashVerify(pub.withKey, h, msg, sig) == nil -+} -+ -+func newECDSAKey(curve string, x, y, d BigInt) (ossl.EVP_PKEY_PTR, error) { -+ nid := curveNID(curve) -+ bx, err := bigToBN(x) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.BN_free(bx) -+ by, err := bigToBN(y) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.BN_free(by) -+ var bd ossl.BIGNUM_PTR -+ if d != nil { -+ bd, err = bigToBN(d) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.BN_clear_free(bd) -+ } -+ switch vMajor { -+ case 1: -+ return newECDSAKey1(nid, bx, by, bd) -+ case 3: -+ return newECDSAKey3(nid, bx, by, bd) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+func newECDSAKey1(nid int32, bx, by, bd ossl.BIGNUM_PTR) (pkey ossl.EVP_PKEY_PTR, err error) { -+ checkMajorVersion(1) -+ -+ key, err := ossl.EC_KEY_new_by_curve_name(nid) -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if pkey == nil { -+ defer ossl.EC_KEY_free(key) -+ } -+ }() -+ if _, err := ossl.EC_KEY_set_public_key_affine_coordinates(key, bx, by); err != nil { -+ return nil, err -+ } -+ if bd != nil { -+ if _, err := ossl.EC_KEY_set_private_key(key, bd); err != nil { -+ return nil, err -+ } -+ } -+ -+ return newEVPPKEY(key) -+} -+ -+func newECDSAKey3(nid int32, bx, by, bd ossl.BIGNUM_PTR) (ossl.EVP_PKEY_PTR, error) { -+ checkMajorVersion(3) -+ -+ // Create the encoded public key public key from bx and by. -+ pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group ossl.EC_GROUP_PTR) (ossl.EC_POINT_PTR, error) { -+ pt, err := ossl.EC_POINT_new(group) -+ if err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EC_POINT_set_affine_coordinates(group, pt, bx, by, nil); err != nil { -+ ossl.EC_POINT_free(pt) -+ return nil, err -+ } -+ return pt, nil -+ }) -+ if err != nil { -+ return nil, err -+ } -+ // Construct the parameters. -+ bld, err := newParamBuilder() -+ if err != nil { -+ return nil, err -+ } -+ defer bld.finalize() -+ bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, ossl.OBJ_nid2sn(nid), 0) -+ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubBytes) -+ var selection int32 -+ if bd != nil { -+ bld.addBN(_OSSL_PKEY_PARAM_PRIV_KEY, bd) -+ selection = ossl.EVP_PKEY_KEYPAIR -+ } else { -+ selection = ossl.EVP_PKEY_PUBLIC_KEY -+ } -+ params, err := bld.build() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ return newEvpFromParams(ossl.EVP_PKEY_EC, selection, params) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go b/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go -new file mode 100644 -index 00000000000000..50fd06e5c89fbd ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go -@@ -0,0 +1,229 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "errors" -+ "runtime" -+ "strconv" -+ "sync" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+const ( -+ // publicKeySizeEd25519 is the size, in bytes, of public keys as used in crypto/ed25519. -+ publicKeySizeEd25519 = 32 -+ // privateKeySizeEd25519 is the size, in bytes, of private keys as used in crypto/ed25519. -+ privateKeySizeEd25519 = 64 -+ // signatureSizeEd25519 is the size, in bytes, of signatures generated and verified by crypto/ed25519. -+ signatureSizeEd25519 = 64 -+ // seedSizeEd25519 is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032. -+ seedSizeEd25519 = 32 -+) -+ -+// TODO: Add support for Ed25519ph and Ed25519ctx when OpenSSL supports them, -+// which will probably be in 3.2.0 (https://github.com/openssl/openssl/issues/20418). -+ -+var supportsEd25519 = sync.OnceValue(func() bool { -+ switch vMajor { -+ case 1: -+ if versionAtOrAbove(1, 1, 1) { -+ ctx, _ := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_ED25519, nil) -+ if ctx != nil { -+ ossl.EVP_PKEY_CTX_free(ctx) -+ return true -+ } -+ } -+ case 3: -+ sig, _ := ossl.EVP_SIGNATURE_fetch(nil, _KeyTypeED25519.ptr(), nil) -+ if sig != nil { -+ ossl.EVP_SIGNATURE_free(sig) -+ return true -+ } -+ } -+ return false -+}) -+ -+// SupportsEd25519 returns true if the current OpenSSL version supports -+// GenerateKeyEd25519, NewKeyFromSeedEd25519, SignEd25519 and VerifyEd25519. -+func SupportsEd25519() bool { -+ return supportsEd25519() -+} -+ -+type PublicKeyEd25519 struct { -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func (k *PublicKeyEd25519) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PublicKeyEd25519) Bytes() ([]byte, error) { -+ defer runtime.KeepAlive(k) -+ pub := make([]byte, publicKeySizeEd25519) -+ if err := extractPKEYPubEd25519(k._pkey, pub); err != nil { -+ return nil, err -+ } -+ return pub, nil -+} -+ -+type PrivateKeyEd25519 struct { -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func (k *PrivateKeyEd25519) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PrivateKeyEd25519) Bytes() ([]byte, error) { -+ defer runtime.KeepAlive(k) -+ priv := make([]byte, privateKeySizeEd25519) -+ if err := extractPKEYPrivEd25519(k._pkey, priv); err != nil { -+ return nil, err -+ } -+ return priv, nil -+} -+ -+func (k *PrivateKeyEd25519) Public() (*PublicKeyEd25519, error) { -+ pub := make([]byte, publicKeySizeEd25519) -+ if err := extractPKEYPubEd25519(k._pkey, pub); err != nil { -+ return nil, err -+ } -+ pubk, err := NewPublicKeyEd25519(pub) -+ if err != nil { -+ return nil, err -+ } -+ return pubk, nil -+} -+ -+// GenerateKeyEd25519 generates a private key. -+func GenerateKeyEd25519() (*PrivateKeyEd25519, error) { -+ pkeyPriv, err := generateEVPPKey(ossl.EVP_PKEY_ED25519, 0, "") -+ if err != nil { -+ return nil, err -+ } -+ priv := &PrivateKeyEd25519{_pkey: pkeyPriv} -+ runtime.SetFinalizer(priv, (*PrivateKeyEd25519).finalize) -+ return priv, nil -+} -+ -+// Deprecated: use NewPrivateKeyEd25519 instead. -+func NewPrivateKeyEd25119(priv []byte) (*PrivateKeyEd25519, error) { -+ return NewPrivateKeyEd25519(priv) -+} -+ -+func NewPrivateKeyEd25519(priv []byte) (*PrivateKeyEd25519, error) { -+ if len(priv) != privateKeySizeEd25519 { -+ panic("ed25519: bad private key length: " + strconv.Itoa(len(priv))) -+ } -+ return NewPrivateKeyEd25519FromSeed(priv[:seedSizeEd25519]) -+} -+ -+// Deprecated: use NewPublicKeyEd25519 instead. -+func NewPublicKeyEd25119(pub []byte) (*PublicKeyEd25519, error) { -+ return NewPublicKeyEd25519(pub) -+} -+ -+func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { -+ if len(pub) != publicKeySizeEd25519 { -+ panic("ed25519: bad public key length: " + strconv.Itoa(len(pub))) -+ } -+ pkey, err := ossl.EVP_PKEY_new_raw_public_key(ossl.EVP_PKEY_ED25519, nil, base(pub), len(pub)) -+ if err != nil { -+ return nil, err -+ } -+ pubk := &PublicKeyEd25519{_pkey: pkey} -+ runtime.SetFinalizer(pubk, (*PublicKeyEd25519).finalize) -+ return pubk, nil -+} -+ -+// NewPrivateKeyEd25519FromSeed calculates a private key from a seed. It will panic if -+// len(seed) is not [SeedSize]. RFC 8032's private keys correspond to seeds in this -+// package. -+func NewPrivateKeyEd25519FromSeed(seed []byte) (*PrivateKeyEd25519, error) { -+ if len(seed) != seedSizeEd25519 { -+ panic("ed25519: bad seed length: " + strconv.Itoa(len(seed))) -+ } -+ pkey, err := ossl.EVP_PKEY_new_raw_private_key(ossl.EVP_PKEY_ED25519, nil, base(seed), len(seed)) -+ if err != nil { -+ return nil, err -+ } -+ priv := &PrivateKeyEd25519{_pkey: pkey} -+ runtime.SetFinalizer(priv, (*PrivateKeyEd25519).finalize) -+ return priv, nil -+} -+ -+func extractPKEYPubEd25519(pkey ossl.EVP_PKEY_PTR, pub []byte) error { -+ keylen := publicKeySizeEd25519 -+ if _, err := ossl.EVP_PKEY_get_raw_public_key(pkey, base(pub), &keylen); err != nil { -+ return err -+ } -+ if keylen != publicKeySizeEd25519 { -+ return errors.New("ed25519: bad public key length: " + strconv.Itoa(keylen)) -+ } -+ return nil -+} -+ -+func extractPKEYPrivEd25519(pkey ossl.EVP_PKEY_PTR, priv []byte) error { -+ if err := extractPKEYPubEd25519(pkey, priv[seedSizeEd25519:]); err != nil { -+ return err -+ } -+ keylen := seedSizeEd25519 -+ if _, err := ossl.EVP_PKEY_get_raw_private_key(pkey, base(priv), &keylen); err != nil { -+ return err -+ } -+ if keylen != seedSizeEd25519 { -+ return errors.New("ed25519: bad private key length: " + strconv.Itoa(keylen)) -+ } -+ return nil -+} -+ -+// SignEd25519 signs the message with priv and returns a signature. -+func SignEd25519(priv *PrivateKeyEd25519, message []byte) (sig []byte, err error) { -+ // Outline the function body so that the returned key can be stack-allocated. -+ sig = make([]byte, signatureSizeEd25519) -+ err = signEd25519(priv, sig, message) -+ if err != nil { -+ return nil, err -+ } -+ return sig, err -+} -+ -+func signEd25519(priv *PrivateKeyEd25519, sig, message []byte) error { -+ defer runtime.KeepAlive(priv) -+ ctx, err := ossl.EVP_MD_CTX_new() -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_MD_CTX_free(ctx) -+ if _, err := ossl.EVP_DigestSignInit(ctx, nil, nil, nil, priv._pkey); err != nil { -+ return err -+ } -+ siglen := signatureSizeEd25519 -+ if _, err := ossl.EVP_DigestSign(ctx, base(sig), &siglen, base(message), len(message)); err != nil { -+ return err -+ } -+ if siglen != signatureSizeEd25519 { -+ return errors.New("ed25519: bad signature length: " + strconv.Itoa(siglen)) -+ } -+ return nil -+} -+ -+// VerifyEd25519 reports whether sig is a valid signature of message by pub. -+func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error { -+ defer runtime.KeepAlive(pub) -+ ctx, err := ossl.EVP_MD_CTX_new() -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_MD_CTX_free(ctx) -+ if _, err := ossl.EVP_DigestVerifyInit(ctx, nil, nil, nil, pub._pkey); err != nil { -+ return err -+ } -+ if _, err := ossl.EVP_DigestVerify(ctx, base(sig), len(sig), base(message), len(message)); err != nil { -+ return errors.New("ed25519: invalid signature") -+ } -+ return nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/evp.go b/src/vendor/github.com/golang-fips/openssl/v2/evp.go -new file mode 100644 -index 00000000000000..a6ad55906ecd8a ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/evp.go -@@ -0,0 +1,590 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "crypto" -+ "errors" -+ "hash" -+ "strconv" -+ "sync" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// cacheMD is a cache of crypto.Hash to GOossl.EVP_MD_PTR. -+var cacheMD sync.Map -+ -+// hashFuncHash calls fn() and returns its result. -+// If fn() panics, the panic is recovered and returned as an error. -+// This is used to avoid aborting the program when calling -+// an unsupported hash function. It is the caller's responsibility -+// to check the returned value. -+func hashFuncHash(fn func() hash.Hash) (h hash.Hash, err error) { -+ defer func() { -+ r := recover() -+ if r == nil { -+ return -+ } -+ h = nil -+ switch e := r.(type) { -+ case error: -+ err = e -+ case string: -+ err = errors.New(e) -+ default: -+ err = errors.New("unsupported panic") -+ } -+ }() -+ return fn(), nil -+} -+ -+// hashToMD converts a hash.Hash implementation from this package to a GOossl.EVP_MD_PTR. -+func hashToMD(h hash.Hash) ossl.EVP_MD_PTR { -+ if h, ok := h.(*evpHash); ok { -+ return h.alg.md -+ } -+ return nil -+} -+ -+// hashFuncToMD converts a hash.Hash function to a GOossl.EVP_MD_PTR. -+// See [hashFuncHash] for details on error handling. -+func hashFuncToMD(fn func() hash.Hash) (ossl.EVP_MD_PTR, error) { -+ h, err := hashFuncHash(fn) -+ if err != nil { -+ return nil, err -+ } -+ md := hashToMD(h) -+ if md == nil { -+ return nil, errors.New("unsupported hash function") -+ } -+ return md, nil -+} -+ -+// provider is an identifier for a known provider. -+type provider uint8 -+ -+const ( -+ providerNone provider = iota -+ providerOSSLDefault -+ providerOSSLFIPS -+ providerSymCrypt -+) -+ -+type hashAlgorithm struct { -+ md ossl.EVP_MD_PTR -+ ch crypto.Hash -+ size int -+ blockSize int -+ provider provider -+ marshallable bool -+ magic string -+ marshalledSize int -+} -+ -+// loadHash converts a crypto.Hash to a EVP_MD. -+func loadHash(ch crypto.Hash) *hashAlgorithm { -+ if v, ok := cacheMD.Load(ch); ok { -+ return v.(*hashAlgorithm) -+ } -+ -+ var hash hashAlgorithm -+ switch ch { -+ case crypto.RIPEMD160: -+ hash.md = ossl.EVP_ripemd160() -+ case crypto.MD4: -+ hash.md = ossl.EVP_md4() -+ case crypto.MD5: -+ hash.md = ossl.EVP_md5() -+ hash.magic = magicMD5 -+ hash.marshalledSize = marshaledSizeMD5 -+ case crypto.MD5SHA1: -+ hash.md = ossl.EVP_md5_sha1() -+ case crypto.SHA1: -+ hash.md = ossl.EVP_sha1() -+ hash.magic = magic1 -+ hash.marshalledSize = marshaledSize1 -+ case crypto.SHA224: -+ hash.md = ossl.EVP_sha224() -+ hash.magic = magic224 -+ hash.marshalledSize = marshaledSize256 -+ case crypto.SHA256: -+ hash.md = ossl.EVP_sha256() -+ hash.magic = magic256 -+ hash.marshalledSize = marshaledSize256 -+ case crypto.SHA384: -+ hash.md = ossl.EVP_sha384() -+ hash.magic = magic384 -+ hash.marshalledSize = marshaledSize512 -+ case crypto.SHA512: -+ hash.md = ossl.EVP_sha512() -+ hash.magic = magic512 -+ hash.marshalledSize = marshaledSize512 -+ case crypto.SHA512_224: -+ if versionAtOrAbove(1, 1, 1) { -+ hash.md = ossl.EVP_sha512_224() -+ hash.magic = magic512_224 -+ hash.marshalledSize = marshaledSize512 -+ } -+ case crypto.SHA512_256: -+ if versionAtOrAbove(1, 1, 1) { -+ hash.md = ossl.EVP_sha512_256() -+ hash.magic = magic512_256 -+ hash.marshalledSize = marshaledSize512 -+ } -+ case crypto.SHA3_224: -+ if versionAtOrAbove(1, 1, 1) { -+ hash.md = ossl.EVP_sha3_224() -+ } -+ case crypto.SHA3_256: -+ if versionAtOrAbove(1, 1, 1) { -+ hash.md = ossl.EVP_sha3_256() -+ } -+ case crypto.SHA3_384: -+ if versionAtOrAbove(1, 1, 1) { -+ hash.md = ossl.EVP_sha3_384() -+ } -+ case crypto.SHA3_512: -+ if versionAtOrAbove(1, 1, 1) { -+ hash.md = ossl.EVP_sha3_512() -+ } -+ } -+ if hash.md == nil { -+ cacheMD.Store(ch, (*hashAlgorithm)(nil)) -+ return nil -+ } -+ hash.ch = ch -+ hash.size = int(ossl.EVP_MD_get_size(hash.md)) -+ hash.blockSize = int(ossl.EVP_MD_get_block_size(hash.md)) -+ if vMajor == 3 { -+ // On OpenSSL 3, directly operating on a EVP_MD object -+ // not created by EVP_MD_fetch has negative performance -+ // implications, as digest operations will have -+ // to fetch it on every call. Better to just fetch it once here. -+ md, _ := ossl.EVP_MD_fetch(nil, ossl.EVP_MD_get0_name(hash.md), nil) -+ // Don't overwrite md in case it can't be fetched, as the md may still be used -+ // outside of EVP_MD_CTX, for example to sign and verify RSA signatures. -+ if md != nil { -+ hash.md = md -+ } -+ } -+ if hash.magic != "" { -+ if hash.marshalledSize == 0 { -+ panic("marshalledSize must be set for " + hash.magic) -+ } -+ } -+ -+ switch vMajor { -+ case 1: -+ hash.provider = providerOSSLDefault -+ case 3: -+ if prov := ossl.EVP_MD_get0_provider(hash.md); prov != nil { -+ cname := ossl.OSSL_PROVIDER_get0_name(prov) -+ switch C.GoString((*C.char)(unsafe.Pointer(cname))) { -+ case "default": -+ hash.provider = providerOSSLDefault -+ hash.marshallable = hash.magic != "" -+ case "fips": -+ hash.provider = providerOSSLFIPS -+ hash.marshallable = hash.magic != "" -+ case "symcryptprovider": -+ hash.provider = providerSymCrypt -+ hash.marshallable = hash.magic != "" && isSymCryptHashStateSerializable(hash.md) -+ } -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ -+ cacheMD.Store(ch, &hash) -+ return &hash -+} -+ -+// generateEVPPKey generates a new EVP_PKEY with the given id and properties. -+func generateEVPPKey(id, bits int32, curve string) (ossl.EVP_PKEY_PTR, error) { -+ if bits != 0 && curve != "" { -+ return nil, fail("incorrect generateEVPPKey parameters") -+ } -+ var pkey ossl.EVP_PKEY_PTR -+ switch vMajor { -+ case 1: -+ ctx, err := ossl.EVP_PKEY_CTX_new_id(id, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if _, err := ossl.EVP_PKEY_keygen_init(ctx); err != nil { -+ return nil, err -+ } -+ if bits != 0 { -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, id, -1, ossl.EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, nil); err != nil { -+ return nil, err -+ } -+ } -+ if curve != "" { -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, id, -1, ossl.EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, curveNID(curve), nil); err != nil { -+ return nil, err -+ } -+ } -+ if _, err := ossl.EVP_PKEY_keygen(ctx, &pkey); err != nil { -+ return nil, err -+ } -+ case 3: -+ var err error -+ switch id { -+ case ossl.EVP_PKEY_RSA: -+ pkey, err = ossl.EVP_PKEY_Q_keygen_RSA(nil, nil, _KeyTypeRSA.ptr(), int(bits)) -+ case ossl.EVP_PKEY_EC: -+ pkey, err = ossl.EVP_PKEY_Q_keygen_EC(nil, nil, _KeyTypeEC.ptr(), ossl.OBJ_nid2sn(curveNID(curve))) -+ case ossl.EVP_PKEY_ED25519: -+ pkey, err = ossl.EVP_PKEY_Q_keygen_ED25519(nil, nil, _KeyTypeED25519.ptr()) -+ default: -+ panic("unsupported key type '" + strconv.Itoa(int(id)) + "'") -+ } -+ if err != nil { -+ return nil, err -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ -+ return pkey, nil -+} -+ -+type withKeyFunc func(func(ossl.EVP_PKEY_PTR) error) error -+type initFunc func(ossl.EVP_PKEY_CTX_PTR) error -+type cryptFunc func(ossl.EVP_PKEY_CTX_PTR, *byte, *int, *byte, int) error -+type verifyFunc func(ossl.EVP_PKEY_CTX_PTR, *byte, int, *byte, int) error -+ -+func setupEVP(withKey withKeyFunc, padding int32, -+ h, mgfHash hash.Hash, label []byte, saltLen int32, ch crypto.Hash, -+ init initFunc) (_ ossl.EVP_PKEY_CTX_PTR, err error) { -+ var ctx ossl.EVP_PKEY_CTX_PTR -+ if err := withKey(func(pkey ossl.EVP_PKEY_PTR) error { -+ ctx, err = ossl.EVP_PKEY_CTX_new(pkey, nil) -+ return err -+ }); err != nil { -+ return nil, err -+ } -+ defer func() { -+ if err != nil { -+ if ctx != nil { -+ ossl.EVP_PKEY_CTX_free(ctx) -+ ctx = nil -+ } -+ } -+ }() -+ if err := init(ctx); err != nil { -+ return nil, err -+ } -+ if padding == 0 { -+ return ctx, nil -+ } -+ // Each padding type has its own requirements in terms of when to apply the padding, -+ // so it can't be just set at this point. -+ setPadding := func() error { -+ _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PADDING, padding, nil) -+ return err -+ } -+ switch padding { -+ case ossl.RSA_PKCS1_OAEP_PADDING: -+ md := hashToMD(h) -+ if md == nil { -+ return nil, errors.New("crypto/rsa: unsupported hash function") -+ } -+ var mgfMD ossl.EVP_MD_PTR -+ if mgfHash != nil { -+ // mgfHash is optional, but if it is set it must match a supported hash function. -+ mgfMD = hashToMD(mgfHash) -+ if mgfMD == nil { -+ return nil, errors.New("crypto/rsa: unsupported hash function") -+ } -+ } -+ // setPadding must happen before setting EVP_PKEY_CTRL_RSA_OAEP_MD. -+ if err := setPadding(); err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_OAEP_MD, 0, unsafe.Pointer(md)); err != nil { -+ return nil, err -+ } -+ if mgfHash != nil { -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_MGF1_MD, 0, unsafe.Pointer(mgfMD)); err != nil { -+ return nil, err -+ } -+ } -+ // ctx takes ownership of label, so malloc a copy for OpenSSL to free. -+ // OpenSSL does not take ownership of the label if the length is zero, -+ // so better avoid the allocation. -+ var clabel *byte -+ if len(label) > 0 { -+ clabel = (*byte)(cryptoMalloc(len(label))) -+ copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label) -+ var err error -+ if vMajor == 3 { -+ _, err = ossl.EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, unsafe.Pointer(clabel), int32(len(label))) -+ } else { -+ _, err = ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_OAEP_LABEL, int32(len(label)), unsafe.Pointer(clabel)) -+ } -+ if err != nil { -+ cryptoFree(unsafe.Pointer(clabel)) -+ return nil, err -+ } -+ } -+ case ossl.RSA_PKCS1_PSS_PADDING: -+ alg := loadHash(ch) -+ if alg == nil { -+ return nil, errors.New("crypto/rsa: unsupported hash function") -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(alg.md)); err != nil { -+ return nil, err -+ } -+ // setPadding must happen after setting EVP_PKEY_CTRL_MD. -+ if err := setPadding(); err != nil { -+ return nil, err -+ } -+ if saltLen != 0 { -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PSS_SALTLEN, saltLen, nil); err != nil { -+ return nil, err -+ } -+ } -+ -+ case ossl.RSA_PKCS1_PADDING: -+ if ch != 0 { -+ // We support unhashed messages. -+ alg := loadHash(ch) -+ if alg == nil { -+ return nil, errors.New("crypto/rsa: unsupported hash function") -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, -1, ossl.EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(alg.md)); err != nil { -+ return nil, err -+ } -+ if err := setPadding(); err != nil { -+ return nil, err -+ } -+ } -+ default: -+ if err := setPadding(); err != nil { -+ return nil, err -+ } -+ } -+ return ctx, nil -+} -+ -+func cryptEVP(withKey withKeyFunc, padding int32, -+ h, mgfHash hash.Hash, label []byte, saltLen int32, ch crypto.Hash, -+ init initFunc, crypt cryptFunc, in []byte) ([]byte, error) { -+ -+ ctx, err := setupEVP(withKey, padding, h, mgfHash, label, saltLen, ch, init) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ var pkeySize int32 -+ if err := withKey(func(pkey ossl.EVP_PKEY_PTR) (err error) { -+ pkeySize, err = ossl.EVP_PKEY_get_size(pkey) -+ return err -+ }); err != nil { -+ return nil, err -+ } -+ outLen := int(pkeySize) -+ out := make([]byte, pkeySize) -+ if err := crypt(ctx, base(out), &outLen, base(in), len(in)); err != nil { -+ return nil, err -+ } -+ // The size returned by EVP_PKEY_get_size() is only preliminary and not exact, -+ // so the final contents of the out buffer may be smaller. -+ return out[:outLen], nil -+} -+ -+func verifyEVP(withKey withKeyFunc, padding int32, -+ h hash.Hash, label []byte, saltLen int32, ch crypto.Hash, -+ init initFunc, verify verifyFunc, -+ sig, in []byte) error { -+ -+ ctx, err := setupEVP(withKey, padding, h, nil, label, saltLen, ch, init) -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ return verify(ctx, base(sig), len(sig), base(in), len(in)) -+} -+ -+func evpEncrypt(withKey withKeyFunc, padding int32, h, mgfHash hash.Hash, label, msg []byte) ([]byte, error) { -+ encryptInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { -+ _, err := ossl.EVP_PKEY_encrypt_init(ctx) -+ return err -+ } -+ encrypt := func(ctx ossl.EVP_PKEY_CTX_PTR, out *byte, outLen *int, in *byte, inLen int) error { -+ if _, err := ossl.EVP_PKEY_encrypt(ctx, out, outLen, in, inLen); err != nil { -+ return err -+ } -+ return nil -+ } -+ return cryptEVP(withKey, padding, h, mgfHash, label, 0, 0, encryptInit, encrypt, msg) -+} -+ -+func evpDecrypt(withKey withKeyFunc, padding int32, h, mgfHash hash.Hash, label, msg []byte) ([]byte, error) { -+ decryptInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { -+ _, err := ossl.EVP_PKEY_decrypt_init(ctx) -+ return err -+ } -+ decrypt := func(ctx ossl.EVP_PKEY_CTX_PTR, out *byte, outLen *int, in *byte, inLen int) error { -+ _, err := ossl.EVP_PKEY_decrypt(ctx, out, outLen, in, inLen) -+ return err -+ } -+ return cryptEVP(withKey, padding, h, mgfHash, label, 0, 0, decryptInit, decrypt, msg) -+} -+ -+func evpSign(withKey withKeyFunc, padding int32, saltLen int32, h crypto.Hash, hashed []byte) ([]byte, error) { -+ signtInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { -+ _, err := ossl.EVP_PKEY_sign_init(ctx) -+ return err -+ } -+ sign := func(ctx ossl.EVP_PKEY_CTX_PTR, out *byte, outLen *int, in *byte, inLen int) error { -+ _, err := ossl.EVP_PKEY_sign(ctx, out, outLen, in, inLen) -+ return err -+ } -+ return cryptEVP(withKey, padding, nil, nil, nil, saltLen, h, signtInit, sign, hashed) -+} -+ -+func evpVerify(withKey withKeyFunc, padding int32, saltLen int32, h crypto.Hash, sig, hashed []byte) error { -+ verifyInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { -+ _, err := ossl.EVP_PKEY_verify_init(ctx) -+ return err -+ } -+ verify := func(ctx ossl.EVP_PKEY_CTX_PTR, out *byte, outLen int, in *byte, inLen int) error { -+ _, err := ossl.EVP_PKEY_verify(ctx, out, outLen, in, inLen) -+ return err -+ } -+ return verifyEVP(withKey, padding, nil, nil, saltLen, h, verifyInit, verify, sig, hashed) -+} -+ -+func evpHashSign(withKey withKeyFunc, h crypto.Hash, msg []byte) ([]byte, error) { -+ alg := loadHash(h) -+ if alg == nil { -+ return nil, errors.New("unsupported hash function: " + strconv.Itoa(int(h))) -+ } -+ var out []byte -+ var outLen int -+ ctx, err := ossl.EVP_MD_CTX_new() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_MD_CTX_free(ctx) -+ if err := withKey(func(key ossl.EVP_PKEY_PTR) error { -+ _, err := ossl.EVP_DigestSignInit(ctx, nil, alg.md, nil, key) -+ return err -+ }); err != nil { -+ return nil, err -+ } -+ if len(msg) > 0 { -+ if _, err := ossl.EVP_DigestUpdate(ctx, pbase(msg), len(msg)); err != nil { -+ return nil, err -+ } -+ } -+ // Obtain the signature length -+ if _, err := ossl.EVP_DigestSignFinal(ctx, nil, &outLen); err != nil { -+ return nil, err -+ } -+ out = make([]byte, outLen) -+ // Obtain the signature -+ if _, err := ossl.EVP_DigestSignFinal(ctx, base(out), &outLen); err != nil { -+ return nil, err -+ } -+ return out[:outLen], nil -+} -+ -+func evpHashVerify(withKey withKeyFunc, h crypto.Hash, msg, sig []byte) error { -+ alg := loadHash(h) -+ if alg == nil { -+ return errors.New("unsupported hash function: " + strconv.Itoa(int(h))) -+ } -+ ctx, err := ossl.EVP_MD_CTX_new() -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_MD_CTX_free(ctx) -+ if err := withKey(func(key ossl.EVP_PKEY_PTR) error { -+ _, err := ossl.EVP_DigestVerifyInit(ctx, nil, alg.md, nil, key) -+ return err -+ }); err != nil { -+ return err -+ } -+ if len(msg) > 0 { -+ if _, err := ossl.EVP_DigestUpdate(ctx, pbase(msg), len(msg)); err != nil { -+ return err -+ } -+ } -+ if _, err := ossl.EVP_DigestVerifyFinal(ctx, base(sig), len(sig)); err != nil { -+ return err -+ } -+ return nil -+} -+ -+func newEVPPKEY(key ossl.EC_KEY_PTR) (ossl.EVP_PKEY_PTR, error) { -+ pkey, err := ossl.EVP_PKEY_new() -+ if err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_EC, unsafe.Pointer(key)); err != nil { -+ ossl.EVP_PKEY_free(pkey) -+ return nil, err -+ } -+ return pkey, nil -+} -+ -+// getECKey returns the EC_KEY from pkey. -+// If pkey does not contain an EC_KEY it panics. -+// The returned key should not be freed. -+func getECKey(pkey ossl.EVP_PKEY_PTR) ossl.EC_KEY_PTR { -+ key, err := ossl.EVP_PKEY_get0_EC_KEY(pkey) -+ if err != nil { -+ panic(err) -+ } -+ return key -+} -+ -+func newEvpFromParams(id int32, selection int32, params ossl.OSSL_PARAM_PTR) (ossl.EVP_PKEY_PTR, error) { -+ ctx, err := ossl.EVP_PKEY_CTX_new_id(id, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if _, err := ossl.EVP_PKEY_fromdata_init(ctx); err != nil { -+ return nil, err -+ } -+ var pkey ossl.EVP_PKEY_PTR -+ if _, err := ossl.EVP_PKEY_fromdata(ctx, &pkey, selection, params); err != nil { -+ if vMajor == 3 && vMinor <= 2 { -+ // OpenSSL 3.0.1 and 3.0.2 have a bug where EVP_PKEY_fromdata -+ // does not free the internally allocated EVP_PKEY on error. -+ // See https://github.com/openssl/openssl/issues/17407. -+ ossl.EVP_PKEY_free(pkey) -+ } -+ return nil, err -+ } -+ return pkey, nil -+} -+ -+func checkPkey(pkey ossl.EVP_PKEY_PTR, isPrivate bool) error { -+ ctx, err := ossl.EVP_PKEY_CTX_new(pkey, nil) -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if isPrivate { -+ if _, err := ossl.EVP_PKEY_private_check(ctx); err != nil { -+ // Match upstream error message. -+ return errors.New("invalid private key") -+ } -+ } else { -+ // Upstream Go does a partial check here, so do we. -+ if _, err := ossl.EVP_PKEY_public_check_quick(ctx); err != nil { -+ // Match upstream error message. -+ return errors.New("invalid public key") -+ } -+ } -+ return nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hash.go b/src/vendor/github.com/golang-fips/openssl/v2/hash.go -new file mode 100644 -index 00000000000000..621822102024f8 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/hash.go -@@ -0,0 +1,455 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "crypto" -+ "errors" -+ "hash" -+ "runtime" -+ "strconv" -+ "sync" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+const ( -+ magicMD5 = "md5\x01" -+ magic1 = "sha\x01" -+ magic224 = "sha\x02" -+ magic256 = "sha\x03" -+ magic384 = "sha\x04" -+ magic512_224 = "sha\x05" -+ magic512_256 = "sha\x06" -+ magic512 = "sha\x07" -+ -+ marshaledSizeMD5 = len(magicMD5) + 4*4 + 64 + 8 // from crypto/md5 -+ marshaledSize1 = len(magic1) + 5*4 + 64 + 8 // from crypto/sha1 -+ marshaledSize256 = len(magic256) + 8*4 + 64 + 8 // from crypto/sha256 -+ marshaledSize512 = len(magic512) + 8*8 + 128 + 8 // from crypto/sha512 -+) -+ -+// maxHashSize is the size of SHA52 and SHA3_512, the largest hashes we support. -+const maxHashSize = 64 -+ -+func hashOneShot(ch crypto.Hash, p []byte, sum []byte) bool { -+ _, err := ossl.EVP_Digest(pbaseNeverEmpty(p), len(p), base(sum), nil, loadHash(ch).md, nil) -+ return err == nil -+} -+ -+func MD4(p []byte) (sum [16]byte) { -+ if !hashOneShot(crypto.MD4, p, sum[:]) { -+ panic("openssl: MD4 failed") -+ } -+ return -+} -+ -+func MD5(p []byte) (sum [16]byte) { -+ if !hashOneShot(crypto.MD5, p, sum[:]) { -+ panic("openssl: MD5 failed") -+ } -+ return -+} -+ -+func SHA1(p []byte) (sum [20]byte) { -+ if !hashOneShot(crypto.SHA1, p, sum[:]) { -+ panic("openssl: SHA1 failed") -+ } -+ return -+} -+ -+func SHA224(p []byte) (sum [28]byte) { -+ if !hashOneShot(crypto.SHA224, p, sum[:]) { -+ panic("openssl: SHA224 failed") -+ } -+ return -+} -+ -+func SHA256(p []byte) (sum [32]byte) { -+ if !hashOneShot(crypto.SHA256, p, sum[:]) { -+ panic("openssl: SHA256 failed") -+ } -+ return -+} -+ -+func SHA384(p []byte) (sum [48]byte) { -+ if !hashOneShot(crypto.SHA384, p, sum[:]) { -+ panic("openssl: SHA384 failed") -+ } -+ return -+} -+ -+func SHA512(p []byte) (sum [64]byte) { -+ if !hashOneShot(crypto.SHA512, p, sum[:]) { -+ panic("openssl: SHA512 failed") -+ } -+ return -+} -+ -+func SHA512_224(p []byte) (sum [28]byte) { -+ if !hashOneShot(crypto.SHA512_224, p, sum[:]) { -+ panic("openssl: SHA512 failed") -+ } -+ return -+} -+ -+func SHA512_256(p []byte) (sum [32]byte) { -+ if !hashOneShot(crypto.SHA512_256, p, sum[:]) { -+ panic("openssl: SHA512_256 failed") -+ } -+ return -+} -+ -+// cacheHashSupported is a cache of crypto.Hash support. -+var cacheHashSupported sync.Map -+ -+// SupportsHash reports whether the current OpenSSL version supports the given hash. -+func SupportsHash(h crypto.Hash) bool { -+ if v, ok := cacheHashSupported.Load(h); ok { -+ return v.(bool) -+ } -+ alg := loadHash(h) -+ if alg == nil { -+ cacheHashSupported.Store(h, false) -+ return false -+ } -+ // EVP_MD objects can be non-nil even when they can't be used -+ // in a EVP_MD_CTX, e.g. MD5 in FIPS mode. We need to prove -+ // if they can be used by passing them to a EVP_MD_CTX. -+ var supported bool -+ if ctx, _ := ossl.EVP_MD_CTX_new(); ctx != nil { -+ _, err := ossl.EVP_DigestInit_ex(ctx, alg.md, nil) -+ supported = err == nil -+ ossl.EVP_MD_CTX_free(ctx) -+ } -+ cacheHashSupported.Store(h, supported) -+ return supported -+} -+ -+func SHA3_224(p []byte) (sum [28]byte) { -+ if !hashOneShot(crypto.SHA3_224, p, sum[:]) { -+ panic("openssl: SHA3_224 failed") -+ } -+ return -+} -+ -+func SHA3_256(p []byte) (sum [32]byte) { -+ if !hashOneShot(crypto.SHA3_256, p, sum[:]) { -+ panic("openssl: SHA3_256 failed") -+ } -+ return -+} -+ -+func SHA3_384(p []byte) (sum [48]byte) { -+ if !hashOneShot(crypto.SHA3_384, p, sum[:]) { -+ panic("openssl: SHA3_384 failed") -+ } -+ return -+} -+ -+func SHA3_512(p []byte) (sum [64]byte) { -+ if !hashOneShot(crypto.SHA3_512, p, sum[:]) { -+ panic("openssl: SHA3_512 failed") -+ } -+ return -+} -+ -+// NewMD4 returns a new MD4 hash. -+// The returned hash doesn't implement encoding.BinaryMarshaler and -+// encoding.BinaryUnmarshaler. -+func NewMD4() hash.Hash { -+ return newEvpHash(crypto.MD4) -+} -+ -+// NewMD5 returns a new MD5 hash. -+func NewMD5() hash.Hash { -+ return newEvpHash(crypto.MD5) -+} -+ -+// NewSHA1 returns a new SHA1 hash. -+func NewSHA1() hash.Hash { -+ return newEvpHash(crypto.SHA1) -+} -+ -+// NewSHA224 returns a new SHA224 hash. -+func NewSHA224() hash.Hash { -+ return newEvpHash(crypto.SHA224) -+} -+ -+// NewSHA256 returns a new SHA256 hash. -+func NewSHA256() hash.Hash { -+ return newEvpHash(crypto.SHA256) -+} -+ -+// NewSHA384 returns a new SHA384 hash. -+func NewSHA384() hash.Hash { -+ return newEvpHash(crypto.SHA384) -+} -+ -+// NewSHA512 returns a new SHA512 hash. -+func NewSHA512() hash.Hash { -+ return newEvpHash(crypto.SHA512) -+} -+ -+// NewSHA512_224 returns a new SHA512_224 hash. -+func NewSHA512_224() hash.Hash { -+ return newEvpHash(crypto.SHA512_224) -+} -+ -+// NewSHA512_256 returns a new SHA512_256 hash. -+func NewSHA512_256() hash.Hash { -+ return newEvpHash(crypto.SHA512_256) -+} -+ -+// NewSHA3_224 returns a new SHA3-224 hash. -+func NewSHA3_224() hash.Hash { -+ return newEvpHash(crypto.SHA3_224) -+} -+ -+// NewSHA3_256 returns a new SHA3-256 hash. -+func NewSHA3_256() hash.Hash { -+ return newEvpHash(crypto.SHA3_256) -+} -+ -+// NewSHA3_384 returns a new SHA3-384 hash. -+func NewSHA3_384() hash.Hash { -+ return newEvpHash(crypto.SHA3_384) -+} -+ -+// NewSHA3_512 returns a new SHA3-512 hash. -+func NewSHA3_512() hash.Hash { -+ return newEvpHash(crypto.SHA3_512) -+} -+ -+var _ hash.Hash = (*evpHash)(nil) -+var _ HashCloner = (*evpHash)(nil) -+ -+// evpHash implements generic hash methods. -+type evpHash struct { -+ alg *hashAlgorithm -+ ctx ossl.EVP_MD_CTX_PTR -+ // ctx2 is used in evpHash.sum to avoid changing -+ // the state of ctx. Having it here allows reusing the -+ // same allocated object multiple times. -+ ctx2 ossl.EVP_MD_CTX_PTR -+ out [maxHashSize]byte -+} -+ -+func newEvpHash(ch crypto.Hash) *evpHash { -+ alg := loadHash(ch) -+ if alg == nil { -+ panic("openssl: unsupported hash function: " + strconv.Itoa(int(ch))) -+ } -+ h := &evpHash{alg: alg} -+ // Don't call init() yet, it would be wasteful -+ // if the caller only wants to know the hash type. This -+ // is a common pattern in this package, as some functions -+ // accept a `func() hash.Hash` parameter and call it just -+ // to know the hash type. -+ return h -+} -+ -+func (h *evpHash) finalize() { -+ if h.ctx != nil { -+ ossl.EVP_MD_CTX_free(h.ctx) -+ } -+ if h.ctx2 != nil { -+ ossl.EVP_MD_CTX_free(h.ctx2) -+ } -+} -+ -+func (h *evpHash) init() { -+ if h.ctx != nil { -+ return -+ } -+ var err error -+ h.ctx, err = ossl.EVP_MD_CTX_new() -+ if err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_DigestInit_ex(h.ctx, h.alg.md, nil); err != nil { -+ ossl.EVP_MD_CTX_free(h.ctx) -+ panic(err) -+ } -+ h.ctx2, err = ossl.EVP_MD_CTX_new() -+ if err != nil { -+ ossl.EVP_MD_CTX_free(h.ctx) -+ panic(err) -+ } -+ runtime.SetFinalizer(h, (*evpHash).finalize) -+} -+ -+func (h *evpHash) Reset() { -+ if h.ctx == nil { -+ // The hash is not initialized yet, no need to reset. -+ return -+ } -+ // There is no need to reset h.ctx2 because it is always reset after -+ // use in evpHash.sum. -+ if _, err := ossl.EVP_DigestInit_ex(h.ctx, nil, nil); err != nil { -+ panic(err) -+ } -+ runtime.KeepAlive(h) -+} -+ -+func (h *evpHash) Write(p []byte) (int, error) { -+ if len(p) == 0 { -+ return 0, nil -+ } -+ h.init() -+ if _, err := ossl.EVP_DigestUpdate(h.ctx, pbase(p), len(p)); err != nil { -+ panic(err) -+ } -+ runtime.KeepAlive(h) -+ return len(p), nil -+} -+ -+func (h *evpHash) WriteString(s string) (int, error) { -+ if len(s) == 0 { -+ return 0, nil -+ } -+ h.init() -+ if _, err := ossl.EVP_DigestUpdate(h.ctx, unsafe.Pointer(unsafe.StringData(s)), len(s)); err != nil { -+ panic(err) -+ } -+ runtime.KeepAlive(h) -+ return len(s), nil -+} -+ -+func (h *evpHash) WriteByte(c byte) error { -+ h.init() -+ if _, err := ossl.EVP_DigestUpdate(h.ctx, unsafe.Pointer(&c), 1); err != nil { -+ panic(err) -+ } -+ runtime.KeepAlive(h) -+ return nil -+} -+ -+func (h *evpHash) Size() int { -+ return h.alg.size -+} -+ -+func (h *evpHash) BlockSize() int { -+ return h.alg.blockSize -+} -+ -+func (h *evpHash) Sum(in []byte) []byte { -+ h.init() -+ tmp := h.out[:h.Size()] // Create slice view -+ clear(tmp) -+ if err := ossl.HashSum(h.ctx, h.ctx2, tmp); err != nil { -+ panic(err) -+ } -+ runtime.KeepAlive(h) -+ return append(in, tmp...) -+} -+ -+// Clone returns a new evpHash object that is a deep clone of itself. -+// The duplicate object contains all state and data contained in the -+// original object at the point of duplication. -+func (h *evpHash) Clone() (HashCloner, error) { -+ h2 := &evpHash{alg: h.alg} -+ if h.ctx != nil { -+ var err error -+ h2.ctx, err = ossl.EVP_MD_CTX_new() -+ if err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_MD_CTX_copy_ex(h2.ctx, h.ctx); err != nil { -+ ossl.EVP_MD_CTX_free(h2.ctx) -+ panic(err) -+ } -+ h2.ctx2, err = ossl.EVP_MD_CTX_new() -+ if err != nil { -+ ossl.EVP_MD_CTX_free(h2.ctx) -+ panic(err) -+ } -+ runtime.SetFinalizer(h2, (*evpHash).finalize) -+ } -+ runtime.KeepAlive(h) -+ return h2, nil -+} -+ -+var errHashNotMarshallable = errors.New("openssl: hash state is not marshallable") -+ -+func (d *evpHash) MarshalBinary() ([]byte, error) { -+ if !d.alg.marshallable { -+ return nil, errHashNotMarshallable -+ } -+ buf := make([]byte, 0, d.alg.marshalledSize) -+ return d.AppendBinary(buf) -+} -+ -+func (d *evpHash) AppendBinary(buf []byte) ([]byte, error) { -+ defer runtime.KeepAlive(d) -+ if !d.alg.marshallable { -+ return nil, errHashNotMarshallable -+ } -+ d.init() -+ switch d.alg.provider { -+ case providerOSSLDefault, providerOSSLFIPS: -+ return osslHashAppendBinary(d.ctx, d.alg.ch, d.alg.magic, buf) -+ case providerSymCrypt: -+ return symCryptHashAppendBinary(d.ctx, d.alg.ch, d.alg.magic, buf) -+ default: -+ panic("openssl: unknown hash provider" + strconv.Itoa(int(d.alg.provider))) -+ } -+} -+ -+func (d *evpHash) UnmarshalBinary(b []byte) error { -+ defer runtime.KeepAlive(d) -+ d.init() -+ if !d.alg.marshallable { -+ return errHashNotMarshallable -+ } -+ if len(b) < len(d.alg.magic) || string(b[:len(d.alg.magic)]) != d.alg.magic { -+ return errors.New("openssl: invalid hash state identifier") -+ } -+ if len(b) != d.alg.marshalledSize { -+ return errors.New("openssl: invalid hash state size") -+ } -+ switch d.alg.provider { -+ case providerOSSLDefault, providerOSSLFIPS: -+ return osslHashUnmarshalBinary(d.ctx, d.alg.ch, d.alg.magic, b) -+ case providerSymCrypt: -+ return symCryptHashUnmarshalBinary(d.ctx, d.alg.ch, d.alg.magic, b) -+ default: -+ panic("openssl: unknown hash provider" + strconv.Itoa(int(d.alg.provider))) -+ } -+} -+ -+// appendUint64 appends x into b as a big endian byte sequence. -+func appendUint64(b []byte, x uint64) []byte { -+ return append(b, -+ byte(x>>56), -+ byte(x>>48), -+ byte(x>>40), -+ byte(x>>32), -+ byte(x>>24), -+ byte(x>>16), -+ byte(x>>8), -+ byte(x), -+ ) -+} -+ -+// appendUint32 appends x into b as a big endian byte sequence. -+func appendUint32(b []byte, x uint32) []byte { -+ return append(b, byte(x>>24), byte(x>>16), byte(x>>8), byte(x)) -+} -+ -+// consumeUint64 reads a big endian uint64 number from b. -+func consumeUint64(b []byte) ([]byte, uint64) { -+ _ = b[7] -+ x := uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | -+ uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 -+ return b[8:], x -+} -+ -+// consumeUint32 reads a big endian uint32 number from b. -+func consumeUint32(b []byte) ([]byte, uint32) { -+ _ = b[3] -+ x := uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24 -+ return b[4:], x -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hashclone.go b/src/vendor/github.com/golang-fips/openssl/v2/hashclone.go -new file mode 100644 -index 00000000000000..423668c6acf239 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/hashclone.go -@@ -0,0 +1,14 @@ -+//go:build !go1.25 && !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "hash" -+) -+ -+// HashCloner is an interface that defines a Clone method. -+type HashCloner interface { -+ hash.Hash -+ // Clone returns a separate Hash instance with the same state as h. -+ Clone() (HashCloner, error) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hashclone_go125.go b/src/vendor/github.com/golang-fips/openssl/v2/hashclone_go125.go -new file mode 100644 -index 00000000000000..f1f2364c7246d4 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/hashclone_go125.go -@@ -0,0 +1,9 @@ -+//go:build go1.25 && !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "hash" -+) -+ -+type HashCloner = hash.Cloner -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go b/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go -new file mode 100644 -index 00000000000000..0c2a431618f24b ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go -@@ -0,0 +1,434 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "errors" -+ "hash" -+ "io" -+ "runtime" -+ "sync" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// SupprtHKDF reports whether the current OpenSSL version supports HKDF. -+func SupportsHKDF() bool { -+ switch vMajor { -+ case 1: -+ return versionAtOrAbove(1, 1, 1) -+ case 3: -+ _, err := fetchHKDF3() -+ return err == nil -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+// SupprtsTLS13KDF reports whether the current OpenSSL version supports TLS13-KDF. -+func SupportsTLS13KDF() bool { -+ switch vMajor { -+ case 1: -+ return false -+ case 3: -+ // TLS13-KDF is available in OpenSSL 3.0.0 and later. -+ _, err := fetchTLS13_KDF() -+ return err == nil -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+func newHKDFCtx1(md ossl.EVP_MD_PTR, mode int32, secret, salt, pseudorandomKey, info []byte) (ctx ossl.EVP_PKEY_CTX_PTR, err error) { -+ checkMajorVersion(1) -+ -+ ctx, err = ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_HKDF, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if err != nil { -+ ossl.EVP_PKEY_CTX_free(ctx) -+ } -+ }() -+ -+ if _, err := ossl.EVP_PKEY_derive_init(ctx); err != nil { -+ return ctx, err -+ } -+ -+ ctrlSlice := func(ctrl int32, data []byte) bool { -+ if err != nil { -+ return false -+ } -+ if len(data) == 0 { -+ return true // No data to set. -+ } -+ _, err = ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ossl.EVP_PKEY_OP_DERIVE, ctrl, int32(len(data)), unsafe.Pointer(base(data))) -+ return err == nil -+ } -+ -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ossl.EVP_PKEY_OP_DERIVE, ossl.EVP_PKEY_CTRL_HKDF_MODE, mode, nil); err != nil { -+ return ctx, err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ossl.EVP_PKEY_OP_DERIVE, ossl.EVP_PKEY_CTRL_HKDF_MD, 0, unsafe.Pointer(md)); err != nil { -+ return ctx, err -+ } -+ if ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_KEY, secret) && -+ ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_SALT, salt) && -+ ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_KEY, pseudorandomKey) && -+ ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_INFO, info) { -+ return ctx, err -+ } -+ return ctx, nil -+} -+ -+type hkdf1 struct { -+ ctx ossl.EVP_PKEY_CTX_PTR -+ -+ hashLen int -+ buf []byte -+} -+ -+func (c *hkdf1) finalize() { -+ if c.ctx != nil { -+ ossl.EVP_PKEY_CTX_free(c.ctx) -+ } -+} -+ -+func (c *hkdf1) Read(p []byte) (int, error) { -+ defer runtime.KeepAlive(c) -+ -+ // EVP_PKEY_derive doesn't support incremental output, each call -+ // derives the key from scratch and returns the requested bytes. -+ // To implement io.Reader, we need to ask for len(c.buf) + len(p) -+ // bytes and copy the last derived len(p) bytes to p. -+ // We use c.buf to know how many bytes we've already derived and -+ // to avoid allocating the whole output buffer on each call. -+ prevLen := len(c.buf) -+ needLen := len(p) -+ remains := 255*c.hashLen - prevLen -+ // Check whether enough data can be generated. -+ if remains < needLen { -+ return 0, errors.New("hkdf: entropy limit reached") -+ } -+ c.buf = append(c.buf, make([]byte, needLen)...) -+ outLen := prevLen + needLen -+ if _, err := ossl.EVP_PKEY_derive(c.ctx, base(c.buf), &outLen); err != nil { -+ return 0, err -+ } -+ n := copy(p, c.buf[prevLen:outLen]) -+ return n, nil -+} -+ -+// hkdfAllZerosSalt is a preallocated buffer of zeros used in ExtractHKDF(). -+// The size should be kept as large as the output length of any hash algorithm -+// used with HKDF. -+var hkdfAllZerosSalt [64]byte -+ -+// ExtractHDKF implements the HDKF extract step. -+// If salt is nil, then this function replaces it internally with a buffer of -+// zeros whose length equals the output length of the specified hash algorithm. -+func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { -+ if !SupportsHKDF() { -+ return nil, errUnsupportedVersion() -+ } -+ -+ md, err := hashFuncToMD(h) -+ if err != nil { -+ return nil, err -+ } -+ -+ // If calling code specifies nil salt, replace it with a buffer of hashLen -+ // zeros, as specified in RFC 5896 and as OpenSSL EVP_KDF-HKDF documentation -+ // instructs. Take a slice of a preallocated buffer to avoid allocating new -+ // buffer per call, but fall back to allocating a buffer if preallocated -+ // buffer is not large enough. -+ if salt == nil { -+ hlen := h().Size() -+ if hlen > len(hkdfAllZerosSalt) { -+ salt = make([]byte, hlen) -+ } else { -+ salt = hkdfAllZerosSalt[:hlen] -+ } -+ } -+ -+ switch vMajor { -+ case 1: -+ ctx, err := newHKDFCtx1(md, ossl.EVP_KDF_HKDF_MODE_EXTRACT_ONLY, secret, salt, nil, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ var keylen int -+ if _, err := ossl.EVP_PKEY_derive(ctx, nil, &keylen); err != nil { -+ return nil, err -+ } -+ out := make([]byte, keylen) -+ if _, err := ossl.EVP_PKEY_derive(ctx, base(out), &keylen); err != nil { -+ return nil, err -+ } -+ return out[:keylen], nil -+ case 3: -+ ctx, err := newHKDFCtx3(md, ossl.EVP_KDF_HKDF_MODE_EXTRACT_ONLY, secret, salt, nil, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_KDF_CTX_free(ctx) -+ size, err := ossl.EVP_KDF_CTX_get_kdf_size(ctx) -+ if err != nil { -+ return nil, err -+ } -+ out := make([]byte, size) -+ if _, err := ossl.EVP_KDF_derive(ctx, base(out), len(out), nil); err != nil { -+ return nil, err -+ } -+ return out, nil -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+// ExpandHKDFOneShot derives a key from the given hash, key, and optional context info. -+func ExpandHKDFOneShot(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { -+ if !SupportsHKDF() { -+ return nil, errUnsupportedVersion() -+ } -+ -+ md, err := hashFuncToMD(h) -+ if err != nil { -+ return nil, err -+ } -+ -+ out := make([]byte, keyLength) -+ switch vMajor { -+ case 1: -+ ctx, err := newHKDFCtx1(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ keylen := keyLength -+ if _, err := ossl.EVP_PKEY_derive(ctx, base(out), &keylen); err != nil { -+ return nil, err -+ } -+ case 3: -+ ctx, err := newHKDFCtx3(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_KDF_CTX_free(ctx) -+ if _, err := ossl.EVP_KDF_derive(ctx, base(out), keyLength, nil); err != nil { -+ return nil, err -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ return out, nil -+} -+ -+// ExpandTLS13KDF derives a key from the given hash, key, label and context. It will use -+// "TLS13-KDF" algorithm to do so. -+func ExpandTLS13KDF(h func() hash.Hash, pseudorandomKey, label, context []byte, keyLength int) ([]byte, error) { -+ if !SupportsTLS13KDF() { -+ return nil, errUnsupportedVersion() -+ } -+ -+ md, err := hashFuncToMD(h) -+ if err != nil { -+ return nil, err -+ } -+ -+ out := make([]byte, keyLength) -+ -+ ctx, err := newTLS13KDFExpandCtx3(md, label, context, pseudorandomKey) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_KDF_CTX_free(ctx) -+ if _, err := ossl.EVP_KDF_derive(ctx, base(out), keyLength, nil); err != nil { -+ return nil, err -+ } -+ return out, nil -+} -+ -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { -+ if !SupportsHKDF() { -+ return nil, errUnsupportedVersion() -+ } -+ -+ md, err := hashFuncToMD(h) -+ if err != nil { -+ return nil, err -+ } -+ -+ size := int(ossl.EVP_MD_get_size(md)) -+ -+ switch vMajor { -+ case 1: -+ ctx, err := newHKDFCtx1(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) -+ if err != nil { -+ return nil, err -+ } -+ c := &hkdf1{ctx: ctx, hashLen: size} -+ runtime.SetFinalizer(c, (*hkdf1).finalize) -+ return c, nil -+ case 3: -+ ctx, err := newHKDFCtx3(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) -+ if err != nil { -+ return nil, err -+ } -+ c := &hkdf3{ctx: ctx, hashLen: size} -+ runtime.SetFinalizer(c, (*hkdf3).finalize) -+ return c, nil -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+type hkdf3 struct { -+ ctx ossl.EVP_KDF_CTX_PTR -+ -+ hashLen int -+ buf []byte -+} -+ -+func (c *hkdf3) finalize() { -+ if c.ctx != nil { -+ ossl.EVP_KDF_CTX_free(c.ctx) -+ } -+} -+ -+// fetchTLS13_KDF fetches the TLS13-KDF algorithm. -+// It is safe to call this function concurrently. -+// The returned EVP_KDF_PTR shouldn't be freed. -+var fetchTLS13_KDF = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { -+ checkMajorVersion(3) -+ -+ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_TLS13_KDF.ptr(), nil) -+ if err != nil { -+ return nil, err -+ } -+ return kdf, nil -+}) -+ -+// newTLS13KDFExpandCtx3 fetches the "TLS13-KDF" for TLS 1.3 handshakes. -+func newTLS13KDFExpandCtx3(md ossl.EVP_MD_PTR, label, context, pseudorandomKey []byte) (_ ossl.EVP_KDF_CTX_PTR, err error) { -+ checkMajorVersion(3) -+ -+ kdf, err := fetchTLS13_KDF() -+ if err != nil { -+ return nil, err -+ } -+ -+ ctx, err := ossl.EVP_KDF_CTX_new(kdf) -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if err != nil { -+ ossl.EVP_KDF_CTX_free(ctx) -+ } -+ }() -+ -+ bld, err := newParamBuilder() -+ if err != nil { -+ return ctx, err -+ } -+ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) -+ bld.addInt32(_OSSL_KDF_PARAM_MODE, int32(ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY)) -+ bld.addOctetString(_OSSL_KDF_PARAM_PREFIX, []byte("tls13 ")) -+ bld.addOctetString(_OSSL_KDF_PARAM_LABEL, label) -+ bld.addOctetString(_OSSL_KDF_PARAM_DATA, context) -+ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) -+ -+ params, err := bld.build() -+ if err != nil { -+ return ctx, err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ -+ if _, err := ossl.EVP_KDF_CTX_set_params(ctx, params); err != nil { -+ return ctx, err -+ } -+ return ctx, nil -+} -+ -+// fetchHKDF3 fetches the HKDF algorithm. -+// It is safe to call this function concurrently. -+// The returned EVP_KDF_PTR shouldn't be freed. -+var fetchHKDF3 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { -+ checkMajorVersion(3) -+ -+ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_HKDF.ptr(), nil) -+ if err != nil { -+ return nil, err -+ } -+ return kdf, nil -+}) -+ -+// newHKDFCtx3 implements HKDF for OpenSSL 3 using the EVP_KDF API. -+func newHKDFCtx3(md ossl.EVP_MD_PTR, mode int32, secret, salt, pseudorandomKey, info []byte) (_ ossl.EVP_KDF_CTX_PTR, err error) { -+ checkMajorVersion(3) -+ -+ kdf, err := fetchHKDF3() -+ if err != nil { -+ return nil, err -+ } -+ ctx, err := ossl.EVP_KDF_CTX_new(kdf) -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if err != nil { -+ ossl.EVP_KDF_CTX_free(ctx) -+ } -+ }() -+ -+ bld, err := newParamBuilder() -+ if err != nil { -+ return ctx, err -+ } -+ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) -+ bld.addInt32(_OSSL_KDF_PARAM_MODE, int32(mode)) -+ bld.addOctetString(_OSSL_KDF_PARAM_KEY, secret) -+ bld.addOctetString(_OSSL_KDF_PARAM_SALT, salt) -+ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) -+ bld.addOctetString(_OSSL_KDF_PARAM_INFO, info) -+ params, err := bld.build() -+ if err != nil { -+ return ctx, err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ -+ if _, err := ossl.EVP_KDF_CTX_set_params(ctx, params); err != nil { -+ return ctx, err -+ } -+ return ctx, nil -+} -+ -+func (c *hkdf3) Read(p []byte) (int, error) { -+ defer runtime.KeepAlive(c) -+ -+ // EVP_KDF_derive doesn't support incremental output, each call -+ // derives the key from scratch and returns the requested bytes. -+ // To implement io.Reader, we need to ask for len(c.buf) + len(p) -+ // bytes and copy the last derived len(p) bytes to p. -+ // We use c.buf to know how many bytes we've already derived and -+ // to avoid allocating the whole output buffer on each call. -+ prevLen := len(c.buf) -+ needLen := len(p) -+ remains := 255*c.hashLen - prevLen -+ // Check whether enough data can be generated. -+ if remains < needLen { -+ return 0, errors.New("hkdf: entropy limit reached") -+ } -+ c.buf = append(c.buf, make([]byte, needLen)...) -+ outLen := prevLen + needLen -+ if _, err := ossl.EVP_KDF_derive(c.ctx, base(c.buf), outLen, nil); err != nil { -+ return 0, err -+ } -+ n := copy(p, c.buf[prevLen:outLen]) -+ return n, nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hmac.go b/src/vendor/github.com/golang-fips/openssl/v2/hmac.go -new file mode 100644 -index 00000000000000..f600f0f4e036e4 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/hmac.go -@@ -0,0 +1,283 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "hash" -+ "runtime" -+ "slices" -+ "sync" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// NewHMAC returns a new HMAC using OpenSSL. -+// The function h must return a hash implemented by -+// OpenSSL (for example, h could be openssl.NewSHA256). -+// If h is not recognized, NewHMAC returns nil. -+func NewHMAC(fh func() hash.Hash, key []byte) hash.Hash { -+ h, _ := hashFuncHash(fh) -+ md := hashToMD(h) -+ if md == nil { -+ return nil -+ } -+ -+ if len(key) == 0 { -+ // This is supported in OpenSSL/Standard lib and as such -+ // we must support it here. When using HMAC with a null key -+ // HMAC_Init will try and reuse the key from the ctx. This is -+ // not the behavior previously implemented, so as a workaround -+ // we pass an "empty" key. -+ key = make([]byte, ossl.EVP_MAX_MD_SIZE) -+ } -+ -+ hmac := &opensslHMAC{ -+ size: h.Size(), -+ blockSize: h.BlockSize(), -+ } -+ -+ switch vMajor { -+ case 1: -+ ctx := newHMAC1(key, md) -+ if ctx.ctx == nil { -+ return nil -+ } -+ hmac.ctx1 = ctx -+ case 3: -+ ctx := newHMAC3(key, md) -+ if ctx.ctx == nil { -+ return nil -+ } -+ hmac.ctx3 = ctx -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ runtime.SetFinalizer(hmac, (*opensslHMAC).finalize) -+ return hmac -+} -+ -+// hmacCtx3 is used for OpenSSL 1. -+type hmacCtx1 struct { -+ ctx ossl.HMAC_CTX_PTR -+} -+ -+// hmacCtx3 is used for OpenSSL 3. -+type hmacCtx3 struct { -+ ctx ossl.EVP_MAC_CTX_PTR -+ key []byte // only set for OpenSSL 3.0.0, 3.0.1, and 3.0.2. -+} -+ -+type opensslHMAC struct { -+ ctx1 hmacCtx1 -+ ctx3 hmacCtx3 -+ size int -+ blockSize int -+ sum [maxHashSize]byte -+} -+ -+func newHMAC1(key []byte, md ossl.EVP_MD_PTR) hmacCtx1 { -+ ctx, err := ossl.HMAC_CTX_new() -+ if err != nil { -+ panic(err) -+ } -+ if _, err := ossl.HMAC_Init_ex(ctx, unsafe.Pointer(&key[0]), int32(len(key)), md, nil); err != nil { -+ panic(err) -+ } -+ return hmacCtx1{ctx} -+} -+ -+var hmacDigestsSupported sync.Map -+var fetchHMAC3 = sync.OnceValue(func() ossl.EVP_MAC_PTR { -+ mac, err := ossl.EVP_MAC_fetch(nil, _OSSL_MAC_NAME_HMAC.ptr(), nil) -+ if err != nil { -+ panic(err) -+ } -+ return mac -+}) -+ -+func buildHMAC3Params(md ossl.EVP_MD_PTR) (ossl.OSSL_PARAM_PTR, error) { -+ bld, err := newParamBuilder() -+ if err != nil { -+ return nil, err -+ } -+ defer bld.finalize() -+ bld.addUTF8String(_OSSL_MAC_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) -+ return bld.build() -+} -+ -+func isHMAC3DigestSupported(md ossl.EVP_MD_PTR) bool { -+ nid := ossl.EVP_MD_get_type(md) -+ if v, ok := hmacDigestsSupported.Load(nid); ok { -+ return v.(bool) -+ } -+ ctx, err := ossl.EVP_MAC_CTX_new(fetchHMAC3()) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.EVP_MAC_CTX_free(ctx) -+ -+ params, err := buildHMAC3Params(md) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ -+ _, err = ossl.EVP_MAC_CTX_set_params(ctx, params) -+ supported := err == nil -+ hmacDigestsSupported.Store(nid, supported) -+ return supported -+} -+ -+func newHMAC3(key []byte, md ossl.EVP_MD_PTR) hmacCtx3 { -+ if !isHMAC3DigestSupported(md) { -+ // The digest is not supported by the HMAC provider. -+ // Don't panic here so the Go standard library to -+ // fall back to the Go implementation. -+ // See https://github.com/golang-fips/openssl/issues/153. -+ return hmacCtx3{} -+ } -+ params, err := buildHMAC3Params(md) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ -+ ctx, err := ossl.EVP_MAC_CTX_new(fetchHMAC3()) -+ if err != nil { -+ panic(err) -+ } -+ -+ if _, err := ossl.EVP_MAC_init(ctx, base(key), len(key), params); err != nil { -+ ossl.EVP_MAC_CTX_free(ctx) -+ panic(err) -+ } -+ var hkey []byte -+ if vMinor == 0 && vPatch <= 2 { -+ // EVP_MAC_init only resets the ctx internal state if a key is passed -+ // when using OpenSSL 3.0.0, 3.0.1, and 3.0.2. Save a copy of the key -+ // in the context so Reset can use it later. New OpenSSL versions -+ // do not have this issue so it isn't necessary to save the key. -+ // See https://github.com/openssl/openssl/issues/17811. -+ hkey = make([]byte, len(key)) -+ copy(hkey, key) -+ } -+ return hmacCtx3{ctx, hkey} -+} -+ -+func (h *opensslHMAC) Reset() { -+ switch vMajor { -+ case 1: -+ if _, err := ossl.HMAC_Init_ex(h.ctx1.ctx, nil, 0, nil, nil); err != nil { -+ panic(err) -+ } -+ case 3: -+ if _, err := ossl.EVP_MAC_init(h.ctx3.ctx, base(h.ctx3.key), len(h.ctx3.key), nil); err != nil { -+ panic(err) -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ -+ runtime.KeepAlive(h) // Next line will keep h alive too; just making doubly sure. -+} -+ -+func (h *opensslHMAC) finalize() { -+ if h.ctx1.ctx != nil { -+ ossl.HMAC_CTX_free(h.ctx1.ctx) -+ } -+ if h.ctx3.ctx != nil { -+ ossl.EVP_MAC_CTX_free(h.ctx3.ctx) -+ } -+} -+ -+func (h *opensslHMAC) Write(p []byte) (int, error) { -+ if len(p) > 0 { -+ switch vMajor { -+ case 1: -+ ossl.HMAC_Update(h.ctx1.ctx, base(p), len(p)) -+ case 3: -+ ossl.EVP_MAC_update(h.ctx3.ctx, base(p), len(p)) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ } -+ runtime.KeepAlive(h) -+ return len(p), nil -+} -+ -+func (h *opensslHMAC) Size() int { -+ return h.size -+} -+ -+func (h *opensslHMAC) BlockSize() int { -+ return h.blockSize -+} -+ -+func (h *opensslHMAC) Sum(in []byte) []byte { -+ // Make copy of context because Go hash.Hash mandates -+ // that Sum has no effect on the underlying stream. -+ // In particular it is OK to Sum, then Write more, then Sum again, -+ // and the second Sum acts as if the first didn't happen. -+ switch vMajor { -+ case 1: -+ ctx2, err := ossl.HMAC_CTX_new() -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.HMAC_CTX_free(ctx2) -+ if _, err := ossl.HMAC_CTX_copy(ctx2, h.ctx1.ctx); err != nil { -+ panic(err) -+ } -+ ossl.HMAC_Final(ctx2, base(h.sum[:h.size]), nil) -+ case 3: -+ ctx2, err := ossl.EVP_MAC_CTX_dup(h.ctx3.ctx) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.EVP_MAC_CTX_free(ctx2) -+ ossl.EVP_MAC_final(ctx2, base(h.sum[:h.size]), nil, len(h.sum)) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ return append(in, h.sum[:h.size]...) -+} -+ -+func (h *opensslHMAC) Clone() (HashCloner, error) { -+ switch vMajor { -+ case 1: -+ ctx2, err := ossl.HMAC_CTX_new() -+ if err != nil { -+ panic(err) -+ } -+ if _, err := ossl.HMAC_CTX_copy(ctx2, h.ctx1.ctx); err != nil { -+ ossl.HMAC_CTX_free(ctx2) -+ panic(err) -+ } -+ cl := &opensslHMAC{ -+ ctx1: hmacCtx1{ctx: ctx2}, -+ size: h.size, -+ blockSize: h.blockSize, -+ } -+ runtime.SetFinalizer(cl, (*opensslHMAC).finalize) -+ return cl, nil -+ -+ case 3: -+ ctx2, err := ossl.EVP_MAC_CTX_dup(h.ctx3.ctx) -+ if err != nil { -+ panic(err) -+ } -+ -+ cl := &opensslHMAC{ -+ ctx3: hmacCtx3{ctx: ctx2, key: slices.Clone(h.ctx3.key)}, -+ size: h.size, -+ blockSize: h.blockSize, -+ } -+ runtime.SetFinalizer(cl, (*opensslHMAC).finalize) -+ return cl, nil -+ -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/init.go b/src/vendor/github.com/golang-fips/openssl/v2/init.go -new file mode 100644 -index 00000000000000..3ea2a896a38c5a ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/init.go -@@ -0,0 +1,157 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "errors" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// osslHandle is the handle to the OpenSSL shared library loaded in the [Init] function. -+var osslHandle unsafe.Pointer -+ -+// opensslInit loads and initializes OpenSSL. -+// -+// See [Init] for details about file. -+func opensslInit(file string) error { -+ // Load the OpenSSL shared library using dlopen. -+ handle, close, err := openLibrary(file) -+ if err != nil { -+ return err -+ } -+ -+ ossl.MkcgoLoad_(handle) -+ if vMajor == 1 { -+ ossl.MkcgoLoad_legacy_1(handle) -+ if vPatch == 1 { -+ ossl.MkcgoLoad_111(handle) -+ } -+ } else { -+ ossl.MkcgoLoad_111(handle) -+ ossl.MkcgoLoad_3(handle) -+ } -+ -+ // Initialize OpenSSL. -+ ossl.OPENSSL_init() -+ if _, err = ossl.OPENSSL_init_crypto( -+ ossl.OPENSSL_INIT_ADD_ALL_CIPHERS| -+ ossl.OPENSSL_INIT_ADD_ALL_DIGESTS| -+ ossl.OPENSSL_INIT_LOAD_CONFIG| -+ ossl.OPENSSL_INIT_LOAD_CRYPTO_STRINGS, -+ nil); err != nil { -+ close() -+ return err -+ } -+ osslHandle = handle -+ return nil -+} -+ -+// initForCheckVersion loads and initialize only the -+// functions required in [CheckVersion]. -+// It returns a close function that must be called to release the resources. -+// -+// This function modifies the vMajor, vMinor, and vPatch global variables as -+// well as other internal global variables that facilitate OpenSSL calls. -+// -+// If the function succeeds, calling the close function restores the previous -+// state of the global variables. If it fails, the global variables are restored -+// before returning. -+func initForCheckVersion(file string) (func(), error) { -+ prevMajor, prevMinor, prevPatch := vMajor, vMinor, vPatch -+ restoreVersion := func() { -+ vMajor, vMinor, vPatch = prevMajor, prevMinor, prevPatch -+ } -+ handle, close, err := openLibrary(file) -+ if err != nil { -+ restoreVersion() -+ return nil, err -+ } -+ initFuncs := func() (loadX func(unsafe.Pointer), unloadX func()) { -+ switch vMajor { -+ case 1: -+ loadX = ossl.MkcgoLoad_init_1 -+ unloadX = ossl.MkcgoUnload_init_1 -+ case 3: -+ loadX = ossl.MkcgoLoad_init_3 -+ unloadX = ossl.MkcgoUnload_init_3 -+ default: -+ // We shouldn't get here: openLibrary should have already returned an error. -+ panic(errUnsupportedVersion()) -+ } -+ return -+ } -+ loadX, unloadX := initFuncs() -+ loadX(handle) -+ return func() { -+ restoreVersion() -+ close() -+ unloadX() -+ if osslHandle != nil { -+ // If osslHandle is not nil, it means that the library was already loaded -+ // and initialized. In this case, we need to reload the functions from -+ // the original handle. -+ loadX, _ = initFuncs() -+ loadX(osslHandle) -+ } -+ }, nil -+} -+ -+// openLibrary loads and initialize the version of OpenSSL. -+// It returns the handle to the OpenSSL shared library -+// and a function that can be called to release the resources. -+func openLibrary(file string) (handle unsafe.Pointer, close func(), err error) { -+ vMajor, vMinor, vPatch = 0, 0, 0 -+ handle, err = dlopen(file) -+ if err != nil { -+ return nil, nil, err -+ } -+ // Retrieve the loaded OpenSSL version and check if it is supported. -+ // Notice that major and minor could not match with the version parameter -+ // in case the name of the shared library file differs from the OpenSSL -+ // version it contains. -+ ossl.MkcgoLoad_version(handle) -+ close = func() { -+ dlclose(handle) -+ if osslHandle == nil { -+ ossl.MkcgoUnload_version() -+ } else { -+ ossl.MkcgoLoad_version(osslHandle) -+ } -+ } -+ defer func() { -+ if err != nil { -+ close() -+ } -+ }() -+ -+ if ossl.OPENSSL_version_major_Available() && -+ ossl.OPENSSL_version_minor_Available() && -+ ossl.OPENSSL_version_patch_Available() { -+ // Likely OpenSSL 3 or later. -+ vMajor = uint(ossl.OPENSSL_version_major()) -+ vMinor = uint(ossl.OPENSSL_version_minor()) -+ vPatch = uint(ossl.OPENSSL_version_patch()) -+ } else if ossl.OpenSSL_version_num_Available() { -+ // Likely OpenSSL 1. -+ ver := ossl.OpenSSL_version_num() -+ vMajor = uint(ver >> 28) -+ vMinor = uint(ver >> 20 & 0xFF) -+ vPatch = uint(ver >> 12 & 0xFF) -+ } else { -+ return handle, nil, errors.New("openssl: version not available") -+ } -+ var supported bool -+ if vMajor == 1 { -+ supported = vMinor == 1 -+ } else if vMajor == 3 { -+ // OpenSSL guarantees API and ABI compatibility within the same major version since OpenSSL 3. -+ supported = true -+ } -+ if !supported { -+ return handle, nil, errUnsupportedVersion() -+ } -+ return handle, close, nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/init_unix.go b/src/vendor/github.com/golang-fips/openssl/v2/init_unix.go -new file mode 100644 -index 00000000000000..dbf5ac448fdf80 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/init_unix.go -@@ -0,0 +1,31 @@ -+//go:build unix && !cmd_go_bootstrap -+ -+package openssl -+ -+// #cgo LDFLAGS: -ldl -+// #include -+// #include -+import "C" -+import ( -+ "errors" -+ "unsafe" -+) -+ -+func dlopen(file string) (handle unsafe.Pointer, err error) { -+ cv := C.CString(file) -+ defer C.free(unsafe.Pointer(cv)) -+ handle = C.dlopen(cv, C.RTLD_LAZY|C.RTLD_LOCAL) -+ if handle == nil { -+ errstr := C.GoString(C.dlerror()) -+ return nil, errors.New("openssl: can't load " + file + ": " + errstr) -+ } -+ return handle, nil -+} -+ -+func dlclose(handle unsafe.Pointer) error { -+ if C.dlclose(handle) != 0 { -+ errstr := C.GoString(C.dlerror()) -+ return errors.New("openssl: can't close libcrypto: " + errstr) -+ } -+ return nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/init_windows.go b/src/vendor/github.com/golang-fips/openssl/v2/init_windows.go -new file mode 100644 -index 00000000000000..3778e21227abb9 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/init_windows.go -@@ -0,0 +1,36 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "syscall" -+ "unsafe" -+) -+ -+type dlopenError struct { -+ file string -+ err error -+} -+ -+func (e *dlopenError) Error() string { -+ return "openssl: can't load " + e.file + ": " + e.err.Error() -+} -+ -+func (e *dlopenError) Unwrap() error { -+ return e.err -+} -+ -+func dlopen(file string) (handle unsafe.Pointer, err error) { -+ // As Windows generally does not ship with a system OpenSSL library, let -+ // alone a FIPS 140 certified one, use the default library search order so -+ // that we preferentially load the DLL bundled with the application. -+ h, err := syscall.LoadLibrary(file) -+ if err != nil { -+ return nil, &dlopenError{file: file, err: err} -+ } -+ return unsafe.Pointer(h), nil -+} -+ -+func dlclose(handle unsafe.Pointer) error { -+ return syscall.FreeLibrary(syscall.Handle(handle)) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors.go -new file mode 100644 -index 00000000000000..68711f8e43d70f ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors.go -@@ -0,0 +1,119 @@ -+package ossl -+ -+/* -+#include // for calloc and free -+#include // for strdup -+#include "zossl.h" -+ -+// OpenSSL only allows a maximum of 16 errors to be stored in the error queue. -+#define ERR_NUM_MAX 16 -+ -+// ossl_err_state is a custom structure to hold the error state -+// of OpenSSL. -+typedef struct ossl_err_state_st { -+ unsigned long code[ERR_NUM_MAX]; -+ int line[ERR_NUM_MAX]; -+ char *file[ERR_NUM_MAX]; -+} ossl_err_state; -+ -+// mkcgo_err_retrieve retrieves the error state from OpenSSL. -+// It returns a pointer to a mkcgo_err_state structure -+// that contains the error codes, lines, and file names. -+// The caller is responsible for freeing the memory -+// by calling mkcgo_err_free. -+mkcgo_err_state mkcgo_err_retrieve() { -+ ossl_err_state *errs = (ossl_err_state *)calloc(1, sizeof(ossl_err_state)); -+ if (errs == NULL) return NULL; -+ -+ // Retrieve the errors from OpenSSL. -+ for (int i = 0; i < ERR_NUM_MAX; i++) { -+ const char *file; -+ if (_mkcgo_available_OPENSSL_version_major() == 1) { // Only available in OpenSSL 3. -+ // OpenSSL 3 error handling -+ errs->code[i] = _mkcgo_ERR_get_error_all(&file, &errs->line[i], NULL, NULL, NULL); -+ } else { -+ // OpenSSL 1 error handling -+ errs->code[i] = _mkcgo_ERR_get_error_line(&file, &errs->line[i]); -+ } -+ if (errs->code[i] == 0) { -+ break; -+ } -+ if (file != NULL) { -+ // Copy the file name as the pointer we just retrieved will be freed by OpenSSL -+ // when the error queue is cleared. -+ errs->file[i] = strdup(file); -+ } -+ } -+ return errs; -+} -+ -+// mkcgo_err_free frees the memory allocated for the mkcgo_err_state structure. -+void mkcgo_err_free(mkcgo_err_state errs) { -+ if (errs == NULL) return; -+ -+ ossl_err_state *oerrs = (ossl_err_state *)errs; -+ for (int i = 0; i < ERR_NUM_MAX; i++) { -+ if (oerrs->file[i] != NULL) { -+ free((void *)oerrs->file[i]); -+ } -+ } -+ free(errs); -+} -+*/ -+import "C" -+import ( -+ "bytes" -+ "errors" -+ "strconv" -+ "strings" -+ "unsafe" -+) -+ -+// newMkcgoErr creates a new error from the given mkcgo_err_state -+// and frees the state. If errst is nil, it returns nil. -+func newMkcgoErr(msg string, errst C.mkcgo_err_state) error { -+ if errst == nil { -+ return nil -+ } -+ defer C.mkcgo_err_free(errst) -+ oerrst := (*C.ossl_err_state)(unsafe.Pointer(errst)) -+ var b strings.Builder -+ b.WriteString(msg) -+ b.WriteString("\nopenssl error(s):") -+ for i := range C.ERR_NUM_MAX { -+ e := uint32(oerrst.code[i]) -+ if e == 0 { -+ break -+ } -+ b.WriteByte('\n') -+ var buf [256]byte -+ ERR_error_string_n(e, unsafe.SliceData(buf[:]), len(buf)) -+ if termIdx := bytes.IndexByte(buf[:], 0); termIdx != -1 { -+ b.Write(buf[:termIdx]) -+ } else { -+ b.Write(buf[:]) -+ } -+ if oerrst.file[i] == nil { -+ // info not available -+ continue -+ } -+ b.WriteString("\n\t") -+ b.Write(cstrBytes(oerrst.file[i])) -+ b.WriteByte(':') -+ b.WriteString(strconv.Itoa(int(oerrst.line[i]))) -+ } -+ return errors.New(b.String()) -+} -+ -+// cstrBytes returns a byte slice containing the contents of the C string -+// pointed to by p. The slice does not include the terminating null byte. -+func cstrBytes(p *C.char) []byte { -+ if p == nil { -+ return nil -+ } -+ end := unsafe.Pointer(p) -+ for *(*byte)(end) != 0 { -+ end = unsafe.Add(end, 1) -+ } -+ return unsafe.Slice((*byte)(unsafe.Pointer(p)), uintptr(end)-uintptr(unsafe.Pointer(p))) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/ossl.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/ossl.go -new file mode 100644 -index 00000000000000..e0d0b8e8bd8cf3 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/ossl.go -@@ -0,0 +1,81 @@ -+// Package ossl provides a Go interface to OpenSSL. -+package ossl -+ -+//go:generate go run ../../cmd/mkcgo -out zossl.go -package ossl shims.h -+ -+/* -+#include "zossl.h" -+// go_hash_sum copies ctx into ctx2 and calls EVP_DigestFinal_ex using ctx2. -+// This is necessary because Go hash.Hash mandates that Sum has no effect -+// on the underlying stream. In particular it is OK to Sum, then Write more, -+// then Sum again, and the second Sum acts as if the first didn't happen. -+// It is written in C because Sum() tend to be in the hot path, -+// and doing one cgo call instead of two is a significant performance win. -+static inline int -+go_hash_sum(const _EVP_MD_CTX_PTR ctx, _EVP_MD_CTX_PTR ctx2, unsigned char *out, mkcgo_err_state *_err_state) -+{ -+ if (_mkcgo_EVP_MD_CTX_copy(ctx2, ctx, _err_state) != 1) -+ return -1; -+ if (_mkcgo_EVP_DigestFinal_ex(ctx2, out, NULL, _err_state) <= 0) -+ return -2; -+ return 1; -+} -+*/ -+import "C" -+import ( -+ "unsafe" -+) -+ -+func HashSum(ctx1, ctx2 EVP_MD_CTX_PTR, out []byte) error { -+ var errst C.mkcgo_err_state -+ if code := C.go_hash_sum(ctx1, ctx2, (*C.uchar)(unsafe.SliceData(out)), mkcgoNoEscape(&errst)); code != 1 { -+ msg := "go_hash_sum" -+ switch code { -+ case -1: -+ msg = "EVP_MD_CTX_copy" -+ case -2: -+ msg = "EVP_DigestFinal_ex" -+ } -+ return newMkcgoErr(msg, errst) -+ } -+ return nil -+} -+ -+const _OSSL_PARAM_UNMODIFIED uint = uint(^uintptr(0)) -+ -+// OSSL_PARAM is a structure to pass or request object parameters. -+// https://docs.openssl.org/3.0/man3/OSSL_PARAM/. -+type OSSL_PARAM struct { -+ Key *byte -+ DataType uint32 -+ Data unsafe.Pointer -+ DataSize uint -+ ReturnSize uint -+} -+ -+func ossl_param_construct(key *byte, dataType uint32, data unsafe.Pointer, dataSize int) OSSL_PARAM { -+ return OSSL_PARAM{ -+ Key: key, -+ DataType: dataType, -+ Data: data, -+ DataSize: uint(dataSize), -+ ReturnSize: _OSSL_PARAM_UNMODIFIED, -+ } -+} -+ -+func OSSL_PARAM_construct_octet_string(key *byte, data unsafe.Pointer, dataSize int) OSSL_PARAM { -+ return ossl_param_construct(key, OSSL_PARAM_OCTET_STRING, data, dataSize) -+} -+ -+func OSSL_PARAM_construct_int32(key *byte, data *int32) OSSL_PARAM { -+ return ossl_param_construct(key, OSSL_PARAM_INTEGER, unsafe.Pointer(data), 4) -+} -+ -+func OSSL_PARAM_construct_end() OSSL_PARAM { -+ return OSSL_PARAM{} -+} -+ -+func OSSL_PARAM_modified(param *OSSL_PARAM) bool { -+ // If ReturnSize is not set, the parameter has not been modified. -+ return param != nil && param.ReturnSize != _OSSL_PARAM_UNMODIFIED -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/shims.h b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/shims.h -new file mode 100644 -index 00000000000000..5790defeb6eb55 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/shims.h -@@ -0,0 +1,399 @@ -+// This header file is used by the mkcgo tool to generate cgo and Go bindings for the -+// OpenSSL C API. Run "go generate ." to regenerate the bindings. -+// Do not include this file, import "zossl.h" instead. -+ -+#ifndef _GO_OSSL_SHIMS_H // only include this header once -+#define _GO_OSSL_SHIMS_H -+ -+#include // size_t -+#include // uint64_t -+ -+// The following includes are used by the checkheader tool. -+// #include -+// #include -+// #include -+// #include -+// #include -+// #include -+// #include -+// #include -+// #include -+// #include -+// #if OPENSSL_VERSION_NUMBER >= 0x30000000L -+// #include -+// #include -+// #include -+// #include -+// #endif -+// #if OPENSSL_VERSION_NUMBER < 0x10100000L -+// #include -+// #endif -+ -+enum { -+ _POINT_CONVERSION_UNCOMPRESSED = 4, -+ -+ _OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002, -+ _OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004, -+ _OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008, -+ _OPENSSL_INIT_LOAD_CONFIG = 0x00000040, -+ -+ _EVP_CTRL_GCM_GET_TAG = 0x10, -+ _EVP_CTRL_GCM_SET_TAG = 0x11, -+ _EVP_PKEY_CTRL_MD = 1, -+ _EVP_PKEY_RSA = 6, -+ _EVP_PKEY_EC = 408, -+ _EVP_PKEY_TLS1_PRF = 1021, -+ _EVP_PKEY_HKDF = 1036, -+ _EVP_PKEY_ED25519 = 1087, -+ _EVP_PKEY_DSA = 116, -+ _EVP_PKEY_OP_DERIVE = (1 << 10), // this value differs between OpenSSL 1 and 3, but we only use it in 1 -+ _EVP_MAX_MD_SIZE = 64, -+ -+ _EVP_PKEY_PUBLIC_KEY = 0x86, -+ _EVP_PKEY_KEYPAIR = 0x87, -+ -+ _EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001, -+ -+ _EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1, -+ _EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2, -+ -+ _EVP_PKEY_CTRL_TLS_MD = 0x1000, -+ _EVP_PKEY_CTRL_TLS_SECRET = 0x1001, -+ _EVP_PKEY_CTRL_TLS_SEED = 0x1002, -+ _EVP_PKEY_CTRL_HKDF_MD = 0x1003, -+ _EVP_PKEY_CTRL_HKDF_SALT = 0x1004, -+ _EVP_PKEY_CTRL_HKDF_KEY = 0x1005, -+ _EVP_PKEY_CTRL_HKDF_INFO = 0x1006, -+ _EVP_PKEY_CTRL_HKDF_MODE = 0x1007, -+ -+ _NID_X9_62_prime256v1 = 415, -+ _NID_secp224r1 = 713, -+ _NID_secp384r1 = 715, -+ _NID_secp521r1 = 716, -+ -+ _RSA_PKCS1_PADDING = 1, -+ _RSA_NO_PADDING = 3, -+ _RSA_PKCS1_OAEP_PADDING = 4, -+ _RSA_PKCS1_PSS_PADDING = 6, -+ _RSA_PSS_SALTLEN_DIGEST = -1, -+ _RSA_PSS_SALTLEN_AUTO = -2, -+ _RSA_PSS_SALTLEN_MAX_SIGN = -2, -+ _RSA_PSS_SALTLEN_MAX = -3, -+ _EVP_PKEY_CTRL_RSA_PADDING = 0x1001, -+ _EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002, -+ _EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003, -+ _EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005, -+ _EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009, -+ _EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A, -+ _EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001, -+ _EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002, -+ -+ _OSSL_PARAM_INTEGER = 1, -+ _OSSL_PARAM_OCTET_STRING = 5, -+}; -+ -+typedef void* _OPENSSL_INIT_SETTINGS_PTR; -+typedef void* _OSSL_LIB_CTX_PTR; -+typedef void* _OSSL_PROVIDER_PTR; -+typedef void* _ENGINE_PTR; -+typedef void* _EVP_PKEY_PTR; -+typedef void* _EVP_PKEY_CTX_PTR; -+typedef void* _EVP_MD_PTR; -+typedef void* _EVP_MD_CTX_PTR; -+typedef void* _HMAC_CTX_PTR; -+typedef void* _EVP_CIPHER_PTR; -+typedef void* _EVP_CIPHER_CTX_PTR; -+typedef void* _EC_KEY_PTR; -+typedef void* _EC_POINT_PTR; -+typedef void* _EC_GROUP_PTR; -+typedef void* _RSA_PTR; -+typedef void* _BIGNUM_PTR; -+typedef void* _BN_CTX_PTR; -+typedef void* _EVP_MAC_PTR; -+typedef void* _EVP_MAC_CTX_PTR; -+typedef void* _OSSL_PARAM_BLD_PTR; -+typedef void* _OSSL_PARAM_PTR; -+typedef void* _EVP_SIGNATURE_PTR; -+typedef void* _DSA_PTR; -+typedef void* _EVP_KDF_PTR; -+typedef void* _EVP_KDF_CTX_PTR; -+typedef int point_conversion_form_t; -+ -+// Tags used by mkcgo to determine which OpenSSL version each function is available in: -+// - no tag: OpenSSL 1.0 or later -+// - legacy_1: Only OpenSSL 1 -+// - 3: OpenSSL 3.0 or later -+// - 111: OpenSSL 1.1.1 or later -+ -+// The noescape/nocallback attributes are performance optimizations. -+// Only add functions that have been observed to benefit from these -+// directives, not every function that is merely expected to meet -+// the noescape/nocallback criteria. -+ -+// ERR API -+void ERR_error_string_n(unsigned long e, char *buf, size_t len); -+void ERR_clear_error(void) __attribute__((tag(""),tag("init_3"))); -+unsigned long ERR_get_error_line(const char **file, int *line) __attribute__((tag("legacy_1"),noerror)); -+unsigned long ERR_get_error_all(const char **file, int *line, const char **func, const char **data, int *flags) __attribute__((tag("3"),noerror)); -+ -+// OPENSSL API -+const char *OpenSSL_version(int type) __attribute__((noerror)); -+void OPENSSL_init(void); -+int OPENSSL_init_crypto(uint64_t ops, const _OPENSSL_INIT_SETTINGS_PTR settings); -+unsigned long OpenSSL_version_num(void) __attribute__((tag("version"),optional,noerror)); -+unsigned int OPENSSL_version_major(void) __attribute__((tag("version"),optional,noerror)); -+unsigned int OPENSSL_version_minor(void) __attribute__((tag("version"),optional,noerror)); -+unsigned int OPENSSL_version_patch(void) __attribute__((tag("version"),optional,noerror)); -+ -+// CRYPTO API -+void *CRYPTO_malloc(size_t num, const char *file, int line); -+void CRYPTO_free(void *str, const char *file, int line); -+ -+// FIPS API -+int FIPS_mode(void) __attribute__((tag("legacy_1"),tag("init_1"),noerror)); -+int FIPS_mode_set(int r) __attribute__((tag("legacy_1"),tag("init_1"))); -+ -+// EVP Config API -+int EVP_default_properties_is_fips_enabled(_OSSL_LIB_CTX_PTR libctx) __attribute__((tag("3"),tag("init_3"),noerror)); -+int EVP_default_properties_enable_fips(_OSSL_LIB_CTX_PTR libctx, int enable) __attribute__((tag("3"))); -+ -+// OSSL_PROVIDER API -+int OSSL_PROVIDER_available(_OSSL_LIB_CTX_PTR libctx, const char *name) __attribute__((tag("3"),noerror)); -+_OSSL_PROVIDER_PTR OSSL_PROVIDER_try_load(_OSSL_LIB_CTX_PTR libctx, const char *name, int retain_fallbacks) __attribute__((tag("3"))); -+const char *OSSL_PROVIDER_get0_name(const _OSSL_PROVIDER_PTR prov) __attribute__((tag("3"),noerror)); -+ -+// RAND API -+int RAND_bytes(unsigned char *arg0, int arg1) __attribute__((noescape,nocallback)); -+ -+// EVP_MD API -+_EVP_MD_PTR EVP_MD_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"),tag("init_3"))); -+void EVP_MD_free(_EVP_MD_PTR md) __attribute__((tag("3"),tag("init_3"))); -+const char *EVP_MD_get0_name(const _EVP_MD_PTR md) __attribute__((tag("3"),noerror)); -+int EVP_MD_get_type(const _EVP_MD_PTR md) __attribute__((tag("3"),noerror)); -+const _OSSL_PROVIDER_PTR EVP_MD_get0_provider(const _EVP_MD_PTR md) __attribute__((tag("3"),tag("init_3"),noerror)); -+int EVP_MD_get_size(const _EVP_MD_PTR md) __attribute__((tag("3"),tag("legacy_1","EVP_MD_size"),noerror)); -+int EVP_MD_get_block_size(const _EVP_MD_PTR md) __attribute__((tag("3"),tag("legacy_1","EVP_MD_block_size"),noerror)); -+const _EVP_MD_PTR EVP_md5_sha1(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_ripemd160(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_md4(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_md5(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha1(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha224(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha256(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha384(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha512(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha512_224(void) __attribute__((tag("111"),noerror)); -+const _EVP_MD_PTR EVP_sha512_256(void) __attribute__((tag("111"),noerror)); -+const _EVP_MD_PTR EVP_sha3_224(void) __attribute__((tag("111"),noerror)); -+const _EVP_MD_PTR EVP_sha3_256(void) __attribute__((tag("111"),noerror)); -+const _EVP_MD_PTR EVP_sha3_384(void) __attribute__((tag("111"),noerror)); -+const _EVP_MD_PTR EVP_sha3_512(void) __attribute__((tag("111"),noerror)); -+ -+_EVP_MD_CTX_PTR EVP_MD_CTX_new(void); -+void EVP_MD_CTX_free(_EVP_MD_CTX_PTR ctx); -+int EVP_MD_CTX_copy(_EVP_MD_CTX_PTR out, const _EVP_MD_CTX_PTR in) __attribute__((noescape,nocallback)); -+int EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR out, const _EVP_MD_CTX_PTR in); -+const _OSSL_PARAM_PTR EVP_MD_CTX_gettable_params(_EVP_MD_CTX_PTR ctx) __attribute__((tag("3"))); -+const _OSSL_PARAM_PTR EVP_MD_CTX_settable_params(_EVP_MD_CTX_PTR ctx) __attribute__((tag("3"))); -+int EVP_MD_CTX_get_params(_EVP_MD_CTX_PTR ctx, _OSSL_PARAM_PTR params) __attribute__((tag("3"))); -+int EVP_MD_CTX_set_params(_EVP_MD_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); -+int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const _EVP_MD_PTR type, _ENGINE_PTR impl) __attribute__((noescape,nocallback,nocheckptr("data"))); -+int EVP_DigestInit_ex(_EVP_MD_CTX_PTR ctx, const _EVP_MD_PTR type, _ENGINE_PTR impl); -+int EVP_DigestInit(_EVP_MD_CTX_PTR ctx, const _EVP_MD_PTR type); -+int EVP_DigestUpdate(_EVP_MD_CTX_PTR ctx, const void *d, size_t cnt) __attribute__((noescape,nocallback,nocheckptr("d"))); -+int EVP_DigestFinal_ex(_EVP_MD_CTX_PTR ctx, unsigned char *md, unsigned int *s) __attribute__((noescape,nocallback)); -+int EVP_DigestSign(_EVP_MD_CTX_PTR ctx, unsigned char *sigret, size_t *siglen, const unsigned char *tbs, size_t tbslen) __attribute__((tag("111"),noescape,nocallback)); -+int EVP_DigestSignInit(_EVP_MD_CTX_PTR ctx, _EVP_PKEY_CTX_PTR *pctx, const _EVP_MD_PTR type, _ENGINE_PTR e, _EVP_PKEY_PTR pkey); -+int EVP_DigestSignFinal(_EVP_MD_CTX_PTR ctx, unsigned char *sig, size_t *siglen); -+int EVP_DigestVerifyInit(_EVP_MD_CTX_PTR ctx, _EVP_PKEY_CTX_PTR *pctx, const _EVP_MD_PTR type, _ENGINE_PTR e, _EVP_PKEY_PTR pkey); -+int EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR ctx, const unsigned char *sig, size_t siglen); -+int EVP_DigestVerify(_EVP_MD_CTX_PTR ctx, const unsigned char *sigret, size_t siglen, const unsigned char *tbs, size_t tbslen) __attribute__((tag("111"))); -+ -+// HMAC API -+int HMAC_Init_ex(_HMAC_CTX_PTR arg0, const void *arg1, int arg2, const _EVP_MD_PTR arg3, _ENGINE_PTR arg4) __attribute__((tag("legacy_1"))); -+int HMAC_Update(_HMAC_CTX_PTR arg0, const unsigned char *arg1, size_t arg2) __attribute__((tag("legacy_1"))); -+int HMAC_Final(_HMAC_CTX_PTR arg0, unsigned char *arg1, unsigned int *arg2) __attribute__((tag("legacy_1"))); -+ -+_HMAC_CTX_PTR HMAC_CTX_new(void) __attribute__((tag("legacy_1"))); -+int HMAC_CTX_copy(_HMAC_CTX_PTR dest, _HMAC_CTX_PTR src) __attribute__((tag("legacy_1"))); -+void HMAC_CTX_free(_HMAC_CTX_PTR arg0) __attribute__((tag("legacy_1"))); -+ -+// EVP_CIPHER API -+_EVP_CIPHER_PTR EVP_CIPHER_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); -+const char *EVP_CIPHER_get0_name(const _EVP_CIPHER_PTR cipher) __attribute__((tag("3"),noerror)); -+const _EVP_CIPHER_PTR EVP_aes_128_gcm(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_128_cbc(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_128_ctr(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_128_ecb(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_192_gcm(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_192_cbc(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_192_ctr(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_192_ecb(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_256_cbc(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_256_ctr(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_256_ecb(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_256_gcm(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_des_ecb(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_des_cbc(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_des_ede3_ecb(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_des_ede3_cbc(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_rc4(void) __attribute__((noerror)); -+int EVP_CIPHER_get_block_size(const _EVP_CIPHER_PTR cipher) __attribute__((tag("3"),tag("legacy_1","EVP_CIPHER_block_size"),noerror)); -+ -+_EVP_CIPHER_CTX_PTR EVP_CIPHER_CTX_new(void); -+int EVP_CIPHER_CTX_set_padding(_EVP_CIPHER_CTX_PTR x, int padding); -+int EVP_CIPHER_CTX_set_key_length(_EVP_CIPHER_CTX_PTR x, int keylen); -+void EVP_CIPHER_CTX_free(_EVP_CIPHER_CTX_PTR arg0); -+int EVP_CIPHER_CTX_ctrl(_EVP_CIPHER_CTX_PTR ctx, int type, int arg, void *ptr); -+int EVP_CipherInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv, int enc); -+int EVP_CipherUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) __attribute__((noescape,nocallback)); -+int EVP_EncryptInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv); -+int EVP_EncryptUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) __attribute__((noescape,nocallback)); -+int EVP_EncryptFinal_ex(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl) __attribute__((noescape,nocallback)); -+int EVP_DecryptInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv); -+int EVP_DecryptUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) __attribute__((noescape,nocallback)); -+int EVP_DecryptFinal_ex(_EVP_CIPHER_CTX_PTR ctx, unsigned char *outm, int *outl) __attribute__((noescape,nocallback)); -+ -+// EVP_PKEY API -+_EVP_PKEY_PTR EVP_PKEY_new(void); -+_EVP_PKEY_PTR EVP_PKEY_new_raw_private_key(int type, _ENGINE_PTR e, const unsigned char *key, size_t keylen) __attribute__((tag("111"))); -+_EVP_PKEY_PTR EVP_PKEY_new_raw_public_key(int type, _ENGINE_PTR e, const unsigned char *key, size_t keylen) __attribute__((tag("111"))); -+int EVP_PKEY_get_size(const _EVP_PKEY_PTR pkey) __attribute__((tag("3"),tag("legacy_1","EVP_PKEY_size"))); -+int EVP_PKEY_get_bits(const _EVP_PKEY_PTR pkey) __attribute__((tag("3"),tag("legacy_1","EVP_PKEY_bits"))); -+void EVP_PKEY_free(_EVP_PKEY_PTR arg0); -+_RSA_PTR EVP_PKEY_get1_RSA(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); -+int EVP_PKEY_assign(_EVP_PKEY_PTR pkey, int type, void *key) __attribute__((tag("legacy_1"))); -+_EC_KEY_PTR EVP_PKEY_get0_EC_KEY(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); -+_DSA_PTR EVP_PKEY_get0_DSA(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); -+int EVP_PKEY_set1_encoded_public_key(_EVP_PKEY_PTR pkey, const unsigned char *pub, size_t publen) __attribute__((tag("3"))); -+size_t EVP_PKEY_get1_encoded_public_key(_EVP_PKEY_PTR pkey, unsigned char **ppub) __attribute__((tag("3"))); -+int EVP_PKEY_get_bn_param(const _EVP_PKEY_PTR pkey, const char *key_name, _BIGNUM_PTR *bn) __attribute__((tag("3"))); -+int EVP_PKEY_up_ref(_EVP_PKEY_PTR key) __attribute__((tag("3"))); -+int EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR pkey, _EC_KEY_PTR key) __attribute__((tag("legacy_1"))); -+int EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR ctx, void *label, int len) __attribute__((tag("3"))); -+int EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR pkey, unsigned char *pub, size_t *len) __attribute__((tag("111"),noescape,nocallback)); -+int EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR pkey, unsigned char *priv, size_t *len) __attribute__((tag("111"),noescape,nocallback)); -+int EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); -+int EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *pkey, int selection, _OSSL_PARAM_PTR params) __attribute__((tag("3"))); -+int EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR ctx); -+int EVP_PKEY_paramgen(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *ppkey); -+int EVP_PKEY_keygen_init(_EVP_PKEY_CTX_PTR ctx); -+int EVP_PKEY_keygen(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *ppkey); -+int EVP_PKEY_decrypt(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4); -+int EVP_PKEY_encrypt(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4); -+int EVP_PKEY_decrypt_init(_EVP_PKEY_CTX_PTR arg0); -+int EVP_PKEY_encrypt_init(_EVP_PKEY_CTX_PTR arg0); -+int EVP_PKEY_sign_init(_EVP_PKEY_CTX_PTR arg0); -+int EVP_PKEY_verify_init(_EVP_PKEY_CTX_PTR arg0); -+int EVP_PKEY_sign(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4); -+int EVP_PKEY_verify(_EVP_PKEY_CTX_PTR ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen); -+int EVP_PKEY_derive_init(_EVP_PKEY_CTX_PTR ctx); -+int EVP_PKEY_derive_set_peer(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR peer); -+int EVP_PKEY_derive(_EVP_PKEY_CTX_PTR ctx, unsigned char *key, size_t *keylen) __attribute__((noescape,nocallback)); -+int EVP_PKEY_public_check_quick(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); -+int EVP_PKEY_private_check(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); -+_EVP_PKEY_PTR EVP_PKEY_Q_keygen(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, ...) __attribute__((tag("3"))); -+_EVP_PKEY_PTR EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, size_t arg1) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"))); -+_EVP_PKEY_PTR EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, const char *arg1) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"))); -+_EVP_PKEY_PTR EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"))); -+ -+_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new(_EVP_PKEY_PTR arg0, _ENGINE_PTR arg1); -+_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new_id(int id, _ENGINE_PTR e); -+_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR libctx, _EVP_PKEY_PTR pkey, const char *propquery) __attribute__((tag("3"))); -+void EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR arg0); -+int EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR ctx, int keytype, int optype, int cmd, int p1, void *p2); -+int EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR arg0, int arg1) __attribute__((tag("3"))); -+int EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR arg0, const _EVP_MD_PTR arg1) __attribute__((tag("3"))); -+int EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"))); -+int EVP_PKEY_CTX_set1_hkdf_key(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"))); -+int EVP_PKEY_CTX_add1_hkdf_info(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"))); -+ -+// RSA API -+_RSA_PTR RSA_new(void) __attribute__((tag("legacy_1"))); -+void RSA_free(_RSA_PTR arg0) __attribute__((tag("legacy_1"))); -+void RSA_get0_factors(const _RSA_PTR rsa, const _BIGNUM_PTR *p, const _BIGNUM_PTR *q) __attribute__((tag("legacy_1"),noerror)); -+int RSA_set0_factors(_RSA_PTR rsa, _BIGNUM_PTR p, _BIGNUM_PTR q) __attribute__((tag("legacy_1"))); -+void RSA_get0_crt_params(const _RSA_PTR r, const _BIGNUM_PTR *dmp1, const _BIGNUM_PTR *dmq1, const _BIGNUM_PTR *iqmp) __attribute__((tag("legacy_1"),noerror)); -+int RSA_set0_crt_params(_RSA_PTR rsa, _BIGNUM_PTR dmp1, _BIGNUM_PTR dmp2, _BIGNUM_PTR iqmp) __attribute__((tag("legacy_1"))); -+void RSA_get0_key(const _RSA_PTR rsa, const _BIGNUM_PTR *n, const _BIGNUM_PTR *e, const _BIGNUM_PTR *d) __attribute__((tag("legacy_1"),noerror)); -+int RSA_set0_key(_RSA_PTR r, _BIGNUM_PTR n, _BIGNUM_PTR e, _BIGNUM_PTR d) __attribute__((tag("legacy_1"))); -+ -+// BIGNUM API -+_BIGNUM_PTR BN_new(void); -+void BN_free(_BIGNUM_PTR arg0); -+void BN_clear(_BIGNUM_PTR arg0); -+void BN_clear_free(_BIGNUM_PTR arg0); -+int BN_num_bits(const _BIGNUM_PTR arg0) __attribute__((noerror)); -+_BIGNUM_PTR BN_bin2bn(const unsigned char *arg0, int arg1, _BIGNUM_PTR arg2); -+_BIGNUM_PTR BN_lebin2bn(const unsigned char *s, int len, _BIGNUM_PTR ret); -+int BN_bn2lebinpad(const _BIGNUM_PTR a, unsigned char *to, int tolen) __attribute__((errcond("== -1"))); -+int BN_bn2binpad(const _BIGNUM_PTR a, unsigned char *to, int tolen) __attribute__((errcond("== -1"))); -+ -+// EC API -+int EC_KEY_set_public_key_affine_coordinates(_EC_KEY_PTR key, _BIGNUM_PTR x, _BIGNUM_PTR y) __attribute__((tag("legacy_1"))); -+int EC_KEY_set_public_key(_EC_KEY_PTR key, const _EC_POINT_PTR pub) __attribute__((tag("legacy_1"))); -+void EC_KEY_free(_EC_KEY_PTR arg0) __attribute__((tag("legacy_1"))); -+const _EC_GROUP_PTR EC_KEY_get0_group(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"),noerror)); -+const _BIGNUM_PTR EC_KEY_get0_private_key(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"),noerror)); -+const _EC_POINT_PTR EC_KEY_get0_public_key(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"),noerror)); -+_EC_KEY_PTR EC_KEY_new_by_curve_name(int arg0) __attribute__((tag("legacy_1"))); -+int EC_KEY_set_private_key(_EC_KEY_PTR arg0, const _BIGNUM_PTR arg1) __attribute__((tag("legacy_1"))); -+int EC_KEY_check_key(const _EC_KEY_PTR key) __attribute__((tag("legacy_1"))); -+_EC_POINT_PTR EC_POINT_new(const _EC_GROUP_PTR arg0); -+void EC_POINT_free(_EC_POINT_PTR arg0); -+int EC_POINT_mul(const _EC_GROUP_PTR group, _EC_POINT_PTR r, const _BIGNUM_PTR n, const _EC_POINT_PTR q, const _BIGNUM_PTR m, _BN_CTX_PTR ctx); -+int EC_POINT_get_affine_coordinates_GFp(const _EC_GROUP_PTR arg0, const _EC_POINT_PTR arg1, _BIGNUM_PTR arg2, _BIGNUM_PTR arg3, _BN_CTX_PTR arg4) __attribute__((tag("legacy_1"))); -+int EC_POINT_set_affine_coordinates(const _EC_GROUP_PTR arg0, _EC_POINT_PTR arg1, const _BIGNUM_PTR arg2, const _BIGNUM_PTR arg3, _BN_CTX_PTR arg4) __attribute__((tag("3"))); -+size_t EC_POINT_point2oct(const _EC_GROUP_PTR group, const _EC_POINT_PTR p, point_conversion_form_t form, unsigned char *buf, size_t len, _BN_CTX_PTR ctx); -+int EC_POINT_oct2point(const _EC_GROUP_PTR group, _EC_POINT_PTR p, const unsigned char *buf, size_t len, _BN_CTX_PTR ctx); -+_EC_GROUP_PTR EC_GROUP_new_by_curve_name(int nid); -+void EC_GROUP_free(_EC_GROUP_PTR group); -+ -+// EVP_MAC API -+_EVP_MAC_PTR EVP_MAC_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); -+_EVP_MAC_CTX_PTR EVP_MAC_CTX_new(_EVP_MAC_PTR arg0) __attribute__((tag("3"))); -+int EVP_MAC_CTX_set_params(_EVP_MAC_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); -+void EVP_MAC_CTX_free(_EVP_MAC_CTX_PTR arg0) __attribute__((tag("3"))); -+_EVP_MAC_CTX_PTR EVP_MAC_CTX_dup(const _EVP_MAC_CTX_PTR arg0) __attribute__((tag("3"))); -+int EVP_MAC_init(_EVP_MAC_CTX_PTR ctx, const unsigned char *key, size_t keylen, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); -+int EVP_MAC_update(_EVP_MAC_CTX_PTR ctx, const unsigned char *data, size_t datalen) __attribute__((tag("3"))); -+int EVP_MAC_final(_EVP_MAC_CTX_PTR ctx, unsigned char *out, size_t *outl, size_t outsize) __attribute__((tag("3"))); -+ -+// OSSL_PARAM API -+void OSSL_PARAM_free(_OSSL_PARAM_PTR p) __attribute__((tag("3"))); -+const _OSSL_PARAM_PTR OSSL_PARAM_locate_const(const _OSSL_PARAM_PTR p, const char *key) __attribute__((tag("3"))); -+_OSSL_PARAM_BLD_PTR OSSL_PARAM_BLD_new(void) __attribute__((tag("3"))); -+void OSSL_PARAM_BLD_free(_OSSL_PARAM_BLD_PTR bld) __attribute__((tag("3"))); -+_OSSL_PARAM_PTR OSSL_PARAM_BLD_to_param(_OSSL_PARAM_BLD_PTR bld) __attribute__((tag("3"))); -+int OSSL_PARAM_BLD_push_utf8_string(_OSSL_PARAM_BLD_PTR bld, const char *key, const char *buf, size_t bsize) __attribute__((tag("3"))); -+int OSSL_PARAM_BLD_push_octet_string(_OSSL_PARAM_BLD_PTR bld, const char *key, const void *buf, size_t bsize) __attribute__((tag("3"))); -+int OSSL_PARAM_BLD_push_BN(_OSSL_PARAM_BLD_PTR bld, const char *key, const _BIGNUM_PTR bn) __attribute__((tag("3"))); -+int OSSL_PARAM_BLD_push_int32(_OSSL_PARAM_BLD_PTR bld, const char *key, int32_t num) __attribute__((tag("3"))); -+ -+// EVP_SIGNATURE API -+_EVP_SIGNATURE_PTR EVP_SIGNATURE_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); -+void EVP_SIGNATURE_free(_EVP_SIGNATURE_PTR signature) __attribute__((tag("3"))); -+ -+// DSA API -+_DSA_PTR DSA_new(void) __attribute__((tag("legacy_1"))); -+void DSA_free(_DSA_PTR r) __attribute__((tag("legacy_1"))); -+int DSA_generate_key(_DSA_PTR a) __attribute__((tag("legacy_1"))); -+void DSA_get0_pqg(const _DSA_PTR d, const _BIGNUM_PTR *p, const _BIGNUM_PTR *q, const _BIGNUM_PTR *g) __attribute__((tag("legacy_1"))); -+int DSA_set0_pqg(_DSA_PTR d, _BIGNUM_PTR p, _BIGNUM_PTR q, _BIGNUM_PTR g) __attribute__((tag("legacy_1"))); -+void DSA_get0_key(const _DSA_PTR d, const _BIGNUM_PTR *pub_key, const _BIGNUM_PTR *priv_key) __attribute__((tag("legacy_1"))); -+int DSA_set0_key(_DSA_PTR d, _BIGNUM_PTR pub_key, _BIGNUM_PTR priv_key) __attribute__((tag("legacy_1"))); -+ -+// EVP_KDF API -+_EVP_KDF_PTR EVP_KDF_fetch(_OSSL_LIB_CTX_PTR libctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); -+void EVP_KDF_free(_EVP_KDF_PTR kdf) __attribute__((tag("3"))); -+_EVP_KDF_CTX_PTR EVP_KDF_CTX_new(_EVP_KDF_PTR kdf) __attribute__((tag("3"))); -+int EVP_KDF_CTX_set_params(_EVP_KDF_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); -+void EVP_KDF_CTX_free(_EVP_KDF_CTX_PTR ctx) __attribute__((tag("3"))); -+size_t EVP_KDF_CTX_get_kdf_size(_EVP_KDF_CTX_PTR ctx) __attribute__((tag("3"))); -+int EVP_KDF_derive(_EVP_KDF_CTX_PTR ctx, unsigned char *key, size_t keylen, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); -+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, const _EVP_MD_PTR digest, int keylen, unsigned char *out); -+ -+// OBJ API -+const char *OBJ_nid2sn(int n) __attribute__((noerror)); -+ -+#endif // _GO_OSSL_SHIMS_H -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.c b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.c -new file mode 100644 -index 00000000000000..8124dfd70a22e3 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.c -@@ -0,0 +1,1924 @@ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+#include -+#include -+#include -+#include -+#include "zossl.h" -+ -+#ifdef _WIN32 -+#include -+#define dlsym GetProcAddress -+#else -+#include -+#endif -+ -+_BIGNUM_PTR (*_g_BN_bin2bn)(const unsigned char*, int, _BIGNUM_PTR); -+int (*_g_BN_bn2binpad)(const _BIGNUM_PTR, unsigned char*, int); -+int (*_g_BN_bn2lebinpad)(const _BIGNUM_PTR, unsigned char*, int); -+void (*_g_BN_clear)(_BIGNUM_PTR); -+void (*_g_BN_clear_free)(_BIGNUM_PTR); -+void (*_g_BN_free)(_BIGNUM_PTR); -+_BIGNUM_PTR (*_g_BN_lebin2bn)(const unsigned char*, int, _BIGNUM_PTR); -+_BIGNUM_PTR (*_g_BN_new)(void); -+int (*_g_BN_num_bits)(const _BIGNUM_PTR); -+void (*_g_CRYPTO_free)(void*, const char*, int); -+void* (*_g_CRYPTO_malloc)(size_t, const char*, int); -+void (*_g_DSA_free)(_DSA_PTR); -+int (*_g_DSA_generate_key)(_DSA_PTR); -+void (*_g_DSA_get0_key)(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+void (*_g_DSA_get0_pqg)(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+_DSA_PTR (*_g_DSA_new)(void); -+int (*_g_DSA_set0_key)(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR); -+int (*_g_DSA_set0_pqg)(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR); -+void (*_g_EC_GROUP_free)(_EC_GROUP_PTR); -+_EC_GROUP_PTR (*_g_EC_GROUP_new_by_curve_name)(int); -+int (*_g_EC_KEY_check_key)(const _EC_KEY_PTR); -+void (*_g_EC_KEY_free)(_EC_KEY_PTR); -+const _EC_GROUP_PTR (*_g_EC_KEY_get0_group)(const _EC_KEY_PTR); -+const _BIGNUM_PTR (*_g_EC_KEY_get0_private_key)(const _EC_KEY_PTR); -+const _EC_POINT_PTR (*_g_EC_KEY_get0_public_key)(const _EC_KEY_PTR); -+_EC_KEY_PTR (*_g_EC_KEY_new_by_curve_name)(int); -+int (*_g_EC_KEY_set_private_key)(_EC_KEY_PTR, const _BIGNUM_PTR); -+int (*_g_EC_KEY_set_public_key)(_EC_KEY_PTR, const _EC_POINT_PTR); -+int (*_g_EC_KEY_set_public_key_affine_coordinates)(_EC_KEY_PTR, _BIGNUM_PTR, _BIGNUM_PTR); -+void (*_g_EC_POINT_free)(_EC_POINT_PTR); -+int (*_g_EC_POINT_get_affine_coordinates_GFp)(const _EC_GROUP_PTR, const _EC_POINT_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BN_CTX_PTR); -+int (*_g_EC_POINT_mul)(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _EC_POINT_PTR, const _BIGNUM_PTR, _BN_CTX_PTR); -+_EC_POINT_PTR (*_g_EC_POINT_new)(const _EC_GROUP_PTR); -+int (*_g_EC_POINT_oct2point)(const _EC_GROUP_PTR, _EC_POINT_PTR, const unsigned char*, size_t, _BN_CTX_PTR); -+size_t (*_g_EC_POINT_point2oct)(const _EC_GROUP_PTR, const _EC_POINT_PTR, point_conversion_form_t, unsigned char*, size_t, _BN_CTX_PTR); -+int (*_g_EC_POINT_set_affine_coordinates)(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _BIGNUM_PTR, _BN_CTX_PTR); -+void (*_g_ERR_clear_error)(void); -+void (*_g_ERR_error_string_n)(unsigned long, char*, size_t); -+unsigned long (*_g_ERR_get_error_all)(const char**, int*, const char**, const char**, int*); -+unsigned long (*_g_ERR_get_error_line)(const char**, int*); -+int (*_g_EVP_CIPHER_CTX_ctrl)(_EVP_CIPHER_CTX_PTR, int, int, void*); -+void (*_g_EVP_CIPHER_CTX_free)(_EVP_CIPHER_CTX_PTR); -+_EVP_CIPHER_CTX_PTR (*_g_EVP_CIPHER_CTX_new)(void); -+int (*_g_EVP_CIPHER_CTX_set_key_length)(_EVP_CIPHER_CTX_PTR, int); -+int (*_g_EVP_CIPHER_CTX_set_padding)(_EVP_CIPHER_CTX_PTR, int); -+_EVP_CIPHER_PTR (*_g_EVP_CIPHER_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); -+const char* (*_g_EVP_CIPHER_get0_name)(const _EVP_CIPHER_PTR); -+int (*_g_EVP_CIPHER_get_block_size)(const _EVP_CIPHER_PTR); -+int (*_g_EVP_CipherInit_ex)(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, int); -+int (*_g_EVP_CipherUpdate)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int); -+int (*_g_EVP_DecryptFinal_ex)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*); -+int (*_g_EVP_DecryptInit_ex)(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*); -+int (*_g_EVP_DecryptUpdate)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int); -+int (*_g_EVP_Digest)(const void*, size_t, unsigned char*, unsigned int*, const _EVP_MD_PTR, _ENGINE_PTR); -+int (*_g_EVP_DigestFinal_ex)(_EVP_MD_CTX_PTR, unsigned char*, unsigned int*); -+int (*_g_EVP_DigestInit)(_EVP_MD_CTX_PTR, const _EVP_MD_PTR); -+int (*_g_EVP_DigestInit_ex)(_EVP_MD_CTX_PTR, const _EVP_MD_PTR, _ENGINE_PTR); -+int (*_g_EVP_DigestSign)(_EVP_MD_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); -+int (*_g_EVP_DigestSignFinal)(_EVP_MD_CTX_PTR, unsigned char*, size_t*); -+int (*_g_EVP_DigestSignInit)(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR); -+int (*_g_EVP_DigestUpdate)(_EVP_MD_CTX_PTR, const void*, size_t); -+int (*_g_EVP_DigestVerify)(_EVP_MD_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t); -+int (*_g_EVP_DigestVerifyFinal)(_EVP_MD_CTX_PTR, const unsigned char*, size_t); -+int (*_g_EVP_DigestVerifyInit)(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR); -+int (*_g_EVP_EncryptFinal_ex)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*); -+int (*_g_EVP_EncryptInit_ex)(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*); -+int (*_g_EVP_EncryptUpdate)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int); -+void (*_g_EVP_KDF_CTX_free)(_EVP_KDF_CTX_PTR); -+size_t (*_g_EVP_KDF_CTX_get_kdf_size)(_EVP_KDF_CTX_PTR); -+_EVP_KDF_CTX_PTR (*_g_EVP_KDF_CTX_new)(_EVP_KDF_PTR); -+int (*_g_EVP_KDF_CTX_set_params)(_EVP_KDF_CTX_PTR, const _OSSL_PARAM_PTR); -+int (*_g_EVP_KDF_derive)(_EVP_KDF_CTX_PTR, unsigned char*, size_t, const _OSSL_PARAM_PTR); -+_EVP_KDF_PTR (*_g_EVP_KDF_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); -+void (*_g_EVP_KDF_free)(_EVP_KDF_PTR); -+_EVP_MAC_CTX_PTR (*_g_EVP_MAC_CTX_dup)(const _EVP_MAC_CTX_PTR); -+void (*_g_EVP_MAC_CTX_free)(_EVP_MAC_CTX_PTR); -+_EVP_MAC_CTX_PTR (*_g_EVP_MAC_CTX_new)(_EVP_MAC_PTR); -+int (*_g_EVP_MAC_CTX_set_params)(_EVP_MAC_CTX_PTR, const _OSSL_PARAM_PTR); -+_EVP_MAC_PTR (*_g_EVP_MAC_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); -+int (*_g_EVP_MAC_final)(_EVP_MAC_CTX_PTR, unsigned char*, size_t*, size_t); -+int (*_g_EVP_MAC_init)(_EVP_MAC_CTX_PTR, const unsigned char*, size_t, const _OSSL_PARAM_PTR); -+int (*_g_EVP_MAC_update)(_EVP_MAC_CTX_PTR, const unsigned char*, size_t); -+int (*_g_EVP_MD_CTX_copy)(_EVP_MD_CTX_PTR, const _EVP_MD_CTX_PTR); -+int (*_g_EVP_MD_CTX_copy_ex)(_EVP_MD_CTX_PTR, const _EVP_MD_CTX_PTR); -+void (*_g_EVP_MD_CTX_free)(_EVP_MD_CTX_PTR); -+int (*_g_EVP_MD_CTX_get_params)(_EVP_MD_CTX_PTR, _OSSL_PARAM_PTR); -+const _OSSL_PARAM_PTR (*_g_EVP_MD_CTX_gettable_params)(_EVP_MD_CTX_PTR); -+_EVP_MD_CTX_PTR (*_g_EVP_MD_CTX_new)(void); -+int (*_g_EVP_MD_CTX_set_params)(_EVP_MD_CTX_PTR, const _OSSL_PARAM_PTR); -+const _OSSL_PARAM_PTR (*_g_EVP_MD_CTX_settable_params)(_EVP_MD_CTX_PTR); -+_EVP_MD_PTR (*_g_EVP_MD_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); -+void (*_g_EVP_MD_free)(_EVP_MD_PTR); -+const char* (*_g_EVP_MD_get0_name)(const _EVP_MD_PTR); -+const _OSSL_PROVIDER_PTR (*_g_EVP_MD_get0_provider)(const _EVP_MD_PTR); -+int (*_g_EVP_MD_get_block_size)(const _EVP_MD_PTR); -+int (*_g_EVP_MD_get_size)(const _EVP_MD_PTR); -+int (*_g_EVP_MD_get_type)(const _EVP_MD_PTR); -+int (*_g_EVP_PKEY_CTX_add1_hkdf_info)(_EVP_PKEY_CTX_PTR, const unsigned char*, int); -+int (*_g_EVP_PKEY_CTX_ctrl)(_EVP_PKEY_CTX_PTR, int, int, int, int, void*); -+void (*_g_EVP_PKEY_CTX_free)(_EVP_PKEY_CTX_PTR); -+_EVP_PKEY_CTX_PTR (*_g_EVP_PKEY_CTX_new)(_EVP_PKEY_PTR, _ENGINE_PTR); -+_EVP_PKEY_CTX_PTR (*_g_EVP_PKEY_CTX_new_from_pkey)(_OSSL_LIB_CTX_PTR, _EVP_PKEY_PTR, const char*); -+_EVP_PKEY_CTX_PTR (*_g_EVP_PKEY_CTX_new_id)(int, _ENGINE_PTR); -+int (*_g_EVP_PKEY_CTX_set0_rsa_oaep_label)(_EVP_PKEY_CTX_PTR, void*, int); -+int (*_g_EVP_PKEY_CTX_set1_hkdf_key)(_EVP_PKEY_CTX_PTR, const unsigned char*, int); -+int (*_g_EVP_PKEY_CTX_set1_hkdf_salt)(_EVP_PKEY_CTX_PTR, const unsigned char*, int); -+int (*_g_EVP_PKEY_CTX_set_hkdf_md)(_EVP_PKEY_CTX_PTR, const _EVP_MD_PTR); -+int (*_g_EVP_PKEY_CTX_set_hkdf_mode)(_EVP_PKEY_CTX_PTR, int); -+_EVP_PKEY_PTR (*_g_EVP_PKEY_Q_keygen)(_OSSL_LIB_CTX_PTR, const char*, const char*, ...); -+int (*_g_EVP_PKEY_assign)(_EVP_PKEY_PTR, int, void*); -+int (*_g_EVP_PKEY_decrypt)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); -+int (*_g_EVP_PKEY_decrypt_init)(_EVP_PKEY_CTX_PTR); -+int (*_g_EVP_PKEY_derive)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*); -+int (*_g_EVP_PKEY_derive_init)(_EVP_PKEY_CTX_PTR); -+int (*_g_EVP_PKEY_derive_set_peer)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR); -+int (*_g_EVP_PKEY_encrypt)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); -+int (*_g_EVP_PKEY_encrypt_init)(_EVP_PKEY_CTX_PTR); -+void (*_g_EVP_PKEY_free)(_EVP_PKEY_PTR); -+int (*_g_EVP_PKEY_fromdata)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, int, _OSSL_PARAM_PTR); -+int (*_g_EVP_PKEY_fromdata_init)(_EVP_PKEY_CTX_PTR); -+_DSA_PTR (*_g_EVP_PKEY_get0_DSA)(_EVP_PKEY_PTR); -+_EC_KEY_PTR (*_g_EVP_PKEY_get0_EC_KEY)(_EVP_PKEY_PTR); -+_RSA_PTR (*_g_EVP_PKEY_get1_RSA)(_EVP_PKEY_PTR); -+size_t (*_g_EVP_PKEY_get1_encoded_public_key)(_EVP_PKEY_PTR, unsigned char**); -+int (*_g_EVP_PKEY_get_bits)(const _EVP_PKEY_PTR); -+int (*_g_EVP_PKEY_get_bn_param)(const _EVP_PKEY_PTR, const char*, _BIGNUM_PTR*); -+int (*_g_EVP_PKEY_get_raw_private_key)(const _EVP_PKEY_PTR, unsigned char*, size_t*); -+int (*_g_EVP_PKEY_get_raw_public_key)(const _EVP_PKEY_PTR, unsigned char*, size_t*); -+int (*_g_EVP_PKEY_get_size)(const _EVP_PKEY_PTR); -+int (*_g_EVP_PKEY_keygen)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*); -+int (*_g_EVP_PKEY_keygen_init)(_EVP_PKEY_CTX_PTR); -+_EVP_PKEY_PTR (*_g_EVP_PKEY_new)(void); -+_EVP_PKEY_PTR (*_g_EVP_PKEY_new_raw_private_key)(int, _ENGINE_PTR, const unsigned char*, size_t); -+_EVP_PKEY_PTR (*_g_EVP_PKEY_new_raw_public_key)(int, _ENGINE_PTR, const unsigned char*, size_t); -+int (*_g_EVP_PKEY_paramgen)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*); -+int (*_g_EVP_PKEY_paramgen_init)(_EVP_PKEY_CTX_PTR); -+int (*_g_EVP_PKEY_private_check)(_EVP_PKEY_CTX_PTR); -+int (*_g_EVP_PKEY_public_check_quick)(_EVP_PKEY_CTX_PTR); -+int (*_g_EVP_PKEY_set1_EC_KEY)(_EVP_PKEY_PTR, _EC_KEY_PTR); -+int (*_g_EVP_PKEY_set1_encoded_public_key)(_EVP_PKEY_PTR, const unsigned char*, size_t); -+int (*_g_EVP_PKEY_sign)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); -+int (*_g_EVP_PKEY_sign_init)(_EVP_PKEY_CTX_PTR); -+int (*_g_EVP_PKEY_up_ref)(_EVP_PKEY_PTR); -+int (*_g_EVP_PKEY_verify)(_EVP_PKEY_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t); -+int (*_g_EVP_PKEY_verify_init)(_EVP_PKEY_CTX_PTR); -+_EVP_SIGNATURE_PTR (*_g_EVP_SIGNATURE_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); -+void (*_g_EVP_SIGNATURE_free)(_EVP_SIGNATURE_PTR); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_128_cbc)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_128_ctr)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_128_ecb)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_128_gcm)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_192_cbc)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_192_ctr)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_192_ecb)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_192_gcm)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_256_cbc)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_256_ctr)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_256_ecb)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_256_gcm)(void); -+int (*_g_EVP_default_properties_enable_fips)(_OSSL_LIB_CTX_PTR, int); -+int (*_g_EVP_default_properties_is_fips_enabled)(_OSSL_LIB_CTX_PTR); -+const _EVP_CIPHER_PTR (*_g_EVP_des_cbc)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_des_ecb)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_des_ede3_cbc)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_des_ede3_ecb)(void); -+const _EVP_MD_PTR (*_g_EVP_md4)(void); -+const _EVP_MD_PTR (*_g_EVP_md5)(void); -+const _EVP_MD_PTR (*_g_EVP_md5_sha1)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_rc4)(void); -+const _EVP_MD_PTR (*_g_EVP_ripemd160)(void); -+const _EVP_MD_PTR (*_g_EVP_sha1)(void); -+const _EVP_MD_PTR (*_g_EVP_sha224)(void); -+const _EVP_MD_PTR (*_g_EVP_sha256)(void); -+const _EVP_MD_PTR (*_g_EVP_sha384)(void); -+const _EVP_MD_PTR (*_g_EVP_sha3_224)(void); -+const _EVP_MD_PTR (*_g_EVP_sha3_256)(void); -+const _EVP_MD_PTR (*_g_EVP_sha3_384)(void); -+const _EVP_MD_PTR (*_g_EVP_sha3_512)(void); -+const _EVP_MD_PTR (*_g_EVP_sha512)(void); -+const _EVP_MD_PTR (*_g_EVP_sha512_224)(void); -+const _EVP_MD_PTR (*_g_EVP_sha512_256)(void); -+int (*_g_FIPS_mode)(void); -+int (*_g_FIPS_mode_set)(int); -+int (*_g_HMAC_CTX_copy)(_HMAC_CTX_PTR, _HMAC_CTX_PTR); -+void (*_g_HMAC_CTX_free)(_HMAC_CTX_PTR); -+_HMAC_CTX_PTR (*_g_HMAC_CTX_new)(void); -+int (*_g_HMAC_Final)(_HMAC_CTX_PTR, unsigned char*, unsigned int*); -+int (*_g_HMAC_Init_ex)(_HMAC_CTX_PTR, const void*, int, const _EVP_MD_PTR, _ENGINE_PTR); -+int (*_g_HMAC_Update)(_HMAC_CTX_PTR, const unsigned char*, size_t); -+const char* (*_g_OBJ_nid2sn)(int); -+void (*_g_OPENSSL_init)(void); -+int (*_g_OPENSSL_init_crypto)(uint64_t, const _OPENSSL_INIT_SETTINGS_PTR); -+unsigned int (*_g_OPENSSL_version_major)(void); -+unsigned int (*_g_OPENSSL_version_minor)(void); -+unsigned int (*_g_OPENSSL_version_patch)(void); -+void (*_g_OSSL_PARAM_BLD_free)(_OSSL_PARAM_BLD_PTR); -+_OSSL_PARAM_BLD_PTR (*_g_OSSL_PARAM_BLD_new)(void); -+int (*_g_OSSL_PARAM_BLD_push_BN)(_OSSL_PARAM_BLD_PTR, const char*, const _BIGNUM_PTR); -+int (*_g_OSSL_PARAM_BLD_push_int32)(_OSSL_PARAM_BLD_PTR, const char*, int32_t); -+int (*_g_OSSL_PARAM_BLD_push_octet_string)(_OSSL_PARAM_BLD_PTR, const char*, const void*, size_t); -+int (*_g_OSSL_PARAM_BLD_push_utf8_string)(_OSSL_PARAM_BLD_PTR, const char*, const char*, size_t); -+_OSSL_PARAM_PTR (*_g_OSSL_PARAM_BLD_to_param)(_OSSL_PARAM_BLD_PTR); -+void (*_g_OSSL_PARAM_free)(_OSSL_PARAM_PTR); -+const _OSSL_PARAM_PTR (*_g_OSSL_PARAM_locate_const)(const _OSSL_PARAM_PTR, const char*); -+int (*_g_OSSL_PROVIDER_available)(_OSSL_LIB_CTX_PTR, const char*); -+const char* (*_g_OSSL_PROVIDER_get0_name)(const _OSSL_PROVIDER_PTR); -+_OSSL_PROVIDER_PTR (*_g_OSSL_PROVIDER_try_load)(_OSSL_LIB_CTX_PTR, const char*, int); -+const char* (*_g_OpenSSL_version)(int); -+unsigned long (*_g_OpenSSL_version_num)(void); -+int (*_g_PKCS5_PBKDF2_HMAC)(const char*, int, const unsigned char*, int, int, const _EVP_MD_PTR, int, unsigned char*); -+int (*_g_RAND_bytes)(unsigned char*, int); -+void (*_g_RSA_free)(_RSA_PTR); -+void (*_g_RSA_get0_crt_params)(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+void (*_g_RSA_get0_factors)(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+void (*_g_RSA_get0_key)(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+_RSA_PTR (*_g_RSA_new)(void); -+int (*_g_RSA_set0_crt_params)(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR); -+int (*_g_RSA_set0_factors)(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR); -+int (*_g_RSA_set0_key)(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR); -+ -+#define __mkcgo__dlsym_nocheck(varname, funcname) _g_##varname = (typeof(_g_##varname))dlsym(handle, #funcname); -+ -+#define __mkcgo__dlsym(name) __mkcgo__dlsym2(name, name) -+ -+#define __mkcgo__dlsym2(varname, funcname) \ -+ __mkcgo__dlsym_nocheck(varname, funcname) \ -+ if (_g_##varname == NULL) { \ -+ fprintf(stderr, "Cannot get required symbol " #funcname "\n"); \ -+ abort(); \ -+ } -+ -+void __mkcgo_load_(void* handle) { -+ __mkcgo__dlsym(BN_bin2bn) -+ __mkcgo__dlsym(BN_bn2binpad) -+ __mkcgo__dlsym(BN_bn2lebinpad) -+ __mkcgo__dlsym(BN_clear) -+ __mkcgo__dlsym(BN_clear_free) -+ __mkcgo__dlsym(BN_free) -+ __mkcgo__dlsym(BN_lebin2bn) -+ __mkcgo__dlsym(BN_new) -+ __mkcgo__dlsym(BN_num_bits) -+ __mkcgo__dlsym(CRYPTO_free) -+ __mkcgo__dlsym(CRYPTO_malloc) -+ __mkcgo__dlsym(EC_GROUP_free) -+ __mkcgo__dlsym(EC_GROUP_new_by_curve_name) -+ __mkcgo__dlsym(EC_POINT_free) -+ __mkcgo__dlsym(EC_POINT_mul) -+ __mkcgo__dlsym(EC_POINT_new) -+ __mkcgo__dlsym(EC_POINT_oct2point) -+ __mkcgo__dlsym(EC_POINT_point2oct) -+ __mkcgo__dlsym(ERR_clear_error) -+ __mkcgo__dlsym(ERR_error_string_n) -+ __mkcgo__dlsym(EVP_CIPHER_CTX_ctrl) -+ __mkcgo__dlsym(EVP_CIPHER_CTX_free) -+ __mkcgo__dlsym(EVP_CIPHER_CTX_new) -+ __mkcgo__dlsym(EVP_CIPHER_CTX_set_key_length) -+ __mkcgo__dlsym(EVP_CIPHER_CTX_set_padding) -+ __mkcgo__dlsym(EVP_CipherInit_ex) -+ __mkcgo__dlsym(EVP_CipherUpdate) -+ __mkcgo__dlsym(EVP_DecryptFinal_ex) -+ __mkcgo__dlsym(EVP_DecryptInit_ex) -+ __mkcgo__dlsym(EVP_DecryptUpdate) -+ __mkcgo__dlsym(EVP_Digest) -+ __mkcgo__dlsym(EVP_DigestFinal_ex) -+ __mkcgo__dlsym(EVP_DigestInit) -+ __mkcgo__dlsym(EVP_DigestInit_ex) -+ __mkcgo__dlsym(EVP_DigestSignFinal) -+ __mkcgo__dlsym(EVP_DigestSignInit) -+ __mkcgo__dlsym(EVP_DigestUpdate) -+ __mkcgo__dlsym(EVP_DigestVerifyFinal) -+ __mkcgo__dlsym(EVP_DigestVerifyInit) -+ __mkcgo__dlsym(EVP_EncryptFinal_ex) -+ __mkcgo__dlsym(EVP_EncryptInit_ex) -+ __mkcgo__dlsym(EVP_EncryptUpdate) -+ __mkcgo__dlsym(EVP_MD_CTX_copy) -+ __mkcgo__dlsym(EVP_MD_CTX_copy_ex) -+ __mkcgo__dlsym(EVP_MD_CTX_free) -+ __mkcgo__dlsym(EVP_MD_CTX_new) -+ __mkcgo__dlsym(EVP_PKEY_CTX_ctrl) -+ __mkcgo__dlsym(EVP_PKEY_CTX_free) -+ __mkcgo__dlsym(EVP_PKEY_CTX_new) -+ __mkcgo__dlsym(EVP_PKEY_CTX_new_id) -+ __mkcgo__dlsym(EVP_PKEY_decrypt) -+ __mkcgo__dlsym(EVP_PKEY_decrypt_init) -+ __mkcgo__dlsym(EVP_PKEY_derive) -+ __mkcgo__dlsym(EVP_PKEY_derive_init) -+ __mkcgo__dlsym(EVP_PKEY_derive_set_peer) -+ __mkcgo__dlsym(EVP_PKEY_encrypt) -+ __mkcgo__dlsym(EVP_PKEY_encrypt_init) -+ __mkcgo__dlsym(EVP_PKEY_free) -+ __mkcgo__dlsym(EVP_PKEY_keygen) -+ __mkcgo__dlsym(EVP_PKEY_keygen_init) -+ __mkcgo__dlsym(EVP_PKEY_new) -+ __mkcgo__dlsym(EVP_PKEY_paramgen) -+ __mkcgo__dlsym(EVP_PKEY_paramgen_init) -+ __mkcgo__dlsym(EVP_PKEY_sign) -+ __mkcgo__dlsym(EVP_PKEY_sign_init) -+ __mkcgo__dlsym(EVP_PKEY_verify) -+ __mkcgo__dlsym(EVP_PKEY_verify_init) -+ __mkcgo__dlsym(EVP_aes_128_cbc) -+ __mkcgo__dlsym(EVP_aes_128_ctr) -+ __mkcgo__dlsym(EVP_aes_128_ecb) -+ __mkcgo__dlsym(EVP_aes_128_gcm) -+ __mkcgo__dlsym(EVP_aes_192_cbc) -+ __mkcgo__dlsym(EVP_aes_192_ctr) -+ __mkcgo__dlsym(EVP_aes_192_ecb) -+ __mkcgo__dlsym(EVP_aes_192_gcm) -+ __mkcgo__dlsym(EVP_aes_256_cbc) -+ __mkcgo__dlsym(EVP_aes_256_ctr) -+ __mkcgo__dlsym(EVP_aes_256_ecb) -+ __mkcgo__dlsym(EVP_aes_256_gcm) -+ __mkcgo__dlsym(EVP_des_cbc) -+ __mkcgo__dlsym(EVP_des_ecb) -+ __mkcgo__dlsym(EVP_des_ede3_cbc) -+ __mkcgo__dlsym(EVP_des_ede3_ecb) -+ __mkcgo__dlsym(EVP_md4) -+ __mkcgo__dlsym(EVP_md5) -+ __mkcgo__dlsym(EVP_md5_sha1) -+ __mkcgo__dlsym(EVP_rc4) -+ __mkcgo__dlsym(EVP_ripemd160) -+ __mkcgo__dlsym(EVP_sha1) -+ __mkcgo__dlsym(EVP_sha224) -+ __mkcgo__dlsym(EVP_sha256) -+ __mkcgo__dlsym(EVP_sha384) -+ __mkcgo__dlsym(EVP_sha512) -+ __mkcgo__dlsym(OBJ_nid2sn) -+ __mkcgo__dlsym(OPENSSL_init) -+ __mkcgo__dlsym(OPENSSL_init_crypto) -+ __mkcgo__dlsym(OpenSSL_version) -+ __mkcgo__dlsym(PKCS5_PBKDF2_HMAC) -+ __mkcgo__dlsym(RAND_bytes) -+} -+ -+void __mkcgo_unload_() { -+ _g_BN_bin2bn = NULL; -+ _g_BN_bn2binpad = NULL; -+ _g_BN_bn2lebinpad = NULL; -+ _g_BN_clear = NULL; -+ _g_BN_clear_free = NULL; -+ _g_BN_free = NULL; -+ _g_BN_lebin2bn = NULL; -+ _g_BN_new = NULL; -+ _g_BN_num_bits = NULL; -+ _g_CRYPTO_free = NULL; -+ _g_CRYPTO_malloc = NULL; -+ _g_EC_GROUP_free = NULL; -+ _g_EC_GROUP_new_by_curve_name = NULL; -+ _g_EC_POINT_free = NULL; -+ _g_EC_POINT_mul = NULL; -+ _g_EC_POINT_new = NULL; -+ _g_EC_POINT_oct2point = NULL; -+ _g_EC_POINT_point2oct = NULL; -+ _g_ERR_clear_error = NULL; -+ _g_ERR_error_string_n = NULL; -+ _g_EVP_CIPHER_CTX_ctrl = NULL; -+ _g_EVP_CIPHER_CTX_free = NULL; -+ _g_EVP_CIPHER_CTX_new = NULL; -+ _g_EVP_CIPHER_CTX_set_key_length = NULL; -+ _g_EVP_CIPHER_CTX_set_padding = NULL; -+ _g_EVP_CipherInit_ex = NULL; -+ _g_EVP_CipherUpdate = NULL; -+ _g_EVP_DecryptFinal_ex = NULL; -+ _g_EVP_DecryptInit_ex = NULL; -+ _g_EVP_DecryptUpdate = NULL; -+ _g_EVP_Digest = NULL; -+ _g_EVP_DigestFinal_ex = NULL; -+ _g_EVP_DigestInit = NULL; -+ _g_EVP_DigestInit_ex = NULL; -+ _g_EVP_DigestSignFinal = NULL; -+ _g_EVP_DigestSignInit = NULL; -+ _g_EVP_DigestUpdate = NULL; -+ _g_EVP_DigestVerifyFinal = NULL; -+ _g_EVP_DigestVerifyInit = NULL; -+ _g_EVP_EncryptFinal_ex = NULL; -+ _g_EVP_EncryptInit_ex = NULL; -+ _g_EVP_EncryptUpdate = NULL; -+ _g_EVP_MD_CTX_copy = NULL; -+ _g_EVP_MD_CTX_copy_ex = NULL; -+ _g_EVP_MD_CTX_free = NULL; -+ _g_EVP_MD_CTX_new = NULL; -+ _g_EVP_PKEY_CTX_ctrl = NULL; -+ _g_EVP_PKEY_CTX_free = NULL; -+ _g_EVP_PKEY_CTX_new = NULL; -+ _g_EVP_PKEY_CTX_new_id = NULL; -+ _g_EVP_PKEY_decrypt = NULL; -+ _g_EVP_PKEY_decrypt_init = NULL; -+ _g_EVP_PKEY_derive = NULL; -+ _g_EVP_PKEY_derive_init = NULL; -+ _g_EVP_PKEY_derive_set_peer = NULL; -+ _g_EVP_PKEY_encrypt = NULL; -+ _g_EVP_PKEY_encrypt_init = NULL; -+ _g_EVP_PKEY_free = NULL; -+ _g_EVP_PKEY_keygen = NULL; -+ _g_EVP_PKEY_keygen_init = NULL; -+ _g_EVP_PKEY_new = NULL; -+ _g_EVP_PKEY_paramgen = NULL; -+ _g_EVP_PKEY_paramgen_init = NULL; -+ _g_EVP_PKEY_sign = NULL; -+ _g_EVP_PKEY_sign_init = NULL; -+ _g_EVP_PKEY_verify = NULL; -+ _g_EVP_PKEY_verify_init = NULL; -+ _g_EVP_aes_128_cbc = NULL; -+ _g_EVP_aes_128_ctr = NULL; -+ _g_EVP_aes_128_ecb = NULL; -+ _g_EVP_aes_128_gcm = NULL; -+ _g_EVP_aes_192_cbc = NULL; -+ _g_EVP_aes_192_ctr = NULL; -+ _g_EVP_aes_192_ecb = NULL; -+ _g_EVP_aes_192_gcm = NULL; -+ _g_EVP_aes_256_cbc = NULL; -+ _g_EVP_aes_256_ctr = NULL; -+ _g_EVP_aes_256_ecb = NULL; -+ _g_EVP_aes_256_gcm = NULL; -+ _g_EVP_des_cbc = NULL; -+ _g_EVP_des_ecb = NULL; -+ _g_EVP_des_ede3_cbc = NULL; -+ _g_EVP_des_ede3_ecb = NULL; -+ _g_EVP_md4 = NULL; -+ _g_EVP_md5 = NULL; -+ _g_EVP_md5_sha1 = NULL; -+ _g_EVP_rc4 = NULL; -+ _g_EVP_ripemd160 = NULL; -+ _g_EVP_sha1 = NULL; -+ _g_EVP_sha224 = NULL; -+ _g_EVP_sha256 = NULL; -+ _g_EVP_sha384 = NULL; -+ _g_EVP_sha512 = NULL; -+ _g_OBJ_nid2sn = NULL; -+ _g_OPENSSL_init = NULL; -+ _g_OPENSSL_init_crypto = NULL; -+ _g_OpenSSL_version = NULL; -+ _g_PKCS5_PBKDF2_HMAC = NULL; -+ _g_RAND_bytes = NULL; -+} -+ -+void __mkcgo_load_111(void* handle) { -+ __mkcgo__dlsym(EVP_DigestSign) -+ __mkcgo__dlsym(EVP_DigestVerify) -+ __mkcgo__dlsym(EVP_PKEY_get_raw_private_key) -+ __mkcgo__dlsym(EVP_PKEY_get_raw_public_key) -+ __mkcgo__dlsym(EVP_PKEY_new_raw_private_key) -+ __mkcgo__dlsym(EVP_PKEY_new_raw_public_key) -+ __mkcgo__dlsym(EVP_sha3_224) -+ __mkcgo__dlsym(EVP_sha3_256) -+ __mkcgo__dlsym(EVP_sha3_384) -+ __mkcgo__dlsym(EVP_sha3_512) -+ __mkcgo__dlsym(EVP_sha512_224) -+ __mkcgo__dlsym(EVP_sha512_256) -+} -+ -+void __mkcgo_unload_111() { -+ _g_EVP_DigestSign = NULL; -+ _g_EVP_DigestVerify = NULL; -+ _g_EVP_PKEY_get_raw_private_key = NULL; -+ _g_EVP_PKEY_get_raw_public_key = NULL; -+ _g_EVP_PKEY_new_raw_private_key = NULL; -+ _g_EVP_PKEY_new_raw_public_key = NULL; -+ _g_EVP_sha3_224 = NULL; -+ _g_EVP_sha3_256 = NULL; -+ _g_EVP_sha3_384 = NULL; -+ _g_EVP_sha3_512 = NULL; -+ _g_EVP_sha512_224 = NULL; -+ _g_EVP_sha512_256 = NULL; -+} -+ -+void __mkcgo_load_3(void* handle) { -+ __mkcgo__dlsym(EC_POINT_set_affine_coordinates) -+ __mkcgo__dlsym(ERR_get_error_all) -+ __mkcgo__dlsym(EVP_CIPHER_fetch) -+ __mkcgo__dlsym(EVP_CIPHER_get0_name) -+ __mkcgo__dlsym(EVP_CIPHER_get_block_size) -+ __mkcgo__dlsym(EVP_KDF_CTX_free) -+ __mkcgo__dlsym(EVP_KDF_CTX_get_kdf_size) -+ __mkcgo__dlsym(EVP_KDF_CTX_new) -+ __mkcgo__dlsym(EVP_KDF_CTX_set_params) -+ __mkcgo__dlsym(EVP_KDF_derive) -+ __mkcgo__dlsym(EVP_KDF_fetch) -+ __mkcgo__dlsym(EVP_KDF_free) -+ __mkcgo__dlsym(EVP_MAC_CTX_dup) -+ __mkcgo__dlsym(EVP_MAC_CTX_free) -+ __mkcgo__dlsym(EVP_MAC_CTX_new) -+ __mkcgo__dlsym(EVP_MAC_CTX_set_params) -+ __mkcgo__dlsym(EVP_MAC_fetch) -+ __mkcgo__dlsym(EVP_MAC_final) -+ __mkcgo__dlsym(EVP_MAC_init) -+ __mkcgo__dlsym(EVP_MAC_update) -+ __mkcgo__dlsym(EVP_MD_CTX_get_params) -+ __mkcgo__dlsym(EVP_MD_CTX_gettable_params) -+ __mkcgo__dlsym(EVP_MD_CTX_set_params) -+ __mkcgo__dlsym(EVP_MD_CTX_settable_params) -+ __mkcgo__dlsym(EVP_MD_fetch) -+ __mkcgo__dlsym(EVP_MD_free) -+ __mkcgo__dlsym(EVP_MD_get0_name) -+ __mkcgo__dlsym(EVP_MD_get0_provider) -+ __mkcgo__dlsym(EVP_MD_get_block_size) -+ __mkcgo__dlsym(EVP_MD_get_size) -+ __mkcgo__dlsym(EVP_MD_get_type) -+ __mkcgo__dlsym(EVP_PKEY_CTX_add1_hkdf_info) -+ __mkcgo__dlsym(EVP_PKEY_CTX_new_from_pkey) -+ __mkcgo__dlsym(EVP_PKEY_CTX_set0_rsa_oaep_label) -+ __mkcgo__dlsym(EVP_PKEY_CTX_set1_hkdf_key) -+ __mkcgo__dlsym(EVP_PKEY_CTX_set1_hkdf_salt) -+ __mkcgo__dlsym(EVP_PKEY_CTX_set_hkdf_md) -+ __mkcgo__dlsym(EVP_PKEY_CTX_set_hkdf_mode) -+ __mkcgo__dlsym(EVP_PKEY_Q_keygen) -+ __mkcgo__dlsym(EVP_PKEY_fromdata) -+ __mkcgo__dlsym(EVP_PKEY_fromdata_init) -+ __mkcgo__dlsym(EVP_PKEY_get1_encoded_public_key) -+ __mkcgo__dlsym(EVP_PKEY_get_bits) -+ __mkcgo__dlsym(EVP_PKEY_get_bn_param) -+ __mkcgo__dlsym(EVP_PKEY_get_size) -+ __mkcgo__dlsym(EVP_PKEY_private_check) -+ __mkcgo__dlsym(EVP_PKEY_public_check_quick) -+ __mkcgo__dlsym(EVP_PKEY_set1_encoded_public_key) -+ __mkcgo__dlsym(EVP_PKEY_up_ref) -+ __mkcgo__dlsym(EVP_SIGNATURE_fetch) -+ __mkcgo__dlsym(EVP_SIGNATURE_free) -+ __mkcgo__dlsym(EVP_default_properties_enable_fips) -+ __mkcgo__dlsym(EVP_default_properties_is_fips_enabled) -+ __mkcgo__dlsym(OSSL_PARAM_BLD_free) -+ __mkcgo__dlsym(OSSL_PARAM_BLD_new) -+ __mkcgo__dlsym(OSSL_PARAM_BLD_push_BN) -+ __mkcgo__dlsym(OSSL_PARAM_BLD_push_int32) -+ __mkcgo__dlsym(OSSL_PARAM_BLD_push_octet_string) -+ __mkcgo__dlsym(OSSL_PARAM_BLD_push_utf8_string) -+ __mkcgo__dlsym(OSSL_PARAM_BLD_to_param) -+ __mkcgo__dlsym(OSSL_PARAM_free) -+ __mkcgo__dlsym(OSSL_PARAM_locate_const) -+ __mkcgo__dlsym(OSSL_PROVIDER_available) -+ __mkcgo__dlsym(OSSL_PROVIDER_get0_name) -+ __mkcgo__dlsym(OSSL_PROVIDER_try_load) -+} -+ -+void __mkcgo_unload_3() { -+ _g_EC_POINT_set_affine_coordinates = NULL; -+ _g_ERR_get_error_all = NULL; -+ _g_EVP_CIPHER_fetch = NULL; -+ _g_EVP_CIPHER_get0_name = NULL; -+ _g_EVP_CIPHER_get_block_size = NULL; -+ _g_EVP_KDF_CTX_free = NULL; -+ _g_EVP_KDF_CTX_get_kdf_size = NULL; -+ _g_EVP_KDF_CTX_new = NULL; -+ _g_EVP_KDF_CTX_set_params = NULL; -+ _g_EVP_KDF_derive = NULL; -+ _g_EVP_KDF_fetch = NULL; -+ _g_EVP_KDF_free = NULL; -+ _g_EVP_MAC_CTX_dup = NULL; -+ _g_EVP_MAC_CTX_free = NULL; -+ _g_EVP_MAC_CTX_new = NULL; -+ _g_EVP_MAC_CTX_set_params = NULL; -+ _g_EVP_MAC_fetch = NULL; -+ _g_EVP_MAC_final = NULL; -+ _g_EVP_MAC_init = NULL; -+ _g_EVP_MAC_update = NULL; -+ _g_EVP_MD_CTX_get_params = NULL; -+ _g_EVP_MD_CTX_gettable_params = NULL; -+ _g_EVP_MD_CTX_set_params = NULL; -+ _g_EVP_MD_CTX_settable_params = NULL; -+ _g_EVP_MD_fetch = NULL; -+ _g_EVP_MD_free = NULL; -+ _g_EVP_MD_get0_name = NULL; -+ _g_EVP_MD_get0_provider = NULL; -+ _g_EVP_MD_get_block_size = NULL; -+ _g_EVP_MD_get_size = NULL; -+ _g_EVP_MD_get_type = NULL; -+ _g_EVP_PKEY_CTX_add1_hkdf_info = NULL; -+ _g_EVP_PKEY_CTX_new_from_pkey = NULL; -+ _g_EVP_PKEY_CTX_set0_rsa_oaep_label = NULL; -+ _g_EVP_PKEY_CTX_set1_hkdf_key = NULL; -+ _g_EVP_PKEY_CTX_set1_hkdf_salt = NULL; -+ _g_EVP_PKEY_CTX_set_hkdf_md = NULL; -+ _g_EVP_PKEY_CTX_set_hkdf_mode = NULL; -+ _g_EVP_PKEY_Q_keygen = NULL; -+ _g_EVP_PKEY_fromdata = NULL; -+ _g_EVP_PKEY_fromdata_init = NULL; -+ _g_EVP_PKEY_get1_encoded_public_key = NULL; -+ _g_EVP_PKEY_get_bits = NULL; -+ _g_EVP_PKEY_get_bn_param = NULL; -+ _g_EVP_PKEY_get_size = NULL; -+ _g_EVP_PKEY_private_check = NULL; -+ _g_EVP_PKEY_public_check_quick = NULL; -+ _g_EVP_PKEY_set1_encoded_public_key = NULL; -+ _g_EVP_PKEY_up_ref = NULL; -+ _g_EVP_SIGNATURE_fetch = NULL; -+ _g_EVP_SIGNATURE_free = NULL; -+ _g_EVP_default_properties_enable_fips = NULL; -+ _g_EVP_default_properties_is_fips_enabled = NULL; -+ _g_OSSL_PARAM_BLD_free = NULL; -+ _g_OSSL_PARAM_BLD_new = NULL; -+ _g_OSSL_PARAM_BLD_push_BN = NULL; -+ _g_OSSL_PARAM_BLD_push_int32 = NULL; -+ _g_OSSL_PARAM_BLD_push_octet_string = NULL; -+ _g_OSSL_PARAM_BLD_push_utf8_string = NULL; -+ _g_OSSL_PARAM_BLD_to_param = NULL; -+ _g_OSSL_PARAM_free = NULL; -+ _g_OSSL_PARAM_locate_const = NULL; -+ _g_OSSL_PROVIDER_available = NULL; -+ _g_OSSL_PROVIDER_get0_name = NULL; -+ _g_OSSL_PROVIDER_try_load = NULL; -+} -+ -+void __mkcgo_load_init_1(void* handle) { -+ __mkcgo__dlsym(FIPS_mode) -+ __mkcgo__dlsym(FIPS_mode_set) -+} -+ -+void __mkcgo_unload_init_1() { -+ _g_FIPS_mode = NULL; -+ _g_FIPS_mode_set = NULL; -+} -+ -+void __mkcgo_load_init_3(void* handle) { -+ __mkcgo__dlsym(ERR_clear_error) -+ __mkcgo__dlsym(EVP_MD_fetch) -+ __mkcgo__dlsym(EVP_MD_free) -+ __mkcgo__dlsym(EVP_MD_get0_provider) -+ __mkcgo__dlsym(EVP_default_properties_is_fips_enabled) -+} -+ -+void __mkcgo_unload_init_3() { -+ _g_ERR_clear_error = NULL; -+ _g_EVP_MD_fetch = NULL; -+ _g_EVP_MD_free = NULL; -+ _g_EVP_MD_get0_provider = NULL; -+ _g_EVP_default_properties_is_fips_enabled = NULL; -+} -+ -+void __mkcgo_load_legacy_1(void* handle) { -+ __mkcgo__dlsym(DSA_free) -+ __mkcgo__dlsym(DSA_generate_key) -+ __mkcgo__dlsym(DSA_get0_key) -+ __mkcgo__dlsym(DSA_get0_pqg) -+ __mkcgo__dlsym(DSA_new) -+ __mkcgo__dlsym(DSA_set0_key) -+ __mkcgo__dlsym(DSA_set0_pqg) -+ __mkcgo__dlsym(EC_KEY_check_key) -+ __mkcgo__dlsym(EC_KEY_free) -+ __mkcgo__dlsym(EC_KEY_get0_group) -+ __mkcgo__dlsym(EC_KEY_get0_private_key) -+ __mkcgo__dlsym(EC_KEY_get0_public_key) -+ __mkcgo__dlsym(EC_KEY_new_by_curve_name) -+ __mkcgo__dlsym(EC_KEY_set_private_key) -+ __mkcgo__dlsym(EC_KEY_set_public_key) -+ __mkcgo__dlsym(EC_KEY_set_public_key_affine_coordinates) -+ __mkcgo__dlsym(EC_POINT_get_affine_coordinates_GFp) -+ __mkcgo__dlsym(ERR_get_error_line) -+ __mkcgo__dlsym2(EVP_CIPHER_get_block_size, EVP_CIPHER_block_size) -+ __mkcgo__dlsym2(EVP_MD_get_block_size, EVP_MD_block_size) -+ __mkcgo__dlsym2(EVP_MD_get_size, EVP_MD_size) -+ __mkcgo__dlsym(EVP_PKEY_assign) -+ __mkcgo__dlsym(EVP_PKEY_get0_DSA) -+ __mkcgo__dlsym(EVP_PKEY_get0_EC_KEY) -+ __mkcgo__dlsym(EVP_PKEY_get1_RSA) -+ __mkcgo__dlsym2(EVP_PKEY_get_bits, EVP_PKEY_bits) -+ __mkcgo__dlsym2(EVP_PKEY_get_size, EVP_PKEY_size) -+ __mkcgo__dlsym(EVP_PKEY_set1_EC_KEY) -+ __mkcgo__dlsym(FIPS_mode) -+ __mkcgo__dlsym(FIPS_mode_set) -+ __mkcgo__dlsym(HMAC_CTX_copy) -+ __mkcgo__dlsym(HMAC_CTX_free) -+ __mkcgo__dlsym(HMAC_CTX_new) -+ __mkcgo__dlsym(HMAC_Final) -+ __mkcgo__dlsym(HMAC_Init_ex) -+ __mkcgo__dlsym(HMAC_Update) -+ __mkcgo__dlsym(RSA_free) -+ __mkcgo__dlsym(RSA_get0_crt_params) -+ __mkcgo__dlsym(RSA_get0_factors) -+ __mkcgo__dlsym(RSA_get0_key) -+ __mkcgo__dlsym(RSA_new) -+ __mkcgo__dlsym(RSA_set0_crt_params) -+ __mkcgo__dlsym(RSA_set0_factors) -+ __mkcgo__dlsym(RSA_set0_key) -+} -+ -+void __mkcgo_unload_legacy_1() { -+ _g_DSA_free = NULL; -+ _g_DSA_generate_key = NULL; -+ _g_DSA_get0_key = NULL; -+ _g_DSA_get0_pqg = NULL; -+ _g_DSA_new = NULL; -+ _g_DSA_set0_key = NULL; -+ _g_DSA_set0_pqg = NULL; -+ _g_EC_KEY_check_key = NULL; -+ _g_EC_KEY_free = NULL; -+ _g_EC_KEY_get0_group = NULL; -+ _g_EC_KEY_get0_private_key = NULL; -+ _g_EC_KEY_get0_public_key = NULL; -+ _g_EC_KEY_new_by_curve_name = NULL; -+ _g_EC_KEY_set_private_key = NULL; -+ _g_EC_KEY_set_public_key = NULL; -+ _g_EC_KEY_set_public_key_affine_coordinates = NULL; -+ _g_EC_POINT_get_affine_coordinates_GFp = NULL; -+ _g_ERR_get_error_line = NULL; -+ _g_EVP_CIPHER_get_block_size = NULL; -+ _g_EVP_MD_get_block_size = NULL; -+ _g_EVP_MD_get_size = NULL; -+ _g_EVP_PKEY_assign = NULL; -+ _g_EVP_PKEY_get0_DSA = NULL; -+ _g_EVP_PKEY_get0_EC_KEY = NULL; -+ _g_EVP_PKEY_get1_RSA = NULL; -+ _g_EVP_PKEY_get_bits = NULL; -+ _g_EVP_PKEY_get_size = NULL; -+ _g_EVP_PKEY_set1_EC_KEY = NULL; -+ _g_FIPS_mode = NULL; -+ _g_FIPS_mode_set = NULL; -+ _g_HMAC_CTX_copy = NULL; -+ _g_HMAC_CTX_free = NULL; -+ _g_HMAC_CTX_new = NULL; -+ _g_HMAC_Final = NULL; -+ _g_HMAC_Init_ex = NULL; -+ _g_HMAC_Update = NULL; -+ _g_RSA_free = NULL; -+ _g_RSA_get0_crt_params = NULL; -+ _g_RSA_get0_factors = NULL; -+ _g_RSA_get0_key = NULL; -+ _g_RSA_new = NULL; -+ _g_RSA_set0_crt_params = NULL; -+ _g_RSA_set0_factors = NULL; -+ _g_RSA_set0_key = NULL; -+} -+ -+void __mkcgo_load_version(void* handle) { -+ __mkcgo__dlsym_nocheck(OPENSSL_version_major, OPENSSL_version_major) -+ __mkcgo__dlsym_nocheck(OPENSSL_version_minor, OPENSSL_version_minor) -+ __mkcgo__dlsym_nocheck(OPENSSL_version_patch, OPENSSL_version_patch) -+ __mkcgo__dlsym_nocheck(OpenSSL_version_num, OpenSSL_version_num) -+} -+ -+void __mkcgo_unload_version() { -+ _g_OPENSSL_version_major = NULL; -+ _g_OPENSSL_version_minor = NULL; -+ _g_OPENSSL_version_patch = NULL; -+ _g_OpenSSL_version_num = NULL; -+} -+ -+_BIGNUM_PTR _mkcgo_BN_bin2bn(const unsigned char* _arg0, int _arg1, _BIGNUM_PTR _arg2, mkcgo_err_state *_err_state) { -+ _BIGNUM_PTR _ret = _g_BN_bin2bn(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_BN_bn2binpad(const _BIGNUM_PTR _arg0, unsigned char* _arg1, int _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_BN_bn2binpad(_arg0, _arg1, _arg2); -+ if (_ret == -1) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_BN_bn2lebinpad(const _BIGNUM_PTR _arg0, unsigned char* _arg1, int _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_BN_bn2lebinpad(_arg0, _arg1, _arg2); -+ if (_ret == -1) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_BN_clear(_BIGNUM_PTR _arg0) { -+ _g_BN_clear(_arg0); -+} -+ -+void _mkcgo_BN_clear_free(_BIGNUM_PTR _arg0) { -+ _g_BN_clear_free(_arg0); -+} -+ -+void _mkcgo_BN_free(_BIGNUM_PTR _arg0) { -+ _g_BN_free(_arg0); -+} -+ -+_BIGNUM_PTR _mkcgo_BN_lebin2bn(const unsigned char* _arg0, int _arg1, _BIGNUM_PTR _arg2, mkcgo_err_state *_err_state) { -+ _BIGNUM_PTR _ret = _g_BN_lebin2bn(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_BIGNUM_PTR _mkcgo_BN_new(mkcgo_err_state *_err_state) { -+ _BIGNUM_PTR _ret = _g_BN_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_BN_num_bits(const _BIGNUM_PTR _arg0) { -+ return _g_BN_num_bits(_arg0); -+} -+ -+void _mkcgo_CRYPTO_free(void* _arg0, const char* _arg1, int _arg2) { -+ _g_CRYPTO_free(_arg0, _arg1, _arg2); -+} -+ -+void* _mkcgo_CRYPTO_malloc(size_t _arg0, const char* _arg1, int _arg2, mkcgo_err_state *_err_state) { -+ void* _ret = _g_CRYPTO_malloc(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_DSA_free(_DSA_PTR _arg0) { -+ _g_DSA_free(_arg0); -+} -+ -+int _mkcgo_DSA_generate_key(_DSA_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_DSA_generate_key(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_DSA_get0_key(const _DSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2) { -+ _g_DSA_get0_key(_arg0, _arg1, _arg2); -+} -+ -+void _mkcgo_DSA_get0_pqg(const _DSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { -+ _g_DSA_get0_pqg(_arg0, _arg1, _arg2, _arg3); -+} -+ -+_DSA_PTR _mkcgo_DSA_new(mkcgo_err_state *_err_state) { -+ _DSA_PTR _ret = _g_DSA_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_DSA_set0_key(_DSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_DSA_set0_key(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_DSA_set0_pqg(_DSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, mkcgo_err_state *_err_state) { -+ int _ret = _g_DSA_set0_pqg(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EC_GROUP_free(_EC_GROUP_PTR _arg0) { -+ _g_EC_GROUP_free(_arg0); -+} -+ -+_EC_GROUP_PTR _mkcgo_EC_GROUP_new_by_curve_name(int _arg0, mkcgo_err_state *_err_state) { -+ _EC_GROUP_PTR _ret = _g_EC_GROUP_new_by_curve_name(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EC_KEY_check_key(const _EC_KEY_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_EC_KEY_check_key(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EC_KEY_free(_EC_KEY_PTR _arg0) { -+ _g_EC_KEY_free(_arg0); -+} -+ -+const _EC_GROUP_PTR _mkcgo_EC_KEY_get0_group(const _EC_KEY_PTR _arg0) { -+ return _g_EC_KEY_get0_group(_arg0); -+} -+ -+const _BIGNUM_PTR _mkcgo_EC_KEY_get0_private_key(const _EC_KEY_PTR _arg0) { -+ return _g_EC_KEY_get0_private_key(_arg0); -+} -+ -+const _EC_POINT_PTR _mkcgo_EC_KEY_get0_public_key(const _EC_KEY_PTR _arg0) { -+ return _g_EC_KEY_get0_public_key(_arg0); -+} -+ -+_EC_KEY_PTR _mkcgo_EC_KEY_new_by_curve_name(int _arg0, mkcgo_err_state *_err_state) { -+ _EC_KEY_PTR _ret = _g_EC_KEY_new_by_curve_name(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EC_KEY_set_private_key(_EC_KEY_PTR _arg0, const _BIGNUM_PTR _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EC_KEY_set_private_key(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EC_KEY_set_public_key(_EC_KEY_PTR _arg0, const _EC_POINT_PTR _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EC_KEY_set_public_key(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EC_KEY_set_public_key_affine_coordinates(_EC_KEY_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EC_KEY_set_public_key_affine_coordinates(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EC_POINT_free(_EC_POINT_PTR _arg0) { -+ _g_EC_POINT_free(_arg0); -+} -+ -+int _mkcgo_EC_POINT_get_affine_coordinates_GFp(const _EC_GROUP_PTR _arg0, const _EC_POINT_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, _BN_CTX_PTR _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EC_POINT_get_affine_coordinates_GFp(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EC_POINT_mul(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const _BIGNUM_PTR _arg2, const _EC_POINT_PTR _arg3, const _BIGNUM_PTR _arg4, _BN_CTX_PTR _arg5, mkcgo_err_state *_err_state) { -+ int _ret = _g_EC_POINT_mul(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EC_POINT_PTR _mkcgo_EC_POINT_new(const _EC_GROUP_PTR _arg0, mkcgo_err_state *_err_state) { -+ _EC_POINT_PTR _ret = _g_EC_POINT_new(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EC_POINT_oct2point(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const unsigned char* _arg2, size_t _arg3, _BN_CTX_PTR _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EC_POINT_oct2point(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+size_t _mkcgo_EC_POINT_point2oct(const _EC_GROUP_PTR _arg0, const _EC_POINT_PTR _arg1, point_conversion_form_t _arg2, unsigned char* _arg3, size_t _arg4, _BN_CTX_PTR _arg5, mkcgo_err_state *_err_state) { -+ size_t _ret = _g_EC_POINT_point2oct(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EC_POINT_set_affine_coordinates(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const _BIGNUM_PTR _arg2, const _BIGNUM_PTR _arg3, _BN_CTX_PTR _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EC_POINT_set_affine_coordinates(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_ERR_clear_error(void) { -+ _g_ERR_clear_error(); -+} -+ -+void _mkcgo_ERR_error_string_n(unsigned long _arg0, char* _arg1, size_t _arg2) { -+ _g_ERR_error_string_n(_arg0, _arg1, _arg2); -+} -+ -+unsigned long _mkcgo_ERR_get_error_all(const char** _arg0, int* _arg1, const char** _arg2, const char** _arg3, int* _arg4) { -+ return _g_ERR_get_error_all(_arg0, _arg1, _arg2, _arg3, _arg4); -+} -+ -+unsigned long _mkcgo_ERR_get_error_line(const char** _arg0, int* _arg1) { -+ return _g_ERR_get_error_line(_arg0, _arg1); -+} -+ -+int _mkcgo_EVP_CIPHER_CTX_ctrl(_EVP_CIPHER_CTX_PTR _arg0, int _arg1, int _arg2, void* _arg3, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_CIPHER_CTX_ctrl(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_CIPHER_CTX_free(_EVP_CIPHER_CTX_PTR _arg0) { -+ _g_EVP_CIPHER_CTX_free(_arg0); -+} -+ -+_EVP_CIPHER_CTX_PTR _mkcgo_EVP_CIPHER_CTX_new(mkcgo_err_state *_err_state) { -+ _EVP_CIPHER_CTX_PTR _ret = _g_EVP_CIPHER_CTX_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_CIPHER_CTX_set_key_length(_EVP_CIPHER_CTX_PTR _arg0, int _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_CIPHER_CTX_set_key_length(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_CIPHER_CTX_set_padding(_EVP_CIPHER_CTX_PTR _arg0, int _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_CIPHER_CTX_set_padding(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_CIPHER_PTR _mkcgo_EVP_CIPHER_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, mkcgo_err_state *_err_state) { -+ _EVP_CIPHER_PTR _ret = _g_EVP_CIPHER_fetch(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+const char* _mkcgo_EVP_CIPHER_get0_name(const _EVP_CIPHER_PTR _arg0) { -+ return _g_EVP_CIPHER_get0_name(_arg0); -+} -+ -+int _mkcgo_EVP_CIPHER_get_block_size(const _EVP_CIPHER_PTR _arg0) { -+ return _g_EVP_CIPHER_get_block_size(_arg0); -+} -+ -+int _mkcgo_EVP_CipherInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4, int _arg5, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_CipherInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_CipherUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_CipherUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DecryptFinal_ex(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_DecryptFinal_ex(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DecryptInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_DecryptInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DecryptUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_DecryptUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_Digest(const void* _arg0, size_t _arg1, unsigned char* _arg2, unsigned int* _arg3, const _EVP_MD_PTR _arg4, _ENGINE_PTR _arg5, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_Digest(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestFinal_ex(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, unsigned int* _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_DigestFinal_ex(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestInit(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_PTR _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_DigestInit(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestInit_ex(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_PTR _arg1, _ENGINE_PTR _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_DigestInit_ex(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestSign(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_DigestSign(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestSignFinal(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_DigestSignFinal(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestSignInit(_EVP_MD_CTX_PTR _arg0, _EVP_PKEY_CTX_PTR* _arg1, const _EVP_MD_PTR _arg2, _ENGINE_PTR _arg3, _EVP_PKEY_PTR _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_DigestSignInit(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestUpdate(_EVP_MD_CTX_PTR _arg0, const void* _arg1, size_t _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_DigestUpdate(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestVerify(_EVP_MD_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const unsigned char* _arg3, size_t _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_DigestVerify(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_DigestVerifyFinal(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestVerifyInit(_EVP_MD_CTX_PTR _arg0, _EVP_PKEY_CTX_PTR* _arg1, const _EVP_MD_PTR _arg2, _ENGINE_PTR _arg3, _EVP_PKEY_PTR _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_DigestVerifyInit(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_EncryptFinal_ex(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_EncryptFinal_ex(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_EncryptInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_EncryptInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_EncryptUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_EncryptUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_KDF_CTX_free(_EVP_KDF_CTX_PTR _arg0) { -+ _g_EVP_KDF_CTX_free(_arg0); -+} -+ -+size_t _mkcgo_EVP_KDF_CTX_get_kdf_size(_EVP_KDF_CTX_PTR _arg0, mkcgo_err_state *_err_state) { -+ size_t _ret = _g_EVP_KDF_CTX_get_kdf_size(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_KDF_CTX_PTR _mkcgo_EVP_KDF_CTX_new(_EVP_KDF_PTR _arg0, mkcgo_err_state *_err_state) { -+ _EVP_KDF_CTX_PTR _ret = _g_EVP_KDF_CTX_new(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_KDF_CTX_set_params(_EVP_KDF_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_KDF_CTX_set_params(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_KDF_derive(_EVP_KDF_CTX_PTR _arg0, unsigned char* _arg1, size_t _arg2, const _OSSL_PARAM_PTR _arg3, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_KDF_derive(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_KDF_PTR _mkcgo_EVP_KDF_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, mkcgo_err_state *_err_state) { -+ _EVP_KDF_PTR _ret = _g_EVP_KDF_fetch(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_KDF_free(_EVP_KDF_PTR _arg0) { -+ _g_EVP_KDF_free(_arg0); -+} -+ -+_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_dup(const _EVP_MAC_CTX_PTR _arg0, mkcgo_err_state *_err_state) { -+ _EVP_MAC_CTX_PTR _ret = _g_EVP_MAC_CTX_dup(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_MAC_CTX_free(_EVP_MAC_CTX_PTR _arg0) { -+ _g_EVP_MAC_CTX_free(_arg0); -+} -+ -+_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_new(_EVP_MAC_PTR _arg0, mkcgo_err_state *_err_state) { -+ _EVP_MAC_CTX_PTR _ret = _g_EVP_MAC_CTX_new(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_MAC_CTX_set_params(_EVP_MAC_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_MAC_CTX_set_params(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_MAC_PTR _mkcgo_EVP_MAC_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, mkcgo_err_state *_err_state) { -+ _EVP_MAC_PTR _ret = _g_EVP_MAC_fetch(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_MAC_final(_EVP_MAC_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, size_t _arg3, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_MAC_final(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_MAC_init(_EVP_MAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const _OSSL_PARAM_PTR _arg3, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_MAC_init(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_MAC_update(_EVP_MAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_MAC_update(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_MD_CTX_copy(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_CTX_PTR _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_MD_CTX_copy(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_CTX_PTR _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_MD_CTX_copy_ex(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_MD_CTX_free(_EVP_MD_CTX_PTR _arg0) { -+ _g_EVP_MD_CTX_free(_arg0); -+} -+ -+int _mkcgo_EVP_MD_CTX_get_params(_EVP_MD_CTX_PTR _arg0, _OSSL_PARAM_PTR _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_MD_CTX_get_params(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_gettable_params(_EVP_MD_CTX_PTR _arg0, mkcgo_err_state *_err_state) { -+ const _OSSL_PARAM_PTR _ret = _g_EVP_MD_CTX_gettable_params(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_MD_CTX_PTR _mkcgo_EVP_MD_CTX_new(mkcgo_err_state *_err_state) { -+ _EVP_MD_CTX_PTR _ret = _g_EVP_MD_CTX_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_MD_CTX_set_params(_EVP_MD_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_MD_CTX_set_params(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_settable_params(_EVP_MD_CTX_PTR _arg0, mkcgo_err_state *_err_state) { -+ const _OSSL_PARAM_PTR _ret = _g_EVP_MD_CTX_settable_params(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_MD_PTR _mkcgo_EVP_MD_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, mkcgo_err_state *_err_state) { -+ _EVP_MD_PTR _ret = _g_EVP_MD_fetch(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_MD_free(_EVP_MD_PTR _arg0) { -+ _g_EVP_MD_free(_arg0); -+} -+ -+const char* _mkcgo_EVP_MD_get0_name(const _EVP_MD_PTR _arg0) { -+ return _g_EVP_MD_get0_name(_arg0); -+} -+ -+const _OSSL_PROVIDER_PTR _mkcgo_EVP_MD_get0_provider(const _EVP_MD_PTR _arg0) { -+ return _g_EVP_MD_get0_provider(_arg0); -+} -+ -+int _mkcgo_EVP_MD_get_block_size(const _EVP_MD_PTR _arg0) { -+ return _g_EVP_MD_get_block_size(_arg0); -+} -+ -+int _mkcgo_EVP_MD_get_size(const _EVP_MD_PTR _arg0) { -+ return _g_EVP_MD_get_size(_arg0); -+} -+ -+int _mkcgo_EVP_MD_get_type(const _EVP_MD_PTR _arg0) { -+ return _g_EVP_MD_get_type(_arg0); -+} -+ -+int _mkcgo_EVP_PKEY_CTX_add1_hkdf_info(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_add1_hkdf_info(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR _arg0, int _arg1, int _arg2, int _arg3, int _arg4, void* _arg5, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_ctrl(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR _arg0) { -+ _g_EVP_PKEY_CTX_free(_arg0); -+} -+ -+_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new(_EVP_PKEY_PTR _arg0, _ENGINE_PTR _arg1, mkcgo_err_state *_err_state) { -+ _EVP_PKEY_CTX_PTR _ret = _g_EVP_PKEY_CTX_new(_arg0, _arg1); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR _arg0, _EVP_PKEY_PTR _arg1, const char* _arg2, mkcgo_err_state *_err_state) { -+ _EVP_PKEY_CTX_PTR _ret = _g_EVP_PKEY_CTX_new_from_pkey(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_id(int _arg0, _ENGINE_PTR _arg1, mkcgo_err_state *_err_state) { -+ _EVP_PKEY_CTX_PTR _ret = _g_EVP_PKEY_CTX_new_id(_arg0, _arg1); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR _arg0, void* _arg1, int _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_set0_rsa_oaep_label(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_CTX_set1_hkdf_key(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_set1_hkdf_key(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_set1_hkdf_salt(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR _arg0, const _EVP_MD_PTR _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_set_hkdf_md(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR _arg0, int _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_set_hkdf_mode(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, const char* _arg3, mkcgo_err_state *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2, _arg3); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, mkcgo_err_state *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, size_t _arg3, mkcgo_err_state *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2, _arg3); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_assign(_EVP_PKEY_PTR _arg0, int _arg1, void* _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_assign(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_decrypt(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_decrypt(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_decrypt_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_decrypt_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_derive(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_derive(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_derive_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_derive_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_derive_set_peer(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_derive_set_peer(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_encrypt(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_encrypt(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_encrypt_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_encrypt_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_PKEY_free(_EVP_PKEY_PTR _arg0) { -+ _g_EVP_PKEY_free(_arg0); -+} -+ -+int _mkcgo_EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1, int _arg2, _OSSL_PARAM_PTR _arg3, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_fromdata(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_fromdata_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_DSA_PTR _mkcgo_EVP_PKEY_get0_DSA(_EVP_PKEY_PTR _arg0, mkcgo_err_state *_err_state) { -+ _DSA_PTR _ret = _g_EVP_PKEY_get0_DSA(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EC_KEY_PTR _mkcgo_EVP_PKEY_get0_EC_KEY(_EVP_PKEY_PTR _arg0, mkcgo_err_state *_err_state) { -+ _EC_KEY_PTR _ret = _g_EVP_PKEY_get0_EC_KEY(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_RSA_PTR _mkcgo_EVP_PKEY_get1_RSA(_EVP_PKEY_PTR _arg0, mkcgo_err_state *_err_state) { -+ _RSA_PTR _ret = _g_EVP_PKEY_get1_RSA(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+size_t _mkcgo_EVP_PKEY_get1_encoded_public_key(_EVP_PKEY_PTR _arg0, unsigned char** _arg1, mkcgo_err_state *_err_state) { -+ size_t _ret = _g_EVP_PKEY_get1_encoded_public_key(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_get_bits(const _EVP_PKEY_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_get_bits(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_get_bn_param(const _EVP_PKEY_PTR _arg0, const char* _arg1, _BIGNUM_PTR* _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_get_bn_param(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR _arg0, unsigned char* _arg1, size_t* _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_get_raw_private_key(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR _arg0, unsigned char* _arg1, size_t* _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_get_raw_public_key(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_get_size(const _EVP_PKEY_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_get_size(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_keygen(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_keygen(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_keygen_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_keygen_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new(mkcgo_err_state *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_private_key(int _arg0, _ENGINE_PTR _arg1, const unsigned char* _arg2, size_t _arg3, mkcgo_err_state *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_new_raw_private_key(_arg0, _arg1, _arg2, _arg3); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_public_key(int _arg0, _ENGINE_PTR _arg1, const unsigned char* _arg2, size_t _arg3, mkcgo_err_state *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_new_raw_public_key(_arg0, _arg1, _arg2, _arg3); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_paramgen(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_paramgen(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_paramgen_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_private_check(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_private_check(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_public_check_quick(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_public_check_quick(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR _arg0, _EC_KEY_PTR _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_set1_EC_KEY(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_set1_encoded_public_key(_EVP_PKEY_PTR _arg0, const unsigned char* _arg1, size_t _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_set1_encoded_public_key(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_sign(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_sign(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_sign_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_sign_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_up_ref(_EVP_PKEY_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_up_ref(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_verify(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const unsigned char* _arg3, size_t _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_verify(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_verify_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_PKEY_verify_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_SIGNATURE_PTR _mkcgo_EVP_SIGNATURE_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, mkcgo_err_state *_err_state) { -+ _EVP_SIGNATURE_PTR _ret = _g_EVP_SIGNATURE_fetch(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_SIGNATURE_free(_EVP_SIGNATURE_PTR _arg0) { -+ _g_EVP_SIGNATURE_free(_arg0); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_cbc(void) { -+ return _g_EVP_aes_128_cbc(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ctr(void) { -+ return _g_EVP_aes_128_ctr(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ecb(void) { -+ return _g_EVP_aes_128_ecb(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_gcm(void) { -+ return _g_EVP_aes_128_gcm(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_cbc(void) { -+ return _g_EVP_aes_192_cbc(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ctr(void) { -+ return _g_EVP_aes_192_ctr(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ecb(void) { -+ return _g_EVP_aes_192_ecb(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_gcm(void) { -+ return _g_EVP_aes_192_gcm(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_cbc(void) { -+ return _g_EVP_aes_256_cbc(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ctr(void) { -+ return _g_EVP_aes_256_ctr(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ecb(void) { -+ return _g_EVP_aes_256_ecb(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_gcm(void) { -+ return _g_EVP_aes_256_gcm(); -+} -+ -+int _mkcgo_EVP_default_properties_enable_fips(_OSSL_LIB_CTX_PTR _arg0, int _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_EVP_default_properties_enable_fips(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_default_properties_is_fips_enabled(_OSSL_LIB_CTX_PTR _arg0) { -+ return _g_EVP_default_properties_is_fips_enabled(_arg0); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_cbc(void) { -+ return _g_EVP_des_cbc(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_ecb(void) { -+ return _g_EVP_des_ecb(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_cbc(void) { -+ return _g_EVP_des_ede3_cbc(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_ecb(void) { -+ return _g_EVP_des_ede3_ecb(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_md4(void) { -+ return _g_EVP_md4(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_md5(void) { -+ return _g_EVP_md5(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_md5_sha1(void) { -+ return _g_EVP_md5_sha1(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_rc4(void) { -+ return _g_EVP_rc4(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_ripemd160(void) { -+ return _g_EVP_ripemd160(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha1(void) { -+ return _g_EVP_sha1(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha224(void) { -+ return _g_EVP_sha224(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha256(void) { -+ return _g_EVP_sha256(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha384(void) { -+ return _g_EVP_sha384(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha3_224(void) { -+ return _g_EVP_sha3_224(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha3_256(void) { -+ return _g_EVP_sha3_256(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha3_384(void) { -+ return _g_EVP_sha3_384(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha3_512(void) { -+ return _g_EVP_sha3_512(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha512(void) { -+ return _g_EVP_sha512(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha512_224(void) { -+ return _g_EVP_sha512_224(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha512_256(void) { -+ return _g_EVP_sha512_256(); -+} -+ -+int _mkcgo_FIPS_mode(void) { -+ return _g_FIPS_mode(); -+} -+ -+int _mkcgo_FIPS_mode_set(int _arg0, mkcgo_err_state *_err_state) { -+ int _ret = _g_FIPS_mode_set(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_HMAC_CTX_copy(_HMAC_CTX_PTR _arg0, _HMAC_CTX_PTR _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_HMAC_CTX_copy(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_HMAC_CTX_free(_HMAC_CTX_PTR _arg0) { -+ _g_HMAC_CTX_free(_arg0); -+} -+ -+_HMAC_CTX_PTR _mkcgo_HMAC_CTX_new(mkcgo_err_state *_err_state) { -+ _HMAC_CTX_PTR _ret = _g_HMAC_CTX_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_HMAC_Final(_HMAC_CTX_PTR _arg0, unsigned char* _arg1, unsigned int* _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_HMAC_Final(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_HMAC_Init_ex(_HMAC_CTX_PTR _arg0, const void* _arg1, int _arg2, const _EVP_MD_PTR _arg3, _ENGINE_PTR _arg4, mkcgo_err_state *_err_state) { -+ int _ret = _g_HMAC_Init_ex(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_HMAC_Update(_HMAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_HMAC_Update(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+const char* _mkcgo_OBJ_nid2sn(int _arg0) { -+ return _g_OBJ_nid2sn(_arg0); -+} -+ -+void _mkcgo_OPENSSL_init(void) { -+ _g_OPENSSL_init(); -+} -+ -+int _mkcgo_OPENSSL_init_crypto(uint64_t _arg0, const _OPENSSL_INIT_SETTINGS_PTR _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_OPENSSL_init_crypto(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_available_OPENSSL_version_major() { -+ return _g_OPENSSL_version_major != NULL; -+} -+ -+unsigned int _mkcgo_OPENSSL_version_major(void) { -+ return _g_OPENSSL_version_major(); -+} -+ -+int _mkcgo_available_OPENSSL_version_minor() { -+ return _g_OPENSSL_version_minor != NULL; -+} -+ -+unsigned int _mkcgo_OPENSSL_version_minor(void) { -+ return _g_OPENSSL_version_minor(); -+} -+ -+int _mkcgo_available_OPENSSL_version_patch() { -+ return _g_OPENSSL_version_patch != NULL; -+} -+ -+unsigned int _mkcgo_OPENSSL_version_patch(void) { -+ return _g_OPENSSL_version_patch(); -+} -+ -+void _mkcgo_OSSL_PARAM_BLD_free(_OSSL_PARAM_BLD_PTR _arg0) { -+ _g_OSSL_PARAM_BLD_free(_arg0); -+} -+ -+_OSSL_PARAM_BLD_PTR _mkcgo_OSSL_PARAM_BLD_new(mkcgo_err_state *_err_state) { -+ _OSSL_PARAM_BLD_PTR _ret = _g_OSSL_PARAM_BLD_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_OSSL_PARAM_BLD_push_BN(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const _BIGNUM_PTR _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_OSSL_PARAM_BLD_push_BN(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_OSSL_PARAM_BLD_push_int32(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, int32_t _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_OSSL_PARAM_BLD_push_int32(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_OSSL_PARAM_BLD_push_octet_string(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const void* _arg2, size_t _arg3, mkcgo_err_state *_err_state) { -+ int _ret = _g_OSSL_PARAM_BLD_push_octet_string(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_OSSL_PARAM_BLD_push_utf8_string(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const char* _arg2, size_t _arg3, mkcgo_err_state *_err_state) { -+ int _ret = _g_OSSL_PARAM_BLD_push_utf8_string(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_BLD_to_param(_OSSL_PARAM_BLD_PTR _arg0, mkcgo_err_state *_err_state) { -+ _OSSL_PARAM_PTR _ret = _g_OSSL_PARAM_BLD_to_param(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_OSSL_PARAM_free(_OSSL_PARAM_PTR _arg0) { -+ _g_OSSL_PARAM_free(_arg0); -+} -+ -+const _OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_locate_const(const _OSSL_PARAM_PTR _arg0, const char* _arg1, mkcgo_err_state *_err_state) { -+ const _OSSL_PARAM_PTR _ret = _g_OSSL_PARAM_locate_const(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_OSSL_PROVIDER_available(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1) { -+ return _g_OSSL_PROVIDER_available(_arg0, _arg1); -+} -+ -+const char* _mkcgo_OSSL_PROVIDER_get0_name(const _OSSL_PROVIDER_PTR _arg0) { -+ return _g_OSSL_PROVIDER_get0_name(_arg0); -+} -+ -+_OSSL_PROVIDER_PTR _mkcgo_OSSL_PROVIDER_try_load(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, int _arg2, mkcgo_err_state *_err_state) { -+ _OSSL_PROVIDER_PTR _ret = _g_OSSL_PROVIDER_try_load(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+const char* _mkcgo_OpenSSL_version(int _arg0) { -+ return _g_OpenSSL_version(_arg0); -+} -+ -+int _mkcgo_available_OpenSSL_version_num() { -+ return _g_OpenSSL_version_num != NULL; -+} -+ -+unsigned long _mkcgo_OpenSSL_version_num(void) { -+ return _g_OpenSSL_version_num(); -+} -+ -+int _mkcgo_PKCS5_PBKDF2_HMAC(const char* _arg0, int _arg1, const unsigned char* _arg2, int _arg3, int _arg4, const _EVP_MD_PTR _arg5, int _arg6, unsigned char* _arg7, mkcgo_err_state *_err_state) { -+ int _ret = _g_PKCS5_PBKDF2_HMAC(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_RAND_bytes(unsigned char* _arg0, int _arg1, mkcgo_err_state *_err_state) { -+ int _ret = _g_RAND_bytes(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_RSA_free(_RSA_PTR _arg0) { -+ _g_RSA_free(_arg0); -+} -+ -+void _mkcgo_RSA_get0_crt_params(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { -+ _g_RSA_get0_crt_params(_arg0, _arg1, _arg2, _arg3); -+} -+ -+void _mkcgo_RSA_get0_factors(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2) { -+ _g_RSA_get0_factors(_arg0, _arg1, _arg2); -+} -+ -+void _mkcgo_RSA_get0_key(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { -+ _g_RSA_get0_key(_arg0, _arg1, _arg2, _arg3); -+} -+ -+_RSA_PTR _mkcgo_RSA_new(mkcgo_err_state *_err_state) { -+ _RSA_PTR _ret = _g_RSA_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_RSA_set0_crt_params(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, mkcgo_err_state *_err_state) { -+ int _ret = _g_RSA_set0_crt_params(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_RSA_set0_factors(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, mkcgo_err_state *_err_state) { -+ int _ret = _g_RSA_set0_factors(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_RSA_set0_key(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, mkcgo_err_state *_err_state) { -+ int _ret = _g_RSA_set0_key(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.go -new file mode 100644 -index 00000000000000..9079f7a0cffc40 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.go -@@ -0,0 +1,1329 @@ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+package ossl -+ -+/* -+#cgo CFLAGS: -Wno-attributes -+#cgo unix LDFLAGS: -ldl -+ -+#include "zossl.h" -+*/ -+import "C" -+import "unsafe" -+ -+const ( -+ POINT_CONVERSION_UNCOMPRESSED = 4 -+ OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002 -+ OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004 -+ OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008 -+ OPENSSL_INIT_LOAD_CONFIG = 0x00000040 -+ EVP_CTRL_GCM_GET_TAG = 0x10 -+ EVP_CTRL_GCM_SET_TAG = 0x11 -+ EVP_PKEY_CTRL_MD = 1 -+ EVP_PKEY_RSA = 6 -+ EVP_PKEY_EC = 408 -+ EVP_PKEY_TLS1_PRF = 1021 -+ EVP_PKEY_HKDF = 1036 -+ EVP_PKEY_ED25519 = 1087 -+ EVP_PKEY_DSA = 116 -+ EVP_PKEY_OP_DERIVE = (1 << 10) -+ EVP_MAX_MD_SIZE = 64 -+ EVP_PKEY_PUBLIC_KEY = 0x86 -+ EVP_PKEY_KEYPAIR = 0x87 -+ EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001 -+ EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1 -+ EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2 -+ EVP_PKEY_CTRL_TLS_MD = 0x1000 -+ EVP_PKEY_CTRL_TLS_SECRET = 0x1001 -+ EVP_PKEY_CTRL_TLS_SEED = 0x1002 -+ EVP_PKEY_CTRL_HKDF_MD = 0x1003 -+ EVP_PKEY_CTRL_HKDF_SALT = 0x1004 -+ EVP_PKEY_CTRL_HKDF_KEY = 0x1005 -+ EVP_PKEY_CTRL_HKDF_INFO = 0x1006 -+ EVP_PKEY_CTRL_HKDF_MODE = 0x1007 -+ NID_X9_62_prime256v1 = 415 -+ NID_secp224r1 = 713 -+ NID_secp384r1 = 715 -+ NID_secp521r1 = 716 -+ RSA_PKCS1_PADDING = 1 -+ RSA_NO_PADDING = 3 -+ RSA_PKCS1_OAEP_PADDING = 4 -+ RSA_PKCS1_PSS_PADDING = 6 -+ RSA_PSS_SALTLEN_DIGEST = -1 -+ RSA_PSS_SALTLEN_AUTO = -2 -+ RSA_PSS_SALTLEN_MAX_SIGN = -2 -+ RSA_PSS_SALTLEN_MAX = -3 -+ EVP_PKEY_CTRL_RSA_PADDING = 0x1001 -+ EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002 -+ EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003 -+ EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005 -+ EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009 -+ EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A -+ EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001 -+ EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002 -+ OSSL_PARAM_INTEGER = 1 -+ OSSL_PARAM_OCTET_STRING = 5 -+) -+ -+type BIGNUM_PTR = C._BIGNUM_PTR -+type BN_CTX_PTR = C._BN_CTX_PTR -+type DSA_PTR = C._DSA_PTR -+type EC_GROUP_PTR = C._EC_GROUP_PTR -+type EC_KEY_PTR = C._EC_KEY_PTR -+type EC_POINT_PTR = C._EC_POINT_PTR -+type ENGINE_PTR = C._ENGINE_PTR -+type EVP_CIPHER_CTX_PTR = C._EVP_CIPHER_CTX_PTR -+type EVP_CIPHER_PTR = C._EVP_CIPHER_PTR -+type EVP_KDF_CTX_PTR = C._EVP_KDF_CTX_PTR -+type EVP_KDF_PTR = C._EVP_KDF_PTR -+type EVP_MAC_CTX_PTR = C._EVP_MAC_CTX_PTR -+type EVP_MAC_PTR = C._EVP_MAC_PTR -+type EVP_MD_CTX_PTR = C._EVP_MD_CTX_PTR -+type EVP_MD_PTR = C._EVP_MD_PTR -+type EVP_PKEY_CTX_PTR = C._EVP_PKEY_CTX_PTR -+type EVP_PKEY_PTR = C._EVP_PKEY_PTR -+type EVP_SIGNATURE_PTR = C._EVP_SIGNATURE_PTR -+type HMAC_CTX_PTR = C._HMAC_CTX_PTR -+type OPENSSL_INIT_SETTINGS_PTR = C._OPENSSL_INIT_SETTINGS_PTR -+type OSSL_LIB_CTX_PTR = C._OSSL_LIB_CTX_PTR -+type OSSL_PARAM_BLD_PTR = C._OSSL_PARAM_BLD_PTR -+type OSSL_PARAM_PTR = C._OSSL_PARAM_PTR -+type OSSL_PROVIDER_PTR = C._OSSL_PROVIDER_PTR -+type RSA_PTR = C._RSA_PTR -+type Point_conversion_form_t = C.point_conversion_form_t -+ -+func MkcgoLoad_(handle unsafe.Pointer) { -+ C.__mkcgo_load_(handle) -+} -+ -+func MkcgoUnload_() { -+ C.__mkcgo_unload_() -+} -+ -+func MkcgoLoad_111(handle unsafe.Pointer) { -+ C.__mkcgo_load_111(handle) -+} -+ -+func MkcgoUnload_111() { -+ C.__mkcgo_unload_111() -+} -+ -+func MkcgoLoad_3(handle unsafe.Pointer) { -+ C.__mkcgo_load_3(handle) -+} -+ -+func MkcgoUnload_3() { -+ C.__mkcgo_unload_3() -+} -+ -+func MkcgoLoad_init_1(handle unsafe.Pointer) { -+ C.__mkcgo_load_init_1(handle) -+} -+ -+func MkcgoUnload_init_1() { -+ C.__mkcgo_unload_init_1() -+} -+ -+func MkcgoLoad_init_3(handle unsafe.Pointer) { -+ C.__mkcgo_load_init_3(handle) -+} -+ -+func MkcgoUnload_init_3() { -+ C.__mkcgo_unload_init_3() -+} -+ -+func MkcgoLoad_legacy_1(handle unsafe.Pointer) { -+ C.__mkcgo_load_legacy_1(handle) -+} -+ -+func MkcgoUnload_legacy_1() { -+ C.__mkcgo_unload_legacy_1() -+} -+ -+func MkcgoLoad_version(handle unsafe.Pointer) { -+ C.__mkcgo_load_version(handle) -+} -+ -+func MkcgoUnload_version() { -+ C.__mkcgo_unload_version() -+} -+ -+//go:nosplit -+func mkcgoNoEscape(p *C.mkcgo_err_state) *C.mkcgo_err_state { -+ x := uintptr(unsafe.Pointer(p)) -+ return (*C.mkcgo_err_state)(unsafe.Pointer(x ^ 0)) -+} -+ -+func BN_bin2bn(arg0 *byte, arg1 int32, arg2 BIGNUM_PTR) (BIGNUM_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_BN_bin2bn((*C.uchar)(unsafe.Pointer(arg0)), C.int(arg1), arg2, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("BN_bin2bn", _err) -+} -+ -+func BN_bn2binpad(a BIGNUM_PTR, to *byte, tolen int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_BN_bn2binpad(a, (*C.uchar)(unsafe.Pointer(to)), C.int(tolen), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("BN_bn2binpad", _err) -+} -+ -+func BN_bn2lebinpad(a BIGNUM_PTR, to *byte, tolen int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_BN_bn2lebinpad(a, (*C.uchar)(unsafe.Pointer(to)), C.int(tolen), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("BN_bn2lebinpad", _err) -+} -+ -+func BN_clear(arg0 BIGNUM_PTR) { -+ C._mkcgo_BN_clear(arg0) -+} -+ -+func BN_clear_free(arg0 BIGNUM_PTR) { -+ C._mkcgo_BN_clear_free(arg0) -+} -+ -+func BN_free(arg0 BIGNUM_PTR) { -+ C._mkcgo_BN_free(arg0) -+} -+ -+func BN_lebin2bn(s *byte, len int32, ret BIGNUM_PTR) (BIGNUM_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_BN_lebin2bn((*C.uchar)(unsafe.Pointer(s)), C.int(len), ret, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("BN_lebin2bn", _err) -+} -+ -+func BN_new() (BIGNUM_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_BN_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("BN_new", _err) -+} -+ -+func BN_num_bits(arg0 BIGNUM_PTR) int32 { -+ return int32(C._mkcgo_BN_num_bits(arg0)) -+} -+ -+func CRYPTO_free(str unsafe.Pointer, file *byte, line int32) { -+ C._mkcgo_CRYPTO_free(str, (*C.char)(unsafe.Pointer(file)), C.int(line)) -+} -+ -+func CRYPTO_malloc(num int, file *byte, line int32) (unsafe.Pointer, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_CRYPTO_malloc(C.size_t(num), (*C.char)(unsafe.Pointer(file)), C.int(line), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("CRYPTO_malloc", _err) -+} -+ -+func DSA_free(r DSA_PTR) { -+ C._mkcgo_DSA_free(r) -+} -+ -+func DSA_generate_key(a DSA_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_DSA_generate_key(a, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("DSA_generate_key", _err) -+} -+ -+func DSA_get0_key(d DSA_PTR, pub_key *BIGNUM_PTR, priv_key *BIGNUM_PTR) { -+ C._mkcgo_DSA_get0_key(d, pub_key, priv_key) -+} -+ -+func DSA_get0_pqg(d DSA_PTR, p *BIGNUM_PTR, q *BIGNUM_PTR, g *BIGNUM_PTR) { -+ C._mkcgo_DSA_get0_pqg(d, p, q, g) -+} -+ -+func DSA_new() (DSA_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_DSA_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("DSA_new", _err) -+} -+ -+func DSA_set0_key(d DSA_PTR, pub_key BIGNUM_PTR, priv_key BIGNUM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_DSA_set0_key(d, pub_key, priv_key, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("DSA_set0_key", _err) -+} -+ -+func DSA_set0_pqg(d DSA_PTR, p BIGNUM_PTR, q BIGNUM_PTR, g BIGNUM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_DSA_set0_pqg(d, p, q, g, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("DSA_set0_pqg", _err) -+} -+ -+func EC_GROUP_free(group EC_GROUP_PTR) { -+ C._mkcgo_EC_GROUP_free(group) -+} -+ -+func EC_GROUP_new_by_curve_name(nid int32) (EC_GROUP_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EC_GROUP_new_by_curve_name(C.int(nid), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EC_GROUP_new_by_curve_name", _err) -+} -+ -+func EC_KEY_check_key(key EC_KEY_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EC_KEY_check_key(key, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_KEY_check_key", _err) -+} -+ -+func EC_KEY_free(arg0 EC_KEY_PTR) { -+ C._mkcgo_EC_KEY_free(arg0) -+} -+ -+func EC_KEY_get0_group(arg0 EC_KEY_PTR) EC_GROUP_PTR { -+ return C._mkcgo_EC_KEY_get0_group(arg0) -+} -+ -+func EC_KEY_get0_private_key(arg0 EC_KEY_PTR) BIGNUM_PTR { -+ return C._mkcgo_EC_KEY_get0_private_key(arg0) -+} -+ -+func EC_KEY_get0_public_key(arg0 EC_KEY_PTR) EC_POINT_PTR { -+ return C._mkcgo_EC_KEY_get0_public_key(arg0) -+} -+ -+func EC_KEY_new_by_curve_name(arg0 int32) (EC_KEY_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EC_KEY_new_by_curve_name(C.int(arg0), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EC_KEY_new_by_curve_name", _err) -+} -+ -+func EC_KEY_set_private_key(arg0 EC_KEY_PTR, arg1 BIGNUM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EC_KEY_set_private_key(arg0, arg1, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_KEY_set_private_key", _err) -+} -+ -+func EC_KEY_set_public_key(key EC_KEY_PTR, pub EC_POINT_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EC_KEY_set_public_key(key, pub, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_KEY_set_public_key", _err) -+} -+ -+func EC_KEY_set_public_key_affine_coordinates(key EC_KEY_PTR, x BIGNUM_PTR, y BIGNUM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EC_KEY_set_public_key_affine_coordinates(key, x, y, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_KEY_set_public_key_affine_coordinates", _err) -+} -+ -+func EC_POINT_free(arg0 EC_POINT_PTR) { -+ C._mkcgo_EC_POINT_free(arg0) -+} -+ -+func EC_POINT_get_affine_coordinates_GFp(arg0 EC_GROUP_PTR, arg1 EC_POINT_PTR, arg2 BIGNUM_PTR, arg3 BIGNUM_PTR, arg4 BN_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EC_POINT_get_affine_coordinates_GFp(arg0, arg1, arg2, arg3, arg4, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_POINT_get_affine_coordinates_GFp", _err) -+} -+ -+func EC_POINT_mul(group EC_GROUP_PTR, r EC_POINT_PTR, n BIGNUM_PTR, q EC_POINT_PTR, m BIGNUM_PTR, ctx BN_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EC_POINT_mul(group, r, n, q, m, ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_POINT_mul", _err) -+} -+ -+func EC_POINT_new(arg0 EC_GROUP_PTR) (EC_POINT_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EC_POINT_new(arg0, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EC_POINT_new", _err) -+} -+ -+func EC_POINT_oct2point(group EC_GROUP_PTR, p EC_POINT_PTR, buf *byte, len int, ctx BN_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EC_POINT_oct2point(group, p, (*C.uchar)(unsafe.Pointer(buf)), C.size_t(len), ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_POINT_oct2point", _err) -+} -+ -+func EC_POINT_point2oct(group EC_GROUP_PTR, p EC_POINT_PTR, form Point_conversion_form_t, buf *byte, len int, ctx BN_CTX_PTR) (int, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EC_POINT_point2oct(group, p, form, (*C.uchar)(unsafe.Pointer(buf)), C.size_t(len), ctx, mkcgoNoEscape(&_err)) -+ return int(_ret), newMkcgoErr("EC_POINT_point2oct", _err) -+} -+ -+func EC_POINT_set_affine_coordinates(arg0 EC_GROUP_PTR, arg1 EC_POINT_PTR, arg2 BIGNUM_PTR, arg3 BIGNUM_PTR, arg4 BN_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EC_POINT_set_affine_coordinates(arg0, arg1, arg2, arg3, arg4, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_POINT_set_affine_coordinates", _err) -+} -+ -+func ERR_clear_error() { -+ C._mkcgo_ERR_clear_error() -+} -+ -+func ERR_error_string_n(e uint32, buf *byte, len int) { -+ C._mkcgo_ERR_error_string_n(C.ulong(e), (*C.char)(unsafe.Pointer(buf)), C.size_t(len)) -+} -+ -+func ERR_get_error_all(file **byte, line *int32, __func **byte, data **byte, flags *int32) uint32 { -+ return uint32(C._mkcgo_ERR_get_error_all((**C.char)(unsafe.Pointer(file)), (*C.int)(unsafe.Pointer(line)), (**C.char)(unsafe.Pointer(__func)), (**C.char)(unsafe.Pointer(data)), (*C.int)(unsafe.Pointer(flags)))) -+} -+ -+func ERR_get_error_line(file **byte, line *int32) uint32 { -+ return uint32(C._mkcgo_ERR_get_error_line((**C.char)(unsafe.Pointer(file)), (*C.int)(unsafe.Pointer(line)))) -+} -+ -+func EVP_CIPHER_CTX_ctrl(ctx EVP_CIPHER_CTX_PTR, __type int32, arg int32, ptr unsafe.Pointer) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_CIPHER_CTX_ctrl(ctx, C.int(__type), C.int(arg), ptr, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_CIPHER_CTX_ctrl", _err) -+} -+ -+func EVP_CIPHER_CTX_free(arg0 EVP_CIPHER_CTX_PTR) { -+ C._mkcgo_EVP_CIPHER_CTX_free(arg0) -+} -+ -+func EVP_CIPHER_CTX_new() (EVP_CIPHER_CTX_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_CIPHER_CTX_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_CIPHER_CTX_new", _err) -+} -+ -+func EVP_CIPHER_CTX_set_key_length(x EVP_CIPHER_CTX_PTR, keylen int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_CIPHER_CTX_set_key_length(x, C.int(keylen), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_CIPHER_CTX_set_key_length", _err) -+} -+ -+func EVP_CIPHER_CTX_set_padding(x EVP_CIPHER_CTX_PTR, padding int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_CIPHER_CTX_set_padding(x, C.int(padding), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_CIPHER_CTX_set_padding", _err) -+} -+ -+func EVP_CIPHER_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_CIPHER_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_CIPHER_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_CIPHER_fetch", _err) -+} -+ -+func EVP_CIPHER_get0_name(cipher EVP_CIPHER_PTR) *byte { -+ return (*byte)(unsafe.Pointer(C._mkcgo_EVP_CIPHER_get0_name(cipher))) -+} -+ -+func EVP_CIPHER_get_block_size(cipher EVP_CIPHER_PTR) int32 { -+ return int32(C._mkcgo_EVP_CIPHER_get_block_size(cipher)) -+} -+ -+func EVP_CipherInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte, enc int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_CipherInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)), C.int(enc), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_CipherInit_ex", _err) -+} -+ -+func EVP_CipherUpdate(ctx EVP_CIPHER_CTX_PTR, out *byte, outl *int32, in *byte, inl int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_CipherUpdate(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(in)), C.int(inl), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_CipherUpdate", _err) -+} -+ -+func EVP_DecryptFinal_ex(ctx EVP_CIPHER_CTX_PTR, outm *byte, outl *int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_DecryptFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(outm)), (*C.int)(unsafe.Pointer(outl)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DecryptFinal_ex", _err) -+} -+ -+func EVP_DecryptInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_DecryptInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DecryptInit_ex", _err) -+} -+ -+func EVP_DecryptUpdate(ctx EVP_CIPHER_CTX_PTR, out *byte, outl *int32, in *byte, inl int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_DecryptUpdate(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(in)), C.int(inl), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DecryptUpdate", _err) -+} -+ -+func EVP_Digest(data unsafe.Pointer, count int, md *byte, size *uint32, __type EVP_MD_PTR, impl ENGINE_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_Digest(unsafe.Pointer(&*(*byte)(data)), C.size_t(count), (*C.uchar)(unsafe.Pointer(md)), (*C.uint)(unsafe.Pointer(size)), __type, impl, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_Digest", _err) -+} -+ -+func EVP_DigestFinal_ex(ctx EVP_MD_CTX_PTR, md *byte, s *uint32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_DigestFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(md)), (*C.uint)(unsafe.Pointer(s)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestFinal_ex", _err) -+} -+ -+func EVP_DigestInit(ctx EVP_MD_CTX_PTR, __type EVP_MD_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_DigestInit(ctx, __type, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestInit", _err) -+} -+ -+func EVP_DigestInit_ex(ctx EVP_MD_CTX_PTR, __type EVP_MD_PTR, impl ENGINE_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_DigestInit_ex(ctx, __type, impl, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestInit_ex", _err) -+} -+ -+func EVP_DigestSign(ctx EVP_MD_CTX_PTR, sigret *byte, siglen *int, tbs *byte, tbslen int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_DigestSign(ctx, (*C.uchar)(unsafe.Pointer(sigret)), (*C.size_t)(unsafe.Pointer(siglen)), (*C.uchar)(unsafe.Pointer(tbs)), C.size_t(tbslen), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestSign", _err) -+} -+ -+func EVP_DigestSignFinal(ctx EVP_MD_CTX_PTR, sig *byte, siglen *int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_DigestSignFinal(ctx, (*C.uchar)(unsafe.Pointer(sig)), (*C.size_t)(unsafe.Pointer(siglen)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestSignFinal", _err) -+} -+ -+func EVP_DigestSignInit(ctx EVP_MD_CTX_PTR, pctx *EVP_PKEY_CTX_PTR, __type EVP_MD_PTR, e ENGINE_PTR, pkey EVP_PKEY_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_DigestSignInit(ctx, pctx, __type, e, pkey, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestSignInit", _err) -+} -+ -+func EVP_DigestUpdate(ctx EVP_MD_CTX_PTR, d unsafe.Pointer, cnt int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_DigestUpdate(ctx, unsafe.Pointer(&*(*byte)(d)), C.size_t(cnt), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestUpdate", _err) -+} -+ -+func EVP_DigestVerify(ctx EVP_MD_CTX_PTR, sigret *byte, siglen int, tbs *byte, tbslen int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_DigestVerify(ctx, (*C.uchar)(unsafe.Pointer(sigret)), C.size_t(siglen), (*C.uchar)(unsafe.Pointer(tbs)), C.size_t(tbslen), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestVerify", _err) -+} -+ -+func EVP_DigestVerifyFinal(ctx EVP_MD_CTX_PTR, sig *byte, siglen int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_DigestVerifyFinal(ctx, (*C.uchar)(unsafe.Pointer(sig)), C.size_t(siglen), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestVerifyFinal", _err) -+} -+ -+func EVP_DigestVerifyInit(ctx EVP_MD_CTX_PTR, pctx *EVP_PKEY_CTX_PTR, __type EVP_MD_PTR, e ENGINE_PTR, pkey EVP_PKEY_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_DigestVerifyInit(ctx, pctx, __type, e, pkey, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestVerifyInit", _err) -+} -+ -+func EVP_EncryptFinal_ex(ctx EVP_CIPHER_CTX_PTR, out *byte, outl *int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_EncryptFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.int)(unsafe.Pointer(outl)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_EncryptFinal_ex", _err) -+} -+ -+func EVP_EncryptInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_EncryptInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_EncryptInit_ex", _err) -+} -+ -+func EVP_EncryptUpdate(ctx EVP_CIPHER_CTX_PTR, out *byte, outl *int32, in *byte, inl int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_EncryptUpdate(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(in)), C.int(inl), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_EncryptUpdate", _err) -+} -+ -+func EVP_KDF_CTX_free(ctx EVP_KDF_CTX_PTR) { -+ C._mkcgo_EVP_KDF_CTX_free(ctx) -+} -+ -+func EVP_KDF_CTX_get_kdf_size(ctx EVP_KDF_CTX_PTR) (int, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_KDF_CTX_get_kdf_size(ctx, mkcgoNoEscape(&_err)) -+ return int(_ret), newMkcgoErr("EVP_KDF_CTX_get_kdf_size", _err) -+} -+ -+func EVP_KDF_CTX_new(kdf EVP_KDF_PTR) (EVP_KDF_CTX_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_KDF_CTX_new(kdf, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_KDF_CTX_new", _err) -+} -+ -+func EVP_KDF_CTX_set_params(ctx EVP_KDF_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_KDF_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_KDF_CTX_set_params", _err) -+} -+ -+func EVP_KDF_derive(ctx EVP_KDF_CTX_PTR, key *byte, keylen int, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_KDF_derive(ctx, (*C.uchar)(unsafe.Pointer(key)), C.size_t(keylen), params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_KDF_derive", _err) -+} -+ -+func EVP_KDF_fetch(libctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_KDF_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_KDF_fetch(libctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_KDF_fetch", _err) -+} -+ -+func EVP_KDF_free(kdf EVP_KDF_PTR) { -+ C._mkcgo_EVP_KDF_free(kdf) -+} -+ -+func EVP_MAC_CTX_dup(arg0 EVP_MAC_CTX_PTR) (EVP_MAC_CTX_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MAC_CTX_dup(arg0, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_MAC_CTX_dup", _err) -+} -+ -+func EVP_MAC_CTX_free(arg0 EVP_MAC_CTX_PTR) { -+ C._mkcgo_EVP_MAC_CTX_free(arg0) -+} -+ -+func EVP_MAC_CTX_new(arg0 EVP_MAC_PTR) (EVP_MAC_CTX_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MAC_CTX_new(arg0, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_MAC_CTX_new", _err) -+} -+ -+func EVP_MAC_CTX_set_params(ctx EVP_MAC_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MAC_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MAC_CTX_set_params", _err) -+} -+ -+func EVP_MAC_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_MAC_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MAC_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_MAC_fetch", _err) -+} -+ -+func EVP_MAC_final(ctx EVP_MAC_CTX_PTR, out *byte, outl *int, outsize int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MAC_final(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.size_t)(unsafe.Pointer(outl)), C.size_t(outsize), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MAC_final", _err) -+} -+ -+func EVP_MAC_init(ctx EVP_MAC_CTX_PTR, key *byte, keylen int, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MAC_init(ctx, (*C.uchar)(unsafe.Pointer(key)), C.size_t(keylen), params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MAC_init", _err) -+} -+ -+func EVP_MAC_update(ctx EVP_MAC_CTX_PTR, data *byte, datalen int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MAC_update(ctx, (*C.uchar)(unsafe.Pointer(data)), C.size_t(datalen), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MAC_update", _err) -+} -+ -+func EVP_MD_CTX_copy(out EVP_MD_CTX_PTR, in EVP_MD_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MD_CTX_copy(out, in, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MD_CTX_copy", _err) -+} -+ -+func EVP_MD_CTX_copy_ex(out EVP_MD_CTX_PTR, in EVP_MD_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MD_CTX_copy_ex(out, in, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MD_CTX_copy_ex", _err) -+} -+ -+func EVP_MD_CTX_free(ctx EVP_MD_CTX_PTR) { -+ C._mkcgo_EVP_MD_CTX_free(ctx) -+} -+ -+func EVP_MD_CTX_get_params(ctx EVP_MD_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MD_CTX_get_params(ctx, params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MD_CTX_get_params", _err) -+} -+ -+func EVP_MD_CTX_gettable_params(ctx EVP_MD_CTX_PTR) (OSSL_PARAM_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MD_CTX_gettable_params(ctx, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_MD_CTX_gettable_params", _err) -+} -+ -+func EVP_MD_CTX_new() (EVP_MD_CTX_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MD_CTX_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_MD_CTX_new", _err) -+} -+ -+func EVP_MD_CTX_set_params(ctx EVP_MD_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MD_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MD_CTX_set_params", _err) -+} -+ -+func EVP_MD_CTX_settable_params(ctx EVP_MD_CTX_PTR) (OSSL_PARAM_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MD_CTX_settable_params(ctx, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_MD_CTX_settable_params", _err) -+} -+ -+func EVP_MD_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_MD_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_MD_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_MD_fetch", _err) -+} -+ -+func EVP_MD_free(md EVP_MD_PTR) { -+ C._mkcgo_EVP_MD_free(md) -+} -+ -+func EVP_MD_get0_name(md EVP_MD_PTR) *byte { -+ return (*byte)(unsafe.Pointer(C._mkcgo_EVP_MD_get0_name(md))) -+} -+ -+func EVP_MD_get0_provider(md EVP_MD_PTR) OSSL_PROVIDER_PTR { -+ return C._mkcgo_EVP_MD_get0_provider(md) -+} -+ -+func EVP_MD_get_block_size(md EVP_MD_PTR) int32 { -+ return int32(C._mkcgo_EVP_MD_get_block_size(md)) -+} -+ -+func EVP_MD_get_size(md EVP_MD_PTR) int32 { -+ return int32(C._mkcgo_EVP_MD_get_size(md)) -+} -+ -+func EVP_MD_get_type(md EVP_MD_PTR) int32 { -+ return int32(C._mkcgo_EVP_MD_get_type(md)) -+} -+ -+func EVP_PKEY_CTX_add1_hkdf_info(arg0 EVP_PKEY_CTX_PTR, arg1 *byte, arg2 int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_CTX_add1_hkdf_info(arg0, (*C.uchar)(unsafe.Pointer(arg1)), C.int(arg2), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_add1_hkdf_info", _err) -+} -+ -+func EVP_PKEY_CTX_ctrl(ctx EVP_PKEY_CTX_PTR, keytype int32, optype int32, cmd int32, p1 int32, p2 unsafe.Pointer) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_CTX_ctrl(ctx, C.int(keytype), C.int(optype), C.int(cmd), C.int(p1), p2, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_ctrl", _err) -+} -+ -+func EVP_PKEY_CTX_free(arg0 EVP_PKEY_CTX_PTR) { -+ C._mkcgo_EVP_PKEY_CTX_free(arg0) -+} -+ -+func EVP_PKEY_CTX_new(arg0 EVP_PKEY_PTR, arg1 ENGINE_PTR) (EVP_PKEY_CTX_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_CTX_new(arg0, arg1, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_CTX_new", _err) -+} -+ -+func EVP_PKEY_CTX_new_from_pkey(libctx OSSL_LIB_CTX_PTR, pkey EVP_PKEY_PTR, propquery *byte) (EVP_PKEY_CTX_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_CTX_new_from_pkey(libctx, pkey, (*C.char)(unsafe.Pointer(propquery)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_CTX_new_from_pkey", _err) -+} -+ -+func EVP_PKEY_CTX_new_id(id int32, e ENGINE_PTR) (EVP_PKEY_CTX_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_CTX_new_id(C.int(id), e, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_CTX_new_id", _err) -+} -+ -+func EVP_PKEY_CTX_set0_rsa_oaep_label(ctx EVP_PKEY_CTX_PTR, label unsafe.Pointer, len int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, label, C.int(len), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set0_rsa_oaep_label", _err) -+} -+ -+func EVP_PKEY_CTX_set1_hkdf_key(arg0 EVP_PKEY_CTX_PTR, arg1 *byte, arg2 int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_CTX_set1_hkdf_key(arg0, (*C.uchar)(unsafe.Pointer(arg1)), C.int(arg2), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set1_hkdf_key", _err) -+} -+ -+func EVP_PKEY_CTX_set1_hkdf_salt(arg0 EVP_PKEY_CTX_PTR, arg1 *byte, arg2 int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_CTX_set1_hkdf_salt(arg0, (*C.uchar)(unsafe.Pointer(arg1)), C.int(arg2), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set1_hkdf_salt", _err) -+} -+ -+func EVP_PKEY_CTX_set_hkdf_md(arg0 EVP_PKEY_CTX_PTR, arg1 EVP_MD_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_CTX_set_hkdf_md(arg0, arg1, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set_hkdf_md", _err) -+} -+ -+func EVP_PKEY_CTX_set_hkdf_mode(arg0 EVP_PKEY_CTX_PTR, arg1 int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_CTX_set_hkdf_mode(arg0, C.int(arg1), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set_hkdf_mode", _err) -+} -+ -+func EVP_PKEY_Q_keygen_EC(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 *byte) (EVP_PKEY_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_Q_keygen_EC(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), (*C.char)(unsafe.Pointer(arg1)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_EC", _err) -+} -+ -+func EVP_PKEY_Q_keygen_ED25519(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_Q_keygen_ED25519(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_ED25519", _err) -+} -+ -+func EVP_PKEY_Q_keygen_RSA(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 int) (EVP_PKEY_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_Q_keygen_RSA(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), C.size_t(arg1), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_RSA", _err) -+} -+ -+func EVP_PKEY_assign(pkey EVP_PKEY_PTR, __type int32, key unsafe.Pointer) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_assign(pkey, C.int(__type), key, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_assign", _err) -+} -+ -+func EVP_PKEY_decrypt(arg0 EVP_PKEY_CTX_PTR, arg1 *byte, arg2 *int, arg3 *byte, arg4 int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_decrypt(arg0, (*C.uchar)(unsafe.Pointer(arg1)), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(arg3)), C.size_t(arg4), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_decrypt", _err) -+} -+ -+func EVP_PKEY_decrypt_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_decrypt_init(arg0, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_decrypt_init", _err) -+} -+ -+func EVP_PKEY_derive(ctx EVP_PKEY_CTX_PTR, key *byte, keylen *int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_derive(ctx, (*C.uchar)(unsafe.Pointer(key)), (*C.size_t)(unsafe.Pointer(keylen)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_derive", _err) -+} -+ -+func EVP_PKEY_derive_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_derive_init(ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_derive_init", _err) -+} -+ -+func EVP_PKEY_derive_set_peer(ctx EVP_PKEY_CTX_PTR, peer EVP_PKEY_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_derive_set_peer(ctx, peer, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_derive_set_peer", _err) -+} -+ -+func EVP_PKEY_encrypt(arg0 EVP_PKEY_CTX_PTR, arg1 *byte, arg2 *int, arg3 *byte, arg4 int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_encrypt(arg0, (*C.uchar)(unsafe.Pointer(arg1)), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(arg3)), C.size_t(arg4), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_encrypt", _err) -+} -+ -+func EVP_PKEY_encrypt_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_encrypt_init(arg0, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_encrypt_init", _err) -+} -+ -+func EVP_PKEY_free(arg0 EVP_PKEY_PTR) { -+ C._mkcgo_EVP_PKEY_free(arg0) -+} -+ -+func EVP_PKEY_fromdata(ctx EVP_PKEY_CTX_PTR, pkey *EVP_PKEY_PTR, selection int32, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_fromdata(ctx, pkey, C.int(selection), params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_fromdata", _err) -+} -+ -+func EVP_PKEY_fromdata_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_fromdata_init(ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_fromdata_init", _err) -+} -+ -+func EVP_PKEY_get0_DSA(pkey EVP_PKEY_PTR) (DSA_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_get0_DSA(pkey, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_get0_DSA", _err) -+} -+ -+func EVP_PKEY_get0_EC_KEY(pkey EVP_PKEY_PTR) (EC_KEY_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_get0_EC_KEY(pkey, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_get0_EC_KEY", _err) -+} -+ -+func EVP_PKEY_get1_RSA(pkey EVP_PKEY_PTR) (RSA_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_get1_RSA(pkey, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_get1_RSA", _err) -+} -+ -+func EVP_PKEY_get1_encoded_public_key(pkey EVP_PKEY_PTR, ppub **byte) (int, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_get1_encoded_public_key(pkey, (**C.uchar)(unsafe.Pointer(ppub)), mkcgoNoEscape(&_err)) -+ return int(_ret), newMkcgoErr("EVP_PKEY_get1_encoded_public_key", _err) -+} -+ -+func EVP_PKEY_get_bits(pkey EVP_PKEY_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_get_bits(pkey, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_get_bits", _err) -+} -+ -+func EVP_PKEY_get_bn_param(pkey EVP_PKEY_PTR, key_name *byte, bn *BIGNUM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_get_bn_param(pkey, (*C.char)(unsafe.Pointer(key_name)), bn, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_get_bn_param", _err) -+} -+ -+func EVP_PKEY_get_raw_private_key(pkey EVP_PKEY_PTR, priv *byte, len *int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_get_raw_private_key(pkey, (*C.uchar)(unsafe.Pointer(priv)), (*C.size_t)(unsafe.Pointer(len)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_get_raw_private_key", _err) -+} -+ -+func EVP_PKEY_get_raw_public_key(pkey EVP_PKEY_PTR, pub *byte, len *int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_get_raw_public_key(pkey, (*C.uchar)(unsafe.Pointer(pub)), (*C.size_t)(unsafe.Pointer(len)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_get_raw_public_key", _err) -+} -+ -+func EVP_PKEY_get_size(pkey EVP_PKEY_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_get_size(pkey, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_get_size", _err) -+} -+ -+func EVP_PKEY_keygen(ctx EVP_PKEY_CTX_PTR, ppkey *EVP_PKEY_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_keygen(ctx, ppkey, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_keygen", _err) -+} -+ -+func EVP_PKEY_keygen_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_keygen_init(ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_keygen_init", _err) -+} -+ -+func EVP_PKEY_new() (EVP_PKEY_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_new", _err) -+} -+ -+func EVP_PKEY_new_raw_private_key(__type int32, e ENGINE_PTR, key *byte, keylen int) (EVP_PKEY_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_new_raw_private_key(C.int(__type), e, (*C.uchar)(unsafe.Pointer(key)), C.size_t(keylen), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_new_raw_private_key", _err) -+} -+ -+func EVP_PKEY_new_raw_public_key(__type int32, e ENGINE_PTR, key *byte, keylen int) (EVP_PKEY_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_new_raw_public_key(C.int(__type), e, (*C.uchar)(unsafe.Pointer(key)), C.size_t(keylen), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_new_raw_public_key", _err) -+} -+ -+func EVP_PKEY_paramgen(ctx EVP_PKEY_CTX_PTR, ppkey *EVP_PKEY_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_paramgen(ctx, ppkey, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_paramgen", _err) -+} -+ -+func EVP_PKEY_paramgen_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_paramgen_init(ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_paramgen_init", _err) -+} -+ -+func EVP_PKEY_private_check(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_private_check(ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_private_check", _err) -+} -+ -+func EVP_PKEY_public_check_quick(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_public_check_quick(ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_public_check_quick", _err) -+} -+ -+func EVP_PKEY_set1_EC_KEY(pkey EVP_PKEY_PTR, key EC_KEY_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_set1_EC_KEY(pkey, key, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_set1_EC_KEY", _err) -+} -+ -+func EVP_PKEY_set1_encoded_public_key(pkey EVP_PKEY_PTR, pub *byte, publen int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_set1_encoded_public_key(pkey, (*C.uchar)(unsafe.Pointer(pub)), C.size_t(publen), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_set1_encoded_public_key", _err) -+} -+ -+func EVP_PKEY_sign(arg0 EVP_PKEY_CTX_PTR, arg1 *byte, arg2 *int, arg3 *byte, arg4 int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_sign(arg0, (*C.uchar)(unsafe.Pointer(arg1)), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(arg3)), C.size_t(arg4), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_sign", _err) -+} -+ -+func EVP_PKEY_sign_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_sign_init(arg0, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_sign_init", _err) -+} -+ -+func EVP_PKEY_up_ref(key EVP_PKEY_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_up_ref(key, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_up_ref", _err) -+} -+ -+func EVP_PKEY_verify(ctx EVP_PKEY_CTX_PTR, sig *byte, siglen int, tbs *byte, tbslen int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_verify(ctx, (*C.uchar)(unsafe.Pointer(sig)), C.size_t(siglen), (*C.uchar)(unsafe.Pointer(tbs)), C.size_t(tbslen), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_verify", _err) -+} -+ -+func EVP_PKEY_verify_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_PKEY_verify_init(arg0, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_verify_init", _err) -+} -+ -+func EVP_SIGNATURE_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_SIGNATURE_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_SIGNATURE_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_SIGNATURE_fetch", _err) -+} -+ -+func EVP_SIGNATURE_free(signature EVP_SIGNATURE_PTR) { -+ C._mkcgo_EVP_SIGNATURE_free(signature) -+} -+ -+func EVP_aes_128_cbc() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_128_cbc() -+} -+ -+func EVP_aes_128_ctr() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_128_ctr() -+} -+ -+func EVP_aes_128_ecb() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_128_ecb() -+} -+ -+func EVP_aes_128_gcm() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_128_gcm() -+} -+ -+func EVP_aes_192_cbc() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_192_cbc() -+} -+ -+func EVP_aes_192_ctr() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_192_ctr() -+} -+ -+func EVP_aes_192_ecb() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_192_ecb() -+} -+ -+func EVP_aes_192_gcm() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_192_gcm() -+} -+ -+func EVP_aes_256_cbc() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_256_cbc() -+} -+ -+func EVP_aes_256_ctr() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_256_ctr() -+} -+ -+func EVP_aes_256_ecb() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_256_ecb() -+} -+ -+func EVP_aes_256_gcm() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_256_gcm() -+} -+ -+func EVP_default_properties_enable_fips(libctx OSSL_LIB_CTX_PTR, enable int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_EVP_default_properties_enable_fips(libctx, C.int(enable), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_default_properties_enable_fips", _err) -+} -+ -+func EVP_default_properties_is_fips_enabled(libctx OSSL_LIB_CTX_PTR) int32 { -+ return int32(C._mkcgo_EVP_default_properties_is_fips_enabled(libctx)) -+} -+ -+func EVP_des_cbc() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_des_cbc() -+} -+ -+func EVP_des_ecb() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_des_ecb() -+} -+ -+func EVP_des_ede3_cbc() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_des_ede3_cbc() -+} -+ -+func EVP_des_ede3_ecb() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_des_ede3_ecb() -+} -+ -+func EVP_md4() EVP_MD_PTR { -+ return C._mkcgo_EVP_md4() -+} -+ -+func EVP_md5() EVP_MD_PTR { -+ return C._mkcgo_EVP_md5() -+} -+ -+func EVP_md5_sha1() EVP_MD_PTR { -+ return C._mkcgo_EVP_md5_sha1() -+} -+ -+func EVP_rc4() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_rc4() -+} -+ -+func EVP_ripemd160() EVP_MD_PTR { -+ return C._mkcgo_EVP_ripemd160() -+} -+ -+func EVP_sha1() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha1() -+} -+ -+func EVP_sha224() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha224() -+} -+ -+func EVP_sha256() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha256() -+} -+ -+func EVP_sha384() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha384() -+} -+ -+func EVP_sha3_224() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha3_224() -+} -+ -+func EVP_sha3_256() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha3_256() -+} -+ -+func EVP_sha3_384() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha3_384() -+} -+ -+func EVP_sha3_512() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha3_512() -+} -+ -+func EVP_sha512() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha512() -+} -+ -+func EVP_sha512_224() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha512_224() -+} -+ -+func EVP_sha512_256() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha512_256() -+} -+ -+func FIPS_mode() int32 { -+ return int32(C._mkcgo_FIPS_mode()) -+} -+ -+func FIPS_mode_set(r int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_FIPS_mode_set(C.int(r), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("FIPS_mode_set", _err) -+} -+ -+func HMAC_CTX_copy(dest HMAC_CTX_PTR, src HMAC_CTX_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_HMAC_CTX_copy(dest, src, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("HMAC_CTX_copy", _err) -+} -+ -+func HMAC_CTX_free(arg0 HMAC_CTX_PTR) { -+ C._mkcgo_HMAC_CTX_free(arg0) -+} -+ -+func HMAC_CTX_new() (HMAC_CTX_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_HMAC_CTX_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("HMAC_CTX_new", _err) -+} -+ -+func HMAC_Final(arg0 HMAC_CTX_PTR, arg1 *byte, arg2 *uint32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_HMAC_Final(arg0, (*C.uchar)(unsafe.Pointer(arg1)), (*C.uint)(unsafe.Pointer(arg2)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("HMAC_Final", _err) -+} -+ -+func HMAC_Init_ex(arg0 HMAC_CTX_PTR, arg1 unsafe.Pointer, arg2 int32, arg3 EVP_MD_PTR, arg4 ENGINE_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_HMAC_Init_ex(arg0, arg1, C.int(arg2), arg3, arg4, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("HMAC_Init_ex", _err) -+} -+ -+func HMAC_Update(arg0 HMAC_CTX_PTR, arg1 *byte, arg2 int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_HMAC_Update(arg0, (*C.uchar)(unsafe.Pointer(arg1)), C.size_t(arg2), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("HMAC_Update", _err) -+} -+ -+func OBJ_nid2sn(n int32) *byte { -+ return (*byte)(unsafe.Pointer(C._mkcgo_OBJ_nid2sn(C.int(n)))) -+} -+ -+func OPENSSL_init() { -+ C._mkcgo_OPENSSL_init() -+} -+ -+func OPENSSL_init_crypto(ops uint64, settings OPENSSL_INIT_SETTINGS_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_OPENSSL_init_crypto(C.uint64_t(ops), settings, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("OPENSSL_init_crypto", _err) -+} -+ -+func OPENSSL_version_major_Available() bool { -+ return C._mkcgo_available_OPENSSL_version_major() != 0 -+} -+ -+func OPENSSL_version_major() uint32 { -+ return uint32(C._mkcgo_OPENSSL_version_major()) -+} -+ -+func OPENSSL_version_minor_Available() bool { -+ return C._mkcgo_available_OPENSSL_version_minor() != 0 -+} -+ -+func OPENSSL_version_minor() uint32 { -+ return uint32(C._mkcgo_OPENSSL_version_minor()) -+} -+ -+func OPENSSL_version_patch_Available() bool { -+ return C._mkcgo_available_OPENSSL_version_patch() != 0 -+} -+ -+func OPENSSL_version_patch() uint32 { -+ return uint32(C._mkcgo_OPENSSL_version_patch()) -+} -+ -+func OSSL_PARAM_BLD_free(bld OSSL_PARAM_BLD_PTR) { -+ C._mkcgo_OSSL_PARAM_BLD_free(bld) -+} -+ -+func OSSL_PARAM_BLD_new() (OSSL_PARAM_BLD_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_OSSL_PARAM_BLD_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("OSSL_PARAM_BLD_new", _err) -+} -+ -+func OSSL_PARAM_BLD_push_BN(bld OSSL_PARAM_BLD_PTR, key *byte, bn BIGNUM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_OSSL_PARAM_BLD_push_BN(bld, (*C.char)(unsafe.Pointer(key)), bn, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_BN", _err) -+} -+ -+func OSSL_PARAM_BLD_push_int32(bld OSSL_PARAM_BLD_PTR, key *byte, num int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_OSSL_PARAM_BLD_push_int32(bld, (*C.char)(unsafe.Pointer(key)), C.int32_t(num), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_int32", _err) -+} -+ -+func OSSL_PARAM_BLD_push_octet_string(bld OSSL_PARAM_BLD_PTR, key *byte, buf unsafe.Pointer, bsize int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_OSSL_PARAM_BLD_push_octet_string(bld, (*C.char)(unsafe.Pointer(key)), buf, C.size_t(bsize), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_octet_string", _err) -+} -+ -+func OSSL_PARAM_BLD_push_utf8_string(bld OSSL_PARAM_BLD_PTR, key *byte, buf *byte, bsize int) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_OSSL_PARAM_BLD_push_utf8_string(bld, (*C.char)(unsafe.Pointer(key)), (*C.char)(unsafe.Pointer(buf)), C.size_t(bsize), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_utf8_string", _err) -+} -+ -+func OSSL_PARAM_BLD_to_param(bld OSSL_PARAM_BLD_PTR) (OSSL_PARAM_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_OSSL_PARAM_BLD_to_param(bld, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("OSSL_PARAM_BLD_to_param", _err) -+} -+ -+func OSSL_PARAM_free(p OSSL_PARAM_PTR) { -+ C._mkcgo_OSSL_PARAM_free(p) -+} -+ -+func OSSL_PARAM_locate_const(p OSSL_PARAM_PTR, key *byte) (OSSL_PARAM_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_OSSL_PARAM_locate_const(p, (*C.char)(unsafe.Pointer(key)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("OSSL_PARAM_locate_const", _err) -+} -+ -+func OSSL_PROVIDER_available(libctx OSSL_LIB_CTX_PTR, name *byte) int32 { -+ return int32(C._mkcgo_OSSL_PROVIDER_available(libctx, (*C.char)(unsafe.Pointer(name)))) -+} -+ -+func OSSL_PROVIDER_get0_name(prov OSSL_PROVIDER_PTR) *byte { -+ return (*byte)(unsafe.Pointer(C._mkcgo_OSSL_PROVIDER_get0_name(prov))) -+} -+ -+func OSSL_PROVIDER_try_load(libctx OSSL_LIB_CTX_PTR, name *byte, retain_fallbacks int32) (OSSL_PROVIDER_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_OSSL_PROVIDER_try_load(libctx, (*C.char)(unsafe.Pointer(name)), C.int(retain_fallbacks), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("OSSL_PROVIDER_try_load", _err) -+} -+ -+func OpenSSL_version(__type int32) *byte { -+ return (*byte)(unsafe.Pointer(C._mkcgo_OpenSSL_version(C.int(__type)))) -+} -+ -+func OpenSSL_version_num_Available() bool { -+ return C._mkcgo_available_OpenSSL_version_num() != 0 -+} -+ -+func OpenSSL_version_num() uint32 { -+ return uint32(C._mkcgo_OpenSSL_version_num()) -+} -+ -+func PKCS5_PBKDF2_HMAC(pass *byte, passlen int32, salt *byte, saltlen int32, iter int32, digest EVP_MD_PTR, keylen int32, out *byte) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_PKCS5_PBKDF2_HMAC((*C.char)(unsafe.Pointer(pass)), C.int(passlen), (*C.uchar)(unsafe.Pointer(salt)), C.int(saltlen), C.int(iter), digest, C.int(keylen), (*C.uchar)(unsafe.Pointer(out)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("PKCS5_PBKDF2_HMAC", _err) -+} -+ -+func RAND_bytes(arg0 *byte, arg1 int32) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_RAND_bytes((*C.uchar)(unsafe.Pointer(arg0)), C.int(arg1), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("RAND_bytes", _err) -+} -+ -+func RSA_free(arg0 RSA_PTR) { -+ C._mkcgo_RSA_free(arg0) -+} -+ -+func RSA_get0_crt_params(r RSA_PTR, dmp1 *BIGNUM_PTR, dmq1 *BIGNUM_PTR, iqmp *BIGNUM_PTR) { -+ C._mkcgo_RSA_get0_crt_params(r, dmp1, dmq1, iqmp) -+} -+ -+func RSA_get0_factors(rsa RSA_PTR, p *BIGNUM_PTR, q *BIGNUM_PTR) { -+ C._mkcgo_RSA_get0_factors(rsa, p, q) -+} -+ -+func RSA_get0_key(rsa RSA_PTR, n *BIGNUM_PTR, e *BIGNUM_PTR, d *BIGNUM_PTR) { -+ C._mkcgo_RSA_get0_key(rsa, n, e, d) -+} -+ -+func RSA_new() (RSA_PTR, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_RSA_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("RSA_new", _err) -+} -+ -+func RSA_set0_crt_params(rsa RSA_PTR, dmp1 BIGNUM_PTR, dmp2 BIGNUM_PTR, iqmp BIGNUM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_RSA_set0_crt_params(rsa, dmp1, dmp2, iqmp, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("RSA_set0_crt_params", _err) -+} -+ -+func RSA_set0_factors(rsa RSA_PTR, p BIGNUM_PTR, q BIGNUM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_RSA_set0_factors(rsa, p, q, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("RSA_set0_factors", _err) -+} -+ -+func RSA_set0_key(r RSA_PTR, n BIGNUM_PTR, e BIGNUM_PTR, d BIGNUM_PTR) (int32, error) { -+ var _err C.mkcgo_err_state -+ _ret := C._mkcgo_RSA_set0_key(r, n, e, d, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("RSA_set0_key", _err) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.h b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.h -new file mode 100644 -index 00000000000000..335d129bb345cd ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.h -@@ -0,0 +1,335 @@ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+#ifndef MKCGO_H // only include this header once -+#define MKCGO_H -+ -+#include -+#include -+ -+typedef void* _OPENSSL_INIT_SETTINGS_PTR; -+typedef void* _OSSL_LIB_CTX_PTR; -+typedef void* _OSSL_PROVIDER_PTR; -+typedef void* _ENGINE_PTR; -+typedef void* _EVP_PKEY_PTR; -+typedef void* _EVP_PKEY_CTX_PTR; -+typedef void* _EVP_MD_PTR; -+typedef void* _EVP_MD_CTX_PTR; -+typedef void* _HMAC_CTX_PTR; -+typedef void* _EVP_CIPHER_PTR; -+typedef void* _EVP_CIPHER_CTX_PTR; -+typedef void* _EC_KEY_PTR; -+typedef void* _EC_POINT_PTR; -+typedef void* _EC_GROUP_PTR; -+typedef void* _RSA_PTR; -+typedef void* _BIGNUM_PTR; -+typedef void* _BN_CTX_PTR; -+typedef void* _EVP_MAC_PTR; -+typedef void* _EVP_MAC_CTX_PTR; -+typedef void* _OSSL_PARAM_BLD_PTR; -+typedef void* _OSSL_PARAM_PTR; -+typedef void* _EVP_SIGNATURE_PTR; -+typedef void* _DSA_PTR; -+typedef void* _EVP_KDF_PTR; -+typedef void* _EVP_KDF_CTX_PTR; -+typedef int point_conversion_form_t; -+ -+enum { -+ _POINT_CONVERSION_UNCOMPRESSED = 4, -+ _OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002, -+ _OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004, -+ _OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008, -+ _OPENSSL_INIT_LOAD_CONFIG = 0x00000040, -+ _EVP_CTRL_GCM_GET_TAG = 0x10, -+ _EVP_CTRL_GCM_SET_TAG = 0x11, -+ _EVP_PKEY_CTRL_MD = 1, -+ _EVP_PKEY_RSA = 6, -+ _EVP_PKEY_EC = 408, -+ _EVP_PKEY_TLS1_PRF = 1021, -+ _EVP_PKEY_HKDF = 1036, -+ _EVP_PKEY_ED25519 = 1087, -+ _EVP_PKEY_DSA = 116, -+ _EVP_PKEY_OP_DERIVE = (1 << 10), -+ _EVP_MAX_MD_SIZE = 64, -+ _EVP_PKEY_PUBLIC_KEY = 0x86, -+ _EVP_PKEY_KEYPAIR = 0x87, -+ _EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001, -+ _EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1, -+ _EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2, -+ _EVP_PKEY_CTRL_TLS_MD = 0x1000, -+ _EVP_PKEY_CTRL_TLS_SECRET = 0x1001, -+ _EVP_PKEY_CTRL_TLS_SEED = 0x1002, -+ _EVP_PKEY_CTRL_HKDF_MD = 0x1003, -+ _EVP_PKEY_CTRL_HKDF_SALT = 0x1004, -+ _EVP_PKEY_CTRL_HKDF_KEY = 0x1005, -+ _EVP_PKEY_CTRL_HKDF_INFO = 0x1006, -+ _EVP_PKEY_CTRL_HKDF_MODE = 0x1007, -+ _NID_X9_62_prime256v1 = 415, -+ _NID_secp224r1 = 713, -+ _NID_secp384r1 = 715, -+ _NID_secp521r1 = 716, -+ _RSA_PKCS1_PADDING = 1, -+ _RSA_NO_PADDING = 3, -+ _RSA_PKCS1_OAEP_PADDING = 4, -+ _RSA_PKCS1_PSS_PADDING = 6, -+ _RSA_PSS_SALTLEN_DIGEST = -1, -+ _RSA_PSS_SALTLEN_AUTO = -2, -+ _RSA_PSS_SALTLEN_MAX_SIGN = -2, -+ _RSA_PSS_SALTLEN_MAX = -3, -+ _EVP_PKEY_CTRL_RSA_PADDING = 0x1001, -+ _EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002, -+ _EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003, -+ _EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005, -+ _EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009, -+ _EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A, -+ _EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001, -+ _EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002, -+ _OSSL_PARAM_INTEGER = 1, -+ _OSSL_PARAM_OCTET_STRING = 5, -+}; -+ -+typedef void* mkcgo_err_state; -+mkcgo_err_state mkcgo_err_retrieve(); -+void mkcgo_err_free(mkcgo_err_state); -+void __mkcgo_load_(void* handle); -+void __mkcgo_unload_(); -+void __mkcgo_load_111(void* handle); -+void __mkcgo_unload_111(); -+void __mkcgo_load_3(void* handle); -+void __mkcgo_unload_3(); -+void __mkcgo_load_init_1(void* handle); -+void __mkcgo_unload_init_1(); -+void __mkcgo_load_init_3(void* handle); -+void __mkcgo_unload_init_3(); -+void __mkcgo_load_legacy_1(void* handle); -+void __mkcgo_unload_legacy_1(); -+void __mkcgo_load_version(void* handle); -+void __mkcgo_unload_version(); -+ -+int _mkcgo_available_OPENSSL_version_major(); -+int _mkcgo_available_OPENSSL_version_minor(); -+int _mkcgo_available_OPENSSL_version_patch(); -+int _mkcgo_available_OpenSSL_version_num(); -+ -+_BIGNUM_PTR _mkcgo_BN_bin2bn(const unsigned char*, int, _BIGNUM_PTR, mkcgo_err_state *); -+int _mkcgo_BN_bn2binpad(const _BIGNUM_PTR, unsigned char*, int, mkcgo_err_state *); -+int _mkcgo_BN_bn2lebinpad(const _BIGNUM_PTR, unsigned char*, int, mkcgo_err_state *); -+void _mkcgo_BN_clear(_BIGNUM_PTR); -+void _mkcgo_BN_clear_free(_BIGNUM_PTR); -+void _mkcgo_BN_free(_BIGNUM_PTR); -+_BIGNUM_PTR _mkcgo_BN_lebin2bn(const unsigned char*, int, _BIGNUM_PTR, mkcgo_err_state *); -+_BIGNUM_PTR _mkcgo_BN_new(mkcgo_err_state *); -+int _mkcgo_BN_num_bits(const _BIGNUM_PTR); -+void _mkcgo_CRYPTO_free(void*, const char*, int); -+void* _mkcgo_CRYPTO_malloc(size_t, const char*, int, mkcgo_err_state *); -+void _mkcgo_DSA_free(_DSA_PTR); -+int _mkcgo_DSA_generate_key(_DSA_PTR, mkcgo_err_state *); -+void _mkcgo_DSA_get0_key(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+void _mkcgo_DSA_get0_pqg(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+_DSA_PTR _mkcgo_DSA_new(mkcgo_err_state *); -+int _mkcgo_DSA_set0_key(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, mkcgo_err_state *); -+int _mkcgo_DSA_set0_pqg(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR, mkcgo_err_state *); -+void _mkcgo_EC_GROUP_free(_EC_GROUP_PTR); -+_EC_GROUP_PTR _mkcgo_EC_GROUP_new_by_curve_name(int, mkcgo_err_state *); -+int _mkcgo_EC_KEY_check_key(const _EC_KEY_PTR, mkcgo_err_state *); -+void _mkcgo_EC_KEY_free(_EC_KEY_PTR); -+const _EC_GROUP_PTR _mkcgo_EC_KEY_get0_group(const _EC_KEY_PTR); -+const _BIGNUM_PTR _mkcgo_EC_KEY_get0_private_key(const _EC_KEY_PTR); -+const _EC_POINT_PTR _mkcgo_EC_KEY_get0_public_key(const _EC_KEY_PTR); -+_EC_KEY_PTR _mkcgo_EC_KEY_new_by_curve_name(int, mkcgo_err_state *); -+int _mkcgo_EC_KEY_set_private_key(_EC_KEY_PTR, const _BIGNUM_PTR, mkcgo_err_state *); -+int _mkcgo_EC_KEY_set_public_key(_EC_KEY_PTR, const _EC_POINT_PTR, mkcgo_err_state *); -+int _mkcgo_EC_KEY_set_public_key_affine_coordinates(_EC_KEY_PTR, _BIGNUM_PTR, _BIGNUM_PTR, mkcgo_err_state *); -+void _mkcgo_EC_POINT_free(_EC_POINT_PTR); -+int _mkcgo_EC_POINT_get_affine_coordinates_GFp(const _EC_GROUP_PTR, const _EC_POINT_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BN_CTX_PTR, mkcgo_err_state *); -+int _mkcgo_EC_POINT_mul(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _EC_POINT_PTR, const _BIGNUM_PTR, _BN_CTX_PTR, mkcgo_err_state *); -+_EC_POINT_PTR _mkcgo_EC_POINT_new(const _EC_GROUP_PTR, mkcgo_err_state *); -+int _mkcgo_EC_POINT_oct2point(const _EC_GROUP_PTR, _EC_POINT_PTR, const unsigned char*, size_t, _BN_CTX_PTR, mkcgo_err_state *); -+size_t _mkcgo_EC_POINT_point2oct(const _EC_GROUP_PTR, const _EC_POINT_PTR, point_conversion_form_t, unsigned char*, size_t, _BN_CTX_PTR, mkcgo_err_state *); -+int _mkcgo_EC_POINT_set_affine_coordinates(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _BIGNUM_PTR, _BN_CTX_PTR, mkcgo_err_state *); -+void _mkcgo_ERR_clear_error(void); -+void _mkcgo_ERR_error_string_n(unsigned long, char*, size_t); -+unsigned long _mkcgo_ERR_get_error_all(const char**, int*, const char**, const char**, int*); -+unsigned long _mkcgo_ERR_get_error_line(const char**, int*); -+int _mkcgo_EVP_CIPHER_CTX_ctrl(_EVP_CIPHER_CTX_PTR, int, int, void*, mkcgo_err_state *); -+void _mkcgo_EVP_CIPHER_CTX_free(_EVP_CIPHER_CTX_PTR); -+_EVP_CIPHER_CTX_PTR _mkcgo_EVP_CIPHER_CTX_new(mkcgo_err_state *); -+int _mkcgo_EVP_CIPHER_CTX_set_key_length(_EVP_CIPHER_CTX_PTR, int, mkcgo_err_state *); -+int _mkcgo_EVP_CIPHER_CTX_set_padding(_EVP_CIPHER_CTX_PTR, int, mkcgo_err_state *); -+_EVP_CIPHER_PTR _mkcgo_EVP_CIPHER_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, mkcgo_err_state *); -+const char* _mkcgo_EVP_CIPHER_get0_name(const _EVP_CIPHER_PTR); -+int _mkcgo_EVP_CIPHER_get_block_size(const _EVP_CIPHER_PTR); -+int _mkcgo_EVP_CipherInit_ex(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, int, mkcgo_err_state *); -+int _mkcgo_EVP_CipherUpdate(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int, mkcgo_err_state *); -+int _mkcgo_EVP_DecryptFinal_ex(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, mkcgo_err_state *); -+int _mkcgo_EVP_DecryptInit_ex(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, mkcgo_err_state *); -+int _mkcgo_EVP_DecryptUpdate(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int, mkcgo_err_state *); -+int _mkcgo_EVP_Digest(const void*, size_t, unsigned char*, unsigned int*, const _EVP_MD_PTR, _ENGINE_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_DigestFinal_ex(_EVP_MD_CTX_PTR, unsigned char*, unsigned int*, mkcgo_err_state *); -+int _mkcgo_EVP_DigestInit(_EVP_MD_CTX_PTR, const _EVP_MD_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_DigestInit_ex(_EVP_MD_CTX_PTR, const _EVP_MD_PTR, _ENGINE_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_DigestSign(_EVP_MD_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, mkcgo_err_state *); -+int _mkcgo_EVP_DigestSignFinal(_EVP_MD_CTX_PTR, unsigned char*, size_t*, mkcgo_err_state *); -+int _mkcgo_EVP_DigestSignInit(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_DigestUpdate(_EVP_MD_CTX_PTR, const void*, size_t, mkcgo_err_state *); -+int _mkcgo_EVP_DigestVerify(_EVP_MD_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t, mkcgo_err_state *); -+int _mkcgo_EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR, const unsigned char*, size_t, mkcgo_err_state *); -+int _mkcgo_EVP_DigestVerifyInit(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_EncryptFinal_ex(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, mkcgo_err_state *); -+int _mkcgo_EVP_EncryptInit_ex(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, mkcgo_err_state *); -+int _mkcgo_EVP_EncryptUpdate(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int, mkcgo_err_state *); -+void _mkcgo_EVP_KDF_CTX_free(_EVP_KDF_CTX_PTR); -+size_t _mkcgo_EVP_KDF_CTX_get_kdf_size(_EVP_KDF_CTX_PTR, mkcgo_err_state *); -+_EVP_KDF_CTX_PTR _mkcgo_EVP_KDF_CTX_new(_EVP_KDF_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_KDF_CTX_set_params(_EVP_KDF_CTX_PTR, const _OSSL_PARAM_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_KDF_derive(_EVP_KDF_CTX_PTR, unsigned char*, size_t, const _OSSL_PARAM_PTR, mkcgo_err_state *); -+_EVP_KDF_PTR _mkcgo_EVP_KDF_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, mkcgo_err_state *); -+void _mkcgo_EVP_KDF_free(_EVP_KDF_PTR); -+_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_dup(const _EVP_MAC_CTX_PTR, mkcgo_err_state *); -+void _mkcgo_EVP_MAC_CTX_free(_EVP_MAC_CTX_PTR); -+_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_new(_EVP_MAC_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_MAC_CTX_set_params(_EVP_MAC_CTX_PTR, const _OSSL_PARAM_PTR, mkcgo_err_state *); -+_EVP_MAC_PTR _mkcgo_EVP_MAC_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, mkcgo_err_state *); -+int _mkcgo_EVP_MAC_final(_EVP_MAC_CTX_PTR, unsigned char*, size_t*, size_t, mkcgo_err_state *); -+int _mkcgo_EVP_MAC_init(_EVP_MAC_CTX_PTR, const unsigned char*, size_t, const _OSSL_PARAM_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_MAC_update(_EVP_MAC_CTX_PTR, const unsigned char*, size_t, mkcgo_err_state *); -+int _mkcgo_EVP_MD_CTX_copy(_EVP_MD_CTX_PTR, const _EVP_MD_CTX_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR, const _EVP_MD_CTX_PTR, mkcgo_err_state *); -+void _mkcgo_EVP_MD_CTX_free(_EVP_MD_CTX_PTR); -+int _mkcgo_EVP_MD_CTX_get_params(_EVP_MD_CTX_PTR, _OSSL_PARAM_PTR, mkcgo_err_state *); -+const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_gettable_params(_EVP_MD_CTX_PTR, mkcgo_err_state *); -+_EVP_MD_CTX_PTR _mkcgo_EVP_MD_CTX_new(mkcgo_err_state *); -+int _mkcgo_EVP_MD_CTX_set_params(_EVP_MD_CTX_PTR, const _OSSL_PARAM_PTR, mkcgo_err_state *); -+const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_settable_params(_EVP_MD_CTX_PTR, mkcgo_err_state *); -+_EVP_MD_PTR _mkcgo_EVP_MD_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, mkcgo_err_state *); -+void _mkcgo_EVP_MD_free(_EVP_MD_PTR); -+const char* _mkcgo_EVP_MD_get0_name(const _EVP_MD_PTR); -+const _OSSL_PROVIDER_PTR _mkcgo_EVP_MD_get0_provider(const _EVP_MD_PTR); -+int _mkcgo_EVP_MD_get_block_size(const _EVP_MD_PTR); -+int _mkcgo_EVP_MD_get_size(const _EVP_MD_PTR); -+int _mkcgo_EVP_MD_get_type(const _EVP_MD_PTR); -+int _mkcgo_EVP_PKEY_CTX_add1_hkdf_info(_EVP_PKEY_CTX_PTR, const unsigned char*, int, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR, int, int, int, int, void*, mkcgo_err_state *); -+void _mkcgo_EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR); -+_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new(_EVP_PKEY_PTR, _ENGINE_PTR, mkcgo_err_state *); -+_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR, _EVP_PKEY_PTR, const char*, mkcgo_err_state *); -+_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_id(int, _ENGINE_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR, void*, int, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_CTX_set1_hkdf_key(_EVP_PKEY_CTX_PTR, const unsigned char*, int, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR, const unsigned char*, int, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR, const _EVP_MD_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR, int, mkcgo_err_state *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR, const char*, const char*, const char*, mkcgo_err_state *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR, const char*, const char*, mkcgo_err_state *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR, const char*, const char*, size_t, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_assign(_EVP_PKEY_PTR, int, void*, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_decrypt(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_decrypt_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_derive(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_derive_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_derive_set_peer(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_encrypt(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_encrypt_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); -+void _mkcgo_EVP_PKEY_free(_EVP_PKEY_PTR); -+int _mkcgo_EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, int, _OSSL_PARAM_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); -+_DSA_PTR _mkcgo_EVP_PKEY_get0_DSA(_EVP_PKEY_PTR, mkcgo_err_state *); -+_EC_KEY_PTR _mkcgo_EVP_PKEY_get0_EC_KEY(_EVP_PKEY_PTR, mkcgo_err_state *); -+_RSA_PTR _mkcgo_EVP_PKEY_get1_RSA(_EVP_PKEY_PTR, mkcgo_err_state *); -+size_t _mkcgo_EVP_PKEY_get1_encoded_public_key(_EVP_PKEY_PTR, unsigned char**, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_get_bits(const _EVP_PKEY_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_get_bn_param(const _EVP_PKEY_PTR, const char*, _BIGNUM_PTR*, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR, unsigned char*, size_t*, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR, unsigned char*, size_t*, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_get_size(const _EVP_PKEY_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_keygen(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_keygen_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new(mkcgo_err_state *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_private_key(int, _ENGINE_PTR, const unsigned char*, size_t, mkcgo_err_state *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_public_key(int, _ENGINE_PTR, const unsigned char*, size_t, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_paramgen(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_private_check(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_public_check_quick(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR, _EC_KEY_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_set1_encoded_public_key(_EVP_PKEY_PTR, const unsigned char*, size_t, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_sign(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_sign_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_up_ref(_EVP_PKEY_PTR, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_verify(_EVP_PKEY_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t, mkcgo_err_state *); -+int _mkcgo_EVP_PKEY_verify_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); -+_EVP_SIGNATURE_PTR _mkcgo_EVP_SIGNATURE_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, mkcgo_err_state *); -+void _mkcgo_EVP_SIGNATURE_free(_EVP_SIGNATURE_PTR); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_cbc(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ctr(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ecb(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_gcm(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_cbc(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ctr(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ecb(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_gcm(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_cbc(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ctr(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ecb(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_gcm(void); -+int _mkcgo_EVP_default_properties_enable_fips(_OSSL_LIB_CTX_PTR, int, mkcgo_err_state *); -+int _mkcgo_EVP_default_properties_is_fips_enabled(_OSSL_LIB_CTX_PTR); -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_cbc(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_ecb(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_cbc(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_ecb(void); -+const _EVP_MD_PTR _mkcgo_EVP_md4(void); -+const _EVP_MD_PTR _mkcgo_EVP_md5(void); -+const _EVP_MD_PTR _mkcgo_EVP_md5_sha1(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_rc4(void); -+const _EVP_MD_PTR _mkcgo_EVP_ripemd160(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha1(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha224(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha256(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha384(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha3_224(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha3_256(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha3_384(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha3_512(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha512(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha512_224(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha512_256(void); -+int _mkcgo_FIPS_mode(void); -+int _mkcgo_FIPS_mode_set(int, mkcgo_err_state *); -+int _mkcgo_HMAC_CTX_copy(_HMAC_CTX_PTR, _HMAC_CTX_PTR, mkcgo_err_state *); -+void _mkcgo_HMAC_CTX_free(_HMAC_CTX_PTR); -+_HMAC_CTX_PTR _mkcgo_HMAC_CTX_new(mkcgo_err_state *); -+int _mkcgo_HMAC_Final(_HMAC_CTX_PTR, unsigned char*, unsigned int*, mkcgo_err_state *); -+int _mkcgo_HMAC_Init_ex(_HMAC_CTX_PTR, const void*, int, const _EVP_MD_PTR, _ENGINE_PTR, mkcgo_err_state *); -+int _mkcgo_HMAC_Update(_HMAC_CTX_PTR, const unsigned char*, size_t, mkcgo_err_state *); -+const char* _mkcgo_OBJ_nid2sn(int); -+void _mkcgo_OPENSSL_init(void); -+int _mkcgo_OPENSSL_init_crypto(uint64_t, const _OPENSSL_INIT_SETTINGS_PTR, mkcgo_err_state *); -+unsigned int _mkcgo_OPENSSL_version_major(void); -+unsigned int _mkcgo_OPENSSL_version_minor(void); -+unsigned int _mkcgo_OPENSSL_version_patch(void); -+void _mkcgo_OSSL_PARAM_BLD_free(_OSSL_PARAM_BLD_PTR); -+_OSSL_PARAM_BLD_PTR _mkcgo_OSSL_PARAM_BLD_new(mkcgo_err_state *); -+int _mkcgo_OSSL_PARAM_BLD_push_BN(_OSSL_PARAM_BLD_PTR, const char*, const _BIGNUM_PTR, mkcgo_err_state *); -+int _mkcgo_OSSL_PARAM_BLD_push_int32(_OSSL_PARAM_BLD_PTR, const char*, int32_t, mkcgo_err_state *); -+int _mkcgo_OSSL_PARAM_BLD_push_octet_string(_OSSL_PARAM_BLD_PTR, const char*, const void*, size_t, mkcgo_err_state *); -+int _mkcgo_OSSL_PARAM_BLD_push_utf8_string(_OSSL_PARAM_BLD_PTR, const char*, const char*, size_t, mkcgo_err_state *); -+_OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_BLD_to_param(_OSSL_PARAM_BLD_PTR, mkcgo_err_state *); -+void _mkcgo_OSSL_PARAM_free(_OSSL_PARAM_PTR); -+const _OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_locate_const(const _OSSL_PARAM_PTR, const char*, mkcgo_err_state *); -+int _mkcgo_OSSL_PROVIDER_available(_OSSL_LIB_CTX_PTR, const char*); -+const char* _mkcgo_OSSL_PROVIDER_get0_name(const _OSSL_PROVIDER_PTR); -+_OSSL_PROVIDER_PTR _mkcgo_OSSL_PROVIDER_try_load(_OSSL_LIB_CTX_PTR, const char*, int, mkcgo_err_state *); -+const char* _mkcgo_OpenSSL_version(int); -+unsigned long _mkcgo_OpenSSL_version_num(void); -+int _mkcgo_PKCS5_PBKDF2_HMAC(const char*, int, const unsigned char*, int, int, const _EVP_MD_PTR, int, unsigned char*, mkcgo_err_state *); -+int _mkcgo_RAND_bytes(unsigned char*, int, mkcgo_err_state *); -+void _mkcgo_RSA_free(_RSA_PTR); -+void _mkcgo_RSA_get0_crt_params(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+void _mkcgo_RSA_get0_factors(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+void _mkcgo_RSA_get0_key(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+_RSA_PTR _mkcgo_RSA_new(mkcgo_err_state *); -+int _mkcgo_RSA_set0_crt_params(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR, mkcgo_err_state *); -+int _mkcgo_RSA_set0_factors(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, mkcgo_err_state *); -+int _mkcgo_RSA_set0_key(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR, mkcgo_err_state *); -+ -+#endif // MKCGO_H -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_go124.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_go124.go -new file mode 100644 -index 00000000000000..ae64d2f7ee9990 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_go124.go -@@ -0,0 +1,37 @@ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+//go:build go1.24 && !cmd_go_bootstrap -+ -+package ossl -+ -+/* -+#cgo noescape _mkcgo_EVP_CipherUpdate -+#cgo nocallback _mkcgo_EVP_CipherUpdate -+#cgo noescape _mkcgo_EVP_DecryptFinal_ex -+#cgo nocallback _mkcgo_EVP_DecryptFinal_ex -+#cgo noescape _mkcgo_EVP_DecryptUpdate -+#cgo nocallback _mkcgo_EVP_DecryptUpdate -+#cgo noescape _mkcgo_EVP_Digest -+#cgo nocallback _mkcgo_EVP_Digest -+#cgo noescape _mkcgo_EVP_DigestFinal_ex -+#cgo nocallback _mkcgo_EVP_DigestFinal_ex -+#cgo noescape _mkcgo_EVP_DigestSign -+#cgo nocallback _mkcgo_EVP_DigestSign -+#cgo noescape _mkcgo_EVP_DigestUpdate -+#cgo nocallback _mkcgo_EVP_DigestUpdate -+#cgo noescape _mkcgo_EVP_EncryptFinal_ex -+#cgo nocallback _mkcgo_EVP_EncryptFinal_ex -+#cgo noescape _mkcgo_EVP_EncryptUpdate -+#cgo nocallback _mkcgo_EVP_EncryptUpdate -+#cgo noescape _mkcgo_EVP_MD_CTX_copy -+#cgo nocallback _mkcgo_EVP_MD_CTX_copy -+#cgo noescape _mkcgo_EVP_PKEY_derive -+#cgo nocallback _mkcgo_EVP_PKEY_derive -+#cgo noescape _mkcgo_EVP_PKEY_get_raw_private_key -+#cgo nocallback _mkcgo_EVP_PKEY_get_raw_private_key -+#cgo noescape _mkcgo_EVP_PKEY_get_raw_public_key -+#cgo nocallback _mkcgo_EVP_PKEY_get_raw_public_key -+#cgo noescape _mkcgo_RAND_bytes -+#cgo nocallback _mkcgo_RAND_bytes -+*/ -+import "C" -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/openssl.go b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go -new file mode 100644 -index 00000000000000..f3377d72c8aa46 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go -@@ -0,0 +1,384 @@ -+//go:build !cmd_go_bootstrap -+ -+// Package openssl provides access to OpenSSL cryptographic functions. -+package openssl -+ -+/* -+#include // for free() -+ -+static inline void -+go_openssl_do_leak_check(void) -+{ -+#ifndef __has_feature -+#define __has_feature(x) 0 -+#endif -+ -+#if (defined(__SANITIZE_ADDRESS__) && __SANITIZE_ADDRESS__) || \ -+ __has_feature(address_sanitizer) -+ extern void __lsan_do_leak_check(void); -+ __lsan_do_leak_check(); -+#endif -+} -+*/ -+import "C" -+import ( -+ "errors" -+ "math/bits" -+ "strconv" -+ "sync" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+var ( -+ // vMajor and vMinor hold the major/minor OpenSSL version. -+ // It is only populated if Init has been called. -+ vMajor, vMinor, vPatch uint -+) -+ -+var ( -+ initOnce sync.Once -+ initErr error -+) -+ -+var isBigEndian bool -+ -+// CheckVersion checks if the OpenSSL version can be loaded -+// and if the FIPS mode is enabled. -+// This function can be called before Init. -+// All OpenSSL functions used in here should be tagged with "init_1" or "init_3" in shims.h. -+func CheckVersion(version string) (exists, fips bool) { -+ close, err := initForCheckVersion(version) -+ if err != nil { -+ return false, false -+ } -+ defer close() -+ return true, FIPS() -+} -+ -+// Init loads and initializes OpenSSL from the shared library at path. -+// It must be called before any other OpenSSL call, except CheckVersion. -+// -+// Only the first call to Init is effective. -+// Subsequent calls will return the same error result as the one from the first call. -+// -+// The file is passed to dlopen() verbatim to load the OpenSSL shared library. -+// For example, `file=libcrypto.so.1.1.1k-fips` makes Init look for the shared -+// library libcrypto.so.1.1.1k-fips. -+func Init(file string) error { -+ initOnce.Do(func() { -+ buf := [2]byte{} -+ *(*uint16)(unsafe.Pointer(&buf[0])) = uint16(0xABCD) -+ -+ switch buf { -+ case [2]byte{0xCD, 0xAB}: -+ isBigEndian = false -+ case [2]byte{0xAB, 0xCD}: -+ isBigEndian = true -+ default: -+ panic("Could not determine native endianness.") -+ } -+ initErr = opensslInit(file) -+ }) -+ return initErr -+} -+ -+func utoa(n uint) string { -+ return strconv.FormatUint(uint64(n), 10) -+} -+ -+func errUnsupportedVersion() error { -+ return errors.New("openssl: OpenSSL version: " + utoa(vMajor) + "." + utoa(vMinor) + "." + utoa(vPatch)) -+} -+ -+// checkMajorVersion panics if the current major version is not expected. -+func checkMajorVersion(expected uint) { -+ if vMajor != expected { -+ panic("openssl: incorrect major version (" + strconv.Itoa(int(vMajor)) + "), expected " + strconv.Itoa(int(expected))) -+ } -+} -+ -+type fail string -+ -+func (e fail) Error() string { return "openssl: " + string(e) + " failed" } -+ -+// VersionText returns the version text of the OpenSSL currently loaded. -+func VersionText() string { -+ return C.GoString((*C.char)(unsafe.Pointer(ossl.OpenSSL_version(0)))) -+} -+ -+// FIPS returns true if OpenSSL is running in FIPS mode and there is -+// a provider available that supports FIPS. It returns false otherwise. -+// All OpenSSL functions used in here should be tagged with "init_1" or "init_3" in shims.h. -+func FIPS() bool { -+ switch vMajor { -+ case 1: -+ return ossl.FIPS_mode() == 1 -+ case 3: -+ // Check if the default properties contain `fips=1`. -+ if ossl.EVP_default_properties_is_fips_enabled(nil) != 1 { -+ // Note that it is still possible that the provider used by default is FIPS-compliant, -+ // but that wouldn't be a system or user requirement. -+ return false -+ } -+ // Check if the SHA-256 algorithm is available. If it is, then we can be sure that there is a provider available that matches -+ // the `fips=1` query. Most notably, this works for the common case of using the built-in FIPS provider. -+ // -+ // Note that this approach has a small chance of false negative if the FIPS provider doesn't provide the SHA-256 algorithm, -+ // but that is highly unlikely because SHA-256 is one of the most common algorithms and fundamental to many cryptographic operations. -+ // It also has a small chance of false positive if the FIPS provider implements the SHA-256 algorithm but not the other algorithms -+ // used by the caller application, but that is also unlikely because the FIPS provider should provide all common algorithms. -+ return proveSHA256("") -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+// FIPSCapable returns true if the provider used by default matches the `fips=yes` query. -+// It is useful for checking whether OpenSSL is capable of running in FIPS mode regardless -+// of whether FIPS mode is explicitly enabled. For example, Azure Linux 3 doesn't set the -+// `fips=yes` query in the default properties, but sets the default provider to be SCOSSL, -+// which is FIPS-capable. -+// -+// Considerations: -+// - Multiple calls to FIPSCapable can return different values if [SetFIPS] is called in between. -+// - Can return true even if [FIPS] returns false, because [FIPS] also checks whether -+// the default properties contain `fips=yes`. -+// - When using OpenSSL 3, will always return true if [FIPS] returns true. -+// - When using OpenSSL 1, Will always return the same value as [FIPS]. -+// - OpenSSL 3 doesn't provide a way to know if a provider is FIPS-capable. This function uses -+// some heuristics that should be treated as an implementation detail that may change in the future. -+func FIPSCapable() bool { -+ if FIPS() { -+ return true -+ } -+ if vMajor == 3 { -+ // Load the provider with and without the `fips=yes` query. -+ // If the providers are the same, then the default provider is FIPS-capable. -+ provFIPS := sha256Provider(_ProviderNameFips) -+ if provFIPS == nil { -+ return false -+ } -+ provDefault := sha256Provider("") -+ return provFIPS == provDefault -+ } -+ return false -+} -+ -+// isProviderAvailable checks if the provider with the given name is available. -+// This function is used in export_test.go, but must be defined here as test files can't access C functions. -+func isProviderAvailable(name string) bool { -+ if vMajor == 1 { -+ return false -+ } -+ providerName := C.CString(name) -+ defer C.free(unsafe.Pointer(providerName)) -+ return ossl.OSSL_PROVIDER_available(nil, (*byte)(unsafe.Pointer(providerName))) == 1 -+} -+ -+// SetFIPS enables or disables FIPS mode. -+// -+// For OpenSSL 3, if there is no provider available that supports FIPS mode, -+// SetFIPS will try to load a built-in provider that supports FIPS mode. -+func SetFIPS(enable bool) error { -+ if FIPS() == enable { -+ // Already in the desired state. -+ return nil -+ } -+ var mode int32 -+ if enable { -+ mode = int32(1) -+ } else { -+ mode = int32(0) -+ } -+ switch vMajor { -+ case 1: -+ if _, err := ossl.FIPS_mode_set(mode); err != nil { -+ return err -+ } -+ return nil -+ case 3: -+ var shaProps, provName cString -+ if enable { -+ shaProps = _PropFIPSYes -+ provName = _ProviderNameFips -+ } else { -+ shaProps = _PropFIPSNo -+ provName = _ProviderNameDefault -+ } -+ if !proveSHA256(shaProps) { -+ // There is no provider available that supports the desired FIPS mode. -+ // Try to load the built-in provider associated with the given mode. -+ if p, _ := ossl.OSSL_PROVIDER_try_load(nil, provName.ptr(), 1); p == nil { -+ // The built-in provider was not loaded successfully, we can't enable FIPS mode. -+ ossl.ERR_clear_error() -+ return errors.New("openssl: FIPS mode not supported by any provider") -+ } -+ } -+ _, err := ossl.EVP_default_properties_enable_fips(nil, mode) -+ return err -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+// sha256Provider returns the provider for the SHA-256 algorithm -+// using the given properties. -+func sha256Provider(props cString) ossl.OSSL_PROVIDER_PTR { -+ md, _ := ossl.EVP_MD_fetch(nil, _DigestNameSHA2_256.ptr(), props.ptr()) -+ if md == nil { -+ ossl.ERR_clear_error() -+ return nil -+ } -+ defer ossl.EVP_MD_free(md) -+ return ossl.EVP_MD_get0_provider(md) -+} -+ -+// proveSHA256 checks if the SHA-256 algorithm is available -+// using the given properties. -+func proveSHA256(props cString) bool { -+ return sha256Provider(props) != nil -+} -+ -+var zero byte -+ -+// baseNeverEmpty returns the address of the underlying array in b. -+// If b has zero length, it returns a pointer to a zero byte. -+func baseNeverEmpty(b []byte) *byte { -+ if len(b) == 0 { -+ return &zero -+ } -+ return unsafe.SliceData(b) -+} -+ -+// pbaseNeverEmpty returns the address of the underlying array in b. -+// If b has zero length, it returns a pointer to a zero byte. -+func pbaseNeverEmpty(b []byte) unsafe.Pointer { -+ return unsafe.Pointer(baseNeverEmpty(b)) -+} -+ -+// pbase returns the address of the underlying array in b, -+// being careful not to panic when b has zero length. -+func pbase(b []byte) unsafe.Pointer { -+ return unsafe.Pointer(base(b)) -+} -+ -+// base returns the address of the underlying array in b, -+// being careful not to panic when b has zero length. -+func base(b []byte) *byte { -+ if len(b) == 0 { -+ return nil -+ } -+ return unsafe.SliceData(b) -+} -+ -+// cryptoMalloc allocates n bytes of memory on the OpenSSL heap, which may be -+// different from the heap which C.malloc allocates on. The allocated object -+// must be freed using cryptoFree. cryptoMalloc is equivalent to the -+// OPENSSL_malloc macro. -+// -+// Like C.malloc, this function is guaranteed to never return nil. If OpenSSL's -+// malloc indicates out of memory, it crashes the program. -+// -+// Only objects which the OpenSSL library will take ownership of (i.e. will be -+// freed by OPENSSL_free / CRYPTO_free) need to be allocated on the OpenSSL -+// heap. -+func cryptoMalloc(n int) unsafe.Pointer { -+ p, _ := ossl.CRYPTO_malloc(n, nil, 0) -+ if p == nil { -+ // Un-recover()-ably crash the program in the same manner as the -+ // C.malloc() wrapper function. -+ runtime_throw("openssl: CRYPTO_malloc failed") -+ } -+ return p -+} -+ -+// cryptoFree frees an object allocated on the OpenSSL heap, which may be -+// different from the heap which C.malloc allocates on. cryptoFree is equivalent -+// to the OPENSSL_free macro. -+func cryptoFree(p unsafe.Pointer) { -+ ossl.CRYPTO_free(p, nil, 0) -+} -+ -+const wordBytes = bits.UintSize / 8 -+ -+// Reverse each limb of z. -+func (z BigInt) byteSwap() { -+ for i, d := range z { -+ var n uint = 0 -+ for j := range wordBytes { -+ n |= uint(byte(d)) << (8 * (wordBytes - j - 1)) -+ d >>= 8 -+ } -+ z[i] = n -+ } -+} -+ -+func wbase(b BigInt) *byte { -+ if len(b) == 0 { -+ return nil -+ } -+ return (*byte)(unsafe.Pointer(unsafe.SliceData(b))) -+} -+ -+func bigToBN(x BigInt) (ossl.BIGNUM_PTR, error) { -+ if len(x) == 0 { -+ return nil, nil -+ } -+ if isBigEndian { -+ z := make(BigInt, len(x)) -+ copy(z, x) -+ z.byteSwap() -+ x = z -+ } -+ // Limbs are always ordered in LSB first, so we can safely apply -+ // BN_lebin2bn regardless of host endianness. -+ bn, err := ossl.BN_lebin2bn(wbase(x), int32(len(x)*wordBytes), nil) -+ if err != nil { -+ return nil, err -+ } -+ return bn, nil -+} -+ -+func bnToBig(bn ossl.BIGNUM_PTR) BigInt { -+ if bn == nil { -+ return nil -+ } -+ -+ // Limbs are always ordered in LSB first, so we can safely apply -+ // BN_bn2lebinpad regardless of host endianness. -+ x := make(BigInt, ossl.BN_num_bits(bn)) -+ if _, err := ossl.BN_bn2lebinpad(bn, wbase(x), int32(len(x)*wordBytes)); err != nil { -+ panic(err) -+ } -+ if isBigEndian { -+ x.byteSwap() -+ } -+ return x -+} -+ -+// bnToBinPad converts the absolute value of bn into big-endian form and stores -+// it at to, padding with zeroes if necessary. If len(to) is not large enough to -+// hold the result, an error is returned. -+func bnToBinPad(bn ossl.BIGNUM_PTR, to []byte) error { -+ _, err := ossl.BN_bn2binpad(bn, base(to), int32(len(to))) -+ return err -+} -+ -+func CheckLeaks() { -+ C.go_openssl_do_leak_check() -+} -+ -+// versionAtOrAbove returns true when -+// (vMajor, vMinor, vPatch) >= (major, minor, patch), -+// compared lexicographically. -+func versionAtOrAbove(major, minor, patch uint) bool { -+ return vMajor > major || (vMajor == major && vMinor > minor) || (vMajor == major && vMinor == minor && vPatch >= patch) -+} -+ -+func bigEndianUint64(b []byte) uint64 { -+ _ = b[7] // bounds check hint to compiler; see golang.org/issue/14808 -+ return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | -+ uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/params.go b/src/vendor/github.com/golang-fips/openssl/v2/params.go -new file mode 100644 -index 00000000000000..807f741a732735 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/params.go -@@ -0,0 +1,195 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "runtime" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+type addParamError struct { -+ name string -+ err error -+} -+ -+func (e addParamError) Error() string { -+ return "failed to add parameter " + e.name + ": " + e.err.Error() -+} -+ -+type bnParam struct { -+ value ossl.BIGNUM_PTR -+ private bool -+} -+ -+// paramBuilder is a helper for building OSSL_PARAMs. -+// If an error occurs when adding a new parameter, -+// subsequent calls to add parameters are ignored -+// and build() will return the error. -+type paramBuilder struct { -+ bld ossl.OSSL_PARAM_BLD_PTR -+ pinner runtime.Pinner -+ bnToFree []bnParam -+ -+ err error -+} -+ -+// newParamBuilder creates a new paramBuilder. -+func newParamBuilder() (*paramBuilder, error) { -+ bld, err := ossl.OSSL_PARAM_BLD_new() -+ if err != nil { -+ return nil, err -+ } -+ pb := ¶mBuilder{ -+ bld: bld, -+ bnToFree: make([]bnParam, 0, 8), // the maximum known number of BIGNUMs to free are 8 for RSA -+ } -+ runtime.SetFinalizer(pb, (*paramBuilder).finalize) -+ return pb, nil -+} -+ -+// finalize frees the builder. -+func (b *paramBuilder) finalize() { -+ if b.bld != nil { -+ b.pinner.Unpin() -+ for _, bn := range b.bnToFree { -+ if bn.private { -+ ossl.BN_clear_free(bn.value) -+ } else { -+ ossl.BN_free(bn.value) -+ } -+ } -+ ossl.OSSL_PARAM_BLD_free(b.bld) -+ b.bld = nil -+ } -+} -+ -+// check is used internally to enforce invariants and should not be called by users of paramBuilder. -+// Returns true if it's ok to add parameters to the builder or build it. -+// Returns false if there has been an error while adding a parameter. -+// Panics if the paramBuilder has been freed, e.g. if it has already been built. -+func (b *paramBuilder) check() bool { -+ if b.err != nil { -+ return false -+ } -+ if b.bld == nil { -+ panic("openssl: paramBuilder has been freed") -+ } -+ return true -+} -+ -+// build creates an OSSL_PARAM from the builder. -+// The returned OSSL_PARAM must be freed with OSSL_PARAM_free. -+// If an error occurred while adding parameters, the error is returned -+// and the OSSL_PARAM is nil. Once build() is called, the builder is finalized -+// and cannot be reused. -+func (b *paramBuilder) build() (ossl.OSSL_PARAM_PTR, error) { -+ defer b.finalize() -+ if !b.check() { -+ return nil, b.err -+ } -+ param, err := ossl.OSSL_PARAM_BLD_to_param(b.bld) -+ if err != nil { -+ return nil, err -+ } -+ return param, nil -+} -+ -+// addUTF8String adds a NUL-terminated UTF-8 string to the builder. -+// size should not include the terminating NUL byte. If size is zero, then it will be calculated. -+func (b *paramBuilder) addUTF8String(name cString, value *byte, size int) { -+ if !b.check() { -+ return -+ } -+ // OSSL_PARAM_BLD_push_utf8_string calculates the size if it is zero. -+ if _, err := ossl.OSSL_PARAM_BLD_push_utf8_string(b.bld, name.ptr(), value, size); err != nil { -+ b.err = addParamError{name.str(), err} -+ } -+} -+ -+// addOctetString adds an octet string to the builder. -+// The value is pinned and will be unpinned when the builder is freed. -+func (b *paramBuilder) addOctetString(name cString, value []byte) { -+ if !b.check() { -+ return -+ } -+ if value == nil { -+ // Short-circuit a nil slice: don't pass anything at all to OpenSSL. -+ // OpenSSL 3.5.6 raises an error when passed null, and expects users -+ // to not call this function at all in this case. -+ // See https://github.com/openssl/openssl/issues/30728 -+ // -+ // Don't short-circuit empty slices, as they might have a meaning. -+ // For example, in KDFs an empty salt is different from a nil salt. -+ return -+ } -+ if len(value) != 0 { -+ b.pinner.Pin(&value[0]) -+ } -+ if _, err := ossl.OSSL_PARAM_BLD_push_octet_string(b.bld, name.ptr(), pbaseNeverEmpty(value), len(value)); err != nil { -+ b.err = addParamError{name.str(), err} -+ } -+} -+ -+// addInt32 adds an int32 to the builder. -+func (b *paramBuilder) addInt32(name cString, value int32) { -+ if !b.check() { -+ return -+ } -+ if _, err := ossl.OSSL_PARAM_BLD_push_int32(b.bld, name.ptr(), value); err != nil { -+ b.err = addParamError{name.str(), err} -+ } -+} -+ -+// addBN adds a GOossl.BIGNUM_PTR to the builder. -+func (b *paramBuilder) addBN(name cString, value ossl.BIGNUM_PTR) { -+ if !b.check() { -+ return -+ } -+ if _, err := ossl.OSSL_PARAM_BLD_push_BN(b.bld, name.ptr(), value); err != nil { -+ b.err = addParamError{name.str(), err} -+ } -+} -+ -+// addBin adds a byte slice to the builder. -+// The slice is converted to a BIGNUM using BN_bin2bn and freed when the builder is finalized. -+// If private is true, the BIGNUM will be cleared with BN_clear_free, -+// otherwise it will be freed with BN_free. -+func (b *paramBuilder) addBin(name cString, value []byte, private bool) { -+ if !b.check() { -+ return -+ } -+ if len(value) == 0 { -+ // Nothing to do. -+ return -+ } -+ bn, err := ossl.BN_bin2bn(base(value), int32(len(value)), nil) -+ if err != nil { -+ b.err = err -+ return -+ } -+ b.bnToFree = append(b.bnToFree, bnParam{bn, private}) -+ b.addBN(name, bn) -+} -+ -+// addBigInt adds a BigInt to the builder. -+// The BigInt is converted using bigToBN to a BIGNUM that is freed when the builder is finalized. -+// If private is true, the BIGNUM will be cleared with BN_clear_free, -+// otherwise it will be freed with BN_free. -+func (b *paramBuilder) addBigInt(name cString, value BigInt, private bool) { -+ if !b.check() { -+ return -+ } -+ if len(value) == 0 { -+ // Nothing to do. -+ return -+ } -+ bn, err := bigToBN(value) -+ if err != nil { -+ b.err = err -+ return -+ } -+ b.bnToFree = append(b.bnToFree, bnParam{bn, private}) -+ b.addBN(name, bn) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go b/src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go -new file mode 100644 -index 00000000000000..ace373e6d7bb0f ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go -@@ -0,0 +1,55 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "errors" -+ "hash" -+ "sync" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// SupportsPBKDF2 reports whether the current OpenSSL version supports PBKDF2. -+func SupportsPBKDF2() bool { -+ switch vMajor { -+ case 1: -+ return true -+ case 3: -+ _, err := fetchPBKDF2() -+ return err == nil -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+// fetchPBKDF2 fetches the PBKDF2 algorithm. -+// It is safe to call this function concurrently. -+// The returned EVP_KDF_PTR shouldn't be freed. -+var fetchPBKDF2 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { -+ checkMajorVersion(3) -+ -+ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_PBKDF2.ptr(), nil) -+ if err != nil { -+ return nil, err -+ } -+ return kdf, nil -+}) -+ -+func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { -+ h, err := hashFuncHash(fh) -+ if err != nil { -+ return nil, err -+ } -+ md := hashToMD(h) -+ if md == nil { -+ return nil, errors.New("unsupported hash function") -+ } -+ out := make([]byte, keyLen) -+ _, err = ossl.PKCS5_PBKDF2_HMAC(base(password), int32(len(password)), base(salt), int32(len(salt)), int32(iter), md, int32(keyLen), base(out)) -+ if err != nil { -+ return nil, err -+ } -+ return out, nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/provideropenssl.go b/src/vendor/github.com/golang-fips/openssl/v2/provideropenssl.go -new file mode 100644 -index 00000000000000..1d8f3ad00ead7e ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/provideropenssl.go -@@ -0,0 +1,239 @@ -+//go:build !cmd_go_bootstrap && cgo -+ -+package openssl -+ -+import ( -+ "crypto" -+ "errors" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// This file contains code specific to the built-in OpenSSL providers. -+ -+// _OSSL_MD5_CTX layout is taken from -+// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/md5.h#L33. -+type _OSSL_MD5_CTX struct { -+ h [4]uint32 -+ nl, nh uint32 -+ x [64]byte -+ nx uint32 -+} -+ -+func (d *_OSSL_MD5_CTX) UnmarshalBinary(b []byte) error { -+ b, d.h[0] = consumeUint32(b) -+ b, d.h[1] = consumeUint32(b) -+ b, d.h[2] = consumeUint32(b) -+ b, d.h[3] = consumeUint32(b) -+ b = b[copy(d.x[:], b):] -+ _, n := consumeUint64(b) -+ d.nl = uint32(n << 3) -+ d.nh = uint32(n >> 29) -+ d.nx = uint32(n) % 64 -+ return nil -+} -+ -+func (d *_OSSL_MD5_CTX) AppendBinary(buf []byte) ([]byte, error) { -+ buf = appendUint32(buf, d.h[0]) -+ buf = appendUint32(buf, d.h[1]) -+ buf = appendUint32(buf, d.h[2]) -+ buf = appendUint32(buf, d.h[3]) -+ buf = append(buf, d.x[:d.nx]...) -+ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) -+ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) -+ return buf, nil -+} -+ -+// _OSSL_SHA_CTX layout is taken from -+// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L34. -+type _OSSL_SHA_CTX struct { -+ h [5]uint32 -+ nl, nh uint32 -+ x [64]byte -+ nx uint32 -+} -+ -+func (d *_OSSL_SHA_CTX) UnmarshalBinary(b []byte) error { -+ b, d.h[0] = consumeUint32(b) -+ b, d.h[1] = consumeUint32(b) -+ b, d.h[2] = consumeUint32(b) -+ b, d.h[3] = consumeUint32(b) -+ b, d.h[4] = consumeUint32(b) -+ b = b[copy(d.x[:], b):] -+ _, n := consumeUint64(b) -+ d.nl = uint32(n << 3) -+ d.nh = uint32(n >> 29) -+ d.nx = uint32(n) % 64 -+ return nil -+} -+ -+func (d *_OSSL_SHA_CTX) AppendBinary(buf []byte) ([]byte, error) { -+ buf = appendUint32(buf, d.h[0]) -+ buf = appendUint32(buf, d.h[1]) -+ buf = appendUint32(buf, d.h[2]) -+ buf = appendUint32(buf, d.h[3]) -+ buf = appendUint32(buf, d.h[4]) -+ buf = append(buf, d.x[:d.nx]...) -+ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) -+ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) -+ return buf, nil -+} -+ -+// _OSSL_SHA256_CTX layout is taken from -+// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L51. -+type _OSSL_SHA256_CTX struct { -+ h [8]uint32 -+ nl, nh uint32 -+ x [64]byte -+ nx uint32 -+} -+ -+func (d *_OSSL_SHA256_CTX) UnmarshalBinary(b []byte) error { -+ b, d.h[0] = consumeUint32(b) -+ b, d.h[1] = consumeUint32(b) -+ b, d.h[2] = consumeUint32(b) -+ b, d.h[3] = consumeUint32(b) -+ b, d.h[4] = consumeUint32(b) -+ b, d.h[5] = consumeUint32(b) -+ b, d.h[6] = consumeUint32(b) -+ b, d.h[7] = consumeUint32(b) -+ b = b[copy(d.x[:], b):] -+ _, n := consumeUint64(b) -+ d.nl = uint32(n << 3) -+ d.nh = uint32(n >> 29) -+ d.nx = uint32(n) % 64 -+ return nil -+} -+ -+func (d *_OSSL_SHA256_CTX) AppendBinary(buf []byte) ([]byte, error) { -+ buf = appendUint32(buf, d.h[0]) -+ buf = appendUint32(buf, d.h[1]) -+ buf = appendUint32(buf, d.h[2]) -+ buf = appendUint32(buf, d.h[3]) -+ buf = appendUint32(buf, d.h[4]) -+ buf = appendUint32(buf, d.h[5]) -+ buf = appendUint32(buf, d.h[6]) -+ buf = appendUint32(buf, d.h[7]) -+ buf = append(buf, d.x[:d.nx]...) -+ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) -+ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) -+ return buf, nil -+} -+ -+// _OSSL_SHA512_CTX layout is taken from -+// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L95. -+type _OSSL_SHA512_CTX struct { -+ h [8]uint64 -+ nl, nh uint64 -+ x [128]byte -+ nx uint32 -+} -+ -+func (d *_OSSL_SHA512_CTX) UnmarshalBinary(b []byte) error { -+ b, d.h[0] = consumeUint64(b) -+ b, d.h[1] = consumeUint64(b) -+ b, d.h[2] = consumeUint64(b) -+ b, d.h[3] = consumeUint64(b) -+ b, d.h[4] = consumeUint64(b) -+ b, d.h[5] = consumeUint64(b) -+ b, d.h[6] = consumeUint64(b) -+ b, d.h[7] = consumeUint64(b) -+ b = b[copy(d.x[:], b):] -+ _, n := consumeUint64(b) -+ d.nl = n << 3 -+ d.nh = n >> 61 -+ d.nx = uint32(n) % 128 -+ return nil -+} -+ -+func (d *_OSSL_SHA512_CTX) AppendBinary(buf []byte) ([]byte, error) { -+ buf = appendUint64(buf, d.h[0]) -+ buf = appendUint64(buf, d.h[1]) -+ buf = appendUint64(buf, d.h[2]) -+ buf = appendUint64(buf, d.h[3]) -+ buf = appendUint64(buf, d.h[4]) -+ buf = appendUint64(buf, d.h[5]) -+ buf = appendUint64(buf, d.h[6]) -+ buf = appendUint64(buf, d.h[7]) -+ buf = append(buf, d.x[:d.nx]...) -+ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) -+ buf = appendUint64(buf, d.nl>>3|d.nh<<61) -+ return buf, nil -+} -+ -+func getOSSLDigetsContext(ctx ossl.EVP_MD_CTX_PTR) unsafe.Pointer { -+ switch vMajor { -+ case 1: -+ // https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/crypto/evp/evp_local.h#L12. -+ type mdCtx struct { -+ _ [2]unsafe.Pointer -+ _ uint32 -+ md_data unsafe.Pointer -+ } -+ return (*mdCtx)(unsafe.Pointer(ctx)).md_data -+ case 3: -+ // The EVP_MD_CTX memory layout has changed in OpenSSL 3 -+ // and the property holding the internal structure is no longer md_data but algctx. -+ // https://github.com/openssl/openssl/blob/5675a5aaf6a2e489022bcfc18330dae9263e598e/crypto/evp/evp_local.h#L16. -+ type mdCtx struct { -+ _ [3]unsafe.Pointer -+ _ uint32 -+ _ [3]unsafe.Pointer -+ algctx unsafe.Pointer -+ } -+ return (*mdCtx)(unsafe.Pointer(ctx)).algctx -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+var errHashStateInvalid = errors.New("openssl: can't retrieve hash state") -+ -+func osslHashAppendBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, buf []byte) ([]byte, error) { -+ algctx := getOSSLDigetsContext(ctx) -+ if algctx == nil { -+ return nil, errHashStateInvalid -+ } -+ buf = append(buf, magic...) -+ switch ch { -+ case crypto.MD5: -+ d := (*_OSSL_MD5_CTX)(unsafe.Pointer(algctx)) -+ return d.AppendBinary(buf) -+ case crypto.SHA1: -+ d := (*_OSSL_SHA_CTX)(unsafe.Pointer(algctx)) -+ return d.AppendBinary(buf) -+ case crypto.SHA224, crypto.SHA256: -+ d := (*_OSSL_SHA256_CTX)(unsafe.Pointer(algctx)) -+ return d.AppendBinary(buf) -+ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: -+ d := (*_OSSL_SHA512_CTX)(unsafe.Pointer(algctx)) -+ return d.AppendBinary(buf) -+ default: -+ panic("unsupported hash " + ch.String()) -+ } -+} -+ -+func osslHashUnmarshalBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, b []byte) error { -+ algctx := getOSSLDigetsContext(ctx) -+ if algctx == nil { -+ return errHashStateInvalid -+ } -+ b = b[len(magic):] -+ switch ch { -+ case crypto.MD5: -+ d := (*_OSSL_MD5_CTX)(unsafe.Pointer(algctx)) -+ return d.UnmarshalBinary(b) -+ case crypto.SHA1: -+ d := (*_OSSL_SHA_CTX)(unsafe.Pointer(algctx)) -+ return d.UnmarshalBinary(b) -+ case crypto.SHA224, crypto.SHA256: -+ d := (*_OSSL_SHA256_CTX)(unsafe.Pointer(algctx)) -+ return d.UnmarshalBinary(b) -+ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: -+ d := (*_OSSL_SHA512_CTX)(unsafe.Pointer(algctx)) -+ return d.UnmarshalBinary(b) -+ default: -+ panic("unsupported hash " + ch.String()) -+ } -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/providersymcrypt.go b/src/vendor/github.com/golang-fips/openssl/v2/providersymcrypt.go -new file mode 100644 -index 00000000000000..693849f152f9c1 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/providersymcrypt.go -@@ -0,0 +1,338 @@ -+//go:build !cmd_go_bootstrap && cgo -+ -+package openssl -+ -+import ( -+ "crypto" -+ "errors" -+ "runtime" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// This file contains code specific to the SymCrypt provider. -+ -+const ( -+ _SCOSSL_DIGEST_PARAM_STATE cString = "state\x00" -+ _SCOSSL_DIGEST_PARAM_RECOMPUTE_CHECKSUM cString = "recompute_checksum\x00" -+) -+ -+const ( -+ _SYMCRYPT_BLOB_MAGIC = 0x636D7973 // "cysm" in little-endian -+ -+ _SymCryptBlobTypeHashState = 0x100 -+ _SymCryptBlobTypeMd2State = _SymCryptBlobTypeHashState + 1 -+ _SymCryptBlobTypeMd4State = _SymCryptBlobTypeHashState + 2 -+ _SymCryptBlobTypeMd5State = _SymCryptBlobTypeHashState + 3 -+ _SymCryptBlobTypeSha1State = _SymCryptBlobTypeHashState + 4 -+ _SymCryptBlobTypeSha256State = _SymCryptBlobTypeHashState + 5 -+ _SymCryptBlobTypeSha384State = _SymCryptBlobTypeHashState + 6 -+ _SymCryptBlobTypeSha512State = _SymCryptBlobTypeHashState + 7 -+ _SymCryptBlobTypeSha3_256State = _SymCryptBlobTypeHashState + 8 -+ _SymCryptBlobTypeSha3_384State = _SymCryptBlobTypeHashState + 9 -+ _SymCryptBlobTypeSha3_512State = _SymCryptBlobTypeHashState + 10 -+ _SymCryptBlobTypeSha224State = _SymCryptBlobTypeHashState + 11 -+ _SymCryptBlobTypeSha512_224State = _SymCryptBlobTypeHashState + 12 -+ _SymCryptBlobTypeSha512_256State = _SymCryptBlobTypeHashState + 13 -+ _SymCryptBlobTypeSha3_224State = _SymCryptBlobTypeHashState + 14 -+ -+ _SYMCRYPT_MD5_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_MD5_STATE_EXPORT_BLOB{})) -+ _SYMCRYPT_SHA1_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_SHA1_STATE_EXPORT_BLOB{})) -+ _SYMCRYPT_SHA256_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_SHA256_STATE_EXPORT_BLOB{})) -+ _SYMCRYPT_SHA512_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_SHA512_STATE_EXPORT_BLOB{})) -+) -+ -+type _SYMCRYPT_BLOB_HEADER struct { -+ magic uint32 -+ size uint32 -+ _type uint32 -+} -+ -+type _SYMCRYPT_BLOB_TRAILER struct { -+ checksum [8]uint8 -+} -+ -+// _UINT64 is a 64-bit unsigned integer, stored in native endianess. -+// It is used to represent a SymCrypt UINT64 type without making the -+// parent struct 8-byte aligned, given that the Windows ABI makes -+// the struct 4-byte aligned. -+type _UINT64 [2]uint32 -+ -+func newUINT64(v uint64) _UINT64 { -+ var u _UINT64 -+ if isBigEndian { -+ u[0], u[1] = uint32(v>>32), uint32(v) -+ } else { -+ u[0], u[1] = uint32(v), uint32(v>>32) -+ } -+ return u -+} -+ -+func (u *_UINT64) uint64() uint64 { -+ if isBigEndian { -+ return uint64(u[0])<<32 | (uint64(u[1])) -+ } -+ return uint64(u[0]) | (uint64(u[1]) << 32) -+} -+ -+// symCryptAppendBinary appends the binary representation of a SymCrypt state -+// to the given destination slice. -+func symCryptAppendBinary(dst, chain, buffer []byte, blength _UINT64) []byte { -+ length := blength.uint64() -+ var nx uint64 -+ if len(buffer) <= 64 { -+ nx = length & 0x3f -+ } else { -+ nx = length & 0x7f -+ } -+ dst = append(dst, chain...) -+ dst = append(dst, buffer[:nx]...) -+ dst = append(dst, make([]byte, len(buffer)-int(nx))...) -+ dst = appendUint64(dst, length) -+ return dst -+} -+ -+// symCryptUnmarshalBinary unmarshals the binary representation of a SymCrypt state -+// from the given source slice. It returns the length of the data. -+func symCryptUnmarshalBinary(d []byte, chain, buffer []byte) _UINT64 { -+ copy(chain[:], d) -+ d = d[len(chain):] -+ copy(buffer[:], d) -+ d = d[len(buffer):] -+ _, length := consumeUint64(d) -+ return newUINT64(length) -+} -+ -+// swapEndianessUint32 swaps the endianness of the given byte slice -+// in place. It assumes the slice is a backup of a 32-bit integer array. -+func swapEndianessUint32(d []uint8) { -+ for i := 0; i < len(d); i += 4 { -+ d[i], d[i+3] = d[i+3], d[i] -+ d[i+1], d[i+2] = d[i+2], d[i+1] -+ } -+ -+} -+ -+type _SYMCRYPT_MD5_STATE_EXPORT_BLOB struct { -+ header _SYMCRYPT_BLOB_HEADER -+ chain [16]uint8 // little endian -+ length _UINT64 // native endian -+ buffer [64]uint8 -+ _ [8]uint8 // reserved -+ _ _SYMCRYPT_BLOB_TRAILER -+} -+ -+func (b *_SYMCRYPT_MD5_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { -+ // b.chain is little endian, but Go expects big endian, -+ // we need to swap the bytes. -+ swapEndianessUint32(b.chain[:]) -+ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.length), nil -+} -+ -+func (b *_SYMCRYPT_MD5_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { -+ b.length = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) -+ swapEndianessUint32(b.chain[:]) -+} -+ -+type _SYMCRYPT_SHA1_STATE_EXPORT_BLOB struct { -+ header _SYMCRYPT_BLOB_HEADER -+ chain [20]uint8 // big endian -+ length _UINT64 // native endian -+ buffer [64]uint8 -+ _ [8]uint8 // reserved -+ _ _SYMCRYPT_BLOB_TRAILER -+} -+ -+func (b *_SYMCRYPT_SHA1_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { -+ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.length), nil -+} -+ -+func (b *_SYMCRYPT_SHA1_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { -+ b.length = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) -+} -+ -+type _SYMCRYPT_SHA256_STATE_EXPORT_BLOB struct { -+ header _SYMCRYPT_BLOB_HEADER -+ chain [32]uint8 // big endian -+ length _UINT64 // native endian -+ buffer [64]uint8 -+ _ [8]uint8 // reserved -+ _ _SYMCRYPT_BLOB_TRAILER -+} -+ -+func (b *_SYMCRYPT_SHA256_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { -+ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.length), nil -+} -+ -+func (b *_SYMCRYPT_SHA256_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { -+ b.length = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) -+} -+ -+type _SYMCRYPT_SHA512_STATE_EXPORT_BLOB struct { -+ header _SYMCRYPT_BLOB_HEADER -+ chain [64]uint8 // big endian -+ lengthL _UINT64 // native endian -+ lengthH _UINT64 // native endian -+ buffer [128]uint8 -+ _ [8]uint8 // reserved -+ _ _SYMCRYPT_BLOB_TRAILER -+} -+ -+func (b *_SYMCRYPT_SHA512_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { -+ if b.lengthH.uint64() != 0 { -+ return nil, errors.New("exporting state with more than 2^63-1 bytes of data is not supported") -+ } -+ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.lengthL), nil -+} -+ -+func (b *_SYMCRYPT_SHA512_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { -+ b.lengthL = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) -+} -+ -+func symCryptHashAppendBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, buf []byte) ([]byte, error) { -+ size, typ := symCryptHashStateInfo(ch) -+ state := make([]byte, size, _SYMCRYPT_SHA512_STATE_EXPORT_SIZE) // 512 is the largest size -+ var pinner runtime.Pinner -+ pinner.Pin(&state[0]) -+ defer pinner.Unpin() -+ params := [2]ossl.OSSL_PARAM{ -+ ossl.OSSL_PARAM_construct_octet_string(_SCOSSL_DIGEST_PARAM_STATE.ptr(), unsafe.Pointer(&state[0]), len(state)), -+ ossl.OSSL_PARAM_construct_end(), -+ } -+ if _, err := ossl.EVP_MD_CTX_get_params(ctx, (ossl.OSSL_PARAM_PTR)(unsafe.Pointer(¶ms[0]))); err != nil { -+ return nil, err -+ } -+ if !ossl.OSSL_PARAM_modified(¶ms[0]) { -+ return nil, errors.New("EVP_MD_CTX_get_params did not retrieve the state") -+ } -+ -+ header := (*_SYMCRYPT_BLOB_HEADER)(unsafe.Pointer(&state[0])) -+ if header.magic != _SYMCRYPT_BLOB_MAGIC { -+ return nil, errors.New("invalid blob magic") -+ } -+ if header.size != size { -+ return nil, errors.New("invalid blob size") -+ } -+ if header._type != typ { -+ return nil, errors.New("invalid blob type") -+ } -+ -+ buf = append(buf, magic...) -+ switch ch { -+ case crypto.MD5: -+ blob := (*_SYMCRYPT_MD5_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) -+ return blob.appendBinary(buf) -+ case crypto.SHA1: -+ blob := (*_SYMCRYPT_SHA1_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) -+ return blob.appendBinary(buf) -+ case crypto.SHA224, crypto.SHA256: -+ blob := (*_SYMCRYPT_SHA256_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) -+ return blob.appendBinary(buf) -+ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: -+ blob := (*_SYMCRYPT_SHA512_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) -+ return blob.appendBinary(buf) -+ default: -+ panic("unsupported hash " + ch.String()) -+ } -+} -+ -+func symCryptHashUnmarshalBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, b []byte) error { -+ size, typ := symCryptHashStateInfo(ch) -+ hdr := _SYMCRYPT_BLOB_HEADER{ -+ magic: _SYMCRYPT_BLOB_MAGIC, -+ size: size, -+ _type: typ, -+ } -+ var blobPtr unsafe.Pointer -+ b = b[len(magic):] -+ switch ch { -+ case crypto.MD5: -+ var blob _SYMCRYPT_MD5_STATE_EXPORT_BLOB -+ blobPtr = unsafe.Pointer(&blob) -+ blob.header = hdr -+ blob.unmarshalBinary(b) -+ case crypto.SHA1: -+ var blob _SYMCRYPT_SHA1_STATE_EXPORT_BLOB -+ blobPtr = unsafe.Pointer(&blob) -+ blob.header = hdr -+ blob.unmarshalBinary(b) -+ case crypto.SHA224, crypto.SHA256: -+ var blob _SYMCRYPT_SHA256_STATE_EXPORT_BLOB -+ blobPtr = unsafe.Pointer(&blob) -+ blob.header = hdr -+ blob.unmarshalBinary(b) -+ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: -+ var blob _SYMCRYPT_SHA512_STATE_EXPORT_BLOB -+ blobPtr = unsafe.Pointer(&blob) -+ blob.header = hdr -+ blob.unmarshalBinary(b) -+ default: -+ panic("unsupported hash " + ch.String()) -+ } -+ var checksum int32 = 1 -+ var pinner runtime.Pinner -+ pinner.Pin(blobPtr) -+ pinner.Pin(&checksum) -+ defer pinner.Unpin() -+ params := [3]ossl.OSSL_PARAM{ -+ ossl.OSSL_PARAM_construct_octet_string(_SCOSSL_DIGEST_PARAM_STATE.ptr(), blobPtr, int(hdr.size)), -+ ossl.OSSL_PARAM_construct_int32(_SCOSSL_DIGEST_PARAM_RECOMPUTE_CHECKSUM.ptr(), &checksum), -+ ossl.OSSL_PARAM_construct_end(), -+ } -+ _, err := ossl.EVP_MD_CTX_set_params(ctx, (ossl.OSSL_PARAM_PTR)(unsafe.Pointer(¶ms[0]))) -+ return err -+} -+ -+func symCryptHashStateInfo(ch crypto.Hash) (size, typ uint32) { -+ switch ch { -+ case crypto.MD5: -+ return _SYMCRYPT_MD5_STATE_EXPORT_SIZE, _SymCryptBlobTypeMd5State -+ case crypto.SHA1: -+ return _SYMCRYPT_SHA1_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha1State -+ case crypto.SHA224: -+ return _SYMCRYPT_SHA256_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha224State -+ case crypto.SHA256: -+ return _SYMCRYPT_SHA256_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha256State -+ case crypto.SHA384: -+ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha384State -+ case crypto.SHA512_224: -+ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha512_224State -+ case crypto.SHA512_256: -+ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha512_256State -+ case crypto.SHA512: -+ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha512State -+ default: -+ panic("unsupported hash " + ch.String()) -+ } -+} -+ -+// isSymCryptHashStateSerializable checks if the SymCrypt hash state is serializable. -+func isSymCryptHashStateSerializable(md ossl.EVP_MD_PTR) bool { -+ ctx, err := ossl.EVP_MD_CTX_new() -+ if err != nil { -+ return false -+ } -+ defer ossl.EVP_MD_CTX_free(ctx) -+ if _, err := ossl.EVP_DigestInit_ex(ctx, md, nil); err != nil { -+ return false -+ } -+ params, err := ossl.EVP_MD_CTX_gettable_params(ctx) -+ if err != nil { -+ return false -+ } -+ if _, err = ossl.OSSL_PARAM_locate_const(params, _SCOSSL_DIGEST_PARAM_STATE.ptr()); err != nil { -+ return false -+ } -+ params, err = ossl.EVP_MD_CTX_settable_params(ctx) -+ if err != nil { -+ return false -+ } -+ if _, err = ossl.OSSL_PARAM_locate_const(params, _SCOSSL_DIGEST_PARAM_STATE.ptr()); err != nil { -+ return false -+ } -+ if _, err = ossl.OSSL_PARAM_locate_const(params, _SCOSSL_DIGEST_PARAM_RECOMPUTE_CHECKSUM.ptr()); err != nil { -+ return false -+ } -+ return true -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/rand.go b/src/vendor/github.com/golang-fips/openssl/v2/rand.go -new file mode 100644 -index 00000000000000..34f376bed8f091 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/rand.go -@@ -0,0 +1,22 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import "github.com/golang-fips/openssl/v2/internal/ossl" -+ -+type randReader int -+ -+func (randReader) Read(b []byte) (int, error) { -+ if len(b) == 0 { -+ return 0, nil -+ } -+ // Note: RAND_bytes should never fail; the return value exists only for historical reasons. -+ // We check it even so. -+ if _, err := ossl.RAND_bytes(base(b), int32(len(b))); err != nil { -+ return 0, err -+ } -+ return len(b), nil -+} -+ -+const RandReader = randReader(0) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/rc4.go b/src/vendor/github.com/golang-fips/openssl/v2/rc4.go -new file mode 100644 -index 00000000000000..b585668e281d2a ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/rc4.go -@@ -0,0 +1,69 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "runtime" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// SupportsRC4 returns true if NewRC4Cipher is supported. -+func SupportsRC4() bool { -+ // True for stock OpenSSL 1 w/o FIPS. -+ // False for stock OpenSSL 3 unless the legacy provider is available. -+ return (versionAtOrAbove(3, 0, 0) || !FIPS()) && loadCipher(cipherRC4, cipherModeNone) != nil -+} -+ -+// A RC4Cipher is an instance of RC4 using a particular key. -+type RC4Cipher struct { -+ ctx ossl.EVP_CIPHER_CTX_PTR -+} -+ -+// NewRC4Cipher creates and returns a new Cipher. -+func NewRC4Cipher(key []byte) (*RC4Cipher, error) { -+ ctx, err := newCipherCtx(cipherRC4, cipherModeNone, cipherOpEncrypt, key, nil) -+ if err != nil { -+ return nil, err -+ } -+ c := &RC4Cipher{ctx} -+ runtime.SetFinalizer(c, (*RC4Cipher).finalize) -+ return c, nil -+} -+ -+func (c *RC4Cipher) finalize() { -+ if c.ctx != nil { -+ ossl.EVP_CIPHER_CTX_free(c.ctx) -+ } -+} -+ -+// Reset zeros the key data and makes the Cipher unusable. -+func (c *RC4Cipher) Reset() { -+ if c.ctx != nil { -+ ossl.EVP_CIPHER_CTX_free(c.ctx) -+ c.ctx = nil -+ } -+} -+ -+// XORKeyStream sets dst to the result of XORing src with the key stream. -+// Dst and src must overlap entirely or not at all. -+func (c *RC4Cipher) XORKeyStream(dst, src []byte) { -+ if c.ctx == nil || len(src) == 0 { -+ return -+ } -+ if inexactOverlap(dst[:len(src)], src) { -+ panic("crypto/rc4: invalid buffer overlap") -+ } -+ // panic if len(dst) < len(src) with a runtime out of bound error, -+ // which is what crypto/rc4 does. -+ _ = dst[len(src)-1] -+ var outLen int32 -+ if _, err := ossl.EVP_EncryptUpdate(c.ctx, base(dst), &outLen, base(src), int32(len(src))); err != nil { -+ panic("crypto/rc4: " + err.Error()) -+ } -+ if int(outLen) != len(src) { -+ panic("crypto/rc4: src not fully XORed") -+ } -+ runtime.KeepAlive(c) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/rsa.go b/src/vendor/github.com/golang-fips/openssl/v2/rsa.go -new file mode 100644 -index 00000000000000..7c1a3f06f5ec40 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/rsa.go -@@ -0,0 +1,366 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "crypto" -+ "crypto/subtle" -+ "errors" -+ "hash" -+ "runtime" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { -+ bad := func(e error) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { -+ return nil, nil, nil, nil, nil, nil, nil, nil, e -+ } -+ pkey, err := generateEVPPKey(ossl.EVP_PKEY_RSA, int32(bits), "") -+ if err != nil { -+ return bad(err) -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ switch vMajor { -+ case 1: -+ key, err := ossl.EVP_PKEY_get1_RSA(pkey) -+ if err != nil { -+ return bad(err) -+ } -+ defer ossl.RSA_free(key) -+ var n, e, d, p, q, dmp1, dmq1, iqmp ossl.BIGNUM_PTR -+ ossl.RSA_get0_key(key, &n, &e, &d) -+ ossl.RSA_get0_factors(key, &p, &q) -+ ossl.RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp) -+ N, E, D = bnToBig(n), bnToBig(e), bnToBig(d) -+ P, Q = bnToBig(p), bnToBig(q) -+ Dp, Dq, Qinv = bnToBig(dmp1), bnToBig(dmq1), bnToBig(iqmp) -+ case 3: -+ tmp, err := ossl.BN_new() -+ if err != nil { -+ return bad(err) -+ } -+ defer func() { -+ ossl.BN_clear_free(tmp) -+ }() -+ setBigInt := func(bi *BigInt, param cString) bool { -+ if err != nil { -+ return false -+ } -+ if _, err = ossl.EVP_PKEY_get_bn_param(pkey, param.ptr(), &tmp); err != nil { -+ return false -+ } -+ *bi = bnToBig(tmp) -+ ossl.BN_clear(tmp) -+ return true -+ } -+ if !(setBigInt(&N, _OSSL_PKEY_PARAM_RSA_N) && -+ setBigInt(&E, _OSSL_PKEY_PARAM_RSA_E) && -+ setBigInt(&D, _OSSL_PKEY_PARAM_RSA_D) && -+ setBigInt(&P, _OSSL_PKEY_PARAM_RSA_FACTOR1) && -+ setBigInt(&Q, _OSSL_PKEY_PARAM_RSA_FACTOR2) && -+ setBigInt(&Dp, _OSSL_PKEY_PARAM_RSA_EXPONENT1) && -+ setBigInt(&Dq, _OSSL_PKEY_PARAM_RSA_EXPONENT2) && -+ setBigInt(&Qinv, _OSSL_PKEY_PARAM_RSA_COEFFICIENT1)) { -+ return bad(err) -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ return -+} -+ -+type PublicKeyRSA struct { -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func NewPublicKeyRSA(n, e BigInt) (*PublicKeyRSA, error) { -+ var pkey ossl.EVP_PKEY_PTR -+ switch vMajor { -+ case 1: -+ key, err := ossl.RSA_new() -+ if err != nil { -+ return nil, err -+ } -+ // No need to check for errors here, RSA_set0_* functions will fail -+ // if the BNs are NULL and we will free non-NULL BNs in the error handling. -+ bn, _ := bigToBN(n) -+ be, _ := bigToBN(e) -+ if _, err := ossl.RSA_set0_key(key, bn, be, nil); err != nil { -+ ossl.BN_free(bn) -+ ossl.BN_free(be) -+ ossl.RSA_free(key) -+ return nil, err -+ } -+ pkey, err = ossl.EVP_PKEY_new() -+ if err != nil { -+ ossl.RSA_free(key) -+ return nil, err -+ } -+ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_RSA, (unsafe.Pointer)(key)); err != nil { -+ ossl.RSA_free(key) -+ ossl.EVP_PKEY_free(pkey) -+ return nil, err -+ } -+ case 3: -+ var err error -+ if pkey, err = newRSAKey3(false, n, e, nil, nil, nil, nil, nil, nil); err != nil { -+ return nil, err -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ k := &PublicKeyRSA{_pkey: pkey} -+ runtime.SetFinalizer(k, (*PublicKeyRSA).finalize) -+ return k, nil -+} -+ -+func (k *PublicKeyRSA) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PublicKeyRSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { -+ // Because of the finalizer, any time _pkey is passed to cgo, that call must -+ // be followed by a call to runtime.KeepAlive, to make sure k is not -+ // collected (and finalized) before the cgo call returns. -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} -+ -+type PrivateKeyRSA struct { -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func NewPrivateKeyRSA(n, e, d, p, q, dp, dq, qinv BigInt) (*PrivateKeyRSA, error) { -+ var pkey ossl.EVP_PKEY_PTR -+ switch vMajor { -+ case 1: -+ key, err := ossl.RSA_new() -+ if err != nil { -+ return nil, err -+ } -+ // No need to check for errors here, RSA_set0_* functions will fail -+ // if the BNs are NULL and we will free non-NULL BNs in the error handling. -+ bn, _ := bigToBN(n) -+ be, _ := bigToBN(e) -+ bd, _ := bigToBN(d) -+ if _, err := ossl.RSA_set0_key(key, bn, be, bd); err != nil { -+ ossl.BN_free(bn) -+ ossl.BN_free(be) -+ ossl.BN_clear_free(bd) -+ return nil, err -+ } -+ if p != nil && q != nil { -+ bp, _ := bigToBN(p) -+ bq, _ := bigToBN(q) -+ if _, err := ossl.RSA_set0_factors(key, bp, bq); err != nil { -+ ossl.BN_clear_free(bp) -+ ossl.BN_clear_free(bq) -+ return nil, err -+ } -+ } -+ if dp != nil && dq != nil && qinv != nil { -+ bdp, _ := bigToBN(dp) -+ bdq, _ := bigToBN(dq) -+ bqinv, _ := bigToBN(qinv) -+ if _, err := ossl.RSA_set0_crt_params(key, bdp, bdq, bqinv); err != nil { -+ ossl.BN_free(bdp) -+ ossl.BN_free(bdq) -+ ossl.BN_free(bqinv) -+ return nil, err -+ } -+ } -+ pkey, err = ossl.EVP_PKEY_new() -+ if err != nil { -+ ossl.RSA_free(key) -+ return nil, err -+ } -+ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_RSA, (unsafe.Pointer)(key)); err != nil { -+ ossl.RSA_free(key) -+ ossl.EVP_PKEY_free(pkey) -+ return nil, err -+ } -+ case 3: -+ var err error -+ if pkey, err = newRSAKey3(true, n, e, d, p, q, dp, dq, qinv); err != nil { -+ return nil, err -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ k := &PrivateKeyRSA{_pkey: pkey} -+ runtime.SetFinalizer(k, (*PrivateKeyRSA).finalize) -+ return k, nil -+} -+ -+func (k *PrivateKeyRSA) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PrivateKeyRSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { -+ // Because of the finalizer, any time _pkey is passed to cgo, that call must -+ // be followed by a call to runtime.KeepAlive, to make sure k is not -+ // collected (and finalized) before the cgo call returns. -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} -+ -+func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { -+ return evpDecrypt(priv.withKey, ossl.RSA_PKCS1_OAEP_PADDING, h, mgfHash, label, ciphertext) -+} -+ -+func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) { -+ return evpEncrypt(pub.withKey, ossl.RSA_PKCS1_OAEP_PADDING, h, mgfHash, label, msg) -+} -+ -+func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ return evpDecrypt(priv.withKey, ossl.RSA_PKCS1_PADDING, nil, nil, nil, ciphertext) -+} -+ -+func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) { -+ return evpEncrypt(pub.withKey, ossl.RSA_PKCS1_PADDING, nil, nil, nil, msg) -+} -+ -+func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ ret, err := evpDecrypt(priv.withKey, ossl.RSA_NO_PADDING, nil, nil, nil, ciphertext) -+ if err != nil { -+ return nil, err -+ } -+ // We could return here, but the Go standard library test expects DecryptRSANoPadding to verify the result -+ // in order to defend against errors in the CRT computation. -+ // -+ // The following code tries to replicate the verification implemented in the upstream function decryptAndCheck, found at -+ // https://github.com/golang/go/blob/9de1ac6ac2cad3871760d0aa288f5ca713afd0a6/src/crypto/rsa/rsa.go#L569-L582. -+ pub := &PublicKeyRSA{_pkey: priv._pkey} -+ // A private EVP_PKEY can be used as a public key as it contains the public information. -+ enc, err := EncryptRSANoPadding(pub, ret) -+ if err != nil { -+ return nil, err -+ } -+ // Upstream does not do a constant time comparison because it works with math/big instead of byte slices, -+ // and math/big does not support constant-time arithmetic yet. See #20654 for more info. -+ if subtle.ConstantTimeCompare(ciphertext, enc) != 1 { -+ return nil, errors.New("rsa: internal error") -+ } -+ return ret, nil -+} -+ -+func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) { -+ return evpEncrypt(pub.withKey, ossl.RSA_NO_PADDING, nil, nil, nil, msg) -+} -+ -+func saltLength(saltLen int, sign bool) (int32, error) { -+ // A salt length of -2 is valid in OpenSSL, but not in crypto/rsa, so reject -+ // it, and lengths < -2, before we convert to the OpenSSL sentinel values. -+ if saltLen <= -2 { -+ return 0, errors.New("crypto/rsa: invalid PSS salt length") -+ } -+ // OpenSSL uses sentinel salt length values like Go crypto does, -+ // but the values don't fully match for rsa.PSSSaltLengthAuto (0). -+ if saltLen == 0 { -+ if sign { -+ if vMajor == 1 { -+ // OpenSSL 1.x uses -2 to mean maximal size when signing where Go crypto uses 0. -+ return ossl.RSA_PSS_SALTLEN_MAX_SIGN, nil -+ } -+ // OpenSSL 3.x deprecated RSA_PSS_SALTLEN_MAX_SIGN -+ // and uses -3 to mean maximal size when signing where Go crypto uses 0. -+ return ossl.RSA_PSS_SALTLEN_MAX, nil -+ } -+ // OpenSSL uses -2 to mean auto-detect size when verifying where Go crypto uses 0. -+ return ossl.RSA_PSS_SALTLEN_AUTO, nil -+ } -+ return int32(saltLen), nil -+} -+ -+func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { -+ cSaltLen, err := saltLength(saltLen, true) -+ if err != nil { -+ return nil, err -+ } -+ return evpSign(priv.withKey, ossl.RSA_PKCS1_PSS_PADDING, cSaltLen, h, hashed) -+} -+ -+func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { -+ cSaltLen, err := saltLength(saltLen, false) -+ if err != nil { -+ return err -+ } -+ return evpVerify(pub.withKey, ossl.RSA_PKCS1_PSS_PADDING, cSaltLen, h, sig, hashed) -+} -+ -+func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { -+ return evpSign(priv.withKey, ossl.RSA_PKCS1_PADDING, 0, h, hashed) -+} -+ -+func HashSignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte) ([]byte, error) { -+ return evpHashSign(priv.withKey, h, msg) -+} -+ -+func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { -+ defer runtime.KeepAlive(pub) -+ var size int32 -+ if err := pub.withKey(func(pkey ossl.EVP_PKEY_PTR) (err error) { -+ size, err = ossl.EVP_PKEY_get_size(pkey) -+ if err != nil { -+ return err -+ } -+ if len(sig) < int(size) { -+ return errors.New("crypto/rsa: verification error") -+ } -+ return nil -+ }); err != nil { -+ return err -+ } -+ return evpVerify(pub.withKey, ossl.RSA_PKCS1_PADDING, 0, h, sig, hashed) -+} -+ -+func HashVerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, msg, sig []byte) error { -+ return evpHashVerify(pub.withKey, h, msg, sig) -+} -+ -+func newRSAKey3(isPriv bool, n, e, d, p, q, dp, dq, qinv BigInt) (ossl.EVP_PKEY_PTR, error) { -+ bld, err := newParamBuilder() -+ if err != nil { -+ return nil, err -+ } -+ defer bld.finalize() -+ -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_N, n, false) -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_E, e, false) -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_D, d, false) -+ -+ if p != nil && q != nil { -+ allPrecomputedExists := dp != nil && dq != nil && qinv != nil -+ // The precomputed values should only be passed if P and Q are present -+ // and every precomputed value is present. (If any precomputed value is -+ // missing, don't pass any of them.) -+ // -+ // In OpenSSL 3.0 and 3.1, we must also omit P and Q if any precomputed -+ // value is missing. See https://github.com/openssl/openssl/pull/22334 -+ if vMinor >= 2 || allPrecomputedExists { -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_FACTOR1, p, true) -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_FACTOR2, q, true) -+ } -+ if allPrecomputedExists { -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_EXPONENT1, dp, true) -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_EXPONENT2, dq, true) -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_COEFFICIENT1, qinv, true) -+ } -+ } -+ -+ params, err := bld.build() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ selection := ossl.EVP_PKEY_PUBLIC_KEY -+ if isPriv { -+ selection = ossl.EVP_PKEY_KEYPAIR -+ } -+ return newEvpFromParams(ossl.EVP_PKEY_RSA, int32(selection), params) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go b/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go -new file mode 100644 -index 00000000000000..55fc0332c22d74 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go -@@ -0,0 +1,159 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import ( -+ "crypto" -+ "errors" -+ "hash" -+ "sync" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+func SupportsTLS1PRF() bool { -+ switch vMajor { -+ case 1: -+ return vMinor >= 1 -+ case 3: -+ _, err := fetchTLS1PRF3() -+ return err == nil -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+// TLS1PRF implements the TLS 1.0/1.1 pseudo-random function if h is nil, -+// else it implements the TLS 1.2 pseudo-random function. -+// The pseudo-random number will be written to result and will be of length len(result). -+func TLS1PRF(result, secret, label, seed []byte, fh func() hash.Hash) error { -+ var md ossl.EVP_MD_PTR -+ if fh == nil { -+ // TLS 1.0/1.1 PRF doesn't allow to specify the hash function, -+ // it always uses MD5SHA1. If h is nil, then assume -+ // that the caller wants to use TLS 1.0/1.1 PRF. -+ // OpenSSL detects this case by checking if the hash -+ // function is MD5SHA1. -+ md = loadHash(crypto.MD5SHA1).md -+ } else { -+ h, err := hashFuncHash(fh) -+ if err != nil { -+ return err -+ } -+ md = hashToMD(h) -+ } -+ if md == nil { -+ return errors.New("unsupported hash function") -+ } -+ -+ switch vMajor { -+ case 1: -+ return tls1PRF1(result, secret, label, seed, md) -+ case 3: -+ return tls1PRF3(result, secret, label, seed, md) -+ default: -+ return errUnsupportedVersion() -+ } -+} -+ -+// tls1PRF1 implements TLS1PRF for OpenSSL 1 using the EVP_PKEY API. -+func tls1PRF1(result, secret, label, seed []byte, md ossl.EVP_MD_PTR) error { -+ checkMajorVersion(1) -+ -+ ctx, err := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_TLS1_PRF, nil) -+ if err != nil { -+ return err -+ } -+ defer func() { -+ ossl.EVP_PKEY_CTX_free(ctx) -+ }() -+ -+ if _, err := ossl.EVP_PKEY_derive_init(ctx); err != nil { -+ return err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, -+ ossl.EVP_PKEY_OP_DERIVE, -+ ossl.EVP_PKEY_CTRL_TLS_MD, -+ 0, unsafe.Pointer(md)); err != nil { -+ return err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, -+ ossl.EVP_PKEY_OP_DERIVE, -+ ossl.EVP_PKEY_CTRL_TLS_SECRET, -+ int32(len(secret)), unsafe.Pointer(base(secret))); err != nil { -+ return err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, -+ ossl.EVP_PKEY_OP_DERIVE, -+ ossl.EVP_PKEY_CTRL_TLS_SEED, -+ int32(len(label)), unsafe.Pointer(base(label))); err != nil { -+ return err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, -+ ossl.EVP_PKEY_OP_DERIVE, -+ ossl.EVP_PKEY_CTRL_TLS_SEED, -+ int32(len(seed)), unsafe.Pointer(base(seed))); err != nil { -+ return err -+ } -+ outLen := len(result) -+ if _, err := ossl.EVP_PKEY_derive(ctx, base(result), &outLen); err != nil { -+ return err -+ } -+ // The Go standard library expects TLS1PRF to return the requested number of bytes, -+ // fail if it doesn't. While there is no known situation where this will happen, -+ // EVP_PKEY_derive handles multiple algorithms and there could be a subtle mismatch -+ // after more code changes in the future. -+ if outLen != len(result) { -+ return errors.New("tls1-prf: derived less bytes than requested") -+ } -+ return nil -+} -+ -+// fetchTLS1PRF3 fetches the TLS1-PRF KDF algorithm. -+// It is safe to call this function concurrently. -+// The returned EVP_KDF_PTR shouldn't be freed. -+var fetchTLS1PRF3 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { -+ checkMajorVersion(3) -+ -+ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_TLS1_PRF.ptr(), nil) -+ if err != nil { -+ return nil, err -+ } -+ return kdf, nil -+}) -+ -+// tls1PRF3 implements TLS1PRF for OpenSSL 3 using the EVP_KDF API. -+func tls1PRF3(result, secret, label, seed []byte, md ossl.EVP_MD_PTR) error { -+ checkMajorVersion(3) -+ -+ kdf, err := fetchTLS1PRF3() -+ if err != nil { -+ return err -+ } -+ ctx, err := ossl.EVP_KDF_CTX_new(kdf) -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_KDF_CTX_free(ctx) -+ -+ bld, err := newParamBuilder() -+ if err != nil { -+ return err -+ } -+ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) -+ bld.addOctetString(_OSSL_KDF_PARAM_SECRET, secret) -+ bld.addOctetString(_OSSL_KDF_PARAM_SEED, label) -+ bld.addOctetString(_OSSL_KDF_PARAM_SEED, seed) -+ params, err := bld.build() -+ if err != nil { -+ return err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ -+ if _, err := ossl.EVP_KDF_derive(ctx, base(result), len(result), params); err != nil { -+ return err -+ } -+ return nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/zaes.go b/src/vendor/github.com/golang-fips/openssl/v2/zaes.go -new file mode 100644 -index 00000000000000..e60a5dde390be6 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/zaes.go -@@ -0,0 +1,86 @@ -+// Code generated by cmd/genaesmodes. DO NOT EDIT. -+ -+//go:build cgo && !cmd_go_bootstrap -+ -+package openssl -+ -+import "crypto/cipher" -+ -+type cipherWithCBC struct { -+ aesCipher -+} -+ -+type cipherWithCTR struct { -+ aesCipher -+} -+ -+type cipherWithCBC_CTR struct { -+ aesCipher -+ cipherWithCBC -+ cipherWithCTR -+} -+ -+type cipherWithGCM struct { -+ aesCipher -+} -+ -+type cipherWithCBC_GCM struct { -+ aesCipher -+ cipherWithCBC -+ cipherWithGCM -+} -+ -+type cipherWithCTR_GCM struct { -+ aesCipher -+ cipherWithCTR -+ cipherWithGCM -+} -+ -+type cipherWithCBC_CTR_GCM struct { -+ aesCipher -+ cipherWithCBC -+ cipherWithCTR -+ cipherWithGCM -+} -+ -+func newAESBlock(c *evpCipher, kind cipherKind) cipher.Block { -+ aes := aesCipher{c} -+ var block cipher.Block -+ supportsCBC := loadCipher(kind, cipherModeCBC) != nil -+ supportsCTR := loadCipher(kind, cipherModeCTR) != nil -+ supportsGCM := loadCipher(kind, cipherModeGCM) != nil -+ switch { -+ case !supportsCBC && !supportsCTR && !supportsGCM: -+ block = aes -+ case supportsCBC && !supportsCTR && !supportsGCM: -+ block = cipherWithCBC{aes} -+ case !supportsCBC && supportsCTR && !supportsGCM: -+ block = cipherWithCTR{aes} -+ case supportsCBC && supportsCTR && !supportsGCM: -+ block = cipherWithCBC_CTR{aes, -+ cipherWithCBC{aes}, -+ cipherWithCTR{aes}, -+ } -+ case !supportsCBC && !supportsCTR && supportsGCM: -+ block = cipherWithGCM{aes} -+ case supportsCBC && !supportsCTR && supportsGCM: -+ block = cipherWithCBC_GCM{aes, -+ cipherWithCBC{aes}, -+ cipherWithGCM{aes}, -+ } -+ case !supportsCBC && supportsCTR && supportsGCM: -+ block = cipherWithCTR_GCM{aes, -+ cipherWithCTR{aes}, -+ cipherWithGCM{aes}, -+ } -+ case supportsCBC && supportsCTR && supportsGCM: -+ block = cipherWithCBC_CTR_GCM{aes, -+ cipherWithCBC{aes}, -+ cipherWithCTR{aes}, -+ cipherWithGCM{aes}, -+ } -+ default: -+ panic("unreachable") -+ } -+ return block -+} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE b/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE -new file mode 100644 -index 00000000000000..9e841e7a26e4eb ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE -@@ -0,0 +1,21 @@ -+ MIT License -+ -+ Copyright (c) Microsoft Corporation. -+ -+ Permission is hereby granted, free of charge, to any person obtaining a copy -+ of this software and associated documentation files (the "Software"), to deal -+ in the Software without restriction, including without limitation the rights -+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ copies of the Software, and to permit persons to whom the Software is -+ furnished to do so, subject to the following conditions: -+ -+ The above copyright notice and this permission notice shall be included in all -+ copies or substantial portions of the Software. -+ -+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -+ SOFTWARE -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go b/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go -new file mode 100644 -index 00000000000000..73891afeab93d7 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go -@@ -0,0 +1,31 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+package bbig -+ -+import ( -+ "math/big" -+ -+ "github.com/microsoft/go-crypto-darwin/xcrypto" -+) -+ -+func Enc(b *big.Int) xcrypto.BigInt { -+ if b == nil { -+ return nil -+ } -+ x := b.Bytes() -+ if len(x) == 0 { -+ return xcrypto.BigInt{} -+ } -+ return x -+} -+ -+func Dec(b xcrypto.BigInt) *big.Int { -+ if b == nil { -+ return nil -+ } -+ if len(b) == 0 { -+ return new(big.Int) -+ } -+ return new(big.Int).SetBytes(b) -+} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit.o b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit.o +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit.o b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit.o new file mode 100644 index 0000000000000000000000000000000000000000..0f28482a272ec4195170331ca856d75840fb8859 GIT binary patch @@ -13854,413 +3167,10361 @@ HcmV?d00001 diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cgo_go124.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cgo_go124.go new file mode 100644 -index 00000000000000..d0c5f989546d15 +index 00000000000000..d0c5f989546d15 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cgo_go124.go +@@ -0,0 +1,40 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build go1.24 && darwin ++ ++package cryptokit ++ ++// See xcrypto/cgo_go124.go for context. ++ ++/* ++#cgo noescape MD5 ++#cgo nocallback MD5 ++#cgo noescape SHA1 ++#cgo nocallback SHA1 ++#cgo noescape SHA256 ++#cgo nocallback SHA256 ++#cgo noescape SHA384 ++#cgo nocallback SHA384 ++#cgo noescape SHA512 ++#cgo nocallback SHA512 ++ ++#cgo noescape hashWrite ++#cgo noescape hashSum ++#cgo nocallback hashNew ++#cgo nocallback hashWrite ++#cgo nocallback hashSum ++#cgo nocallback hashReset ++#cgo nocallback hashSize ++#cgo nocallback hashBlockSize ++#cgo nocallback hashCopy ++#cgo nocallback hashFree ++ ++#cgo noescape updateHMAC ++#cgo noescape finalizeHMAC ++#cgo nocallback initHMAC ++#cgo nocallback freeHMAC ++#cgo nocallback updateHMAC ++#cgo nocallback finalizeHMAC ++*/ ++import "C" +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.go +new file mode 100644 +index 00000000000000..9f05af66b277d3 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.go +@@ -0,0 +1,39 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package cryptokit ++ ++// #cgo CFLAGS: -Wno-deprecated-declarations ++// #cgo LDFLAGS: -framework Security -framework CoreFoundation -L /Library/Developer/CommandLineTools/usr/lib/swift/macosx ${SRCDIR}/CryptoKit.o ++import "C" ++import "unsafe" ++ ++// base returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++func base(b []byte) *C.uchar { ++ return (*C.uchar)(unsafe.Pointer(addr(b))) ++} ++ ++// base returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++func addr(b []byte) *byte { ++ if len(b) == 0 { ++ return nil ++ } ++ return unsafe.SliceData(b) ++} ++ ++var zero byte ++ ++// addrNeverEmpty returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++// If b is empty, it returns a pointer to a zero byte ++// so that it can always be dereferenced. ++func addrNeverEmpty(b []byte) *byte { ++ if len(b) == 0 { ++ return &zero ++ } ++ return unsafe.SliceData(b) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.h +new file mode 100644 +index 00000000000000..8306f0f74e055b +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.h +@@ -0,0 +1,67 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++#ifndef CRYPTOKIT_H ++#define CRYPTOKIT_H ++ ++#include ++#include ++ ++// AES GCM encryption and decryption ++int encryptAESGCM(const uint8_t *key, size_t keyLength, const uint8_t *data, ++ size_t dataLength, const uint8_t *nonce, size_t nonceLength, ++ const uint8_t *aad, size_t aadLength, uint8_t *cipherText, ++ size_t cipherTextLength, uint8_t *tag); ++int decryptAESGCM(const uint8_t *key, size_t keyLength, const uint8_t *data, ++ size_t dataLength, const uint8_t *nonce, size_t nonceLength, ++ const uint8_t *aad, size_t aadLength, const uint8_t *tag, ++ size_t tagLength, uint8_t *out, size_t *outLength); ++ ++// Generates an Ed25519 keypair. ++// The private key is 64 bytes (first 32 bytes are the seed, next 32 bytes are ++// the public key). The public key is 32 bytes. ++void generateKeyEd25519(uint8_t *key); ++int newPrivateKeyEd25519FromSeed(uint8_t *key, const uint8_t *seed); ++int newPublicKeyEd25519(uint8_t *key, const uint8_t *pub); ++int signEd25519(const uint8_t *privateKey, const uint8_t *message, ++ size_t messageLength, uint8_t *sigBuffer); ++int verifyEd25519(const uint8_t *publicKey, const uint8_t *message, ++ size_t messageLength, const uint8_t *sig); ++ ++// HKDF key derivation ++int extractHKDF(int32_t hashFunction, const uint8_t *secret, ++ size_t secretLength, const uint8_t *salt, size_t saltLength, ++ uint8_t *prk, size_t prkLength); ++int expandHKDF(int32_t hashFunction, const uint8_t *prk, size_t prkLength, ++ const uint8_t *info, size_t infoLength, uint8_t *okm, ++ size_t okmLength); ++ ++void *initHMAC(int32_t hashFunction, const uint8_t *key, int keyLength); ++void freeHMAC(int32_t hashFunction, void *ptr); ++void updateHMAC(int32_t hashFunction, void *ptr, const uint8_t *data, ++ int length); ++void finalizeHMAC(int32_t hashFunction, void *ptr, uint8_t *outputPointer); ++void *copyHMAC(int32_t hashAlgorithm, void *ptr); ++ ++void MD5(const uint8_t *inputPointer, size_t inputLength, ++ const uint8_t *outputPointer); ++void SHA1(const uint8_t *inputPointer, size_t inputLength, ++ const uint8_t *outputPointer); ++void SHA256(const uint8_t *inputPointer, size_t inputLength, ++ const uint8_t *outputPointer); ++void SHA384(const uint8_t *inputPointer, size_t inputLength, ++ const uint8_t *outputPointer); ++void SHA512(const uint8_t *inputPointer, size_t inputLength, ++ const uint8_t *outputPointer); ++ ++void *hashNew(int32_t hashAlgorithm); ++void hashWrite(int32_t hashAlgorithm, void *ptr, const uint8_t *data, ++ int length); ++void hashSum(int32_t hashAlgorithm, void *ptr, uint8_t *outputPointer); ++void hashReset(int32_t hashAlgorithm, void *ptr); ++int hashSize(int32_t hashAlgorithm); ++int hashBlockSize(int32_t hashAlgorithm); ++void *hashCopy(int32_t hashAlgorithm, void *ptr); ++void hashFree(int32_t hashAlgorithm, void *ptr); ++ ++#endif /* CRYPTOKIT_H */ +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/ed25519.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/ed25519.go +new file mode 100644 +index 00000000000000..2fa15c8fa5529a +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/ed25519.go +@@ -0,0 +1,72 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package cryptokit ++ ++// #include "cryptokit.h" ++import "C" ++import ( ++ "errors" ++) ++ ++// GenerateKeyEd25519 generates an Ed25519 private key using the Swift implementation. ++func GenerateKeyEd25519(key []byte) { ++ C.generateKeyEd25519(base(key)) ++} ++ ++// NewPrivateKeyEd25519FromSeed generates an Ed25519 private key from a seed. ++func NewPrivateKeyEd25519FromSeed(key, seed []byte) error { ++ result := C.newPrivateKeyEd25519FromSeed(base(key), base(seed)) ++ if result != 0 { ++ return errors.New("failed to generate Ed25519 key from seed") ++ } ++ return nil ++} ++ ++// NewPublicKeyEd25519 creates a new Ed25519 public key from raw bytes. ++func NewPublicKeyEd25519(key, pub []byte) error { ++ result := C.newPublicKeyEd25519(base(key), base(pub)) ++ if result != 0 { ++ return errors.New("failed to create Ed25519 public key") ++ } ++ return nil ++} ++ ++// SignEd25519 signs a message using the provided private key. ++func SignEd25519(sig, privateKey, message []byte) error { ++ result := C.signEd25519(base(privateKey), base(message), C.size_t(len(message)), base(sig)) ++ if result < 0 { ++ switch result { ++ case -1: ++ return errors.New("invalid inputs to SignEd25519") ++ case -2: ++ return errors.New("failed to reconstruct private key") ++ case -3: ++ return errors.New("failed to sign the message") ++ case -4: ++ return errors.New("signature buffer too small") ++ default: ++ return errors.New("unknown error in SignEd25519") ++ } ++ } ++ return nil ++} ++ ++// VerifyEd25519 verifies a signature using the provided public key and message. ++func VerifyEd25519(publicKey, message, sig []byte) error { ++ result := C.verifyEd25519(base(publicKey), base(message), C.size_t(len(message)), base(sig)) ++ switch result { ++ case 1: ++ return nil // Valid signature ++ case 0: ++ return errors.New("ed25519: invalid signature") ++ case -1: ++ return errors.New("invalid inputs to VerifyEd25519") ++ case -2: ++ return errors.New("failed to reconstruct public key") ++ default: ++ return errors.New("unknown error in VerifyEd25519") ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/gcm.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/gcm.go +new file mode 100644 +index 00000000000000..458e9eb57416b1 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/gcm.go +@@ -0,0 +1,36 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package cryptokit ++ ++// #include "cryptokit.h" ++import "C" ++ ++// EncryptAESGCM performs AES-GCM encryption using Swift. ++func EncryptAESGCM(key, plaintext, nonce, additionalData, ciphertext, tag []byte) int { ++ err := C.encryptAESGCM( ++ base(key), C.size_t(len(key)), ++ base(plaintext), C.size_t(len(plaintext)), ++ base(nonce), C.size_t(len(nonce)), ++ base(additionalData), C.size_t(len(additionalData)), ++ base(ciphertext), C.size_t(len(ciphertext)), ++ base(tag), ++ ) ++ return int(err) ++} ++ ++// DecryptAESGCM performs AES-GCM decryption using Swift. ++func DecryptAESGCM(key, ciphertext, nonce, additionalData, tag, plaintext []byte) (int, int) { ++ var decSize C.size_t ++ err := C.decryptAESGCM( ++ base(key), C.size_t(len(key)), ++ base(ciphertext), C.size_t(len(ciphertext)), ++ base(nonce), C.size_t(len(nonce)), ++ base(additionalData), C.size_t(len(additionalData)), ++ base(tag), C.size_t(len(tag)), ++ base(plaintext), &decSize, ++ ) ++ return int(decSize), int(err) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hash.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hash.go +new file mode 100644 +index 00000000000000..977ee3152ada71 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hash.go +@@ -0,0 +1,247 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package cryptokit ++ ++// #include "cryptokit.h" ++import "C" ++import ( ++ "errors" ++ "hash" ++ "runtime" ++ "unsafe" ++) ++ ++func MD5(p []byte) (sum [16]byte) { ++ C.MD5((*C.uint8_t)(&*addrNeverEmpty(p)), C.size_t(len(p)), base(sum[:])) ++ return ++} ++ ++func SHA1(p []byte) (sum [20]byte) { ++ C.SHA1((*C.uint8_t)(&*addrNeverEmpty(p)), C.size_t(len(p)), base(sum[:])) ++ return ++} ++ ++func SHA256(p []byte) (sum [32]byte) { ++ C.SHA256((*C.uint8_t)(&*addrNeverEmpty(p)), C.size_t(len(p)), base(sum[:])) ++ return ++} ++ ++func SHA384(p []byte) (sum [48]byte) { ++ C.SHA384((*C.uint8_t)(&*addrNeverEmpty(p)), C.size_t(len(p)), base(sum[:])) ++ return ++} ++ ++func SHA512(p []byte) (sum [64]byte) { ++ C.SHA512((*C.uint8_t)(&*addrNeverEmpty(p)), C.size_t(len(p)), base(sum[:])) ++ return ++} ++ ++const ( ++ md5 = 1 ++ sha1 = 2 ++ sha256 = 3 ++ sha384 = 4 ++ sha512 = 5 ++) ++ ++var ( ++ MD5BlockSize = int(C.hashBlockSize(md5)) ++ MD5Size = int(C.hashSize(md5)) ++ SHA1BlockSize = int(C.hashBlockSize(sha1)) ++ SHA1Size = int(C.hashSize(sha1)) ++ SHA256BlockSize = int(C.hashBlockSize(sha256)) ++ SHA256Size = int(C.hashSize(sha256)) ++ SHA384BlockSize = int(C.hashBlockSize(sha384)) ++ SHA384Size = int(C.hashSize(sha384)) ++ SHA512BlockSize = int(C.hashBlockSize(sha512)) ++ SHA512Size = int(C.hashSize(sha512)) ++) ++ ++var _ hash.Hash = (*evpHash)(nil) ++var _ HashCloner = (*evpHash)(nil) ++ ++type evpHash struct { ++ ptr unsafe.Pointer ++ hashAlgorithm C.int ++ blockSize int ++ size int ++} ++ ++func newEVPHash(hashAlgorithm C.int, blockSize, size int) *evpHash { ++ h := &evpHash{ ++ ptr: C.hashNew(hashAlgorithm), ++ hashAlgorithm: hashAlgorithm, ++ blockSize: blockSize, ++ size: size, ++ } ++ ++ runtime.SetFinalizer(h, (*evpHash).finalize) ++ ++ return h ++} ++ ++func (h *evpHash) finalize() { ++ if h.ptr != nil { ++ C.hashFree(h.hashAlgorithm, h.ptr) ++ h.ptr = nil ++ } ++} ++ ++func (h *evpHash) Clone() (HashCloner, error) { ++ if h.ptr == nil { ++ panic("cryptokit: hash already finalized") ++ } ++ ++ newHash := &evpHash{ ++ ptr: C.hashCopy(h.hashAlgorithm, h.ptr), ++ hashAlgorithm: h.hashAlgorithm, ++ blockSize: h.blockSize, ++ size: h.size, ++ } ++ ++ runtime.SetFinalizer(newHash, (*evpHash).finalize) ++ ++ runtime.KeepAlive(h) ++ ++ return newHash, nil ++} ++ ++func (h *evpHash) Write(p []byte) (int, error) { ++ if len(p) == 0 { ++ return 0, nil ++ } ++ C.hashWrite(h.hashAlgorithm, h.ptr, (*C.uint8_t)(&*addrNeverEmpty(p)), C.int(len(p))) ++ ++ runtime.KeepAlive(h) ++ ++ return len(p), nil ++} ++ ++func (h *evpHash) WriteString(s string) (int, error) { ++ if len(s) == 0 { ++ return 0, nil ++ } ++ C.hashWrite(h.hashAlgorithm, h.ptr, (*C.uchar)(unsafe.Pointer(unsafe.StringData(s))), C.int(len(s))) ++ ++ runtime.KeepAlive(h) ++ ++ return len(s), nil ++} ++ ++func (h *evpHash) WriteByte(c byte) error { ++ C.hashWrite(h.hashAlgorithm, h.ptr, base([]byte{c}), 1) ++ ++ runtime.KeepAlive(h) ++ ++ return nil ++} ++ ++func (h *evpHash) Sum(b []byte) []byte { ++ hashSlice := make([]byte, h.size, 64) // explicit cap to allow stack allocation ++ C.hashSum(h.hashAlgorithm, h.ptr, base(hashSlice)) ++ runtime.KeepAlive(h) ++ ++ b = append(b, hashSlice...) ++ return b ++} ++ ++func (h *evpHash) MarshalBinary() ([]byte, error) { ++ return nil, errors.New("cryptokit: hash state is not marshallable") ++} ++ ++func (h *evpHash) AppendBinary(b []byte) ([]byte, error) { ++ return nil, errors.New("cryptokit: hash state is not marshallable") ++} ++ ++func (h *evpHash) UnmarshalBinary(data []byte) error { ++ return errors.New("cryptokit: hash state is not marshallable") ++} ++ ++func (h *evpHash) Reset() { ++ C.hashReset(h.hashAlgorithm, h.ptr) ++} ++ ++func (h *evpHash) BlockSize() int { ++ return h.blockSize ++} ++ ++func (h *evpHash) Size() int { ++ return h.size ++} ++ ++type MD5Hash struct { ++ *evpHash ++} ++ ++func NewMD5() hash.Hash { ++ return MD5Hash{ ++ evpHash: newEVPHash( ++ C.int(md5), ++ MD5BlockSize, ++ MD5Size, ++ ), ++ } ++} ++ ++type SHA1Hash struct { ++ *evpHash ++} ++ ++// NewSHA1 initializes a new SHA1 hasher. ++func NewSHA1() hash.Hash { ++ return SHA1Hash{ ++ evpHash: newEVPHash( ++ sha1, ++ SHA1BlockSize, ++ SHA1Size, ++ ), ++ } ++} ++ ++type SHA256Hash struct { ++ *evpHash ++} ++ ++// NewSHA256 initializes a new SHA256 hasher. ++func NewSHA256() hash.Hash { ++ return SHA256Hash{ ++ evpHash: newEVPHash( ++ sha256, ++ SHA256BlockSize, ++ SHA256Size, ++ ), ++ } ++} ++ ++type SHA384Hash struct { ++ *evpHash ++} ++ ++// NewSHA384 initializes a new SHA384 hasher. ++func NewSHA384() hash.Hash { ++ return SHA384Hash{ ++ evpHash: newEVPHash( ++ sha384, ++ SHA384BlockSize, ++ SHA384Size, ++ ), ++ } ++} ++ ++type SHA512Hash struct { ++ *evpHash ++} ++ ++// NewSHA512 initializes a new SHA512 hasher. ++func NewSHA512() hash.Hash { ++ return SHA512Hash{ ++ evpHash: newEVPHash( ++ sha512, ++ SHA512BlockSize, ++ SHA512Size, ++ ), ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hashclone.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hashclone.go +new file mode 100644 +index 00000000000000..5416b7882c1891 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hashclone.go +@@ -0,0 +1,17 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build !go1.25 && darwin ++ ++package cryptokit ++ ++import ( ++ "hash" ++) ++ ++// HashCloner is an interface that defines a Clone method. ++type HashCloner interface { ++ hash.Hash ++ // Clone returns a separate Hash instance with the same state as h. ++ Clone() (HashCloner, error) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hashclone_go125.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hashclone_go125.go +new file mode 100644 +index 00000000000000..d690254202bde6 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hashclone_go125.go +@@ -0,0 +1,12 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build go1.25 && darwin ++ ++package cryptokit ++ ++import ( ++ "hash" ++) ++ ++type HashCloner = hash.Cloner +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hkdf.go +new file mode 100644 +index 00000000000000..da161adcd88ea6 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hkdf.go +@@ -0,0 +1,77 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package cryptokit ++ ++// #include "cryptokit.h" ++import "C" ++import ( ++ "crypto" ++ "errors" ++) ++ ++// ExtractHKDF performs the extract step of HKDF using the specified hash function. ++func ExtractHKDF(hash crypto.Hash, secret, salt []byte) ([]byte, error) { ++ h, err := cryptoHashToSwift(hash) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Allocate buffer for derived key ++ prk := make([]byte, hash.Size()) ++ ++ // Call Swift function ++ result := C.extractHKDF( ++ h, ++ base(secret), C.size_t(len(secret)), ++ base(salt), C.size_t(len(salt)), ++ base(prk), C.size_t(len(prk)), ++ ) ++ ++ if result != 0 { ++ return nil, errors.New("HKDF derivation failed") ++ } ++ ++ return prk, nil ++} ++ ++func ExpandHKDF(hash crypto.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ h, err := cryptoHashToSwift(hash) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Allocate buffer for derived key ++ expandedKey := make([]byte, keyLength) ++ ++ // Call Swift function ++ result := C.expandHKDF( ++ h, ++ base(pseudorandomKey), C.size_t(len(pseudorandomKey)), ++ base(info), C.size_t(len(info)), ++ base(expandedKey), C.size_t(len(expandedKey)), ++ ) ++ ++ if result != 0 { ++ return nil, errors.New("HKDF derivation failed") ++ } ++ ++ return expandedKey, nil ++} ++ ++func cryptoHashToSwift(hash crypto.Hash) (C.int32_t, error) { ++ switch hash { ++ case crypto.SHA1: ++ return 1, nil ++ case crypto.SHA256: ++ return 2, nil ++ case crypto.SHA384: ++ return 3, nil ++ case crypto.SHA512: ++ return 4, nil ++ default: ++ return 0, errors.New("unsupported hash function") ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hmac.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hmac.go +new file mode 100644 +index 00000000000000..f06abe11e3854d +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hmac.go +@@ -0,0 +1,146 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package cryptokit ++ ++// #include "cryptokit.h" ++import "C" ++import ( ++ "hash" ++ "runtime" ++ "slices" ++ "unsafe" ++) ++ ++var _ hash.Hash = (*cryptoKitHMAC)(nil) ++var _ HashCloner = (*cryptoKitHMAC)(nil) ++ ++type cryptoKitHMAC struct { ++ ptr unsafe.Pointer ++ ++ kind int ++ key []byte ++ ++ blockSize int ++ size int ++} ++ ++func NewHMAC(fh func() hash.Hash, key []byte) hash.Hash { ++ h := fh() ++ if h == nil { ++ return nil ++ } ++ ++ // copying the key here to ensure that it is not modified ++ // while this algorithm is using it. ++ key = slices.Clone(key) ++ kind := hashToHMACEnum(h) ++ if kind == 0 { ++ // The hash function is not supported by the HMAC implementation. ++ return nil ++ } ++ ++ hmac := &cryptoKitHMAC{ ++ ptr: C.initHMAC( ++ C.int(kind), ++ base(key), C.int(len(key)), ++ ), ++ kind: kind, ++ key: key, ++ blockSize: h.BlockSize(), ++ size: h.Size(), ++ } ++ ++ runtime.SetFinalizer(hmac, func(h *cryptoKitHMAC) { ++ C.freeHMAC( ++ C.int(h.kind), ++ h.ptr, ++ ) ++ }) ++ ++ return hmac ++} ++ ++func (h *cryptoKitHMAC) Write(p []byte) (n int, err error) { ++ C.updateHMAC(C.int(h.kind), ++ h.ptr, ++ (*C.uint8_t)(&*addrNeverEmpty(p)), C.int(len(p))) ++ ++ runtime.KeepAlive(h) ++ ++ return len(p), nil ++} ++ ++func (h *cryptoKitHMAC) Sum(b []byte) []byte { ++ hashSlice := make([]byte, h.size, 64) // explicit cap to allow stack allocation ++ C.finalizeHMAC( ++ C.int(h.kind), ++ h.ptr, ++ base(hashSlice), ++ ) ++ runtime.KeepAlive(h) ++ ++ b = append(b, hashSlice...) ++ ++ return b ++} ++ ++func (h *cryptoKitHMAC) Clone() (HashCloner, error) { ++ if h.ptr == nil { ++ panic("cryptokit: hash already finalized") ++ } ++ ++ hmac := &cryptoKitHMAC{ptr: C.copyHMAC(C.int(h.kind), h.ptr), kind: h.kind, key: slices.Clone(h.key), blockSize: h.blockSize, size: h.size} ++ ++ runtime.KeepAlive(h) ++ ++ runtime.SetFinalizer(hmac, func(h *cryptoKitHMAC) { ++ C.freeHMAC( ++ C.int(h.kind), ++ h.ptr, ++ ) ++ }) ++ ++ return hmac, nil ++} ++ ++func (h *cryptoKitHMAC) Reset() { ++ C.freeHMAC( ++ C.int(h.kind), ++ h.ptr, ++ ) ++ ++ h.ptr = C.initHMAC( ++ C.int(h.kind), ++ (*C.uint8_t)(&*addrNeverEmpty(h.key)), C.int(len(h.key)), ++ ) ++ ++ runtime.KeepAlive(h) ++} ++ ++func (h *cryptoKitHMAC) Size() int { ++ return h.size ++} ++ ++func (h *cryptoKitHMAC) BlockSize() int { ++ return h.blockSize ++} ++ ++func hashToHMACEnum(h hash.Hash) int { ++ switch h.(type) { ++ case MD5Hash: ++ return 1 ++ case SHA1Hash: ++ return 2 ++ case SHA256Hash: ++ return 3 ++ case SHA384Hash: ++ return 4 ++ case SHA512Hash: ++ return 5 ++ default: ++ return 0 ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go +new file mode 100644 +index 00000000000000..c9611eef5e2697 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go +@@ -0,0 +1,336 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "crypto/cipher" ++ "errors" ++ "slices" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++//go:generate go run github.com/microsoft/go-crypto-darwin/cmd/gentestvectors -out vectors_test.go ++ ++type cipherGCMTLS uint8 ++ ++const ( ++ cipherGCMTLSNone cipherGCMTLS = iota ++ cipherGCMTLS12 ++ cipherGCMTLS13 ++) ++ ++const ( ++ // AES block size is the same for all key sizes ++ aesBlockSize = C.kCCBlockSizeAES128 ++ gcmTagSize = 16 ++ gcmStandardNonceSize = 12 ++ // TLS 1.2 additional data is constructed as: ++ // ++ // additional_data = seq_num(8) + TLSCompressed.type(1) + TLSCompressed.version(2) + TLSCompressed.length(2); ++ gcmTls12AddSize = 13 ++ // TLS 1.3 additional data is constructed as: ++ // ++ // additional_data = TLSCiphertext.opaque_type(1) || TLSCiphertext.legacy_record_version(2) || TLSCiphertext.length(2) ++ gcmTls13AddSize = 5 ++ gcmTlsFixedNonceSize = 4 ++) ++ ++type aesCipher struct { ++ key []byte ++ kind C.CCAlgorithm ++} ++ ++func NewAESCipher(key []byte) (cipher.Block, error) { ++ var alg C.CCAlgorithm ++ switch len(key) { ++ case 16, 24, 32: ++ alg = C.kCCAlgorithmAES ++ default: ++ return nil, errors.New("crypto/aes: invalid key size") ++ } ++ c := &aesCipher{ ++ key: slices.Clone(key), ++ kind: alg, ++ } ++ return c, nil ++} ++ ++func (c *aesCipher) BlockSize() int { return aesBlockSize } ++ ++func (c *aesCipher) Encrypt(dst, src []byte) { ++ blockSize := c.BlockSize() ++ if len(src) < blockSize || len(dst) < blockSize { ++ panic("crypto/aes: input or output block is too small") ++ } ++ ++ src, dst = src[:blockSize], dst[:blockSize] ++ ++ if inexactOverlap(dst, src) { ++ panic("crypto/aes: invalid buffer overlap") ++ } ++ ++ status := C.CCCrypt( ++ C.kCCEncrypt, // Operation ++ C.CCAlgorithm(c.kind), // Algorithm ++ 0, // Options ++ pbase(c.key), // Key ++ C.size_t(len(c.key)), // Key length ++ nil, // IV ++ pbase(src), // Input ++ C.size_t(blockSize), // Input length ++ pbase(dst), // Output ++ C.size_t(blockSize), // Output length ++ nil, // Output length ++ ) ++ if status != C.kCCSuccess { ++ panic("crypto/aes: encryption failed") ++ } ++} ++ ++func (c *aesCipher) Decrypt(dst, src []byte) { ++ blockSize := c.BlockSize() ++ if len(src) < blockSize || len(dst) < blockSize { ++ panic("crypto/aes: input or output block is too small") ++ } ++ ++ src, dst = src[:blockSize], dst[:blockSize] ++ ++ if inexactOverlap(dst, src) { ++ panic("crypto/aes: invalid buffer overlap") ++ } ++ ++ status := C.CCCrypt( ++ C.kCCDecrypt, // Operation ++ C.CCAlgorithm(c.kind), // Algorithm ++ 0, // Options ++ pbase(c.key), // Key ++ C.size_t(len(c.key)), // Key length ++ nil, // IV ++ pbase(src), // Input ++ C.size_t(blockSize), // Input length ++ pbase(dst), // Output ++ C.size_t(blockSize), // Output length ++ nil, // Output length ++ ) ++ if status != C.kCCSuccess { ++ panic("crypto/aes: decryption failed") ++ } ++} ++ ++type aesGCM struct { ++ key []byte ++ tls cipherGCMTLS ++ // minNextNonce is the minimum value that the next nonce can be, enforced by ++ // all TLS modes. ++ minNextNonce uint64 ++ // mask is the nonce mask used in TLS 1.3 mode. ++ mask uint64 ++ // maskInitialized is true if mask has been initialized. This happens during ++ // the first Seal. The initialized mask may be 0. Used by TLS 1.3 mode. ++ maskInitialized bool ++} ++ ++type noGCM struct { ++ cipher.Block ++} ++ ++// NewGCM constructs a GCM block mode for AES using the cryptokit package ++func (c *aesCipher) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) { ++ if nonceSize != gcmStandardNonceSize && tagSize != gcmTagSize { ++ return nil, errors.New("crypto/aes: GCM tag and nonce sizes can't be non-standard at the same time") ++ } ++ // Fall back to standard library for GCM with non-standard nonce or tag size. ++ if nonceSize != gcmStandardNonceSize { ++ return cipher.NewGCMWithNonceSize(&noGCM{c}, nonceSize) ++ } ++ if tagSize != gcmTagSize { ++ return cipher.NewGCMWithTagSize(&noGCM{c}, tagSize) ++ } ++ return &aesGCM{key: c.key, tls: cipherGCMTLSNone}, nil ++} ++ ++func (g *aesGCM) NonceSize() int { return gcmStandardNonceSize } ++ ++func (g *aesGCM) Overhead() int { return gcmTagSize } ++ ++func (g *aesGCM) Seal(dst, nonce, plaintext, additionalData []byte) []byte { ++ if len(nonce) != gcmStandardNonceSize { ++ panic("cipher: incorrect nonce length given to GCM") ++ } ++ if uint64(len(plaintext)) > ((1<<32)-2)*aesBlockSize || len(plaintext)+gcmTagSize < len(plaintext) { ++ panic("cipher: message too large for GCM") ++ } ++ if len(dst)+len(plaintext)+gcmTagSize < len(dst) { ++ panic("cipher: message too large for buffer") ++ } ++ ++ if g.tls != cipherGCMTLSNone { ++ if g.tls == cipherGCMTLS12 && len(additionalData) != gcmTls12AddSize { ++ panic("cipher: incorrect additional data length given to GCM TLS 1.2") ++ } else if g.tls == cipherGCMTLS13 && len(additionalData) != gcmTls13AddSize { ++ panic("cipher: incorrect additional data length given to GCM TLS 1.3") ++ } ++ counter := bigUint64(nonce[gcmTlsFixedNonceSize:]) ++ ++ // TLS 1.3 Masking ++ if g.tls == cipherGCMTLS13 { ++ if !g.maskInitialized { ++ g.mask = counter ++ g.maskInitialized = true ++ } ++ // Apply mask to the counter ++ counter ^= g.mask ++ } ++ ++ // Enforce monotonicity and max limit ++ const maxUint64 = 1<<64 - 1 ++ if counter == maxUint64 { ++ panic("cipher: nonce counter must be less than 2^64 - 1") ++ } ++ if counter < g.minNextNonce { ++ panic("cipher: nonce counter must be strictly monotonically increasing") ++ } ++ ++ defer func() { ++ g.minNextNonce = counter + 1 ++ }() ++ } ++ ++ // Make room in dst to append plaintext+overhead. ++ ret, out := sliceForAppend(dst, len(plaintext)+gcmTagSize) ++ ++ // Check delayed until now to make sure len(dst) is accurate. ++ if inexactOverlap(out, plaintext) { ++ panic("cipher: invalid buffer overlap") ++ } ++ ++ tag := out[len(out)-gcmTagSize:] ++ err := cryptokit.EncryptAESGCM(g.key, plaintext, nonce, additionalData, out[:len(out)-gcmTagSize], tag) ++ if err != 0 { ++ panic("cipher: encryption failed") ++ } ++ return ret ++} ++ ++func (g *aesGCM) SealWithRandomNonce(out, nonce, plaintext, additionalData []byte) { ++ if uint64(len(plaintext)) > uint64((1<<32)-2)*aesBlockSize { ++ panic("crypto/cipher: message too large for GCM") ++ } ++ if len(nonce) != gcmStandardNonceSize { ++ panic("crypto/cipher: incorrect nonce length given to GCMWithRandomNonce") ++ } ++ if len(out) != len(plaintext)+gcmTagSize { ++ panic("crypto/cipher: incorrect output length given to GCMWithRandomNonce") ++ } ++ if inexactOverlap(out, plaintext) { ++ panic("crypto/cipher: invalid buffer overlap of output and input") ++ } ++ if anyOverlap(out, additionalData) { ++ panic("crypto/cipher: invalid buffer overlap of output and additional data") ++ } ++ ++ if g.tls != cipherGCMTLSNone { ++ panic("cipher: TLS 1.2 and 1.3 modes do not support random nonce") ++ } ++ ++ tag := out[len(out)-gcmTagSize:] ++ // Generate a random nonce ++ RandReader.Read(nonce) ++ err := cryptokit.EncryptAESGCM(g.key, plaintext, nonce, additionalData, out[:len(out)-gcmTagSize], tag) ++ if err != 0 { ++ panic("cipher: encryption failed") ++ } ++} ++ ++var errOpen = errors.New("cipher: message authentication failed") ++ ++func (g *aesGCM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { ++ if len(nonce) != gcmStandardNonceSize { ++ panic("cipher: incorrect nonce length given to GCM") ++ } ++ if len(ciphertext) < gcmTagSize { ++ return nil, errOpen ++ } ++ if uint64(len(ciphertext)) > ((1<<32)-2)*aesBlockSize+gcmTagSize { ++ return nil, errOpen ++ } ++ // BoringCrypto does not do any TLS check when decrypting, neither do we. ++ ++ // Ensure we don't process if ciphertext lacks both ciphertext and tag ++ if len(ciphertext) < gcmTagSize { ++ return nil, errors.New("decryption failed: ciphertext too short for tag") ++ } ++ ++ tag := ciphertext[len(ciphertext)-gcmTagSize:] ++ ciphertext = ciphertext[:len(ciphertext)-gcmTagSize] ++ ++ // Make room in dst to append ciphertext without tag. ++ ret, out := sliceForAppend(dst, len(ciphertext)) ++ ++ // Check delayed until now to make sure len(dst) is accurate. ++ if inexactOverlap(out, ciphertext) { ++ panic("cipher: invalid buffer overlap") ++ } ++ ++ decSize, err := cryptokit.DecryptAESGCM(g.key, ciphertext, nonce, additionalData, tag, out) ++ if err != 0 || int(decSize) != len(ciphertext) { ++ // If the decrypted data size does not match, zero out `out` and return `errOpen` ++ for i := range out { ++ out[i] = 0 ++ } ++ return nil, errOpen ++ } ++ return ret, nil ++} ++ ++// NewGCMTLS returns a GCM cipher specific to TLS ++// and should not be used for non-TLS purposes. ++func NewGCMTLS(block cipher.Block) (cipher.AEAD, error) { ++ cipher, ok := block.(*aesCipher) ++ if !ok { ++ return nil, errors.New("crypto/aes: invalid block cipher") ++ } ++ return &aesGCM{key: cipher.key, tls: cipherGCMTLS12}, nil ++} ++ ++// NewGCMTLS13 returns a GCM cipher specific to TLS 1.3 and should not be used ++// for non-TLS purposes. ++func NewGCMTLS13(block cipher.Block) (cipher.AEAD, error) { ++ cipher, ok := block.(*aesCipher) ++ if !ok { ++ return nil, errors.New("crypto/aes: invalid block cipher") ++ } ++ return &aesGCM{key: cipher.key, tls: cipherGCMTLS13}, nil ++} ++ ++func (c *aesCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { ++ return newCBC(C.kCCEncrypt, c.kind, c.key, iv) ++} ++ ++func (c *aesCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { ++ return newCBC(C.kCCDecrypt, c.kind, c.key, iv) ++} ++ ++// sliceForAppend is a mirror of crypto/cipher.sliceForAppend. ++func sliceForAppend(in []byte, n int) (head, tail []byte) { ++ if total := len(in) + n; cap(in) >= total { ++ head = in[:total] ++ } else { ++ head = make([]byte, total) ++ copy(head, in) ++ } ++ tail = head[len(in):] ++ return ++} ++ ++func bigUint64(b []byte) uint64 { ++ _ = b[7] // bounds check hint to compiler; see go.dev/issue/14808 ++ return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | ++ uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go +new file mode 100644 +index 00000000000000..865e22ab6a3dda +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go +@@ -0,0 +1,16 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++package xcrypto ++ ++// This file does not have build constraints to ++// facilitate using BigInt in Go crypto. ++// Go crypto references BigInt unconditionally, ++// even if it is not finally used. ++ ++// A BigInt is the big-endian bytes from a math/big BigInt, ++// which are normalized to remove any leading 0 byte. ++// Windows BCrypt accepts this specific data format. ++// This definition allows us to avoid importing math/big. ++// Conversion between BigInt and *big.Int is in xcrypto/bbig. ++type BigInt []byte +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cgo_go124.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cgo_go124.go +new file mode 100644 +index 00000000000000..02f265fe56b592 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cgo_go124.go +@@ -0,0 +1,23 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build go1.24 && darwin ++ ++package xcrypto ++ ++// The following noescape and nocallback directives are used to prevent the Go ++// compiler from allocating function parameters on the heap. See ++// https://github.com/golang/go/blob/0733682e5ff4cd294f5eccb31cbe87a543147bc6/src/cmd/cgo/doc.go#L439-L461 ++// ++// If possible, write a C wrapper function to optimize a call rather than using ++// this feature so the optimization will work for all supported Go versions. ++// ++// This is just a performance optimization. Only add functions that have been ++// observed to benefit from these directives, not every function that is merely ++// expected to meet the noescape/nocallback criteria. ++ ++/* ++#cgo noescape SecRandomCopyBytes ++#cgo nocallback SecRandomCopyBytes ++*/ ++import "C" +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go +new file mode 100644 +index 00000000000000..9f3a8f92bd43fc +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go +@@ -0,0 +1,122 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++ ++import ( ++ "runtime" ++ "unsafe" ++) ++ ++type cbcCipher struct { ++ blockSize int ++ cryptor C.CCCryptorRef ++} ++ ++func newCBC(operation C.CCOperation, kind C.CCAlgorithm, key, iv []byte) *cbcCipher { ++ var blockSize int ++ switch kind { ++ case C.kCCAlgorithmAES: ++ blockSize = aesBlockSize ++ case C.kCCAlgorithmDES, C.kCCAlgorithm3DES: ++ blockSize = desBlockSize ++ default: ++ panic("invalid algorithm") ++ } ++ ++ // Create and initialize the cbcMode struct with CCCryptorCreate here ++ x := &cbcCipher{blockSize: blockSize} ++ status := C.CCCryptorCreateWithMode( ++ operation, // Specifies whether encryption or decryption is performed (kCCEncrypt or kCCDecrypt). ++ C.kCCModeCBC, // Mode of operation, here explicitly set to CBC (Cipher Block Chaining). ++ C.CCAlgorithm(kind), // The encryption algorithm (e.g., kCCAlgorithmAES128, kCCAlgorithmDES). ++ C.ccNoPadding, // Padding option, set to no padding; padding can be handled at a higher level if necessary. ++ pbase(iv), // Initialization Vector (IV) for the cipher, required for CBC mode. Should be nil for ECB mode. ++ pbase(key), // Pointer to the encryption key. ++ C.size_t(len(key)), // Length of the encryption key in bytes. ++ nil, // Tweak key, used only for XTS mode; here set to nil as it’s not required for CBC. ++ 0, // Length of the tweak key, set to 0 as tweak is nil. ++ 0, // Number of rounds, mainly for RC2 and Blowfish; not used here, so set to 0. ++ 0, // Mode options for CTR and F8 modes; not used for CBC, so set to 0. ++ &x.cryptor, // Pointer to the CCCryptorRef output, which will hold the state for encryption or decryption. ++ ) ++ ++ if status != C.kCCSuccess { ++ panic("crypto/des: CCCryptorCreate failed") ++ } ++ ++ runtime.SetFinalizer(x, (*cbcCipher).finalize) ++ return x ++ ++} ++ ++func (x *cbcCipher) finalize() { ++ if x.cryptor != nil { ++ C.CCCryptorRelease(x.cryptor) ++ x.cryptor = nil ++ } ++} ++ ++func (x *cbcCipher) BlockSize() int { return x.blockSize } ++ ++func (x *cbcCipher) CryptBlocks(dst, src []byte) { ++ if inexactOverlap(dst, src) { ++ panic("crypto/cipher: invalid buffer overlap") ++ } ++ if len(src)%x.blockSize != 0 { ++ panic("crypto/cipher: input not full blocks") ++ } ++ if len(dst) < len(src) { ++ panic("crypto/cipher: output smaller than input") ++ } ++ if len(src) == 0 { ++ return ++ } ++ var outLength C.size_t ++ status := C.CCCryptorUpdate( ++ x.cryptor, // CCCryptorRef created by CCCryptorCreateWithMode; holds the encryption/decryption state. ++ pbase(src), // Pointer to the input data (source buffer) to be encrypted or decrypted. ++ C.size_t(len(src)), // Length of the input data in bytes. ++ pbase(dst), // Pointer to the output buffer (destination buffer) where the result will be stored. ++ C.size_t(len(dst)), // Size of the output buffer in bytes; must be large enough to hold the processed data. ++ &outLength, // Pointer to a variable that will contain the number of bytes written to the output buffer. ++ ) ++ if status != C.kCCSuccess { ++ panic("crypto/cipher: CCCryptorUpdate failed") ++ } ++ runtime.KeepAlive(x) ++} ++ ++func (x *cbcCipher) SetIV(iv []byte) { ++ if len(iv) != x.blockSize { ++ panic("crypto/cipher: incorrect IV length") ++ } ++ status := C.CCCryptorReset( ++ x.cryptor, // CCCryptorRef created by CCCryptorCreateWithMode; holds the encryption/decryption state. ++ pbase(iv), // Pointer to the new IV to be set. ++ ) ++ if status != C.kCCSuccess { ++ panic("crypto/cipher: CCCryptorReset failed") ++ } ++ runtime.KeepAlive(x) ++} ++ ++// The following two functions are a mirror of golang.org/x/crypto/internal/subtle. ++ ++func anyOverlap(x, y []byte) bool { ++ return len(x) > 0 && len(y) > 0 && ++ uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) && ++ uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1])) ++} ++ ++func inexactOverlap(x, y []byte) bool { ++ if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] { ++ return false ++ } ++ return anyOverlap(x, y) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go +new file mode 100644 +index 00000000000000..ce490c1167c536 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go +@@ -0,0 +1,117 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "crypto/cipher" ++ "errors" ++ "slices" ++) ++ ++const desBlockSize = C.kCCBlockSizeDES ++ ++type desCipher struct { ++ key []byte ++ kind C.CCAlgorithm ++} ++ ++// NewDESCipher creates a new DES cipher block using the specified key (8 bytes). ++func NewDESCipher(key []byte) (cipher.Block, error) { ++ if len(key) != 8 { ++ return nil, errors.New("crypto/des: invalid key size for DES") ++ } ++ ++ c := &desCipher{ ++ key: slices.Clone(key), ++ kind: C.kCCAlgorithmDES, ++ } ++ return c, nil ++} ++ ++// NewTripleDESCipher creates a new 3DES cipher block using the specified key (24 bytes). ++func NewTripleDESCipher(key []byte) (cipher.Block, error) { ++ if len(key) != 24 { ++ return nil, errors.New("crypto/des: invalid key size for 3DES") ++ } ++ ++ c := &desCipher{ ++ key: slices.Clone(key), ++ kind: C.kCCAlgorithm3DES, ++ } ++ return c, nil ++} ++ ++func (c *desCipher) BlockSize() int { return desBlockSize } ++ ++func (c *desCipher) Encrypt(dst, src []byte) { ++ blockSize := c.BlockSize() ++ if len(src) < blockSize || len(dst) < blockSize { ++ panic("crypto/des: input or output block is too small") ++ } ++ ++ if inexactOverlap(dst[:blockSize], src[:blockSize]) { ++ panic("crypto/des: invalid buffer overlap") ++ } ++ ++ var outLength C.size_t ++ status := C.CCCrypt( ++ C.kCCEncrypt, ++ C.CCAlgorithm(c.kind), ++ C.kCCOptionECBMode, ++ pbase(c.key), ++ C.size_t(len(c.key)), ++ nil, ++ pbase(src[:blockSize]), ++ C.size_t(blockSize), ++ pbase(dst[:blockSize]), ++ C.size_t(blockSize), ++ &outLength, ++ ) ++ if status != C.kCCSuccess { ++ panic("crypto/des: encryption failed") ++ } ++} ++ ++func (c *desCipher) Decrypt(dst, src []byte) { ++ blockSize := c.BlockSize() ++ if len(src) < blockSize || len(dst) < blockSize { ++ panic("crypto/des: input or output block is too small") ++ } ++ ++ if inexactOverlap(dst[:blockSize], src[:blockSize]) { ++ panic("crypto/des: invalid buffer overlap") ++ } ++ ++ var outLength C.size_t ++ status := C.CCCrypt( ++ C.kCCDecrypt, ++ C.CCAlgorithm(c.kind), ++ C.kCCOptionECBMode, ++ pbase(c.key), ++ C.size_t(len(c.key)), ++ nil, ++ pbase(src[:blockSize]), ++ C.size_t(blockSize), ++ pbase(dst[:blockSize]), ++ C.size_t(blockSize), ++ &outLength, ++ ) ++ if status != C.kCCSuccess { ++ panic("crypto/des: decryption failed") ++ } ++} ++ ++// CBC mode encrypter ++func (c *desCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { ++ return newCBC(C.kCCEncrypt, c.kind, c.key, iv) ++} ++ ++// CBC mode decrypter ++func (c *desCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { ++ return newCBC(C.kCCDecrypt, c.kind, c.key, iv) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go +new file mode 100644 +index 00000000000000..e57bde33af4c98 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go +@@ -0,0 +1,32 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++func curveToKeySizeInBits(curve string) int { ++ switch curve { ++ case "P-256": ++ return 256 ++ case "P-384": ++ return 384 ++ case "P-521": ++ return 521 ++ default: ++ return 0 ++ } ++} ++ ++func curveToKeySizeInBytes(curve string) int { ++ switch curve { ++ case "P-256": ++ return (256 + 7) / 8 ++ case "P-384": ++ return (384 + 7) / 8 ++ case "P-521": ++ return (521 + 7) / 8 ++ default: ++ return 0 ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go +new file mode 100644 +index 00000000000000..3bdd3937670285 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go +@@ -0,0 +1,135 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "errors" ++ "runtime" ++ "slices" ++) ++ ++type PublicKeyECDH struct { ++ _pkey C.SecKeyRef ++ bytes []byte ++} ++ ++func (k *PublicKeyECDH) finalize() { ++ if k._pkey != 0 { ++ C.CFRelease(C.CFTypeRef(k._pkey)) ++ } ++} ++ ++type PrivateKeyECDH struct { ++ _pkey C.SecKeyRef ++ pub []byte ++} ++ ++func (k *PrivateKeyECDH) finalize() { ++ if k._pkey != 0 { ++ C.CFRelease(C.CFTypeRef(k._pkey)) ++ } ++} ++ ++func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) { ++ if len(bytes) < 1 { ++ return nil, errors.New("NewPublicKeyECDH: missing key") ++ } ++ pubKeyRef, err := createSecKeyWithData(bytes, C.kSecAttrKeyTypeECSECPrimeRandom, C.kSecAttrKeyClassPublic) ++ if err != nil { ++ return nil, err ++ } ++ pubKey := &PublicKeyECDH{pubKeyRef, slices.Clone(bytes)} ++ runtime.SetFinalizer(pubKey, (*PublicKeyECDH).finalize) ++ return pubKey, nil ++} ++ ++func (k *PublicKeyECDH) Bytes() []byte { return k.bytes } ++ ++// bytes expects the public key to be in uncompressed ANSI X9.63 format ++func NewPrivateKeyECDH(curve string, pub, priv []byte) (*PrivateKeyECDH, error) { ++ key := append(slices.Clone(pub), priv...) ++ privKeyRef, err := createSecKeyWithData(key, C.kSecAttrKeyTypeECSECPrimeRandom, C.kSecAttrKeyClassPrivate) ++ if err != nil { ++ return nil, err ++ } ++ privKey := &PrivateKeyECDH{privKeyRef, pub} ++ runtime.SetFinalizer(privKey, (*PrivateKeyECDH).finalize) ++ return privKey, nil ++} ++ ++func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { ++ defer runtime.KeepAlive(k) ++ pubKeyRef := C.SecKeyCopyPublicKey(k._pkey) ++ if pubKeyRef == 0 { ++ return nil, errors.New("failed to extract public key") ++ } ++ pubKey := &PublicKeyECDH{pubKeyRef, k.pub} ++ runtime.SetFinalizer(pubKey, (*PublicKeyECDH).finalize) ++ return pubKey, nil ++} ++ ++func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) { ++ defer runtime.KeepAlive(priv) ++ defer runtime.KeepAlive(pub) ++ ++ var algorithm C.CFStringRef = C.kSecKeyAlgorithmECDHKeyExchangeStandard ++ ++ supported := C.SecKeyIsAlgorithmSupported(priv._pkey, C.kSecKeyOperationTypeKeyExchange, algorithm) ++ if supported == 0 { ++ return nil, errors.New("ECDH algorithm not supported for the given private key") ++ } ++ ++ var cfErr C.CFErrorRef ++ // Perform the key exchange ++ sharedSecretRef := C.SecKeyCopyKeyExchangeResult( ++ priv._pkey, ++ algorithm, ++ pub._pkey, ++ C.CFDictionaryRef(0), ++ &cfErr, ++ ) ++ if err := goCFErrorRef(cfErr); err != nil { ++ return nil, err ++ } ++ defer C.CFRelease(C.CFTypeRef(sharedSecretRef)) ++ ++ sharedSecret := cfDataToBytes(sharedSecretRef) ++ return sharedSecret, nil ++} ++ ++func GenerateKeyECDH(curve string) (*PrivateKeyECDH, []byte, error) { ++ keySize := curveToKeySizeInBytes(curve) ++ if keySize == 0 { ++ return nil, nil, errors.New("unsupported curve") ++ } ++ keySizeInBits := curveToKeySizeInBits(curve) ++ // Generate the private key and get its DER representation ++ privKeyDER, privKeyRef, err := createSecKeyRandom(C.kSecAttrKeyTypeECSECPrimeRandom, keySizeInBits) ++ if err != nil { ++ return nil, nil, err ++ } ++ pub, priv, err := extractECDHComponents(privKeyDER, keySize) ++ if err != nil { ++ C.CFRelease(C.CFTypeRef(privKeyRef)) ++ return nil, nil, err ++ } ++ k := &PrivateKeyECDH{privKeyRef, pub} ++ runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize) ++ return k, priv, nil ++} ++ ++func extractECDHComponents(der []byte, keySize int) (pub, priv []byte, err error) { ++ // The private component is the last of the three equally-sized chunks ++ // for the elliptic curve private key. ++ if len(der) != 1+keySize*3 { ++ return nil, nil, errors.New("invalid key length: insufficient data for private component") ++ } ++ pub = der[:1+keySize*2] ++ priv = der[1+keySize*2:] ++ return ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go +new file mode 100644 +index 00000000000000..fb0e207a89ff67 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go +@@ -0,0 +1,181 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "errors" ++ "runtime" ++) ++ ++type PrivateKeyECDSA struct { ++ _pkey C.SecKeyRef ++} ++ ++func (k *PrivateKeyECDSA) finalize() { ++ if k._pkey != 0 { ++ C.CFRelease(C.CFTypeRef(k._pkey)) ++ } ++} ++ ++func (k *PrivateKeyECDSA) withKey(f func(C.SecKeyRef) C.int) C.int { ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++type PublicKeyECDSA struct { ++ _pkey C.SecKeyRef ++} ++ ++func (k *PublicKeyECDSA) finalize() { ++ if k._pkey != 0 { ++ C.CFRelease(C.CFTypeRef(k._pkey)) ++ } ++} ++ ++func (k *PublicKeyECDSA) withKey(f func(C.SecKeyRef) C.int) C.int { ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++func NewPublicKeyECDSA(curve string, x, y BigInt) (*PublicKeyECDSA, error) { ++ keySize := curveToKeySizeInBytes(curve) ++ if keySize == 0 { ++ return nil, errors.New("unsupported curve") ++ } ++ encodedKey, err := encodeToUncompressedAnsiX963Key(x, y, nil, keySize) ++ if err != nil { ++ return nil, errors.New("failed to encode public key to uncompressed ANSI X9.63 format") ++ } ++ ++ pubKeyRef, err := createSecKeyWithData(encodedKey, C.kSecAttrKeyTypeECSECPrimeRandom, C.kSecAttrKeyClassPublic) ++ if err != nil { ++ return nil, err ++ } ++ ++ pubKey := &PublicKeyECDSA{_pkey: pubKeyRef} ++ runtime.SetFinalizer(pubKey, (*PublicKeyECDSA).finalize) ++ return pubKey, nil ++} ++ ++// NewPrivateKeyECDSA creates a new ECDSA private key using the provided curve name and parameters (x, y, d). ++func NewPrivateKeyECDSA(curve string, x, y, d BigInt) (*PrivateKeyECDSA, error) { ++ keySize := curveToKeySizeInBytes(curve) ++ if keySize == 0 { ++ return nil, errors.New("unsupported curve") ++ } ++ encodedKey, err := encodeToUncompressedAnsiX963Key(x, y, d, keySize) ++ if err != nil { ++ return nil, errors.New("crypto/ecdsa: failed to encode private key: " + err.Error()) ++ } ++ ++ privKeyRef, err := createSecKeyWithData(encodedKey, C.kSecAttrKeyTypeECSECPrimeRandom, C.kSecAttrKeyClassPrivate) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Wrap and finalize ++ k := &PrivateKeyECDSA{_pkey: privKeyRef} ++ runtime.SetFinalizer(k, (*PrivateKeyECDSA).finalize) ++ return k, nil ++} ++ ++func GenerateKeyECDSA(curve string) (x, y, d BigInt, err error) { ++ keySize := curveToKeySizeInBytes(curve) ++ if keySize == 0 { ++ return nil, nil, nil, errors.New("unsupported curve") ++ } ++ ++ keySizeInBits := curveToKeySizeInBits(curve) ++ privKeyDER, privKeyRef, err := createSecKeyRandom(C.kSecAttrKeyTypeECSECPrimeRandom, keySizeInBits) ++ if err != nil { ++ return nil, nil, nil, err ++ } ++ defer C.CFRelease(C.CFTypeRef(privKeyRef)) ++ return decodeFromUncompressedAnsiX963Key(privKeyDER, keySize) ++} ++ ++func SignMarshalECDSA(priv *PrivateKeyECDSA, hashed []byte) ([]byte, error) { ++ return evpSign(priv.withKey, algorithmTypeECDSA, 0, hashed) ++} ++ ++func VerifyECDSA(pub *PublicKeyECDSA, hashed []byte, sig []byte) bool { ++ return evpVerify(pub.withKey, algorithmTypeECDSA, 0, hashed, sig) == nil ++} ++ ++// encodeToUncompressedAnsiX963Key encodes the given elliptic curve point (x, y) and optional private key (d) ++// into an uncompressed ANSI X9.63 format byte slice. ++func encodeToUncompressedAnsiX963Key(x, y, d BigInt, keySize int) ([]byte, error) { ++ // Build the uncompressed key point (0x04 || x || y { || d }) ++ size := 1 + keySize*2 ++ if d != nil { ++ size += keySize ++ } ++ out := make([]byte, size) ++ out[0] = 0x04 ++ err := encodeBigInt(out[1:], []sizedBigInt{ ++ {x, keySize}, {y, keySize}, ++ {d, keySize}, ++ }) ++ if err != nil { ++ return nil, err ++ } ++ return out, nil ++} ++ ++// decodeFromUncompressedAnsiX963Key decodes the given uncompressed ANSI X9.63 format byte slice into ++// the elliptic curve point (x, y) and optional private key (d). ++func decodeFromUncompressedAnsiX963Key(key []byte, keySize int) (x, y, d BigInt, err error) { ++ if len(key) < 1 || key[0] != 0x04 { ++ return nil, nil, nil, errors.New("invalid uncompressed key format") ++ } ++ if len(key) < 1+keySize*2 { ++ return nil, nil, nil, errors.New("invalid key length") ++ } ++ x = normalizeBigInt(key[1 : 1+keySize]) ++ y = normalizeBigInt(key[1+keySize : 1+keySize*2]) ++ if len(key) > 1+keySize*2 { ++ d = normalizeBigInt(key[1+keySize*2:]) ++ return x, y, d, nil ++ } ++ return x, y, nil, nil ++} ++ ++func normalizeBigInt(b []byte) BigInt { ++ // Remove leading zero bytes ++ for len(b) > 0 && b[0] == 0 { ++ b = b[1:] ++ } ++ return b ++} ++ ++// sizedBigInt defines a big integer with ++// a size that can be different from the ++// one provided by len(b). ++type sizedBigInt struct { ++ b BigInt ++ size int ++} ++ ++// encodeBigInt encodes ints into data. ++// It stops iterating over ints when it finds one nil element. ++func encodeBigInt(data []byte, ints []sizedBigInt) error { ++ for _, v := range ints { ++ if v.b == nil { ++ return nil ++ } ++ normalized := normalizeBigInt(v.b) ++ // b might be shorter than size if the original big number contained leading zeros. ++ leadingZeros := int(v.size) - len(normalized) ++ if leadingZeros < 0 { ++ return errors.New("commoncrypto: invalid parameters") ++ } ++ copy(data[leadingZeros:], normalized) ++ data = data[v.size:] ++ } ++ return nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go +new file mode 100644 +index 00000000000000..f59e6f9af58cd4 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go +@@ -0,0 +1,100 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin && cgo ++ ++package xcrypto ++ ++import ( ++ "strconv" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++const ( ++ // publicKeySizeEd25519 is the size, in bytes, of public keys as used in crypto/ed25519. ++ publicKeySizeEd25519 = 32 ++ // privateKeySizeEd25519 is the size, in bytes, of private keys as used in crypto/ed25519. ++ privateKeySizeEd25519 = 64 ++ // signatureSizeEd25519 is the size, in bytes, of signatures generated and verified by crypto/ed25519. ++ signatureSizeEd25519 = 64 ++ // seedSizeEd25519 is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032. ++ seedSizeEd25519 = 32 ++) ++ ++// PublicKeyEd25519 represents an Ed25519 public key. ++type PublicKeyEd25519 []byte ++ ++// PrivateKeyEd25519 represents an Ed25519 private key. ++type PrivateKeyEd25519 []byte ++ ++func (k PrivateKeyEd25519) Public() PublicKeyEd25519 { ++ publicKey := make([]byte, publicKeySizeEd25519) ++ copy(publicKey, k[seedSizeEd25519:]) ++ return PublicKeyEd25519(publicKey) ++} ++ ++// GenerateKeyEd25519 generates a new Ed25519 private key. ++func GenerateKeyEd25519() PrivateKeyEd25519 { ++ pkeyPriv := make([]byte, privateKeySizeEd25519) ++ cryptokit.GenerateKeyEd25519(pkeyPriv) ++ return pkeyPriv ++} ++ ++func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { ++ if len(priv) != privateKeySizeEd25519 { ++ panic("ed25519: bad private key length: " + strconv.Itoa(len(priv))) ++ } ++ return NewPrivateKeyEd25519FromSeed(priv[:seedSizeEd25519]) ++} ++ ++func (k PrivateKeyEd25519) Bytes() ([]byte, error) { ++ return k, nil ++} ++ ++func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { ++ if len(pub) != publicKeySizeEd25519 { ++ panic("ed25519: bad public key length: " + strconv.Itoa(len(pub))) ++ } ++ pkey := make([]byte, publicKeySizeEd25519) ++ err := cryptokit.NewPublicKeyEd25519(pkey, pub) ++ if err != nil { ++ return nil, err ++ } ++ return pkey, nil ++} ++ ++func (k PublicKeyEd25519) Bytes() ([]byte, error) { ++ return k, nil ++} ++ ++// NewPrivateKeyEd25519FromSeed calculates a private key from a seed. It will panic if ++// len(seed) is not [SeedSize]. RFC 8032's private keys correspond to seeds in this ++// package. ++// NewPrivateKeyEd25519FromSeed creates an Ed25519 private key from a seed. ++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { ++ if len(seed) != seedSizeEd25519 { ++ panic("ed25519: bad seed length: " + strconv.Itoa(len(seed))) ++ } ++ pkey := make([]byte, privateKeySizeEd25519) ++ err := cryptokit.NewPrivateKeyEd25519FromSeed(pkey, seed) ++ if err != nil { ++ return nil, err ++ } ++ return pkey, nil ++} ++ ++// SignEd25519 signs the message with priv and returns a signature. ++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { ++ sig := make([]byte, signatureSizeEd25519) ++ err := cryptokit.SignEd25519(sig, priv, message) ++ if err != nil { ++ return nil, err ++ } ++ return sig, nil ++} ++ ++// VerifyEd25519 reports whether sig is a valid signature of message by pub. ++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { ++ return cryptokit.VerifyEd25519(pub, message, sig) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go +new file mode 100644 +index 00000000000000..6928418b4d26b9 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go +@@ -0,0 +1,345 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ "strconv" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++type algorithmType int ++ ++const ( ++ algorithmTypePSS algorithmType = iota ++ algorithmTypeRAW ++ algorithmTypePKCS1v15Enc ++ algorithmTypePKCS1v15Sig ++ algorithmTypeOAEP ++ algorithmTypeECDSA ++) ++ ++type withKeyFunc func(func(C.SecKeyRef) C.int) C.int ++ ++// Encrypt encrypts a plaintext message using a given key and algorithm. ++func evpEncrypt(withKey withKeyFunc, algorithmType algorithmType, plaintext []byte, hash hash.Hash) ([]byte, error) { ++ var cryptoHash crypto.Hash ++ if hash != nil { ++ var err error ++ cryptoHash, err = hashToCryptoHash(hash) ++ if err != nil { ++ return nil, err ++ } ++ } ++ algorithm, err := selectAlgorithm(cryptoHash, algorithmType) ++ if err != nil { ++ return nil, err ++ } ++ ++ dataRef := bytesToCFData(plaintext) ++ defer cfRelease(unsafe.Pointer(dataRef)) ++ ++ var encryptedDataRef C.CFDataRef ++ result := withKey(func(key C.SecKeyRef) C.int { ++ if C.SecKeyIsAlgorithmSupported(key, C.kSecKeyOperationTypeEncrypt, algorithm) != 1 { ++ return -1 // Algorithm not supported by the key ++ } ++ encryptedDataRef = C.SecKeyCreateEncryptedData(key, algorithm, dataRef, nil) ++ if encryptedDataRef == 0 { ++ return -1 // Encryption failed ++ } ++ return 0 ++ }) ++ if result != 0 { ++ return nil, errors.New("encryption failed") ++ } ++ defer cfRelease(unsafe.Pointer(encryptedDataRef)) ++ ++ return cfDataToBytes(encryptedDataRef), nil ++} ++ ++// Decrypt decrypts a ciphertext using a given key and algorithm. ++func evpDecrypt(withKey withKeyFunc, algorithmType algorithmType, ciphertext []byte, hash hash.Hash) ([]byte, error) { ++ var cryptoHash crypto.Hash ++ if hash != nil { ++ var err error ++ cryptoHash, err = hashToCryptoHash(hash) ++ if err != nil { ++ return nil, err ++ } ++ } ++ algorithm, err := selectAlgorithm(cryptoHash, algorithmType) ++ if err != nil { ++ return nil, err ++ } ++ ++ msg := bytesToCFData(ciphertext) ++ ++ var decryptedDataRef C.CFDataRef ++ var cfErr C.CFErrorRef ++ result := withKey(func(key C.SecKeyRef) C.int { ++ if C.SecKeyIsAlgorithmSupported(key, C.kSecKeyOperationTypeDecrypt, algorithm) != 1 { ++ return -1 // Algorithm not supported by the key ++ } ++ decryptedDataRef = C.SecKeyCreateDecryptedData(key, algorithm, msg, &cfErr) ++ if decryptedDataRef == 0 { ++ return -1 // Decryption failed ++ } ++ return 0 // Success ++ }) ++ ++ if err := goCFErrorRef(cfErr); err != nil { ++ return nil, err ++ } ++ ++ if result != 0 || decryptedDataRef == 0 { ++ return nil, errors.New("decryption failed") ++ } ++ defer cfRelease(unsafe.Pointer(decryptedDataRef)) ++ ++ return cfDataToBytes(decryptedDataRef), nil ++} ++ ++func evpSign(withKey withKeyFunc, algorithmType algorithmType, hash crypto.Hash, hashed []byte) ([]byte, error) { ++ algorithm, err := selectAlgorithm(hash, algorithmType) ++ if err != nil { ++ return nil, err ++ } ++ ++ var signedDataRef C.CFDataRef ++ var cfErr C.CFErrorRef ++ result := withKey(func(key C.SecKeyRef) C.int { ++ if C.SecKeyIsAlgorithmSupported(key, C.kSecKeyOperationTypeSign, algorithm) != 1 { ++ return -1 // Algorithm not supported by the key ++ } ++ signedDataRef = C.SecKeyCreateSignature(key, algorithm, bytesToCFData(hashed), &cfErr) ++ if signedDataRef == 0 { ++ return -1 // Signing failed ++ } ++ return 0 // Success ++ }) ++ ++ if err := goCFErrorRef(cfErr); err != nil { ++ return nil, err ++ } ++ ++ if result != 0 || signedDataRef == 0 { ++ return nil, errors.New("signing failed") ++ } ++ defer cfRelease(unsafe.Pointer(signedDataRef)) ++ ++ return cfDataToBytes(signedDataRef), nil ++} ++ ++func evpVerify(withKey withKeyFunc, algorithmType algorithmType, hash crypto.Hash, hashed, signature []byte) error { ++ algorithm, err := selectAlgorithm(hash, algorithmType) ++ if err != nil { ++ return err ++ } ++ ++ var cfErr C.CFErrorRef ++ result := withKey(func(key C.SecKeyRef) C.int { ++ if C.SecKeyIsAlgorithmSupported(key, C.kSecKeyOperationTypeVerify, algorithm) != 1 { ++ return -1 // Algorithm not supported by the key ++ } ++ if C.SecKeyVerifySignature(key, algorithm, bytesToCFData(hashed), bytesToCFData(signature), &cfErr) != 1 { ++ return -1 // Verification failed ++ } ++ return 0 // Success ++ }) ++ ++ if err := goCFErrorRef(cfErr); err != nil { ++ return err ++ } ++ ++ if result != 0 { ++ return errors.New("verification failed") ++ } ++ return nil ++} ++ ++// hashToCryptoHash converts a hash.Hash to a crypto.Hash. ++func hashToCryptoHash(hash hash.Hash) (crypto.Hash, error) { ++ switch hash.(type) { ++ case cryptokit.SHA1Hash: ++ return crypto.SHA1, nil ++ case cryptokit.SHA256Hash: ++ return crypto.SHA256, nil ++ case cryptokit.SHA384Hash: ++ return crypto.SHA384, nil ++ case cryptokit.SHA512Hash: ++ return crypto.SHA512, nil ++ default: ++ return 0, errors.New("unsupported hash function") ++ } ++} ++ ++// selectAlgorithm selects the appropriate SecKeyAlgorithm based on hash and algorithm type. ++func selectAlgorithm(hash crypto.Hash, algorithmType algorithmType) (C.CFStringRef, error) { ++ var algo C.CFStringRef ++ switch algorithmType { ++ case algorithmTypePSS: ++ switch hash { ++ case crypto.SHA1: ++ algo = C.kSecKeyAlgorithmRSASignatureDigestPSSSHA1 ++ case crypto.SHA224: ++ algo = C.kSecKeyAlgorithmRSASignatureDigestPSSSHA224 ++ case crypto.SHA256: ++ algo = C.kSecKeyAlgorithmRSASignatureDigestPSSSHA256 ++ case crypto.SHA384: ++ algo = C.kSecKeyAlgorithmRSASignatureDigestPSSSHA384 ++ case crypto.SHA512: ++ algo = C.kSecKeyAlgorithmRSASignatureDigestPSSSHA512 ++ default: ++ return 0, errors.New("unsupported PSS hash: " + hash.String()) ++ } ++ case algorithmTypeRAW: ++ algo = C.kSecKeyAlgorithmRSAEncryptionRaw ++ case algorithmTypePKCS1v15Enc: ++ return C.kSecKeyAlgorithmRSAEncryptionPKCS1, nil ++ case algorithmTypePKCS1v15Sig: ++ switch hash { ++ case crypto.SHA1: ++ algo = C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 ++ case crypto.SHA224: ++ algo = C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 ++ case crypto.SHA256: ++ algo = C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 ++ case crypto.SHA384: ++ algo = C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 ++ case crypto.SHA512: ++ algo = C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 ++ case 0: ++ algo = C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw ++ default: ++ return 0, errors.New("unsupported PKCS1v15 hash: " + hash.String()) ++ } ++ case algorithmTypeOAEP: ++ switch hash { ++ case crypto.SHA1: ++ algo = C.kSecKeyAlgorithmRSAEncryptionOAEPSHA1 ++ case crypto.SHA224: ++ algo = C.kSecKeyAlgorithmRSAEncryptionOAEPSHA224 ++ case crypto.SHA256: ++ algo = C.kSecKeyAlgorithmRSAEncryptionOAEPSHA256 ++ case crypto.SHA384: ++ algo = C.kSecKeyAlgorithmRSAEncryptionOAEPSHA384 ++ case crypto.SHA512: ++ algo = C.kSecKeyAlgorithmRSAEncryptionOAEPSHA512 ++ default: ++ return 0, errors.New("unsupported OAEP hash: " + hash.String()) ++ } ++ case algorithmTypeECDSA: ++ return C.kSecKeyAlgorithmECDSASignatureDigestX962, nil ++ default: ++ return 0, errors.New("unsupported algorithm type: " + strconv.Itoa(int(algorithmType))) ++ } ++ return algo, nil ++} ++ ++// bytesToCFData turns a byte slice into a CFDataRef. Caller then "owns" the ++// CFDataRef and must CFRelease the CFDataRef when done. ++func bytesToCFData(buf []byte) C.CFDataRef { ++ return C.CFDataCreate(C.kCFAllocatorDefault, base(buf), C.CFIndex(len(buf))) ++} ++ ++// cfDataToBytes turns a CFDataRef into a byte slice. ++func cfDataToBytes(cfData C.CFDataRef) []byte { ++ return C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(cfData)), C.int(C.CFDataGetLength(cfData))) ++} ++ ++// cfRelease releases a CoreFoundation object. ++func cfRelease(ref unsafe.Pointer) { ++ C.CFRelease(C.CFTypeRef(ref)) ++} ++ ++// createSecKeyWithData creates a SecKey from the provided encoded key and attributes dictionary. ++func createSecKeyWithData(encodedKey []byte, keyType, keyClass C.CFStringRef) (C.SecKeyRef, error) { ++ encodedKeyCF := C.CFDataCreate(C.kCFAllocatorDefault, base(encodedKey), C.CFIndex(len(encodedKey))) ++ if encodedKeyCF == 0 { ++ return 0, errors.New("xcrypto: failed to create CFData for private key") ++ } ++ defer C.CFRelease(C.CFTypeRef(encodedKeyCF)) ++ ++ attrKeys := []C.CFTypeRef{ ++ C.CFTypeRef(C.kSecAttrKeyType), ++ C.CFTypeRef(C.kSecAttrKeyClass), ++ } ++ ++ attrValues := []C.CFTypeRef{ ++ C.CFTypeRef(keyType), ++ C.CFTypeRef(keyClass), ++ } ++ ++ // Create attributes dictionary for the key ++ attrDict := C.CFDictionaryCreate( ++ C.kCFAllocatorDefault, ++ (*unsafe.Pointer)(unsafe.Pointer(&attrKeys[0])), ++ (*unsafe.Pointer)(unsafe.Pointer(&attrValues[0])), ++ C.CFIndex(len(attrKeys)), ++ nil, ++ nil, ++ ) ++ if attrDict == 0 { ++ return 0, errors.New("xcrypto: failed to create attributes dictionary") ++ } ++ defer C.CFRelease(C.CFTypeRef(attrDict)) ++ ++ // Generate the SecKey ++ var errorRef C.CFErrorRef ++ key := C.SecKeyCreateWithData(encodedKeyCF, attrDict, &errorRef) ++ if err := goCFErrorRef(errorRef); err != nil { ++ return 0, err ++ } ++ return key, nil ++} ++ ++// createSecKeyRandom creates a new SecKey with the provided attributes dictionary. ++func createSecKeyRandom(keyType C.CFStringRef, keySize int) ([]byte, C.SecKeyRef, error) { ++ keyAttrs := C.CFDictionaryCreateMutable(C.kCFAllocatorDefault, 0, nil, nil) ++ if keyAttrs == 0 { ++ return nil, 0, errors.New("failed to create key attributes dictionary") ++ } ++ defer C.CFRelease(C.CFTypeRef(keyAttrs)) ++ ++ C.CFDictionarySetValue( ++ keyAttrs, ++ unsafe.Pointer(C.kSecAttrKeyType), ++ unsafe.Pointer(keyType), ++ ) ++ ++ C.CFDictionarySetValue( ++ keyAttrs, ++ unsafe.Pointer(C.kSecAttrKeySizeInBits), ++ unsafe.Pointer(C.CFNumberCreate(C.kCFAllocatorDefault, C.kCFNumberIntType, unsafe.Pointer(&keySize))), ++ ) ++ ++ // Generate the private key ++ var errorRef C.CFErrorRef ++ var privKeyRef C.SecKeyRef = C.SecKeyCreateRandomKey(C.CFDictionaryRef(keyAttrs), &errorRef) ++ if err := goCFErrorRef(errorRef); err != nil { ++ return nil, 0, err ++ } ++ ++ // Export the private key as DER ++ privData := C.SecKeyCopyExternalRepresentation(privKeyRef, &errorRef) ++ if err := goCFErrorRef(errorRef); err != nil { ++ return nil, 0, err ++ } ++ defer C.CFRelease(C.CFTypeRef(privData)) ++ ++ privKeyDER := cfDataToBytes(privData) ++ if privKeyDER == nil { ++ return nil, 0, errors.New("failed to convert CFData to bytes") ++ } ++ return privKeyDER, privKeyRef, nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go +new file mode 100644 +index 00000000000000..b03a3ca13bdc7f +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go +@@ -0,0 +1,68 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin && cgo ++ ++package xcrypto ++ ++import ( ++ "crypto" ++ "hash" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++// SupportsHash returns true if a hash.Hash implementation is supported for h. ++func SupportsHash(h crypto.Hash) bool { ++ switch h { ++ case crypto.MD5, crypto.SHA1, crypto.SHA256, crypto.SHA384, crypto.SHA512: ++ return true ++ default: ++ return false ++ } ++} ++ ++func MD5(p []byte) (sum [16]byte) { ++ return cryptokit.MD5(p) ++} ++ ++func SHA1(p []byte) (sum [20]byte) { ++ return cryptokit.SHA1(p) ++} ++ ++func SHA256(p []byte) (sum [32]byte) { ++ return cryptokit.SHA256(p) ++} ++ ++func SHA384(p []byte) (sum [48]byte) { ++ return cryptokit.SHA384(p) ++} ++ ++func SHA512(p []byte) (sum [64]byte) { ++ return cryptokit.SHA512(p) ++} ++ ++// NewMD5 initializes a new MD5 hasher. ++func NewMD5() hash.Hash { ++ return cryptokit.NewMD5() ++} ++ ++// NewSHA1 initializes a new SHA1 hasher. ++func NewSHA1() hash.Hash { ++ return cryptokit.NewSHA1() ++} ++ ++// NewSHA256 initializes a new SHA256 hasher. ++func NewSHA256() hash.Hash { ++ return cryptokit.NewSHA256() ++} ++ ++// NewSHA384 initializes a new SHA384 hasher. ++func NewSHA384() hash.Hash { ++ return cryptokit.NewSHA384() ++} ++ ++// NewSHA512 initializes a new SHA512 hasher. ++func NewSHA512() hash.Hash { ++ return cryptokit.NewSHA512() ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go +new file mode 100644 +index 00000000000000..3cc2d5d31927e0 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go +@@ -0,0 +1,66 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin && cgo ++ ++package xcrypto ++ ++import ( ++ "errors" ++ "hash" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++// ExtractHKDF performs the extract step of HKDF using the specified hash function. ++func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { ++ // Handle empty secret ++ if len(secret) == 0 { ++ return nil, errors.New("secret cannot be empty") ++ } ++ ++ hash, err := hashToCryptoHash(h()) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Default salt to a zero-filled array if not provided ++ if len(salt) == 0 { ++ salt = make([]byte, hash.Size()) ++ } ++ ++ prk, err := cryptokit.ExtractHKDF(hash, secret, salt) ++ if err != nil { ++ return nil, err ++ } ++ ++ return prk, nil ++} ++ ++// ExpandHKDF performs the expand step of HKDF using the specified hash function. ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ // Handle empty secret ++ if len(pseudorandomKey) == 0 { ++ return nil, errors.New("pseudorandom key cannot be empty") ++ } ++ ++ hash, err := hashToCryptoHash(h()) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Determine the maximum expandable key length based on the hash function ++ maxAllowedLength := hash.Size() * 255 ++ ++ // Validate requested key length ++ if keyLength > maxAllowedLength { ++ return nil, errors.New("requested key length exceeds maximum allowable size") ++ } ++ ++ expandedKey, err := cryptokit.ExpandHKDF(hash, pseudorandomKey, info, keyLength) ++ if err != nil { ++ return nil, err ++ } ++ ++ return expandedKey, nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go +new file mode 100644 +index 00000000000000..ceb33c5cf99ca2 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go +@@ -0,0 +1,21 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import "C" ++import ( ++ "hash" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++// NewHMAC returns a new HMAC using xcrypto. ++// The function h must return a hash implemented by ++// CommonCrypto (for example, h could be xcrypto.NewSHA256). ++// If h is not recognized, NewHMAC returns nil. ++func NewHMAC(fh func() hash.Hash, key []byte) hash.Hash { ++ return cryptokit.NewHMAC(fh, key) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go +new file mode 100644 +index 00000000000000..1f1b25d36981c3 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go +@@ -0,0 +1,65 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "errors" ++ "hash" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { ++ // Map Go hash function to CommonCrypto hash constant ++ ccDigest, err := hashToCCDigestPBKDF2(fh()) ++ if err != nil { ++ return nil, err ++ } ++ ++ if len(password) == 0 { ++ // CommonCrypto requires a non-empty password ++ // Substitute empty password with placeholder ++ password = make([]byte, 1) ++ } ++ ++ // Allocate output buffer for the derived key ++ derivedKey := make([]byte, keyLen) ++ ++ // Call CommonCrypto's PBKDF2 implementation ++ status := C.CCKeyDerivationPBKDF( ++ C.kCCPBKDF2, // PBKDF2 algorithm ++ sbase(password), C.size_t(len(password)), // Password and its length ++ base(salt), C.size_t(len(salt)), // Salt and its length ++ ccDigest, // Digest algorithm ++ C.uint(iter), // Iteration count ++ (*C.uchar)(unsafe.Pointer(&derivedKey[0])), C.size_t(keyLen), // Output buffer for derived key and its length ++ ) ++ ++ if status != C.kCCSuccess { ++ return nil, errors.New("PBKDF2 key derivation failed") ++ } ++ ++ return derivedKey, nil ++} ++ ++// Mapping Go hash functions to CommonCrypto hash constants ++func hashToCCDigestPBKDF2(hash hash.Hash) (C.CCAlgorithm, error) { ++ switch hash.(type) { ++ case cryptokit.SHA1Hash: ++ return C.kCCPRFHmacAlgSHA1, nil ++ case cryptokit.SHA256Hash: ++ return C.kCCPRFHmacAlgSHA256, nil ++ case cryptokit.SHA384Hash: ++ return C.kCCPRFHmacAlgSHA384, nil ++ case cryptokit.SHA512Hash: ++ return C.kCCPRFHmacAlgSHA512, nil ++ default: ++ return 0, errors.New("unsupported hash function") ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go +new file mode 100644 +index 00000000000000..e58c0b3b19a68b +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go +@@ -0,0 +1,26 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "errors" ++ "unsafe" ++) ++ ++type randReader int ++ ++func (randReader) Read(b []byte) (int, error) { ++ // Note: RAND_bytes should never fail; the return value exists only for historical reasons. ++ // We check it even so. ++ if len(b) > 0 && C.SecRandomCopyBytes(C.kSecRandomDefault, C.size_t(len(b)), unsafe.Pointer(&b[0])) != 0 { ++ return 0, errors.New("crypto/rand: unable to read from source") ++ } ++ return len(b), nil ++} ++ ++const RandReader = randReader(0) +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go +new file mode 100644 +index 00000000000000..e30a9e10ae3730 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go +@@ -0,0 +1,83 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "errors" ++ "runtime" ++ "slices" ++ "unsafe" ++) ++ ++// RC4Cipher is an instance of RC4 using a particular key. ++type RC4Cipher struct { ++ ctx C.CCCryptorRef ++} ++ ++// NewRC4Cipher creates and returns a new RC4 cipher with the given key. ++func NewRC4Cipher(key []byte) (*RC4Cipher, error) { ++ // Clone the key to prevent modification. ++ key = slices.Clone(key) ++ var ctx C.CCCryptorRef ++ status := C.CCCryptorCreate( ++ C.kCCEncrypt, // Operation (RC4 stream) ++ C.kCCAlgorithmRC4, // Algorithm ++ 0, // No padding or other options ++ pbase(key), // Key ++ C.size_t(len(key)), // Key length ++ nil, // No IV needed for RC4 ++ &ctx, // Output: CCCryptorRef ++ ) ++ if status != C.kCCSuccess { ++ return nil, errors.New("failed to create RC4 cipher") ++ } ++ c := &RC4Cipher{ctx: ctx} ++ runtime.SetFinalizer(c, (*RC4Cipher).finalize) ++ return c, nil ++} ++ ++// finalize releases the RC4 cipher context when no longer needed. ++func (c *RC4Cipher) finalize() { ++ if c.ctx != nil { ++ C.CCCryptorRelease(c.ctx) ++ } ++} ++ ++// Reset zeros the key data and makes the cipher unusable. ++func (c *RC4Cipher) Reset() { ++ if c.ctx != nil { ++ C.CCCryptorRelease(c.ctx) ++ c.ctx = nil ++ } ++} ++ ++// XORKeyStream sets dst to the result of XORing src with the key stream. ++func (c *RC4Cipher) XORKeyStream(dst, src []byte) { ++ if c.ctx == nil || len(src) == 0 { ++ return ++ } ++ if inexactOverlap(dst[:len(src)], src) { ++ panic("crypto/rc4: invalid buffer overlap") ++ } ++ // Ensures `dst` has sufficient space. ++ _ = dst[len(src)-1] ++ var outLen C.size_t ++ status := C.CCCryptorUpdate( ++ c.ctx, ++ unsafe.Pointer(&*addrNeverEmpty(src)), C.size_t(len(src)), // Input ++ unsafe.Pointer(&*addrNeverEmpty(dst)), C.size_t(len(dst)), // Output ++ &outLen, ++ ) ++ if status != C.kCCSuccess { ++ panic("crypto/cipher: CCCryptorUpdate failed") ++ } ++ if int(outLen) != len(src) { ++ panic("crypto/rc4: src not fully XORed") ++ } ++ runtime.KeepAlive(c) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go +new file mode 100644 +index 00000000000000..63df684569e671 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go +@@ -0,0 +1,194 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ "runtime" ++ "strconv" ++) ++ ++// GenerateKeyRSA generates an RSA key pair on macOS. ++// asn1Data is encoded as PKCS#1 ASN1 DER. ++func GenerateKeyRSA(bits int) (asn1Data []byte, err error) { ++ privKeyDER, privKeyRef, err := createSecKeyRandom(C.kSecAttrKeyTypeRSA, bits) ++ if err != nil { ++ return nil, err ++ } ++ C.CFRelease(C.CFTypeRef(privKeyRef)) ++ return privKeyDER, nil ++} ++ ++type PublicKeyRSA struct { ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey C.SecKeyRef ++} ++ ++func (k *PublicKeyRSA) finalize() { ++ if k._pkey != 0 { ++ C.CFRelease(C.CFTypeRef(k._pkey)) ++ } ++} ++ ++// NewPublicKeyRSA creates a new RSA public key from ASN1 DER encoded data. ++func NewPublicKeyRSA(asn1Data []byte) (*PublicKeyRSA, error) { ++ pubKeyRef, err := createSecKeyWithData(asn1Data, C.kSecAttrKeyTypeRSA, C.kSecAttrKeyClassPublic) ++ if err != nil { ++ return nil, err ++ } ++ ++ key := &PublicKeyRSA{_pkey: pubKeyRef} ++ runtime.SetFinalizer(key, (*PublicKeyRSA).finalize) ++ return key, nil ++} ++ ++func (k *PublicKeyRSA) withKey(f func(C.SecKeyRef) C.int) C.int { ++ // Because of the finalizer, any time key is passed to cgo, that call must ++ // be followed by a call to runtime.KeepAlive, to make sure k is not ++ // collected (and finalized) before the cgo call returns. ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++type PrivateKeyRSA struct { ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey C.SecKeyRef ++} ++ ++func (k *PrivateKeyRSA) finalize() { ++ if k._pkey != 0 { ++ C.CFRelease(C.CFTypeRef(k._pkey)) ++ } ++} ++ ++// NewPrivateKeyRSA creates a new RSA private key from ASN1 DER encoded data. ++func NewPrivateKeyRSA(asn1Data []byte) (*PrivateKeyRSA, error) { ++ privKeyRef, err := createSecKeyWithData(asn1Data, C.kSecAttrKeyTypeRSA, C.kSecAttrKeyClassPrivate) ++ if err != nil { ++ return nil, err ++ } ++ ++ key := &PrivateKeyRSA{_pkey: privKeyRef} ++ runtime.SetFinalizer(key, (*PrivateKeyRSA).finalize) ++ return key, nil ++} ++ ++func (k *PrivateKeyRSA) PublicKey() *PublicKeyRSA { ++ var pubKeyRef C.SecKeyRef ++ k.withKey(func(key C.SecKeyRef) C.int { ++ pubKeyRef = C.SecKeyCopyPublicKey(k._pkey) ++ return 0 ++ }) ++ pubKey := &PublicKeyRSA{_pkey: pubKeyRef} ++ runtime.SetFinalizer(pubKey, (*PublicKeyRSA).finalize) ++ return pubKey ++} ++ ++func (k *PrivateKeyRSA) withKey(f func(C.SecKeyRef) C.int) C.int { ++ // Because of the finalizer, any time _pkey is passed to cgo, that call must ++ // be followed by a call to runtime.KeepAlive, to make sure k is not ++ // collected (and finalized) before the cgo call returns. ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++// DecryptRSAOAEP decrypts data using RSA-OAEP. ++func DecryptRSAOAEP(h hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { ++ if len(label) > 0 { ++ // https://github.com/microsoft/go-crypto-darwin/issues/22 ++ panic("crypto/rsa: label is not supported on macOS") ++ } ++ return evpDecrypt(priv.withKey, algorithmTypeOAEP, ciphertext, h) ++} ++ ++// EncryptRSAOAEP encrypts data using RSA-OAEP. ++func EncryptRSAOAEP(h hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) { ++ if len(label) > 0 { ++ // https://github.com/microsoft/go-crypto-darwin/issues/22 ++ panic("crypto/rsa: label is not supported on macOS") ++ } ++ return evpEncrypt(pub.withKey, algorithmTypeOAEP, msg, h) ++} ++ ++// SignRSAPSS signs data with RSA-PSS. ++func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { ++ return evpSign(priv.withKey, algorithmTypePSS, h, hashed) ++} ++ ++// VerifyRSAPSS verifies data with RSA-PSS. ++func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { ++ return evpVerify(pub.withKey, algorithmTypePSS, h, hashed, sig) ++} ++ ++func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { ++ return evpSign(priv.withKey, algorithmTypePKCS1v15Sig, h, hashed) ++} ++ ++func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { ++ if pub.withKey(func(key C.SecKeyRef) C.int { ++ size := C.SecKeyGetBlockSize(key) ++ if len(sig) < int(size) { ++ return 0 ++ } ++ return 1 ++ }) == 0 { ++ return errors.New("crypto/rsa: verification error") ++ } ++ return evpVerify(pub.withKey, algorithmTypePKCS1v15Sig, h, hashed, sig) ++} ++ ++// DecryptRSAPKCS1 decrypts data using RSA PKCS#1 v1.5 padding. ++func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return evpDecrypt(priv.withKey, algorithmTypePKCS1v15Enc, ciphertext, nil) ++} ++ ++// EncryptRSAPKCS1 encrypts data using RSA PKCS#1 v1.5 padding. ++func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) { ++ return evpEncrypt(pub.withKey, algorithmTypePKCS1v15Enc, msg, nil) ++} ++ ++func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return evpDecrypt(priv.withKey, algorithmTypeRAW, ciphertext, nil) ++} ++ ++func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) { ++ return evpEncrypt(pub.withKey, algorithmTypeRAW, msg, nil) ++} ++ ++// Helper functions ++ ++type cfError struct { ++ code int ++ message string ++} ++ ++func (e *cfError) Error() string { ++ if e.message == "" { ++ return "CFError(" + strconv.Itoa(e.code) + "): unknown error" ++ } ++ return "CFError(" + strconv.Itoa(e.code) + "): " + e.message ++} ++ ++func goCFErrorRef(ref C.CFErrorRef) error { ++ if ref == 0 { ++ return nil ++ } ++ var message string ++ if desc := C.CFErrorCopyDescription(ref); desc != C.CFStringRef(0) { ++ defer C.CFRelease(C.CFTypeRef(desc)) ++ if cstr := C.CFStringGetCStringPtr(desc, C.kCFStringEncodingUTF8); cstr != nil { ++ message = C.GoString(cstr) ++ } ++ } ++ return &cfError{ ++ code: int(C.CFErrorGetCode(ref)), ++ message: message, ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/xcrypto.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/xcrypto.go +new file mode 100644 +index 00000000000000..d6b428e7ebb68b +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/xcrypto.go +@@ -0,0 +1,49 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #cgo CFLAGS: -Wno-deprecated-declarations ++// #cgo LDFLAGS: -framework Security -framework CoreFoundation ++import "C" ++import "unsafe" ++ ++var zero byte ++ ++// base returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++func base(b []byte) *C.uchar { ++ return (*C.uchar)(unsafe.Pointer(addr(b))) ++} ++ ++func sbase(b []byte) *C.char { ++ return (*C.char)(unsafe.Pointer(addr(b))) ++} ++ ++func pbase(b []byte) unsafe.Pointer { ++ return unsafe.Pointer(addr(b)) ++} ++ ++// base returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++// If b is empty, it returns a pointer to a zero byte ++// so that it can always be dereferenced. ++func addr(b []byte) *byte { ++ if len(b) == 0 { ++ return &zero ++ } ++ return unsafe.SliceData(b) ++} ++ ++// addrNeverEmpty returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++// If b is empty, it returns a pointer to a zero byte ++// so that it can always be dereferenced. ++func addrNeverEmpty(b []byte) *byte { ++ if len(b) == 0 { ++ return &zero ++ } ++ return unsafe.SliceData(b) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/LICENSE b/src/vendor/github.com/microsoft/go-crypto-openssl/LICENSE +new file mode 100644 +index 00000000000000..97e85154015761 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/LICENSE +@@ -0,0 +1,20 @@ ++The MIT License (MIT) ++ ++Copyright (c) 2022 The Golang FIPS Authors ++ ++Permission is hereby granted, free of charge, to any person obtaining a copy of ++this software and associated documentation files (the "Software"), to deal in ++the Software without restriction, including without limitation the rights to ++use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of ++the Software, and to permit persons to whom the Software is furnished to do so, ++subject to the following conditions: ++ ++The above copyright notice and this permission notice shall be included in all ++copies or substantial portions of the Software. ++ ++THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS ++FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR ++COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER ++IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ++CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +\ No newline at end of file +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/bbig/big.go b/src/vendor/github.com/microsoft/go-crypto-openssl/bbig/big.go +new file mode 100644 +index 00000000000000..1bf236d9d4b29d +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/bbig/big.go +@@ -0,0 +1,37 @@ ++// Copyright 2022 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This is a mirror of ++// https://github.com/golang/go/blob/36b87f273cc43e21685179dc1664ebb5493d26ae/src/crypto/internal/boring/bbig/big.go. ++ ++package bbig ++ ++import ( ++ "math/big" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/openssl" ++) ++ ++func Enc(b *big.Int) openssl.BigInt { ++ if b == nil { ++ return nil ++ } ++ x := b.Bits() ++ if len(x) == 0 { ++ return openssl.BigInt{} ++ } ++ return unsafe.Slice((*uint)(&x[0]), len(x)) ++} ++ ++func Dec(b openssl.BigInt) *big.Int { ++ if b == nil { ++ return nil ++ } ++ if len(b) == 0 { ++ return new(big.Int) ++ } ++ x := unsafe.Slice((*big.Word)(&b[0]), len(b)) ++ return new(big.Int).SetBits(x) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors.go +new file mode 100644 +index 00000000000000..68711f8e43d70f +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors.go +@@ -0,0 +1,119 @@ ++package ossl ++ ++/* ++#include // for calloc and free ++#include // for strdup ++#include "zossl.h" ++ ++// OpenSSL only allows a maximum of 16 errors to be stored in the error queue. ++#define ERR_NUM_MAX 16 ++ ++// ossl_err_state is a custom structure to hold the error state ++// of OpenSSL. ++typedef struct ossl_err_state_st { ++ unsigned long code[ERR_NUM_MAX]; ++ int line[ERR_NUM_MAX]; ++ char *file[ERR_NUM_MAX]; ++} ossl_err_state; ++ ++// mkcgo_err_retrieve retrieves the error state from OpenSSL. ++// It returns a pointer to a mkcgo_err_state structure ++// that contains the error codes, lines, and file names. ++// The caller is responsible for freeing the memory ++// by calling mkcgo_err_free. ++mkcgo_err_state mkcgo_err_retrieve() { ++ ossl_err_state *errs = (ossl_err_state *)calloc(1, sizeof(ossl_err_state)); ++ if (errs == NULL) return NULL; ++ ++ // Retrieve the errors from OpenSSL. ++ for (int i = 0; i < ERR_NUM_MAX; i++) { ++ const char *file; ++ if (_mkcgo_available_OPENSSL_version_major() == 1) { // Only available in OpenSSL 3. ++ // OpenSSL 3 error handling ++ errs->code[i] = _mkcgo_ERR_get_error_all(&file, &errs->line[i], NULL, NULL, NULL); ++ } else { ++ // OpenSSL 1 error handling ++ errs->code[i] = _mkcgo_ERR_get_error_line(&file, &errs->line[i]); ++ } ++ if (errs->code[i] == 0) { ++ break; ++ } ++ if (file != NULL) { ++ // Copy the file name as the pointer we just retrieved will be freed by OpenSSL ++ // when the error queue is cleared. ++ errs->file[i] = strdup(file); ++ } ++ } ++ return errs; ++} ++ ++// mkcgo_err_free frees the memory allocated for the mkcgo_err_state structure. ++void mkcgo_err_free(mkcgo_err_state errs) { ++ if (errs == NULL) return; ++ ++ ossl_err_state *oerrs = (ossl_err_state *)errs; ++ for (int i = 0; i < ERR_NUM_MAX; i++) { ++ if (oerrs->file[i] != NULL) { ++ free((void *)oerrs->file[i]); ++ } ++ } ++ free(errs); ++} ++*/ ++import "C" ++import ( ++ "bytes" ++ "errors" ++ "strconv" ++ "strings" ++ "unsafe" ++) ++ ++// newMkcgoErr creates a new error from the given mkcgo_err_state ++// and frees the state. If errst is nil, it returns nil. ++func newMkcgoErr(msg string, errst C.mkcgo_err_state) error { ++ if errst == nil { ++ return nil ++ } ++ defer C.mkcgo_err_free(errst) ++ oerrst := (*C.ossl_err_state)(unsafe.Pointer(errst)) ++ var b strings.Builder ++ b.WriteString(msg) ++ b.WriteString("\nopenssl error(s):") ++ for i := range C.ERR_NUM_MAX { ++ e := uint32(oerrst.code[i]) ++ if e == 0 { ++ break ++ } ++ b.WriteByte('\n') ++ var buf [256]byte ++ ERR_error_string_n(e, unsafe.SliceData(buf[:]), len(buf)) ++ if termIdx := bytes.IndexByte(buf[:], 0); termIdx != -1 { ++ b.Write(buf[:termIdx]) ++ } else { ++ b.Write(buf[:]) ++ } ++ if oerrst.file[i] == nil { ++ // info not available ++ continue ++ } ++ b.WriteString("\n\t") ++ b.Write(cstrBytes(oerrst.file[i])) ++ b.WriteByte(':') ++ b.WriteString(strconv.Itoa(int(oerrst.line[i]))) ++ } ++ return errors.New(b.String()) ++} ++ ++// cstrBytes returns a byte slice containing the contents of the C string ++// pointed to by p. The slice does not include the terminating null byte. ++func cstrBytes(p *C.char) []byte { ++ if p == nil { ++ return nil ++ } ++ end := unsafe.Pointer(p) ++ for *(*byte)(end) != 0 { ++ end = unsafe.Add(end, 1) ++ } ++ return unsafe.Slice((*byte)(unsafe.Pointer(p)), uintptr(end)-uintptr(unsafe.Pointer(p))) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/ossl.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/ossl.go +new file mode 100644 +index 00000000000000..e0d0b8e8bd8cf3 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/ossl.go +@@ -0,0 +1,81 @@ ++// Package ossl provides a Go interface to OpenSSL. ++package ossl ++ ++//go:generate go run ../../cmd/mkcgo -out zossl.go -package ossl shims.h ++ ++/* ++#include "zossl.h" ++// go_hash_sum copies ctx into ctx2 and calls EVP_DigestFinal_ex using ctx2. ++// This is necessary because Go hash.Hash mandates that Sum has no effect ++// on the underlying stream. In particular it is OK to Sum, then Write more, ++// then Sum again, and the second Sum acts as if the first didn't happen. ++// It is written in C because Sum() tend to be in the hot path, ++// and doing one cgo call instead of two is a significant performance win. ++static inline int ++go_hash_sum(const _EVP_MD_CTX_PTR ctx, _EVP_MD_CTX_PTR ctx2, unsigned char *out, mkcgo_err_state *_err_state) ++{ ++ if (_mkcgo_EVP_MD_CTX_copy(ctx2, ctx, _err_state) != 1) ++ return -1; ++ if (_mkcgo_EVP_DigestFinal_ex(ctx2, out, NULL, _err_state) <= 0) ++ return -2; ++ return 1; ++} ++*/ ++import "C" ++import ( ++ "unsafe" ++) ++ ++func HashSum(ctx1, ctx2 EVP_MD_CTX_PTR, out []byte) error { ++ var errst C.mkcgo_err_state ++ if code := C.go_hash_sum(ctx1, ctx2, (*C.uchar)(unsafe.SliceData(out)), mkcgoNoEscape(&errst)); code != 1 { ++ msg := "go_hash_sum" ++ switch code { ++ case -1: ++ msg = "EVP_MD_CTX_copy" ++ case -2: ++ msg = "EVP_DigestFinal_ex" ++ } ++ return newMkcgoErr(msg, errst) ++ } ++ return nil ++} ++ ++const _OSSL_PARAM_UNMODIFIED uint = uint(^uintptr(0)) ++ ++// OSSL_PARAM is a structure to pass or request object parameters. ++// https://docs.openssl.org/3.0/man3/OSSL_PARAM/. ++type OSSL_PARAM struct { ++ Key *byte ++ DataType uint32 ++ Data unsafe.Pointer ++ DataSize uint ++ ReturnSize uint ++} ++ ++func ossl_param_construct(key *byte, dataType uint32, data unsafe.Pointer, dataSize int) OSSL_PARAM { ++ return OSSL_PARAM{ ++ Key: key, ++ DataType: dataType, ++ Data: data, ++ DataSize: uint(dataSize), ++ ReturnSize: _OSSL_PARAM_UNMODIFIED, ++ } ++} ++ ++func OSSL_PARAM_construct_octet_string(key *byte, data unsafe.Pointer, dataSize int) OSSL_PARAM { ++ return ossl_param_construct(key, OSSL_PARAM_OCTET_STRING, data, dataSize) ++} ++ ++func OSSL_PARAM_construct_int32(key *byte, data *int32) OSSL_PARAM { ++ return ossl_param_construct(key, OSSL_PARAM_INTEGER, unsafe.Pointer(data), 4) ++} ++ ++func OSSL_PARAM_construct_end() OSSL_PARAM { ++ return OSSL_PARAM{} ++} ++ ++func OSSL_PARAM_modified(param *OSSL_PARAM) bool { ++ // If ReturnSize is not set, the parameter has not been modified. ++ return param != nil && param.ReturnSize != _OSSL_PARAM_UNMODIFIED ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/shims.h b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/shims.h +new file mode 100644 +index 00000000000000..5790defeb6eb55 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/shims.h +@@ -0,0 +1,399 @@ ++// This header file is used by the mkcgo tool to generate cgo and Go bindings for the ++// OpenSSL C API. Run "go generate ." to regenerate the bindings. ++// Do not include this file, import "zossl.h" instead. ++ ++#ifndef _GO_OSSL_SHIMS_H // only include this header once ++#define _GO_OSSL_SHIMS_H ++ ++#include // size_t ++#include // uint64_t ++ ++// The following includes are used by the checkheader tool. ++// #include ++// #include ++// #include ++// #include ++// #include ++// #include ++// #include ++// #include ++// #include ++// #include ++// #if OPENSSL_VERSION_NUMBER >= 0x30000000L ++// #include ++// #include ++// #include ++// #include ++// #endif ++// #if OPENSSL_VERSION_NUMBER < 0x10100000L ++// #include ++// #endif ++ ++enum { ++ _POINT_CONVERSION_UNCOMPRESSED = 4, ++ ++ _OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002, ++ _OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004, ++ _OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008, ++ _OPENSSL_INIT_LOAD_CONFIG = 0x00000040, ++ ++ _EVP_CTRL_GCM_GET_TAG = 0x10, ++ _EVP_CTRL_GCM_SET_TAG = 0x11, ++ _EVP_PKEY_CTRL_MD = 1, ++ _EVP_PKEY_RSA = 6, ++ _EVP_PKEY_EC = 408, ++ _EVP_PKEY_TLS1_PRF = 1021, ++ _EVP_PKEY_HKDF = 1036, ++ _EVP_PKEY_ED25519 = 1087, ++ _EVP_PKEY_DSA = 116, ++ _EVP_PKEY_OP_DERIVE = (1 << 10), // this value differs between OpenSSL 1 and 3, but we only use it in 1 ++ _EVP_MAX_MD_SIZE = 64, ++ ++ _EVP_PKEY_PUBLIC_KEY = 0x86, ++ _EVP_PKEY_KEYPAIR = 0x87, ++ ++ _EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001, ++ ++ _EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1, ++ _EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2, ++ ++ _EVP_PKEY_CTRL_TLS_MD = 0x1000, ++ _EVP_PKEY_CTRL_TLS_SECRET = 0x1001, ++ _EVP_PKEY_CTRL_TLS_SEED = 0x1002, ++ _EVP_PKEY_CTRL_HKDF_MD = 0x1003, ++ _EVP_PKEY_CTRL_HKDF_SALT = 0x1004, ++ _EVP_PKEY_CTRL_HKDF_KEY = 0x1005, ++ _EVP_PKEY_CTRL_HKDF_INFO = 0x1006, ++ _EVP_PKEY_CTRL_HKDF_MODE = 0x1007, ++ ++ _NID_X9_62_prime256v1 = 415, ++ _NID_secp224r1 = 713, ++ _NID_secp384r1 = 715, ++ _NID_secp521r1 = 716, ++ ++ _RSA_PKCS1_PADDING = 1, ++ _RSA_NO_PADDING = 3, ++ _RSA_PKCS1_OAEP_PADDING = 4, ++ _RSA_PKCS1_PSS_PADDING = 6, ++ _RSA_PSS_SALTLEN_DIGEST = -1, ++ _RSA_PSS_SALTLEN_AUTO = -2, ++ _RSA_PSS_SALTLEN_MAX_SIGN = -2, ++ _RSA_PSS_SALTLEN_MAX = -3, ++ _EVP_PKEY_CTRL_RSA_PADDING = 0x1001, ++ _EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002, ++ _EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003, ++ _EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005, ++ _EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009, ++ _EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A, ++ _EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001, ++ _EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002, ++ ++ _OSSL_PARAM_INTEGER = 1, ++ _OSSL_PARAM_OCTET_STRING = 5, ++}; ++ ++typedef void* _OPENSSL_INIT_SETTINGS_PTR; ++typedef void* _OSSL_LIB_CTX_PTR; ++typedef void* _OSSL_PROVIDER_PTR; ++typedef void* _ENGINE_PTR; ++typedef void* _EVP_PKEY_PTR; ++typedef void* _EVP_PKEY_CTX_PTR; ++typedef void* _EVP_MD_PTR; ++typedef void* _EVP_MD_CTX_PTR; ++typedef void* _HMAC_CTX_PTR; ++typedef void* _EVP_CIPHER_PTR; ++typedef void* _EVP_CIPHER_CTX_PTR; ++typedef void* _EC_KEY_PTR; ++typedef void* _EC_POINT_PTR; ++typedef void* _EC_GROUP_PTR; ++typedef void* _RSA_PTR; ++typedef void* _BIGNUM_PTR; ++typedef void* _BN_CTX_PTR; ++typedef void* _EVP_MAC_PTR; ++typedef void* _EVP_MAC_CTX_PTR; ++typedef void* _OSSL_PARAM_BLD_PTR; ++typedef void* _OSSL_PARAM_PTR; ++typedef void* _EVP_SIGNATURE_PTR; ++typedef void* _DSA_PTR; ++typedef void* _EVP_KDF_PTR; ++typedef void* _EVP_KDF_CTX_PTR; ++typedef int point_conversion_form_t; ++ ++// Tags used by mkcgo to determine which OpenSSL version each function is available in: ++// - no tag: OpenSSL 1.0 or later ++// - legacy_1: Only OpenSSL 1 ++// - 3: OpenSSL 3.0 or later ++// - 111: OpenSSL 1.1.1 or later ++ ++// The noescape/nocallback attributes are performance optimizations. ++// Only add functions that have been observed to benefit from these ++// directives, not every function that is merely expected to meet ++// the noescape/nocallback criteria. ++ ++// ERR API ++void ERR_error_string_n(unsigned long e, char *buf, size_t len); ++void ERR_clear_error(void) __attribute__((tag(""),tag("init_3"))); ++unsigned long ERR_get_error_line(const char **file, int *line) __attribute__((tag("legacy_1"),noerror)); ++unsigned long ERR_get_error_all(const char **file, int *line, const char **func, const char **data, int *flags) __attribute__((tag("3"),noerror)); ++ ++// OPENSSL API ++const char *OpenSSL_version(int type) __attribute__((noerror)); ++void OPENSSL_init(void); ++int OPENSSL_init_crypto(uint64_t ops, const _OPENSSL_INIT_SETTINGS_PTR settings); ++unsigned long OpenSSL_version_num(void) __attribute__((tag("version"),optional,noerror)); ++unsigned int OPENSSL_version_major(void) __attribute__((tag("version"),optional,noerror)); ++unsigned int OPENSSL_version_minor(void) __attribute__((tag("version"),optional,noerror)); ++unsigned int OPENSSL_version_patch(void) __attribute__((tag("version"),optional,noerror)); ++ ++// CRYPTO API ++void *CRYPTO_malloc(size_t num, const char *file, int line); ++void CRYPTO_free(void *str, const char *file, int line); ++ ++// FIPS API ++int FIPS_mode(void) __attribute__((tag("legacy_1"),tag("init_1"),noerror)); ++int FIPS_mode_set(int r) __attribute__((tag("legacy_1"),tag("init_1"))); ++ ++// EVP Config API ++int EVP_default_properties_is_fips_enabled(_OSSL_LIB_CTX_PTR libctx) __attribute__((tag("3"),tag("init_3"),noerror)); ++int EVP_default_properties_enable_fips(_OSSL_LIB_CTX_PTR libctx, int enable) __attribute__((tag("3"))); ++ ++// OSSL_PROVIDER API ++int OSSL_PROVIDER_available(_OSSL_LIB_CTX_PTR libctx, const char *name) __attribute__((tag("3"),noerror)); ++_OSSL_PROVIDER_PTR OSSL_PROVIDER_try_load(_OSSL_LIB_CTX_PTR libctx, const char *name, int retain_fallbacks) __attribute__((tag("3"))); ++const char *OSSL_PROVIDER_get0_name(const _OSSL_PROVIDER_PTR prov) __attribute__((tag("3"),noerror)); ++ ++// RAND API ++int RAND_bytes(unsigned char *arg0, int arg1) __attribute__((noescape,nocallback)); ++ ++// EVP_MD API ++_EVP_MD_PTR EVP_MD_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"),tag("init_3"))); ++void EVP_MD_free(_EVP_MD_PTR md) __attribute__((tag("3"),tag("init_3"))); ++const char *EVP_MD_get0_name(const _EVP_MD_PTR md) __attribute__((tag("3"),noerror)); ++int EVP_MD_get_type(const _EVP_MD_PTR md) __attribute__((tag("3"),noerror)); ++const _OSSL_PROVIDER_PTR EVP_MD_get0_provider(const _EVP_MD_PTR md) __attribute__((tag("3"),tag("init_3"),noerror)); ++int EVP_MD_get_size(const _EVP_MD_PTR md) __attribute__((tag("3"),tag("legacy_1","EVP_MD_size"),noerror)); ++int EVP_MD_get_block_size(const _EVP_MD_PTR md) __attribute__((tag("3"),tag("legacy_1","EVP_MD_block_size"),noerror)); ++const _EVP_MD_PTR EVP_md5_sha1(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_ripemd160(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_md4(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_md5(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha1(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha224(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha256(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha384(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha512(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha512_224(void) __attribute__((tag("111"),noerror)); ++const _EVP_MD_PTR EVP_sha512_256(void) __attribute__((tag("111"),noerror)); ++const _EVP_MD_PTR EVP_sha3_224(void) __attribute__((tag("111"),noerror)); ++const _EVP_MD_PTR EVP_sha3_256(void) __attribute__((tag("111"),noerror)); ++const _EVP_MD_PTR EVP_sha3_384(void) __attribute__((tag("111"),noerror)); ++const _EVP_MD_PTR EVP_sha3_512(void) __attribute__((tag("111"),noerror)); ++ ++_EVP_MD_CTX_PTR EVP_MD_CTX_new(void); ++void EVP_MD_CTX_free(_EVP_MD_CTX_PTR ctx); ++int EVP_MD_CTX_copy(_EVP_MD_CTX_PTR out, const _EVP_MD_CTX_PTR in) __attribute__((noescape,nocallback)); ++int EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR out, const _EVP_MD_CTX_PTR in); ++const _OSSL_PARAM_PTR EVP_MD_CTX_gettable_params(_EVP_MD_CTX_PTR ctx) __attribute__((tag("3"))); ++const _OSSL_PARAM_PTR EVP_MD_CTX_settable_params(_EVP_MD_CTX_PTR ctx) __attribute__((tag("3"))); ++int EVP_MD_CTX_get_params(_EVP_MD_CTX_PTR ctx, _OSSL_PARAM_PTR params) __attribute__((tag("3"))); ++int EVP_MD_CTX_set_params(_EVP_MD_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); ++int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const _EVP_MD_PTR type, _ENGINE_PTR impl) __attribute__((noescape,nocallback,nocheckptr("data"))); ++int EVP_DigestInit_ex(_EVP_MD_CTX_PTR ctx, const _EVP_MD_PTR type, _ENGINE_PTR impl); ++int EVP_DigestInit(_EVP_MD_CTX_PTR ctx, const _EVP_MD_PTR type); ++int EVP_DigestUpdate(_EVP_MD_CTX_PTR ctx, const void *d, size_t cnt) __attribute__((noescape,nocallback,nocheckptr("d"))); ++int EVP_DigestFinal_ex(_EVP_MD_CTX_PTR ctx, unsigned char *md, unsigned int *s) __attribute__((noescape,nocallback)); ++int EVP_DigestSign(_EVP_MD_CTX_PTR ctx, unsigned char *sigret, size_t *siglen, const unsigned char *tbs, size_t tbslen) __attribute__((tag("111"),noescape,nocallback)); ++int EVP_DigestSignInit(_EVP_MD_CTX_PTR ctx, _EVP_PKEY_CTX_PTR *pctx, const _EVP_MD_PTR type, _ENGINE_PTR e, _EVP_PKEY_PTR pkey); ++int EVP_DigestSignFinal(_EVP_MD_CTX_PTR ctx, unsigned char *sig, size_t *siglen); ++int EVP_DigestVerifyInit(_EVP_MD_CTX_PTR ctx, _EVP_PKEY_CTX_PTR *pctx, const _EVP_MD_PTR type, _ENGINE_PTR e, _EVP_PKEY_PTR pkey); ++int EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR ctx, const unsigned char *sig, size_t siglen); ++int EVP_DigestVerify(_EVP_MD_CTX_PTR ctx, const unsigned char *sigret, size_t siglen, const unsigned char *tbs, size_t tbslen) __attribute__((tag("111"))); ++ ++// HMAC API ++int HMAC_Init_ex(_HMAC_CTX_PTR arg0, const void *arg1, int arg2, const _EVP_MD_PTR arg3, _ENGINE_PTR arg4) __attribute__((tag("legacy_1"))); ++int HMAC_Update(_HMAC_CTX_PTR arg0, const unsigned char *arg1, size_t arg2) __attribute__((tag("legacy_1"))); ++int HMAC_Final(_HMAC_CTX_PTR arg0, unsigned char *arg1, unsigned int *arg2) __attribute__((tag("legacy_1"))); ++ ++_HMAC_CTX_PTR HMAC_CTX_new(void) __attribute__((tag("legacy_1"))); ++int HMAC_CTX_copy(_HMAC_CTX_PTR dest, _HMAC_CTX_PTR src) __attribute__((tag("legacy_1"))); ++void HMAC_CTX_free(_HMAC_CTX_PTR arg0) __attribute__((tag("legacy_1"))); ++ ++// EVP_CIPHER API ++_EVP_CIPHER_PTR EVP_CIPHER_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); ++const char *EVP_CIPHER_get0_name(const _EVP_CIPHER_PTR cipher) __attribute__((tag("3"),noerror)); ++const _EVP_CIPHER_PTR EVP_aes_128_gcm(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_128_cbc(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_128_ctr(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_128_ecb(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_192_gcm(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_192_cbc(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_192_ctr(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_192_ecb(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_256_cbc(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_256_ctr(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_256_ecb(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_256_gcm(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_des_ecb(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_des_cbc(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_des_ede3_ecb(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_des_ede3_cbc(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_rc4(void) __attribute__((noerror)); ++int EVP_CIPHER_get_block_size(const _EVP_CIPHER_PTR cipher) __attribute__((tag("3"),tag("legacy_1","EVP_CIPHER_block_size"),noerror)); ++ ++_EVP_CIPHER_CTX_PTR EVP_CIPHER_CTX_new(void); ++int EVP_CIPHER_CTX_set_padding(_EVP_CIPHER_CTX_PTR x, int padding); ++int EVP_CIPHER_CTX_set_key_length(_EVP_CIPHER_CTX_PTR x, int keylen); ++void EVP_CIPHER_CTX_free(_EVP_CIPHER_CTX_PTR arg0); ++int EVP_CIPHER_CTX_ctrl(_EVP_CIPHER_CTX_PTR ctx, int type, int arg, void *ptr); ++int EVP_CipherInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv, int enc); ++int EVP_CipherUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) __attribute__((noescape,nocallback)); ++int EVP_EncryptInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv); ++int EVP_EncryptUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) __attribute__((noescape,nocallback)); ++int EVP_EncryptFinal_ex(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl) __attribute__((noescape,nocallback)); ++int EVP_DecryptInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv); ++int EVP_DecryptUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) __attribute__((noescape,nocallback)); ++int EVP_DecryptFinal_ex(_EVP_CIPHER_CTX_PTR ctx, unsigned char *outm, int *outl) __attribute__((noescape,nocallback)); ++ ++// EVP_PKEY API ++_EVP_PKEY_PTR EVP_PKEY_new(void); ++_EVP_PKEY_PTR EVP_PKEY_new_raw_private_key(int type, _ENGINE_PTR e, const unsigned char *key, size_t keylen) __attribute__((tag("111"))); ++_EVP_PKEY_PTR EVP_PKEY_new_raw_public_key(int type, _ENGINE_PTR e, const unsigned char *key, size_t keylen) __attribute__((tag("111"))); ++int EVP_PKEY_get_size(const _EVP_PKEY_PTR pkey) __attribute__((tag("3"),tag("legacy_1","EVP_PKEY_size"))); ++int EVP_PKEY_get_bits(const _EVP_PKEY_PTR pkey) __attribute__((tag("3"),tag("legacy_1","EVP_PKEY_bits"))); ++void EVP_PKEY_free(_EVP_PKEY_PTR arg0); ++_RSA_PTR EVP_PKEY_get1_RSA(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); ++int EVP_PKEY_assign(_EVP_PKEY_PTR pkey, int type, void *key) __attribute__((tag("legacy_1"))); ++_EC_KEY_PTR EVP_PKEY_get0_EC_KEY(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); ++_DSA_PTR EVP_PKEY_get0_DSA(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); ++int EVP_PKEY_set1_encoded_public_key(_EVP_PKEY_PTR pkey, const unsigned char *pub, size_t publen) __attribute__((tag("3"))); ++size_t EVP_PKEY_get1_encoded_public_key(_EVP_PKEY_PTR pkey, unsigned char **ppub) __attribute__((tag("3"))); ++int EVP_PKEY_get_bn_param(const _EVP_PKEY_PTR pkey, const char *key_name, _BIGNUM_PTR *bn) __attribute__((tag("3"))); ++int EVP_PKEY_up_ref(_EVP_PKEY_PTR key) __attribute__((tag("3"))); ++int EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR pkey, _EC_KEY_PTR key) __attribute__((tag("legacy_1"))); ++int EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR ctx, void *label, int len) __attribute__((tag("3"))); ++int EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR pkey, unsigned char *pub, size_t *len) __attribute__((tag("111"),noescape,nocallback)); ++int EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR pkey, unsigned char *priv, size_t *len) __attribute__((tag("111"),noescape,nocallback)); ++int EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); ++int EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *pkey, int selection, _OSSL_PARAM_PTR params) __attribute__((tag("3"))); ++int EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR ctx); ++int EVP_PKEY_paramgen(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *ppkey); ++int EVP_PKEY_keygen_init(_EVP_PKEY_CTX_PTR ctx); ++int EVP_PKEY_keygen(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *ppkey); ++int EVP_PKEY_decrypt(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4); ++int EVP_PKEY_encrypt(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4); ++int EVP_PKEY_decrypt_init(_EVP_PKEY_CTX_PTR arg0); ++int EVP_PKEY_encrypt_init(_EVP_PKEY_CTX_PTR arg0); ++int EVP_PKEY_sign_init(_EVP_PKEY_CTX_PTR arg0); ++int EVP_PKEY_verify_init(_EVP_PKEY_CTX_PTR arg0); ++int EVP_PKEY_sign(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4); ++int EVP_PKEY_verify(_EVP_PKEY_CTX_PTR ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen); ++int EVP_PKEY_derive_init(_EVP_PKEY_CTX_PTR ctx); ++int EVP_PKEY_derive_set_peer(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR peer); ++int EVP_PKEY_derive(_EVP_PKEY_CTX_PTR ctx, unsigned char *key, size_t *keylen) __attribute__((noescape,nocallback)); ++int EVP_PKEY_public_check_quick(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); ++int EVP_PKEY_private_check(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); ++_EVP_PKEY_PTR EVP_PKEY_Q_keygen(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, ...) __attribute__((tag("3"))); ++_EVP_PKEY_PTR EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, size_t arg1) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"))); ++_EVP_PKEY_PTR EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, const char *arg1) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"))); ++_EVP_PKEY_PTR EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"))); ++ ++_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new(_EVP_PKEY_PTR arg0, _ENGINE_PTR arg1); ++_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new_id(int id, _ENGINE_PTR e); ++_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR libctx, _EVP_PKEY_PTR pkey, const char *propquery) __attribute__((tag("3"))); ++void EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR arg0); ++int EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR ctx, int keytype, int optype, int cmd, int p1, void *p2); ++int EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR arg0, int arg1) __attribute__((tag("3"))); ++int EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR arg0, const _EVP_MD_PTR arg1) __attribute__((tag("3"))); ++int EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"))); ++int EVP_PKEY_CTX_set1_hkdf_key(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"))); ++int EVP_PKEY_CTX_add1_hkdf_info(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"))); ++ ++// RSA API ++_RSA_PTR RSA_new(void) __attribute__((tag("legacy_1"))); ++void RSA_free(_RSA_PTR arg0) __attribute__((tag("legacy_1"))); ++void RSA_get0_factors(const _RSA_PTR rsa, const _BIGNUM_PTR *p, const _BIGNUM_PTR *q) __attribute__((tag("legacy_1"),noerror)); ++int RSA_set0_factors(_RSA_PTR rsa, _BIGNUM_PTR p, _BIGNUM_PTR q) __attribute__((tag("legacy_1"))); ++void RSA_get0_crt_params(const _RSA_PTR r, const _BIGNUM_PTR *dmp1, const _BIGNUM_PTR *dmq1, const _BIGNUM_PTR *iqmp) __attribute__((tag("legacy_1"),noerror)); ++int RSA_set0_crt_params(_RSA_PTR rsa, _BIGNUM_PTR dmp1, _BIGNUM_PTR dmp2, _BIGNUM_PTR iqmp) __attribute__((tag("legacy_1"))); ++void RSA_get0_key(const _RSA_PTR rsa, const _BIGNUM_PTR *n, const _BIGNUM_PTR *e, const _BIGNUM_PTR *d) __attribute__((tag("legacy_1"),noerror)); ++int RSA_set0_key(_RSA_PTR r, _BIGNUM_PTR n, _BIGNUM_PTR e, _BIGNUM_PTR d) __attribute__((tag("legacy_1"))); ++ ++// BIGNUM API ++_BIGNUM_PTR BN_new(void); ++void BN_free(_BIGNUM_PTR arg0); ++void BN_clear(_BIGNUM_PTR arg0); ++void BN_clear_free(_BIGNUM_PTR arg0); ++int BN_num_bits(const _BIGNUM_PTR arg0) __attribute__((noerror)); ++_BIGNUM_PTR BN_bin2bn(const unsigned char *arg0, int arg1, _BIGNUM_PTR arg2); ++_BIGNUM_PTR BN_lebin2bn(const unsigned char *s, int len, _BIGNUM_PTR ret); ++int BN_bn2lebinpad(const _BIGNUM_PTR a, unsigned char *to, int tolen) __attribute__((errcond("== -1"))); ++int BN_bn2binpad(const _BIGNUM_PTR a, unsigned char *to, int tolen) __attribute__((errcond("== -1"))); ++ ++// EC API ++int EC_KEY_set_public_key_affine_coordinates(_EC_KEY_PTR key, _BIGNUM_PTR x, _BIGNUM_PTR y) __attribute__((tag("legacy_1"))); ++int EC_KEY_set_public_key(_EC_KEY_PTR key, const _EC_POINT_PTR pub) __attribute__((tag("legacy_1"))); ++void EC_KEY_free(_EC_KEY_PTR arg0) __attribute__((tag("legacy_1"))); ++const _EC_GROUP_PTR EC_KEY_get0_group(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"),noerror)); ++const _BIGNUM_PTR EC_KEY_get0_private_key(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"),noerror)); ++const _EC_POINT_PTR EC_KEY_get0_public_key(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"),noerror)); ++_EC_KEY_PTR EC_KEY_new_by_curve_name(int arg0) __attribute__((tag("legacy_1"))); ++int EC_KEY_set_private_key(_EC_KEY_PTR arg0, const _BIGNUM_PTR arg1) __attribute__((tag("legacy_1"))); ++int EC_KEY_check_key(const _EC_KEY_PTR key) __attribute__((tag("legacy_1"))); ++_EC_POINT_PTR EC_POINT_new(const _EC_GROUP_PTR arg0); ++void EC_POINT_free(_EC_POINT_PTR arg0); ++int EC_POINT_mul(const _EC_GROUP_PTR group, _EC_POINT_PTR r, const _BIGNUM_PTR n, const _EC_POINT_PTR q, const _BIGNUM_PTR m, _BN_CTX_PTR ctx); ++int EC_POINT_get_affine_coordinates_GFp(const _EC_GROUP_PTR arg0, const _EC_POINT_PTR arg1, _BIGNUM_PTR arg2, _BIGNUM_PTR arg3, _BN_CTX_PTR arg4) __attribute__((tag("legacy_1"))); ++int EC_POINT_set_affine_coordinates(const _EC_GROUP_PTR arg0, _EC_POINT_PTR arg1, const _BIGNUM_PTR arg2, const _BIGNUM_PTR arg3, _BN_CTX_PTR arg4) __attribute__((tag("3"))); ++size_t EC_POINT_point2oct(const _EC_GROUP_PTR group, const _EC_POINT_PTR p, point_conversion_form_t form, unsigned char *buf, size_t len, _BN_CTX_PTR ctx); ++int EC_POINT_oct2point(const _EC_GROUP_PTR group, _EC_POINT_PTR p, const unsigned char *buf, size_t len, _BN_CTX_PTR ctx); ++_EC_GROUP_PTR EC_GROUP_new_by_curve_name(int nid); ++void EC_GROUP_free(_EC_GROUP_PTR group); ++ ++// EVP_MAC API ++_EVP_MAC_PTR EVP_MAC_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); ++_EVP_MAC_CTX_PTR EVP_MAC_CTX_new(_EVP_MAC_PTR arg0) __attribute__((tag("3"))); ++int EVP_MAC_CTX_set_params(_EVP_MAC_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); ++void EVP_MAC_CTX_free(_EVP_MAC_CTX_PTR arg0) __attribute__((tag("3"))); ++_EVP_MAC_CTX_PTR EVP_MAC_CTX_dup(const _EVP_MAC_CTX_PTR arg0) __attribute__((tag("3"))); ++int EVP_MAC_init(_EVP_MAC_CTX_PTR ctx, const unsigned char *key, size_t keylen, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); ++int EVP_MAC_update(_EVP_MAC_CTX_PTR ctx, const unsigned char *data, size_t datalen) __attribute__((tag("3"))); ++int EVP_MAC_final(_EVP_MAC_CTX_PTR ctx, unsigned char *out, size_t *outl, size_t outsize) __attribute__((tag("3"))); ++ ++// OSSL_PARAM API ++void OSSL_PARAM_free(_OSSL_PARAM_PTR p) __attribute__((tag("3"))); ++const _OSSL_PARAM_PTR OSSL_PARAM_locate_const(const _OSSL_PARAM_PTR p, const char *key) __attribute__((tag("3"))); ++_OSSL_PARAM_BLD_PTR OSSL_PARAM_BLD_new(void) __attribute__((tag("3"))); ++void OSSL_PARAM_BLD_free(_OSSL_PARAM_BLD_PTR bld) __attribute__((tag("3"))); ++_OSSL_PARAM_PTR OSSL_PARAM_BLD_to_param(_OSSL_PARAM_BLD_PTR bld) __attribute__((tag("3"))); ++int OSSL_PARAM_BLD_push_utf8_string(_OSSL_PARAM_BLD_PTR bld, const char *key, const char *buf, size_t bsize) __attribute__((tag("3"))); ++int OSSL_PARAM_BLD_push_octet_string(_OSSL_PARAM_BLD_PTR bld, const char *key, const void *buf, size_t bsize) __attribute__((tag("3"))); ++int OSSL_PARAM_BLD_push_BN(_OSSL_PARAM_BLD_PTR bld, const char *key, const _BIGNUM_PTR bn) __attribute__((tag("3"))); ++int OSSL_PARAM_BLD_push_int32(_OSSL_PARAM_BLD_PTR bld, const char *key, int32_t num) __attribute__((tag("3"))); ++ ++// EVP_SIGNATURE API ++_EVP_SIGNATURE_PTR EVP_SIGNATURE_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); ++void EVP_SIGNATURE_free(_EVP_SIGNATURE_PTR signature) __attribute__((tag("3"))); ++ ++// DSA API ++_DSA_PTR DSA_new(void) __attribute__((tag("legacy_1"))); ++void DSA_free(_DSA_PTR r) __attribute__((tag("legacy_1"))); ++int DSA_generate_key(_DSA_PTR a) __attribute__((tag("legacy_1"))); ++void DSA_get0_pqg(const _DSA_PTR d, const _BIGNUM_PTR *p, const _BIGNUM_PTR *q, const _BIGNUM_PTR *g) __attribute__((tag("legacy_1"))); ++int DSA_set0_pqg(_DSA_PTR d, _BIGNUM_PTR p, _BIGNUM_PTR q, _BIGNUM_PTR g) __attribute__((tag("legacy_1"))); ++void DSA_get0_key(const _DSA_PTR d, const _BIGNUM_PTR *pub_key, const _BIGNUM_PTR *priv_key) __attribute__((tag("legacy_1"))); ++int DSA_set0_key(_DSA_PTR d, _BIGNUM_PTR pub_key, _BIGNUM_PTR priv_key) __attribute__((tag("legacy_1"))); ++ ++// EVP_KDF API ++_EVP_KDF_PTR EVP_KDF_fetch(_OSSL_LIB_CTX_PTR libctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); ++void EVP_KDF_free(_EVP_KDF_PTR kdf) __attribute__((tag("3"))); ++_EVP_KDF_CTX_PTR EVP_KDF_CTX_new(_EVP_KDF_PTR kdf) __attribute__((tag("3"))); ++int EVP_KDF_CTX_set_params(_EVP_KDF_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); ++void EVP_KDF_CTX_free(_EVP_KDF_CTX_PTR ctx) __attribute__((tag("3"))); ++size_t EVP_KDF_CTX_get_kdf_size(_EVP_KDF_CTX_PTR ctx) __attribute__((tag("3"))); ++int EVP_KDF_derive(_EVP_KDF_CTX_PTR ctx, unsigned char *key, size_t keylen, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); ++int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, const _EVP_MD_PTR digest, int keylen, unsigned char *out); ++ ++// OBJ API ++const char *OBJ_nid2sn(int n) __attribute__((noerror)); ++ ++#endif // _GO_OSSL_SHIMS_H +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.c b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.c +new file mode 100644 +index 00000000000000..8124dfd70a22e3 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.c +@@ -0,0 +1,1924 @@ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++#include ++#include ++#include ++#include ++#include "zossl.h" ++ ++#ifdef _WIN32 ++#include ++#define dlsym GetProcAddress ++#else ++#include ++#endif ++ ++_BIGNUM_PTR (*_g_BN_bin2bn)(const unsigned char*, int, _BIGNUM_PTR); ++int (*_g_BN_bn2binpad)(const _BIGNUM_PTR, unsigned char*, int); ++int (*_g_BN_bn2lebinpad)(const _BIGNUM_PTR, unsigned char*, int); ++void (*_g_BN_clear)(_BIGNUM_PTR); ++void (*_g_BN_clear_free)(_BIGNUM_PTR); ++void (*_g_BN_free)(_BIGNUM_PTR); ++_BIGNUM_PTR (*_g_BN_lebin2bn)(const unsigned char*, int, _BIGNUM_PTR); ++_BIGNUM_PTR (*_g_BN_new)(void); ++int (*_g_BN_num_bits)(const _BIGNUM_PTR); ++void (*_g_CRYPTO_free)(void*, const char*, int); ++void* (*_g_CRYPTO_malloc)(size_t, const char*, int); ++void (*_g_DSA_free)(_DSA_PTR); ++int (*_g_DSA_generate_key)(_DSA_PTR); ++void (*_g_DSA_get0_key)(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++void (*_g_DSA_get0_pqg)(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++_DSA_PTR (*_g_DSA_new)(void); ++int (*_g_DSA_set0_key)(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR); ++int (*_g_DSA_set0_pqg)(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR); ++void (*_g_EC_GROUP_free)(_EC_GROUP_PTR); ++_EC_GROUP_PTR (*_g_EC_GROUP_new_by_curve_name)(int); ++int (*_g_EC_KEY_check_key)(const _EC_KEY_PTR); ++void (*_g_EC_KEY_free)(_EC_KEY_PTR); ++const _EC_GROUP_PTR (*_g_EC_KEY_get0_group)(const _EC_KEY_PTR); ++const _BIGNUM_PTR (*_g_EC_KEY_get0_private_key)(const _EC_KEY_PTR); ++const _EC_POINT_PTR (*_g_EC_KEY_get0_public_key)(const _EC_KEY_PTR); ++_EC_KEY_PTR (*_g_EC_KEY_new_by_curve_name)(int); ++int (*_g_EC_KEY_set_private_key)(_EC_KEY_PTR, const _BIGNUM_PTR); ++int (*_g_EC_KEY_set_public_key)(_EC_KEY_PTR, const _EC_POINT_PTR); ++int (*_g_EC_KEY_set_public_key_affine_coordinates)(_EC_KEY_PTR, _BIGNUM_PTR, _BIGNUM_PTR); ++void (*_g_EC_POINT_free)(_EC_POINT_PTR); ++int (*_g_EC_POINT_get_affine_coordinates_GFp)(const _EC_GROUP_PTR, const _EC_POINT_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BN_CTX_PTR); ++int (*_g_EC_POINT_mul)(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _EC_POINT_PTR, const _BIGNUM_PTR, _BN_CTX_PTR); ++_EC_POINT_PTR (*_g_EC_POINT_new)(const _EC_GROUP_PTR); ++int (*_g_EC_POINT_oct2point)(const _EC_GROUP_PTR, _EC_POINT_PTR, const unsigned char*, size_t, _BN_CTX_PTR); ++size_t (*_g_EC_POINT_point2oct)(const _EC_GROUP_PTR, const _EC_POINT_PTR, point_conversion_form_t, unsigned char*, size_t, _BN_CTX_PTR); ++int (*_g_EC_POINT_set_affine_coordinates)(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _BIGNUM_PTR, _BN_CTX_PTR); ++void (*_g_ERR_clear_error)(void); ++void (*_g_ERR_error_string_n)(unsigned long, char*, size_t); ++unsigned long (*_g_ERR_get_error_all)(const char**, int*, const char**, const char**, int*); ++unsigned long (*_g_ERR_get_error_line)(const char**, int*); ++int (*_g_EVP_CIPHER_CTX_ctrl)(_EVP_CIPHER_CTX_PTR, int, int, void*); ++void (*_g_EVP_CIPHER_CTX_free)(_EVP_CIPHER_CTX_PTR); ++_EVP_CIPHER_CTX_PTR (*_g_EVP_CIPHER_CTX_new)(void); ++int (*_g_EVP_CIPHER_CTX_set_key_length)(_EVP_CIPHER_CTX_PTR, int); ++int (*_g_EVP_CIPHER_CTX_set_padding)(_EVP_CIPHER_CTX_PTR, int); ++_EVP_CIPHER_PTR (*_g_EVP_CIPHER_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); ++const char* (*_g_EVP_CIPHER_get0_name)(const _EVP_CIPHER_PTR); ++int (*_g_EVP_CIPHER_get_block_size)(const _EVP_CIPHER_PTR); ++int (*_g_EVP_CipherInit_ex)(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, int); ++int (*_g_EVP_CipherUpdate)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int); ++int (*_g_EVP_DecryptFinal_ex)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*); ++int (*_g_EVP_DecryptInit_ex)(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*); ++int (*_g_EVP_DecryptUpdate)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int); ++int (*_g_EVP_Digest)(const void*, size_t, unsigned char*, unsigned int*, const _EVP_MD_PTR, _ENGINE_PTR); ++int (*_g_EVP_DigestFinal_ex)(_EVP_MD_CTX_PTR, unsigned char*, unsigned int*); ++int (*_g_EVP_DigestInit)(_EVP_MD_CTX_PTR, const _EVP_MD_PTR); ++int (*_g_EVP_DigestInit_ex)(_EVP_MD_CTX_PTR, const _EVP_MD_PTR, _ENGINE_PTR); ++int (*_g_EVP_DigestSign)(_EVP_MD_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); ++int (*_g_EVP_DigestSignFinal)(_EVP_MD_CTX_PTR, unsigned char*, size_t*); ++int (*_g_EVP_DigestSignInit)(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR); ++int (*_g_EVP_DigestUpdate)(_EVP_MD_CTX_PTR, const void*, size_t); ++int (*_g_EVP_DigestVerify)(_EVP_MD_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t); ++int (*_g_EVP_DigestVerifyFinal)(_EVP_MD_CTX_PTR, const unsigned char*, size_t); ++int (*_g_EVP_DigestVerifyInit)(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR); ++int (*_g_EVP_EncryptFinal_ex)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*); ++int (*_g_EVP_EncryptInit_ex)(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*); ++int (*_g_EVP_EncryptUpdate)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int); ++void (*_g_EVP_KDF_CTX_free)(_EVP_KDF_CTX_PTR); ++size_t (*_g_EVP_KDF_CTX_get_kdf_size)(_EVP_KDF_CTX_PTR); ++_EVP_KDF_CTX_PTR (*_g_EVP_KDF_CTX_new)(_EVP_KDF_PTR); ++int (*_g_EVP_KDF_CTX_set_params)(_EVP_KDF_CTX_PTR, const _OSSL_PARAM_PTR); ++int (*_g_EVP_KDF_derive)(_EVP_KDF_CTX_PTR, unsigned char*, size_t, const _OSSL_PARAM_PTR); ++_EVP_KDF_PTR (*_g_EVP_KDF_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); ++void (*_g_EVP_KDF_free)(_EVP_KDF_PTR); ++_EVP_MAC_CTX_PTR (*_g_EVP_MAC_CTX_dup)(const _EVP_MAC_CTX_PTR); ++void (*_g_EVP_MAC_CTX_free)(_EVP_MAC_CTX_PTR); ++_EVP_MAC_CTX_PTR (*_g_EVP_MAC_CTX_new)(_EVP_MAC_PTR); ++int (*_g_EVP_MAC_CTX_set_params)(_EVP_MAC_CTX_PTR, const _OSSL_PARAM_PTR); ++_EVP_MAC_PTR (*_g_EVP_MAC_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); ++int (*_g_EVP_MAC_final)(_EVP_MAC_CTX_PTR, unsigned char*, size_t*, size_t); ++int (*_g_EVP_MAC_init)(_EVP_MAC_CTX_PTR, const unsigned char*, size_t, const _OSSL_PARAM_PTR); ++int (*_g_EVP_MAC_update)(_EVP_MAC_CTX_PTR, const unsigned char*, size_t); ++int (*_g_EVP_MD_CTX_copy)(_EVP_MD_CTX_PTR, const _EVP_MD_CTX_PTR); ++int (*_g_EVP_MD_CTX_copy_ex)(_EVP_MD_CTX_PTR, const _EVP_MD_CTX_PTR); ++void (*_g_EVP_MD_CTX_free)(_EVP_MD_CTX_PTR); ++int (*_g_EVP_MD_CTX_get_params)(_EVP_MD_CTX_PTR, _OSSL_PARAM_PTR); ++const _OSSL_PARAM_PTR (*_g_EVP_MD_CTX_gettable_params)(_EVP_MD_CTX_PTR); ++_EVP_MD_CTX_PTR (*_g_EVP_MD_CTX_new)(void); ++int (*_g_EVP_MD_CTX_set_params)(_EVP_MD_CTX_PTR, const _OSSL_PARAM_PTR); ++const _OSSL_PARAM_PTR (*_g_EVP_MD_CTX_settable_params)(_EVP_MD_CTX_PTR); ++_EVP_MD_PTR (*_g_EVP_MD_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); ++void (*_g_EVP_MD_free)(_EVP_MD_PTR); ++const char* (*_g_EVP_MD_get0_name)(const _EVP_MD_PTR); ++const _OSSL_PROVIDER_PTR (*_g_EVP_MD_get0_provider)(const _EVP_MD_PTR); ++int (*_g_EVP_MD_get_block_size)(const _EVP_MD_PTR); ++int (*_g_EVP_MD_get_size)(const _EVP_MD_PTR); ++int (*_g_EVP_MD_get_type)(const _EVP_MD_PTR); ++int (*_g_EVP_PKEY_CTX_add1_hkdf_info)(_EVP_PKEY_CTX_PTR, const unsigned char*, int); ++int (*_g_EVP_PKEY_CTX_ctrl)(_EVP_PKEY_CTX_PTR, int, int, int, int, void*); ++void (*_g_EVP_PKEY_CTX_free)(_EVP_PKEY_CTX_PTR); ++_EVP_PKEY_CTX_PTR (*_g_EVP_PKEY_CTX_new)(_EVP_PKEY_PTR, _ENGINE_PTR); ++_EVP_PKEY_CTX_PTR (*_g_EVP_PKEY_CTX_new_from_pkey)(_OSSL_LIB_CTX_PTR, _EVP_PKEY_PTR, const char*); ++_EVP_PKEY_CTX_PTR (*_g_EVP_PKEY_CTX_new_id)(int, _ENGINE_PTR); ++int (*_g_EVP_PKEY_CTX_set0_rsa_oaep_label)(_EVP_PKEY_CTX_PTR, void*, int); ++int (*_g_EVP_PKEY_CTX_set1_hkdf_key)(_EVP_PKEY_CTX_PTR, const unsigned char*, int); ++int (*_g_EVP_PKEY_CTX_set1_hkdf_salt)(_EVP_PKEY_CTX_PTR, const unsigned char*, int); ++int (*_g_EVP_PKEY_CTX_set_hkdf_md)(_EVP_PKEY_CTX_PTR, const _EVP_MD_PTR); ++int (*_g_EVP_PKEY_CTX_set_hkdf_mode)(_EVP_PKEY_CTX_PTR, int); ++_EVP_PKEY_PTR (*_g_EVP_PKEY_Q_keygen)(_OSSL_LIB_CTX_PTR, const char*, const char*, ...); ++int (*_g_EVP_PKEY_assign)(_EVP_PKEY_PTR, int, void*); ++int (*_g_EVP_PKEY_decrypt)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); ++int (*_g_EVP_PKEY_decrypt_init)(_EVP_PKEY_CTX_PTR); ++int (*_g_EVP_PKEY_derive)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*); ++int (*_g_EVP_PKEY_derive_init)(_EVP_PKEY_CTX_PTR); ++int (*_g_EVP_PKEY_derive_set_peer)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR); ++int (*_g_EVP_PKEY_encrypt)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); ++int (*_g_EVP_PKEY_encrypt_init)(_EVP_PKEY_CTX_PTR); ++void (*_g_EVP_PKEY_free)(_EVP_PKEY_PTR); ++int (*_g_EVP_PKEY_fromdata)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, int, _OSSL_PARAM_PTR); ++int (*_g_EVP_PKEY_fromdata_init)(_EVP_PKEY_CTX_PTR); ++_DSA_PTR (*_g_EVP_PKEY_get0_DSA)(_EVP_PKEY_PTR); ++_EC_KEY_PTR (*_g_EVP_PKEY_get0_EC_KEY)(_EVP_PKEY_PTR); ++_RSA_PTR (*_g_EVP_PKEY_get1_RSA)(_EVP_PKEY_PTR); ++size_t (*_g_EVP_PKEY_get1_encoded_public_key)(_EVP_PKEY_PTR, unsigned char**); ++int (*_g_EVP_PKEY_get_bits)(const _EVP_PKEY_PTR); ++int (*_g_EVP_PKEY_get_bn_param)(const _EVP_PKEY_PTR, const char*, _BIGNUM_PTR*); ++int (*_g_EVP_PKEY_get_raw_private_key)(const _EVP_PKEY_PTR, unsigned char*, size_t*); ++int (*_g_EVP_PKEY_get_raw_public_key)(const _EVP_PKEY_PTR, unsigned char*, size_t*); ++int (*_g_EVP_PKEY_get_size)(const _EVP_PKEY_PTR); ++int (*_g_EVP_PKEY_keygen)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*); ++int (*_g_EVP_PKEY_keygen_init)(_EVP_PKEY_CTX_PTR); ++_EVP_PKEY_PTR (*_g_EVP_PKEY_new)(void); ++_EVP_PKEY_PTR (*_g_EVP_PKEY_new_raw_private_key)(int, _ENGINE_PTR, const unsigned char*, size_t); ++_EVP_PKEY_PTR (*_g_EVP_PKEY_new_raw_public_key)(int, _ENGINE_PTR, const unsigned char*, size_t); ++int (*_g_EVP_PKEY_paramgen)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*); ++int (*_g_EVP_PKEY_paramgen_init)(_EVP_PKEY_CTX_PTR); ++int (*_g_EVP_PKEY_private_check)(_EVP_PKEY_CTX_PTR); ++int (*_g_EVP_PKEY_public_check_quick)(_EVP_PKEY_CTX_PTR); ++int (*_g_EVP_PKEY_set1_EC_KEY)(_EVP_PKEY_PTR, _EC_KEY_PTR); ++int (*_g_EVP_PKEY_set1_encoded_public_key)(_EVP_PKEY_PTR, const unsigned char*, size_t); ++int (*_g_EVP_PKEY_sign)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); ++int (*_g_EVP_PKEY_sign_init)(_EVP_PKEY_CTX_PTR); ++int (*_g_EVP_PKEY_up_ref)(_EVP_PKEY_PTR); ++int (*_g_EVP_PKEY_verify)(_EVP_PKEY_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t); ++int (*_g_EVP_PKEY_verify_init)(_EVP_PKEY_CTX_PTR); ++_EVP_SIGNATURE_PTR (*_g_EVP_SIGNATURE_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); ++void (*_g_EVP_SIGNATURE_free)(_EVP_SIGNATURE_PTR); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_128_cbc)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_128_ctr)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_128_ecb)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_128_gcm)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_192_cbc)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_192_ctr)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_192_ecb)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_192_gcm)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_256_cbc)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_256_ctr)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_256_ecb)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_256_gcm)(void); ++int (*_g_EVP_default_properties_enable_fips)(_OSSL_LIB_CTX_PTR, int); ++int (*_g_EVP_default_properties_is_fips_enabled)(_OSSL_LIB_CTX_PTR); ++const _EVP_CIPHER_PTR (*_g_EVP_des_cbc)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_des_ecb)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_des_ede3_cbc)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_des_ede3_ecb)(void); ++const _EVP_MD_PTR (*_g_EVP_md4)(void); ++const _EVP_MD_PTR (*_g_EVP_md5)(void); ++const _EVP_MD_PTR (*_g_EVP_md5_sha1)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_rc4)(void); ++const _EVP_MD_PTR (*_g_EVP_ripemd160)(void); ++const _EVP_MD_PTR (*_g_EVP_sha1)(void); ++const _EVP_MD_PTR (*_g_EVP_sha224)(void); ++const _EVP_MD_PTR (*_g_EVP_sha256)(void); ++const _EVP_MD_PTR (*_g_EVP_sha384)(void); ++const _EVP_MD_PTR (*_g_EVP_sha3_224)(void); ++const _EVP_MD_PTR (*_g_EVP_sha3_256)(void); ++const _EVP_MD_PTR (*_g_EVP_sha3_384)(void); ++const _EVP_MD_PTR (*_g_EVP_sha3_512)(void); ++const _EVP_MD_PTR (*_g_EVP_sha512)(void); ++const _EVP_MD_PTR (*_g_EVP_sha512_224)(void); ++const _EVP_MD_PTR (*_g_EVP_sha512_256)(void); ++int (*_g_FIPS_mode)(void); ++int (*_g_FIPS_mode_set)(int); ++int (*_g_HMAC_CTX_copy)(_HMAC_CTX_PTR, _HMAC_CTX_PTR); ++void (*_g_HMAC_CTX_free)(_HMAC_CTX_PTR); ++_HMAC_CTX_PTR (*_g_HMAC_CTX_new)(void); ++int (*_g_HMAC_Final)(_HMAC_CTX_PTR, unsigned char*, unsigned int*); ++int (*_g_HMAC_Init_ex)(_HMAC_CTX_PTR, const void*, int, const _EVP_MD_PTR, _ENGINE_PTR); ++int (*_g_HMAC_Update)(_HMAC_CTX_PTR, const unsigned char*, size_t); ++const char* (*_g_OBJ_nid2sn)(int); ++void (*_g_OPENSSL_init)(void); ++int (*_g_OPENSSL_init_crypto)(uint64_t, const _OPENSSL_INIT_SETTINGS_PTR); ++unsigned int (*_g_OPENSSL_version_major)(void); ++unsigned int (*_g_OPENSSL_version_minor)(void); ++unsigned int (*_g_OPENSSL_version_patch)(void); ++void (*_g_OSSL_PARAM_BLD_free)(_OSSL_PARAM_BLD_PTR); ++_OSSL_PARAM_BLD_PTR (*_g_OSSL_PARAM_BLD_new)(void); ++int (*_g_OSSL_PARAM_BLD_push_BN)(_OSSL_PARAM_BLD_PTR, const char*, const _BIGNUM_PTR); ++int (*_g_OSSL_PARAM_BLD_push_int32)(_OSSL_PARAM_BLD_PTR, const char*, int32_t); ++int (*_g_OSSL_PARAM_BLD_push_octet_string)(_OSSL_PARAM_BLD_PTR, const char*, const void*, size_t); ++int (*_g_OSSL_PARAM_BLD_push_utf8_string)(_OSSL_PARAM_BLD_PTR, const char*, const char*, size_t); ++_OSSL_PARAM_PTR (*_g_OSSL_PARAM_BLD_to_param)(_OSSL_PARAM_BLD_PTR); ++void (*_g_OSSL_PARAM_free)(_OSSL_PARAM_PTR); ++const _OSSL_PARAM_PTR (*_g_OSSL_PARAM_locate_const)(const _OSSL_PARAM_PTR, const char*); ++int (*_g_OSSL_PROVIDER_available)(_OSSL_LIB_CTX_PTR, const char*); ++const char* (*_g_OSSL_PROVIDER_get0_name)(const _OSSL_PROVIDER_PTR); ++_OSSL_PROVIDER_PTR (*_g_OSSL_PROVIDER_try_load)(_OSSL_LIB_CTX_PTR, const char*, int); ++const char* (*_g_OpenSSL_version)(int); ++unsigned long (*_g_OpenSSL_version_num)(void); ++int (*_g_PKCS5_PBKDF2_HMAC)(const char*, int, const unsigned char*, int, int, const _EVP_MD_PTR, int, unsigned char*); ++int (*_g_RAND_bytes)(unsigned char*, int); ++void (*_g_RSA_free)(_RSA_PTR); ++void (*_g_RSA_get0_crt_params)(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++void (*_g_RSA_get0_factors)(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++void (*_g_RSA_get0_key)(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++_RSA_PTR (*_g_RSA_new)(void); ++int (*_g_RSA_set0_crt_params)(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR); ++int (*_g_RSA_set0_factors)(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR); ++int (*_g_RSA_set0_key)(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR); ++ ++#define __mkcgo__dlsym_nocheck(varname, funcname) _g_##varname = (typeof(_g_##varname))dlsym(handle, #funcname); ++ ++#define __mkcgo__dlsym(name) __mkcgo__dlsym2(name, name) ++ ++#define __mkcgo__dlsym2(varname, funcname) \ ++ __mkcgo__dlsym_nocheck(varname, funcname) \ ++ if (_g_##varname == NULL) { \ ++ fprintf(stderr, "Cannot get required symbol " #funcname "\n"); \ ++ abort(); \ ++ } ++ ++void __mkcgo_load_(void* handle) { ++ __mkcgo__dlsym(BN_bin2bn) ++ __mkcgo__dlsym(BN_bn2binpad) ++ __mkcgo__dlsym(BN_bn2lebinpad) ++ __mkcgo__dlsym(BN_clear) ++ __mkcgo__dlsym(BN_clear_free) ++ __mkcgo__dlsym(BN_free) ++ __mkcgo__dlsym(BN_lebin2bn) ++ __mkcgo__dlsym(BN_new) ++ __mkcgo__dlsym(BN_num_bits) ++ __mkcgo__dlsym(CRYPTO_free) ++ __mkcgo__dlsym(CRYPTO_malloc) ++ __mkcgo__dlsym(EC_GROUP_free) ++ __mkcgo__dlsym(EC_GROUP_new_by_curve_name) ++ __mkcgo__dlsym(EC_POINT_free) ++ __mkcgo__dlsym(EC_POINT_mul) ++ __mkcgo__dlsym(EC_POINT_new) ++ __mkcgo__dlsym(EC_POINT_oct2point) ++ __mkcgo__dlsym(EC_POINT_point2oct) ++ __mkcgo__dlsym(ERR_clear_error) ++ __mkcgo__dlsym(ERR_error_string_n) ++ __mkcgo__dlsym(EVP_CIPHER_CTX_ctrl) ++ __mkcgo__dlsym(EVP_CIPHER_CTX_free) ++ __mkcgo__dlsym(EVP_CIPHER_CTX_new) ++ __mkcgo__dlsym(EVP_CIPHER_CTX_set_key_length) ++ __mkcgo__dlsym(EVP_CIPHER_CTX_set_padding) ++ __mkcgo__dlsym(EVP_CipherInit_ex) ++ __mkcgo__dlsym(EVP_CipherUpdate) ++ __mkcgo__dlsym(EVP_DecryptFinal_ex) ++ __mkcgo__dlsym(EVP_DecryptInit_ex) ++ __mkcgo__dlsym(EVP_DecryptUpdate) ++ __mkcgo__dlsym(EVP_Digest) ++ __mkcgo__dlsym(EVP_DigestFinal_ex) ++ __mkcgo__dlsym(EVP_DigestInit) ++ __mkcgo__dlsym(EVP_DigestInit_ex) ++ __mkcgo__dlsym(EVP_DigestSignFinal) ++ __mkcgo__dlsym(EVP_DigestSignInit) ++ __mkcgo__dlsym(EVP_DigestUpdate) ++ __mkcgo__dlsym(EVP_DigestVerifyFinal) ++ __mkcgo__dlsym(EVP_DigestVerifyInit) ++ __mkcgo__dlsym(EVP_EncryptFinal_ex) ++ __mkcgo__dlsym(EVP_EncryptInit_ex) ++ __mkcgo__dlsym(EVP_EncryptUpdate) ++ __mkcgo__dlsym(EVP_MD_CTX_copy) ++ __mkcgo__dlsym(EVP_MD_CTX_copy_ex) ++ __mkcgo__dlsym(EVP_MD_CTX_free) ++ __mkcgo__dlsym(EVP_MD_CTX_new) ++ __mkcgo__dlsym(EVP_PKEY_CTX_ctrl) ++ __mkcgo__dlsym(EVP_PKEY_CTX_free) ++ __mkcgo__dlsym(EVP_PKEY_CTX_new) ++ __mkcgo__dlsym(EVP_PKEY_CTX_new_id) ++ __mkcgo__dlsym(EVP_PKEY_decrypt) ++ __mkcgo__dlsym(EVP_PKEY_decrypt_init) ++ __mkcgo__dlsym(EVP_PKEY_derive) ++ __mkcgo__dlsym(EVP_PKEY_derive_init) ++ __mkcgo__dlsym(EVP_PKEY_derive_set_peer) ++ __mkcgo__dlsym(EVP_PKEY_encrypt) ++ __mkcgo__dlsym(EVP_PKEY_encrypt_init) ++ __mkcgo__dlsym(EVP_PKEY_free) ++ __mkcgo__dlsym(EVP_PKEY_keygen) ++ __mkcgo__dlsym(EVP_PKEY_keygen_init) ++ __mkcgo__dlsym(EVP_PKEY_new) ++ __mkcgo__dlsym(EVP_PKEY_paramgen) ++ __mkcgo__dlsym(EVP_PKEY_paramgen_init) ++ __mkcgo__dlsym(EVP_PKEY_sign) ++ __mkcgo__dlsym(EVP_PKEY_sign_init) ++ __mkcgo__dlsym(EVP_PKEY_verify) ++ __mkcgo__dlsym(EVP_PKEY_verify_init) ++ __mkcgo__dlsym(EVP_aes_128_cbc) ++ __mkcgo__dlsym(EVP_aes_128_ctr) ++ __mkcgo__dlsym(EVP_aes_128_ecb) ++ __mkcgo__dlsym(EVP_aes_128_gcm) ++ __mkcgo__dlsym(EVP_aes_192_cbc) ++ __mkcgo__dlsym(EVP_aes_192_ctr) ++ __mkcgo__dlsym(EVP_aes_192_ecb) ++ __mkcgo__dlsym(EVP_aes_192_gcm) ++ __mkcgo__dlsym(EVP_aes_256_cbc) ++ __mkcgo__dlsym(EVP_aes_256_ctr) ++ __mkcgo__dlsym(EVP_aes_256_ecb) ++ __mkcgo__dlsym(EVP_aes_256_gcm) ++ __mkcgo__dlsym(EVP_des_cbc) ++ __mkcgo__dlsym(EVP_des_ecb) ++ __mkcgo__dlsym(EVP_des_ede3_cbc) ++ __mkcgo__dlsym(EVP_des_ede3_ecb) ++ __mkcgo__dlsym(EVP_md4) ++ __mkcgo__dlsym(EVP_md5) ++ __mkcgo__dlsym(EVP_md5_sha1) ++ __mkcgo__dlsym(EVP_rc4) ++ __mkcgo__dlsym(EVP_ripemd160) ++ __mkcgo__dlsym(EVP_sha1) ++ __mkcgo__dlsym(EVP_sha224) ++ __mkcgo__dlsym(EVP_sha256) ++ __mkcgo__dlsym(EVP_sha384) ++ __mkcgo__dlsym(EVP_sha512) ++ __mkcgo__dlsym(OBJ_nid2sn) ++ __mkcgo__dlsym(OPENSSL_init) ++ __mkcgo__dlsym(OPENSSL_init_crypto) ++ __mkcgo__dlsym(OpenSSL_version) ++ __mkcgo__dlsym(PKCS5_PBKDF2_HMAC) ++ __mkcgo__dlsym(RAND_bytes) ++} ++ ++void __mkcgo_unload_() { ++ _g_BN_bin2bn = NULL; ++ _g_BN_bn2binpad = NULL; ++ _g_BN_bn2lebinpad = NULL; ++ _g_BN_clear = NULL; ++ _g_BN_clear_free = NULL; ++ _g_BN_free = NULL; ++ _g_BN_lebin2bn = NULL; ++ _g_BN_new = NULL; ++ _g_BN_num_bits = NULL; ++ _g_CRYPTO_free = NULL; ++ _g_CRYPTO_malloc = NULL; ++ _g_EC_GROUP_free = NULL; ++ _g_EC_GROUP_new_by_curve_name = NULL; ++ _g_EC_POINT_free = NULL; ++ _g_EC_POINT_mul = NULL; ++ _g_EC_POINT_new = NULL; ++ _g_EC_POINT_oct2point = NULL; ++ _g_EC_POINT_point2oct = NULL; ++ _g_ERR_clear_error = NULL; ++ _g_ERR_error_string_n = NULL; ++ _g_EVP_CIPHER_CTX_ctrl = NULL; ++ _g_EVP_CIPHER_CTX_free = NULL; ++ _g_EVP_CIPHER_CTX_new = NULL; ++ _g_EVP_CIPHER_CTX_set_key_length = NULL; ++ _g_EVP_CIPHER_CTX_set_padding = NULL; ++ _g_EVP_CipherInit_ex = NULL; ++ _g_EVP_CipherUpdate = NULL; ++ _g_EVP_DecryptFinal_ex = NULL; ++ _g_EVP_DecryptInit_ex = NULL; ++ _g_EVP_DecryptUpdate = NULL; ++ _g_EVP_Digest = NULL; ++ _g_EVP_DigestFinal_ex = NULL; ++ _g_EVP_DigestInit = NULL; ++ _g_EVP_DigestInit_ex = NULL; ++ _g_EVP_DigestSignFinal = NULL; ++ _g_EVP_DigestSignInit = NULL; ++ _g_EVP_DigestUpdate = NULL; ++ _g_EVP_DigestVerifyFinal = NULL; ++ _g_EVP_DigestVerifyInit = NULL; ++ _g_EVP_EncryptFinal_ex = NULL; ++ _g_EVP_EncryptInit_ex = NULL; ++ _g_EVP_EncryptUpdate = NULL; ++ _g_EVP_MD_CTX_copy = NULL; ++ _g_EVP_MD_CTX_copy_ex = NULL; ++ _g_EVP_MD_CTX_free = NULL; ++ _g_EVP_MD_CTX_new = NULL; ++ _g_EVP_PKEY_CTX_ctrl = NULL; ++ _g_EVP_PKEY_CTX_free = NULL; ++ _g_EVP_PKEY_CTX_new = NULL; ++ _g_EVP_PKEY_CTX_new_id = NULL; ++ _g_EVP_PKEY_decrypt = NULL; ++ _g_EVP_PKEY_decrypt_init = NULL; ++ _g_EVP_PKEY_derive = NULL; ++ _g_EVP_PKEY_derive_init = NULL; ++ _g_EVP_PKEY_derive_set_peer = NULL; ++ _g_EVP_PKEY_encrypt = NULL; ++ _g_EVP_PKEY_encrypt_init = NULL; ++ _g_EVP_PKEY_free = NULL; ++ _g_EVP_PKEY_keygen = NULL; ++ _g_EVP_PKEY_keygen_init = NULL; ++ _g_EVP_PKEY_new = NULL; ++ _g_EVP_PKEY_paramgen = NULL; ++ _g_EVP_PKEY_paramgen_init = NULL; ++ _g_EVP_PKEY_sign = NULL; ++ _g_EVP_PKEY_sign_init = NULL; ++ _g_EVP_PKEY_verify = NULL; ++ _g_EVP_PKEY_verify_init = NULL; ++ _g_EVP_aes_128_cbc = NULL; ++ _g_EVP_aes_128_ctr = NULL; ++ _g_EVP_aes_128_ecb = NULL; ++ _g_EVP_aes_128_gcm = NULL; ++ _g_EVP_aes_192_cbc = NULL; ++ _g_EVP_aes_192_ctr = NULL; ++ _g_EVP_aes_192_ecb = NULL; ++ _g_EVP_aes_192_gcm = NULL; ++ _g_EVP_aes_256_cbc = NULL; ++ _g_EVP_aes_256_ctr = NULL; ++ _g_EVP_aes_256_ecb = NULL; ++ _g_EVP_aes_256_gcm = NULL; ++ _g_EVP_des_cbc = NULL; ++ _g_EVP_des_ecb = NULL; ++ _g_EVP_des_ede3_cbc = NULL; ++ _g_EVP_des_ede3_ecb = NULL; ++ _g_EVP_md4 = NULL; ++ _g_EVP_md5 = NULL; ++ _g_EVP_md5_sha1 = NULL; ++ _g_EVP_rc4 = NULL; ++ _g_EVP_ripemd160 = NULL; ++ _g_EVP_sha1 = NULL; ++ _g_EVP_sha224 = NULL; ++ _g_EVP_sha256 = NULL; ++ _g_EVP_sha384 = NULL; ++ _g_EVP_sha512 = NULL; ++ _g_OBJ_nid2sn = NULL; ++ _g_OPENSSL_init = NULL; ++ _g_OPENSSL_init_crypto = NULL; ++ _g_OpenSSL_version = NULL; ++ _g_PKCS5_PBKDF2_HMAC = NULL; ++ _g_RAND_bytes = NULL; ++} ++ ++void __mkcgo_load_111(void* handle) { ++ __mkcgo__dlsym(EVP_DigestSign) ++ __mkcgo__dlsym(EVP_DigestVerify) ++ __mkcgo__dlsym(EVP_PKEY_get_raw_private_key) ++ __mkcgo__dlsym(EVP_PKEY_get_raw_public_key) ++ __mkcgo__dlsym(EVP_PKEY_new_raw_private_key) ++ __mkcgo__dlsym(EVP_PKEY_new_raw_public_key) ++ __mkcgo__dlsym(EVP_sha3_224) ++ __mkcgo__dlsym(EVP_sha3_256) ++ __mkcgo__dlsym(EVP_sha3_384) ++ __mkcgo__dlsym(EVP_sha3_512) ++ __mkcgo__dlsym(EVP_sha512_224) ++ __mkcgo__dlsym(EVP_sha512_256) ++} ++ ++void __mkcgo_unload_111() { ++ _g_EVP_DigestSign = NULL; ++ _g_EVP_DigestVerify = NULL; ++ _g_EVP_PKEY_get_raw_private_key = NULL; ++ _g_EVP_PKEY_get_raw_public_key = NULL; ++ _g_EVP_PKEY_new_raw_private_key = NULL; ++ _g_EVP_PKEY_new_raw_public_key = NULL; ++ _g_EVP_sha3_224 = NULL; ++ _g_EVP_sha3_256 = NULL; ++ _g_EVP_sha3_384 = NULL; ++ _g_EVP_sha3_512 = NULL; ++ _g_EVP_sha512_224 = NULL; ++ _g_EVP_sha512_256 = NULL; ++} ++ ++void __mkcgo_load_3(void* handle) { ++ __mkcgo__dlsym(EC_POINT_set_affine_coordinates) ++ __mkcgo__dlsym(ERR_get_error_all) ++ __mkcgo__dlsym(EVP_CIPHER_fetch) ++ __mkcgo__dlsym(EVP_CIPHER_get0_name) ++ __mkcgo__dlsym(EVP_CIPHER_get_block_size) ++ __mkcgo__dlsym(EVP_KDF_CTX_free) ++ __mkcgo__dlsym(EVP_KDF_CTX_get_kdf_size) ++ __mkcgo__dlsym(EVP_KDF_CTX_new) ++ __mkcgo__dlsym(EVP_KDF_CTX_set_params) ++ __mkcgo__dlsym(EVP_KDF_derive) ++ __mkcgo__dlsym(EVP_KDF_fetch) ++ __mkcgo__dlsym(EVP_KDF_free) ++ __mkcgo__dlsym(EVP_MAC_CTX_dup) ++ __mkcgo__dlsym(EVP_MAC_CTX_free) ++ __mkcgo__dlsym(EVP_MAC_CTX_new) ++ __mkcgo__dlsym(EVP_MAC_CTX_set_params) ++ __mkcgo__dlsym(EVP_MAC_fetch) ++ __mkcgo__dlsym(EVP_MAC_final) ++ __mkcgo__dlsym(EVP_MAC_init) ++ __mkcgo__dlsym(EVP_MAC_update) ++ __mkcgo__dlsym(EVP_MD_CTX_get_params) ++ __mkcgo__dlsym(EVP_MD_CTX_gettable_params) ++ __mkcgo__dlsym(EVP_MD_CTX_set_params) ++ __mkcgo__dlsym(EVP_MD_CTX_settable_params) ++ __mkcgo__dlsym(EVP_MD_fetch) ++ __mkcgo__dlsym(EVP_MD_free) ++ __mkcgo__dlsym(EVP_MD_get0_name) ++ __mkcgo__dlsym(EVP_MD_get0_provider) ++ __mkcgo__dlsym(EVP_MD_get_block_size) ++ __mkcgo__dlsym(EVP_MD_get_size) ++ __mkcgo__dlsym(EVP_MD_get_type) ++ __mkcgo__dlsym(EVP_PKEY_CTX_add1_hkdf_info) ++ __mkcgo__dlsym(EVP_PKEY_CTX_new_from_pkey) ++ __mkcgo__dlsym(EVP_PKEY_CTX_set0_rsa_oaep_label) ++ __mkcgo__dlsym(EVP_PKEY_CTX_set1_hkdf_key) ++ __mkcgo__dlsym(EVP_PKEY_CTX_set1_hkdf_salt) ++ __mkcgo__dlsym(EVP_PKEY_CTX_set_hkdf_md) ++ __mkcgo__dlsym(EVP_PKEY_CTX_set_hkdf_mode) ++ __mkcgo__dlsym(EVP_PKEY_Q_keygen) ++ __mkcgo__dlsym(EVP_PKEY_fromdata) ++ __mkcgo__dlsym(EVP_PKEY_fromdata_init) ++ __mkcgo__dlsym(EVP_PKEY_get1_encoded_public_key) ++ __mkcgo__dlsym(EVP_PKEY_get_bits) ++ __mkcgo__dlsym(EVP_PKEY_get_bn_param) ++ __mkcgo__dlsym(EVP_PKEY_get_size) ++ __mkcgo__dlsym(EVP_PKEY_private_check) ++ __mkcgo__dlsym(EVP_PKEY_public_check_quick) ++ __mkcgo__dlsym(EVP_PKEY_set1_encoded_public_key) ++ __mkcgo__dlsym(EVP_PKEY_up_ref) ++ __mkcgo__dlsym(EVP_SIGNATURE_fetch) ++ __mkcgo__dlsym(EVP_SIGNATURE_free) ++ __mkcgo__dlsym(EVP_default_properties_enable_fips) ++ __mkcgo__dlsym(EVP_default_properties_is_fips_enabled) ++ __mkcgo__dlsym(OSSL_PARAM_BLD_free) ++ __mkcgo__dlsym(OSSL_PARAM_BLD_new) ++ __mkcgo__dlsym(OSSL_PARAM_BLD_push_BN) ++ __mkcgo__dlsym(OSSL_PARAM_BLD_push_int32) ++ __mkcgo__dlsym(OSSL_PARAM_BLD_push_octet_string) ++ __mkcgo__dlsym(OSSL_PARAM_BLD_push_utf8_string) ++ __mkcgo__dlsym(OSSL_PARAM_BLD_to_param) ++ __mkcgo__dlsym(OSSL_PARAM_free) ++ __mkcgo__dlsym(OSSL_PARAM_locate_const) ++ __mkcgo__dlsym(OSSL_PROVIDER_available) ++ __mkcgo__dlsym(OSSL_PROVIDER_get0_name) ++ __mkcgo__dlsym(OSSL_PROVIDER_try_load) ++} ++ ++void __mkcgo_unload_3() { ++ _g_EC_POINT_set_affine_coordinates = NULL; ++ _g_ERR_get_error_all = NULL; ++ _g_EVP_CIPHER_fetch = NULL; ++ _g_EVP_CIPHER_get0_name = NULL; ++ _g_EVP_CIPHER_get_block_size = NULL; ++ _g_EVP_KDF_CTX_free = NULL; ++ _g_EVP_KDF_CTX_get_kdf_size = NULL; ++ _g_EVP_KDF_CTX_new = NULL; ++ _g_EVP_KDF_CTX_set_params = NULL; ++ _g_EVP_KDF_derive = NULL; ++ _g_EVP_KDF_fetch = NULL; ++ _g_EVP_KDF_free = NULL; ++ _g_EVP_MAC_CTX_dup = NULL; ++ _g_EVP_MAC_CTX_free = NULL; ++ _g_EVP_MAC_CTX_new = NULL; ++ _g_EVP_MAC_CTX_set_params = NULL; ++ _g_EVP_MAC_fetch = NULL; ++ _g_EVP_MAC_final = NULL; ++ _g_EVP_MAC_init = NULL; ++ _g_EVP_MAC_update = NULL; ++ _g_EVP_MD_CTX_get_params = NULL; ++ _g_EVP_MD_CTX_gettable_params = NULL; ++ _g_EVP_MD_CTX_set_params = NULL; ++ _g_EVP_MD_CTX_settable_params = NULL; ++ _g_EVP_MD_fetch = NULL; ++ _g_EVP_MD_free = NULL; ++ _g_EVP_MD_get0_name = NULL; ++ _g_EVP_MD_get0_provider = NULL; ++ _g_EVP_MD_get_block_size = NULL; ++ _g_EVP_MD_get_size = NULL; ++ _g_EVP_MD_get_type = NULL; ++ _g_EVP_PKEY_CTX_add1_hkdf_info = NULL; ++ _g_EVP_PKEY_CTX_new_from_pkey = NULL; ++ _g_EVP_PKEY_CTX_set0_rsa_oaep_label = NULL; ++ _g_EVP_PKEY_CTX_set1_hkdf_key = NULL; ++ _g_EVP_PKEY_CTX_set1_hkdf_salt = NULL; ++ _g_EVP_PKEY_CTX_set_hkdf_md = NULL; ++ _g_EVP_PKEY_CTX_set_hkdf_mode = NULL; ++ _g_EVP_PKEY_Q_keygen = NULL; ++ _g_EVP_PKEY_fromdata = NULL; ++ _g_EVP_PKEY_fromdata_init = NULL; ++ _g_EVP_PKEY_get1_encoded_public_key = NULL; ++ _g_EVP_PKEY_get_bits = NULL; ++ _g_EVP_PKEY_get_bn_param = NULL; ++ _g_EVP_PKEY_get_size = NULL; ++ _g_EVP_PKEY_private_check = NULL; ++ _g_EVP_PKEY_public_check_quick = NULL; ++ _g_EVP_PKEY_set1_encoded_public_key = NULL; ++ _g_EVP_PKEY_up_ref = NULL; ++ _g_EVP_SIGNATURE_fetch = NULL; ++ _g_EVP_SIGNATURE_free = NULL; ++ _g_EVP_default_properties_enable_fips = NULL; ++ _g_EVP_default_properties_is_fips_enabled = NULL; ++ _g_OSSL_PARAM_BLD_free = NULL; ++ _g_OSSL_PARAM_BLD_new = NULL; ++ _g_OSSL_PARAM_BLD_push_BN = NULL; ++ _g_OSSL_PARAM_BLD_push_int32 = NULL; ++ _g_OSSL_PARAM_BLD_push_octet_string = NULL; ++ _g_OSSL_PARAM_BLD_push_utf8_string = NULL; ++ _g_OSSL_PARAM_BLD_to_param = NULL; ++ _g_OSSL_PARAM_free = NULL; ++ _g_OSSL_PARAM_locate_const = NULL; ++ _g_OSSL_PROVIDER_available = NULL; ++ _g_OSSL_PROVIDER_get0_name = NULL; ++ _g_OSSL_PROVIDER_try_load = NULL; ++} ++ ++void __mkcgo_load_init_1(void* handle) { ++ __mkcgo__dlsym(FIPS_mode) ++ __mkcgo__dlsym(FIPS_mode_set) ++} ++ ++void __mkcgo_unload_init_1() { ++ _g_FIPS_mode = NULL; ++ _g_FIPS_mode_set = NULL; ++} ++ ++void __mkcgo_load_init_3(void* handle) { ++ __mkcgo__dlsym(ERR_clear_error) ++ __mkcgo__dlsym(EVP_MD_fetch) ++ __mkcgo__dlsym(EVP_MD_free) ++ __mkcgo__dlsym(EVP_MD_get0_provider) ++ __mkcgo__dlsym(EVP_default_properties_is_fips_enabled) ++} ++ ++void __mkcgo_unload_init_3() { ++ _g_ERR_clear_error = NULL; ++ _g_EVP_MD_fetch = NULL; ++ _g_EVP_MD_free = NULL; ++ _g_EVP_MD_get0_provider = NULL; ++ _g_EVP_default_properties_is_fips_enabled = NULL; ++} ++ ++void __mkcgo_load_legacy_1(void* handle) { ++ __mkcgo__dlsym(DSA_free) ++ __mkcgo__dlsym(DSA_generate_key) ++ __mkcgo__dlsym(DSA_get0_key) ++ __mkcgo__dlsym(DSA_get0_pqg) ++ __mkcgo__dlsym(DSA_new) ++ __mkcgo__dlsym(DSA_set0_key) ++ __mkcgo__dlsym(DSA_set0_pqg) ++ __mkcgo__dlsym(EC_KEY_check_key) ++ __mkcgo__dlsym(EC_KEY_free) ++ __mkcgo__dlsym(EC_KEY_get0_group) ++ __mkcgo__dlsym(EC_KEY_get0_private_key) ++ __mkcgo__dlsym(EC_KEY_get0_public_key) ++ __mkcgo__dlsym(EC_KEY_new_by_curve_name) ++ __mkcgo__dlsym(EC_KEY_set_private_key) ++ __mkcgo__dlsym(EC_KEY_set_public_key) ++ __mkcgo__dlsym(EC_KEY_set_public_key_affine_coordinates) ++ __mkcgo__dlsym(EC_POINT_get_affine_coordinates_GFp) ++ __mkcgo__dlsym(ERR_get_error_line) ++ __mkcgo__dlsym2(EVP_CIPHER_get_block_size, EVP_CIPHER_block_size) ++ __mkcgo__dlsym2(EVP_MD_get_block_size, EVP_MD_block_size) ++ __mkcgo__dlsym2(EVP_MD_get_size, EVP_MD_size) ++ __mkcgo__dlsym(EVP_PKEY_assign) ++ __mkcgo__dlsym(EVP_PKEY_get0_DSA) ++ __mkcgo__dlsym(EVP_PKEY_get0_EC_KEY) ++ __mkcgo__dlsym(EVP_PKEY_get1_RSA) ++ __mkcgo__dlsym2(EVP_PKEY_get_bits, EVP_PKEY_bits) ++ __mkcgo__dlsym2(EVP_PKEY_get_size, EVP_PKEY_size) ++ __mkcgo__dlsym(EVP_PKEY_set1_EC_KEY) ++ __mkcgo__dlsym(FIPS_mode) ++ __mkcgo__dlsym(FIPS_mode_set) ++ __mkcgo__dlsym(HMAC_CTX_copy) ++ __mkcgo__dlsym(HMAC_CTX_free) ++ __mkcgo__dlsym(HMAC_CTX_new) ++ __mkcgo__dlsym(HMAC_Final) ++ __mkcgo__dlsym(HMAC_Init_ex) ++ __mkcgo__dlsym(HMAC_Update) ++ __mkcgo__dlsym(RSA_free) ++ __mkcgo__dlsym(RSA_get0_crt_params) ++ __mkcgo__dlsym(RSA_get0_factors) ++ __mkcgo__dlsym(RSA_get0_key) ++ __mkcgo__dlsym(RSA_new) ++ __mkcgo__dlsym(RSA_set0_crt_params) ++ __mkcgo__dlsym(RSA_set0_factors) ++ __mkcgo__dlsym(RSA_set0_key) ++} ++ ++void __mkcgo_unload_legacy_1() { ++ _g_DSA_free = NULL; ++ _g_DSA_generate_key = NULL; ++ _g_DSA_get0_key = NULL; ++ _g_DSA_get0_pqg = NULL; ++ _g_DSA_new = NULL; ++ _g_DSA_set0_key = NULL; ++ _g_DSA_set0_pqg = NULL; ++ _g_EC_KEY_check_key = NULL; ++ _g_EC_KEY_free = NULL; ++ _g_EC_KEY_get0_group = NULL; ++ _g_EC_KEY_get0_private_key = NULL; ++ _g_EC_KEY_get0_public_key = NULL; ++ _g_EC_KEY_new_by_curve_name = NULL; ++ _g_EC_KEY_set_private_key = NULL; ++ _g_EC_KEY_set_public_key = NULL; ++ _g_EC_KEY_set_public_key_affine_coordinates = NULL; ++ _g_EC_POINT_get_affine_coordinates_GFp = NULL; ++ _g_ERR_get_error_line = NULL; ++ _g_EVP_CIPHER_get_block_size = NULL; ++ _g_EVP_MD_get_block_size = NULL; ++ _g_EVP_MD_get_size = NULL; ++ _g_EVP_PKEY_assign = NULL; ++ _g_EVP_PKEY_get0_DSA = NULL; ++ _g_EVP_PKEY_get0_EC_KEY = NULL; ++ _g_EVP_PKEY_get1_RSA = NULL; ++ _g_EVP_PKEY_get_bits = NULL; ++ _g_EVP_PKEY_get_size = NULL; ++ _g_EVP_PKEY_set1_EC_KEY = NULL; ++ _g_FIPS_mode = NULL; ++ _g_FIPS_mode_set = NULL; ++ _g_HMAC_CTX_copy = NULL; ++ _g_HMAC_CTX_free = NULL; ++ _g_HMAC_CTX_new = NULL; ++ _g_HMAC_Final = NULL; ++ _g_HMAC_Init_ex = NULL; ++ _g_HMAC_Update = NULL; ++ _g_RSA_free = NULL; ++ _g_RSA_get0_crt_params = NULL; ++ _g_RSA_get0_factors = NULL; ++ _g_RSA_get0_key = NULL; ++ _g_RSA_new = NULL; ++ _g_RSA_set0_crt_params = NULL; ++ _g_RSA_set0_factors = NULL; ++ _g_RSA_set0_key = NULL; ++} ++ ++void __mkcgo_load_version(void* handle) { ++ __mkcgo__dlsym_nocheck(OPENSSL_version_major, OPENSSL_version_major) ++ __mkcgo__dlsym_nocheck(OPENSSL_version_minor, OPENSSL_version_minor) ++ __mkcgo__dlsym_nocheck(OPENSSL_version_patch, OPENSSL_version_patch) ++ __mkcgo__dlsym_nocheck(OpenSSL_version_num, OpenSSL_version_num) ++} ++ ++void __mkcgo_unload_version() { ++ _g_OPENSSL_version_major = NULL; ++ _g_OPENSSL_version_minor = NULL; ++ _g_OPENSSL_version_patch = NULL; ++ _g_OpenSSL_version_num = NULL; ++} ++ ++_BIGNUM_PTR _mkcgo_BN_bin2bn(const unsigned char* _arg0, int _arg1, _BIGNUM_PTR _arg2, mkcgo_err_state *_err_state) { ++ _BIGNUM_PTR _ret = _g_BN_bin2bn(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_BN_bn2binpad(const _BIGNUM_PTR _arg0, unsigned char* _arg1, int _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_BN_bn2binpad(_arg0, _arg1, _arg2); ++ if (_ret == -1) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_BN_bn2lebinpad(const _BIGNUM_PTR _arg0, unsigned char* _arg1, int _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_BN_bn2lebinpad(_arg0, _arg1, _arg2); ++ if (_ret == -1) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_BN_clear(_BIGNUM_PTR _arg0) { ++ _g_BN_clear(_arg0); ++} ++ ++void _mkcgo_BN_clear_free(_BIGNUM_PTR _arg0) { ++ _g_BN_clear_free(_arg0); ++} ++ ++void _mkcgo_BN_free(_BIGNUM_PTR _arg0) { ++ _g_BN_free(_arg0); ++} ++ ++_BIGNUM_PTR _mkcgo_BN_lebin2bn(const unsigned char* _arg0, int _arg1, _BIGNUM_PTR _arg2, mkcgo_err_state *_err_state) { ++ _BIGNUM_PTR _ret = _g_BN_lebin2bn(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_BIGNUM_PTR _mkcgo_BN_new(mkcgo_err_state *_err_state) { ++ _BIGNUM_PTR _ret = _g_BN_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_BN_num_bits(const _BIGNUM_PTR _arg0) { ++ return _g_BN_num_bits(_arg0); ++} ++ ++void _mkcgo_CRYPTO_free(void* _arg0, const char* _arg1, int _arg2) { ++ _g_CRYPTO_free(_arg0, _arg1, _arg2); ++} ++ ++void* _mkcgo_CRYPTO_malloc(size_t _arg0, const char* _arg1, int _arg2, mkcgo_err_state *_err_state) { ++ void* _ret = _g_CRYPTO_malloc(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_DSA_free(_DSA_PTR _arg0) { ++ _g_DSA_free(_arg0); ++} ++ ++int _mkcgo_DSA_generate_key(_DSA_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_DSA_generate_key(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_DSA_get0_key(const _DSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2) { ++ _g_DSA_get0_key(_arg0, _arg1, _arg2); ++} ++ ++void _mkcgo_DSA_get0_pqg(const _DSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { ++ _g_DSA_get0_pqg(_arg0, _arg1, _arg2, _arg3); ++} ++ ++_DSA_PTR _mkcgo_DSA_new(mkcgo_err_state *_err_state) { ++ _DSA_PTR _ret = _g_DSA_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_DSA_set0_key(_DSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_DSA_set0_key(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_DSA_set0_pqg(_DSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, mkcgo_err_state *_err_state) { ++ int _ret = _g_DSA_set0_pqg(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EC_GROUP_free(_EC_GROUP_PTR _arg0) { ++ _g_EC_GROUP_free(_arg0); ++} ++ ++_EC_GROUP_PTR _mkcgo_EC_GROUP_new_by_curve_name(int _arg0, mkcgo_err_state *_err_state) { ++ _EC_GROUP_PTR _ret = _g_EC_GROUP_new_by_curve_name(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EC_KEY_check_key(const _EC_KEY_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_EC_KEY_check_key(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EC_KEY_free(_EC_KEY_PTR _arg0) { ++ _g_EC_KEY_free(_arg0); ++} ++ ++const _EC_GROUP_PTR _mkcgo_EC_KEY_get0_group(const _EC_KEY_PTR _arg0) { ++ return _g_EC_KEY_get0_group(_arg0); ++} ++ ++const _BIGNUM_PTR _mkcgo_EC_KEY_get0_private_key(const _EC_KEY_PTR _arg0) { ++ return _g_EC_KEY_get0_private_key(_arg0); ++} ++ ++const _EC_POINT_PTR _mkcgo_EC_KEY_get0_public_key(const _EC_KEY_PTR _arg0) { ++ return _g_EC_KEY_get0_public_key(_arg0); ++} ++ ++_EC_KEY_PTR _mkcgo_EC_KEY_new_by_curve_name(int _arg0, mkcgo_err_state *_err_state) { ++ _EC_KEY_PTR _ret = _g_EC_KEY_new_by_curve_name(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EC_KEY_set_private_key(_EC_KEY_PTR _arg0, const _BIGNUM_PTR _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EC_KEY_set_private_key(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EC_KEY_set_public_key(_EC_KEY_PTR _arg0, const _EC_POINT_PTR _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EC_KEY_set_public_key(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EC_KEY_set_public_key_affine_coordinates(_EC_KEY_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EC_KEY_set_public_key_affine_coordinates(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EC_POINT_free(_EC_POINT_PTR _arg0) { ++ _g_EC_POINT_free(_arg0); ++} ++ ++int _mkcgo_EC_POINT_get_affine_coordinates_GFp(const _EC_GROUP_PTR _arg0, const _EC_POINT_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, _BN_CTX_PTR _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EC_POINT_get_affine_coordinates_GFp(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EC_POINT_mul(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const _BIGNUM_PTR _arg2, const _EC_POINT_PTR _arg3, const _BIGNUM_PTR _arg4, _BN_CTX_PTR _arg5, mkcgo_err_state *_err_state) { ++ int _ret = _g_EC_POINT_mul(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EC_POINT_PTR _mkcgo_EC_POINT_new(const _EC_GROUP_PTR _arg0, mkcgo_err_state *_err_state) { ++ _EC_POINT_PTR _ret = _g_EC_POINT_new(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EC_POINT_oct2point(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const unsigned char* _arg2, size_t _arg3, _BN_CTX_PTR _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EC_POINT_oct2point(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++size_t _mkcgo_EC_POINT_point2oct(const _EC_GROUP_PTR _arg0, const _EC_POINT_PTR _arg1, point_conversion_form_t _arg2, unsigned char* _arg3, size_t _arg4, _BN_CTX_PTR _arg5, mkcgo_err_state *_err_state) { ++ size_t _ret = _g_EC_POINT_point2oct(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EC_POINT_set_affine_coordinates(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const _BIGNUM_PTR _arg2, const _BIGNUM_PTR _arg3, _BN_CTX_PTR _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EC_POINT_set_affine_coordinates(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_ERR_clear_error(void) { ++ _g_ERR_clear_error(); ++} ++ ++void _mkcgo_ERR_error_string_n(unsigned long _arg0, char* _arg1, size_t _arg2) { ++ _g_ERR_error_string_n(_arg0, _arg1, _arg2); ++} ++ ++unsigned long _mkcgo_ERR_get_error_all(const char** _arg0, int* _arg1, const char** _arg2, const char** _arg3, int* _arg4) { ++ return _g_ERR_get_error_all(_arg0, _arg1, _arg2, _arg3, _arg4); ++} ++ ++unsigned long _mkcgo_ERR_get_error_line(const char** _arg0, int* _arg1) { ++ return _g_ERR_get_error_line(_arg0, _arg1); ++} ++ ++int _mkcgo_EVP_CIPHER_CTX_ctrl(_EVP_CIPHER_CTX_PTR _arg0, int _arg1, int _arg2, void* _arg3, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_CIPHER_CTX_ctrl(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_CIPHER_CTX_free(_EVP_CIPHER_CTX_PTR _arg0) { ++ _g_EVP_CIPHER_CTX_free(_arg0); ++} ++ ++_EVP_CIPHER_CTX_PTR _mkcgo_EVP_CIPHER_CTX_new(mkcgo_err_state *_err_state) { ++ _EVP_CIPHER_CTX_PTR _ret = _g_EVP_CIPHER_CTX_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_CIPHER_CTX_set_key_length(_EVP_CIPHER_CTX_PTR _arg0, int _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_CIPHER_CTX_set_key_length(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_CIPHER_CTX_set_padding(_EVP_CIPHER_CTX_PTR _arg0, int _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_CIPHER_CTX_set_padding(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_CIPHER_PTR _mkcgo_EVP_CIPHER_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, mkcgo_err_state *_err_state) { ++ _EVP_CIPHER_PTR _ret = _g_EVP_CIPHER_fetch(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++const char* _mkcgo_EVP_CIPHER_get0_name(const _EVP_CIPHER_PTR _arg0) { ++ return _g_EVP_CIPHER_get0_name(_arg0); ++} ++ ++int _mkcgo_EVP_CIPHER_get_block_size(const _EVP_CIPHER_PTR _arg0) { ++ return _g_EVP_CIPHER_get_block_size(_arg0); ++} ++ ++int _mkcgo_EVP_CipherInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4, int _arg5, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_CipherInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_CipherUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_CipherUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DecryptFinal_ex(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_DecryptFinal_ex(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DecryptInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_DecryptInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DecryptUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_DecryptUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_Digest(const void* _arg0, size_t _arg1, unsigned char* _arg2, unsigned int* _arg3, const _EVP_MD_PTR _arg4, _ENGINE_PTR _arg5, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_Digest(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestFinal_ex(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, unsigned int* _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_DigestFinal_ex(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestInit(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_PTR _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_DigestInit(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestInit_ex(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_PTR _arg1, _ENGINE_PTR _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_DigestInit_ex(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestSign(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_DigestSign(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestSignFinal(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_DigestSignFinal(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestSignInit(_EVP_MD_CTX_PTR _arg0, _EVP_PKEY_CTX_PTR* _arg1, const _EVP_MD_PTR _arg2, _ENGINE_PTR _arg3, _EVP_PKEY_PTR _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_DigestSignInit(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestUpdate(_EVP_MD_CTX_PTR _arg0, const void* _arg1, size_t _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_DigestUpdate(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestVerify(_EVP_MD_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const unsigned char* _arg3, size_t _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_DigestVerify(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_DigestVerifyFinal(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestVerifyInit(_EVP_MD_CTX_PTR _arg0, _EVP_PKEY_CTX_PTR* _arg1, const _EVP_MD_PTR _arg2, _ENGINE_PTR _arg3, _EVP_PKEY_PTR _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_DigestVerifyInit(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_EncryptFinal_ex(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_EncryptFinal_ex(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_EncryptInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_EncryptInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_EncryptUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_EncryptUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_KDF_CTX_free(_EVP_KDF_CTX_PTR _arg0) { ++ _g_EVP_KDF_CTX_free(_arg0); ++} ++ ++size_t _mkcgo_EVP_KDF_CTX_get_kdf_size(_EVP_KDF_CTX_PTR _arg0, mkcgo_err_state *_err_state) { ++ size_t _ret = _g_EVP_KDF_CTX_get_kdf_size(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_KDF_CTX_PTR _mkcgo_EVP_KDF_CTX_new(_EVP_KDF_PTR _arg0, mkcgo_err_state *_err_state) { ++ _EVP_KDF_CTX_PTR _ret = _g_EVP_KDF_CTX_new(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_KDF_CTX_set_params(_EVP_KDF_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_KDF_CTX_set_params(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_KDF_derive(_EVP_KDF_CTX_PTR _arg0, unsigned char* _arg1, size_t _arg2, const _OSSL_PARAM_PTR _arg3, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_KDF_derive(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_KDF_PTR _mkcgo_EVP_KDF_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, mkcgo_err_state *_err_state) { ++ _EVP_KDF_PTR _ret = _g_EVP_KDF_fetch(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_KDF_free(_EVP_KDF_PTR _arg0) { ++ _g_EVP_KDF_free(_arg0); ++} ++ ++_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_dup(const _EVP_MAC_CTX_PTR _arg0, mkcgo_err_state *_err_state) { ++ _EVP_MAC_CTX_PTR _ret = _g_EVP_MAC_CTX_dup(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_MAC_CTX_free(_EVP_MAC_CTX_PTR _arg0) { ++ _g_EVP_MAC_CTX_free(_arg0); ++} ++ ++_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_new(_EVP_MAC_PTR _arg0, mkcgo_err_state *_err_state) { ++ _EVP_MAC_CTX_PTR _ret = _g_EVP_MAC_CTX_new(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_MAC_CTX_set_params(_EVP_MAC_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_MAC_CTX_set_params(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_MAC_PTR _mkcgo_EVP_MAC_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, mkcgo_err_state *_err_state) { ++ _EVP_MAC_PTR _ret = _g_EVP_MAC_fetch(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_MAC_final(_EVP_MAC_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, size_t _arg3, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_MAC_final(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_MAC_init(_EVP_MAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const _OSSL_PARAM_PTR _arg3, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_MAC_init(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_MAC_update(_EVP_MAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_MAC_update(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_MD_CTX_copy(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_CTX_PTR _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_MD_CTX_copy(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_CTX_PTR _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_MD_CTX_copy_ex(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_MD_CTX_free(_EVP_MD_CTX_PTR _arg0) { ++ _g_EVP_MD_CTX_free(_arg0); ++} ++ ++int _mkcgo_EVP_MD_CTX_get_params(_EVP_MD_CTX_PTR _arg0, _OSSL_PARAM_PTR _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_MD_CTX_get_params(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_gettable_params(_EVP_MD_CTX_PTR _arg0, mkcgo_err_state *_err_state) { ++ const _OSSL_PARAM_PTR _ret = _g_EVP_MD_CTX_gettable_params(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_MD_CTX_PTR _mkcgo_EVP_MD_CTX_new(mkcgo_err_state *_err_state) { ++ _EVP_MD_CTX_PTR _ret = _g_EVP_MD_CTX_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_MD_CTX_set_params(_EVP_MD_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_MD_CTX_set_params(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_settable_params(_EVP_MD_CTX_PTR _arg0, mkcgo_err_state *_err_state) { ++ const _OSSL_PARAM_PTR _ret = _g_EVP_MD_CTX_settable_params(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_MD_PTR _mkcgo_EVP_MD_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, mkcgo_err_state *_err_state) { ++ _EVP_MD_PTR _ret = _g_EVP_MD_fetch(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_MD_free(_EVP_MD_PTR _arg0) { ++ _g_EVP_MD_free(_arg0); ++} ++ ++const char* _mkcgo_EVP_MD_get0_name(const _EVP_MD_PTR _arg0) { ++ return _g_EVP_MD_get0_name(_arg0); ++} ++ ++const _OSSL_PROVIDER_PTR _mkcgo_EVP_MD_get0_provider(const _EVP_MD_PTR _arg0) { ++ return _g_EVP_MD_get0_provider(_arg0); ++} ++ ++int _mkcgo_EVP_MD_get_block_size(const _EVP_MD_PTR _arg0) { ++ return _g_EVP_MD_get_block_size(_arg0); ++} ++ ++int _mkcgo_EVP_MD_get_size(const _EVP_MD_PTR _arg0) { ++ return _g_EVP_MD_get_size(_arg0); ++} ++ ++int _mkcgo_EVP_MD_get_type(const _EVP_MD_PTR _arg0) { ++ return _g_EVP_MD_get_type(_arg0); ++} ++ ++int _mkcgo_EVP_PKEY_CTX_add1_hkdf_info(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_add1_hkdf_info(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR _arg0, int _arg1, int _arg2, int _arg3, int _arg4, void* _arg5, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_ctrl(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR _arg0) { ++ _g_EVP_PKEY_CTX_free(_arg0); ++} ++ ++_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new(_EVP_PKEY_PTR _arg0, _ENGINE_PTR _arg1, mkcgo_err_state *_err_state) { ++ _EVP_PKEY_CTX_PTR _ret = _g_EVP_PKEY_CTX_new(_arg0, _arg1); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR _arg0, _EVP_PKEY_PTR _arg1, const char* _arg2, mkcgo_err_state *_err_state) { ++ _EVP_PKEY_CTX_PTR _ret = _g_EVP_PKEY_CTX_new_from_pkey(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_id(int _arg0, _ENGINE_PTR _arg1, mkcgo_err_state *_err_state) { ++ _EVP_PKEY_CTX_PTR _ret = _g_EVP_PKEY_CTX_new_id(_arg0, _arg1); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR _arg0, void* _arg1, int _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_set0_rsa_oaep_label(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_CTX_set1_hkdf_key(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_set1_hkdf_key(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_set1_hkdf_salt(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR _arg0, const _EVP_MD_PTR _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_set_hkdf_md(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR _arg0, int _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_set_hkdf_mode(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, const char* _arg3, mkcgo_err_state *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2, _arg3); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, mkcgo_err_state *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, size_t _arg3, mkcgo_err_state *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2, _arg3); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_assign(_EVP_PKEY_PTR _arg0, int _arg1, void* _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_assign(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_decrypt(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_decrypt(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_decrypt_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_decrypt_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_derive(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_derive(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_derive_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_derive_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_derive_set_peer(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_derive_set_peer(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_encrypt(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_encrypt(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_encrypt_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_encrypt_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_PKEY_free(_EVP_PKEY_PTR _arg0) { ++ _g_EVP_PKEY_free(_arg0); ++} ++ ++int _mkcgo_EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1, int _arg2, _OSSL_PARAM_PTR _arg3, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_fromdata(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_fromdata_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_DSA_PTR _mkcgo_EVP_PKEY_get0_DSA(_EVP_PKEY_PTR _arg0, mkcgo_err_state *_err_state) { ++ _DSA_PTR _ret = _g_EVP_PKEY_get0_DSA(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EC_KEY_PTR _mkcgo_EVP_PKEY_get0_EC_KEY(_EVP_PKEY_PTR _arg0, mkcgo_err_state *_err_state) { ++ _EC_KEY_PTR _ret = _g_EVP_PKEY_get0_EC_KEY(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_RSA_PTR _mkcgo_EVP_PKEY_get1_RSA(_EVP_PKEY_PTR _arg0, mkcgo_err_state *_err_state) { ++ _RSA_PTR _ret = _g_EVP_PKEY_get1_RSA(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++size_t _mkcgo_EVP_PKEY_get1_encoded_public_key(_EVP_PKEY_PTR _arg0, unsigned char** _arg1, mkcgo_err_state *_err_state) { ++ size_t _ret = _g_EVP_PKEY_get1_encoded_public_key(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_get_bits(const _EVP_PKEY_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_get_bits(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_get_bn_param(const _EVP_PKEY_PTR _arg0, const char* _arg1, _BIGNUM_PTR* _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_get_bn_param(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR _arg0, unsigned char* _arg1, size_t* _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_get_raw_private_key(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR _arg0, unsigned char* _arg1, size_t* _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_get_raw_public_key(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_get_size(const _EVP_PKEY_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_get_size(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_keygen(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_keygen(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_keygen_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_keygen_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new(mkcgo_err_state *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_private_key(int _arg0, _ENGINE_PTR _arg1, const unsigned char* _arg2, size_t _arg3, mkcgo_err_state *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_new_raw_private_key(_arg0, _arg1, _arg2, _arg3); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_public_key(int _arg0, _ENGINE_PTR _arg1, const unsigned char* _arg2, size_t _arg3, mkcgo_err_state *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_new_raw_public_key(_arg0, _arg1, _arg2, _arg3); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_paramgen(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_paramgen(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_paramgen_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_private_check(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_private_check(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_public_check_quick(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_public_check_quick(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR _arg0, _EC_KEY_PTR _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_set1_EC_KEY(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_set1_encoded_public_key(_EVP_PKEY_PTR _arg0, const unsigned char* _arg1, size_t _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_set1_encoded_public_key(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_sign(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_sign(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_sign_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_sign_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_up_ref(_EVP_PKEY_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_up_ref(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_verify(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const unsigned char* _arg3, size_t _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_verify(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_verify_init(_EVP_PKEY_CTX_PTR _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_PKEY_verify_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_SIGNATURE_PTR _mkcgo_EVP_SIGNATURE_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, mkcgo_err_state *_err_state) { ++ _EVP_SIGNATURE_PTR _ret = _g_EVP_SIGNATURE_fetch(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_SIGNATURE_free(_EVP_SIGNATURE_PTR _arg0) { ++ _g_EVP_SIGNATURE_free(_arg0); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_cbc(void) { ++ return _g_EVP_aes_128_cbc(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ctr(void) { ++ return _g_EVP_aes_128_ctr(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ecb(void) { ++ return _g_EVP_aes_128_ecb(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_gcm(void) { ++ return _g_EVP_aes_128_gcm(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_cbc(void) { ++ return _g_EVP_aes_192_cbc(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ctr(void) { ++ return _g_EVP_aes_192_ctr(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ecb(void) { ++ return _g_EVP_aes_192_ecb(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_gcm(void) { ++ return _g_EVP_aes_192_gcm(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_cbc(void) { ++ return _g_EVP_aes_256_cbc(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ctr(void) { ++ return _g_EVP_aes_256_ctr(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ecb(void) { ++ return _g_EVP_aes_256_ecb(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_gcm(void) { ++ return _g_EVP_aes_256_gcm(); ++} ++ ++int _mkcgo_EVP_default_properties_enable_fips(_OSSL_LIB_CTX_PTR _arg0, int _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_EVP_default_properties_enable_fips(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_default_properties_is_fips_enabled(_OSSL_LIB_CTX_PTR _arg0) { ++ return _g_EVP_default_properties_is_fips_enabled(_arg0); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_cbc(void) { ++ return _g_EVP_des_cbc(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_ecb(void) { ++ return _g_EVP_des_ecb(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_cbc(void) { ++ return _g_EVP_des_ede3_cbc(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_ecb(void) { ++ return _g_EVP_des_ede3_ecb(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_md4(void) { ++ return _g_EVP_md4(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_md5(void) { ++ return _g_EVP_md5(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_md5_sha1(void) { ++ return _g_EVP_md5_sha1(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_rc4(void) { ++ return _g_EVP_rc4(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_ripemd160(void) { ++ return _g_EVP_ripemd160(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha1(void) { ++ return _g_EVP_sha1(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha224(void) { ++ return _g_EVP_sha224(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha256(void) { ++ return _g_EVP_sha256(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha384(void) { ++ return _g_EVP_sha384(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha3_224(void) { ++ return _g_EVP_sha3_224(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha3_256(void) { ++ return _g_EVP_sha3_256(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha3_384(void) { ++ return _g_EVP_sha3_384(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha3_512(void) { ++ return _g_EVP_sha3_512(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha512(void) { ++ return _g_EVP_sha512(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha512_224(void) { ++ return _g_EVP_sha512_224(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha512_256(void) { ++ return _g_EVP_sha512_256(); ++} ++ ++int _mkcgo_FIPS_mode(void) { ++ return _g_FIPS_mode(); ++} ++ ++int _mkcgo_FIPS_mode_set(int _arg0, mkcgo_err_state *_err_state) { ++ int _ret = _g_FIPS_mode_set(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_HMAC_CTX_copy(_HMAC_CTX_PTR _arg0, _HMAC_CTX_PTR _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_HMAC_CTX_copy(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_HMAC_CTX_free(_HMAC_CTX_PTR _arg0) { ++ _g_HMAC_CTX_free(_arg0); ++} ++ ++_HMAC_CTX_PTR _mkcgo_HMAC_CTX_new(mkcgo_err_state *_err_state) { ++ _HMAC_CTX_PTR _ret = _g_HMAC_CTX_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_HMAC_Final(_HMAC_CTX_PTR _arg0, unsigned char* _arg1, unsigned int* _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_HMAC_Final(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_HMAC_Init_ex(_HMAC_CTX_PTR _arg0, const void* _arg1, int _arg2, const _EVP_MD_PTR _arg3, _ENGINE_PTR _arg4, mkcgo_err_state *_err_state) { ++ int _ret = _g_HMAC_Init_ex(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_HMAC_Update(_HMAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_HMAC_Update(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++const char* _mkcgo_OBJ_nid2sn(int _arg0) { ++ return _g_OBJ_nid2sn(_arg0); ++} ++ ++void _mkcgo_OPENSSL_init(void) { ++ _g_OPENSSL_init(); ++} ++ ++int _mkcgo_OPENSSL_init_crypto(uint64_t _arg0, const _OPENSSL_INIT_SETTINGS_PTR _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_OPENSSL_init_crypto(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_available_OPENSSL_version_major() { ++ return _g_OPENSSL_version_major != NULL; ++} ++ ++unsigned int _mkcgo_OPENSSL_version_major(void) { ++ return _g_OPENSSL_version_major(); ++} ++ ++int _mkcgo_available_OPENSSL_version_minor() { ++ return _g_OPENSSL_version_minor != NULL; ++} ++ ++unsigned int _mkcgo_OPENSSL_version_minor(void) { ++ return _g_OPENSSL_version_minor(); ++} ++ ++int _mkcgo_available_OPENSSL_version_patch() { ++ return _g_OPENSSL_version_patch != NULL; ++} ++ ++unsigned int _mkcgo_OPENSSL_version_patch(void) { ++ return _g_OPENSSL_version_patch(); ++} ++ ++void _mkcgo_OSSL_PARAM_BLD_free(_OSSL_PARAM_BLD_PTR _arg0) { ++ _g_OSSL_PARAM_BLD_free(_arg0); ++} ++ ++_OSSL_PARAM_BLD_PTR _mkcgo_OSSL_PARAM_BLD_new(mkcgo_err_state *_err_state) { ++ _OSSL_PARAM_BLD_PTR _ret = _g_OSSL_PARAM_BLD_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_OSSL_PARAM_BLD_push_BN(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const _BIGNUM_PTR _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_OSSL_PARAM_BLD_push_BN(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_OSSL_PARAM_BLD_push_int32(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, int32_t _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_OSSL_PARAM_BLD_push_int32(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_OSSL_PARAM_BLD_push_octet_string(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const void* _arg2, size_t _arg3, mkcgo_err_state *_err_state) { ++ int _ret = _g_OSSL_PARAM_BLD_push_octet_string(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_OSSL_PARAM_BLD_push_utf8_string(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const char* _arg2, size_t _arg3, mkcgo_err_state *_err_state) { ++ int _ret = _g_OSSL_PARAM_BLD_push_utf8_string(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_BLD_to_param(_OSSL_PARAM_BLD_PTR _arg0, mkcgo_err_state *_err_state) { ++ _OSSL_PARAM_PTR _ret = _g_OSSL_PARAM_BLD_to_param(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_OSSL_PARAM_free(_OSSL_PARAM_PTR _arg0) { ++ _g_OSSL_PARAM_free(_arg0); ++} ++ ++const _OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_locate_const(const _OSSL_PARAM_PTR _arg0, const char* _arg1, mkcgo_err_state *_err_state) { ++ const _OSSL_PARAM_PTR _ret = _g_OSSL_PARAM_locate_const(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_OSSL_PROVIDER_available(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1) { ++ return _g_OSSL_PROVIDER_available(_arg0, _arg1); ++} ++ ++const char* _mkcgo_OSSL_PROVIDER_get0_name(const _OSSL_PROVIDER_PTR _arg0) { ++ return _g_OSSL_PROVIDER_get0_name(_arg0); ++} ++ ++_OSSL_PROVIDER_PTR _mkcgo_OSSL_PROVIDER_try_load(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, int _arg2, mkcgo_err_state *_err_state) { ++ _OSSL_PROVIDER_PTR _ret = _g_OSSL_PROVIDER_try_load(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++const char* _mkcgo_OpenSSL_version(int _arg0) { ++ return _g_OpenSSL_version(_arg0); ++} ++ ++int _mkcgo_available_OpenSSL_version_num() { ++ return _g_OpenSSL_version_num != NULL; ++} ++ ++unsigned long _mkcgo_OpenSSL_version_num(void) { ++ return _g_OpenSSL_version_num(); ++} ++ ++int _mkcgo_PKCS5_PBKDF2_HMAC(const char* _arg0, int _arg1, const unsigned char* _arg2, int _arg3, int _arg4, const _EVP_MD_PTR _arg5, int _arg6, unsigned char* _arg7, mkcgo_err_state *_err_state) { ++ int _ret = _g_PKCS5_PBKDF2_HMAC(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_RAND_bytes(unsigned char* _arg0, int _arg1, mkcgo_err_state *_err_state) { ++ int _ret = _g_RAND_bytes(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_RSA_free(_RSA_PTR _arg0) { ++ _g_RSA_free(_arg0); ++} ++ ++void _mkcgo_RSA_get0_crt_params(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { ++ _g_RSA_get0_crt_params(_arg0, _arg1, _arg2, _arg3); ++} ++ ++void _mkcgo_RSA_get0_factors(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2) { ++ _g_RSA_get0_factors(_arg0, _arg1, _arg2); ++} ++ ++void _mkcgo_RSA_get0_key(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { ++ _g_RSA_get0_key(_arg0, _arg1, _arg2, _arg3); ++} ++ ++_RSA_PTR _mkcgo_RSA_new(mkcgo_err_state *_err_state) { ++ _RSA_PTR _ret = _g_RSA_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_RSA_set0_crt_params(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, mkcgo_err_state *_err_state) { ++ int _ret = _g_RSA_set0_crt_params(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_RSA_set0_factors(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, mkcgo_err_state *_err_state) { ++ int _ret = _g_RSA_set0_factors(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_RSA_set0_key(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, mkcgo_err_state *_err_state) { ++ int _ret = _g_RSA_set0_key(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.go +new file mode 100644 +index 00000000000000..9079f7a0cffc40 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.go +@@ -0,0 +1,1329 @@ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++package ossl ++ ++/* ++#cgo CFLAGS: -Wno-attributes ++#cgo unix LDFLAGS: -ldl ++ ++#include "zossl.h" ++*/ ++import "C" ++import "unsafe" ++ ++const ( ++ POINT_CONVERSION_UNCOMPRESSED = 4 ++ OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002 ++ OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004 ++ OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008 ++ OPENSSL_INIT_LOAD_CONFIG = 0x00000040 ++ EVP_CTRL_GCM_GET_TAG = 0x10 ++ EVP_CTRL_GCM_SET_TAG = 0x11 ++ EVP_PKEY_CTRL_MD = 1 ++ EVP_PKEY_RSA = 6 ++ EVP_PKEY_EC = 408 ++ EVP_PKEY_TLS1_PRF = 1021 ++ EVP_PKEY_HKDF = 1036 ++ EVP_PKEY_ED25519 = 1087 ++ EVP_PKEY_DSA = 116 ++ EVP_PKEY_OP_DERIVE = (1 << 10) ++ EVP_MAX_MD_SIZE = 64 ++ EVP_PKEY_PUBLIC_KEY = 0x86 ++ EVP_PKEY_KEYPAIR = 0x87 ++ EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001 ++ EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1 ++ EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2 ++ EVP_PKEY_CTRL_TLS_MD = 0x1000 ++ EVP_PKEY_CTRL_TLS_SECRET = 0x1001 ++ EVP_PKEY_CTRL_TLS_SEED = 0x1002 ++ EVP_PKEY_CTRL_HKDF_MD = 0x1003 ++ EVP_PKEY_CTRL_HKDF_SALT = 0x1004 ++ EVP_PKEY_CTRL_HKDF_KEY = 0x1005 ++ EVP_PKEY_CTRL_HKDF_INFO = 0x1006 ++ EVP_PKEY_CTRL_HKDF_MODE = 0x1007 ++ NID_X9_62_prime256v1 = 415 ++ NID_secp224r1 = 713 ++ NID_secp384r1 = 715 ++ NID_secp521r1 = 716 ++ RSA_PKCS1_PADDING = 1 ++ RSA_NO_PADDING = 3 ++ RSA_PKCS1_OAEP_PADDING = 4 ++ RSA_PKCS1_PSS_PADDING = 6 ++ RSA_PSS_SALTLEN_DIGEST = -1 ++ RSA_PSS_SALTLEN_AUTO = -2 ++ RSA_PSS_SALTLEN_MAX_SIGN = -2 ++ RSA_PSS_SALTLEN_MAX = -3 ++ EVP_PKEY_CTRL_RSA_PADDING = 0x1001 ++ EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002 ++ EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003 ++ EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005 ++ EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009 ++ EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A ++ EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001 ++ EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002 ++ OSSL_PARAM_INTEGER = 1 ++ OSSL_PARAM_OCTET_STRING = 5 ++) ++ ++type BIGNUM_PTR = C._BIGNUM_PTR ++type BN_CTX_PTR = C._BN_CTX_PTR ++type DSA_PTR = C._DSA_PTR ++type EC_GROUP_PTR = C._EC_GROUP_PTR ++type EC_KEY_PTR = C._EC_KEY_PTR ++type EC_POINT_PTR = C._EC_POINT_PTR ++type ENGINE_PTR = C._ENGINE_PTR ++type EVP_CIPHER_CTX_PTR = C._EVP_CIPHER_CTX_PTR ++type EVP_CIPHER_PTR = C._EVP_CIPHER_PTR ++type EVP_KDF_CTX_PTR = C._EVP_KDF_CTX_PTR ++type EVP_KDF_PTR = C._EVP_KDF_PTR ++type EVP_MAC_CTX_PTR = C._EVP_MAC_CTX_PTR ++type EVP_MAC_PTR = C._EVP_MAC_PTR ++type EVP_MD_CTX_PTR = C._EVP_MD_CTX_PTR ++type EVP_MD_PTR = C._EVP_MD_PTR ++type EVP_PKEY_CTX_PTR = C._EVP_PKEY_CTX_PTR ++type EVP_PKEY_PTR = C._EVP_PKEY_PTR ++type EVP_SIGNATURE_PTR = C._EVP_SIGNATURE_PTR ++type HMAC_CTX_PTR = C._HMAC_CTX_PTR ++type OPENSSL_INIT_SETTINGS_PTR = C._OPENSSL_INIT_SETTINGS_PTR ++type OSSL_LIB_CTX_PTR = C._OSSL_LIB_CTX_PTR ++type OSSL_PARAM_BLD_PTR = C._OSSL_PARAM_BLD_PTR ++type OSSL_PARAM_PTR = C._OSSL_PARAM_PTR ++type OSSL_PROVIDER_PTR = C._OSSL_PROVIDER_PTR ++type RSA_PTR = C._RSA_PTR ++type Point_conversion_form_t = C.point_conversion_form_t ++ ++func MkcgoLoad_(handle unsafe.Pointer) { ++ C.__mkcgo_load_(handle) ++} ++ ++func MkcgoUnload_() { ++ C.__mkcgo_unload_() ++} ++ ++func MkcgoLoad_111(handle unsafe.Pointer) { ++ C.__mkcgo_load_111(handle) ++} ++ ++func MkcgoUnload_111() { ++ C.__mkcgo_unload_111() ++} ++ ++func MkcgoLoad_3(handle unsafe.Pointer) { ++ C.__mkcgo_load_3(handle) ++} ++ ++func MkcgoUnload_3() { ++ C.__mkcgo_unload_3() ++} ++ ++func MkcgoLoad_init_1(handle unsafe.Pointer) { ++ C.__mkcgo_load_init_1(handle) ++} ++ ++func MkcgoUnload_init_1() { ++ C.__mkcgo_unload_init_1() ++} ++ ++func MkcgoLoad_init_3(handle unsafe.Pointer) { ++ C.__mkcgo_load_init_3(handle) ++} ++ ++func MkcgoUnload_init_3() { ++ C.__mkcgo_unload_init_3() ++} ++ ++func MkcgoLoad_legacy_1(handle unsafe.Pointer) { ++ C.__mkcgo_load_legacy_1(handle) ++} ++ ++func MkcgoUnload_legacy_1() { ++ C.__mkcgo_unload_legacy_1() ++} ++ ++func MkcgoLoad_version(handle unsafe.Pointer) { ++ C.__mkcgo_load_version(handle) ++} ++ ++func MkcgoUnload_version() { ++ C.__mkcgo_unload_version() ++} ++ ++//go:nosplit ++func mkcgoNoEscape(p *C.mkcgo_err_state) *C.mkcgo_err_state { ++ x := uintptr(unsafe.Pointer(p)) ++ return (*C.mkcgo_err_state)(unsafe.Pointer(x ^ 0)) ++} ++ ++func BN_bin2bn(arg0 *byte, arg1 int32, arg2 BIGNUM_PTR) (BIGNUM_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_BN_bin2bn((*C.uchar)(unsafe.Pointer(arg0)), C.int(arg1), arg2, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("BN_bin2bn", _err) ++} ++ ++func BN_bn2binpad(a BIGNUM_PTR, to *byte, tolen int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_BN_bn2binpad(a, (*C.uchar)(unsafe.Pointer(to)), C.int(tolen), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("BN_bn2binpad", _err) ++} ++ ++func BN_bn2lebinpad(a BIGNUM_PTR, to *byte, tolen int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_BN_bn2lebinpad(a, (*C.uchar)(unsafe.Pointer(to)), C.int(tolen), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("BN_bn2lebinpad", _err) ++} ++ ++func BN_clear(arg0 BIGNUM_PTR) { ++ C._mkcgo_BN_clear(arg0) ++} ++ ++func BN_clear_free(arg0 BIGNUM_PTR) { ++ C._mkcgo_BN_clear_free(arg0) ++} ++ ++func BN_free(arg0 BIGNUM_PTR) { ++ C._mkcgo_BN_free(arg0) ++} ++ ++func BN_lebin2bn(s *byte, len int32, ret BIGNUM_PTR) (BIGNUM_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_BN_lebin2bn((*C.uchar)(unsafe.Pointer(s)), C.int(len), ret, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("BN_lebin2bn", _err) ++} ++ ++func BN_new() (BIGNUM_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_BN_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("BN_new", _err) ++} ++ ++func BN_num_bits(arg0 BIGNUM_PTR) int32 { ++ return int32(C._mkcgo_BN_num_bits(arg0)) ++} ++ ++func CRYPTO_free(str unsafe.Pointer, file *byte, line int32) { ++ C._mkcgo_CRYPTO_free(str, (*C.char)(unsafe.Pointer(file)), C.int(line)) ++} ++ ++func CRYPTO_malloc(num int, file *byte, line int32) (unsafe.Pointer, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_CRYPTO_malloc(C.size_t(num), (*C.char)(unsafe.Pointer(file)), C.int(line), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("CRYPTO_malloc", _err) ++} ++ ++func DSA_free(r DSA_PTR) { ++ C._mkcgo_DSA_free(r) ++} ++ ++func DSA_generate_key(a DSA_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_DSA_generate_key(a, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("DSA_generate_key", _err) ++} ++ ++func DSA_get0_key(d DSA_PTR, pub_key *BIGNUM_PTR, priv_key *BIGNUM_PTR) { ++ C._mkcgo_DSA_get0_key(d, pub_key, priv_key) ++} ++ ++func DSA_get0_pqg(d DSA_PTR, p *BIGNUM_PTR, q *BIGNUM_PTR, g *BIGNUM_PTR) { ++ C._mkcgo_DSA_get0_pqg(d, p, q, g) ++} ++ ++func DSA_new() (DSA_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_DSA_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("DSA_new", _err) ++} ++ ++func DSA_set0_key(d DSA_PTR, pub_key BIGNUM_PTR, priv_key BIGNUM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_DSA_set0_key(d, pub_key, priv_key, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("DSA_set0_key", _err) ++} ++ ++func DSA_set0_pqg(d DSA_PTR, p BIGNUM_PTR, q BIGNUM_PTR, g BIGNUM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_DSA_set0_pqg(d, p, q, g, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("DSA_set0_pqg", _err) ++} ++ ++func EC_GROUP_free(group EC_GROUP_PTR) { ++ C._mkcgo_EC_GROUP_free(group) ++} ++ ++func EC_GROUP_new_by_curve_name(nid int32) (EC_GROUP_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EC_GROUP_new_by_curve_name(C.int(nid), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EC_GROUP_new_by_curve_name", _err) ++} ++ ++func EC_KEY_check_key(key EC_KEY_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EC_KEY_check_key(key, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_KEY_check_key", _err) ++} ++ ++func EC_KEY_free(arg0 EC_KEY_PTR) { ++ C._mkcgo_EC_KEY_free(arg0) ++} ++ ++func EC_KEY_get0_group(arg0 EC_KEY_PTR) EC_GROUP_PTR { ++ return C._mkcgo_EC_KEY_get0_group(arg0) ++} ++ ++func EC_KEY_get0_private_key(arg0 EC_KEY_PTR) BIGNUM_PTR { ++ return C._mkcgo_EC_KEY_get0_private_key(arg0) ++} ++ ++func EC_KEY_get0_public_key(arg0 EC_KEY_PTR) EC_POINT_PTR { ++ return C._mkcgo_EC_KEY_get0_public_key(arg0) ++} ++ ++func EC_KEY_new_by_curve_name(arg0 int32) (EC_KEY_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EC_KEY_new_by_curve_name(C.int(arg0), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EC_KEY_new_by_curve_name", _err) ++} ++ ++func EC_KEY_set_private_key(arg0 EC_KEY_PTR, arg1 BIGNUM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EC_KEY_set_private_key(arg0, arg1, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_KEY_set_private_key", _err) ++} ++ ++func EC_KEY_set_public_key(key EC_KEY_PTR, pub EC_POINT_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EC_KEY_set_public_key(key, pub, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_KEY_set_public_key", _err) ++} ++ ++func EC_KEY_set_public_key_affine_coordinates(key EC_KEY_PTR, x BIGNUM_PTR, y BIGNUM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EC_KEY_set_public_key_affine_coordinates(key, x, y, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_KEY_set_public_key_affine_coordinates", _err) ++} ++ ++func EC_POINT_free(arg0 EC_POINT_PTR) { ++ C._mkcgo_EC_POINT_free(arg0) ++} ++ ++func EC_POINT_get_affine_coordinates_GFp(arg0 EC_GROUP_PTR, arg1 EC_POINT_PTR, arg2 BIGNUM_PTR, arg3 BIGNUM_PTR, arg4 BN_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EC_POINT_get_affine_coordinates_GFp(arg0, arg1, arg2, arg3, arg4, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_POINT_get_affine_coordinates_GFp", _err) ++} ++ ++func EC_POINT_mul(group EC_GROUP_PTR, r EC_POINT_PTR, n BIGNUM_PTR, q EC_POINT_PTR, m BIGNUM_PTR, ctx BN_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EC_POINT_mul(group, r, n, q, m, ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_POINT_mul", _err) ++} ++ ++func EC_POINT_new(arg0 EC_GROUP_PTR) (EC_POINT_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EC_POINT_new(arg0, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EC_POINT_new", _err) ++} ++ ++func EC_POINT_oct2point(group EC_GROUP_PTR, p EC_POINT_PTR, buf *byte, len int, ctx BN_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EC_POINT_oct2point(group, p, (*C.uchar)(unsafe.Pointer(buf)), C.size_t(len), ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_POINT_oct2point", _err) ++} ++ ++func EC_POINT_point2oct(group EC_GROUP_PTR, p EC_POINT_PTR, form Point_conversion_form_t, buf *byte, len int, ctx BN_CTX_PTR) (int, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EC_POINT_point2oct(group, p, form, (*C.uchar)(unsafe.Pointer(buf)), C.size_t(len), ctx, mkcgoNoEscape(&_err)) ++ return int(_ret), newMkcgoErr("EC_POINT_point2oct", _err) ++} ++ ++func EC_POINT_set_affine_coordinates(arg0 EC_GROUP_PTR, arg1 EC_POINT_PTR, arg2 BIGNUM_PTR, arg3 BIGNUM_PTR, arg4 BN_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EC_POINT_set_affine_coordinates(arg0, arg1, arg2, arg3, arg4, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_POINT_set_affine_coordinates", _err) ++} ++ ++func ERR_clear_error() { ++ C._mkcgo_ERR_clear_error() ++} ++ ++func ERR_error_string_n(e uint32, buf *byte, len int) { ++ C._mkcgo_ERR_error_string_n(C.ulong(e), (*C.char)(unsafe.Pointer(buf)), C.size_t(len)) ++} ++ ++func ERR_get_error_all(file **byte, line *int32, __func **byte, data **byte, flags *int32) uint32 { ++ return uint32(C._mkcgo_ERR_get_error_all((**C.char)(unsafe.Pointer(file)), (*C.int)(unsafe.Pointer(line)), (**C.char)(unsafe.Pointer(__func)), (**C.char)(unsafe.Pointer(data)), (*C.int)(unsafe.Pointer(flags)))) ++} ++ ++func ERR_get_error_line(file **byte, line *int32) uint32 { ++ return uint32(C._mkcgo_ERR_get_error_line((**C.char)(unsafe.Pointer(file)), (*C.int)(unsafe.Pointer(line)))) ++} ++ ++func EVP_CIPHER_CTX_ctrl(ctx EVP_CIPHER_CTX_PTR, __type int32, arg int32, ptr unsafe.Pointer) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_CIPHER_CTX_ctrl(ctx, C.int(__type), C.int(arg), ptr, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_CIPHER_CTX_ctrl", _err) ++} ++ ++func EVP_CIPHER_CTX_free(arg0 EVP_CIPHER_CTX_PTR) { ++ C._mkcgo_EVP_CIPHER_CTX_free(arg0) ++} ++ ++func EVP_CIPHER_CTX_new() (EVP_CIPHER_CTX_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_CIPHER_CTX_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_CIPHER_CTX_new", _err) ++} ++ ++func EVP_CIPHER_CTX_set_key_length(x EVP_CIPHER_CTX_PTR, keylen int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_CIPHER_CTX_set_key_length(x, C.int(keylen), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_CIPHER_CTX_set_key_length", _err) ++} ++ ++func EVP_CIPHER_CTX_set_padding(x EVP_CIPHER_CTX_PTR, padding int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_CIPHER_CTX_set_padding(x, C.int(padding), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_CIPHER_CTX_set_padding", _err) ++} ++ ++func EVP_CIPHER_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_CIPHER_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_CIPHER_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_CIPHER_fetch", _err) ++} ++ ++func EVP_CIPHER_get0_name(cipher EVP_CIPHER_PTR) *byte { ++ return (*byte)(unsafe.Pointer(C._mkcgo_EVP_CIPHER_get0_name(cipher))) ++} ++ ++func EVP_CIPHER_get_block_size(cipher EVP_CIPHER_PTR) int32 { ++ return int32(C._mkcgo_EVP_CIPHER_get_block_size(cipher)) ++} ++ ++func EVP_CipherInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte, enc int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_CipherInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)), C.int(enc), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_CipherInit_ex", _err) ++} ++ ++func EVP_CipherUpdate(ctx EVP_CIPHER_CTX_PTR, out *byte, outl *int32, in *byte, inl int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_CipherUpdate(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(in)), C.int(inl), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_CipherUpdate", _err) ++} ++ ++func EVP_DecryptFinal_ex(ctx EVP_CIPHER_CTX_PTR, outm *byte, outl *int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_DecryptFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(outm)), (*C.int)(unsafe.Pointer(outl)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DecryptFinal_ex", _err) ++} ++ ++func EVP_DecryptInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_DecryptInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DecryptInit_ex", _err) ++} ++ ++func EVP_DecryptUpdate(ctx EVP_CIPHER_CTX_PTR, out *byte, outl *int32, in *byte, inl int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_DecryptUpdate(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(in)), C.int(inl), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DecryptUpdate", _err) ++} ++ ++func EVP_Digest(data unsafe.Pointer, count int, md *byte, size *uint32, __type EVP_MD_PTR, impl ENGINE_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_Digest(unsafe.Pointer(&*(*byte)(data)), C.size_t(count), (*C.uchar)(unsafe.Pointer(md)), (*C.uint)(unsafe.Pointer(size)), __type, impl, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_Digest", _err) ++} ++ ++func EVP_DigestFinal_ex(ctx EVP_MD_CTX_PTR, md *byte, s *uint32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_DigestFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(md)), (*C.uint)(unsafe.Pointer(s)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestFinal_ex", _err) ++} ++ ++func EVP_DigestInit(ctx EVP_MD_CTX_PTR, __type EVP_MD_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_DigestInit(ctx, __type, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestInit", _err) ++} ++ ++func EVP_DigestInit_ex(ctx EVP_MD_CTX_PTR, __type EVP_MD_PTR, impl ENGINE_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_DigestInit_ex(ctx, __type, impl, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestInit_ex", _err) ++} ++ ++func EVP_DigestSign(ctx EVP_MD_CTX_PTR, sigret *byte, siglen *int, tbs *byte, tbslen int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_DigestSign(ctx, (*C.uchar)(unsafe.Pointer(sigret)), (*C.size_t)(unsafe.Pointer(siglen)), (*C.uchar)(unsafe.Pointer(tbs)), C.size_t(tbslen), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestSign", _err) ++} ++ ++func EVP_DigestSignFinal(ctx EVP_MD_CTX_PTR, sig *byte, siglen *int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_DigestSignFinal(ctx, (*C.uchar)(unsafe.Pointer(sig)), (*C.size_t)(unsafe.Pointer(siglen)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestSignFinal", _err) ++} ++ ++func EVP_DigestSignInit(ctx EVP_MD_CTX_PTR, pctx *EVP_PKEY_CTX_PTR, __type EVP_MD_PTR, e ENGINE_PTR, pkey EVP_PKEY_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_DigestSignInit(ctx, pctx, __type, e, pkey, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestSignInit", _err) ++} ++ ++func EVP_DigestUpdate(ctx EVP_MD_CTX_PTR, d unsafe.Pointer, cnt int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_DigestUpdate(ctx, unsafe.Pointer(&*(*byte)(d)), C.size_t(cnt), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestUpdate", _err) ++} ++ ++func EVP_DigestVerify(ctx EVP_MD_CTX_PTR, sigret *byte, siglen int, tbs *byte, tbslen int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_DigestVerify(ctx, (*C.uchar)(unsafe.Pointer(sigret)), C.size_t(siglen), (*C.uchar)(unsafe.Pointer(tbs)), C.size_t(tbslen), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestVerify", _err) ++} ++ ++func EVP_DigestVerifyFinal(ctx EVP_MD_CTX_PTR, sig *byte, siglen int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_DigestVerifyFinal(ctx, (*C.uchar)(unsafe.Pointer(sig)), C.size_t(siglen), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestVerifyFinal", _err) ++} ++ ++func EVP_DigestVerifyInit(ctx EVP_MD_CTX_PTR, pctx *EVP_PKEY_CTX_PTR, __type EVP_MD_PTR, e ENGINE_PTR, pkey EVP_PKEY_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_DigestVerifyInit(ctx, pctx, __type, e, pkey, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestVerifyInit", _err) ++} ++ ++func EVP_EncryptFinal_ex(ctx EVP_CIPHER_CTX_PTR, out *byte, outl *int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_EncryptFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.int)(unsafe.Pointer(outl)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_EncryptFinal_ex", _err) ++} ++ ++func EVP_EncryptInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_EncryptInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_EncryptInit_ex", _err) ++} ++ ++func EVP_EncryptUpdate(ctx EVP_CIPHER_CTX_PTR, out *byte, outl *int32, in *byte, inl int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_EncryptUpdate(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(in)), C.int(inl), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_EncryptUpdate", _err) ++} ++ ++func EVP_KDF_CTX_free(ctx EVP_KDF_CTX_PTR) { ++ C._mkcgo_EVP_KDF_CTX_free(ctx) ++} ++ ++func EVP_KDF_CTX_get_kdf_size(ctx EVP_KDF_CTX_PTR) (int, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_KDF_CTX_get_kdf_size(ctx, mkcgoNoEscape(&_err)) ++ return int(_ret), newMkcgoErr("EVP_KDF_CTX_get_kdf_size", _err) ++} ++ ++func EVP_KDF_CTX_new(kdf EVP_KDF_PTR) (EVP_KDF_CTX_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_KDF_CTX_new(kdf, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_KDF_CTX_new", _err) ++} ++ ++func EVP_KDF_CTX_set_params(ctx EVP_KDF_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_KDF_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_KDF_CTX_set_params", _err) ++} ++ ++func EVP_KDF_derive(ctx EVP_KDF_CTX_PTR, key *byte, keylen int, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_KDF_derive(ctx, (*C.uchar)(unsafe.Pointer(key)), C.size_t(keylen), params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_KDF_derive", _err) ++} ++ ++func EVP_KDF_fetch(libctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_KDF_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_KDF_fetch(libctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_KDF_fetch", _err) ++} ++ ++func EVP_KDF_free(kdf EVP_KDF_PTR) { ++ C._mkcgo_EVP_KDF_free(kdf) ++} ++ ++func EVP_MAC_CTX_dup(arg0 EVP_MAC_CTX_PTR) (EVP_MAC_CTX_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MAC_CTX_dup(arg0, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_MAC_CTX_dup", _err) ++} ++ ++func EVP_MAC_CTX_free(arg0 EVP_MAC_CTX_PTR) { ++ C._mkcgo_EVP_MAC_CTX_free(arg0) ++} ++ ++func EVP_MAC_CTX_new(arg0 EVP_MAC_PTR) (EVP_MAC_CTX_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MAC_CTX_new(arg0, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_MAC_CTX_new", _err) ++} ++ ++func EVP_MAC_CTX_set_params(ctx EVP_MAC_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MAC_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MAC_CTX_set_params", _err) ++} ++ ++func EVP_MAC_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_MAC_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MAC_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_MAC_fetch", _err) ++} ++ ++func EVP_MAC_final(ctx EVP_MAC_CTX_PTR, out *byte, outl *int, outsize int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MAC_final(ctx, (*C.uchar)(unsafe.Pointer(out)), (*C.size_t)(unsafe.Pointer(outl)), C.size_t(outsize), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MAC_final", _err) ++} ++ ++func EVP_MAC_init(ctx EVP_MAC_CTX_PTR, key *byte, keylen int, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MAC_init(ctx, (*C.uchar)(unsafe.Pointer(key)), C.size_t(keylen), params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MAC_init", _err) ++} ++ ++func EVP_MAC_update(ctx EVP_MAC_CTX_PTR, data *byte, datalen int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MAC_update(ctx, (*C.uchar)(unsafe.Pointer(data)), C.size_t(datalen), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MAC_update", _err) ++} ++ ++func EVP_MD_CTX_copy(out EVP_MD_CTX_PTR, in EVP_MD_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MD_CTX_copy(out, in, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MD_CTX_copy", _err) ++} ++ ++func EVP_MD_CTX_copy_ex(out EVP_MD_CTX_PTR, in EVP_MD_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MD_CTX_copy_ex(out, in, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MD_CTX_copy_ex", _err) ++} ++ ++func EVP_MD_CTX_free(ctx EVP_MD_CTX_PTR) { ++ C._mkcgo_EVP_MD_CTX_free(ctx) ++} ++ ++func EVP_MD_CTX_get_params(ctx EVP_MD_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MD_CTX_get_params(ctx, params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MD_CTX_get_params", _err) ++} ++ ++func EVP_MD_CTX_gettable_params(ctx EVP_MD_CTX_PTR) (OSSL_PARAM_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MD_CTX_gettable_params(ctx, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_MD_CTX_gettable_params", _err) ++} ++ ++func EVP_MD_CTX_new() (EVP_MD_CTX_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MD_CTX_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_MD_CTX_new", _err) ++} ++ ++func EVP_MD_CTX_set_params(ctx EVP_MD_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MD_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MD_CTX_set_params", _err) ++} ++ ++func EVP_MD_CTX_settable_params(ctx EVP_MD_CTX_PTR) (OSSL_PARAM_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MD_CTX_settable_params(ctx, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_MD_CTX_settable_params", _err) ++} ++ ++func EVP_MD_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_MD_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_MD_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_MD_fetch", _err) ++} ++ ++func EVP_MD_free(md EVP_MD_PTR) { ++ C._mkcgo_EVP_MD_free(md) ++} ++ ++func EVP_MD_get0_name(md EVP_MD_PTR) *byte { ++ return (*byte)(unsafe.Pointer(C._mkcgo_EVP_MD_get0_name(md))) ++} ++ ++func EVP_MD_get0_provider(md EVP_MD_PTR) OSSL_PROVIDER_PTR { ++ return C._mkcgo_EVP_MD_get0_provider(md) ++} ++ ++func EVP_MD_get_block_size(md EVP_MD_PTR) int32 { ++ return int32(C._mkcgo_EVP_MD_get_block_size(md)) ++} ++ ++func EVP_MD_get_size(md EVP_MD_PTR) int32 { ++ return int32(C._mkcgo_EVP_MD_get_size(md)) ++} ++ ++func EVP_MD_get_type(md EVP_MD_PTR) int32 { ++ return int32(C._mkcgo_EVP_MD_get_type(md)) ++} ++ ++func EVP_PKEY_CTX_add1_hkdf_info(arg0 EVP_PKEY_CTX_PTR, arg1 *byte, arg2 int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_CTX_add1_hkdf_info(arg0, (*C.uchar)(unsafe.Pointer(arg1)), C.int(arg2), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_add1_hkdf_info", _err) ++} ++ ++func EVP_PKEY_CTX_ctrl(ctx EVP_PKEY_CTX_PTR, keytype int32, optype int32, cmd int32, p1 int32, p2 unsafe.Pointer) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_CTX_ctrl(ctx, C.int(keytype), C.int(optype), C.int(cmd), C.int(p1), p2, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_ctrl", _err) ++} ++ ++func EVP_PKEY_CTX_free(arg0 EVP_PKEY_CTX_PTR) { ++ C._mkcgo_EVP_PKEY_CTX_free(arg0) ++} ++ ++func EVP_PKEY_CTX_new(arg0 EVP_PKEY_PTR, arg1 ENGINE_PTR) (EVP_PKEY_CTX_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_CTX_new(arg0, arg1, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_CTX_new", _err) ++} ++ ++func EVP_PKEY_CTX_new_from_pkey(libctx OSSL_LIB_CTX_PTR, pkey EVP_PKEY_PTR, propquery *byte) (EVP_PKEY_CTX_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_CTX_new_from_pkey(libctx, pkey, (*C.char)(unsafe.Pointer(propquery)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_CTX_new_from_pkey", _err) ++} ++ ++func EVP_PKEY_CTX_new_id(id int32, e ENGINE_PTR) (EVP_PKEY_CTX_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_CTX_new_id(C.int(id), e, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_CTX_new_id", _err) ++} ++ ++func EVP_PKEY_CTX_set0_rsa_oaep_label(ctx EVP_PKEY_CTX_PTR, label unsafe.Pointer, len int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, label, C.int(len), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set0_rsa_oaep_label", _err) ++} ++ ++func EVP_PKEY_CTX_set1_hkdf_key(arg0 EVP_PKEY_CTX_PTR, arg1 *byte, arg2 int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_CTX_set1_hkdf_key(arg0, (*C.uchar)(unsafe.Pointer(arg1)), C.int(arg2), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set1_hkdf_key", _err) ++} ++ ++func EVP_PKEY_CTX_set1_hkdf_salt(arg0 EVP_PKEY_CTX_PTR, arg1 *byte, arg2 int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_CTX_set1_hkdf_salt(arg0, (*C.uchar)(unsafe.Pointer(arg1)), C.int(arg2), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set1_hkdf_salt", _err) ++} ++ ++func EVP_PKEY_CTX_set_hkdf_md(arg0 EVP_PKEY_CTX_PTR, arg1 EVP_MD_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_CTX_set_hkdf_md(arg0, arg1, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set_hkdf_md", _err) ++} ++ ++func EVP_PKEY_CTX_set_hkdf_mode(arg0 EVP_PKEY_CTX_PTR, arg1 int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_CTX_set_hkdf_mode(arg0, C.int(arg1), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set_hkdf_mode", _err) ++} ++ ++func EVP_PKEY_Q_keygen_EC(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 *byte) (EVP_PKEY_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_Q_keygen_EC(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), (*C.char)(unsafe.Pointer(arg1)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_EC", _err) ++} ++ ++func EVP_PKEY_Q_keygen_ED25519(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_Q_keygen_ED25519(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_ED25519", _err) ++} ++ ++func EVP_PKEY_Q_keygen_RSA(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 int) (EVP_PKEY_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_Q_keygen_RSA(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), C.size_t(arg1), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_RSA", _err) ++} ++ ++func EVP_PKEY_assign(pkey EVP_PKEY_PTR, __type int32, key unsafe.Pointer) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_assign(pkey, C.int(__type), key, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_assign", _err) ++} ++ ++func EVP_PKEY_decrypt(arg0 EVP_PKEY_CTX_PTR, arg1 *byte, arg2 *int, arg3 *byte, arg4 int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_decrypt(arg0, (*C.uchar)(unsafe.Pointer(arg1)), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(arg3)), C.size_t(arg4), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_decrypt", _err) ++} ++ ++func EVP_PKEY_decrypt_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_decrypt_init(arg0, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_decrypt_init", _err) ++} ++ ++func EVP_PKEY_derive(ctx EVP_PKEY_CTX_PTR, key *byte, keylen *int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_derive(ctx, (*C.uchar)(unsafe.Pointer(key)), (*C.size_t)(unsafe.Pointer(keylen)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_derive", _err) ++} ++ ++func EVP_PKEY_derive_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_derive_init(ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_derive_init", _err) ++} ++ ++func EVP_PKEY_derive_set_peer(ctx EVP_PKEY_CTX_PTR, peer EVP_PKEY_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_derive_set_peer(ctx, peer, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_derive_set_peer", _err) ++} ++ ++func EVP_PKEY_encrypt(arg0 EVP_PKEY_CTX_PTR, arg1 *byte, arg2 *int, arg3 *byte, arg4 int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_encrypt(arg0, (*C.uchar)(unsafe.Pointer(arg1)), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(arg3)), C.size_t(arg4), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_encrypt", _err) ++} ++ ++func EVP_PKEY_encrypt_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_encrypt_init(arg0, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_encrypt_init", _err) ++} ++ ++func EVP_PKEY_free(arg0 EVP_PKEY_PTR) { ++ C._mkcgo_EVP_PKEY_free(arg0) ++} ++ ++func EVP_PKEY_fromdata(ctx EVP_PKEY_CTX_PTR, pkey *EVP_PKEY_PTR, selection int32, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_fromdata(ctx, pkey, C.int(selection), params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_fromdata", _err) ++} ++ ++func EVP_PKEY_fromdata_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_fromdata_init(ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_fromdata_init", _err) ++} ++ ++func EVP_PKEY_get0_DSA(pkey EVP_PKEY_PTR) (DSA_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_get0_DSA(pkey, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_get0_DSA", _err) ++} ++ ++func EVP_PKEY_get0_EC_KEY(pkey EVP_PKEY_PTR) (EC_KEY_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_get0_EC_KEY(pkey, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_get0_EC_KEY", _err) ++} ++ ++func EVP_PKEY_get1_RSA(pkey EVP_PKEY_PTR) (RSA_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_get1_RSA(pkey, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_get1_RSA", _err) ++} ++ ++func EVP_PKEY_get1_encoded_public_key(pkey EVP_PKEY_PTR, ppub **byte) (int, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_get1_encoded_public_key(pkey, (**C.uchar)(unsafe.Pointer(ppub)), mkcgoNoEscape(&_err)) ++ return int(_ret), newMkcgoErr("EVP_PKEY_get1_encoded_public_key", _err) ++} ++ ++func EVP_PKEY_get_bits(pkey EVP_PKEY_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_get_bits(pkey, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_get_bits", _err) ++} ++ ++func EVP_PKEY_get_bn_param(pkey EVP_PKEY_PTR, key_name *byte, bn *BIGNUM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_get_bn_param(pkey, (*C.char)(unsafe.Pointer(key_name)), bn, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_get_bn_param", _err) ++} ++ ++func EVP_PKEY_get_raw_private_key(pkey EVP_PKEY_PTR, priv *byte, len *int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_get_raw_private_key(pkey, (*C.uchar)(unsafe.Pointer(priv)), (*C.size_t)(unsafe.Pointer(len)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_get_raw_private_key", _err) ++} ++ ++func EVP_PKEY_get_raw_public_key(pkey EVP_PKEY_PTR, pub *byte, len *int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_get_raw_public_key(pkey, (*C.uchar)(unsafe.Pointer(pub)), (*C.size_t)(unsafe.Pointer(len)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_get_raw_public_key", _err) ++} ++ ++func EVP_PKEY_get_size(pkey EVP_PKEY_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_get_size(pkey, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_get_size", _err) ++} ++ ++func EVP_PKEY_keygen(ctx EVP_PKEY_CTX_PTR, ppkey *EVP_PKEY_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_keygen(ctx, ppkey, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_keygen", _err) ++} ++ ++func EVP_PKEY_keygen_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_keygen_init(ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_keygen_init", _err) ++} ++ ++func EVP_PKEY_new() (EVP_PKEY_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_new", _err) ++} ++ ++func EVP_PKEY_new_raw_private_key(__type int32, e ENGINE_PTR, key *byte, keylen int) (EVP_PKEY_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_new_raw_private_key(C.int(__type), e, (*C.uchar)(unsafe.Pointer(key)), C.size_t(keylen), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_new_raw_private_key", _err) ++} ++ ++func EVP_PKEY_new_raw_public_key(__type int32, e ENGINE_PTR, key *byte, keylen int) (EVP_PKEY_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_new_raw_public_key(C.int(__type), e, (*C.uchar)(unsafe.Pointer(key)), C.size_t(keylen), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_new_raw_public_key", _err) ++} ++ ++func EVP_PKEY_paramgen(ctx EVP_PKEY_CTX_PTR, ppkey *EVP_PKEY_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_paramgen(ctx, ppkey, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_paramgen", _err) ++} ++ ++func EVP_PKEY_paramgen_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_paramgen_init(ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_paramgen_init", _err) ++} ++ ++func EVP_PKEY_private_check(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_private_check(ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_private_check", _err) ++} ++ ++func EVP_PKEY_public_check_quick(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_public_check_quick(ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_public_check_quick", _err) ++} ++ ++func EVP_PKEY_set1_EC_KEY(pkey EVP_PKEY_PTR, key EC_KEY_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_set1_EC_KEY(pkey, key, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_set1_EC_KEY", _err) ++} ++ ++func EVP_PKEY_set1_encoded_public_key(pkey EVP_PKEY_PTR, pub *byte, publen int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_set1_encoded_public_key(pkey, (*C.uchar)(unsafe.Pointer(pub)), C.size_t(publen), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_set1_encoded_public_key", _err) ++} ++ ++func EVP_PKEY_sign(arg0 EVP_PKEY_CTX_PTR, arg1 *byte, arg2 *int, arg3 *byte, arg4 int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_sign(arg0, (*C.uchar)(unsafe.Pointer(arg1)), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(arg3)), C.size_t(arg4), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_sign", _err) ++} ++ ++func EVP_PKEY_sign_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_sign_init(arg0, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_sign_init", _err) ++} ++ ++func EVP_PKEY_up_ref(key EVP_PKEY_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_up_ref(key, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_up_ref", _err) ++} ++ ++func EVP_PKEY_verify(ctx EVP_PKEY_CTX_PTR, sig *byte, siglen int, tbs *byte, tbslen int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_verify(ctx, (*C.uchar)(unsafe.Pointer(sig)), C.size_t(siglen), (*C.uchar)(unsafe.Pointer(tbs)), C.size_t(tbslen), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_verify", _err) ++} ++ ++func EVP_PKEY_verify_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_PKEY_verify_init(arg0, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_verify_init", _err) ++} ++ ++func EVP_SIGNATURE_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_SIGNATURE_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_SIGNATURE_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_SIGNATURE_fetch", _err) ++} ++ ++func EVP_SIGNATURE_free(signature EVP_SIGNATURE_PTR) { ++ C._mkcgo_EVP_SIGNATURE_free(signature) ++} ++ ++func EVP_aes_128_cbc() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_128_cbc() ++} ++ ++func EVP_aes_128_ctr() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_128_ctr() ++} ++ ++func EVP_aes_128_ecb() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_128_ecb() ++} ++ ++func EVP_aes_128_gcm() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_128_gcm() ++} ++ ++func EVP_aes_192_cbc() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_192_cbc() ++} ++ ++func EVP_aes_192_ctr() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_192_ctr() ++} ++ ++func EVP_aes_192_ecb() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_192_ecb() ++} ++ ++func EVP_aes_192_gcm() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_192_gcm() ++} ++ ++func EVP_aes_256_cbc() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_256_cbc() ++} ++ ++func EVP_aes_256_ctr() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_256_ctr() ++} ++ ++func EVP_aes_256_ecb() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_256_ecb() ++} ++ ++func EVP_aes_256_gcm() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_256_gcm() ++} ++ ++func EVP_default_properties_enable_fips(libctx OSSL_LIB_CTX_PTR, enable int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_EVP_default_properties_enable_fips(libctx, C.int(enable), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_default_properties_enable_fips", _err) ++} ++ ++func EVP_default_properties_is_fips_enabled(libctx OSSL_LIB_CTX_PTR) int32 { ++ return int32(C._mkcgo_EVP_default_properties_is_fips_enabled(libctx)) ++} ++ ++func EVP_des_cbc() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_des_cbc() ++} ++ ++func EVP_des_ecb() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_des_ecb() ++} ++ ++func EVP_des_ede3_cbc() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_des_ede3_cbc() ++} ++ ++func EVP_des_ede3_ecb() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_des_ede3_ecb() ++} ++ ++func EVP_md4() EVP_MD_PTR { ++ return C._mkcgo_EVP_md4() ++} ++ ++func EVP_md5() EVP_MD_PTR { ++ return C._mkcgo_EVP_md5() ++} ++ ++func EVP_md5_sha1() EVP_MD_PTR { ++ return C._mkcgo_EVP_md5_sha1() ++} ++ ++func EVP_rc4() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_rc4() ++} ++ ++func EVP_ripemd160() EVP_MD_PTR { ++ return C._mkcgo_EVP_ripemd160() ++} ++ ++func EVP_sha1() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha1() ++} ++ ++func EVP_sha224() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha224() ++} ++ ++func EVP_sha256() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha256() ++} ++ ++func EVP_sha384() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha384() ++} ++ ++func EVP_sha3_224() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha3_224() ++} ++ ++func EVP_sha3_256() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha3_256() ++} ++ ++func EVP_sha3_384() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha3_384() ++} ++ ++func EVP_sha3_512() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha3_512() ++} ++ ++func EVP_sha512() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha512() ++} ++ ++func EVP_sha512_224() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha512_224() ++} ++ ++func EVP_sha512_256() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha512_256() ++} ++ ++func FIPS_mode() int32 { ++ return int32(C._mkcgo_FIPS_mode()) ++} ++ ++func FIPS_mode_set(r int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_FIPS_mode_set(C.int(r), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("FIPS_mode_set", _err) ++} ++ ++func HMAC_CTX_copy(dest HMAC_CTX_PTR, src HMAC_CTX_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_HMAC_CTX_copy(dest, src, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("HMAC_CTX_copy", _err) ++} ++ ++func HMAC_CTX_free(arg0 HMAC_CTX_PTR) { ++ C._mkcgo_HMAC_CTX_free(arg0) ++} ++ ++func HMAC_CTX_new() (HMAC_CTX_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_HMAC_CTX_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("HMAC_CTX_new", _err) ++} ++ ++func HMAC_Final(arg0 HMAC_CTX_PTR, arg1 *byte, arg2 *uint32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_HMAC_Final(arg0, (*C.uchar)(unsafe.Pointer(arg1)), (*C.uint)(unsafe.Pointer(arg2)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("HMAC_Final", _err) ++} ++ ++func HMAC_Init_ex(arg0 HMAC_CTX_PTR, arg1 unsafe.Pointer, arg2 int32, arg3 EVP_MD_PTR, arg4 ENGINE_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_HMAC_Init_ex(arg0, arg1, C.int(arg2), arg3, arg4, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("HMAC_Init_ex", _err) ++} ++ ++func HMAC_Update(arg0 HMAC_CTX_PTR, arg1 *byte, arg2 int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_HMAC_Update(arg0, (*C.uchar)(unsafe.Pointer(arg1)), C.size_t(arg2), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("HMAC_Update", _err) ++} ++ ++func OBJ_nid2sn(n int32) *byte { ++ return (*byte)(unsafe.Pointer(C._mkcgo_OBJ_nid2sn(C.int(n)))) ++} ++ ++func OPENSSL_init() { ++ C._mkcgo_OPENSSL_init() ++} ++ ++func OPENSSL_init_crypto(ops uint64, settings OPENSSL_INIT_SETTINGS_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_OPENSSL_init_crypto(C.uint64_t(ops), settings, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("OPENSSL_init_crypto", _err) ++} ++ ++func OPENSSL_version_major_Available() bool { ++ return C._mkcgo_available_OPENSSL_version_major() != 0 ++} ++ ++func OPENSSL_version_major() uint32 { ++ return uint32(C._mkcgo_OPENSSL_version_major()) ++} ++ ++func OPENSSL_version_minor_Available() bool { ++ return C._mkcgo_available_OPENSSL_version_minor() != 0 ++} ++ ++func OPENSSL_version_minor() uint32 { ++ return uint32(C._mkcgo_OPENSSL_version_minor()) ++} ++ ++func OPENSSL_version_patch_Available() bool { ++ return C._mkcgo_available_OPENSSL_version_patch() != 0 ++} ++ ++func OPENSSL_version_patch() uint32 { ++ return uint32(C._mkcgo_OPENSSL_version_patch()) ++} ++ ++func OSSL_PARAM_BLD_free(bld OSSL_PARAM_BLD_PTR) { ++ C._mkcgo_OSSL_PARAM_BLD_free(bld) ++} ++ ++func OSSL_PARAM_BLD_new() (OSSL_PARAM_BLD_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_OSSL_PARAM_BLD_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("OSSL_PARAM_BLD_new", _err) ++} ++ ++func OSSL_PARAM_BLD_push_BN(bld OSSL_PARAM_BLD_PTR, key *byte, bn BIGNUM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_OSSL_PARAM_BLD_push_BN(bld, (*C.char)(unsafe.Pointer(key)), bn, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_BN", _err) ++} ++ ++func OSSL_PARAM_BLD_push_int32(bld OSSL_PARAM_BLD_PTR, key *byte, num int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_OSSL_PARAM_BLD_push_int32(bld, (*C.char)(unsafe.Pointer(key)), C.int32_t(num), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_int32", _err) ++} ++ ++func OSSL_PARAM_BLD_push_octet_string(bld OSSL_PARAM_BLD_PTR, key *byte, buf unsafe.Pointer, bsize int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_OSSL_PARAM_BLD_push_octet_string(bld, (*C.char)(unsafe.Pointer(key)), buf, C.size_t(bsize), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_octet_string", _err) ++} ++ ++func OSSL_PARAM_BLD_push_utf8_string(bld OSSL_PARAM_BLD_PTR, key *byte, buf *byte, bsize int) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_OSSL_PARAM_BLD_push_utf8_string(bld, (*C.char)(unsafe.Pointer(key)), (*C.char)(unsafe.Pointer(buf)), C.size_t(bsize), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_utf8_string", _err) ++} ++ ++func OSSL_PARAM_BLD_to_param(bld OSSL_PARAM_BLD_PTR) (OSSL_PARAM_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_OSSL_PARAM_BLD_to_param(bld, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("OSSL_PARAM_BLD_to_param", _err) ++} ++ ++func OSSL_PARAM_free(p OSSL_PARAM_PTR) { ++ C._mkcgo_OSSL_PARAM_free(p) ++} ++ ++func OSSL_PARAM_locate_const(p OSSL_PARAM_PTR, key *byte) (OSSL_PARAM_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_OSSL_PARAM_locate_const(p, (*C.char)(unsafe.Pointer(key)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("OSSL_PARAM_locate_const", _err) ++} ++ ++func OSSL_PROVIDER_available(libctx OSSL_LIB_CTX_PTR, name *byte) int32 { ++ return int32(C._mkcgo_OSSL_PROVIDER_available(libctx, (*C.char)(unsafe.Pointer(name)))) ++} ++ ++func OSSL_PROVIDER_get0_name(prov OSSL_PROVIDER_PTR) *byte { ++ return (*byte)(unsafe.Pointer(C._mkcgo_OSSL_PROVIDER_get0_name(prov))) ++} ++ ++func OSSL_PROVIDER_try_load(libctx OSSL_LIB_CTX_PTR, name *byte, retain_fallbacks int32) (OSSL_PROVIDER_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_OSSL_PROVIDER_try_load(libctx, (*C.char)(unsafe.Pointer(name)), C.int(retain_fallbacks), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("OSSL_PROVIDER_try_load", _err) ++} ++ ++func OpenSSL_version(__type int32) *byte { ++ return (*byte)(unsafe.Pointer(C._mkcgo_OpenSSL_version(C.int(__type)))) ++} ++ ++func OpenSSL_version_num_Available() bool { ++ return C._mkcgo_available_OpenSSL_version_num() != 0 ++} ++ ++func OpenSSL_version_num() uint32 { ++ return uint32(C._mkcgo_OpenSSL_version_num()) ++} ++ ++func PKCS5_PBKDF2_HMAC(pass *byte, passlen int32, salt *byte, saltlen int32, iter int32, digest EVP_MD_PTR, keylen int32, out *byte) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_PKCS5_PBKDF2_HMAC((*C.char)(unsafe.Pointer(pass)), C.int(passlen), (*C.uchar)(unsafe.Pointer(salt)), C.int(saltlen), C.int(iter), digest, C.int(keylen), (*C.uchar)(unsafe.Pointer(out)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("PKCS5_PBKDF2_HMAC", _err) ++} ++ ++func RAND_bytes(arg0 *byte, arg1 int32) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_RAND_bytes((*C.uchar)(unsafe.Pointer(arg0)), C.int(arg1), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("RAND_bytes", _err) ++} ++ ++func RSA_free(arg0 RSA_PTR) { ++ C._mkcgo_RSA_free(arg0) ++} ++ ++func RSA_get0_crt_params(r RSA_PTR, dmp1 *BIGNUM_PTR, dmq1 *BIGNUM_PTR, iqmp *BIGNUM_PTR) { ++ C._mkcgo_RSA_get0_crt_params(r, dmp1, dmq1, iqmp) ++} ++ ++func RSA_get0_factors(rsa RSA_PTR, p *BIGNUM_PTR, q *BIGNUM_PTR) { ++ C._mkcgo_RSA_get0_factors(rsa, p, q) ++} ++ ++func RSA_get0_key(rsa RSA_PTR, n *BIGNUM_PTR, e *BIGNUM_PTR, d *BIGNUM_PTR) { ++ C._mkcgo_RSA_get0_key(rsa, n, e, d) ++} ++ ++func RSA_new() (RSA_PTR, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_RSA_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("RSA_new", _err) ++} ++ ++func RSA_set0_crt_params(rsa RSA_PTR, dmp1 BIGNUM_PTR, dmp2 BIGNUM_PTR, iqmp BIGNUM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_RSA_set0_crt_params(rsa, dmp1, dmp2, iqmp, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("RSA_set0_crt_params", _err) ++} ++ ++func RSA_set0_factors(rsa RSA_PTR, p BIGNUM_PTR, q BIGNUM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_RSA_set0_factors(rsa, p, q, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("RSA_set0_factors", _err) ++} ++ ++func RSA_set0_key(r RSA_PTR, n BIGNUM_PTR, e BIGNUM_PTR, d BIGNUM_PTR) (int32, error) { ++ var _err C.mkcgo_err_state ++ _ret := C._mkcgo_RSA_set0_key(r, n, e, d, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("RSA_set0_key", _err) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.h b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.h +new file mode 100644 +index 00000000000000..335d129bb345cd +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.h +@@ -0,0 +1,335 @@ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++#ifndef MKCGO_H // only include this header once ++#define MKCGO_H ++ ++#include ++#include ++ ++typedef void* _OPENSSL_INIT_SETTINGS_PTR; ++typedef void* _OSSL_LIB_CTX_PTR; ++typedef void* _OSSL_PROVIDER_PTR; ++typedef void* _ENGINE_PTR; ++typedef void* _EVP_PKEY_PTR; ++typedef void* _EVP_PKEY_CTX_PTR; ++typedef void* _EVP_MD_PTR; ++typedef void* _EVP_MD_CTX_PTR; ++typedef void* _HMAC_CTX_PTR; ++typedef void* _EVP_CIPHER_PTR; ++typedef void* _EVP_CIPHER_CTX_PTR; ++typedef void* _EC_KEY_PTR; ++typedef void* _EC_POINT_PTR; ++typedef void* _EC_GROUP_PTR; ++typedef void* _RSA_PTR; ++typedef void* _BIGNUM_PTR; ++typedef void* _BN_CTX_PTR; ++typedef void* _EVP_MAC_PTR; ++typedef void* _EVP_MAC_CTX_PTR; ++typedef void* _OSSL_PARAM_BLD_PTR; ++typedef void* _OSSL_PARAM_PTR; ++typedef void* _EVP_SIGNATURE_PTR; ++typedef void* _DSA_PTR; ++typedef void* _EVP_KDF_PTR; ++typedef void* _EVP_KDF_CTX_PTR; ++typedef int point_conversion_form_t; ++ ++enum { ++ _POINT_CONVERSION_UNCOMPRESSED = 4, ++ _OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002, ++ _OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004, ++ _OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008, ++ _OPENSSL_INIT_LOAD_CONFIG = 0x00000040, ++ _EVP_CTRL_GCM_GET_TAG = 0x10, ++ _EVP_CTRL_GCM_SET_TAG = 0x11, ++ _EVP_PKEY_CTRL_MD = 1, ++ _EVP_PKEY_RSA = 6, ++ _EVP_PKEY_EC = 408, ++ _EVP_PKEY_TLS1_PRF = 1021, ++ _EVP_PKEY_HKDF = 1036, ++ _EVP_PKEY_ED25519 = 1087, ++ _EVP_PKEY_DSA = 116, ++ _EVP_PKEY_OP_DERIVE = (1 << 10), ++ _EVP_MAX_MD_SIZE = 64, ++ _EVP_PKEY_PUBLIC_KEY = 0x86, ++ _EVP_PKEY_KEYPAIR = 0x87, ++ _EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001, ++ _EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1, ++ _EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2, ++ _EVP_PKEY_CTRL_TLS_MD = 0x1000, ++ _EVP_PKEY_CTRL_TLS_SECRET = 0x1001, ++ _EVP_PKEY_CTRL_TLS_SEED = 0x1002, ++ _EVP_PKEY_CTRL_HKDF_MD = 0x1003, ++ _EVP_PKEY_CTRL_HKDF_SALT = 0x1004, ++ _EVP_PKEY_CTRL_HKDF_KEY = 0x1005, ++ _EVP_PKEY_CTRL_HKDF_INFO = 0x1006, ++ _EVP_PKEY_CTRL_HKDF_MODE = 0x1007, ++ _NID_X9_62_prime256v1 = 415, ++ _NID_secp224r1 = 713, ++ _NID_secp384r1 = 715, ++ _NID_secp521r1 = 716, ++ _RSA_PKCS1_PADDING = 1, ++ _RSA_NO_PADDING = 3, ++ _RSA_PKCS1_OAEP_PADDING = 4, ++ _RSA_PKCS1_PSS_PADDING = 6, ++ _RSA_PSS_SALTLEN_DIGEST = -1, ++ _RSA_PSS_SALTLEN_AUTO = -2, ++ _RSA_PSS_SALTLEN_MAX_SIGN = -2, ++ _RSA_PSS_SALTLEN_MAX = -3, ++ _EVP_PKEY_CTRL_RSA_PADDING = 0x1001, ++ _EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002, ++ _EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003, ++ _EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005, ++ _EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009, ++ _EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A, ++ _EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001, ++ _EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002, ++ _OSSL_PARAM_INTEGER = 1, ++ _OSSL_PARAM_OCTET_STRING = 5, ++}; ++ ++typedef void* mkcgo_err_state; ++mkcgo_err_state mkcgo_err_retrieve(); ++void mkcgo_err_free(mkcgo_err_state); ++void __mkcgo_load_(void* handle); ++void __mkcgo_unload_(); ++void __mkcgo_load_111(void* handle); ++void __mkcgo_unload_111(); ++void __mkcgo_load_3(void* handle); ++void __mkcgo_unload_3(); ++void __mkcgo_load_init_1(void* handle); ++void __mkcgo_unload_init_1(); ++void __mkcgo_load_init_3(void* handle); ++void __mkcgo_unload_init_3(); ++void __mkcgo_load_legacy_1(void* handle); ++void __mkcgo_unload_legacy_1(); ++void __mkcgo_load_version(void* handle); ++void __mkcgo_unload_version(); ++ ++int _mkcgo_available_OPENSSL_version_major(); ++int _mkcgo_available_OPENSSL_version_minor(); ++int _mkcgo_available_OPENSSL_version_patch(); ++int _mkcgo_available_OpenSSL_version_num(); ++ ++_BIGNUM_PTR _mkcgo_BN_bin2bn(const unsigned char*, int, _BIGNUM_PTR, mkcgo_err_state *); ++int _mkcgo_BN_bn2binpad(const _BIGNUM_PTR, unsigned char*, int, mkcgo_err_state *); ++int _mkcgo_BN_bn2lebinpad(const _BIGNUM_PTR, unsigned char*, int, mkcgo_err_state *); ++void _mkcgo_BN_clear(_BIGNUM_PTR); ++void _mkcgo_BN_clear_free(_BIGNUM_PTR); ++void _mkcgo_BN_free(_BIGNUM_PTR); ++_BIGNUM_PTR _mkcgo_BN_lebin2bn(const unsigned char*, int, _BIGNUM_PTR, mkcgo_err_state *); ++_BIGNUM_PTR _mkcgo_BN_new(mkcgo_err_state *); ++int _mkcgo_BN_num_bits(const _BIGNUM_PTR); ++void _mkcgo_CRYPTO_free(void*, const char*, int); ++void* _mkcgo_CRYPTO_malloc(size_t, const char*, int, mkcgo_err_state *); ++void _mkcgo_DSA_free(_DSA_PTR); ++int _mkcgo_DSA_generate_key(_DSA_PTR, mkcgo_err_state *); ++void _mkcgo_DSA_get0_key(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++void _mkcgo_DSA_get0_pqg(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++_DSA_PTR _mkcgo_DSA_new(mkcgo_err_state *); ++int _mkcgo_DSA_set0_key(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, mkcgo_err_state *); ++int _mkcgo_DSA_set0_pqg(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR, mkcgo_err_state *); ++void _mkcgo_EC_GROUP_free(_EC_GROUP_PTR); ++_EC_GROUP_PTR _mkcgo_EC_GROUP_new_by_curve_name(int, mkcgo_err_state *); ++int _mkcgo_EC_KEY_check_key(const _EC_KEY_PTR, mkcgo_err_state *); ++void _mkcgo_EC_KEY_free(_EC_KEY_PTR); ++const _EC_GROUP_PTR _mkcgo_EC_KEY_get0_group(const _EC_KEY_PTR); ++const _BIGNUM_PTR _mkcgo_EC_KEY_get0_private_key(const _EC_KEY_PTR); ++const _EC_POINT_PTR _mkcgo_EC_KEY_get0_public_key(const _EC_KEY_PTR); ++_EC_KEY_PTR _mkcgo_EC_KEY_new_by_curve_name(int, mkcgo_err_state *); ++int _mkcgo_EC_KEY_set_private_key(_EC_KEY_PTR, const _BIGNUM_PTR, mkcgo_err_state *); ++int _mkcgo_EC_KEY_set_public_key(_EC_KEY_PTR, const _EC_POINT_PTR, mkcgo_err_state *); ++int _mkcgo_EC_KEY_set_public_key_affine_coordinates(_EC_KEY_PTR, _BIGNUM_PTR, _BIGNUM_PTR, mkcgo_err_state *); ++void _mkcgo_EC_POINT_free(_EC_POINT_PTR); ++int _mkcgo_EC_POINT_get_affine_coordinates_GFp(const _EC_GROUP_PTR, const _EC_POINT_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BN_CTX_PTR, mkcgo_err_state *); ++int _mkcgo_EC_POINT_mul(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _EC_POINT_PTR, const _BIGNUM_PTR, _BN_CTX_PTR, mkcgo_err_state *); ++_EC_POINT_PTR _mkcgo_EC_POINT_new(const _EC_GROUP_PTR, mkcgo_err_state *); ++int _mkcgo_EC_POINT_oct2point(const _EC_GROUP_PTR, _EC_POINT_PTR, const unsigned char*, size_t, _BN_CTX_PTR, mkcgo_err_state *); ++size_t _mkcgo_EC_POINT_point2oct(const _EC_GROUP_PTR, const _EC_POINT_PTR, point_conversion_form_t, unsigned char*, size_t, _BN_CTX_PTR, mkcgo_err_state *); ++int _mkcgo_EC_POINT_set_affine_coordinates(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _BIGNUM_PTR, _BN_CTX_PTR, mkcgo_err_state *); ++void _mkcgo_ERR_clear_error(void); ++void _mkcgo_ERR_error_string_n(unsigned long, char*, size_t); ++unsigned long _mkcgo_ERR_get_error_all(const char**, int*, const char**, const char**, int*); ++unsigned long _mkcgo_ERR_get_error_line(const char**, int*); ++int _mkcgo_EVP_CIPHER_CTX_ctrl(_EVP_CIPHER_CTX_PTR, int, int, void*, mkcgo_err_state *); ++void _mkcgo_EVP_CIPHER_CTX_free(_EVP_CIPHER_CTX_PTR); ++_EVP_CIPHER_CTX_PTR _mkcgo_EVP_CIPHER_CTX_new(mkcgo_err_state *); ++int _mkcgo_EVP_CIPHER_CTX_set_key_length(_EVP_CIPHER_CTX_PTR, int, mkcgo_err_state *); ++int _mkcgo_EVP_CIPHER_CTX_set_padding(_EVP_CIPHER_CTX_PTR, int, mkcgo_err_state *); ++_EVP_CIPHER_PTR _mkcgo_EVP_CIPHER_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, mkcgo_err_state *); ++const char* _mkcgo_EVP_CIPHER_get0_name(const _EVP_CIPHER_PTR); ++int _mkcgo_EVP_CIPHER_get_block_size(const _EVP_CIPHER_PTR); ++int _mkcgo_EVP_CipherInit_ex(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, int, mkcgo_err_state *); ++int _mkcgo_EVP_CipherUpdate(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int, mkcgo_err_state *); ++int _mkcgo_EVP_DecryptFinal_ex(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, mkcgo_err_state *); ++int _mkcgo_EVP_DecryptInit_ex(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, mkcgo_err_state *); ++int _mkcgo_EVP_DecryptUpdate(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int, mkcgo_err_state *); ++int _mkcgo_EVP_Digest(const void*, size_t, unsigned char*, unsigned int*, const _EVP_MD_PTR, _ENGINE_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_DigestFinal_ex(_EVP_MD_CTX_PTR, unsigned char*, unsigned int*, mkcgo_err_state *); ++int _mkcgo_EVP_DigestInit(_EVP_MD_CTX_PTR, const _EVP_MD_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_DigestInit_ex(_EVP_MD_CTX_PTR, const _EVP_MD_PTR, _ENGINE_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_DigestSign(_EVP_MD_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, mkcgo_err_state *); ++int _mkcgo_EVP_DigestSignFinal(_EVP_MD_CTX_PTR, unsigned char*, size_t*, mkcgo_err_state *); ++int _mkcgo_EVP_DigestSignInit(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_DigestUpdate(_EVP_MD_CTX_PTR, const void*, size_t, mkcgo_err_state *); ++int _mkcgo_EVP_DigestVerify(_EVP_MD_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t, mkcgo_err_state *); ++int _mkcgo_EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR, const unsigned char*, size_t, mkcgo_err_state *); ++int _mkcgo_EVP_DigestVerifyInit(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_EncryptFinal_ex(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, mkcgo_err_state *); ++int _mkcgo_EVP_EncryptInit_ex(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, mkcgo_err_state *); ++int _mkcgo_EVP_EncryptUpdate(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int, mkcgo_err_state *); ++void _mkcgo_EVP_KDF_CTX_free(_EVP_KDF_CTX_PTR); ++size_t _mkcgo_EVP_KDF_CTX_get_kdf_size(_EVP_KDF_CTX_PTR, mkcgo_err_state *); ++_EVP_KDF_CTX_PTR _mkcgo_EVP_KDF_CTX_new(_EVP_KDF_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_KDF_CTX_set_params(_EVP_KDF_CTX_PTR, const _OSSL_PARAM_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_KDF_derive(_EVP_KDF_CTX_PTR, unsigned char*, size_t, const _OSSL_PARAM_PTR, mkcgo_err_state *); ++_EVP_KDF_PTR _mkcgo_EVP_KDF_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, mkcgo_err_state *); ++void _mkcgo_EVP_KDF_free(_EVP_KDF_PTR); ++_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_dup(const _EVP_MAC_CTX_PTR, mkcgo_err_state *); ++void _mkcgo_EVP_MAC_CTX_free(_EVP_MAC_CTX_PTR); ++_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_new(_EVP_MAC_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_MAC_CTX_set_params(_EVP_MAC_CTX_PTR, const _OSSL_PARAM_PTR, mkcgo_err_state *); ++_EVP_MAC_PTR _mkcgo_EVP_MAC_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, mkcgo_err_state *); ++int _mkcgo_EVP_MAC_final(_EVP_MAC_CTX_PTR, unsigned char*, size_t*, size_t, mkcgo_err_state *); ++int _mkcgo_EVP_MAC_init(_EVP_MAC_CTX_PTR, const unsigned char*, size_t, const _OSSL_PARAM_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_MAC_update(_EVP_MAC_CTX_PTR, const unsigned char*, size_t, mkcgo_err_state *); ++int _mkcgo_EVP_MD_CTX_copy(_EVP_MD_CTX_PTR, const _EVP_MD_CTX_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR, const _EVP_MD_CTX_PTR, mkcgo_err_state *); ++void _mkcgo_EVP_MD_CTX_free(_EVP_MD_CTX_PTR); ++int _mkcgo_EVP_MD_CTX_get_params(_EVP_MD_CTX_PTR, _OSSL_PARAM_PTR, mkcgo_err_state *); ++const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_gettable_params(_EVP_MD_CTX_PTR, mkcgo_err_state *); ++_EVP_MD_CTX_PTR _mkcgo_EVP_MD_CTX_new(mkcgo_err_state *); ++int _mkcgo_EVP_MD_CTX_set_params(_EVP_MD_CTX_PTR, const _OSSL_PARAM_PTR, mkcgo_err_state *); ++const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_settable_params(_EVP_MD_CTX_PTR, mkcgo_err_state *); ++_EVP_MD_PTR _mkcgo_EVP_MD_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, mkcgo_err_state *); ++void _mkcgo_EVP_MD_free(_EVP_MD_PTR); ++const char* _mkcgo_EVP_MD_get0_name(const _EVP_MD_PTR); ++const _OSSL_PROVIDER_PTR _mkcgo_EVP_MD_get0_provider(const _EVP_MD_PTR); ++int _mkcgo_EVP_MD_get_block_size(const _EVP_MD_PTR); ++int _mkcgo_EVP_MD_get_size(const _EVP_MD_PTR); ++int _mkcgo_EVP_MD_get_type(const _EVP_MD_PTR); ++int _mkcgo_EVP_PKEY_CTX_add1_hkdf_info(_EVP_PKEY_CTX_PTR, const unsigned char*, int, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR, int, int, int, int, void*, mkcgo_err_state *); ++void _mkcgo_EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR); ++_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new(_EVP_PKEY_PTR, _ENGINE_PTR, mkcgo_err_state *); ++_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR, _EVP_PKEY_PTR, const char*, mkcgo_err_state *); ++_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_id(int, _ENGINE_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR, void*, int, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_CTX_set1_hkdf_key(_EVP_PKEY_CTX_PTR, const unsigned char*, int, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR, const unsigned char*, int, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR, const _EVP_MD_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR, int, mkcgo_err_state *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR, const char*, const char*, const char*, mkcgo_err_state *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR, const char*, const char*, mkcgo_err_state *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR, const char*, const char*, size_t, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_assign(_EVP_PKEY_PTR, int, void*, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_decrypt(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_decrypt_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_derive(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_derive_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_derive_set_peer(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_encrypt(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_encrypt_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); ++void _mkcgo_EVP_PKEY_free(_EVP_PKEY_PTR); ++int _mkcgo_EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, int, _OSSL_PARAM_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); ++_DSA_PTR _mkcgo_EVP_PKEY_get0_DSA(_EVP_PKEY_PTR, mkcgo_err_state *); ++_EC_KEY_PTR _mkcgo_EVP_PKEY_get0_EC_KEY(_EVP_PKEY_PTR, mkcgo_err_state *); ++_RSA_PTR _mkcgo_EVP_PKEY_get1_RSA(_EVP_PKEY_PTR, mkcgo_err_state *); ++size_t _mkcgo_EVP_PKEY_get1_encoded_public_key(_EVP_PKEY_PTR, unsigned char**, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_get_bits(const _EVP_PKEY_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_get_bn_param(const _EVP_PKEY_PTR, const char*, _BIGNUM_PTR*, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR, unsigned char*, size_t*, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR, unsigned char*, size_t*, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_get_size(const _EVP_PKEY_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_keygen(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_keygen_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new(mkcgo_err_state *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_private_key(int, _ENGINE_PTR, const unsigned char*, size_t, mkcgo_err_state *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_public_key(int, _ENGINE_PTR, const unsigned char*, size_t, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_paramgen(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_private_check(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_public_check_quick(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR, _EC_KEY_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_set1_encoded_public_key(_EVP_PKEY_PTR, const unsigned char*, size_t, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_sign(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_sign_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_up_ref(_EVP_PKEY_PTR, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_verify(_EVP_PKEY_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t, mkcgo_err_state *); ++int _mkcgo_EVP_PKEY_verify_init(_EVP_PKEY_CTX_PTR, mkcgo_err_state *); ++_EVP_SIGNATURE_PTR _mkcgo_EVP_SIGNATURE_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, mkcgo_err_state *); ++void _mkcgo_EVP_SIGNATURE_free(_EVP_SIGNATURE_PTR); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_cbc(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ctr(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ecb(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_gcm(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_cbc(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ctr(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ecb(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_gcm(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_cbc(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ctr(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ecb(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_gcm(void); ++int _mkcgo_EVP_default_properties_enable_fips(_OSSL_LIB_CTX_PTR, int, mkcgo_err_state *); ++int _mkcgo_EVP_default_properties_is_fips_enabled(_OSSL_LIB_CTX_PTR); ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_cbc(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_ecb(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_cbc(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_ecb(void); ++const _EVP_MD_PTR _mkcgo_EVP_md4(void); ++const _EVP_MD_PTR _mkcgo_EVP_md5(void); ++const _EVP_MD_PTR _mkcgo_EVP_md5_sha1(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_rc4(void); ++const _EVP_MD_PTR _mkcgo_EVP_ripemd160(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha1(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha224(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha256(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha384(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha3_224(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha3_256(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha3_384(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha3_512(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha512(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha512_224(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha512_256(void); ++int _mkcgo_FIPS_mode(void); ++int _mkcgo_FIPS_mode_set(int, mkcgo_err_state *); ++int _mkcgo_HMAC_CTX_copy(_HMAC_CTX_PTR, _HMAC_CTX_PTR, mkcgo_err_state *); ++void _mkcgo_HMAC_CTX_free(_HMAC_CTX_PTR); ++_HMAC_CTX_PTR _mkcgo_HMAC_CTX_new(mkcgo_err_state *); ++int _mkcgo_HMAC_Final(_HMAC_CTX_PTR, unsigned char*, unsigned int*, mkcgo_err_state *); ++int _mkcgo_HMAC_Init_ex(_HMAC_CTX_PTR, const void*, int, const _EVP_MD_PTR, _ENGINE_PTR, mkcgo_err_state *); ++int _mkcgo_HMAC_Update(_HMAC_CTX_PTR, const unsigned char*, size_t, mkcgo_err_state *); ++const char* _mkcgo_OBJ_nid2sn(int); ++void _mkcgo_OPENSSL_init(void); ++int _mkcgo_OPENSSL_init_crypto(uint64_t, const _OPENSSL_INIT_SETTINGS_PTR, mkcgo_err_state *); ++unsigned int _mkcgo_OPENSSL_version_major(void); ++unsigned int _mkcgo_OPENSSL_version_minor(void); ++unsigned int _mkcgo_OPENSSL_version_patch(void); ++void _mkcgo_OSSL_PARAM_BLD_free(_OSSL_PARAM_BLD_PTR); ++_OSSL_PARAM_BLD_PTR _mkcgo_OSSL_PARAM_BLD_new(mkcgo_err_state *); ++int _mkcgo_OSSL_PARAM_BLD_push_BN(_OSSL_PARAM_BLD_PTR, const char*, const _BIGNUM_PTR, mkcgo_err_state *); ++int _mkcgo_OSSL_PARAM_BLD_push_int32(_OSSL_PARAM_BLD_PTR, const char*, int32_t, mkcgo_err_state *); ++int _mkcgo_OSSL_PARAM_BLD_push_octet_string(_OSSL_PARAM_BLD_PTR, const char*, const void*, size_t, mkcgo_err_state *); ++int _mkcgo_OSSL_PARAM_BLD_push_utf8_string(_OSSL_PARAM_BLD_PTR, const char*, const char*, size_t, mkcgo_err_state *); ++_OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_BLD_to_param(_OSSL_PARAM_BLD_PTR, mkcgo_err_state *); ++void _mkcgo_OSSL_PARAM_free(_OSSL_PARAM_PTR); ++const _OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_locate_const(const _OSSL_PARAM_PTR, const char*, mkcgo_err_state *); ++int _mkcgo_OSSL_PROVIDER_available(_OSSL_LIB_CTX_PTR, const char*); ++const char* _mkcgo_OSSL_PROVIDER_get0_name(const _OSSL_PROVIDER_PTR); ++_OSSL_PROVIDER_PTR _mkcgo_OSSL_PROVIDER_try_load(_OSSL_LIB_CTX_PTR, const char*, int, mkcgo_err_state *); ++const char* _mkcgo_OpenSSL_version(int); ++unsigned long _mkcgo_OpenSSL_version_num(void); ++int _mkcgo_PKCS5_PBKDF2_HMAC(const char*, int, const unsigned char*, int, int, const _EVP_MD_PTR, int, unsigned char*, mkcgo_err_state *); ++int _mkcgo_RAND_bytes(unsigned char*, int, mkcgo_err_state *); ++void _mkcgo_RSA_free(_RSA_PTR); ++void _mkcgo_RSA_get0_crt_params(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++void _mkcgo_RSA_get0_factors(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++void _mkcgo_RSA_get0_key(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++_RSA_PTR _mkcgo_RSA_new(mkcgo_err_state *); ++int _mkcgo_RSA_set0_crt_params(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR, mkcgo_err_state *); ++int _mkcgo_RSA_set0_factors(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, mkcgo_err_state *); ++int _mkcgo_RSA_set0_key(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR, mkcgo_err_state *); ++ ++#endif // MKCGO_H +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl_go124.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl_go124.go +new file mode 100644 +index 00000000000000..ae64d2f7ee9990 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl_go124.go +@@ -0,0 +1,37 @@ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++//go:build go1.24 && !cmd_go_bootstrap ++ ++package ossl ++ ++/* ++#cgo noescape _mkcgo_EVP_CipherUpdate ++#cgo nocallback _mkcgo_EVP_CipherUpdate ++#cgo noescape _mkcgo_EVP_DecryptFinal_ex ++#cgo nocallback _mkcgo_EVP_DecryptFinal_ex ++#cgo noescape _mkcgo_EVP_DecryptUpdate ++#cgo nocallback _mkcgo_EVP_DecryptUpdate ++#cgo noescape _mkcgo_EVP_Digest ++#cgo nocallback _mkcgo_EVP_Digest ++#cgo noescape _mkcgo_EVP_DigestFinal_ex ++#cgo nocallback _mkcgo_EVP_DigestFinal_ex ++#cgo noescape _mkcgo_EVP_DigestSign ++#cgo nocallback _mkcgo_EVP_DigestSign ++#cgo noescape _mkcgo_EVP_DigestUpdate ++#cgo nocallback _mkcgo_EVP_DigestUpdate ++#cgo noescape _mkcgo_EVP_EncryptFinal_ex ++#cgo nocallback _mkcgo_EVP_EncryptFinal_ex ++#cgo noescape _mkcgo_EVP_EncryptUpdate ++#cgo nocallback _mkcgo_EVP_EncryptUpdate ++#cgo noescape _mkcgo_EVP_MD_CTX_copy ++#cgo nocallback _mkcgo_EVP_MD_CTX_copy ++#cgo noescape _mkcgo_EVP_PKEY_derive ++#cgo nocallback _mkcgo_EVP_PKEY_derive ++#cgo noescape _mkcgo_EVP_PKEY_get_raw_private_key ++#cgo nocallback _mkcgo_EVP_PKEY_get_raw_private_key ++#cgo noescape _mkcgo_EVP_PKEY_get_raw_public_key ++#cgo nocallback _mkcgo_EVP_PKEY_get_raw_public_key ++#cgo noescape _mkcgo_RAND_bytes ++#cgo nocallback _mkcgo_RAND_bytes ++*/ ++import "C" +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/aes.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/aes.go +new file mode 100644 +index 00000000000000..739d22d5df3108 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/aes.go +@@ -0,0 +1,146 @@ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++import "C" ++import ( ++ "crypto/cipher" ++ "errors" ++) ++ ++//go:generate go run github.com/microsoft/go-crypto-openssl/cmd/genaesmodes -in aes.go -modes CBC,CTR,GCM -out zaes.go ++//go:generate go run github.com/microsoft/go-crypto-openssl/cmd/gentestvectors -out vectors_test.go ++ ++// Steps to support a new AES mode, e.g. `FOO`: ++// 1. Add `FOO` to the list of modes in the `genaesmodes` command. ++// 2. Run `go generate` to update the generated code. ++// 3. Implement the necessary interfaces for the new struct, which will be named `cipherWithFOO`. ++ ++// NewAESCipher creates and returns a new AES cipher.Block. ++// The key argument should be the AES key, either 16, 24, or 32 bytes to select ++// AES-128, AES-192, or AES-256. ++// The returned cipher.Block implements the CBC, CTR, and/or GCM modes if ++// the underlying OpenSSL library supports them. ++func NewAESCipher(key []byte) (cipher.Block, error) { ++ var kind cipherKind ++ switch len(key) * 8 { ++ case 128: ++ kind = cipherAES128 ++ case 192: ++ kind = cipherAES192 ++ case 256: ++ kind = cipherAES256 ++ default: ++ return nil, errors.New("crypto/aes: invalid key size") ++ } ++ c, err := newEVPCipher(key, kind) ++ if err != nil { ++ return nil, err ++ } ++ return newAESBlock(c, kind), nil ++} ++ ++// NewGCMTLS returns a GCM cipher specific to TLS ++// and should not be used for non-TLS purposes. ++func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { ++ if c, ok := c.(interface { ++ NewGCMTLS() (cipher.AEAD, error) ++ }); ok { ++ return c.NewGCMTLS() ++ } ++ return nil, errors.New("GCM not supported") ++} ++ ++// NewGCMTLS13 returns a GCM cipher specific to TLS 1.3 and should not be used ++// for non-TLS purposes. ++func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { ++ if c, ok := c.(interface { ++ NewGCMTLS13() (cipher.AEAD, error) ++ }); ok { ++ return c.NewGCMTLS13() ++ } ++ return nil, errors.New("GCM not supported") ++} ++ ++// aesCipher implements the cipher.Block interface. ++type aesCipher struct { ++ cipher *evpCipher ++} ++ ++func (c aesCipher) BlockSize() int { ++ return c.cipher.blockSize ++} ++ ++func (c aesCipher) Encrypt(dst, src []byte) { ++ if err := c.cipher.encrypt(dst, src); err != nil { ++ // crypto/aes expects that the panic message starts with "crypto/aes: ". ++ panic("crypto/aes: " + err.Error()) ++ } ++} ++ ++func (c aesCipher) Decrypt(dst, src []byte) { ++ if err := c.cipher.decrypt(dst, src); err != nil { ++ // crypto/aes expects that the panic message starts with "crypto/aes: ". ++ panic("crypto/aes: " + err.Error()) ++ } ++} ++ ++// Implement optional interfaces for AES modes. ++ ++func (c cipherWithCBC) NewCBCEncrypter(iv []byte) cipher.BlockMode { ++ return c.cipher.newCBC(iv, cipherOpEncrypt) ++} ++ ++func (c cipherWithCBC) NewCBCDecrypter(iv []byte) cipher.BlockMode { ++ return c.cipher.newCBC(iv, cipherOpDecrypt) ++} ++ ++func (c cipherWithCTR) NewCTR(iv []byte) cipher.Stream { ++ return c.cipher.newCTR(iv) ++} ++ ++func (c cipherWithGCM) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) { ++ return c.cipher.newGCMChecked(nonceSize, tagSize) ++} ++ ++func (c cipherWithGCM) NewGCMTLS() (cipher.AEAD, error) { ++ return c.cipher.newGCM(cipherGCMTLS12) ++} ++ ++func (c cipherWithGCM) NewGCMTLS13() (cipher.AEAD, error) { ++ return c.cipher.newGCM(cipherGCMTLS13) ++} ++ ++// The following interfaces have been copied out of crypto/aes/modes.go. ++ ++type gcmAble interface { ++ NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) ++} ++ ++type cbcEncAble interface { ++ NewCBCEncrypter(iv []byte) cipher.BlockMode ++} ++ ++type cbcDecAble interface { ++ NewCBCDecrypter(iv []byte) cipher.BlockMode ++} ++ ++type ctrAble interface { ++ NewCTR(iv []byte) cipher.Stream ++} ++ ++// Test that the interfaces are implemented. ++ ++var ( ++ _ cipher.Block = (*aesCipher)(nil) ++ ++ _ cipher.Block = (*cipherWithCBC)(nil) ++ _ cbcEncAble = (*cipherWithCBC)(nil) ++ _ cbcDecAble = (*cipherWithCBC)(nil) ++ ++ _ cipher.Block = (*cipherWithCTR)(nil) ++ _ ctrAble = (*cipherWithCTR)(nil) ++ ++ _ cipher.Block = (*cipherWithGCM)(nil) ++ _ gcmAble = (*cipherWithGCM)(nil) ++) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/big.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/big.go +new file mode 100644 +index 00000000000000..6461f241f863fc +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/big.go +@@ -0,0 +1,11 @@ ++package openssl ++ ++// This file does not have build constraints to ++// facilitate using BigInt in Go crypto. ++// Go crypto references BigInt unconditionally, ++// even if it is not finally used. ++ ++// A BigInt is the raw words from a BigInt. ++// This definition allows us to avoid importing math/big. ++// Conversion between BigInt and *big.Int is in openssl/bbig. ++type BigInt []uint +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/cipher.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/cipher.go +new file mode 100644 +index 00000000000000..dcbb66acdce48a +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/cipher.go +@@ -0,0 +1,654 @@ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++import "C" ++ ++import ( ++ "crypto/cipher" ++ "errors" ++ "runtime" ++ "strconv" ++ "sync" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) ++ ++type cipherKind int8 ++ ++const ( ++ cipherAES128 cipherKind = iota ++ cipherAES192 ++ cipherAES256 ++ cipherDES ++ cipherDES3 ++ cipherRC4 ++) ++ ++func (c cipherKind) String() string { ++ switch c { ++ case cipherAES128: ++ return "AES-128" ++ case cipherAES192: ++ return "AES-192" ++ case cipherAES256: ++ return "AES-256" ++ case cipherDES: ++ return "DES" ++ case cipherDES3: ++ return "DES3" ++ case cipherRC4: ++ return "RC4" ++ default: ++ panic("unknown cipher kind: " + strconv.Itoa(int(c))) ++ } ++} ++ ++type cipherMode int8 ++ ++const ( ++ cipherModeNone cipherMode = -1 ++ cipherModeECB cipherMode = iota ++ cipherModeCBC ++ cipherModeCTR ++ cipherModeGCM ++) ++ ++// cipherOp is the allowed operations for a cipher, ++// as documented in [EVP_CipherInit_ex]. ++// ++// [EVP_CipherInit_ex]: https://www.openssl.org/docs/man3.0/man3/EVP_CipherInit_ex.html ++type cipherOp int8 ++ ++const ( ++ cipherOpNone cipherOp = -1 // leaves the value of the previous call, if any. ++ cipherOpDecrypt cipherOp = 0 ++ cipherOpEncrypt cipherOp = 1 ++) ++ ++// cacheCipher is a cache of cipherKind to GO_EVP_CIPHER_PTR. ++var cacheCipher sync.Map ++ ++type cacheCipherKey struct { ++ kind cipherKind ++ mode cipherMode ++} ++ ++// loadCipher returns a cipher object for the given k. ++func loadCipher(k cipherKind, mode cipherMode) (cipher ossl.EVP_CIPHER_PTR) { ++ if v, ok := cacheCipher.Load(cacheCipherKey{k, mode}); ok { ++ return v.(ossl.EVP_CIPHER_PTR) ++ } ++ defer func() { ++ if cipher != nil && vMajor == 3 { ++ // On OpenSSL 3, directly operating on a EVP_CIPHER object ++ // not created by EVP_CIPHER has negative performance ++ // implications, as cipher operations will have ++ // to fetch it on every call. Better to just fetch it once here. ++ cipher, _ = ossl.EVP_CIPHER_fetch(nil, ossl.EVP_CIPHER_get0_name(cipher), nil) ++ } ++ cacheCipher.Store(cacheCipherKey{k, mode}, cipher) ++ }() ++ switch k { ++ case cipherAES128: ++ switch mode { ++ case cipherModeECB: ++ cipher = ossl.EVP_aes_128_ecb() ++ case cipherModeCBC: ++ cipher = ossl.EVP_aes_128_cbc() ++ case cipherModeCTR: ++ cipher = ossl.EVP_aes_128_ctr() ++ case cipherModeGCM: ++ cipher = ossl.EVP_aes_128_gcm() ++ } ++ case cipherAES192: ++ switch mode { ++ case cipherModeECB: ++ cipher = ossl.EVP_aes_192_ecb() ++ case cipherModeCBC: ++ cipher = ossl.EVP_aes_192_cbc() ++ case cipherModeCTR: ++ cipher = ossl.EVP_aes_192_ctr() ++ case cipherModeGCM: ++ cipher = ossl.EVP_aes_192_gcm() ++ } ++ case cipherAES256: ++ switch mode { ++ case cipherModeECB: ++ cipher = ossl.EVP_aes_256_ecb() ++ case cipherModeCBC: ++ cipher = ossl.EVP_aes_256_cbc() ++ case cipherModeCTR: ++ cipher = ossl.EVP_aes_256_ctr() ++ case cipherModeGCM: ++ cipher = ossl.EVP_aes_256_gcm() ++ } ++ case cipherDES: ++ switch mode { ++ case cipherModeECB: ++ cipher = ossl.EVP_des_ecb() ++ case cipherModeCBC: ++ cipher = ossl.EVP_des_cbc() ++ } ++ case cipherDES3: ++ switch mode { ++ case cipherModeECB: ++ cipher = ossl.EVP_des_ede3_ecb() ++ case cipherModeCBC: ++ cipher = ossl.EVP_des_ede3_cbc() ++ } ++ case cipherRC4: ++ cipher = ossl.EVP_rc4() ++ } ++ return cipher ++} ++ ++type evpCipher struct { ++ key []byte ++ kind cipherKind ++ blockSize int ++} ++ ++func newEVPCipher(key []byte, kind cipherKind) (*evpCipher, error) { ++ cipher := loadCipher(kind, cipherModeECB) ++ if cipher == nil { ++ return nil, errors.New("crypto/cipher: unsupported cipher: " + kind.String()) ++ } ++ c := &evpCipher{key: make([]byte, len(key)), kind: kind} ++ copy(c.key, key) ++ c.blockSize = int(ossl.EVP_CIPHER_get_block_size(cipher)) ++ return c, nil ++} ++ ++func (c *evpCipher) encrypt(dst, src []byte) error { ++ if len(src) < c.blockSize { ++ return errors.New("input not full block") ++ } ++ if len(dst) < c.blockSize { ++ return errors.New("output not full block") ++ } ++ // Only check for overlap between the parts of src and dst that will actually be used. ++ // This matches Go standard library behavior. ++ if inexactOverlap(dst[:c.blockSize], src[:c.blockSize]) { ++ return errors.New("invalid buffer overlap") ++ } ++ enc_ctx, err := newCipherCtx(c.kind, cipherModeECB, cipherOpEncrypt, c.key, nil) ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_CIPHER_CTX_free(enc_ctx) ++ ++ var outl int32 ++ if _, err := ossl.EVP_EncryptUpdate(enc_ctx, base(dst), &outl, base(src), int32(c.blockSize)); err != nil { ++ return err ++ } ++ runtime.KeepAlive(c) ++ return nil ++} ++ ++func (c *evpCipher) decrypt(dst, src []byte) error { ++ if len(src) < c.blockSize { ++ return errors.New("input not full block") ++ } ++ if len(dst) < c.blockSize { ++ return errors.New("output not full block") ++ } ++ // Only check for overlap between the parts of src and dst that will actually be used. ++ // This matches Go standard library behavior. ++ if inexactOverlap(dst[:c.blockSize], src[:c.blockSize]) { ++ return errors.New("invalid buffer overlap") ++ } ++ dec_ctx, err := newCipherCtx(c.kind, cipherModeECB, cipherOpDecrypt, c.key, nil) ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_CIPHER_CTX_free(dec_ctx) ++ ++ if _, err := ossl.EVP_CIPHER_CTX_set_padding(dec_ctx, 0); err != nil { ++ return err ++ } ++ ++ var outl int32 ++ ossl.EVP_DecryptUpdate(dec_ctx, base(dst), &outl, base(src), int32(c.blockSize)) ++ runtime.KeepAlive(c) ++ return nil ++} ++ ++type cipherCBC struct { ++ ctx ossl.EVP_CIPHER_CTX_PTR ++ blockSize int ++} ++ ++func (c *cipherCBC) finalize() { ++ ossl.EVP_CIPHER_CTX_free(c.ctx) ++} ++ ++func (x *cipherCBC) BlockSize() int { return x.blockSize } ++ ++func (x *cipherCBC) CryptBlocks(dst, src []byte) { ++ if inexactOverlap(dst, src) { ++ panic("crypto/cipher: invalid buffer overlap") ++ } ++ if len(src)%x.blockSize != 0 { ++ panic("crypto/cipher: input not full blocks") ++ } ++ if len(dst) < len(src) { ++ panic("crypto/cipher: output smaller than input") ++ } ++ if len(src) > 0 { ++ var outl int32 ++ if _, err := ossl.EVP_CipherUpdate(x.ctx, base(dst), &outl, base(src), int32(len(src))); err != nil { ++ panic("crypto/cipher: " + err.Error()) ++ } ++ runtime.KeepAlive(x) ++ } ++} ++ ++func (x *cipherCBC) SetIV(iv []byte) { ++ if len(iv) != x.blockSize { ++ panic("crypto/cipher: incorrect length IV") ++ } ++ if _, err := ossl.EVP_CipherInit_ex(x.ctx, nil, nil, nil, base(iv), int32(cipherOpNone)); err != nil { ++ panic("crypto/cipher: " + err.Error()) ++ } ++} ++ ++func (c *evpCipher) newCBC(iv []byte, op cipherOp) cipher.BlockMode { ++ ctx, err := newCipherCtx(c.kind, cipherModeCBC, op, c.key, iv) ++ if err != nil { ++ panic(err) ++ } ++ x := &cipherCBC{ctx: ctx, blockSize: c.blockSize} ++ runtime.SetFinalizer(x, (*cipherCBC).finalize) ++ if _, err := ossl.EVP_CIPHER_CTX_set_padding(x.ctx, 0); err != nil { ++ panic("crypto/cipher: " + err.Error()) ++ } ++ return x ++} ++ ++type cipherCTR struct { ++ ctx ossl.EVP_CIPHER_CTX_PTR ++} ++ ++func (x *cipherCTR) XORKeyStream(dst, src []byte) { ++ if inexactOverlap(dst, src) { ++ panic("crypto/cipher: invalid buffer overlap") ++ } ++ if len(dst) < len(src) { ++ panic("crypto/cipher: output smaller than input") ++ } ++ if len(src) == 0 { ++ return ++ } ++ var outl int32 ++ if _, err := ossl.EVP_EncryptUpdate(x.ctx, base(dst), &outl, base(src), int32(len(src))); err != nil { ++ panic("crypto/cipher: " + err.Error()) ++ } ++ runtime.KeepAlive(x) ++} ++ ++func (c *evpCipher) newCTR(iv []byte) cipher.Stream { ++ ctx, err := newCipherCtx(c.kind, cipherModeCTR, cipherOpEncrypt, c.key, iv) ++ if err != nil { ++ panic(err) ++ } ++ x := &cipherCTR{ctx: ctx} ++ runtime.SetFinalizer(x, (*cipherCTR).finalize) ++ return x ++} ++ ++func (c *cipherCTR) finalize() { ++ ossl.EVP_CIPHER_CTX_free(c.ctx) ++} ++ ++type cipherGCMTLS uint8 ++ ++const ( ++ cipherGCMTLSNone cipherGCMTLS = iota ++ cipherGCMTLS12 ++ cipherGCMTLS13 ++) ++ ++type cipherGCM struct { ++ c *evpCipher ++ tls cipherGCMTLS ++ // minNextNonce is the minimum value that the next nonce can be, enforced by ++ // all TLS modes. ++ minNextNonce uint64 ++ // mask is the nonce mask used in TLS 1.3 mode. ++ mask uint64 ++ // maskInitialized is true if mask has been initialized. This happens during ++ // the first Seal. The initialized mask may be 0. Used by TLS 1.3 mode. ++ maskInitialized bool ++ blockSize int ++} ++ ++const ( ++ aesBlockSize = 16 ++ gcmTagSize = 16 ++ gcmStandardNonceSize = 12 ++ // TLS 1.2 additional data is constructed as: ++ // ++ // additional_data = seq_num(8) + TLSCompressed.type(1) + TLSCompressed.version(2) + TLSCompressed.length(2); ++ gcmTls12AddSize = 13 ++ // TLS 1.3 additional data is constructed as: ++ // ++ // additional_data = TLSCiphertext.opaque_type(1) || TLSCiphertext.legacy_record_version(2) || TLSCiphertext.length(2) ++ gcmTls13AddSize = 5 ++ gcmTlsFixedNonceSize = 4 ++) ++ ++type noGCM struct { ++ *evpCipher ++} ++ ++func (g *noGCM) BlockSize() int { ++ return g.blockSize ++} ++ ++func (g *noGCM) Encrypt(dst, src []byte) { ++ g.encrypt(dst, src) ++} ++ ++func (g *noGCM) Decrypt(dst, src []byte) { ++ g.decrypt(dst, src) ++} ++ ++func (c *evpCipher) newGCMChecked(nonceSize, tagSize int) (cipher.AEAD, error) { ++ if nonceSize != gcmStandardNonceSize && tagSize != gcmTagSize { ++ return nil, errors.New("crypto/cipher: GCM tag and nonce sizes can't be non-standard at the same time") ++ } ++ // Fall back to standard library for GCM with non-standard nonce or tag size. ++ if nonceSize != gcmStandardNonceSize { ++ return cipher.NewGCMWithNonceSize(&noGCM{c}, nonceSize) ++ } ++ if tagSize != gcmTagSize { ++ return cipher.NewGCMWithTagSize(&noGCM{c}, tagSize) ++ } ++ return c.newGCM(cipherGCMTLSNone) ++} ++ ++func (c *evpCipher) newGCM(tls cipherGCMTLS) (cipher.AEAD, error) { ++ g := &cipherGCM{c: c, tls: tls, blockSize: c.blockSize} ++ return g, nil ++} ++ ++func (g *cipherGCM) NonceSize() int { ++ return gcmStandardNonceSize ++} ++ ++func (g *cipherGCM) Overhead() int { ++ return gcmTagSize ++} ++ ++func (g *cipherGCM) Seal(dst, nonce, plaintext, aad []byte) []byte { ++ if len(nonce) != gcmStandardNonceSize { ++ panic("cipher: incorrect nonce length given to GCM") ++ } ++ if uint64(len(plaintext)) > ((1<<32)-2)*uint64(g.blockSize) || len(plaintext)+gcmTagSize < len(plaintext) { ++ panic("cipher: message too large for GCM") ++ } ++ if len(dst)+len(plaintext)+gcmTagSize < len(dst) { ++ panic("cipher: message too large for buffer") ++ } ++ if g.tls != cipherGCMTLSNone { ++ if g.tls == cipherGCMTLS12 && len(aad) != gcmTls12AddSize { ++ panic("cipher: incorrect additional data length given to GCM TLS 1.2") ++ } else if g.tls == cipherGCMTLS13 && len(aad) != gcmTls13AddSize { ++ panic("cipher: incorrect additional data length given to GCM TLS 1.3") ++ } ++ counter := bigEndianUint64(nonce[gcmTlsFixedNonceSize:]) ++ if g.tls == cipherGCMTLS13 { ++ // In TLS 1.3, the counter in the nonce has a mask and requires ++ // further decoding. ++ if !g.maskInitialized { ++ // According to TLS 1.3 nonce construction details at ++ // https://tools.ietf.org/html/rfc8446#section-5.3: ++ // ++ // the first record transmitted under a particular traffic ++ // key MUST use sequence number 0. ++ // ++ // The padded sequence number is XORed with [a mask]. ++ // ++ // The resulting quantity (of length iv_length) is used as ++ // the per-record nonce. ++ // ++ // We need to convert from the given nonce to sequence numbers ++ // to keep track of minNextNonce and enforce the counter ++ // maximum. On the first call, we know counter^mask is 0^mask, ++ // so we can simply store it as the mask. ++ g.mask = counter ++ g.maskInitialized = true ++ } ++ counter ^= g.mask ++ } ++ // BoringCrypto enforces strictly monotonically increasing explicit nonces ++ // and to fail after 2^64 - 1 keys as per FIPS 140-2 IG A.5, ++ // but OpenSSL does not perform this check, so it is implemented here. ++ const maxUint64 = 1<<64 - 1 ++ if counter == maxUint64 { ++ panic("cipher: nonce counter must be less than 2^64 - 1") ++ } ++ if counter < g.minNextNonce { ++ panic("cipher: nonce counter must be strictly monotonically increasing") ++ } ++ defer func() { ++ g.minNextNonce = counter + 1 ++ }() ++ } ++ ++ // Make room in dst to append plaintext+overhead. ++ ret, out := sliceForAppend(dst, len(plaintext)+gcmTagSize) ++ ++ // Check delayed until now to make sure len(dst) is accurate. ++ if inexactOverlap(out, plaintext) { ++ panic("cipher: invalid buffer overlap") ++ } ++ ++ ctx, err := newCipherCtx(g.c.kind, cipherModeGCM, cipherOpNone, g.c.key, nil) ++ if err != nil { ++ panic(err) ++ } ++ defer ossl.EVP_CIPHER_CTX_free(ctx) ++ // Encrypt additional data. ++ // When sealing a TLS payload, OpenSSL app sets the additional data using ++ // '_EVP_CIPHER_CTX_ctrl(g.ctx, _EVP_CTRL_AEAD_TLS1_AAD, _EVP_AEAD_TLS1_AAD_LEN, base(additionalData))'. ++ // This makes the explicit nonce component to monotonically increase on every Seal operation without ++ // relying in the explicit nonce being securely set externally, ++ // and it also gives some interesting speed gains. ++ // Unfortunately we can't use it because Go expects AEAD.Seal to honor the provided nonce. ++ if _, err := ossl.EVP_EncryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { ++ panic(err) ++ } ++ var outl, discard int32 ++ if _, err := ossl.EVP_EncryptUpdate(ctx, nil, &discard, baseNeverEmpty(aad), int32(len(aad))); err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_EncryptUpdate(ctx, base(out), &outl, baseNeverEmpty(plaintext), int32(len(plaintext))); err != nil { ++ panic(err) ++ } ++ if len(plaintext) != int(outl) { ++ panic("cipher: incorrect length returned from GCM EncryptUpdate") ++ } ++ if _, err := ossl.EVP_EncryptFinal_ex(ctx, base(out[outl:]), &discard); err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_GCM_GET_TAG, 16, unsafe.Pointer(base(out[outl:]))); err != nil { ++ panic(err) ++ } ++ runtime.KeepAlive(g) ++ return ret ++} ++ ++func (g *cipherGCM) SealWithRandomNonce(out, nonce, plaintext, aad []byte) { ++ if uint64(len(plaintext)) > uint64((1<<32)-2)*aesBlockSize { ++ panic("crypto/cipher: message too large for GCM") ++ } ++ if len(nonce) != gcmStandardNonceSize { ++ panic("crypto/cipher: incorrect nonce length given to GCMWithRandomNonce") ++ } ++ if len(out) != len(plaintext)+gcmTagSize { ++ panic("crypto/cipher: incorrect output length given to GCMWithRandomNonce") ++ } ++ if inexactOverlap(out, plaintext) { ++ panic("crypto/cipher: invalid buffer overlap of output and input") ++ } ++ if anyOverlap(out, aad) { ++ panic("crypto/cipher: invalid buffer overlap of output and additional data") ++ } ++ ++ if g.tls != cipherGCMTLSNone { ++ panic("cipher: encryption failed") ++ } ++ ++ RandReader.Read(nonce) ++ ctx, err := newCipherCtx(g.c.kind, cipherModeGCM, cipherOpNone, g.c.key, nil) ++ if err != nil { ++ panic(err) ++ } ++ defer ossl.EVP_CIPHER_CTX_free(ctx) ++ ++ if _, err := ossl.EVP_EncryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { ++ panic(err) ++ } ++ var outl, discard int32 ++ if _, err := ossl.EVP_EncryptUpdate(ctx, nil, &discard, baseNeverEmpty(aad), int32(len(aad))); err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_EncryptUpdate(ctx, base(out), &outl, baseNeverEmpty(plaintext), int32(len(plaintext))); err != nil { ++ panic(err) ++ } ++ if len(plaintext) != int(outl) { ++ panic("cipher: incorrect length returned from GCM EncryptUpdate") ++ } ++ if _, err := ossl.EVP_EncryptFinal_ex(ctx, base(out[outl:]), &discard); err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_GCM_GET_TAG, 16, unsafe.Pointer(base(out[outl:]))); err != nil { ++ panic(err) ++ } ++ runtime.KeepAlive(g) ++} ++ ++var errOpen = errors.New("cipher: message authentication failed") ++ ++func (g *cipherGCM) Open(dst, nonce, ciphertext, aad []byte) (_ []byte, err error) { ++ if len(nonce) != gcmStandardNonceSize { ++ panic("cipher: incorrect nonce length given to GCM") ++ } ++ if len(ciphertext) < gcmTagSize { ++ return nil, errOpen ++ } ++ if uint64(len(ciphertext)) > ((1<<32)-2)*uint64(g.blockSize)+gcmTagSize { ++ return nil, errOpen ++ } ++ // BoringCrypto does not do any TLS check when decrypting, neither do we. ++ ++ tag := ciphertext[len(ciphertext)-gcmTagSize:] ++ ciphertext = ciphertext[:len(ciphertext)-gcmTagSize] ++ ++ // Make room in dst to append ciphertext without tag. ++ ret, out := sliceForAppend(dst, len(ciphertext)) ++ ++ // Check delayed until now to make sure len(dst) is accurate. ++ if inexactOverlap(out, ciphertext) { ++ panic("cipher: invalid buffer overlap") ++ } ++ ++ ctx, err := newCipherCtx(g.c.kind, cipherModeGCM, cipherOpNone, g.c.key, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_CIPHER_CTX_free(ctx) ++ ++ defer func() { ++ if err != nil { ++ // Zero output buffer on error. ++ for i := range out { ++ out[i] = 0 ++ } ++ } ++ }() ++ if _, err := ossl.EVP_DecryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { ++ return nil, errOpen ++ } ++ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_GCM_SET_TAG, 16, unsafe.Pointer(base(tag))); err != nil { ++ return nil, errOpen ++ } ++ var outl, discard int32 ++ if _, err := ossl.EVP_DecryptUpdate(ctx, nil, &discard, baseNeverEmpty(aad), int32(len(aad))); err != nil { ++ return nil, errOpen ++ } ++ if _, err := ossl.EVP_DecryptUpdate(ctx, base(out), &outl, baseNeverEmpty(ciphertext), int32(len(ciphertext))); err != nil { ++ return nil, errOpen ++ } ++ if len(ciphertext) != int(outl) { ++ return nil, errOpen ++ } ++ if _, err := ossl.EVP_DecryptFinal_ex(ctx, base(out[outl:]), &discard); err != nil { ++ return nil, errOpen ++ } ++ runtime.KeepAlive(g) ++ return ret, nil ++} ++ ++// sliceForAppend is a mirror of crypto/cipher.sliceForAppend. ++func sliceForAppend(in []byte, n int) (head, tail []byte) { ++ if total := len(in) + n; cap(in) >= total { ++ head = in[:total] ++ } else { ++ head = make([]byte, total) ++ copy(head, in) ++ } ++ tail = head[len(in):] ++ return ++} ++ ++func newCipherCtx(kind cipherKind, mode cipherMode, encrypt cipherOp, key, iv []byte) (_ ossl.EVP_CIPHER_CTX_PTR, err error) { ++ cipher := loadCipher(kind, mode) ++ if cipher == nil { ++ panic("crypto/cipher: unsupported cipher: " + kind.String()) ++ } ++ ctx, err := ossl.EVP_CIPHER_CTX_new() ++ if err != nil { ++ return nil, err ++ } ++ defer func() { ++ if err != nil { ++ ossl.EVP_CIPHER_CTX_free(ctx) ++ } ++ }() ++ if kind == cipherRC4 { ++ // RC4 cipher supports a variable key length. ++ // We need to set the key length before setting the key, ++ // and to do so we need to have an initialized cipher ctx. ++ if _, err := ossl.EVP_CipherInit_ex(ctx, cipher, nil, nil, nil, int32(encrypt)); err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EVP_CIPHER_CTX_set_key_length(ctx, int32(len(key))); err != nil { ++ return nil, err ++ } ++ // Pass nil to the next call to EVP_CipherInit_ex to avoid resetting ctx's cipher. ++ cipher = nil ++ } ++ if _, err := ossl.EVP_CipherInit_ex(ctx, cipher, nil, base(key), base(iv), int32(encrypt)); err != nil { ++ return nil, err ++ } ++ return ctx, nil ++} ++ ++// The following two functions are a mirror of golang.org/x/crypto/internal/subtle. ++ ++func anyOverlap(x, y []byte) bool { ++ return len(x) > 0 && len(y) > 0 && ++ uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) && ++ uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1])) ++} ++ ++func inexactOverlap(x, y []byte) bool { ++ if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] { ++ return false ++ } ++ return anyOverlap(x, y) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/const.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/const.go +new file mode 100644 +index 00000000000000..9f99a9dc456242 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/const.go +@@ -0,0 +1,93 @@ ++package openssl ++ ++import "C" ++import "unsafe" ++ ++// cString is a null-terminated string, ++// akin to C's char*. ++type cString string ++ ++// str returns the string value. ++func (s cString) str() string { ++ return string(s) ++} ++ ++// ptr returns a pointer to the string data. ++// It panics if the string is not null-terminated. ++// ++// The memory pointed to by the returned pointer should ++// not be modified and it must only be passed to ++// "const char*" parameters. Any attempt to modify it ++// will result in a runtime panic, as Go strings are ++// allocated in read-only memory. ++func (s cString) ptr() *byte { ++ if len(s) == 0 { ++ return nil ++ } ++ if s[len(s)-1] != 0 { ++ panic("must be null-terminated") ++ } ++ return unsafe.StringData(string(s)) ++} ++ ++const ( //checkheader:ignore ++ // Provider names ++ _ProviderNameFips cString = "fips\x00" ++ _ProviderNameDefault cString = "default\x00" ++ ++ // Property strings ++ _PropFIPSYes cString = "fips=yes\x00" ++ _PropFIPSNo cString = "-fips\x00" ++ ++ // Key types ++ _KeyTypeRSA cString = "RSA\x00" ++ _KeyTypeEC cString = "EC\x00" ++ _KeyTypeED25519 cString = "ED25519\x00" ++ ++ // Digest Names ++ _DigestNameSHA2_256 cString = "SHA2-256\x00" ++ ++ // KDF names ++ _OSSL_KDF_NAME_HKDF cString = "HKDF\x00" ++ _OSSL_KDF_NAME_PBKDF2 cString = "PBKDF2\x00" ++ _OSSL_KDF_NAME_TLS1_PRF cString = "TLS1-PRF\x00" ++ _OSSL_KDF_NAME_TLS13_KDF cString = "TLS13-KDF\x00" ++ _OSSL_MAC_NAME_HMAC cString = "HMAC\x00" ++ ++ // KDF parameters ++ _OSSL_KDF_PARAM_DIGEST cString = "digest\x00" ++ _OSSL_KDF_PARAM_SECRET cString = "secret\x00" ++ _OSSL_KDF_PARAM_SEED cString = "seed\x00" ++ _OSSL_KDF_PARAM_KEY cString = "key\x00" ++ _OSSL_KDF_PARAM_INFO cString = "info\x00" ++ _OSSL_KDF_PARAM_SALT cString = "salt\x00" ++ _OSSL_KDF_PARAM_MODE cString = "mode\x00" ++ ++ // TLS3-KDF parameters ++ _OSSL_KDF_PARAM_PREFIX cString = "prefix\x00" ++ _OSSL_KDF_PARAM_LABEL cString = "label\x00" ++ _OSSL_KDF_PARAM_DATA cString = "data\x00" ++ ++ // PKEY parameters ++ _OSSL_PKEY_PARAM_PUB_KEY cString = "pub\x00" ++ _OSSL_PKEY_PARAM_PRIV_KEY cString = "priv\x00" ++ _OSSL_PKEY_PARAM_GROUP_NAME cString = "group\x00" ++ _OSSL_PKEY_PARAM_EC_PUB_X cString = "qx\x00" ++ _OSSL_PKEY_PARAM_EC_PUB_Y cString = "qy\x00" ++ _OSSL_PKEY_PARAM_FFC_PBITS cString = "pbits\x00" ++ _OSSL_PKEY_PARAM_FFC_QBITS cString = "qbits\x00" ++ _OSSL_PKEY_PARAM_RSA_N cString = "n\x00" ++ _OSSL_PKEY_PARAM_RSA_E cString = "e\x00" ++ _OSSL_PKEY_PARAM_RSA_D cString = "d\x00" ++ _OSSL_PKEY_PARAM_FFC_P cString = "p\x00" ++ _OSSL_PKEY_PARAM_FFC_Q cString = "q\x00" ++ _OSSL_PKEY_PARAM_FFC_G cString = "g\x00" ++ _OSSL_PKEY_PARAM_RSA_FACTOR1 cString = "rsa-factor1\x00" ++ _OSSL_PKEY_PARAM_RSA_FACTOR2 cString = "rsa-factor2\x00" ++ _OSSL_PKEY_PARAM_RSA_EXPONENT1 cString = "rsa-exponent1\x00" ++ _OSSL_PKEY_PARAM_RSA_EXPONENT2 cString = "rsa-exponent2\x00" ++ _OSSL_PKEY_PARAM_RSA_COEFFICIENT1 cString = "rsa-coefficient1\x00" ++ ++ // MAC parameters ++ _OSSL_MAC_PARAM_DIGEST cString = "digest\x00" ++) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/des.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/des.go +new file mode 100644 +index 00000000000000..78ecb9888e18cb +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/des.go +@@ -0,0 +1,113 @@ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++import "C" ++import ( ++ "crypto/cipher" ++ "errors" ++) ++ ++// SupportsDESCipher returns true if NewDESCipher is supported, ++// which uses ECB mode. ++// If CBC is also supported, then the returned cipher.Block ++// will also implement NewCBCEncrypter and NewCBCDecrypter. ++func SupportsDESCipher() bool { ++ // True for stock OpenSSL 1 w/o FIPS. ++ // False for stock OpenSSL 3 unless the legacy provider is available. ++ return (versionAtOrAbove(3, 0, 0) || !FIPS()) && loadCipher(cipherDES, cipherModeECB) != nil ++} ++ ++// SupportsTripleDESCipher returns true if NewTripleDESCipher is supported, ++// which uses ECB mode. ++// If CBC is also supported, then the returned cipher.Block ++// will also implement NewCBCEncrypter and NewCBCDecrypter. ++func SupportsTripleDESCipher() bool { ++ // Should always be true for stock OpenSSL, ++ // even when using the FIPS provider. ++ return loadCipher(cipherDES3, cipherModeECB) != nil ++} ++ ++func NewDESCipher(key []byte) (cipher.Block, error) { ++ if len(key) != 8 { ++ return nil, errors.New("crypto/des: invalid key size") ++ } ++ return newDESCipher(key, cipherDES) ++} ++ ++func NewTripleDESCipher(key []byte) (cipher.Block, error) { ++ if len(key) != 24 { ++ return nil, errors.New("crypto/des: invalid key size") ++ } ++ return newDESCipher(key, cipherDES3) ++} ++ ++func newDESCipher(key []byte, kind cipherKind) (cipher.Block, error) { ++ c, err := newEVPCipher(key, kind) ++ if err != nil { ++ return nil, err ++ } ++ if loadCipher(kind, cipherModeCBC) == nil { ++ return &desCipherWithoutCBC{c}, nil ++ } ++ return &desCipher{c}, nil ++} ++ ++type desExtraModes interface { ++ NewCBCEncrypter(iv []byte) cipher.BlockMode ++ NewCBCDecrypter(iv []byte) cipher.BlockMode ++} ++ ++var _ desExtraModes = (*desCipher)(nil) ++ ++type desCipher struct { ++ *evpCipher ++} ++ ++func (c *desCipher) BlockSize() int { ++ return c.blockSize ++} ++ ++func (c *desCipher) Encrypt(dst, src []byte) { ++ if err := c.encrypt(dst, src); err != nil { ++ // crypto/des expects that the panic message starts with "crypto/des: ". ++ panic("crypto/des: " + err.Error()) ++ } ++} ++ ++func (c *desCipher) Decrypt(dst, src []byte) { ++ if err := c.decrypt(dst, src); err != nil { ++ // crypto/des expects that the panic message starts with "crypto/des: ". ++ panic("crypto/des: " + err.Error()) ++ } ++} ++ ++func (c *desCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { ++ return c.newCBC(iv, cipherOpEncrypt) ++} ++ ++func (c *desCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { ++ return c.newCBC(iv, cipherOpDecrypt) ++} ++ ++type desCipherWithoutCBC struct { ++ *evpCipher ++} ++ ++func (c *desCipherWithoutCBC) BlockSize() int { ++ return c.blockSize ++} ++ ++func (c *desCipherWithoutCBC) Encrypt(dst, src []byte) { ++ if err := c.encrypt(dst, src); err != nil { ++ // crypto/des expects that the panic message starts with "crypto/des: ". ++ panic("crypto/des: " + err.Error()) ++ } ++} ++ ++func (c *desCipherWithoutCBC) Decrypt(dst, src []byte) { ++ if err := c.decrypt(dst, src); err != nil { ++ // crypto/des expects that the panic message starts with "crypto/des: ". ++ panic("crypto/des: " + err.Error()) ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/dsa.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/dsa.go +new file mode 100644 +index 00000000000000..a3ebbee02fac7b +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/dsa.go +@@ -0,0 +1,309 @@ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++import "C" ++import ( ++ "runtime" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) ++ ++// SupportsDSA returns true if the OpenSSL library supports DSA. ++func SupportsDSA() bool { ++ ctx, err := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_DSA, nil) ++ if err != nil { ++ return false ++ } ++ ossl.EVP_PKEY_CTX_free(ctx) ++ return true ++} ++ ++// DSAParameters contains the DSA parameters. ++type DSAParameters struct { ++ P, Q, G BigInt ++} ++ ++// PrivateKeyDSA represents a DSA private key. ++type PrivateKeyDSA struct { ++ DSAParameters ++ X, Y BigInt ++ ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey ossl.EVP_PKEY_PTR ++} ++ ++func (k *PrivateKeyDSA) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} ++ ++func (k *PrivateKeyDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++// PublicKeyDSA represents a DSA public key. ++type PublicKeyDSA struct { ++ DSAParameters ++ Y BigInt ++ ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey ossl.EVP_PKEY_PTR ++} ++ ++func (k *PublicKeyDSA) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} ++ ++func (k *PublicKeyDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++// GenerateParametersDSA generates a set of DSA parameters. ++func GenerateParametersDSA(l, n int) (DSAParameters, error) { ++ // The DSA parameters are generated by creating a new DSA key and ++ // extracting the domain parameters from it. ++ ++ // Generate a new DSA key context and set the known parameters. ++ ctx, err := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_DSA, nil) ++ if err != nil { ++ return DSAParameters{}, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if _, err := ossl.EVP_PKEY_paramgen_init(ctx); err != nil { ++ return DSAParameters{}, err ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_DSA, -1, ossl.EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, int32(l), nil); err != nil { ++ return DSAParameters{}, err ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_DSA, -1, ossl.EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, int32(n), nil); err != nil { ++ return DSAParameters{}, err ++ } ++ var pkey ossl.EVP_PKEY_PTR ++ if _, err := ossl.EVP_PKEY_paramgen(ctx, &pkey); err != nil { ++ return DSAParameters{}, err ++ } ++ defer ossl.EVP_PKEY_free(pkey) ++ ++ // Extract the domain parameters from the generated key. ++ var p, q, g ossl.BIGNUM_PTR ++ switch vMajor { ++ case 1: ++ dsa := getDSA(pkey) ++ ossl.DSA_get0_pqg(dsa, &p, &q, &g) ++ case 3: ++ defer func() { ++ ossl.BN_free(p) ++ ossl.BN_free(q) ++ ossl.BN_free(g) ++ }() ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_P.ptr(), &p); err != nil { ++ return DSAParameters{}, err ++ } ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_Q.ptr(), &q); err != nil { ++ return DSAParameters{}, err ++ } ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_G.ptr(), &g); err != nil { ++ return DSAParameters{}, err ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ ++ return DSAParameters{ ++ P: bnToBig(p), ++ Q: bnToBig(q), ++ G: bnToBig(g), ++ }, nil ++} ++ ++// NewPrivateKeyDSA creates a new DSA private key from the given parameters. ++func NewPrivateKeyDSA(params DSAParameters, x, y BigInt) (*PrivateKeyDSA, error) { ++ if x == nil || y == nil { ++ panic("x and y must not be nil") ++ } ++ pkey, err := newDSA(params, x, y) ++ if err != nil { ++ return nil, err ++ } ++ k := &PrivateKeyDSA{params, x, y, pkey} ++ runtime.SetFinalizer(k, (*PrivateKeyDSA).finalize) ++ return k, nil ++} ++ ++// NewPublicKeyDSA creates a new DSA public key from the given parameters. ++func NewPublicKeyDSA(params DSAParameters, y BigInt) (*PublicKeyDSA, error) { ++ if y == nil { ++ panic("y must not be nil") ++ } ++ pkey, err := newDSA(params, nil, y) ++ if err != nil { ++ return nil, err ++ } ++ k := &PublicKeyDSA{params, y, pkey} ++ runtime.SetFinalizer(k, (*PublicKeyDSA).finalize) ++ return k, nil ++} ++ ++// GenerateKeyDSA generates a new private DSA key using the given parameters. ++func GenerateKeyDSA(params DSAParameters) (x, y BigInt, err error) { ++ pkey, err := newDSA(params, nil, nil) ++ if err != nil { ++ return nil, nil, err ++ } ++ defer ossl.EVP_PKEY_free(pkey) ++ var bx, by ossl.BIGNUM_PTR ++ switch vMajor { ++ case 1: ++ dsa := getDSA(pkey) ++ ossl.DSA_get0_key(dsa, &by, &bx) ++ case 3: ++ defer func() { ++ ossl.BN_clear_free(bx) ++ ossl.BN_free(by) ++ }() ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PUB_KEY.ptr(), &by); err != nil { ++ return nil, nil, err ++ } ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &bx); err != nil { ++ return nil, nil, err ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ return bnToBig(bx), bnToBig(by), nil ++} ++ ++// SignDSA signs a hash (which should be the result of hashing a larger message). ++func SignDSA(priv *PrivateKeyDSA, hash []byte) ([]byte, error) { ++ return evpSign(priv.withKey, 0, 0, 0, hash) ++} ++ ++// VerifyDSA verifiessig using the public key, pub. ++func VerifyDSA(pub *PublicKeyDSA, hash []byte, sig []byte) bool { ++ return evpVerify(pub.withKey, 0, 0, 0, sig, hash) == nil ++} ++ ++func newDSA(params DSAParameters, x, y BigInt) (ossl.EVP_PKEY_PTR, error) { ++ switch vMajor { ++ case 1: ++ return newDSA1(params, x, y) ++ case 3: ++ return newDSA3(params, x, y) ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} ++ ++func newDSA1(params DSAParameters, x, y BigInt) (pkey ossl.EVP_PKEY_PTR, err error) { ++ checkMajorVersion(1) ++ ++ dsa, err := ossl.DSA_new() ++ if err != nil { ++ return nil, err ++ } ++ defer func() { ++ if pkey == nil { ++ ossl.DSA_free(dsa) ++ } ++ }() ++ // No need to check for errors here, DSA_set0_* functions will fail ++ // if the BNs are NULL and we will free non-NULL BNs in the error handling. ++ p, _ := bigToBN(params.P) ++ q, _ := bigToBN(params.Q) ++ g, _ := bigToBN(params.G) ++ if _, err := ossl.DSA_set0_pqg(dsa, p, q, g); err != nil { ++ ossl.BN_free(p) ++ ossl.BN_free(q) ++ ossl.BN_free(g) ++ return nil, err ++ } ++ if y != nil { ++ pub, _ := bigToBN(y) ++ priv, _ := bigToBN(x) ++ if _, err := ossl.DSA_set0_key(dsa, pub, priv); err != nil { ++ ossl.BN_free(pub) ++ ossl.BN_clear_free(priv) ++ return nil, err ++ } ++ } else { ++ if _, err := ossl.DSA_generate_key(dsa); err != nil { ++ return nil, err ++ } ++ } ++ pkey, err = ossl.EVP_PKEY_new() ++ if err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_DSA, unsafe.Pointer(dsa)); err != nil { ++ ossl.EVP_PKEY_free(pkey) ++ return nil, err ++ } ++ return pkey, nil ++} ++ ++func newDSA3(params DSAParameters, x, y BigInt) (ossl.EVP_PKEY_PTR, error) { ++ checkMajorVersion(3) ++ ++ bld, err := newParamBuilder() ++ if err != nil { ++ return nil, err ++ } ++ defer bld.finalize() ++ ++ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_P, params.P, false) ++ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_Q, params.Q, false) ++ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_G, params.G, false) ++ selection := int32(ossl.EVP_PKEY_KEYPAIR) ++ if y != nil { ++ bld.addBigInt(_OSSL_PKEY_PARAM_PUB_KEY, y, false) ++ if x == nil { ++ selection = ossl.EVP_PKEY_PUBLIC_KEY ++ } ++ } ++ if x != nil { ++ bld.addBigInt(_OSSL_PKEY_PARAM_PRIV_KEY, x, true) ++ } ++ bldparams, err := bld.build() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.OSSL_PARAM_free(bldparams) ++ pkey, err := newEvpFromParams(ossl.EVP_PKEY_DSA, selection, bldparams) ++ if err != nil { ++ return nil, err ++ } ++ if y != nil { ++ return pkey, nil ++ } ++ // pkey doesn't contain the public component, but the crypto/dsa package ++ // expects it to be always there. Generate a new key using pkey as domain ++ // parameters placeholder. ++ defer ossl.EVP_PKEY_free(pkey) ++ ctx, err := ossl.EVP_PKEY_CTX_new_from_pkey(nil, pkey, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if _, err := ossl.EVP_PKEY_keygen_init(ctx); err != nil { ++ return nil, err ++ } ++ var gkey ossl.EVP_PKEY_PTR ++ if _, err := ossl.EVP_PKEY_keygen(ctx, &gkey); err != nil { ++ return nil, err ++ } ++ return gkey, nil ++} ++ ++// getDSA returns the DSA from pkey. ++// If pkey does not contain an DSA it panics. ++// The returned key should not be freed. ++func getDSA(pkey ossl.EVP_PKEY_PTR) ossl.DSA_PTR { ++ key, err := ossl.EVP_PKEY_get0_DSA(pkey) ++ if err != nil { ++ panic(err) ++ } ++ return key ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ec.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ec.go +new file mode 100644 +index 00000000000000..96ec25f3f35074 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ec.go +@@ -0,0 +1,67 @@ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++import "C" ++import "github.com/microsoft/go-crypto-openssl/internal/ossl" ++ ++func curveNID(curve string) int32 { ++ switch curve { ++ case "P-224": ++ return ossl.NID_secp224r1 ++ case "P-256": ++ return ossl.NID_X9_62_prime256v1 ++ case "P-384": ++ return ossl.NID_secp384r1 ++ case "P-521": ++ return ossl.NID_secp521r1 ++ default: ++ panic("openssl: unknown curve " + curve) ++ } ++} ++ ++// curveSize returns the size of the curve in bytes. ++func curveSize(curve string) int { ++ switch curve { ++ case "P-224": ++ return 224 / 8 ++ case "P-256": ++ return 256 / 8 ++ case "P-384": ++ return 384 / 8 ++ case "P-521": ++ return (521 + 7) / 8 ++ default: ++ panic("openssl: unknown curve " + curve) ++ } ++} ++ ++// encodeEcPoint encodes pt. ++func encodeEcPoint(group ossl.EC_GROUP_PTR, pt ossl.EC_POINT_PTR) ([]byte, error) { ++ // Get encoded point size. ++ n, err := ossl.EC_POINT_point2oct(group, pt, ossl.POINT_CONVERSION_UNCOMPRESSED, nil, 0, nil) ++ if err != nil { ++ return nil, err ++ } ++ // Encode point into bytes. ++ bytes := make([]byte, n) ++ if _, err = ossl.EC_POINT_point2oct(group, pt, ossl.POINT_CONVERSION_UNCOMPRESSED, base(bytes), n, nil); err != nil { ++ return nil, err ++ } ++ return bytes, nil ++} ++ ++// generateAndEncodeEcPublicKey calls newPubKeyPointFn to generate a public key point and then encodes it. ++func generateAndEncodeEcPublicKey(nid int32, newPubKeyPointFn func(group ossl.EC_GROUP_PTR) (ossl.EC_POINT_PTR, error)) ([]byte, error) { ++ group, err := ossl.EC_GROUP_new_by_curve_name(nid) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EC_GROUP_free(group) ++ pt, err := newPubKeyPointFn(group) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EC_POINT_free(pt) ++ return encodeEcPoint(group, pt) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdh.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdh.go +new file mode 100644 +index 00000000000000..381f0d2079743d +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdh.go +@@ -0,0 +1,306 @@ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++import "C" ++import ( ++ "errors" ++ "runtime" ++ "slices" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) ++ ++type PublicKeyECDH struct { ++ _pkey ossl.EVP_PKEY_PTR ++ bytes []byte ++} ++ ++func (k *PublicKeyECDH) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} ++ ++type PrivateKeyECDH struct { ++ _pkey ossl.EVP_PKEY_PTR ++ curve string ++} ++ ++func (k *PrivateKeyECDH) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} ++ ++func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) { ++ if len(bytes) != 1+2*curveSize(curve) { ++ return nil, errors.New("NewPublicKeyECDH: wrong key length") ++ } ++ pkey, err := newECDHPkey(curve, bytes, false) ++ if err != nil { ++ return nil, err ++ } ++ k := &PublicKeyECDH{pkey, slices.Clone(bytes)} ++ runtime.SetFinalizer(k, (*PublicKeyECDH).finalize) ++ return k, nil ++} ++ ++func (k *PublicKeyECDH) Bytes() []byte { return k.bytes } ++ ++func NewPrivateKeyECDH(curve string, bytes []byte) (*PrivateKeyECDH, error) { ++ if len(bytes) != curveSize(curve) { ++ return nil, errors.New("NewPrivateKeyECDH: wrong key length") ++ } ++ pkey, err := newECDHPkey(curve, bytes, true) ++ if err != nil { ++ return nil, err ++ } ++ k := &PrivateKeyECDH{pkey, curve} ++ runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize) ++ return k, nil ++} ++ ++func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { ++ defer runtime.KeepAlive(k) ++ var pkey ossl.EVP_PKEY_PTR ++ defer func() { ++ ossl.EVP_PKEY_free(pkey) ++ }() ++ ++ var bytes []byte ++ switch vMajor { ++ case 1: ++ var err error ++ pkey, err = ossl.EVP_PKEY_new() ++ if err != nil { ++ return nil, err ++ } ++ key := getECKey(k._pkey) ++ if _, err := ossl.EVP_PKEY_set1_EC_KEY(pkey, key); err != nil { ++ return nil, err ++ } ++ pt := ossl.EC_KEY_get0_public_key(key) ++ if pt == nil { ++ return nil, fail("missing ECDH public key") ++ } ++ group := ossl.EC_KEY_get0_group(key) ++ if bytes, err = encodeEcPoint(group, pt); err != nil { ++ return nil, err ++ } ++ case 3: ++ pkey = k._pkey ++ if _, err := ossl.EVP_PKEY_up_ref(pkey); err != nil { ++ return nil, err ++ } ++ ++ var cbytes *byte ++ n, err := ossl.EVP_PKEY_get1_encoded_public_key(k._pkey, &cbytes) ++ if err != nil { ++ return nil, err ++ } ++ bytes = C.GoBytes(unsafe.Pointer(cbytes), C.int(n)) ++ cryptoFree(unsafe.Pointer(cbytes)) ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ pub := &PublicKeyECDH{pkey, bytes} ++ pkey = nil ++ runtime.SetFinalizer(pub, (*PublicKeyECDH).finalize) ++ return pub, nil ++} ++ ++func newECDHPkey(curve string, bytes []byte, isPrivate bool) (ossl.EVP_PKEY_PTR, error) { ++ nid := curveNID(curve) ++ switch vMajor { ++ case 1: ++ return newECDHPkey1(nid, bytes, isPrivate) ++ case 3: ++ return newECDHPkey3(nid, bytes, isPrivate) ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} ++ ++func newECDHPkey1(nid int32, bytes []byte, isPrivate bool) (pkey ossl.EVP_PKEY_PTR, err error) { ++ checkMajorVersion(1) ++ ++ key, err := ossl.EC_KEY_new_by_curve_name(nid) ++ if err != nil { ++ return nil, err ++ } ++ defer func() { ++ if pkey == nil { ++ ossl.EC_KEY_free(key) ++ } ++ }() ++ group := ossl.EC_KEY_get0_group(key) ++ if isPrivate { ++ priv, err := ossl.BN_bin2bn(base(bytes), int32(len(bytes)), nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.BN_clear_free(priv) ++ if _, err := ossl.EC_KEY_set_private_key(key, priv); err != nil { ++ return nil, err ++ } ++ pub, err := pointMult(group, priv) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EC_POINT_free(pub) ++ if _, err := ossl.EC_KEY_set_public_key(key, pub); err != nil { ++ return nil, err ++ } ++ } else { ++ pub, err := ossl.EC_POINT_new(group) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EC_POINT_free(pub) ++ if _, err := ossl.EC_POINT_oct2point(group, pub, base(bytes), len(bytes), nil); err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EC_KEY_set_public_key(key, pub); err != nil { ++ return nil, err ++ } ++ } ++ if _, err := ossl.EC_KEY_check_key(key); err != nil { ++ // Match upstream error message. ++ if isPrivate { ++ return nil, errors.New("crypto/ecdh: invalid private key") ++ } else { ++ return nil, errors.New("crypto/ecdh: invalid public key") ++ } ++ } ++ return newEVPPKEY(key) ++} ++ ++func newECDHPkey3(nid int32, bytes []byte, isPrivate bool) (ossl.EVP_PKEY_PTR, error) { ++ checkMajorVersion(3) ++ ++ bld, err := newParamBuilder() ++ if err != nil { ++ return nil, err ++ } ++ defer bld.finalize() ++ bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, ossl.OBJ_nid2sn(nid), 0) ++ var selection int32 ++ if isPrivate { ++ priv, err := ossl.BN_bin2bn(base(bytes), int32(len(bytes)), nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.BN_clear_free(priv) ++ pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group ossl.EC_GROUP_PTR) (ossl.EC_POINT_PTR, error) { ++ return pointMult(group, priv) ++ }) ++ if err != nil { ++ return nil, err ++ } ++ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubBytes) ++ bld.addBN(_OSSL_PKEY_PARAM_PRIV_KEY, priv) ++ selection = ossl.EVP_PKEY_KEYPAIR ++ } else { ++ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, bytes) ++ selection = ossl.EVP_PKEY_PUBLIC_KEY ++ } ++ ++ params, err := bld.build() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.OSSL_PARAM_free(params) ++ pkey, err := newEvpFromParams(ossl.EVP_PKEY_EC, selection, params) ++ if err != nil { ++ return nil, err ++ } ++ ++ if err := checkPkey(pkey, isPrivate); err != nil { ++ ossl.EVP_PKEY_free(pkey) ++ return nil, errors.New("crypto/ecdh: " + err.Error()) ++ } ++ return pkey, nil ++} ++ ++func pointMult(group ossl.EC_GROUP_PTR, priv ossl.BIGNUM_PTR) (ossl.EC_POINT_PTR, error) { ++ // OpenSSL does not expose any method to generate the public ++ // key from the private key [1], so we have to calculate it here. ++ // [1] https://github.com/openssl/openssl/issues/18437#issuecomment-1144717206 ++ pt, err := ossl.EC_POINT_new(group) ++ if err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EC_POINT_mul(group, pt, priv, nil, nil, nil); err != nil { ++ ossl.EC_POINT_free(pt) ++ return nil, err ++ } ++ return pt, nil ++} ++ ++func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) { ++ defer runtime.KeepAlive(priv) ++ defer runtime.KeepAlive(pub) ++ ctx, err := ossl.EVP_PKEY_CTX_new(priv._pkey, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if _, err := ossl.EVP_PKEY_derive_init(ctx); err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EVP_PKEY_derive_set_peer(ctx, pub._pkey); err != nil { ++ return nil, err ++ } ++ var keylen int ++ if _, err := ossl.EVP_PKEY_derive(ctx, nil, &keylen); err != nil { ++ return nil, err ++ } ++ out := make([]byte, keylen) ++ if _, err := ossl.EVP_PKEY_derive(ctx, base(out), &keylen); err != nil { ++ return nil, err ++ } ++ return out, nil ++} ++ ++func GenerateKeyECDH(curve string) (*PrivateKeyECDH, []byte, error) { ++ pkey, err := generateEVPPKey(ossl.EVP_PKEY_EC, 0, curve) ++ if err != nil { ++ return nil, nil, err ++ } ++ var k *PrivateKeyECDH ++ defer func() { ++ if k == nil { ++ ossl.EVP_PKEY_free(pkey) ++ } ++ }() ++ var priv ossl.BIGNUM_PTR ++ switch vMajor { ++ case 1: ++ key := getECKey(pkey) ++ priv = ossl.EC_KEY_get0_private_key(key) ++ if priv == nil { ++ return nil, nil, fail("missing ECDH private key") ++ } ++ case 3: ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &priv); err != nil { ++ return nil, nil, err ++ } ++ defer ossl.BN_clear_free(priv) ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ // We should not leak bit length of the secret scalar in the key. ++ // For this reason, we use BN_bn2binpad instead of BN_bn2bin with fixed length. ++ // The fixed length is the order of the large prime subgroup of the curve, ++ // returned by EVP_PKEY_get_bits, which is generally the upper bound for ++ // generating a private ECDH key. ++ bits, err := ossl.EVP_PKEY_get_bits(pkey) ++ if err != nil { ++ return nil, nil, err ++ } ++ bytes := make([]byte, (bits+7)/8) ++ if err := bnToBinPad(priv, bytes); err != nil { ++ return nil, nil, err ++ } ++ k = &PrivateKeyECDH{pkey, curve} ++ runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize) ++ return k, bytes, nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdsa.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdsa.go +new file mode 100644 +index 00000000000000..d256b7996b4f08 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdsa.go +@@ -0,0 +1,226 @@ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++import "C" ++import ( ++ "crypto" ++ "errors" ++ "runtime" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) ++ ++type PrivateKeyECDSA struct { ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey ossl.EVP_PKEY_PTR ++} ++ ++func (k *PrivateKeyECDSA) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} ++ ++func (k *PrivateKeyECDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++type PublicKeyECDSA struct { ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey ossl.EVP_PKEY_PTR ++} ++ ++func (k *PublicKeyECDSA) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} ++ ++func (k *PublicKeyECDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++var errUnknownCurve = errors.New("openssl: unknown elliptic curve") ++ ++func NewPublicKeyECDSA(curve string, x, y BigInt) (*PublicKeyECDSA, error) { ++ pkey, err := newECDSAKey(curve, x, y, nil) ++ if err != nil { ++ return nil, err ++ } ++ k := &PublicKeyECDSA{_pkey: pkey} ++ runtime.SetFinalizer(k, (*PublicKeyECDSA).finalize) ++ return k, nil ++} ++ ++func NewPrivateKeyECDSA(curve string, x, y, d BigInt) (*PrivateKeyECDSA, error) { ++ pkey, err := newECDSAKey(curve, x, y, d) ++ if err != nil { ++ return nil, err ++ } ++ k := &PrivateKeyECDSA{_pkey: pkey} ++ runtime.SetFinalizer(k, (*PrivateKeyECDSA).finalize) ++ return k, nil ++} ++ ++func GenerateKeyECDSA(curve string) (x, y, d BigInt, err error) { ++ // Generate the private key. ++ pkey, err := generateEVPPKey(ossl.EVP_PKEY_EC, 0, curve) ++ if err != nil { ++ return nil, nil, nil, err ++ } ++ defer ossl.EVP_PKEY_free(pkey) ++ ++ var bx, by, bd ossl.BIGNUM_PTR ++ defer func() { ++ ossl.BN_free(bx) ++ ossl.BN_free(by) ++ }() ++ switch vMajor { ++ case 1: ++ // Retrieve the internal EC_KEY, which holds the X, Y, and D coordinates. ++ key := getECKey(pkey) ++ group := ossl.EC_KEY_get0_group(key) ++ pt := ossl.EC_KEY_get0_public_key(key) ++ // Allocate two big numbers to store the X and Y coordinates. ++ bx, err = ossl.BN_new() ++ if err != nil { ++ return nil, nil, nil, err ++ } ++ by, err = ossl.BN_new() ++ if err != nil { ++ return nil, nil, nil, err ++ } ++ // Get X and Y. ++ if _, err := ossl.EC_POINT_get_affine_coordinates_GFp(group, pt, bx, by, nil); err != nil { ++ return nil, nil, nil, err ++ } ++ // Get Z. We don't need to free it, get0 does not increase the reference count. ++ bd = ossl.EC_KEY_get0_private_key(key) ++ case 3: ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_X.ptr(), &bx); err != nil { ++ return nil, nil, nil, err ++ } ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_Y.ptr(), &by); err != nil { ++ return nil, nil, nil, err ++ } ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &bd); err != nil { ++ return nil, nil, nil, err ++ } ++ defer ossl.BN_clear_free(bd) ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ ++ // Get D. ++ return bnToBig(bx), bnToBig(by), bnToBig(bd), nil ++} ++ ++func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) { ++ return evpSign(priv.withKey, 0, 0, 0, hash) ++} ++ ++func HashSignECDSA(priv *PrivateKeyECDSA, h crypto.Hash, msg []byte) ([]byte, error) { ++ return evpHashSign(priv.withKey, h, msg) ++} ++ ++func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool { ++ return evpVerify(pub.withKey, 0, 0, 0, sig, hash) == nil ++} ++ ++func HashVerifyECDSA(pub *PublicKeyECDSA, h crypto.Hash, msg, sig []byte) bool { ++ return evpHashVerify(pub.withKey, h, msg, sig) == nil ++} ++ ++func newECDSAKey(curve string, x, y, d BigInt) (ossl.EVP_PKEY_PTR, error) { ++ nid := curveNID(curve) ++ bx, err := bigToBN(x) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.BN_free(bx) ++ by, err := bigToBN(y) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.BN_free(by) ++ var bd ossl.BIGNUM_PTR ++ if d != nil { ++ bd, err = bigToBN(d) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.BN_clear_free(bd) ++ } ++ switch vMajor { ++ case 1: ++ return newECDSAKey1(nid, bx, by, bd) ++ case 3: ++ return newECDSAKey3(nid, bx, by, bd) ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} ++ ++func newECDSAKey1(nid int32, bx, by, bd ossl.BIGNUM_PTR) (pkey ossl.EVP_PKEY_PTR, err error) { ++ checkMajorVersion(1) ++ ++ key, err := ossl.EC_KEY_new_by_curve_name(nid) ++ if err != nil { ++ return nil, err ++ } ++ defer func() { ++ if pkey == nil { ++ defer ossl.EC_KEY_free(key) ++ } ++ }() ++ if _, err := ossl.EC_KEY_set_public_key_affine_coordinates(key, bx, by); err != nil { ++ return nil, err ++ } ++ if bd != nil { ++ if _, err := ossl.EC_KEY_set_private_key(key, bd); err != nil { ++ return nil, err ++ } ++ } ++ ++ return newEVPPKEY(key) ++} ++ ++func newECDSAKey3(nid int32, bx, by, bd ossl.BIGNUM_PTR) (ossl.EVP_PKEY_PTR, error) { ++ checkMajorVersion(3) ++ ++ // Create the encoded public key public key from bx and by. ++ pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group ossl.EC_GROUP_PTR) (ossl.EC_POINT_PTR, error) { ++ pt, err := ossl.EC_POINT_new(group) ++ if err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EC_POINT_set_affine_coordinates(group, pt, bx, by, nil); err != nil { ++ ossl.EC_POINT_free(pt) ++ return nil, err ++ } ++ return pt, nil ++ }) ++ if err != nil { ++ return nil, err ++ } ++ // Construct the parameters. ++ bld, err := newParamBuilder() ++ if err != nil { ++ return nil, err ++ } ++ defer bld.finalize() ++ bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, ossl.OBJ_nid2sn(nid), 0) ++ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubBytes) ++ var selection int32 ++ if bd != nil { ++ bld.addBN(_OSSL_PKEY_PARAM_PRIV_KEY, bd) ++ selection = ossl.EVP_PKEY_KEYPAIR ++ } else { ++ selection = ossl.EVP_PKEY_PUBLIC_KEY ++ } ++ params, err := bld.build() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.OSSL_PARAM_free(params) ++ return newEvpFromParams(ossl.EVP_PKEY_EC, selection, params) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ed25519.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ed25519.go +new file mode 100644 +index 00000000000000..d4e8b90acb07cb +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ed25519.go +@@ -0,0 +1,229 @@ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++import "C" ++import ( ++ "errors" ++ "runtime" ++ "strconv" ++ "sync" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) ++ ++const ( ++ // publicKeySizeEd25519 is the size, in bytes, of public keys as used in crypto/ed25519. ++ publicKeySizeEd25519 = 32 ++ // privateKeySizeEd25519 is the size, in bytes, of private keys as used in crypto/ed25519. ++ privateKeySizeEd25519 = 64 ++ // signatureSizeEd25519 is the size, in bytes, of signatures generated and verified by crypto/ed25519. ++ signatureSizeEd25519 = 64 ++ // seedSizeEd25519 is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032. ++ seedSizeEd25519 = 32 ++) ++ ++// TODO: Add support for Ed25519ph and Ed25519ctx when OpenSSL supports them, ++// which will probably be in 3.2.0 (https://github.com/openssl/openssl/issues/20418). ++ ++var supportsEd25519 = sync.OnceValue(func() bool { ++ switch vMajor { ++ case 1: ++ if versionAtOrAbove(1, 1, 1) { ++ ctx, _ := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_ED25519, nil) ++ if ctx != nil { ++ ossl.EVP_PKEY_CTX_free(ctx) ++ return true ++ } ++ } ++ case 3: ++ sig, _ := ossl.EVP_SIGNATURE_fetch(nil, _KeyTypeED25519.ptr(), nil) ++ if sig != nil { ++ ossl.EVP_SIGNATURE_free(sig) ++ return true ++ } ++ } ++ return false ++}) ++ ++// SupportsEd25519 returns true if the current OpenSSL version supports ++// GenerateKeyEd25519, NewKeyFromSeedEd25519, SignEd25519 and VerifyEd25519. ++func SupportsEd25519() bool { ++ return supportsEd25519() ++} ++ ++type PublicKeyEd25519 struct { ++ _pkey ossl.EVP_PKEY_PTR ++} ++ ++func (k *PublicKeyEd25519) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} ++ ++func (k *PublicKeyEd25519) Bytes() ([]byte, error) { ++ defer runtime.KeepAlive(k) ++ pub := make([]byte, publicKeySizeEd25519) ++ if err := extractPKEYPubEd25519(k._pkey, pub); err != nil { ++ return nil, err ++ } ++ return pub, nil ++} ++ ++type PrivateKeyEd25519 struct { ++ _pkey ossl.EVP_PKEY_PTR ++} ++ ++func (k *PrivateKeyEd25519) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} ++ ++func (k *PrivateKeyEd25519) Bytes() ([]byte, error) { ++ defer runtime.KeepAlive(k) ++ priv := make([]byte, privateKeySizeEd25519) ++ if err := extractPKEYPrivEd25519(k._pkey, priv); err != nil { ++ return nil, err ++ } ++ return priv, nil ++} ++ ++func (k *PrivateKeyEd25519) Public() (*PublicKeyEd25519, error) { ++ pub := make([]byte, publicKeySizeEd25519) ++ if err := extractPKEYPubEd25519(k._pkey, pub); err != nil { ++ return nil, err ++ } ++ pubk, err := NewPublicKeyEd25519(pub) ++ if err != nil { ++ return nil, err ++ } ++ return pubk, nil ++} ++ ++// GenerateKeyEd25519 generates a private key. ++func GenerateKeyEd25519() (*PrivateKeyEd25519, error) { ++ pkeyPriv, err := generateEVPPKey(ossl.EVP_PKEY_ED25519, 0, "") ++ if err != nil { ++ return nil, err ++ } ++ priv := &PrivateKeyEd25519{_pkey: pkeyPriv} ++ runtime.SetFinalizer(priv, (*PrivateKeyEd25519).finalize) ++ return priv, nil ++} ++ ++// Deprecated: use NewPrivateKeyEd25519 instead. ++func NewPrivateKeyEd25119(priv []byte) (*PrivateKeyEd25519, error) { ++ return NewPrivateKeyEd25519(priv) ++} ++ ++func NewPrivateKeyEd25519(priv []byte) (*PrivateKeyEd25519, error) { ++ if len(priv) != privateKeySizeEd25519 { ++ panic("ed25519: bad private key length: " + strconv.Itoa(len(priv))) ++ } ++ return NewPrivateKeyEd25519FromSeed(priv[:seedSizeEd25519]) ++} ++ ++// Deprecated: use NewPublicKeyEd25519 instead. ++func NewPublicKeyEd25119(pub []byte) (*PublicKeyEd25519, error) { ++ return NewPublicKeyEd25519(pub) ++} ++ ++func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { ++ if len(pub) != publicKeySizeEd25519 { ++ panic("ed25519: bad public key length: " + strconv.Itoa(len(pub))) ++ } ++ pkey, err := ossl.EVP_PKEY_new_raw_public_key(ossl.EVP_PKEY_ED25519, nil, base(pub), len(pub)) ++ if err != nil { ++ return nil, err ++ } ++ pubk := &PublicKeyEd25519{_pkey: pkey} ++ runtime.SetFinalizer(pubk, (*PublicKeyEd25519).finalize) ++ return pubk, nil ++} ++ ++// NewPrivateKeyEd25519FromSeed calculates a private key from a seed. It will panic if ++// len(seed) is not [SeedSize]. RFC 8032's private keys correspond to seeds in this ++// package. ++func NewPrivateKeyEd25519FromSeed(seed []byte) (*PrivateKeyEd25519, error) { ++ if len(seed) != seedSizeEd25519 { ++ panic("ed25519: bad seed length: " + strconv.Itoa(len(seed))) ++ } ++ pkey, err := ossl.EVP_PKEY_new_raw_private_key(ossl.EVP_PKEY_ED25519, nil, base(seed), len(seed)) ++ if err != nil { ++ return nil, err ++ } ++ priv := &PrivateKeyEd25519{_pkey: pkey} ++ runtime.SetFinalizer(priv, (*PrivateKeyEd25519).finalize) ++ return priv, nil ++} ++ ++func extractPKEYPubEd25519(pkey ossl.EVP_PKEY_PTR, pub []byte) error { ++ keylen := publicKeySizeEd25519 ++ if _, err := ossl.EVP_PKEY_get_raw_public_key(pkey, base(pub), &keylen); err != nil { ++ return err ++ } ++ if keylen != publicKeySizeEd25519 { ++ return errors.New("ed25519: bad public key length: " + strconv.Itoa(keylen)) ++ } ++ return nil ++} ++ ++func extractPKEYPrivEd25519(pkey ossl.EVP_PKEY_PTR, priv []byte) error { ++ if err := extractPKEYPubEd25519(pkey, priv[seedSizeEd25519:]); err != nil { ++ return err ++ } ++ keylen := seedSizeEd25519 ++ if _, err := ossl.EVP_PKEY_get_raw_private_key(pkey, base(priv), &keylen); err != nil { ++ return err ++ } ++ if keylen != seedSizeEd25519 { ++ return errors.New("ed25519: bad private key length: " + strconv.Itoa(keylen)) ++ } ++ return nil ++} ++ ++// SignEd25519 signs the message with priv and returns a signature. ++func SignEd25519(priv *PrivateKeyEd25519, message []byte) (sig []byte, err error) { ++ // Outline the function body so that the returned key can be stack-allocated. ++ sig = make([]byte, signatureSizeEd25519) ++ err = signEd25519(priv, sig, message) ++ if err != nil { ++ return nil, err ++ } ++ return sig, err ++} ++ ++func signEd25519(priv *PrivateKeyEd25519, sig, message []byte) error { ++ defer runtime.KeepAlive(priv) ++ ctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_MD_CTX_free(ctx) ++ if _, err := ossl.EVP_DigestSignInit(ctx, nil, nil, nil, priv._pkey); err != nil { ++ return err ++ } ++ siglen := signatureSizeEd25519 ++ if _, err := ossl.EVP_DigestSign(ctx, base(sig), &siglen, base(message), len(message)); err != nil { ++ return err ++ } ++ if siglen != signatureSizeEd25519 { ++ return errors.New("ed25519: bad signature length: " + strconv.Itoa(siglen)) ++ } ++ return nil ++} ++ ++// VerifyEd25519 reports whether sig is a valid signature of message by pub. ++func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error { ++ defer runtime.KeepAlive(pub) ++ ctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_MD_CTX_free(ctx) ++ if _, err := ossl.EVP_DigestVerifyInit(ctx, nil, nil, nil, pub._pkey); err != nil { ++ return err ++ } ++ if _, err := ossl.EVP_DigestVerify(ctx, base(sig), len(sig), base(message), len(message)); err != nil { ++ return errors.New("ed25519: invalid signature") ++ } ++ return nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/evp.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/evp.go +new file mode 100644 +index 00000000000000..f87534cd4510b7 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cgo_go124.go -@@ -0,0 +1,40 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/evp.go +@@ -0,0 +1,590 @@ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++import "C" ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ "strconv" ++ "sync" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) ++ ++// cacheMD is a cache of crypto.Hash to GOossl.EVP_MD_PTR. ++var cacheMD sync.Map ++ ++// hashFuncHash calls fn() and returns its result. ++// If fn() panics, the panic is recovered and returned as an error. ++// This is used to avoid aborting the program when calling ++// an unsupported hash function. It is the caller's responsibility ++// to check the returned value. ++func hashFuncHash(fn func() hash.Hash) (h hash.Hash, err error) { ++ defer func() { ++ r := recover() ++ if r == nil { ++ return ++ } ++ h = nil ++ switch e := r.(type) { ++ case error: ++ err = e ++ case string: ++ err = errors.New(e) ++ default: ++ err = errors.New("unsupported panic") ++ } ++ }() ++ return fn(), nil ++} ++ ++// hashToMD converts a hash.Hash implementation from this package to a GOossl.EVP_MD_PTR. ++func hashToMD(h hash.Hash) ossl.EVP_MD_PTR { ++ if h, ok := h.(*evpHash); ok { ++ return h.alg.md ++ } ++ return nil ++} ++ ++// hashFuncToMD converts a hash.Hash function to a GOossl.EVP_MD_PTR. ++// See [hashFuncHash] for details on error handling. ++func hashFuncToMD(fn func() hash.Hash) (ossl.EVP_MD_PTR, error) { ++ h, err := hashFuncHash(fn) ++ if err != nil { ++ return nil, err ++ } ++ md := hashToMD(h) ++ if md == nil { ++ return nil, errors.New("unsupported hash function") ++ } ++ return md, nil ++} ++ ++// provider is an identifier for a known provider. ++type provider uint8 ++ ++const ( ++ providerNone provider = iota ++ providerOSSLDefault ++ providerOSSLFIPS ++ providerSymCrypt ++) ++ ++type hashAlgorithm struct { ++ md ossl.EVP_MD_PTR ++ ch crypto.Hash ++ size int ++ blockSize int ++ provider provider ++ marshallable bool ++ magic string ++ marshalledSize int ++} ++ ++// loadHash converts a crypto.Hash to a EVP_MD. ++func loadHash(ch crypto.Hash) *hashAlgorithm { ++ if v, ok := cacheMD.Load(ch); ok { ++ return v.(*hashAlgorithm) ++ } ++ ++ var hash hashAlgorithm ++ switch ch { ++ case crypto.RIPEMD160: ++ hash.md = ossl.EVP_ripemd160() ++ case crypto.MD4: ++ hash.md = ossl.EVP_md4() ++ case crypto.MD5: ++ hash.md = ossl.EVP_md5() ++ hash.magic = magicMD5 ++ hash.marshalledSize = marshaledSizeMD5 ++ case crypto.MD5SHA1: ++ hash.md = ossl.EVP_md5_sha1() ++ case crypto.SHA1: ++ hash.md = ossl.EVP_sha1() ++ hash.magic = magic1 ++ hash.marshalledSize = marshaledSize1 ++ case crypto.SHA224: ++ hash.md = ossl.EVP_sha224() ++ hash.magic = magic224 ++ hash.marshalledSize = marshaledSize256 ++ case crypto.SHA256: ++ hash.md = ossl.EVP_sha256() ++ hash.magic = magic256 ++ hash.marshalledSize = marshaledSize256 ++ case crypto.SHA384: ++ hash.md = ossl.EVP_sha384() ++ hash.magic = magic384 ++ hash.marshalledSize = marshaledSize512 ++ case crypto.SHA512: ++ hash.md = ossl.EVP_sha512() ++ hash.magic = magic512 ++ hash.marshalledSize = marshaledSize512 ++ case crypto.SHA512_224: ++ if versionAtOrAbove(1, 1, 1) { ++ hash.md = ossl.EVP_sha512_224() ++ hash.magic = magic512_224 ++ hash.marshalledSize = marshaledSize512 ++ } ++ case crypto.SHA512_256: ++ if versionAtOrAbove(1, 1, 1) { ++ hash.md = ossl.EVP_sha512_256() ++ hash.magic = magic512_256 ++ hash.marshalledSize = marshaledSize512 ++ } ++ case crypto.SHA3_224: ++ if versionAtOrAbove(1, 1, 1) { ++ hash.md = ossl.EVP_sha3_224() ++ } ++ case crypto.SHA3_256: ++ if versionAtOrAbove(1, 1, 1) { ++ hash.md = ossl.EVP_sha3_256() ++ } ++ case crypto.SHA3_384: ++ if versionAtOrAbove(1, 1, 1) { ++ hash.md = ossl.EVP_sha3_384() ++ } ++ case crypto.SHA3_512: ++ if versionAtOrAbove(1, 1, 1) { ++ hash.md = ossl.EVP_sha3_512() ++ } ++ } ++ if hash.md == nil { ++ cacheMD.Store(ch, (*hashAlgorithm)(nil)) ++ return nil ++ } ++ hash.ch = ch ++ hash.size = int(ossl.EVP_MD_get_size(hash.md)) ++ hash.blockSize = int(ossl.EVP_MD_get_block_size(hash.md)) ++ if vMajor == 3 { ++ // On OpenSSL 3, directly operating on a EVP_MD object ++ // not created by EVP_MD_fetch has negative performance ++ // implications, as digest operations will have ++ // to fetch it on every call. Better to just fetch it once here. ++ md, _ := ossl.EVP_MD_fetch(nil, ossl.EVP_MD_get0_name(hash.md), nil) ++ // Don't overwrite md in case it can't be fetched, as the md may still be used ++ // outside of EVP_MD_CTX, for example to sign and verify RSA signatures. ++ if md != nil { ++ hash.md = md ++ } ++ } ++ if hash.magic != "" { ++ if hash.marshalledSize == 0 { ++ panic("marshalledSize must be set for " + hash.magic) ++ } ++ } ++ ++ switch vMajor { ++ case 1: ++ hash.provider = providerOSSLDefault ++ case 3: ++ if prov := ossl.EVP_MD_get0_provider(hash.md); prov != nil { ++ cname := ossl.OSSL_PROVIDER_get0_name(prov) ++ switch C.GoString((*C.char)(unsafe.Pointer(cname))) { ++ case "default": ++ hash.provider = providerOSSLDefault ++ hash.marshallable = hash.magic != "" ++ case "fips": ++ hash.provider = providerOSSLFIPS ++ hash.marshallable = hash.magic != "" ++ case "symcryptprovider": ++ hash.provider = providerSymCrypt ++ hash.marshallable = hash.magic != "" && isSymCryptHashStateSerializable(hash.md) ++ } ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ ++ cacheMD.Store(ch, &hash) ++ return &hash ++} ++ ++// generateEVPPKey generates a new EVP_PKEY with the given id and properties. ++func generateEVPPKey(id, bits int32, curve string) (ossl.EVP_PKEY_PTR, error) { ++ if bits != 0 && curve != "" { ++ return nil, fail("incorrect generateEVPPKey parameters") ++ } ++ var pkey ossl.EVP_PKEY_PTR ++ switch vMajor { ++ case 1: ++ ctx, err := ossl.EVP_PKEY_CTX_new_id(id, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if _, err := ossl.EVP_PKEY_keygen_init(ctx); err != nil { ++ return nil, err ++ } ++ if bits != 0 { ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, id, -1, ossl.EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, nil); err != nil { ++ return nil, err ++ } ++ } ++ if curve != "" { ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, id, -1, ossl.EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, curveNID(curve), nil); err != nil { ++ return nil, err ++ } ++ } ++ if _, err := ossl.EVP_PKEY_keygen(ctx, &pkey); err != nil { ++ return nil, err ++ } ++ case 3: ++ var err error ++ switch id { ++ case ossl.EVP_PKEY_RSA: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_RSA(nil, nil, _KeyTypeRSA.ptr(), int(bits)) ++ case ossl.EVP_PKEY_EC: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_EC(nil, nil, _KeyTypeEC.ptr(), ossl.OBJ_nid2sn(curveNID(curve))) ++ case ossl.EVP_PKEY_ED25519: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_ED25519(nil, nil, _KeyTypeED25519.ptr()) ++ default: ++ panic("unsupported key type '" + strconv.Itoa(int(id)) + "'") ++ } ++ if err != nil { ++ return nil, err ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ ++ return pkey, nil ++} ++ ++type withKeyFunc func(func(ossl.EVP_PKEY_PTR) error) error ++type initFunc func(ossl.EVP_PKEY_CTX_PTR) error ++type cryptFunc func(ossl.EVP_PKEY_CTX_PTR, *byte, *int, *byte, int) error ++type verifyFunc func(ossl.EVP_PKEY_CTX_PTR, *byte, int, *byte, int) error ++ ++func setupEVP(withKey withKeyFunc, padding int32, ++ h, mgfHash hash.Hash, label []byte, saltLen int32, ch crypto.Hash, ++ init initFunc) (_ ossl.EVP_PKEY_CTX_PTR, err error) { ++ var ctx ossl.EVP_PKEY_CTX_PTR ++ if err := withKey(func(pkey ossl.EVP_PKEY_PTR) error { ++ ctx, err = ossl.EVP_PKEY_CTX_new(pkey, nil) ++ return err ++ }); err != nil { ++ return nil, err ++ } ++ defer func() { ++ if err != nil { ++ if ctx != nil { ++ ossl.EVP_PKEY_CTX_free(ctx) ++ ctx = nil ++ } ++ } ++ }() ++ if err := init(ctx); err != nil { ++ return nil, err ++ } ++ if padding == 0 { ++ return ctx, nil ++ } ++ // Each padding type has its own requirements in terms of when to apply the padding, ++ // so it can't be just set at this point. ++ setPadding := func() error { ++ _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PADDING, padding, nil) ++ return err ++ } ++ switch padding { ++ case ossl.RSA_PKCS1_OAEP_PADDING: ++ md := hashToMD(h) ++ if md == nil { ++ return nil, errors.New("crypto/rsa: unsupported hash function") ++ } ++ var mgfMD ossl.EVP_MD_PTR ++ if mgfHash != nil { ++ // mgfHash is optional, but if it is set it must match a supported hash function. ++ mgfMD = hashToMD(mgfHash) ++ if mgfMD == nil { ++ return nil, errors.New("crypto/rsa: unsupported hash function") ++ } ++ } ++ // setPadding must happen before setting EVP_PKEY_CTRL_RSA_OAEP_MD. ++ if err := setPadding(); err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_OAEP_MD, 0, unsafe.Pointer(md)); err != nil { ++ return nil, err ++ } ++ if mgfHash != nil { ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_MGF1_MD, 0, unsafe.Pointer(mgfMD)); err != nil { ++ return nil, err ++ } ++ } ++ // ctx takes ownership of label, so malloc a copy for OpenSSL to free. ++ // OpenSSL does not take ownership of the label if the length is zero, ++ // so better avoid the allocation. ++ var clabel *byte ++ if len(label) > 0 { ++ clabel = (*byte)(cryptoMalloc(len(label))) ++ copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label) ++ var err error ++ if vMajor == 3 { ++ _, err = ossl.EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, unsafe.Pointer(clabel), int32(len(label))) ++ } else { ++ _, err = ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_OAEP_LABEL, int32(len(label)), unsafe.Pointer(clabel)) ++ } ++ if err != nil { ++ cryptoFree(unsafe.Pointer(clabel)) ++ return nil, err ++ } ++ } ++ case ossl.RSA_PKCS1_PSS_PADDING: ++ alg := loadHash(ch) ++ if alg == nil { ++ return nil, errors.New("crypto/rsa: unsupported hash function") ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(alg.md)); err != nil { ++ return nil, err ++ } ++ // setPadding must happen after setting EVP_PKEY_CTRL_MD. ++ if err := setPadding(); err != nil { ++ return nil, err ++ } ++ if saltLen != 0 { ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PSS_SALTLEN, saltLen, nil); err != nil { ++ return nil, err ++ } ++ } ++ ++ case ossl.RSA_PKCS1_PADDING: ++ if ch != 0 { ++ // We support unhashed messages. ++ alg := loadHash(ch) ++ if alg == nil { ++ return nil, errors.New("crypto/rsa: unsupported hash function") ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, -1, ossl.EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(alg.md)); err != nil { ++ return nil, err ++ } ++ if err := setPadding(); err != nil { ++ return nil, err ++ } ++ } ++ default: ++ if err := setPadding(); err != nil { ++ return nil, err ++ } ++ } ++ return ctx, nil ++} ++ ++func cryptEVP(withKey withKeyFunc, padding int32, ++ h, mgfHash hash.Hash, label []byte, saltLen int32, ch crypto.Hash, ++ init initFunc, crypt cryptFunc, in []byte) ([]byte, error) { ++ ++ ctx, err := setupEVP(withKey, padding, h, mgfHash, label, saltLen, ch, init) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ var pkeySize int32 ++ if err := withKey(func(pkey ossl.EVP_PKEY_PTR) (err error) { ++ pkeySize, err = ossl.EVP_PKEY_get_size(pkey) ++ return err ++ }); err != nil { ++ return nil, err ++ } ++ outLen := int(pkeySize) ++ out := make([]byte, pkeySize) ++ if err := crypt(ctx, base(out), &outLen, base(in), len(in)); err != nil { ++ return nil, err ++ } ++ // The size returned by EVP_PKEY_get_size() is only preliminary and not exact, ++ // so the final contents of the out buffer may be smaller. ++ return out[:outLen], nil ++} ++ ++func verifyEVP(withKey withKeyFunc, padding int32, ++ h hash.Hash, label []byte, saltLen int32, ch crypto.Hash, ++ init initFunc, verify verifyFunc, ++ sig, in []byte) error { + -+//go:build go1.24 && darwin ++ ctx, err := setupEVP(withKey, padding, h, nil, label, saltLen, ch, init) ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ return verify(ctx, base(sig), len(sig), base(in), len(in)) ++} + -+package cryptokit ++func evpEncrypt(withKey withKeyFunc, padding int32, h, mgfHash hash.Hash, label, msg []byte) ([]byte, error) { ++ encryptInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { ++ _, err := ossl.EVP_PKEY_encrypt_init(ctx) ++ return err ++ } ++ encrypt := func(ctx ossl.EVP_PKEY_CTX_PTR, out *byte, outLen *int, in *byte, inLen int) error { ++ if _, err := ossl.EVP_PKEY_encrypt(ctx, out, outLen, in, inLen); err != nil { ++ return err ++ } ++ return nil ++ } ++ return cryptEVP(withKey, padding, h, mgfHash, label, 0, 0, encryptInit, encrypt, msg) ++} + -+// See xcrypto/cgo_go124.go for context. ++func evpDecrypt(withKey withKeyFunc, padding int32, h, mgfHash hash.Hash, label, msg []byte) ([]byte, error) { ++ decryptInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { ++ _, err := ossl.EVP_PKEY_decrypt_init(ctx) ++ return err ++ } ++ decrypt := func(ctx ossl.EVP_PKEY_CTX_PTR, out *byte, outLen *int, in *byte, inLen int) error { ++ _, err := ossl.EVP_PKEY_decrypt(ctx, out, outLen, in, inLen) ++ return err ++ } ++ return cryptEVP(withKey, padding, h, mgfHash, label, 0, 0, decryptInit, decrypt, msg) ++} + -+/* -+#cgo noescape MD5 -+#cgo nocallback MD5 -+#cgo noescape SHA1 -+#cgo nocallback SHA1 -+#cgo noescape SHA256 -+#cgo nocallback SHA256 -+#cgo noescape SHA384 -+#cgo nocallback SHA384 -+#cgo noescape SHA512 -+#cgo nocallback SHA512 ++func evpSign(withKey withKeyFunc, padding int32, saltLen int32, h crypto.Hash, hashed []byte) ([]byte, error) { ++ signtInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { ++ _, err := ossl.EVP_PKEY_sign_init(ctx) ++ return err ++ } ++ sign := func(ctx ossl.EVP_PKEY_CTX_PTR, out *byte, outLen *int, in *byte, inLen int) error { ++ _, err := ossl.EVP_PKEY_sign(ctx, out, outLen, in, inLen) ++ return err ++ } ++ return cryptEVP(withKey, padding, nil, nil, nil, saltLen, h, signtInit, sign, hashed) ++} + -+#cgo noescape hashWrite -+#cgo noescape hashSum -+#cgo nocallback hashNew -+#cgo nocallback hashWrite -+#cgo nocallback hashSum -+#cgo nocallback hashReset -+#cgo nocallback hashSize -+#cgo nocallback hashBlockSize -+#cgo nocallback hashCopy -+#cgo nocallback hashFree ++func evpVerify(withKey withKeyFunc, padding int32, saltLen int32, h crypto.Hash, sig, hashed []byte) error { ++ verifyInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { ++ _, err := ossl.EVP_PKEY_verify_init(ctx) ++ return err ++ } ++ verify := func(ctx ossl.EVP_PKEY_CTX_PTR, out *byte, outLen int, in *byte, inLen int) error { ++ _, err := ossl.EVP_PKEY_verify(ctx, out, outLen, in, inLen) ++ return err ++ } ++ return verifyEVP(withKey, padding, nil, nil, saltLen, h, verifyInit, verify, sig, hashed) ++} + -+#cgo noescape updateHMAC -+#cgo noescape finalizeHMAC -+#cgo nocallback initHMAC -+#cgo nocallback freeHMAC -+#cgo nocallback updateHMAC -+#cgo nocallback finalizeHMAC -+*/ -+import "C" -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.go ++func evpHashSign(withKey withKeyFunc, h crypto.Hash, msg []byte) ([]byte, error) { ++ alg := loadHash(h) ++ if alg == nil { ++ return nil, errors.New("unsupported hash function: " + strconv.Itoa(int(h))) ++ } ++ var out []byte ++ var outLen int ++ ctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_MD_CTX_free(ctx) ++ if err := withKey(func(key ossl.EVP_PKEY_PTR) error { ++ _, err := ossl.EVP_DigestSignInit(ctx, nil, alg.md, nil, key) ++ return err ++ }); err != nil { ++ return nil, err ++ } ++ if len(msg) > 0 { ++ if _, err := ossl.EVP_DigestUpdate(ctx, pbase(msg), len(msg)); err != nil { ++ return nil, err ++ } ++ } ++ // Obtain the signature length ++ if _, err := ossl.EVP_DigestSignFinal(ctx, nil, &outLen); err != nil { ++ return nil, err ++ } ++ out = make([]byte, outLen) ++ // Obtain the signature ++ if _, err := ossl.EVP_DigestSignFinal(ctx, base(out), &outLen); err != nil { ++ return nil, err ++ } ++ return out[:outLen], nil ++} ++ ++func evpHashVerify(withKey withKeyFunc, h crypto.Hash, msg, sig []byte) error { ++ alg := loadHash(h) ++ if alg == nil { ++ return errors.New("unsupported hash function: " + strconv.Itoa(int(h))) ++ } ++ ctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_MD_CTX_free(ctx) ++ if err := withKey(func(key ossl.EVP_PKEY_PTR) error { ++ _, err := ossl.EVP_DigestVerifyInit(ctx, nil, alg.md, nil, key) ++ return err ++ }); err != nil { ++ return err ++ } ++ if len(msg) > 0 { ++ if _, err := ossl.EVP_DigestUpdate(ctx, pbase(msg), len(msg)); err != nil { ++ return err ++ } ++ } ++ if _, err := ossl.EVP_DigestVerifyFinal(ctx, base(sig), len(sig)); err != nil { ++ return err ++ } ++ return nil ++} ++ ++func newEVPPKEY(key ossl.EC_KEY_PTR) (ossl.EVP_PKEY_PTR, error) { ++ pkey, err := ossl.EVP_PKEY_new() ++ if err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_EC, unsafe.Pointer(key)); err != nil { ++ ossl.EVP_PKEY_free(pkey) ++ return nil, err ++ } ++ return pkey, nil ++} ++ ++// getECKey returns the EC_KEY from pkey. ++// If pkey does not contain an EC_KEY it panics. ++// The returned key should not be freed. ++func getECKey(pkey ossl.EVP_PKEY_PTR) ossl.EC_KEY_PTR { ++ key, err := ossl.EVP_PKEY_get0_EC_KEY(pkey) ++ if err != nil { ++ panic(err) ++ } ++ return key ++} ++ ++func newEvpFromParams(id int32, selection int32, params ossl.OSSL_PARAM_PTR) (ossl.EVP_PKEY_PTR, error) { ++ ctx, err := ossl.EVP_PKEY_CTX_new_id(id, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if _, err := ossl.EVP_PKEY_fromdata_init(ctx); err != nil { ++ return nil, err ++ } ++ var pkey ossl.EVP_PKEY_PTR ++ if _, err := ossl.EVP_PKEY_fromdata(ctx, &pkey, selection, params); err != nil { ++ if vMajor == 3 && vMinor <= 2 { ++ // OpenSSL 3.0.1 and 3.0.2 have a bug where EVP_PKEY_fromdata ++ // does not free the internally allocated EVP_PKEY on error. ++ // See https://github.com/openssl/openssl/issues/17407. ++ ossl.EVP_PKEY_free(pkey) ++ } ++ return nil, err ++ } ++ return pkey, nil ++} ++ ++func checkPkey(pkey ossl.EVP_PKEY_PTR, isPrivate bool) error { ++ ctx, err := ossl.EVP_PKEY_CTX_new(pkey, nil) ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if isPrivate { ++ if _, err := ossl.EVP_PKEY_private_check(ctx); err != nil { ++ // Match upstream error message. ++ return errors.New("invalid private key") ++ } ++ } else { ++ // Upstream Go does a partial check here, so do we. ++ if _, err := ossl.EVP_PKEY_public_check_quick(ctx); err != nil { ++ // Match upstream error message. ++ return errors.New("invalid public key") ++ } ++ } ++ return nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hash.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hash.go new file mode 100644 -index 00000000000000..9f05af66b277d3 +index 00000000000000..b1e53673fd785a --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.go -@@ -0,0 +1,39 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hash.go +@@ -0,0 +1,455 @@ ++//go:build !cmd_go_bootstrap + -+package cryptokit ++package openssl + -+// #cgo CFLAGS: -Wno-deprecated-declarations -+// #cgo LDFLAGS: -framework Security -framework CoreFoundation -L /Library/Developer/CommandLineTools/usr/lib/swift/macosx ${SRCDIR}/CryptoKit.o +import "C" -+import "unsafe" ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ "runtime" ++ "strconv" ++ "sync" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) ++ ++const ( ++ magicMD5 = "md5\x01" ++ magic1 = "sha\x01" ++ magic224 = "sha\x02" ++ magic256 = "sha\x03" ++ magic384 = "sha\x04" ++ magic512_224 = "sha\x05" ++ magic512_256 = "sha\x06" ++ magic512 = "sha\x07" ++ ++ marshaledSizeMD5 = len(magicMD5) + 4*4 + 64 + 8 // from crypto/md5 ++ marshaledSize1 = len(magic1) + 5*4 + 64 + 8 // from crypto/sha1 ++ marshaledSize256 = len(magic256) + 8*4 + 64 + 8 // from crypto/sha256 ++ marshaledSize512 = len(magic512) + 8*8 + 128 + 8 // from crypto/sha512 ++) + -+// base returns the address of the underlying array in b, -+// being careful not to panic when b has zero length. -+func base(b []byte) *C.uchar { -+ return (*C.uchar)(unsafe.Pointer(addr(b))) ++// maxHashSize is the size of SHA52 and SHA3_512, the largest hashes we support. ++const maxHashSize = 64 ++ ++func hashOneShot(ch crypto.Hash, p []byte, sum []byte) bool { ++ _, err := ossl.EVP_Digest(pbaseNeverEmpty(p), len(p), base(sum), nil, loadHash(ch).md, nil) ++ return err == nil +} + -+// base returns the address of the underlying array in b, -+// being careful not to panic when b has zero length. -+func addr(b []byte) *byte { -+ if len(b) == 0 { -+ return nil ++func MD4(p []byte) (sum [16]byte) { ++ if !hashOneShot(crypto.MD4, p, sum[:]) { ++ panic("openssl: MD4 failed") + } -+ return unsafe.SliceData(b) ++ return +} + -+var zero byte -+ -+// addrNeverEmpty returns the address of the underlying array in b, -+// being careful not to panic when b has zero length. -+// If b is empty, it returns a pointer to a zero byte -+// so that it can always be dereferenced. -+func addrNeverEmpty(b []byte) *byte { -+ if len(b) == 0 { -+ return &zero ++func MD5(p []byte) (sum [16]byte) { ++ if !hashOneShot(crypto.MD5, p, sum[:]) { ++ panic("openssl: MD5 failed") + } -+ return unsafe.SliceData(b) ++ return +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.h -new file mode 100644 -index 00000000000000..8306f0f74e055b ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.h -@@ -0,0 +1,67 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+#ifndef CRYPTOKIT_H -+#define CRYPTOKIT_H -+ -+#include -+#include -+ -+// AES GCM encryption and decryption -+int encryptAESGCM(const uint8_t *key, size_t keyLength, const uint8_t *data, -+ size_t dataLength, const uint8_t *nonce, size_t nonceLength, -+ const uint8_t *aad, size_t aadLength, uint8_t *cipherText, -+ size_t cipherTextLength, uint8_t *tag); -+int decryptAESGCM(const uint8_t *key, size_t keyLength, const uint8_t *data, -+ size_t dataLength, const uint8_t *nonce, size_t nonceLength, -+ const uint8_t *aad, size_t aadLength, const uint8_t *tag, -+ size_t tagLength, uint8_t *out, size_t *outLength); -+ -+// Generates an Ed25519 keypair. -+// The private key is 64 bytes (first 32 bytes are the seed, next 32 bytes are -+// the public key). The public key is 32 bytes. -+void generateKeyEd25519(uint8_t *key); -+int newPrivateKeyEd25519FromSeed(uint8_t *key, const uint8_t *seed); -+int newPublicKeyEd25519(uint8_t *key, const uint8_t *pub); -+int signEd25519(const uint8_t *privateKey, const uint8_t *message, -+ size_t messageLength, uint8_t *sigBuffer); -+int verifyEd25519(const uint8_t *publicKey, const uint8_t *message, -+ size_t messageLength, const uint8_t *sig); -+ -+// HKDF key derivation -+int extractHKDF(int32_t hashFunction, const uint8_t *secret, -+ size_t secretLength, const uint8_t *salt, size_t saltLength, -+ uint8_t *prk, size_t prkLength); -+int expandHKDF(int32_t hashFunction, const uint8_t *prk, size_t prkLength, -+ const uint8_t *info, size_t infoLength, uint8_t *okm, -+ size_t okmLength); -+ -+void *initHMAC(int32_t hashFunction, const uint8_t *key, int keyLength); -+void freeHMAC(int32_t hashFunction, void *ptr); -+void updateHMAC(int32_t hashFunction, void *ptr, const uint8_t *data, -+ int length); -+void finalizeHMAC(int32_t hashFunction, void *ptr, uint8_t *outputPointer); -+void *copyHMAC(int32_t hashAlgorithm, void *ptr); -+ -+void MD5(const uint8_t *inputPointer, size_t inputLength, -+ const uint8_t *outputPointer); -+void SHA1(const uint8_t *inputPointer, size_t inputLength, -+ const uint8_t *outputPointer); -+void SHA256(const uint8_t *inputPointer, size_t inputLength, -+ const uint8_t *outputPointer); -+void SHA384(const uint8_t *inputPointer, size_t inputLength, -+ const uint8_t *outputPointer); -+void SHA512(const uint8_t *inputPointer, size_t inputLength, -+ const uint8_t *outputPointer); + -+void *hashNew(int32_t hashAlgorithm); -+void hashWrite(int32_t hashAlgorithm, void *ptr, const uint8_t *data, -+ int length); -+void hashSum(int32_t hashAlgorithm, void *ptr, uint8_t *outputPointer); -+void hashReset(int32_t hashAlgorithm, void *ptr); -+int hashSize(int32_t hashAlgorithm); -+int hashBlockSize(int32_t hashAlgorithm); -+void *hashCopy(int32_t hashAlgorithm, void *ptr); -+void hashFree(int32_t hashAlgorithm, void *ptr); ++func SHA1(p []byte) (sum [20]byte) { ++ if !hashOneShot(crypto.SHA1, p, sum[:]) { ++ panic("openssl: SHA1 failed") ++ } ++ return ++} + -+#endif /* CRYPTOKIT_H */ -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/ed25519.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/ed25519.go -new file mode 100644 -index 00000000000000..2fa15c8fa5529a ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/ed25519.go -@@ -0,0 +1,72 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++func SHA224(p []byte) (sum [28]byte) { ++ if !hashOneShot(crypto.SHA224, p, sum[:]) { ++ panic("openssl: SHA224 failed") ++ } ++ return ++} + -+//go:build darwin ++func SHA256(p []byte) (sum [32]byte) { ++ if !hashOneShot(crypto.SHA256, p, sum[:]) { ++ panic("openssl: SHA256 failed") ++ } ++ return ++} + -+package cryptokit ++func SHA384(p []byte) (sum [48]byte) { ++ if !hashOneShot(crypto.SHA384, p, sum[:]) { ++ panic("openssl: SHA384 failed") ++ } ++ return ++} + -+// #include "cryptokit.h" -+import "C" -+import ( -+ "errors" -+) ++func SHA512(p []byte) (sum [64]byte) { ++ if !hashOneShot(crypto.SHA512, p, sum[:]) { ++ panic("openssl: SHA512 failed") ++ } ++ return ++} + -+// GenerateKeyEd25519 generates an Ed25519 private key using the Swift implementation. -+func GenerateKeyEd25519(key []byte) { -+ C.generateKeyEd25519(base(key)) ++func SHA512_224(p []byte) (sum [28]byte) { ++ if !hashOneShot(crypto.SHA512_224, p, sum[:]) { ++ panic("openssl: SHA512 failed") ++ } ++ return +} + -+// NewPrivateKeyEd25519FromSeed generates an Ed25519 private key from a seed. -+func NewPrivateKeyEd25519FromSeed(key, seed []byte) error { -+ result := C.newPrivateKeyEd25519FromSeed(base(key), base(seed)) -+ if result != 0 { -+ return errors.New("failed to generate Ed25519 key from seed") ++func SHA512_256(p []byte) (sum [32]byte) { ++ if !hashOneShot(crypto.SHA512_256, p, sum[:]) { ++ panic("openssl: SHA512_256 failed") + } -+ return nil ++ return +} + -+// NewPublicKeyEd25519 creates a new Ed25519 public key from raw bytes. -+func NewPublicKeyEd25519(key, pub []byte) error { -+ result := C.newPublicKeyEd25519(base(key), base(pub)) -+ if result != 0 { -+ return errors.New("failed to create Ed25519 public key") ++// cacheHashSupported is a cache of crypto.Hash support. ++var cacheHashSupported sync.Map ++ ++// SupportsHash reports whether the current OpenSSL version supports the given hash. ++func SupportsHash(h crypto.Hash) bool { ++ if v, ok := cacheHashSupported.Load(h); ok { ++ return v.(bool) + } -+ return nil ++ alg := loadHash(h) ++ if alg == nil { ++ cacheHashSupported.Store(h, false) ++ return false ++ } ++ // EVP_MD objects can be non-nil even when they can't be used ++ // in a EVP_MD_CTX, e.g. MD5 in FIPS mode. We need to prove ++ // if they can be used by passing them to a EVP_MD_CTX. ++ var supported bool ++ if ctx, _ := ossl.EVP_MD_CTX_new(); ctx != nil { ++ _, err := ossl.EVP_DigestInit_ex(ctx, alg.md, nil) ++ supported = err == nil ++ ossl.EVP_MD_CTX_free(ctx) ++ } ++ cacheHashSupported.Store(h, supported) ++ return supported +} + -+// SignEd25519 signs a message using the provided private key. -+func SignEd25519(sig, privateKey, message []byte) error { -+ result := C.signEd25519(base(privateKey), base(message), C.size_t(len(message)), base(sig)) -+ if result < 0 { -+ switch result { -+ case -1: -+ return errors.New("invalid inputs to SignEd25519") -+ case -2: -+ return errors.New("failed to reconstruct private key") -+ case -3: -+ return errors.New("failed to sign the message") -+ case -4: -+ return errors.New("signature buffer too small") -+ default: -+ return errors.New("unknown error in SignEd25519") -+ } ++func SHA3_224(p []byte) (sum [28]byte) { ++ if !hashOneShot(crypto.SHA3_224, p, sum[:]) { ++ panic("openssl: SHA3_224 failed") + } -+ return nil ++ return +} + -+// VerifyEd25519 verifies a signature using the provided public key and message. -+func VerifyEd25519(publicKey, message, sig []byte) error { -+ result := C.verifyEd25519(base(publicKey), base(message), C.size_t(len(message)), base(sig)) -+ switch result { -+ case 1: -+ return nil // Valid signature -+ case 0: -+ return errors.New("ed25519: invalid signature") -+ case -1: -+ return errors.New("invalid inputs to VerifyEd25519") -+ case -2: -+ return errors.New("failed to reconstruct public key") -+ default: -+ return errors.New("unknown error in VerifyEd25519") ++func SHA3_256(p []byte) (sum [32]byte) { ++ if !hashOneShot(crypto.SHA3_256, p, sum[:]) { ++ panic("openssl: SHA3_256 failed") + } ++ return +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/gcm.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/gcm.go -new file mode 100644 -index 00000000000000..458e9eb57416b1 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/gcm.go -@@ -0,0 +1,36 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. + -+//go:build darwin ++func SHA3_384(p []byte) (sum [48]byte) { ++ if !hashOneShot(crypto.SHA3_384, p, sum[:]) { ++ panic("openssl: SHA3_384 failed") ++ } ++ return ++} + -+package cryptokit ++func SHA3_512(p []byte) (sum [64]byte) { ++ if !hashOneShot(crypto.SHA3_512, p, sum[:]) { ++ panic("openssl: SHA3_512 failed") ++ } ++ return ++} + -+// #include "cryptokit.h" -+import "C" ++// NewMD4 returns a new MD4 hash. ++// The returned hash doesn't implement encoding.BinaryMarshaler and ++// encoding.BinaryUnmarshaler. ++func NewMD4() hash.Hash { ++ return newEvpHash(crypto.MD4) ++} + -+// EncryptAESGCM performs AES-GCM encryption using Swift. -+func EncryptAESGCM(key, plaintext, nonce, additionalData, ciphertext, tag []byte) int { -+ err := C.encryptAESGCM( -+ base(key), C.size_t(len(key)), -+ base(plaintext), C.size_t(len(plaintext)), -+ base(nonce), C.size_t(len(nonce)), -+ base(additionalData), C.size_t(len(additionalData)), -+ base(ciphertext), C.size_t(len(ciphertext)), -+ base(tag), -+ ) -+ return int(err) ++// NewMD5 returns a new MD5 hash. ++func NewMD5() hash.Hash { ++ return newEvpHash(crypto.MD5) +} + -+// DecryptAESGCM performs AES-GCM decryption using Swift. -+func DecryptAESGCM(key, ciphertext, nonce, additionalData, tag, plaintext []byte) (int, int) { -+ var decSize C.size_t -+ err := C.decryptAESGCM( -+ base(key), C.size_t(len(key)), -+ base(ciphertext), C.size_t(len(ciphertext)), -+ base(nonce), C.size_t(len(nonce)), -+ base(additionalData), C.size_t(len(additionalData)), -+ base(tag), C.size_t(len(tag)), -+ base(plaintext), &decSize, -+ ) -+ return int(decSize), int(err) ++// NewSHA1 returns a new SHA1 hash. ++func NewSHA1() hash.Hash { ++ return newEvpHash(crypto.SHA1) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hash.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hash.go -new file mode 100644 -index 00000000000000..977ee3152ada71 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hash.go -@@ -0,0 +1,247 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. + -+//go:build darwin ++// NewSHA224 returns a new SHA224 hash. ++func NewSHA224() hash.Hash { ++ return newEvpHash(crypto.SHA224) ++} + -+package cryptokit ++// NewSHA256 returns a new SHA256 hash. ++func NewSHA256() hash.Hash { ++ return newEvpHash(crypto.SHA256) ++} + -+// #include "cryptokit.h" -+import "C" -+import ( -+ "errors" -+ "hash" -+ "runtime" -+ "unsafe" -+) ++// NewSHA384 returns a new SHA384 hash. ++func NewSHA384() hash.Hash { ++ return newEvpHash(crypto.SHA384) ++} + -+func MD5(p []byte) (sum [16]byte) { -+ C.MD5((*C.uint8_t)(&*addrNeverEmpty(p)), C.size_t(len(p)), base(sum[:])) -+ return ++// NewSHA512 returns a new SHA512 hash. ++func NewSHA512() hash.Hash { ++ return newEvpHash(crypto.SHA512) +} + -+func SHA1(p []byte) (sum [20]byte) { -+ C.SHA1((*C.uint8_t)(&*addrNeverEmpty(p)), C.size_t(len(p)), base(sum[:])) -+ return ++// NewSHA512_224 returns a new SHA512_224 hash. ++func NewSHA512_224() hash.Hash { ++ return newEvpHash(crypto.SHA512_224) +} + -+func SHA256(p []byte) (sum [32]byte) { -+ C.SHA256((*C.uint8_t)(&*addrNeverEmpty(p)), C.size_t(len(p)), base(sum[:])) -+ return ++// NewSHA512_256 returns a new SHA512_256 hash. ++func NewSHA512_256() hash.Hash { ++ return newEvpHash(crypto.SHA512_256) +} + -+func SHA384(p []byte) (sum [48]byte) { -+ C.SHA384((*C.uint8_t)(&*addrNeverEmpty(p)), C.size_t(len(p)), base(sum[:])) -+ return ++// NewSHA3_224 returns a new SHA3-224 hash. ++func NewSHA3_224() hash.Hash { ++ return newEvpHash(crypto.SHA3_224) +} + -+func SHA512(p []byte) (sum [64]byte) { -+ C.SHA512((*C.uint8_t)(&*addrNeverEmpty(p)), C.size_t(len(p)), base(sum[:])) -+ return ++// NewSHA3_256 returns a new SHA3-256 hash. ++func NewSHA3_256() hash.Hash { ++ return newEvpHash(crypto.SHA3_256) +} + -+const ( -+ md5 = 1 -+ sha1 = 2 -+ sha256 = 3 -+ sha384 = 4 -+ sha512 = 5 -+) ++// NewSHA3_384 returns a new SHA3-384 hash. ++func NewSHA3_384() hash.Hash { ++ return newEvpHash(crypto.SHA3_384) ++} + -+var ( -+ MD5BlockSize = int(C.hashBlockSize(md5)) -+ MD5Size = int(C.hashSize(md5)) -+ SHA1BlockSize = int(C.hashBlockSize(sha1)) -+ SHA1Size = int(C.hashSize(sha1)) -+ SHA256BlockSize = int(C.hashBlockSize(sha256)) -+ SHA256Size = int(C.hashSize(sha256)) -+ SHA384BlockSize = int(C.hashBlockSize(sha384)) -+ SHA384Size = int(C.hashSize(sha384)) -+ SHA512BlockSize = int(C.hashBlockSize(sha512)) -+ SHA512Size = int(C.hashSize(sha512)) -+) ++// NewSHA3_512 returns a new SHA3-512 hash. ++func NewSHA3_512() hash.Hash { ++ return newEvpHash(crypto.SHA3_512) ++} + +var _ hash.Hash = (*evpHash)(nil) +var _ HashCloner = (*evpHash)(nil) + ++// evpHash implements generic hash methods. +type evpHash struct { -+ ptr unsafe.Pointer -+ hashAlgorithm C.int -+ blockSize int -+ size int ++ alg *hashAlgorithm ++ ctx ossl.EVP_MD_CTX_PTR ++ // ctx2 is used in evpHash.sum to avoid changing ++ // the state of ctx. Having it here allows reusing the ++ // same allocated object multiple times. ++ ctx2 ossl.EVP_MD_CTX_PTR ++ out [maxHashSize]byte +} + -+func newEVPHash(hashAlgorithm C.int, blockSize, size int) *evpHash { -+ h := &evpHash{ -+ ptr: C.hashNew(hashAlgorithm), -+ hashAlgorithm: hashAlgorithm, -+ blockSize: blockSize, -+ size: size, ++func newEvpHash(ch crypto.Hash) *evpHash { ++ alg := loadHash(ch) ++ if alg == nil { ++ panic("openssl: unsupported hash function: " + strconv.Itoa(int(ch))) + } -+ -+ runtime.SetFinalizer(h, (*evpHash).finalize) -+ ++ h := &evpHash{alg: alg} ++ // Don't call init() yet, it would be wasteful ++ // if the caller only wants to know the hash type. This ++ // is a common pattern in this package, as some functions ++ // accept a `func() hash.Hash` parameter and call it just ++ // to know the hash type. + return h +} + +func (h *evpHash) finalize() { -+ if h.ptr != nil { -+ C.hashFree(h.hashAlgorithm, h.ptr) -+ h.ptr = nil ++ if h.ctx != nil { ++ ossl.EVP_MD_CTX_free(h.ctx) ++ } ++ if h.ctx2 != nil { ++ ossl.EVP_MD_CTX_free(h.ctx2) + } +} + -+func (h *evpHash) Clone() (HashCloner, error) { -+ if h.ptr == nil { -+ panic("cryptokit: hash already finalized") ++func (h *evpHash) init() { ++ if h.ctx != nil { ++ return + } -+ -+ newHash := &evpHash{ -+ ptr: C.hashCopy(h.hashAlgorithm, h.ptr), -+ hashAlgorithm: h.hashAlgorithm, -+ blockSize: h.blockSize, -+ size: h.size, ++ var err error ++ h.ctx, err = ossl.EVP_MD_CTX_new() ++ if err != nil { ++ panic(err) + } ++ if _, err := ossl.EVP_DigestInit_ex(h.ctx, h.alg.md, nil); err != nil { ++ ossl.EVP_MD_CTX_free(h.ctx) ++ panic(err) ++ } ++ h.ctx2, err = ossl.EVP_MD_CTX_new() ++ if err != nil { ++ ossl.EVP_MD_CTX_free(h.ctx) ++ panic(err) ++ } ++ runtime.SetFinalizer(h, (*evpHash).finalize) ++} + -+ runtime.SetFinalizer(newHash, (*evpHash).finalize) -+ ++func (h *evpHash) Reset() { ++ if h.ctx == nil { ++ // The hash is not initialized yet, no need to reset. ++ return ++ } ++ // There is no need to reset h.ctx2 because it is always reset after ++ // use in evpHash.sum. ++ if _, err := ossl.EVP_DigestInit_ex(h.ctx, nil, nil); err != nil { ++ panic(err) ++ } + runtime.KeepAlive(h) -+ -+ return newHash, nil +} + +func (h *evpHash) Write(p []byte) (int, error) { + if len(p) == 0 { + return 0, nil + } -+ C.hashWrite(h.hashAlgorithm, h.ptr, (*C.uint8_t)(&*addrNeverEmpty(p)), C.int(len(p))) -+ ++ h.init() ++ if _, err := ossl.EVP_DigestUpdate(h.ctx, pbase(p), len(p)); err != nil { ++ panic(err) ++ } + runtime.KeepAlive(h) -+ + return len(p), nil +} + @@ -14268,139 +13529,158 @@ index 00000000000000..977ee3152ada71 + if len(s) == 0 { + return 0, nil + } -+ C.hashWrite(h.hashAlgorithm, h.ptr, (*C.uchar)(unsafe.Pointer(unsafe.StringData(s))), C.int(len(s))) -+ -+ runtime.KeepAlive(h) -+ -+ return len(s), nil -+} -+ -+func (h *evpHash) WriteByte(c byte) error { -+ C.hashWrite(h.hashAlgorithm, h.ptr, base([]byte{c}), 1) -+ -+ runtime.KeepAlive(h) -+ -+ return nil -+} -+ -+func (h *evpHash) Sum(b []byte) []byte { -+ hashSlice := make([]byte, h.size, 64) // explicit cap to allow stack allocation -+ C.hashSum(h.hashAlgorithm, h.ptr, base(hashSlice)) -+ runtime.KeepAlive(h) -+ -+ b = append(b, hashSlice...) -+ return b -+} -+ -+func (h *evpHash) MarshalBinary() ([]byte, error) { -+ return nil, errors.New("cryptokit: hash state is not marshallable") -+} -+ -+func (h *evpHash) AppendBinary(b []byte) ([]byte, error) { -+ return nil, errors.New("cryptokit: hash state is not marshallable") -+} -+ -+func (h *evpHash) UnmarshalBinary(data []byte) error { -+ return errors.New("cryptokit: hash state is not marshallable") -+} -+ -+func (h *evpHash) Reset() { -+ C.hashReset(h.hashAlgorithm, h.ptr) ++ h.init() ++ if _, err := ossl.EVP_DigestUpdate(h.ctx, unsafe.Pointer(unsafe.StringData(s)), len(s)); err != nil { ++ panic(err) ++ } ++ runtime.KeepAlive(h) ++ return len(s), nil +} + -+func (h *evpHash) BlockSize() int { -+ return h.blockSize ++func (h *evpHash) WriteByte(c byte) error { ++ h.init() ++ if _, err := ossl.EVP_DigestUpdate(h.ctx, unsafe.Pointer(&c), 1); err != nil { ++ panic(err) ++ } ++ runtime.KeepAlive(h) ++ return nil +} + +func (h *evpHash) Size() int { -+ return h.size ++ return h.alg.size +} + -+type MD5Hash struct { -+ *evpHash ++func (h *evpHash) BlockSize() int { ++ return h.alg.blockSize +} + -+func NewMD5() hash.Hash { -+ return MD5Hash{ -+ evpHash: newEVPHash( -+ C.int(md5), -+ MD5BlockSize, -+ MD5Size, -+ ), ++func (h *evpHash) Sum(in []byte) []byte { ++ h.init() ++ tmp := h.out[:h.Size()] // Create slice view ++ clear(tmp) ++ if err := ossl.HashSum(h.ctx, h.ctx2, tmp); err != nil { ++ panic(err) + } ++ runtime.KeepAlive(h) ++ return append(in, tmp...) +} + -+type SHA1Hash struct { -+ *evpHash ++// Clone returns a new evpHash object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *evpHash) Clone() (HashCloner, error) { ++ h2 := &evpHash{alg: h.alg} ++ if h.ctx != nil { ++ var err error ++ h2.ctx, err = ossl.EVP_MD_CTX_new() ++ if err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_MD_CTX_copy_ex(h2.ctx, h.ctx); err != nil { ++ ossl.EVP_MD_CTX_free(h2.ctx) ++ panic(err) ++ } ++ h2.ctx2, err = ossl.EVP_MD_CTX_new() ++ if err != nil { ++ ossl.EVP_MD_CTX_free(h2.ctx) ++ panic(err) ++ } ++ runtime.SetFinalizer(h2, (*evpHash).finalize) ++ } ++ runtime.KeepAlive(h) ++ return h2, nil +} + -+// NewSHA1 initializes a new SHA1 hasher. -+func NewSHA1() hash.Hash { -+ return SHA1Hash{ -+ evpHash: newEVPHash( -+ sha1, -+ SHA1BlockSize, -+ SHA1Size, -+ ), ++var errHashNotMarshallable = errors.New("openssl: hash state is not marshallable") ++ ++func (d *evpHash) MarshalBinary() ([]byte, error) { ++ if !d.alg.marshallable { ++ return nil, errHashNotMarshallable + } ++ buf := make([]byte, 0, d.alg.marshalledSize) ++ return d.AppendBinary(buf) +} + -+type SHA256Hash struct { -+ *evpHash ++func (d *evpHash) AppendBinary(buf []byte) ([]byte, error) { ++ defer runtime.KeepAlive(d) ++ if !d.alg.marshallable { ++ return nil, errHashNotMarshallable ++ } ++ d.init() ++ switch d.alg.provider { ++ case providerOSSLDefault, providerOSSLFIPS: ++ return osslHashAppendBinary(d.ctx, d.alg.ch, d.alg.magic, buf) ++ case providerSymCrypt: ++ return symCryptHashAppendBinary(d.ctx, d.alg.ch, d.alg.magic, buf) ++ default: ++ panic("openssl: unknown hash provider" + strconv.Itoa(int(d.alg.provider))) ++ } +} + -+// NewSHA256 initializes a new SHA256 hasher. -+func NewSHA256() hash.Hash { -+ return SHA256Hash{ -+ evpHash: newEVPHash( -+ sha256, -+ SHA256BlockSize, -+ SHA256Size, -+ ), ++func (d *evpHash) UnmarshalBinary(b []byte) error { ++ defer runtime.KeepAlive(d) ++ d.init() ++ if !d.alg.marshallable { ++ return errHashNotMarshallable ++ } ++ if len(b) < len(d.alg.magic) || string(b[:len(d.alg.magic)]) != d.alg.magic { ++ return errors.New("openssl: invalid hash state identifier") ++ } ++ if len(b) != d.alg.marshalledSize { ++ return errors.New("openssl: invalid hash state size") ++ } ++ switch d.alg.provider { ++ case providerOSSLDefault, providerOSSLFIPS: ++ return osslHashUnmarshalBinary(d.ctx, d.alg.ch, d.alg.magic, b) ++ case providerSymCrypt: ++ return symCryptHashUnmarshalBinary(d.ctx, d.alg.ch, d.alg.magic, b) ++ default: ++ panic("openssl: unknown hash provider" + strconv.Itoa(int(d.alg.provider))) + } +} + -+type SHA384Hash struct { -+ *evpHash ++// appendUint64 appends x into b as a big endian byte sequence. ++func appendUint64(b []byte, x uint64) []byte { ++ return append(b, ++ byte(x>>56), ++ byte(x>>48), ++ byte(x>>40), ++ byte(x>>32), ++ byte(x>>24), ++ byte(x>>16), ++ byte(x>>8), ++ byte(x), ++ ) +} + -+// NewSHA384 initializes a new SHA384 hasher. -+func NewSHA384() hash.Hash { -+ return SHA384Hash{ -+ evpHash: newEVPHash( -+ sha384, -+ SHA384BlockSize, -+ SHA384Size, -+ ), -+ } ++// appendUint32 appends x into b as a big endian byte sequence. ++func appendUint32(b []byte, x uint32) []byte { ++ return append(b, byte(x>>24), byte(x>>16), byte(x>>8), byte(x)) +} + -+type SHA512Hash struct { -+ *evpHash ++// consumeUint64 reads a big endian uint64 number from b. ++func consumeUint64(b []byte) ([]byte, uint64) { ++ _ = b[7] ++ x := uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | ++ uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 ++ return b[8:], x +} + -+// NewSHA512 initializes a new SHA512 hasher. -+func NewSHA512() hash.Hash { -+ return SHA512Hash{ -+ evpHash: newEVPHash( -+ sha512, -+ SHA512BlockSize, -+ SHA512Size, -+ ), -+ } ++// consumeUint32 reads a big endian uint32 number from b. ++func consumeUint32(b []byte) ([]byte, uint32) { ++ _ = b[3] ++ x := uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24 ++ return b[4:], x +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hashclone.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hashclone.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hashclone.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hashclone.go new file mode 100644 -index 00000000000000..5416b7882c1891 +index 00000000000000..423668c6acf239 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hashclone.go -@@ -0,0 +1,17 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build !go1.25 && darwin ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hashclone.go +@@ -0,0 +1,14 @@ ++//go:build !go1.25 && !cmd_go_bootstrap + -+package cryptokit ++package openssl + +import ( + "hash" @@ -14412,2067 +13692,2317 @@ index 00000000000000..5416b7882c1891 + // Clone returns a separate Hash instance with the same state as h. + Clone() (HashCloner, error) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hashclone_go125.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hashclone_go125.go -new file mode 100644 -index 00000000000000..d690254202bde6 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hashclone_go125.go -@@ -0,0 +1,12 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build go1.25 && darwin -+ -+package cryptokit -+ -+import ( -+ "hash" -+) -+ -+type HashCloner = hash.Cloner -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hkdf.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hashclone_go125.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hashclone_go125.go new file mode 100644 -index 00000000000000..da161adcd88ea6 +index 00000000000000..f1f2364c7246d4 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hkdf.go -@@ -0,0 +1,77 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin -+ -+package cryptokit -+ -+// #include "cryptokit.h" -+import "C" -+import ( -+ "crypto" -+ "errors" -+) -+ -+// ExtractHKDF performs the extract step of HKDF using the specified hash function. -+func ExtractHKDF(hash crypto.Hash, secret, salt []byte) ([]byte, error) { -+ h, err := cryptoHashToSwift(hash) -+ if err != nil { -+ return nil, err -+ } -+ -+ // Allocate buffer for derived key -+ prk := make([]byte, hash.Size()) -+ -+ // Call Swift function -+ result := C.extractHKDF( -+ h, -+ base(secret), C.size_t(len(secret)), -+ base(salt), C.size_t(len(salt)), -+ base(prk), C.size_t(len(prk)), -+ ) -+ -+ if result != 0 { -+ return nil, errors.New("HKDF derivation failed") -+ } -+ -+ return prk, nil -+} -+ -+func ExpandHKDF(hash crypto.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { -+ h, err := cryptoHashToSwift(hash) -+ if err != nil { -+ return nil, err -+ } -+ -+ // Allocate buffer for derived key -+ expandedKey := make([]byte, keyLength) -+ -+ // Call Swift function -+ result := C.expandHKDF( -+ h, -+ base(pseudorandomKey), C.size_t(len(pseudorandomKey)), -+ base(info), C.size_t(len(info)), -+ base(expandedKey), C.size_t(len(expandedKey)), -+ ) ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hashclone_go125.go +@@ -0,0 +1,9 @@ ++//go:build go1.25 && !cmd_go_bootstrap + -+ if result != 0 { -+ return nil, errors.New("HKDF derivation failed") -+ } ++package openssl + -+ return expandedKey, nil -+} ++import ( ++ "hash" ++) + -+func cryptoHashToSwift(hash crypto.Hash) (C.int32_t, error) { -+ switch hash { -+ case crypto.SHA1: -+ return 1, nil -+ case crypto.SHA256: -+ return 2, nil -+ case crypto.SHA384: -+ return 3, nil -+ case crypto.SHA512: -+ return 4, nil -+ default: -+ return 0, errors.New("unsupported hash function") -+ } -+} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hmac.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hmac.go ++type HashCloner = hash.Cloner +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hkdf.go new file mode 100644 -index 00000000000000..f06abe11e3854d +index 00000000000000..ce6c9defc6a33d --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hmac.go -@@ -0,0 +1,146 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hkdf.go +@@ -0,0 +1,434 @@ ++//go:build !cmd_go_bootstrap + -+package cryptokit ++package openssl + -+// #include "cryptokit.h" +import "C" +import ( ++ "errors" + "hash" ++ "io" + "runtime" -+ "slices" ++ "sync" + "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+var _ hash.Hash = (*cryptoKitHMAC)(nil) -+var _ HashCloner = (*cryptoKitHMAC)(nil) ++// SupprtHKDF reports whether the current OpenSSL version supports HKDF. ++func SupportsHKDF() bool { ++ switch vMajor { ++ case 1: ++ return versionAtOrAbove(1, 1, 1) ++ case 3: ++ _, err := fetchHKDF3() ++ return err == nil ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} + -+type cryptoKitHMAC struct { -+ ptr unsafe.Pointer ++// SupprtsTLS13KDF reports whether the current OpenSSL version supports TLS13-KDF. ++func SupportsTLS13KDF() bool { ++ switch vMajor { ++ case 1: ++ return false ++ case 3: ++ // TLS13-KDF is available in OpenSSL 3.0.0 and later. ++ _, err := fetchTLS13_KDF() ++ return err == nil ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} + -+ kind int -+ key []byte ++func newHKDFCtx1(md ossl.EVP_MD_PTR, mode int32, secret, salt, pseudorandomKey, info []byte) (ctx ossl.EVP_PKEY_CTX_PTR, err error) { ++ checkMajorVersion(1) + -+ blockSize int -+ size int -+} ++ ctx, err = ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_HKDF, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer func() { ++ if err != nil { ++ ossl.EVP_PKEY_CTX_free(ctx) ++ } ++ }() + -+func NewHMAC(fh func() hash.Hash, key []byte) hash.Hash { -+ h := fh() -+ if h == nil { -+ return nil ++ if _, err := ossl.EVP_PKEY_derive_init(ctx); err != nil { ++ return ctx, err + } + -+ // copying the key here to ensure that it is not modified -+ // while this algorithm is using it. -+ key = slices.Clone(key) -+ kind := hashToHMACEnum(h) -+ if kind == 0 { -+ // The hash function is not supported by the HMAC implementation. -+ return nil ++ ctrlSlice := func(ctrl int32, data []byte) bool { ++ if err != nil { ++ return false ++ } ++ if len(data) == 0 { ++ return true // No data to set. ++ } ++ _, err = ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ossl.EVP_PKEY_OP_DERIVE, ctrl, int32(len(data)), unsafe.Pointer(base(data))) ++ return err == nil + } + -+ hmac := &cryptoKitHMAC{ -+ ptr: C.initHMAC( -+ C.int(kind), -+ base(key), C.int(len(key)), -+ ), -+ kind: kind, -+ key: key, -+ blockSize: h.BlockSize(), -+ size: h.Size(), ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ossl.EVP_PKEY_OP_DERIVE, ossl.EVP_PKEY_CTRL_HKDF_MODE, mode, nil); err != nil { ++ return ctx, err ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ossl.EVP_PKEY_OP_DERIVE, ossl.EVP_PKEY_CTRL_HKDF_MD, 0, unsafe.Pointer(md)); err != nil { ++ return ctx, err ++ } ++ if ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_KEY, secret) && ++ ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_SALT, salt) && ++ ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_KEY, pseudorandomKey) && ++ ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_INFO, info) { ++ return ctx, err + } ++ return ctx, nil ++} + -+ runtime.SetFinalizer(hmac, func(h *cryptoKitHMAC) { -+ C.freeHMAC( -+ C.int(h.kind), -+ h.ptr, -+ ) -+ }) ++type hkdf1 struct { ++ ctx ossl.EVP_PKEY_CTX_PTR + -+ return hmac ++ hashLen int ++ buf []byte +} + -+func (h *cryptoKitHMAC) Write(p []byte) (n int, err error) { -+ C.updateHMAC(C.int(h.kind), -+ h.ptr, -+ (*C.uint8_t)(&*addrNeverEmpty(p)), C.int(len(p))) ++func (c *hkdf1) finalize() { ++ if c.ctx != nil { ++ ossl.EVP_PKEY_CTX_free(c.ctx) ++ } ++} + -+ runtime.KeepAlive(h) ++func (c *hkdf1) Read(p []byte) (int, error) { ++ defer runtime.KeepAlive(c) + -+ return len(p), nil ++ // EVP_PKEY_derive doesn't support incremental output, each call ++ // derives the key from scratch and returns the requested bytes. ++ // To implement io.Reader, we need to ask for len(c.buf) + len(p) ++ // bytes and copy the last derived len(p) bytes to p. ++ // We use c.buf to know how many bytes we've already derived and ++ // to avoid allocating the whole output buffer on each call. ++ prevLen := len(c.buf) ++ needLen := len(p) ++ remains := 255*c.hashLen - prevLen ++ // Check whether enough data can be generated. ++ if remains < needLen { ++ return 0, errors.New("hkdf: entropy limit reached") ++ } ++ c.buf = append(c.buf, make([]byte, needLen)...) ++ outLen := prevLen + needLen ++ if _, err := ossl.EVP_PKEY_derive(c.ctx, base(c.buf), &outLen); err != nil { ++ return 0, err ++ } ++ n := copy(p, c.buf[prevLen:outLen]) ++ return n, nil +} + -+func (h *cryptoKitHMAC) Sum(b []byte) []byte { -+ hashSlice := make([]byte, h.size, 64) // explicit cap to allow stack allocation -+ C.finalizeHMAC( -+ C.int(h.kind), -+ h.ptr, -+ base(hashSlice), -+ ) -+ runtime.KeepAlive(h) ++// hkdfAllZerosSalt is a preallocated buffer of zeros used in ExtractHKDF(). ++// The size should be kept as large as the output length of any hash algorithm ++// used with HKDF. ++var hkdfAllZerosSalt [64]byte ++ ++// ExtractHDKF implements the HDKF extract step. ++// If salt is nil, then this function replaces it internally with a buffer of ++// zeros whose length equals the output length of the specified hash algorithm. ++func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { ++ if !SupportsHKDF() { ++ return nil, errUnsupportedVersion() ++ } ++ ++ md, err := hashFuncToMD(h) ++ if err != nil { ++ return nil, err ++ } ++ ++ // If calling code specifies nil salt, replace it with a buffer of hashLen ++ // zeros, as specified in RFC 5896 and as OpenSSL EVP_KDF-HKDF documentation ++ // instructs. Take a slice of a preallocated buffer to avoid allocating new ++ // buffer per call, but fall back to allocating a buffer if preallocated ++ // buffer is not large enough. ++ if salt == nil { ++ hlen := h().Size() ++ if hlen > len(hkdfAllZerosSalt) { ++ salt = make([]byte, hlen) ++ } else { ++ salt = hkdfAllZerosSalt[:hlen] ++ } ++ } ++ ++ switch vMajor { ++ case 1: ++ ctx, err := newHKDFCtx1(md, ossl.EVP_KDF_HKDF_MODE_EXTRACT_ONLY, secret, salt, nil, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ var keylen int ++ if _, err := ossl.EVP_PKEY_derive(ctx, nil, &keylen); err != nil { ++ return nil, err ++ } ++ out := make([]byte, keylen) ++ if _, err := ossl.EVP_PKEY_derive(ctx, base(out), &keylen); err != nil { ++ return nil, err ++ } ++ return out[:keylen], nil ++ case 3: ++ ctx, err := newHKDFCtx3(md, ossl.EVP_KDF_HKDF_MODE_EXTRACT_ONLY, secret, salt, nil, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_KDF_CTX_free(ctx) ++ size, err := ossl.EVP_KDF_CTX_get_kdf_size(ctx) ++ if err != nil { ++ return nil, err ++ } ++ out := make([]byte, size) ++ if _, err := ossl.EVP_KDF_derive(ctx, base(out), len(out), nil); err != nil { ++ return nil, err ++ } ++ return out, nil ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} ++ ++// ExpandHKDFOneShot derives a key from the given hash, key, and optional context info. ++func ExpandHKDFOneShot(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ if !SupportsHKDF() { ++ return nil, errUnsupportedVersion() ++ } + -+ b = append(b, hashSlice...) ++ md, err := hashFuncToMD(h) ++ if err != nil { ++ return nil, err ++ } + -+ return b ++ out := make([]byte, keyLength) ++ switch vMajor { ++ case 1: ++ ctx, err := newHKDFCtx1(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ keylen := keyLength ++ if _, err := ossl.EVP_PKEY_derive(ctx, base(out), &keylen); err != nil { ++ return nil, err ++ } ++ case 3: ++ ctx, err := newHKDFCtx3(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_KDF_CTX_free(ctx) ++ if _, err := ossl.EVP_KDF_derive(ctx, base(out), keyLength, nil); err != nil { ++ return nil, err ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ return out, nil +} + -+func (h *cryptoKitHMAC) Clone() (HashCloner, error) { -+ if h.ptr == nil { -+ panic("cryptokit: hash already finalized") ++// ExpandTLS13KDF derives a key from the given hash, key, label and context. It will use ++// "TLS13-KDF" algorithm to do so. ++func ExpandTLS13KDF(h func() hash.Hash, pseudorandomKey, label, context []byte, keyLength int) ([]byte, error) { ++ if !SupportsTLS13KDF() { ++ return nil, errUnsupportedVersion() + } + -+ hmac := &cryptoKitHMAC{ptr: C.copyHMAC(C.int(h.kind), h.ptr), kind: h.kind, key: slices.Clone(h.key), blockSize: h.blockSize, size: h.size} -+ -+ runtime.KeepAlive(h) ++ md, err := hashFuncToMD(h) ++ if err != nil { ++ return nil, err ++ } + -+ runtime.SetFinalizer(hmac, func(h *cryptoKitHMAC) { -+ C.freeHMAC( -+ C.int(h.kind), -+ h.ptr, -+ ) -+ }) ++ out := make([]byte, keyLength) + -+ return hmac, nil ++ ctx, err := newTLS13KDFExpandCtx3(md, label, context, pseudorandomKey) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_KDF_CTX_free(ctx) ++ if _, err := ossl.EVP_KDF_derive(ctx, base(out), keyLength, nil); err != nil { ++ return nil, err ++ } ++ return out, nil +} + -+func (h *cryptoKitHMAC) Reset() { -+ C.freeHMAC( -+ C.int(h.kind), -+ h.ptr, -+ ) -+ -+ h.ptr = C.initHMAC( -+ C.int(h.kind), -+ (*C.uint8_t)(&*addrNeverEmpty(h.key)), C.int(len(h.key)), -+ ) -+ -+ runtime.KeepAlive(h) -+} ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { ++ if !SupportsHKDF() { ++ return nil, errUnsupportedVersion() ++ } + -+func (h *cryptoKitHMAC) Size() int { -+ return h.size -+} ++ md, err := hashFuncToMD(h) ++ if err != nil { ++ return nil, err ++ } + -+func (h *cryptoKitHMAC) BlockSize() int { -+ return h.blockSize -+} ++ size := int(ossl.EVP_MD_get_size(md)) + -+func hashToHMACEnum(h hash.Hash) int { -+ switch h.(type) { -+ case MD5Hash: -+ return 1 -+ case SHA1Hash: -+ return 2 -+ case SHA256Hash: -+ return 3 -+ case SHA384Hash: -+ return 4 -+ case SHA512Hash: -+ return 5 ++ switch vMajor { ++ case 1: ++ ctx, err := newHKDFCtx1(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) ++ if err != nil { ++ return nil, err ++ } ++ c := &hkdf1{ctx: ctx, hashLen: size} ++ runtime.SetFinalizer(c, (*hkdf1).finalize) ++ return c, nil ++ case 3: ++ ctx, err := newHKDFCtx3(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) ++ if err != nil { ++ return nil, err ++ } ++ c := &hkdf3{ctx: ctx, hashLen: size} ++ runtime.SetFinalizer(c, (*hkdf3).finalize) ++ return c, nil + default: -+ return 0 ++ panic(errUnsupportedVersion()) + } +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go -new file mode 100644 -index 00000000000000..c9611eef5e2697 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go -@@ -0,0 +1,336 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin -+ -+package xcrypto -+ -+// #include -+import "C" -+import ( -+ "crypto/cipher" -+ "errors" -+ "slices" -+ -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) -+ -+//go:generate go run github.com/microsoft/go-crypto-darwin/cmd/gentestvectors -out vectors_test.go -+ -+type cipherGCMTLS uint8 -+ -+const ( -+ cipherGCMTLSNone cipherGCMTLS = iota -+ cipherGCMTLS12 -+ cipherGCMTLS13 -+) + -+const ( -+ // AES block size is the same for all key sizes -+ aesBlockSize = C.kCCBlockSizeAES128 -+ gcmTagSize = 16 -+ gcmStandardNonceSize = 12 -+ // TLS 1.2 additional data is constructed as: -+ // -+ // additional_data = seq_num(8) + TLSCompressed.type(1) + TLSCompressed.version(2) + TLSCompressed.length(2); -+ gcmTls12AddSize = 13 -+ // TLS 1.3 additional data is constructed as: -+ // -+ // additional_data = TLSCiphertext.opaque_type(1) || TLSCiphertext.legacy_record_version(2) || TLSCiphertext.length(2) -+ gcmTls13AddSize = 5 -+ gcmTlsFixedNonceSize = 4 -+) ++type hkdf3 struct { ++ ctx ossl.EVP_KDF_CTX_PTR + -+type aesCipher struct { -+ key []byte -+ kind C.CCAlgorithm ++ hashLen int ++ buf []byte +} + -+func NewAESCipher(key []byte) (cipher.Block, error) { -+ var alg C.CCAlgorithm -+ switch len(key) { -+ case 16, 24, 32: -+ alg = C.kCCAlgorithmAES -+ default: -+ return nil, errors.New("crypto/aes: invalid key size") -+ } -+ c := &aesCipher{ -+ key: slices.Clone(key), -+ kind: alg, ++func (c *hkdf3) finalize() { ++ if c.ctx != nil { ++ ossl.EVP_KDF_CTX_free(c.ctx) + } -+ return c, nil +} + -+func (c *aesCipher) BlockSize() int { return aesBlockSize } ++// fetchTLS13_KDF fetches the TLS13-KDF algorithm. ++// It is safe to call this function concurrently. ++// The returned EVP_KDF_PTR shouldn't be freed. ++var fetchTLS13_KDF = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { ++ checkMajorVersion(3) + -+func (c *aesCipher) Encrypt(dst, src []byte) { -+ blockSize := c.BlockSize() -+ if len(src) < blockSize || len(dst) < blockSize { -+ panic("crypto/aes: input or output block is too small") ++ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_TLS13_KDF.ptr(), nil) ++ if err != nil { ++ return nil, err + } ++ return kdf, nil ++}) + -+ src, dst = src[:blockSize], dst[:blockSize] ++// newTLS13KDFExpandCtx3 fetches the "TLS13-KDF" for TLS 1.3 handshakes. ++func newTLS13KDFExpandCtx3(md ossl.EVP_MD_PTR, label, context, pseudorandomKey []byte) (_ ossl.EVP_KDF_CTX_PTR, err error) { ++ checkMajorVersion(3) + -+ if inexactOverlap(dst, src) { -+ panic("crypto/aes: invalid buffer overlap") ++ kdf, err := fetchTLS13_KDF() ++ if err != nil { ++ return nil, err + } + -+ status := C.CCCrypt( -+ C.kCCEncrypt, // Operation -+ C.CCAlgorithm(c.kind), // Algorithm -+ 0, // Options -+ pbase(c.key), // Key -+ C.size_t(len(c.key)), // Key length -+ nil, // IV -+ pbase(src), // Input -+ C.size_t(blockSize), // Input length -+ pbase(dst), // Output -+ C.size_t(blockSize), // Output length -+ nil, // Output length -+ ) -+ if status != C.kCCSuccess { -+ panic("crypto/aes: encryption failed") ++ ctx, err := ossl.EVP_KDF_CTX_new(kdf) ++ if err != nil { ++ return nil, err ++ } ++ defer func() { ++ if err != nil { ++ ossl.EVP_KDF_CTX_free(ctx) ++ } ++ }() ++ ++ bld, err := newParamBuilder() ++ if err != nil { ++ return ctx, err ++ } ++ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) ++ bld.addInt32(_OSSL_KDF_PARAM_MODE, int32(ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY)) ++ bld.addOctetString(_OSSL_KDF_PARAM_PREFIX, []byte("tls13 ")) ++ bld.addOctetString(_OSSL_KDF_PARAM_LABEL, label) ++ bld.addOctetString(_OSSL_KDF_PARAM_DATA, context) ++ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) ++ ++ params, err := bld.build() ++ if err != nil { ++ return ctx, err ++ } ++ defer ossl.OSSL_PARAM_free(params) ++ ++ if _, err := ossl.EVP_KDF_CTX_set_params(ctx, params); err != nil { ++ return ctx, err + } ++ return ctx, nil +} + -+func (c *aesCipher) Decrypt(dst, src []byte) { -+ blockSize := c.BlockSize() -+ if len(src) < blockSize || len(dst) < blockSize { -+ panic("crypto/aes: input or output block is too small") ++// fetchHKDF3 fetches the HKDF algorithm. ++// It is safe to call this function concurrently. ++// The returned EVP_KDF_PTR shouldn't be freed. ++var fetchHKDF3 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { ++ checkMajorVersion(3) ++ ++ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_HKDF.ptr(), nil) ++ if err != nil { ++ return nil, err + } ++ return kdf, nil ++}) + -+ src, dst = src[:blockSize], dst[:blockSize] ++// newHKDFCtx3 implements HKDF for OpenSSL 3 using the EVP_KDF API. ++func newHKDFCtx3(md ossl.EVP_MD_PTR, mode int32, secret, salt, pseudorandomKey, info []byte) (_ ossl.EVP_KDF_CTX_PTR, err error) { ++ checkMajorVersion(3) + -+ if inexactOverlap(dst, src) { -+ panic("crypto/aes: invalid buffer overlap") ++ kdf, err := fetchHKDF3() ++ if err != nil { ++ return nil, err ++ } ++ ctx, err := ossl.EVP_KDF_CTX_new(kdf) ++ if err != nil { ++ return nil, err + } ++ defer func() { ++ if err != nil { ++ ossl.EVP_KDF_CTX_free(ctx) ++ } ++ }() + -+ status := C.CCCrypt( -+ C.kCCDecrypt, // Operation -+ C.CCAlgorithm(c.kind), // Algorithm -+ 0, // Options -+ pbase(c.key), // Key -+ C.size_t(len(c.key)), // Key length -+ nil, // IV -+ pbase(src), // Input -+ C.size_t(blockSize), // Input length -+ pbase(dst), // Output -+ C.size_t(blockSize), // Output length -+ nil, // Output length -+ ) -+ if status != C.kCCSuccess { -+ panic("crypto/aes: decryption failed") ++ bld, err := newParamBuilder() ++ if err != nil { ++ return ctx, err + } -+} ++ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) ++ bld.addInt32(_OSSL_KDF_PARAM_MODE, int32(mode)) ++ bld.addOctetString(_OSSL_KDF_PARAM_KEY, secret) ++ bld.addOctetString(_OSSL_KDF_PARAM_SALT, salt) ++ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) ++ bld.addOctetString(_OSSL_KDF_PARAM_INFO, info) ++ params, err := bld.build() ++ if err != nil { ++ return ctx, err ++ } ++ defer ossl.OSSL_PARAM_free(params) + -+type aesGCM struct { -+ key []byte -+ tls cipherGCMTLS -+ // minNextNonce is the minimum value that the next nonce can be, enforced by -+ // all TLS modes. -+ minNextNonce uint64 -+ // mask is the nonce mask used in TLS 1.3 mode. -+ mask uint64 -+ // maskInitialized is true if mask has been initialized. This happens during -+ // the first Seal. The initialized mask may be 0. Used by TLS 1.3 mode. -+ maskInitialized bool ++ if _, err := ossl.EVP_KDF_CTX_set_params(ctx, params); err != nil { ++ return ctx, err ++ } ++ return ctx, nil +} + -+type noGCM struct { -+ cipher.Block -+} ++func (c *hkdf3) Read(p []byte) (int, error) { ++ defer runtime.KeepAlive(c) + -+// NewGCM constructs a GCM block mode for AES using the cryptokit package -+func (c *aesCipher) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) { -+ if nonceSize != gcmStandardNonceSize && tagSize != gcmTagSize { -+ return nil, errors.New("crypto/aes: GCM tag and nonce sizes can't be non-standard at the same time") -+ } -+ // Fall back to standard library for GCM with non-standard nonce or tag size. -+ if nonceSize != gcmStandardNonceSize { -+ return cipher.NewGCMWithNonceSize(&noGCM{c}, nonceSize) ++ // EVP_KDF_derive doesn't support incremental output, each call ++ // derives the key from scratch and returns the requested bytes. ++ // To implement io.Reader, we need to ask for len(c.buf) + len(p) ++ // bytes and copy the last derived len(p) bytes to p. ++ // We use c.buf to know how many bytes we've already derived and ++ // to avoid allocating the whole output buffer on each call. ++ prevLen := len(c.buf) ++ needLen := len(p) ++ remains := 255*c.hashLen - prevLen ++ // Check whether enough data can be generated. ++ if remains < needLen { ++ return 0, errors.New("hkdf: entropy limit reached") + } -+ if tagSize != gcmTagSize { -+ return cipher.NewGCMWithTagSize(&noGCM{c}, tagSize) ++ c.buf = append(c.buf, make([]byte, needLen)...) ++ outLen := prevLen + needLen ++ if _, err := ossl.EVP_KDF_derive(c.ctx, base(c.buf), outLen, nil); err != nil { ++ return 0, err + } -+ return &aesGCM{key: c.key, tls: cipherGCMTLSNone}, nil ++ n := copy(p, c.buf[prevLen:outLen]) ++ return n, nil +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hmac.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hmac.go +new file mode 100644 +index 00000000000000..50441c9ab6b7d8 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hmac.go +@@ -0,0 +1,283 @@ ++//go:build !cmd_go_bootstrap + -+func (g *aesGCM) NonceSize() int { return gcmStandardNonceSize } ++package openssl + -+func (g *aesGCM) Overhead() int { return gcmTagSize } ++import "C" ++import ( ++ "hash" ++ "runtime" ++ "slices" ++ "sync" ++ "unsafe" + -+func (g *aesGCM) Seal(dst, nonce, plaintext, additionalData []byte) []byte { -+ if len(nonce) != gcmStandardNonceSize { -+ panic("cipher: incorrect nonce length given to GCM") ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) ++ ++// NewHMAC returns a new HMAC using OpenSSL. ++// The function h must return a hash implemented by ++// OpenSSL (for example, h could be openssl.NewSHA256). ++// If h is not recognized, NewHMAC returns nil. ++func NewHMAC(fh func() hash.Hash, key []byte) hash.Hash { ++ h, _ := hashFuncHash(fh) ++ md := hashToMD(h) ++ if md == nil { ++ return nil + } -+ if uint64(len(plaintext)) > ((1<<32)-2)*aesBlockSize || len(plaintext)+gcmTagSize < len(plaintext) { -+ panic("cipher: message too large for GCM") ++ ++ if len(key) == 0 { ++ // This is supported in OpenSSL/Standard lib and as such ++ // we must support it here. When using HMAC with a null key ++ // HMAC_Init will try and reuse the key from the ctx. This is ++ // not the behavior previously implemented, so as a workaround ++ // we pass an "empty" key. ++ key = make([]byte, ossl.EVP_MAX_MD_SIZE) + } -+ if len(dst)+len(plaintext)+gcmTagSize < len(dst) { -+ panic("cipher: message too large for buffer") ++ ++ hmac := &opensslHMAC{ ++ size: h.Size(), ++ blockSize: h.BlockSize(), + } + -+ if g.tls != cipherGCMTLSNone { -+ if g.tls == cipherGCMTLS12 && len(additionalData) != gcmTls12AddSize { -+ panic("cipher: incorrect additional data length given to GCM TLS 1.2") -+ } else if g.tls == cipherGCMTLS13 && len(additionalData) != gcmTls13AddSize { -+ panic("cipher: incorrect additional data length given to GCM TLS 1.3") ++ switch vMajor { ++ case 1: ++ ctx := newHMAC1(key, md) ++ if ctx.ctx == nil { ++ return nil + } -+ counter := bigUint64(nonce[gcmTlsFixedNonceSize:]) -+ -+ // TLS 1.3 Masking -+ if g.tls == cipherGCMTLS13 { -+ if !g.maskInitialized { -+ g.mask = counter -+ g.maskInitialized = true -+ } -+ // Apply mask to the counter -+ counter ^= g.mask ++ hmac.ctx1 = ctx ++ case 3: ++ ctx := newHMAC3(key, md) ++ if ctx.ctx == nil { ++ return nil + } ++ hmac.ctx3 = ctx ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ runtime.SetFinalizer(hmac, (*opensslHMAC).finalize) ++ return hmac ++} + -+ // Enforce monotonicity and max limit -+ const maxUint64 = 1<<64 - 1 -+ if counter == maxUint64 { -+ panic("cipher: nonce counter must be less than 2^64 - 1") -+ } -+ if counter < g.minNextNonce { -+ panic("cipher: nonce counter must be strictly monotonically increasing") -+ } ++// hmacCtx3 is used for OpenSSL 1. ++type hmacCtx1 struct { ++ ctx ossl.HMAC_CTX_PTR ++} + -+ defer func() { -+ g.minNextNonce = counter + 1 -+ }() -+ } ++// hmacCtx3 is used for OpenSSL 3. ++type hmacCtx3 struct { ++ ctx ossl.EVP_MAC_CTX_PTR ++ key []byte // only set for OpenSSL 3.0.0, 3.0.1, and 3.0.2. ++} + -+ // Make room in dst to append plaintext+overhead. -+ ret, out := sliceForAppend(dst, len(plaintext)+gcmTagSize) ++type opensslHMAC struct { ++ ctx1 hmacCtx1 ++ ctx3 hmacCtx3 ++ size int ++ blockSize int ++ sum [maxHashSize]byte ++} + -+ // Check delayed until now to make sure len(dst) is accurate. -+ if inexactOverlap(out, plaintext) { -+ panic("cipher: invalid buffer overlap") ++func newHMAC1(key []byte, md ossl.EVP_MD_PTR) hmacCtx1 { ++ ctx, err := ossl.HMAC_CTX_new() ++ if err != nil { ++ panic(err) + } -+ -+ tag := out[len(out)-gcmTagSize:] -+ err := cryptokit.EncryptAESGCM(g.key, plaintext, nonce, additionalData, out[:len(out)-gcmTagSize], tag) -+ if err != 0 { -+ panic("cipher: encryption failed") ++ if _, err := ossl.HMAC_Init_ex(ctx, unsafe.Pointer(&key[0]), int32(len(key)), md, nil); err != nil { ++ panic(err) + } -+ return ret ++ return hmacCtx1{ctx} +} + -+func (g *aesGCM) SealWithRandomNonce(out, nonce, plaintext, additionalData []byte) { -+ if uint64(len(plaintext)) > uint64((1<<32)-2)*aesBlockSize { -+ panic("crypto/cipher: message too large for GCM") -+ } -+ if len(nonce) != gcmStandardNonceSize { -+ panic("crypto/cipher: incorrect nonce length given to GCMWithRandomNonce") ++var hmacDigestsSupported sync.Map ++var fetchHMAC3 = sync.OnceValue(func() ossl.EVP_MAC_PTR { ++ mac, err := ossl.EVP_MAC_fetch(nil, _OSSL_MAC_NAME_HMAC.ptr(), nil) ++ if err != nil { ++ panic(err) + } -+ if len(out) != len(plaintext)+gcmTagSize { -+ panic("crypto/cipher: incorrect output length given to GCMWithRandomNonce") ++ return mac ++}) ++ ++func buildHMAC3Params(md ossl.EVP_MD_PTR) (ossl.OSSL_PARAM_PTR, error) { ++ bld, err := newParamBuilder() ++ if err != nil { ++ return nil, err + } -+ if inexactOverlap(out, plaintext) { -+ panic("crypto/cipher: invalid buffer overlap of output and input") ++ defer bld.finalize() ++ bld.addUTF8String(_OSSL_MAC_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) ++ return bld.build() ++} ++ ++func isHMAC3DigestSupported(md ossl.EVP_MD_PTR) bool { ++ nid := ossl.EVP_MD_get_type(md) ++ if v, ok := hmacDigestsSupported.Load(nid); ok { ++ return v.(bool) + } -+ if anyOverlap(out, additionalData) { -+ panic("crypto/cipher: invalid buffer overlap of output and additional data") ++ ctx, err := ossl.EVP_MAC_CTX_new(fetchHMAC3()) ++ if err != nil { ++ panic(err) + } ++ defer ossl.EVP_MAC_CTX_free(ctx) + -+ if g.tls != cipherGCMTLSNone { -+ panic("cipher: TLS 1.2 and 1.3 modes do not support random nonce") ++ params, err := buildHMAC3Params(md) ++ if err != nil { ++ panic(err) + } ++ defer ossl.OSSL_PARAM_free(params) + -+ tag := out[len(out)-gcmTagSize:] -+ // Generate a random nonce -+ RandReader.Read(nonce) -+ err := cryptokit.EncryptAESGCM(g.key, plaintext, nonce, additionalData, out[:len(out)-gcmTagSize], tag) -+ if err != 0 { -+ panic("cipher: encryption failed") -+ } ++ _, err = ossl.EVP_MAC_CTX_set_params(ctx, params) ++ supported := err == nil ++ hmacDigestsSupported.Store(nid, supported) ++ return supported +} + -+var errOpen = errors.New("cipher: message authentication failed") -+ -+func (g *aesGCM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { -+ if len(nonce) != gcmStandardNonceSize { -+ panic("cipher: incorrect nonce length given to GCM") -+ } -+ if len(ciphertext) < gcmTagSize { -+ return nil, errOpen ++func newHMAC3(key []byte, md ossl.EVP_MD_PTR) hmacCtx3 { ++ if !isHMAC3DigestSupported(md) { ++ // The digest is not supported by the HMAC provider. ++ // Don't panic here so the Go standard library to ++ // fall back to the Go implementation. ++ // See https://github.com/golang-fips/openssl/issues/153. ++ return hmacCtx3{} + } -+ if uint64(len(ciphertext)) > ((1<<32)-2)*aesBlockSize+gcmTagSize { -+ return nil, errOpen ++ params, err := buildHMAC3Params(md) ++ if err != nil { ++ panic(err) + } -+ // BoringCrypto does not do any TLS check when decrypting, neither do we. ++ defer ossl.OSSL_PARAM_free(params) + -+ // Ensure we don't process if ciphertext lacks both ciphertext and tag -+ if len(ciphertext) < gcmTagSize { -+ return nil, errors.New("decryption failed: ciphertext too short for tag") ++ ctx, err := ossl.EVP_MAC_CTX_new(fetchHMAC3()) ++ if err != nil { ++ panic(err) + } + -+ tag := ciphertext[len(ciphertext)-gcmTagSize:] -+ ciphertext = ciphertext[:len(ciphertext)-gcmTagSize] -+ -+ // Make room in dst to append ciphertext without tag. -+ ret, out := sliceForAppend(dst, len(ciphertext)) -+ -+ // Check delayed until now to make sure len(dst) is accurate. -+ if inexactOverlap(out, ciphertext) { -+ panic("cipher: invalid buffer overlap") ++ if _, err := ossl.EVP_MAC_init(ctx, base(key), len(key), params); err != nil { ++ ossl.EVP_MAC_CTX_free(ctx) ++ panic(err) ++ } ++ var hkey []byte ++ if vMinor == 0 && vPatch <= 2 { ++ // EVP_MAC_init only resets the ctx internal state if a key is passed ++ // when using OpenSSL 3.0.0, 3.0.1, and 3.0.2. Save a copy of the key ++ // in the context so Reset can use it later. New OpenSSL versions ++ // do not have this issue so it isn't necessary to save the key. ++ // See https://github.com/openssl/openssl/issues/17811. ++ hkey = make([]byte, len(key)) ++ copy(hkey, key) + } ++ return hmacCtx3{ctx, hkey} ++} + -+ decSize, err := cryptokit.DecryptAESGCM(g.key, ciphertext, nonce, additionalData, tag, out) -+ if err != 0 || int(decSize) != len(ciphertext) { -+ // If the decrypted data size does not match, zero out `out` and return `errOpen` -+ for i := range out { -+ out[i] = 0 ++func (h *opensslHMAC) Reset() { ++ switch vMajor { ++ case 1: ++ if _, err := ossl.HMAC_Init_ex(h.ctx1.ctx, nil, 0, nil, nil); err != nil { ++ panic(err) + } -+ return nil, errOpen ++ case 3: ++ if _, err := ossl.EVP_MAC_init(h.ctx3.ctx, base(h.ctx3.key), len(h.ctx3.key), nil); err != nil { ++ panic(err) ++ } ++ default: ++ panic(errUnsupportedVersion()) + } -+ return ret, nil ++ ++ runtime.KeepAlive(h) // Next line will keep h alive too; just making doubly sure. +} + -+// NewGCMTLS returns a GCM cipher specific to TLS -+// and should not be used for non-TLS purposes. -+func NewGCMTLS(block cipher.Block) (cipher.AEAD, error) { -+ cipher, ok := block.(*aesCipher) -+ if !ok { -+ return nil, errors.New("crypto/aes: invalid block cipher") ++func (h *opensslHMAC) finalize() { ++ if h.ctx1.ctx != nil { ++ ossl.HMAC_CTX_free(h.ctx1.ctx) ++ } ++ if h.ctx3.ctx != nil { ++ ossl.EVP_MAC_CTX_free(h.ctx3.ctx) + } -+ return &aesGCM{key: cipher.key, tls: cipherGCMTLS12}, nil +} + -+// NewGCMTLS13 returns a GCM cipher specific to TLS 1.3 and should not be used -+// for non-TLS purposes. -+func NewGCMTLS13(block cipher.Block) (cipher.AEAD, error) { -+ cipher, ok := block.(*aesCipher) -+ if !ok { -+ return nil, errors.New("crypto/aes: invalid block cipher") ++func (h *opensslHMAC) Write(p []byte) (int, error) { ++ if len(p) > 0 { ++ switch vMajor { ++ case 1: ++ ossl.HMAC_Update(h.ctx1.ctx, base(p), len(p)) ++ case 3: ++ ossl.EVP_MAC_update(h.ctx3.ctx, base(p), len(p)) ++ default: ++ panic(errUnsupportedVersion()) ++ } + } -+ return &aesGCM{key: cipher.key, tls: cipherGCMTLS13}, nil ++ runtime.KeepAlive(h) ++ return len(p), nil +} + -+func (c *aesCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { -+ return newCBC(C.kCCEncrypt, c.kind, c.key, iv) ++func (h *opensslHMAC) Size() int { ++ return h.size +} + -+func (c *aesCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { -+ return newCBC(C.kCCDecrypt, c.kind, c.key, iv) ++func (h *opensslHMAC) BlockSize() int { ++ return h.blockSize +} + -+// sliceForAppend is a mirror of crypto/cipher.sliceForAppend. -+func sliceForAppend(in []byte, n int) (head, tail []byte) { -+ if total := len(in) + n; cap(in) >= total { -+ head = in[:total] -+ } else { -+ head = make([]byte, total) -+ copy(head, in) ++func (h *opensslHMAC) Sum(in []byte) []byte { ++ // Make copy of context because Go hash.Hash mandates ++ // that Sum has no effect on the underlying stream. ++ // In particular it is OK to Sum, then Write more, then Sum again, ++ // and the second Sum acts as if the first didn't happen. ++ switch vMajor { ++ case 1: ++ ctx2, err := ossl.HMAC_CTX_new() ++ if err != nil { ++ panic(err) ++ } ++ defer ossl.HMAC_CTX_free(ctx2) ++ if _, err := ossl.HMAC_CTX_copy(ctx2, h.ctx1.ctx); err != nil { ++ panic(err) ++ } ++ ossl.HMAC_Final(ctx2, base(h.sum[:h.size]), nil) ++ case 3: ++ ctx2, err := ossl.EVP_MAC_CTX_dup(h.ctx3.ctx) ++ if err != nil { ++ panic(err) ++ } ++ defer ossl.EVP_MAC_CTX_free(ctx2) ++ ossl.EVP_MAC_final(ctx2, base(h.sum[:h.size]), nil, len(h.sum)) ++ default: ++ panic(errUnsupportedVersion()) + } -+ tail = head[len(in):] -+ return -+} -+ -+func bigUint64(b []byte) uint64 { -+ _ = b[7] // bounds check hint to compiler; see go.dev/issue/14808 -+ return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | -+ uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 ++ return append(in, h.sum[:h.size]...) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go -new file mode 100644 -index 00000000000000..865e22ab6a3dda ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go -@@ -0,0 +1,16 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+package xcrypto -+ -+// This file does not have build constraints to -+// facilitate using BigInt in Go crypto. -+// Go crypto references BigInt unconditionally, -+// even if it is not finally used. -+ -+// A BigInt is the big-endian bytes from a math/big BigInt, -+// which are normalized to remove any leading 0 byte. -+// Windows BCrypt accepts this specific data format. -+// This definition allows us to avoid importing math/big. -+// Conversion between BigInt and *big.Int is in xcrypto/bbig. -+type BigInt []byte -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cgo_go124.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cgo_go124.go -new file mode 100644 -index 00000000000000..02f265fe56b592 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cgo_go124.go -@@ -0,0 +1,23 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. + -+//go:build go1.24 && darwin ++func (h *opensslHMAC) Clone() (HashCloner, error) { ++ switch vMajor { ++ case 1: ++ ctx2, err := ossl.HMAC_CTX_new() ++ if err != nil { ++ panic(err) ++ } ++ if _, err := ossl.HMAC_CTX_copy(ctx2, h.ctx1.ctx); err != nil { ++ ossl.HMAC_CTX_free(ctx2) ++ panic(err) ++ } ++ cl := &opensslHMAC{ ++ ctx1: hmacCtx1{ctx: ctx2}, ++ size: h.size, ++ blockSize: h.blockSize, ++ } ++ runtime.SetFinalizer(cl, (*opensslHMAC).finalize) ++ return cl, nil + -+package xcrypto ++ case 3: ++ ctx2, err := ossl.EVP_MAC_CTX_dup(h.ctx3.ctx) ++ if err != nil { ++ panic(err) ++ } + -+// The following noescape and nocallback directives are used to prevent the Go -+// compiler from allocating function parameters on the heap. See -+// https://github.com/golang/go/blob/0733682e5ff4cd294f5eccb31cbe87a543147bc6/src/cmd/cgo/doc.go#L439-L461 -+// -+// If possible, write a C wrapper function to optimize a call rather than using -+// this feature so the optimization will work for all supported Go versions. -+// -+// This is just a performance optimization. Only add functions that have been -+// observed to benefit from these directives, not every function that is merely -+// expected to meet the noescape/nocallback criteria. ++ cl := &opensslHMAC{ ++ ctx3: hmacCtx3{ctx: ctx2, key: slices.Clone(h.ctx3.key)}, ++ size: h.size, ++ blockSize: h.blockSize, ++ } ++ runtime.SetFinalizer(cl, (*opensslHMAC).finalize) ++ return cl, nil + -+/* -+#cgo noescape SecRandomCopyBytes -+#cgo nocallback SecRandomCopyBytes -+*/ -+import "C" -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/init.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/init.go new file mode 100644 -index 00000000000000..9f3a8f92bd43fc +index 00000000000000..c2175f52006784 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go -@@ -0,0 +1,122 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/init.go +@@ -0,0 +1,157 @@ ++//go:build !cmd_go_bootstrap + -+package xcrypto ++package openssl + -+// #include +import "C" -+ +import ( -+ "runtime" ++ "errors" + "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+type cbcCipher struct { -+ blockSize int -+ cryptor C.CCCryptorRef -+} ++// osslHandle is the handle to the OpenSSL shared library loaded in the [Init] function. ++var osslHandle unsafe.Pointer + -+func newCBC(operation C.CCOperation, kind C.CCAlgorithm, key, iv []byte) *cbcCipher { -+ var blockSize int -+ switch kind { -+ case C.kCCAlgorithmAES: -+ blockSize = aesBlockSize -+ case C.kCCAlgorithmDES, C.kCCAlgorithm3DES: -+ blockSize = desBlockSize -+ default: -+ panic("invalid algorithm") ++// opensslInit loads and initializes OpenSSL. ++// ++// See [Init] for details about file. ++func opensslInit(file string) error { ++ // Load the OpenSSL shared library using dlopen. ++ handle, close, err := openLibrary(file) ++ if err != nil { ++ return err + } + -+ // Create and initialize the cbcMode struct with CCCryptorCreate here -+ x := &cbcCipher{blockSize: blockSize} -+ status := C.CCCryptorCreateWithMode( -+ operation, // Specifies whether encryption or decryption is performed (kCCEncrypt or kCCDecrypt). -+ C.kCCModeCBC, // Mode of operation, here explicitly set to CBC (Cipher Block Chaining). -+ C.CCAlgorithm(kind), // The encryption algorithm (e.g., kCCAlgorithmAES128, kCCAlgorithmDES). -+ C.ccNoPadding, // Padding option, set to no padding; padding can be handled at a higher level if necessary. -+ pbase(iv), // Initialization Vector (IV) for the cipher, required for CBC mode. Should be nil for ECB mode. -+ pbase(key), // Pointer to the encryption key. -+ C.size_t(len(key)), // Length of the encryption key in bytes. -+ nil, // Tweak key, used only for XTS mode; here set to nil as it’s not required for CBC. -+ 0, // Length of the tweak key, set to 0 as tweak is nil. -+ 0, // Number of rounds, mainly for RC2 and Blowfish; not used here, so set to 0. -+ 0, // Mode options for CTR and F8 modes; not used for CBC, so set to 0. -+ &x.cryptor, // Pointer to the CCCryptorRef output, which will hold the state for encryption or decryption. -+ ) -+ -+ if status != C.kCCSuccess { -+ panic("crypto/des: CCCryptorCreate failed") ++ ossl.MkcgoLoad_(handle) ++ if vMajor == 1 { ++ ossl.MkcgoLoad_legacy_1(handle) ++ if vPatch == 1 { ++ ossl.MkcgoLoad_111(handle) ++ } ++ } else { ++ ossl.MkcgoLoad_111(handle) ++ ossl.MkcgoLoad_3(handle) + } + -+ runtime.SetFinalizer(x, (*cbcCipher).finalize) -+ return x -+ -+} -+ -+func (x *cbcCipher) finalize() { -+ if x.cryptor != nil { -+ C.CCCryptorRelease(x.cryptor) -+ x.cryptor = nil ++ // Initialize OpenSSL. ++ ossl.OPENSSL_init() ++ if _, err = ossl.OPENSSL_init_crypto( ++ ossl.OPENSSL_INIT_ADD_ALL_CIPHERS| ++ ossl.OPENSSL_INIT_ADD_ALL_DIGESTS| ++ ossl.OPENSSL_INIT_LOAD_CONFIG| ++ ossl.OPENSSL_INIT_LOAD_CRYPTO_STRINGS, ++ nil); err != nil { ++ close() ++ return err + } ++ osslHandle = handle ++ return nil +} + -+func (x *cbcCipher) BlockSize() int { return x.blockSize } -+ -+func (x *cbcCipher) CryptBlocks(dst, src []byte) { -+ if inexactOverlap(dst, src) { -+ panic("crypto/cipher: invalid buffer overlap") -+ } -+ if len(src)%x.blockSize != 0 { -+ panic("crypto/cipher: input not full blocks") ++// initForCheckVersion loads and initialize only the ++// functions required in [CheckVersion]. ++// It returns a close function that must be called to release the resources. ++// ++// This function modifies the vMajor, vMinor, and vPatch global variables as ++// well as other internal global variables that facilitate OpenSSL calls. ++// ++// If the function succeeds, calling the close function restores the previous ++// state of the global variables. If it fails, the global variables are restored ++// before returning. ++func initForCheckVersion(file string) (func(), error) { ++ prevMajor, prevMinor, prevPatch := vMajor, vMinor, vPatch ++ restoreVersion := func() { ++ vMajor, vMinor, vPatch = prevMajor, prevMinor, prevPatch + } -+ if len(dst) < len(src) { -+ panic("crypto/cipher: output smaller than input") ++ handle, close, err := openLibrary(file) ++ if err != nil { ++ restoreVersion() ++ return nil, err + } -+ if len(src) == 0 { ++ initFuncs := func() (loadX func(unsafe.Pointer), unloadX func()) { ++ switch vMajor { ++ case 1: ++ loadX = ossl.MkcgoLoad_init_1 ++ unloadX = ossl.MkcgoUnload_init_1 ++ case 3: ++ loadX = ossl.MkcgoLoad_init_3 ++ unloadX = ossl.MkcgoUnload_init_3 ++ default: ++ // We shouldn't get here: openLibrary should have already returned an error. ++ panic(errUnsupportedVersion()) ++ } + return + } -+ var outLength C.size_t -+ status := C.CCCryptorUpdate( -+ x.cryptor, // CCCryptorRef created by CCCryptorCreateWithMode; holds the encryption/decryption state. -+ pbase(src), // Pointer to the input data (source buffer) to be encrypted or decrypted. -+ C.size_t(len(src)), // Length of the input data in bytes. -+ pbase(dst), // Pointer to the output buffer (destination buffer) where the result will be stored. -+ C.size_t(len(dst)), // Size of the output buffer in bytes; must be large enough to hold the processed data. -+ &outLength, // Pointer to a variable that will contain the number of bytes written to the output buffer. -+ ) -+ if status != C.kCCSuccess { -+ panic("crypto/cipher: CCCryptorUpdate failed") -+ } -+ runtime.KeepAlive(x) ++ loadX, unloadX := initFuncs() ++ loadX(handle) ++ return func() { ++ restoreVersion() ++ close() ++ unloadX() ++ if osslHandle != nil { ++ // If osslHandle is not nil, it means that the library was already loaded ++ // and initialized. In this case, we need to reload the functions from ++ // the original handle. ++ loadX, _ = initFuncs() ++ loadX(osslHandle) ++ } ++ }, nil +} + -+func (x *cbcCipher) SetIV(iv []byte) { -+ if len(iv) != x.blockSize { -+ panic("crypto/cipher: incorrect IV length") ++// openLibrary loads and initialize the version of OpenSSL. ++// It returns the handle to the OpenSSL shared library ++// and a function that can be called to release the resources. ++func openLibrary(file string) (handle unsafe.Pointer, close func(), err error) { ++ vMajor, vMinor, vPatch = 0, 0, 0 ++ handle, err = dlopen(file) ++ if err != nil { ++ return nil, nil, err + } -+ status := C.CCCryptorReset( -+ x.cryptor, // CCCryptorRef created by CCCryptorCreateWithMode; holds the encryption/decryption state. -+ pbase(iv), // Pointer to the new IV to be set. -+ ) -+ if status != C.kCCSuccess { -+ panic("crypto/cipher: CCCryptorReset failed") ++ // Retrieve the loaded OpenSSL version and check if it is supported. ++ // Notice that major and minor could not match with the version parameter ++ // in case the name of the shared library file differs from the OpenSSL ++ // version it contains. ++ ossl.MkcgoLoad_version(handle) ++ close = func() { ++ dlclose(handle) ++ if osslHandle == nil { ++ ossl.MkcgoUnload_version() ++ } else { ++ ossl.MkcgoLoad_version(osslHandle) ++ } + } -+ runtime.KeepAlive(x) -+} -+ -+// The following two functions are a mirror of golang.org/x/crypto/internal/subtle. -+ -+func anyOverlap(x, y []byte) bool { -+ return len(x) > 0 && len(y) > 0 && -+ uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) && -+ uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1])) -+} ++ defer func() { ++ if err != nil { ++ close() ++ } ++ }() + -+func inexactOverlap(x, y []byte) bool { -+ if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] { -+ return false ++ if ossl.OPENSSL_version_major_Available() && ++ ossl.OPENSSL_version_minor_Available() && ++ ossl.OPENSSL_version_patch_Available() { ++ // Likely OpenSSL 3 or later. ++ vMajor = uint(ossl.OPENSSL_version_major()) ++ vMinor = uint(ossl.OPENSSL_version_minor()) ++ vPatch = uint(ossl.OPENSSL_version_patch()) ++ } else if ossl.OpenSSL_version_num_Available() { ++ // Likely OpenSSL 1. ++ ver := ossl.OpenSSL_version_num() ++ vMajor = uint(ver >> 28) ++ vMinor = uint(ver >> 20 & 0xFF) ++ vPatch = uint(ver >> 12 & 0xFF) ++ } else { ++ return handle, nil, errors.New("openssl: version not available") + } -+ return anyOverlap(x, y) ++ var supported bool ++ if vMajor == 1 { ++ supported = vMinor == 1 ++ } else if vMajor == 3 { ++ // OpenSSL guarantees API and ABI compatibility within the same major version since OpenSSL 3. ++ supported = true ++ } ++ if !supported { ++ return handle, nil, errUnsupportedVersion() ++ } ++ return handle, close, nil +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/init_unix.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/init_unix.go new file mode 100644 -index 00000000000000..ce490c1167c536 +index 00000000000000..dbf5ac448fdf80 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go -@@ -0,0 +1,117 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/init_unix.go +@@ -0,0 +1,31 @@ ++//go:build unix && !cmd_go_bootstrap + -+package xcrypto ++package openssl + -+// #include ++// #cgo LDFLAGS: -ldl ++// #include ++// #include +import "C" +import ( -+ "crypto/cipher" + "errors" -+ "slices" ++ "unsafe" +) + -+const desBlockSize = C.kCCBlockSizeDES -+ -+type desCipher struct { -+ key []byte -+ kind C.CCAlgorithm -+} -+ -+// NewDESCipher creates a new DES cipher block using the specified key (8 bytes). -+func NewDESCipher(key []byte) (cipher.Block, error) { -+ if len(key) != 8 { -+ return nil, errors.New("crypto/des: invalid key size for DES") -+ } -+ -+ c := &desCipher{ -+ key: slices.Clone(key), -+ kind: C.kCCAlgorithmDES, -+ } -+ return c, nil -+} -+ -+// NewTripleDESCipher creates a new 3DES cipher block using the specified key (24 bytes). -+func NewTripleDESCipher(key []byte) (cipher.Block, error) { -+ if len(key) != 24 { -+ return nil, errors.New("crypto/des: invalid key size for 3DES") -+ } -+ -+ c := &desCipher{ -+ key: slices.Clone(key), -+ kind: C.kCCAlgorithm3DES, ++func dlopen(file string) (handle unsafe.Pointer, err error) { ++ cv := C.CString(file) ++ defer C.free(unsafe.Pointer(cv)) ++ handle = C.dlopen(cv, C.RTLD_LAZY|C.RTLD_LOCAL) ++ if handle == nil { ++ errstr := C.GoString(C.dlerror()) ++ return nil, errors.New("openssl: can't load " + file + ": " + errstr) + } -+ return c, nil ++ return handle, nil +} + -+func (c *desCipher) BlockSize() int { return desBlockSize } -+ -+func (c *desCipher) Encrypt(dst, src []byte) { -+ blockSize := c.BlockSize() -+ if len(src) < blockSize || len(dst) < blockSize { -+ panic("crypto/des: input or output block is too small") -+ } -+ -+ if inexactOverlap(dst[:blockSize], src[:blockSize]) { -+ panic("crypto/des: invalid buffer overlap") -+ } -+ -+ var outLength C.size_t -+ status := C.CCCrypt( -+ C.kCCEncrypt, -+ C.CCAlgorithm(c.kind), -+ C.kCCOptionECBMode, -+ pbase(c.key), -+ C.size_t(len(c.key)), -+ nil, -+ pbase(src[:blockSize]), -+ C.size_t(blockSize), -+ pbase(dst[:blockSize]), -+ C.size_t(blockSize), -+ &outLength, -+ ) -+ if status != C.kCCSuccess { -+ panic("crypto/des: encryption failed") ++func dlclose(handle unsafe.Pointer) error { ++ if C.dlclose(handle) != 0 { ++ errstr := C.GoString(C.dlerror()) ++ return errors.New("openssl: can't close libcrypto: " + errstr) + } ++ return nil +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/init_windows.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/init_windows.go +new file mode 100644 +index 00000000000000..3778e21227abb9 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/init_windows.go +@@ -0,0 +1,36 @@ ++//go:build !cmd_go_bootstrap + -+func (c *desCipher) Decrypt(dst, src []byte) { -+ blockSize := c.BlockSize() -+ if len(src) < blockSize || len(dst) < blockSize { -+ panic("crypto/des: input or output block is too small") -+ } ++package openssl + -+ if inexactOverlap(dst[:blockSize], src[:blockSize]) { -+ panic("crypto/des: invalid buffer overlap") -+ } ++import ( ++ "syscall" ++ "unsafe" ++) + -+ var outLength C.size_t -+ status := C.CCCrypt( -+ C.kCCDecrypt, -+ C.CCAlgorithm(c.kind), -+ C.kCCOptionECBMode, -+ pbase(c.key), -+ C.size_t(len(c.key)), -+ nil, -+ pbase(src[:blockSize]), -+ C.size_t(blockSize), -+ pbase(dst[:blockSize]), -+ C.size_t(blockSize), -+ &outLength, -+ ) -+ if status != C.kCCSuccess { -+ panic("crypto/des: decryption failed") -+ } ++type dlopenError struct { ++ file string ++ err error +} + -+// CBC mode encrypter -+func (c *desCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { -+ return newCBC(C.kCCEncrypt, c.kind, c.key, iv) ++func (e *dlopenError) Error() string { ++ return "openssl: can't load " + e.file + ": " + e.err.Error() +} + -+// CBC mode decrypter -+func (c *desCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { -+ return newCBC(C.kCCDecrypt, c.kind, c.key, iv) ++func (e *dlopenError) Unwrap() error { ++ return e.err +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go -new file mode 100644 -index 00000000000000..e57bde33af4c98 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go -@@ -0,0 +1,32 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin -+ -+package xcrypto + -+func curveToKeySizeInBits(curve string) int { -+ switch curve { -+ case "P-256": -+ return 256 -+ case "P-384": -+ return 384 -+ case "P-521": -+ return 521 -+ default: -+ return 0 ++func dlopen(file string) (handle unsafe.Pointer, err error) { ++ // As Windows generally does not ship with a system OpenSSL library, let ++ // alone a FIPS 140 certified one, use the default library search order so ++ // that we preferentially load the DLL bundled with the application. ++ h, err := syscall.LoadLibrary(file) ++ if err != nil { ++ return nil, &dlopenError{file: file, err: err} + } ++ return unsafe.Pointer(h), nil +} + -+func curveToKeySizeInBytes(curve string) int { -+ switch curve { -+ case "P-256": -+ return (256 + 7) / 8 -+ case "P-384": -+ return (384 + 7) / 8 -+ case "P-521": -+ return (521 + 7) / 8 -+ default: -+ return 0 -+ } ++func dlclose(handle unsafe.Pointer) error { ++ return syscall.FreeLibrary(syscall.Handle(handle)) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl.go new file mode 100644 -index 00000000000000..3bdd3937670285 +index 00000000000000..c63aef25960668 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go -@@ -0,0 +1,135 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl.go +@@ -0,0 +1,384 @@ ++//go:build !cmd_go_bootstrap + -+//go:build darwin ++// Package openssl provides access to OpenSSL cryptographic functions. ++package openssl + -+package xcrypto ++/* ++#include // for free() + -+// #include ++static inline void ++go_openssl_do_leak_check(void) ++{ ++#ifndef __has_feature ++#define __has_feature(x) 0 ++#endif ++ ++#if (defined(__SANITIZE_ADDRESS__) && __SANITIZE_ADDRESS__) || \ ++ __has_feature(address_sanitizer) ++ extern void __lsan_do_leak_check(void); ++ __lsan_do_leak_check(); ++#endif ++} ++*/ +import "C" +import ( + "errors" -+ "runtime" -+ "slices" ++ "math/bits" ++ "strconv" ++ "sync" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+type PublicKeyECDH struct { -+ _pkey C.SecKeyRef -+ bytes []byte ++var ( ++ // vMajor and vMinor hold the major/minor OpenSSL version. ++ // It is only populated if Init has been called. ++ vMajor, vMinor, vPatch uint ++) ++ ++var ( ++ initOnce sync.Once ++ initErr error ++) ++ ++var isBigEndian bool ++ ++// CheckVersion checks if the OpenSSL version can be loaded ++// and if the FIPS mode is enabled. ++// This function can be called before Init. ++// All OpenSSL functions used in here should be tagged with "init_1" or "init_3" in shims.h. ++func CheckVersion(version string) (exists, fips bool) { ++ close, err := initForCheckVersion(version) ++ if err != nil { ++ return false, false ++ } ++ defer close() ++ return true, FIPS() ++} ++ ++// Init loads and initializes OpenSSL from the shared library at path. ++// It must be called before any other OpenSSL call, except CheckVersion. ++// ++// Only the first call to Init is effective. ++// Subsequent calls will return the same error result as the one from the first call. ++// ++// The file is passed to dlopen() verbatim to load the OpenSSL shared library. ++// For example, `file=libcrypto.so.1.1.1k-fips` makes Init look for the shared ++// library libcrypto.so.1.1.1k-fips. ++func Init(file string) error { ++ initOnce.Do(func() { ++ buf := [2]byte{} ++ *(*uint16)(unsafe.Pointer(&buf[0])) = uint16(0xABCD) ++ ++ switch buf { ++ case [2]byte{0xCD, 0xAB}: ++ isBigEndian = false ++ case [2]byte{0xAB, 0xCD}: ++ isBigEndian = true ++ default: ++ panic("Could not determine native endianness.") ++ } ++ initErr = opensslInit(file) ++ }) ++ return initErr +} + -+func (k *PublicKeyECDH) finalize() { -+ if k._pkey != 0 { -+ C.CFRelease(C.CFTypeRef(k._pkey)) -+ } ++func utoa(n uint) string { ++ return strconv.FormatUint(uint64(n), 10) +} + -+type PrivateKeyECDH struct { -+ _pkey C.SecKeyRef -+ pub []byte ++func errUnsupportedVersion() error { ++ return errors.New("openssl: OpenSSL version: " + utoa(vMajor) + "." + utoa(vMinor) + "." + utoa(vPatch)) +} + -+func (k *PrivateKeyECDH) finalize() { -+ if k._pkey != 0 { -+ C.CFRelease(C.CFTypeRef(k._pkey)) ++// checkMajorVersion panics if the current major version is not expected. ++func checkMajorVersion(expected uint) { ++ if vMajor != expected { ++ panic("openssl: incorrect major version (" + strconv.Itoa(int(vMajor)) + "), expected " + strconv.Itoa(int(expected))) + } +} + -+func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) { -+ if len(bytes) < 1 { -+ return nil, errors.New("NewPublicKeyECDH: missing key") -+ } -+ pubKeyRef, err := createSecKeyWithData(bytes, C.kSecAttrKeyTypeECSECPrimeRandom, C.kSecAttrKeyClassPublic) -+ if err != nil { -+ return nil, err -+ } -+ pubKey := &PublicKeyECDH{pubKeyRef, slices.Clone(bytes)} -+ runtime.SetFinalizer(pubKey, (*PublicKeyECDH).finalize) -+ return pubKey, nil -+} ++type fail string + -+func (k *PublicKeyECDH) Bytes() []byte { return k.bytes } ++func (e fail) Error() string { return "openssl: " + string(e) + " failed" } + -+// bytes expects the public key to be in uncompressed ANSI X9.63 format -+func NewPrivateKeyECDH(curve string, pub, priv []byte) (*PrivateKeyECDH, error) { -+ key := append(slices.Clone(pub), priv...) -+ privKeyRef, err := createSecKeyWithData(key, C.kSecAttrKeyTypeECSECPrimeRandom, C.kSecAttrKeyClassPrivate) -+ if err != nil { -+ return nil, err -+ } -+ privKey := &PrivateKeyECDH{privKeyRef, pub} -+ runtime.SetFinalizer(privKey, (*PrivateKeyECDH).finalize) -+ return privKey, nil ++// VersionText returns the version text of the OpenSSL currently loaded. ++func VersionText() string { ++ return C.GoString((*C.char)(unsafe.Pointer(ossl.OpenSSL_version(0)))) +} + -+func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { -+ defer runtime.KeepAlive(k) -+ pubKeyRef := C.SecKeyCopyPublicKey(k._pkey) -+ if pubKeyRef == 0 { -+ return nil, errors.New("failed to extract public key") ++// FIPS returns true if OpenSSL is running in FIPS mode and there is ++// a provider available that supports FIPS. It returns false otherwise. ++// All OpenSSL functions used in here should be tagged with "init_1" or "init_3" in shims.h. ++func FIPS() bool { ++ switch vMajor { ++ case 1: ++ return ossl.FIPS_mode() == 1 ++ case 3: ++ // Check if the default properties contain `fips=1`. ++ if ossl.EVP_default_properties_is_fips_enabled(nil) != 1 { ++ // Note that it is still possible that the provider used by default is FIPS-compliant, ++ // but that wouldn't be a system or user requirement. ++ return false ++ } ++ // Check if the SHA-256 algorithm is available. If it is, then we can be sure that there is a provider available that matches ++ // the `fips=1` query. Most notably, this works for the common case of using the built-in FIPS provider. ++ // ++ // Note that this approach has a small chance of false negative if the FIPS provider doesn't provide the SHA-256 algorithm, ++ // but that is highly unlikely because SHA-256 is one of the most common algorithms and fundamental to many cryptographic operations. ++ // It also has a small chance of false positive if the FIPS provider implements the SHA-256 algorithm but not the other algorithms ++ // used by the caller application, but that is also unlikely because the FIPS provider should provide all common algorithms. ++ return proveSHA256("") ++ default: ++ panic(errUnsupportedVersion()) + } -+ pubKey := &PublicKeyECDH{pubKeyRef, k.pub} -+ runtime.SetFinalizer(pubKey, (*PublicKeyECDH).finalize) -+ return pubKey, nil +} + -+func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) { -+ defer runtime.KeepAlive(priv) -+ defer runtime.KeepAlive(pub) -+ -+ var algorithm C.CFStringRef = C.kSecKeyAlgorithmECDHKeyExchangeStandard -+ -+ supported := C.SecKeyIsAlgorithmSupported(priv._pkey, C.kSecKeyOperationTypeKeyExchange, algorithm) -+ if supported == 0 { -+ return nil, errors.New("ECDH algorithm not supported for the given private key") ++// FIPSCapable returns true if the provider used by default matches the `fips=yes` query. ++// It is useful for checking whether OpenSSL is capable of running in FIPS mode regardless ++// of whether FIPS mode is explicitly enabled. For example, Azure Linux 3 doesn't set the ++// `fips=yes` query in the default properties, but sets the default provider to be SCOSSL, ++// which is FIPS-capable. ++// ++// Considerations: ++// - Multiple calls to FIPSCapable can return different values if [SetFIPS] is called in between. ++// - Can return true even if [FIPS] returns false, because [FIPS] also checks whether ++// the default properties contain `fips=yes`. ++// - When using OpenSSL 3, will always return true if [FIPS] returns true. ++// - When using OpenSSL 1, Will always return the same value as [FIPS]. ++// - OpenSSL 3 doesn't provide a way to know if a provider is FIPS-capable. This function uses ++// some heuristics that should be treated as an implementation detail that may change in the future. ++func FIPSCapable() bool { ++ if FIPS() { ++ return true + } -+ -+ var cfErr C.CFErrorRef -+ // Perform the key exchange -+ sharedSecretRef := C.SecKeyCopyKeyExchangeResult( -+ priv._pkey, -+ algorithm, -+ pub._pkey, -+ C.CFDictionaryRef(0), -+ &cfErr, -+ ) -+ if err := goCFErrorRef(cfErr); err != nil { -+ return nil, err ++ if vMajor == 3 { ++ // Load the provider with and without the `fips=yes` query. ++ // If the providers are the same, then the default provider is FIPS-capable. ++ provFIPS := sha256Provider(_ProviderNameFips) ++ if provFIPS == nil { ++ return false ++ } ++ provDefault := sha256Provider("") ++ return provFIPS == provDefault + } -+ defer C.CFRelease(C.CFTypeRef(sharedSecretRef)) -+ -+ sharedSecret := cfDataToBytes(sharedSecretRef) -+ return sharedSecret, nil ++ return false +} + -+func GenerateKeyECDH(curve string) (*PrivateKeyECDH, []byte, error) { -+ keySize := curveToKeySizeInBytes(curve) -+ if keySize == 0 { -+ return nil, nil, errors.New("unsupported curve") -+ } -+ keySizeInBits := curveToKeySizeInBits(curve) -+ // Generate the private key and get its DER representation -+ privKeyDER, privKeyRef, err := createSecKeyRandom(C.kSecAttrKeyTypeECSECPrimeRandom, keySizeInBits) -+ if err != nil { -+ return nil, nil, err -+ } -+ pub, priv, err := extractECDHComponents(privKeyDER, keySize) -+ if err != nil { -+ C.CFRelease(C.CFTypeRef(privKeyRef)) -+ return nil, nil, err ++// isProviderAvailable checks if the provider with the given name is available. ++// This function is used in export_test.go, but must be defined here as test files can't access C functions. ++func isProviderAvailable(name string) bool { ++ if vMajor == 1 { ++ return false + } -+ k := &PrivateKeyECDH{privKeyRef, pub} -+ runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize) -+ return k, priv, nil ++ providerName := C.CString(name) ++ defer C.free(unsafe.Pointer(providerName)) ++ return ossl.OSSL_PROVIDER_available(nil, (*byte)(unsafe.Pointer(providerName))) == 1 +} + -+func extractECDHComponents(der []byte, keySize int) (pub, priv []byte, err error) { -+ // The private component is the last of the three equally-sized chunks -+ // for the elliptic curve private key. -+ if len(der) != 1+keySize*3 { -+ return nil, nil, errors.New("invalid key length: insufficient data for private component") ++// SetFIPS enables or disables FIPS mode. ++// ++// For OpenSSL 3, if there is no provider available that supports FIPS mode, ++// SetFIPS will try to load a built-in provider that supports FIPS mode. ++func SetFIPS(enable bool) error { ++ if FIPS() == enable { ++ // Already in the desired state. ++ return nil + } -+ pub = der[:1+keySize*2] -+ priv = der[1+keySize*2:] -+ return -+} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go -new file mode 100644 -index 00000000000000..fb0e207a89ff67 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go -@@ -0,0 +1,181 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin -+ -+package xcrypto -+ -+// #include -+import "C" -+import ( -+ "errors" -+ "runtime" -+) -+ -+type PrivateKeyECDSA struct { -+ _pkey C.SecKeyRef -+} -+ -+func (k *PrivateKeyECDSA) finalize() { -+ if k._pkey != 0 { -+ C.CFRelease(C.CFTypeRef(k._pkey)) ++ var mode int32 ++ if enable { ++ mode = int32(1) ++ } else { ++ mode = int32(0) ++ } ++ switch vMajor { ++ case 1: ++ if _, err := ossl.FIPS_mode_set(mode); err != nil { ++ return err ++ } ++ return nil ++ case 3: ++ var shaProps, provName cString ++ if enable { ++ shaProps = _PropFIPSYes ++ provName = _ProviderNameFips ++ } else { ++ shaProps = _PropFIPSNo ++ provName = _ProviderNameDefault ++ } ++ if !proveSHA256(shaProps) { ++ // There is no provider available that supports the desired FIPS mode. ++ // Try to load the built-in provider associated with the given mode. ++ if p, _ := ossl.OSSL_PROVIDER_try_load(nil, provName.ptr(), 1); p == nil { ++ // The built-in provider was not loaded successfully, we can't enable FIPS mode. ++ ossl.ERR_clear_error() ++ return errors.New("openssl: FIPS mode not supported by any provider") ++ } ++ } ++ _, err := ossl.EVP_default_properties_enable_fips(nil, mode) ++ return err ++ default: ++ panic(errUnsupportedVersion()) + } +} + -+func (k *PrivateKeyECDSA) withKey(f func(C.SecKeyRef) C.int) C.int { -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} -+ -+type PublicKeyECDSA struct { -+ _pkey C.SecKeyRef -+} -+ -+func (k *PublicKeyECDSA) finalize() { -+ if k._pkey != 0 { -+ C.CFRelease(C.CFTypeRef(k._pkey)) ++// sha256Provider returns the provider for the SHA-256 algorithm ++// using the given properties. ++func sha256Provider(props cString) ossl.OSSL_PROVIDER_PTR { ++ md, _ := ossl.EVP_MD_fetch(nil, _DigestNameSHA2_256.ptr(), props.ptr()) ++ if md == nil { ++ ossl.ERR_clear_error() ++ return nil + } ++ defer ossl.EVP_MD_free(md) ++ return ossl.EVP_MD_get0_provider(md) +} + -+func (k *PublicKeyECDSA) withKey(f func(C.SecKeyRef) C.int) C.int { -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) ++// proveSHA256 checks if the SHA-256 algorithm is available ++// using the given properties. ++func proveSHA256(props cString) bool { ++ return sha256Provider(props) != nil +} + -+func NewPublicKeyECDSA(curve string, x, y BigInt) (*PublicKeyECDSA, error) { -+ keySize := curveToKeySizeInBytes(curve) -+ if keySize == 0 { -+ return nil, errors.New("unsupported curve") -+ } -+ encodedKey, err := encodeToUncompressedAnsiX963Key(x, y, nil, keySize) -+ if err != nil { -+ return nil, errors.New("failed to encode public key to uncompressed ANSI X9.63 format") -+ } ++var zero byte + -+ pubKeyRef, err := createSecKeyWithData(encodedKey, C.kSecAttrKeyTypeECSECPrimeRandom, C.kSecAttrKeyClassPublic) -+ if err != nil { -+ return nil, err ++// baseNeverEmpty returns the address of the underlying array in b. ++// If b has zero length, it returns a pointer to a zero byte. ++func baseNeverEmpty(b []byte) *byte { ++ if len(b) == 0 { ++ return &zero + } ++ return unsafe.SliceData(b) ++} + -+ pubKey := &PublicKeyECDSA{_pkey: pubKeyRef} -+ runtime.SetFinalizer(pubKey, (*PublicKeyECDSA).finalize) -+ return pubKey, nil ++// pbaseNeverEmpty returns the address of the underlying array in b. ++// If b has zero length, it returns a pointer to a zero byte. ++func pbaseNeverEmpty(b []byte) unsafe.Pointer { ++ return unsafe.Pointer(baseNeverEmpty(b)) +} + -+// NewPrivateKeyECDSA creates a new ECDSA private key using the provided curve name and parameters (x, y, d). -+func NewPrivateKeyECDSA(curve string, x, y, d BigInt) (*PrivateKeyECDSA, error) { -+ keySize := curveToKeySizeInBytes(curve) -+ if keySize == 0 { -+ return nil, errors.New("unsupported curve") -+ } -+ encodedKey, err := encodeToUncompressedAnsiX963Key(x, y, d, keySize) -+ if err != nil { -+ return nil, errors.New("crypto/ecdsa: failed to encode private key: " + err.Error()) -+ } ++// pbase returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++func pbase(b []byte) unsafe.Pointer { ++ return unsafe.Pointer(base(b)) ++} + -+ privKeyRef, err := createSecKeyWithData(encodedKey, C.kSecAttrKeyTypeECSECPrimeRandom, C.kSecAttrKeyClassPrivate) -+ if err != nil { -+ return nil, err ++// base returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++func base(b []byte) *byte { ++ if len(b) == 0 { ++ return nil + } -+ -+ // Wrap and finalize -+ k := &PrivateKeyECDSA{_pkey: privKeyRef} -+ runtime.SetFinalizer(k, (*PrivateKeyECDSA).finalize) -+ return k, nil ++ return unsafe.SliceData(b) +} + -+func GenerateKeyECDSA(curve string) (x, y, d BigInt, err error) { -+ keySize := curveToKeySizeInBytes(curve) -+ if keySize == 0 { -+ return nil, nil, nil, errors.New("unsupported curve") ++// cryptoMalloc allocates n bytes of memory on the OpenSSL heap, which may be ++// different from the heap which C.malloc allocates on. The allocated object ++// must be freed using cryptoFree. cryptoMalloc is equivalent to the ++// OPENSSL_malloc macro. ++// ++// Like C.malloc, this function is guaranteed to never return nil. If OpenSSL's ++// malloc indicates out of memory, it crashes the program. ++// ++// Only objects which the OpenSSL library will take ownership of (i.e. will be ++// freed by OPENSSL_free / CRYPTO_free) need to be allocated on the OpenSSL ++// heap. ++func cryptoMalloc(n int) unsafe.Pointer { ++ p, _ := ossl.CRYPTO_malloc(n, nil, 0) ++ if p == nil { ++ // Un-recover()-ably crash the program in the same manner as the ++ // C.malloc() wrapper function. ++ runtime_throw("openssl: CRYPTO_malloc failed") + } ++ return p ++} + -+ keySizeInBits := curveToKeySizeInBits(curve) -+ privKeyDER, privKeyRef, err := createSecKeyRandom(C.kSecAttrKeyTypeECSECPrimeRandom, keySizeInBits) -+ if err != nil { -+ return nil, nil, nil, err -+ } -+ defer C.CFRelease(C.CFTypeRef(privKeyRef)) -+ return decodeFromUncompressedAnsiX963Key(privKeyDER, keySize) ++// cryptoFree frees an object allocated on the OpenSSL heap, which may be ++// different from the heap which C.malloc allocates on. cryptoFree is equivalent ++// to the OPENSSL_free macro. ++func cryptoFree(p unsafe.Pointer) { ++ ossl.CRYPTO_free(p, nil, 0) +} + -+func SignMarshalECDSA(priv *PrivateKeyECDSA, hashed []byte) ([]byte, error) { -+ return evpSign(priv.withKey, algorithmTypeECDSA, 0, hashed) ++const wordBytes = bits.UintSize / 8 ++ ++// Reverse each limb of z. ++func (z BigInt) byteSwap() { ++ for i, d := range z { ++ var n uint = 0 ++ for j := range wordBytes { ++ n |= uint(byte(d)) << (8 * (wordBytes - j - 1)) ++ d >>= 8 ++ } ++ z[i] = n ++ } +} + -+func VerifyECDSA(pub *PublicKeyECDSA, hashed []byte, sig []byte) bool { -+ return evpVerify(pub.withKey, algorithmTypeECDSA, 0, hashed, sig) == nil ++func wbase(b BigInt) *byte { ++ if len(b) == 0 { ++ return nil ++ } ++ return (*byte)(unsafe.Pointer(unsafe.SliceData(b))) +} + -+// encodeToUncompressedAnsiX963Key encodes the given elliptic curve point (x, y) and optional private key (d) -+// into an uncompressed ANSI X9.63 format byte slice. -+func encodeToUncompressedAnsiX963Key(x, y, d BigInt, keySize int) ([]byte, error) { -+ // Build the uncompressed key point (0x04 || x || y { || d }) -+ size := 1 + keySize*2 -+ if d != nil { -+ size += keySize ++func bigToBN(x BigInt) (ossl.BIGNUM_PTR, error) { ++ if len(x) == 0 { ++ return nil, nil + } -+ out := make([]byte, size) -+ out[0] = 0x04 -+ err := encodeBigInt(out[1:], []sizedBigInt{ -+ {x, keySize}, {y, keySize}, -+ {d, keySize}, -+ }) ++ if isBigEndian { ++ z := make(BigInt, len(x)) ++ copy(z, x) ++ z.byteSwap() ++ x = z ++ } ++ // Limbs are always ordered in LSB first, so we can safely apply ++ // BN_lebin2bn regardless of host endianness. ++ bn, err := ossl.BN_lebin2bn(wbase(x), int32(len(x)*wordBytes), nil) + if err != nil { + return nil, err + } -+ return out, nil ++ return bn, nil +} + -+// decodeFromUncompressedAnsiX963Key decodes the given uncompressed ANSI X9.63 format byte slice into -+// the elliptic curve point (x, y) and optional private key (d). -+func decodeFromUncompressedAnsiX963Key(key []byte, keySize int) (x, y, d BigInt, err error) { -+ if len(key) < 1 || key[0] != 0x04 { -+ return nil, nil, nil, errors.New("invalid uncompressed key format") ++func bnToBig(bn ossl.BIGNUM_PTR) BigInt { ++ if bn == nil { ++ return nil + } -+ if len(key) < 1+keySize*2 { -+ return nil, nil, nil, errors.New("invalid key length") ++ ++ // Limbs are always ordered in LSB first, so we can safely apply ++ // BN_bn2lebinpad regardless of host endianness. ++ x := make(BigInt, ossl.BN_num_bits(bn)) ++ if _, err := ossl.BN_bn2lebinpad(bn, wbase(x), int32(len(x)*wordBytes)); err != nil { ++ panic(err) + } -+ x = normalizeBigInt(key[1 : 1+keySize]) -+ y = normalizeBigInt(key[1+keySize : 1+keySize*2]) -+ if len(key) > 1+keySize*2 { -+ d = normalizeBigInt(key[1+keySize*2:]) -+ return x, y, d, nil ++ if isBigEndian { ++ x.byteSwap() + } -+ return x, y, nil, nil ++ return x +} + -+func normalizeBigInt(b []byte) BigInt { -+ // Remove leading zero bytes -+ for len(b) > 0 && b[0] == 0 { -+ b = b[1:] -+ } -+ return b ++// bnToBinPad converts the absolute value of bn into big-endian form and stores ++// it at to, padding with zeroes if necessary. If len(to) is not large enough to ++// hold the result, an error is returned. ++func bnToBinPad(bn ossl.BIGNUM_PTR, to []byte) error { ++ _, err := ossl.BN_bn2binpad(bn, base(to), int32(len(to))) ++ return err +} + -+// sizedBigInt defines a big integer with -+// a size that can be different from the -+// one provided by len(b). -+type sizedBigInt struct { -+ b BigInt -+ size int ++func CheckLeaks() { ++ C.go_openssl_do_leak_check() +} + -+// encodeBigInt encodes ints into data. -+// It stops iterating over ints when it finds one nil element. -+func encodeBigInt(data []byte, ints []sizedBigInt) error { -+ for _, v := range ints { -+ if v.b == nil { -+ return nil -+ } -+ normalized := normalizeBigInt(v.b) -+ // b might be shorter than size if the original big number contained leading zeros. -+ leadingZeros := int(v.size) - len(normalized) -+ if leadingZeros < 0 { -+ return errors.New("commoncrypto: invalid parameters") -+ } -+ copy(data[leadingZeros:], normalized) -+ data = data[v.size:] -+ } -+ return nil ++// versionAtOrAbove returns true when ++// (vMajor, vMinor, vPatch) >= (major, minor, patch), ++// compared lexicographically. ++func versionAtOrAbove(major, minor, patch uint) bool { ++ return vMajor > major || (vMajor == major && vMinor > minor) || (vMajor == major && vMinor == minor && vPatch >= patch) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go ++ ++func bigEndianUint64(b []byte) uint64 { ++ _ = b[7] // bounds check hint to compiler; see golang.org/issue/14808 ++ return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | ++ uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/params.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/params.go new file mode 100644 -index 00000000000000..f59e6f9af58cd4 +index 00000000000000..def3f021be19da --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go -@@ -0,0 +1,100 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin && cgo -+ -+package xcrypto -+ -+import ( -+ "strconv" -+ -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/params.go +@@ -0,0 +1,195 @@ ++//go:build !cmd_go_bootstrap + -+const ( -+ // publicKeySizeEd25519 is the size, in bytes, of public keys as used in crypto/ed25519. -+ publicKeySizeEd25519 = 32 -+ // privateKeySizeEd25519 is the size, in bytes, of private keys as used in crypto/ed25519. -+ privateKeySizeEd25519 = 64 -+ // signatureSizeEd25519 is the size, in bytes, of signatures generated and verified by crypto/ed25519. -+ signatureSizeEd25519 = 64 -+ // seedSizeEd25519 is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032. -+ seedSizeEd25519 = 32 -+) ++package openssl + -+// PublicKeyEd25519 represents an Ed25519 public key. -+type PublicKeyEd25519 []byte ++import "C" ++import ( ++ "runtime" + -+// PrivateKeyEd25519 represents an Ed25519 private key. -+type PrivateKeyEd25519 []byte ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+func (k PrivateKeyEd25519) Public() PublicKeyEd25519 { -+ publicKey := make([]byte, publicKeySizeEd25519) -+ copy(publicKey, k[seedSizeEd25519:]) -+ return PublicKeyEd25519(publicKey) ++type addParamError struct { ++ name string ++ err error +} + -+// GenerateKeyEd25519 generates a new Ed25519 private key. -+func GenerateKeyEd25519() PrivateKeyEd25519 { -+ pkeyPriv := make([]byte, privateKeySizeEd25519) -+ cryptokit.GenerateKeyEd25519(pkeyPriv) -+ return pkeyPriv ++func (e addParamError) Error() string { ++ return "failed to add parameter " + e.name + ": " + e.err.Error() +} + -+func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { -+ if len(priv) != privateKeySizeEd25519 { -+ panic("ed25519: bad private key length: " + strconv.Itoa(len(priv))) -+ } -+ return NewPrivateKeyEd25519FromSeed(priv[:seedSizeEd25519]) ++type bnParam struct { ++ value ossl.BIGNUM_PTR ++ private bool +} + -+func (k PrivateKeyEd25519) Bytes() ([]byte, error) { -+ return k, nil ++// paramBuilder is a helper for building OSSL_PARAMs. ++// If an error occurs when adding a new parameter, ++// subsequent calls to add parameters are ignored ++// and build() will return the error. ++type paramBuilder struct { ++ bld ossl.OSSL_PARAM_BLD_PTR ++ pinner runtime.Pinner ++ bnToFree []bnParam ++ ++ err error +} + -+func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { -+ if len(pub) != publicKeySizeEd25519 { -+ panic("ed25519: bad public key length: " + strconv.Itoa(len(pub))) -+ } -+ pkey := make([]byte, publicKeySizeEd25519) -+ err := cryptokit.NewPublicKeyEd25519(pkey, pub) ++// newParamBuilder creates a new paramBuilder. ++func newParamBuilder() (*paramBuilder, error) { ++ bld, err := ossl.OSSL_PARAM_BLD_new() + if err != nil { + return nil, err + } -+ return pkey, nil ++ pb := ¶mBuilder{ ++ bld: bld, ++ bnToFree: make([]bnParam, 0, 8), // the maximum known number of BIGNUMs to free are 8 for RSA ++ } ++ runtime.SetFinalizer(pb, (*paramBuilder).finalize) ++ return pb, nil +} + -+func (k PublicKeyEd25519) Bytes() ([]byte, error) { -+ return k, nil ++// finalize frees the builder. ++func (b *paramBuilder) finalize() { ++ if b.bld != nil { ++ b.pinner.Unpin() ++ for _, bn := range b.bnToFree { ++ if bn.private { ++ ossl.BN_clear_free(bn.value) ++ } else { ++ ossl.BN_free(bn.value) ++ } ++ } ++ ossl.OSSL_PARAM_BLD_free(b.bld) ++ b.bld = nil ++ } +} + -+// NewPrivateKeyEd25519FromSeed calculates a private key from a seed. It will panic if -+// len(seed) is not [SeedSize]. RFC 8032's private keys correspond to seeds in this -+// package. -+// NewPrivateKeyEd25519FromSeed creates an Ed25519 private key from a seed. -+func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { -+ if len(seed) != seedSizeEd25519 { -+ panic("ed25519: bad seed length: " + strconv.Itoa(len(seed))) ++// check is used internally to enforce invariants and should not be called by users of paramBuilder. ++// Returns true if it's ok to add parameters to the builder or build it. ++// Returns false if there has been an error while adding a parameter. ++// Panics if the paramBuilder has been freed, e.g. if it has already been built. ++func (b *paramBuilder) check() bool { ++ if b.err != nil { ++ return false + } -+ pkey := make([]byte, privateKeySizeEd25519) -+ err := cryptokit.NewPrivateKeyEd25519FromSeed(pkey, seed) -+ if err != nil { -+ return nil, err ++ if b.bld == nil { ++ panic("openssl: paramBuilder has been freed") + } -+ return pkey, nil ++ return true +} + -+// SignEd25519 signs the message with priv and returns a signature. -+func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { -+ sig := make([]byte, signatureSizeEd25519) -+ err := cryptokit.SignEd25519(sig, priv, message) ++// build creates an OSSL_PARAM from the builder. ++// The returned OSSL_PARAM must be freed with OSSL_PARAM_free. ++// If an error occurred while adding parameters, the error is returned ++// and the OSSL_PARAM is nil. Once build() is called, the builder is finalized ++// and cannot be reused. ++func (b *paramBuilder) build() (ossl.OSSL_PARAM_PTR, error) { ++ defer b.finalize() ++ if !b.check() { ++ return nil, b.err ++ } ++ param, err := ossl.OSSL_PARAM_BLD_to_param(b.bld) + if err != nil { + return nil, err + } -+ return sig, nil ++ return param, nil +} + -+// VerifyEd25519 reports whether sig is a valid signature of message by pub. -+func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { -+ return cryptokit.VerifyEd25519(pub, message, sig) ++// addUTF8String adds a NUL-terminated UTF-8 string to the builder. ++// size should not include the terminating NUL byte. If size is zero, then it will be calculated. ++func (b *paramBuilder) addUTF8String(name cString, value *byte, size int) { ++ if !b.check() { ++ return ++ } ++ // OSSL_PARAM_BLD_push_utf8_string calculates the size if it is zero. ++ if _, err := ossl.OSSL_PARAM_BLD_push_utf8_string(b.bld, name.ptr(), value, size); err != nil { ++ b.err = addParamError{name.str(), err} ++ } +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go -new file mode 100644 -index 00000000000000..6928418b4d26b9 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go -@@ -0,0 +1,345 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin -+ -+package xcrypto -+ -+// #include -+import "C" -+import ( -+ "crypto" -+ "errors" -+ "hash" -+ "strconv" -+ "unsafe" -+ -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) -+ -+type algorithmType int -+ -+const ( -+ algorithmTypePSS algorithmType = iota -+ algorithmTypeRAW -+ algorithmTypePKCS1v15Enc -+ algorithmTypePKCS1v15Sig -+ algorithmTypeOAEP -+ algorithmTypeECDSA -+) -+ -+type withKeyFunc func(func(C.SecKeyRef) C.int) C.int + -+// Encrypt encrypts a plaintext message using a given key and algorithm. -+func evpEncrypt(withKey withKeyFunc, algorithmType algorithmType, plaintext []byte, hash hash.Hash) ([]byte, error) { -+ var cryptoHash crypto.Hash -+ if hash != nil { -+ var err error -+ cryptoHash, err = hashToCryptoHash(hash) -+ if err != nil { -+ return nil, err -+ } ++// addOctetString adds an octet string to the builder. ++// The value is pinned and will be unpinned when the builder is freed. ++func (b *paramBuilder) addOctetString(name cString, value []byte) { ++ if !b.check() { ++ return + } -+ algorithm, err := selectAlgorithm(cryptoHash, algorithmType) -+ if err != nil { -+ return nil, err ++ if value == nil { ++ // Short-circuit a nil slice: don't pass anything at all to OpenSSL. ++ // OpenSSL 3.5.6 raises an error when passed null, and expects users ++ // to not call this function at all in this case. ++ // See https://github.com/openssl/openssl/issues/30728 ++ // ++ // Don't short-circuit empty slices, as they might have a meaning. ++ // For example, in KDFs an empty salt is different from a nil salt. ++ return + } ++ if len(value) != 0 { ++ b.pinner.Pin(&value[0]) ++ } ++ if _, err := ossl.OSSL_PARAM_BLD_push_octet_string(b.bld, name.ptr(), pbaseNeverEmpty(value), len(value)); err != nil { ++ b.err = addParamError{name.str(), err} ++ } ++} + -+ dataRef := bytesToCFData(plaintext) -+ defer cfRelease(unsafe.Pointer(dataRef)) -+ -+ var encryptedDataRef C.CFDataRef -+ result := withKey(func(key C.SecKeyRef) C.int { -+ if C.SecKeyIsAlgorithmSupported(key, C.kSecKeyOperationTypeEncrypt, algorithm) != 1 { -+ return -1 // Algorithm not supported by the key -+ } -+ encryptedDataRef = C.SecKeyCreateEncryptedData(key, algorithm, dataRef, nil) -+ if encryptedDataRef == 0 { -+ return -1 // Encryption failed -+ } -+ return 0 -+ }) -+ if result != 0 { -+ return nil, errors.New("encryption failed") ++// addInt32 adds an int32 to the builder. ++func (b *paramBuilder) addInt32(name cString, value int32) { ++ if !b.check() { ++ return + } -+ defer cfRelease(unsafe.Pointer(encryptedDataRef)) ++ if _, err := ossl.OSSL_PARAM_BLD_push_int32(b.bld, name.ptr(), value); err != nil { ++ b.err = addParamError{name.str(), err} ++ } ++} + -+ return cfDataToBytes(encryptedDataRef), nil ++// addBN adds a GOossl.BIGNUM_PTR to the builder. ++func (b *paramBuilder) addBN(name cString, value ossl.BIGNUM_PTR) { ++ if !b.check() { ++ return ++ } ++ if _, err := ossl.OSSL_PARAM_BLD_push_BN(b.bld, name.ptr(), value); err != nil { ++ b.err = addParamError{name.str(), err} ++ } +} + -+// Decrypt decrypts a ciphertext using a given key and algorithm. -+func evpDecrypt(withKey withKeyFunc, algorithmType algorithmType, ciphertext []byte, hash hash.Hash) ([]byte, error) { -+ var cryptoHash crypto.Hash -+ if hash != nil { -+ var err error -+ cryptoHash, err = hashToCryptoHash(hash) -+ if err != nil { -+ return nil, err -+ } ++// addBin adds a byte slice to the builder. ++// The slice is converted to a BIGNUM using BN_bin2bn and freed when the builder is finalized. ++// If private is true, the BIGNUM will be cleared with BN_clear_free, ++// otherwise it will be freed with BN_free. ++func (b *paramBuilder) addBin(name cString, value []byte, private bool) { ++ if !b.check() { ++ return ++ } ++ if len(value) == 0 { ++ // Nothing to do. ++ return ++ } ++ bn, err := ossl.BN_bin2bn(base(value), int32(len(value)), nil) ++ if err != nil { ++ b.err = err ++ return ++ } ++ b.bnToFree = append(b.bnToFree, bnParam{bn, private}) ++ b.addBN(name, bn) ++} ++ ++// addBigInt adds a BigInt to the builder. ++// The BigInt is converted using bigToBN to a BIGNUM that is freed when the builder is finalized. ++// If private is true, the BIGNUM will be cleared with BN_clear_free, ++// otherwise it will be freed with BN_free. ++func (b *paramBuilder) addBigInt(name cString, value BigInt, private bool) { ++ if !b.check() { ++ return + } -+ algorithm, err := selectAlgorithm(cryptoHash, algorithmType) ++ if len(value) == 0 { ++ // Nothing to do. ++ return ++ } ++ bn, err := bigToBN(value) + if err != nil { -+ return nil, err ++ b.err = err ++ return + } ++ b.bnToFree = append(b.bnToFree, bnParam{bn, private}) ++ b.addBN(name, bn) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/pbkdf2.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/pbkdf2.go +new file mode 100644 +index 00000000000000..b050953aad4581 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/pbkdf2.go +@@ -0,0 +1,55 @@ ++//go:build !cmd_go_bootstrap + -+ msg := bytesToCFData(ciphertext) ++package openssl + -+ var decryptedDataRef C.CFDataRef -+ var cfErr C.CFErrorRef -+ result := withKey(func(key C.SecKeyRef) C.int { -+ if C.SecKeyIsAlgorithmSupported(key, C.kSecKeyOperationTypeDecrypt, algorithm) != 1 { -+ return -1 // Algorithm not supported by the key -+ } -+ decryptedDataRef = C.SecKeyCreateDecryptedData(key, algorithm, msg, &cfErr) -+ if decryptedDataRef == 0 { -+ return -1 // Decryption failed -+ } -+ return 0 // Success -+ }) ++import "C" ++import ( ++ "errors" ++ "hash" ++ "sync" + -+ if err := goCFErrorRef(cfErr); err != nil { -+ return nil, err -+ } ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+ if result != 0 || decryptedDataRef == 0 { -+ return nil, errors.New("decryption failed") ++// SupportsPBKDF2 reports whether the current OpenSSL version supports PBKDF2. ++func SupportsPBKDF2() bool { ++ switch vMajor { ++ case 1: ++ return true ++ case 3: ++ _, err := fetchPBKDF2() ++ return err == nil ++ default: ++ panic(errUnsupportedVersion()) + } -+ defer cfRelease(unsafe.Pointer(decryptedDataRef)) -+ -+ return cfDataToBytes(decryptedDataRef), nil +} + -+func evpSign(withKey withKeyFunc, algorithmType algorithmType, hash crypto.Hash, hashed []byte) ([]byte, error) { -+ algorithm, err := selectAlgorithm(hash, algorithmType) ++// fetchPBKDF2 fetches the PBKDF2 algorithm. ++// It is safe to call this function concurrently. ++// The returned EVP_KDF_PTR shouldn't be freed. ++var fetchPBKDF2 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { ++ checkMajorVersion(3) ++ ++ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_PBKDF2.ptr(), nil) + if err != nil { + return nil, err + } ++ return kdf, nil ++}) + -+ var signedDataRef C.CFDataRef -+ var cfErr C.CFErrorRef -+ result := withKey(func(key C.SecKeyRef) C.int { -+ if C.SecKeyIsAlgorithmSupported(key, C.kSecKeyOperationTypeSign, algorithm) != 1 { -+ return -1 // Algorithm not supported by the key -+ } -+ signedDataRef = C.SecKeyCreateSignature(key, algorithm, bytesToCFData(hashed), &cfErr) -+ if signedDataRef == 0 { -+ return -1 // Signing failed -+ } -+ return 0 // Success -+ }) -+ -+ if err := goCFErrorRef(cfErr); err != nil { ++func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { ++ h, err := hashFuncHash(fh) ++ if err != nil { + return nil, err + } -+ -+ if result != 0 || signedDataRef == 0 { -+ return nil, errors.New("signing failed") ++ md := hashToMD(h) ++ if md == nil { ++ return nil, errors.New("unsupported hash function") + } -+ defer cfRelease(unsafe.Pointer(signedDataRef)) -+ -+ return cfDataToBytes(signedDataRef), nil -+} -+ -+func evpVerify(withKey withKeyFunc, algorithmType algorithmType, hash crypto.Hash, hashed, signature []byte) error { -+ algorithm, err := selectAlgorithm(hash, algorithmType) ++ out := make([]byte, keyLen) ++ _, err = ossl.PKCS5_PBKDF2_HMAC(base(password), int32(len(password)), base(salt), int32(len(salt)), int32(iter), md, int32(keyLen), base(out)) + if err != nil { -+ return err ++ return nil, err + } ++ return out, nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/provideropenssl.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/provideropenssl.go +new file mode 100644 +index 00000000000000..35a98044ac2e65 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/provideropenssl.go +@@ -0,0 +1,239 @@ ++//go:build !cmd_go_bootstrap && cgo + -+ var cfErr C.CFErrorRef -+ result := withKey(func(key C.SecKeyRef) C.int { -+ if C.SecKeyIsAlgorithmSupported(key, C.kSecKeyOperationTypeVerify, algorithm) != 1 { -+ return -1 // Algorithm not supported by the key -+ } -+ if C.SecKeyVerifySignature(key, algorithm, bytesToCFData(hashed), bytesToCFData(signature), &cfErr) != 1 { -+ return -1 // Verification failed -+ } -+ return 0 // Success -+ }) ++package openssl + -+ if err := goCFErrorRef(cfErr); err != nil { -+ return err -+ } ++import ( ++ "crypto" ++ "errors" ++ "unsafe" + -+ if result != 0 { -+ return errors.New("verification failed") -+ } ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) ++ ++// This file contains code specific to the built-in OpenSSL providers. ++ ++// _OSSL_MD5_CTX layout is taken from ++// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/md5.h#L33. ++type _OSSL_MD5_CTX struct { ++ h [4]uint32 ++ nl, nh uint32 ++ x [64]byte ++ nx uint32 ++} ++ ++func (d *_OSSL_MD5_CTX) UnmarshalBinary(b []byte) error { ++ b, d.h[0] = consumeUint32(b) ++ b, d.h[1] = consumeUint32(b) ++ b, d.h[2] = consumeUint32(b) ++ b, d.h[3] = consumeUint32(b) ++ b = b[copy(d.x[:], b):] ++ _, n := consumeUint64(b) ++ d.nl = uint32(n << 3) ++ d.nh = uint32(n >> 29) ++ d.nx = uint32(n) % 64 + return nil +} + -+// hashToCryptoHash converts a hash.Hash to a crypto.Hash. -+func hashToCryptoHash(hash hash.Hash) (crypto.Hash, error) { -+ switch hash.(type) { -+ case cryptokit.SHA1Hash: -+ return crypto.SHA1, nil -+ case cryptokit.SHA256Hash: -+ return crypto.SHA256, nil -+ case cryptokit.SHA384Hash: -+ return crypto.SHA384, nil -+ case cryptokit.SHA512Hash: -+ return crypto.SHA512, nil -+ default: -+ return 0, errors.New("unsupported hash function") -+ } ++func (d *_OSSL_MD5_CTX) AppendBinary(buf []byte) ([]byte, error) { ++ buf = appendUint32(buf, d.h[0]) ++ buf = appendUint32(buf, d.h[1]) ++ buf = appendUint32(buf, d.h[2]) ++ buf = appendUint32(buf, d.h[3]) ++ buf = append(buf, d.x[:d.nx]...) ++ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) ++ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) ++ return buf, nil +} + -+// selectAlgorithm selects the appropriate SecKeyAlgorithm based on hash and algorithm type. -+func selectAlgorithm(hash crypto.Hash, algorithmType algorithmType) (C.CFStringRef, error) { -+ var algo C.CFStringRef -+ switch algorithmType { -+ case algorithmTypePSS: -+ switch hash { -+ case crypto.SHA1: -+ algo = C.kSecKeyAlgorithmRSASignatureDigestPSSSHA1 -+ case crypto.SHA224: -+ algo = C.kSecKeyAlgorithmRSASignatureDigestPSSSHA224 -+ case crypto.SHA256: -+ algo = C.kSecKeyAlgorithmRSASignatureDigestPSSSHA256 -+ case crypto.SHA384: -+ algo = C.kSecKeyAlgorithmRSASignatureDigestPSSSHA384 -+ case crypto.SHA512: -+ algo = C.kSecKeyAlgorithmRSASignatureDigestPSSSHA512 -+ default: -+ return 0, errors.New("unsupported PSS hash: " + hash.String()) -+ } -+ case algorithmTypeRAW: -+ algo = C.kSecKeyAlgorithmRSAEncryptionRaw -+ case algorithmTypePKCS1v15Enc: -+ return C.kSecKeyAlgorithmRSAEncryptionPKCS1, nil -+ case algorithmTypePKCS1v15Sig: -+ switch hash { -+ case crypto.SHA1: -+ algo = C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 -+ case crypto.SHA224: -+ algo = C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 -+ case crypto.SHA256: -+ algo = C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 -+ case crypto.SHA384: -+ algo = C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 -+ case crypto.SHA512: -+ algo = C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 -+ case 0: -+ algo = C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw -+ default: -+ return 0, errors.New("unsupported PKCS1v15 hash: " + hash.String()) -+ } -+ case algorithmTypeOAEP: -+ switch hash { -+ case crypto.SHA1: -+ algo = C.kSecKeyAlgorithmRSAEncryptionOAEPSHA1 -+ case crypto.SHA224: -+ algo = C.kSecKeyAlgorithmRSAEncryptionOAEPSHA224 -+ case crypto.SHA256: -+ algo = C.kSecKeyAlgorithmRSAEncryptionOAEPSHA256 -+ case crypto.SHA384: -+ algo = C.kSecKeyAlgorithmRSAEncryptionOAEPSHA384 -+ case crypto.SHA512: -+ algo = C.kSecKeyAlgorithmRSAEncryptionOAEPSHA512 -+ default: -+ return 0, errors.New("unsupported OAEP hash: " + hash.String()) -+ } -+ case algorithmTypeECDSA: -+ return C.kSecKeyAlgorithmECDSASignatureDigestX962, nil -+ default: -+ return 0, errors.New("unsupported algorithm type: " + strconv.Itoa(int(algorithmType))) -+ } -+ return algo, nil ++// _OSSL_SHA_CTX layout is taken from ++// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L34. ++type _OSSL_SHA_CTX struct { ++ h [5]uint32 ++ nl, nh uint32 ++ x [64]byte ++ nx uint32 ++} ++ ++func (d *_OSSL_SHA_CTX) UnmarshalBinary(b []byte) error { ++ b, d.h[0] = consumeUint32(b) ++ b, d.h[1] = consumeUint32(b) ++ b, d.h[2] = consumeUint32(b) ++ b, d.h[3] = consumeUint32(b) ++ b, d.h[4] = consumeUint32(b) ++ b = b[copy(d.x[:], b):] ++ _, n := consumeUint64(b) ++ d.nl = uint32(n << 3) ++ d.nh = uint32(n >> 29) ++ d.nx = uint32(n) % 64 ++ return nil +} + -+// bytesToCFData turns a byte slice into a CFDataRef. Caller then "owns" the -+// CFDataRef and must CFRelease the CFDataRef when done. -+func bytesToCFData(buf []byte) C.CFDataRef { -+ return C.CFDataCreate(C.kCFAllocatorDefault, base(buf), C.CFIndex(len(buf))) ++func (d *_OSSL_SHA_CTX) AppendBinary(buf []byte) ([]byte, error) { ++ buf = appendUint32(buf, d.h[0]) ++ buf = appendUint32(buf, d.h[1]) ++ buf = appendUint32(buf, d.h[2]) ++ buf = appendUint32(buf, d.h[3]) ++ buf = appendUint32(buf, d.h[4]) ++ buf = append(buf, d.x[:d.nx]...) ++ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) ++ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) ++ return buf, nil +} + -+// cfDataToBytes turns a CFDataRef into a byte slice. -+func cfDataToBytes(cfData C.CFDataRef) []byte { -+ return C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(cfData)), C.int(C.CFDataGetLength(cfData))) ++// _OSSL_SHA256_CTX layout is taken from ++// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L51. ++type _OSSL_SHA256_CTX struct { ++ h [8]uint32 ++ nl, nh uint32 ++ x [64]byte ++ nx uint32 +} + -+// cfRelease releases a CoreFoundation object. -+func cfRelease(ref unsafe.Pointer) { -+ C.CFRelease(C.CFTypeRef(ref)) ++func (d *_OSSL_SHA256_CTX) UnmarshalBinary(b []byte) error { ++ b, d.h[0] = consumeUint32(b) ++ b, d.h[1] = consumeUint32(b) ++ b, d.h[2] = consumeUint32(b) ++ b, d.h[3] = consumeUint32(b) ++ b, d.h[4] = consumeUint32(b) ++ b, d.h[5] = consumeUint32(b) ++ b, d.h[6] = consumeUint32(b) ++ b, d.h[7] = consumeUint32(b) ++ b = b[copy(d.x[:], b):] ++ _, n := consumeUint64(b) ++ d.nl = uint32(n << 3) ++ d.nh = uint32(n >> 29) ++ d.nx = uint32(n) % 64 ++ return nil +} + -+// createSecKeyWithData creates a SecKey from the provided encoded key and attributes dictionary. -+func createSecKeyWithData(encodedKey []byte, keyType, keyClass C.CFStringRef) (C.SecKeyRef, error) { -+ encodedKeyCF := C.CFDataCreate(C.kCFAllocatorDefault, base(encodedKey), C.CFIndex(len(encodedKey))) -+ if encodedKeyCF == 0 { -+ return 0, errors.New("xcrypto: failed to create CFData for private key") -+ } -+ defer C.CFRelease(C.CFTypeRef(encodedKeyCF)) -+ -+ attrKeys := []C.CFTypeRef{ -+ C.CFTypeRef(C.kSecAttrKeyType), -+ C.CFTypeRef(C.kSecAttrKeyClass), -+ } ++func (d *_OSSL_SHA256_CTX) AppendBinary(buf []byte) ([]byte, error) { ++ buf = appendUint32(buf, d.h[0]) ++ buf = appendUint32(buf, d.h[1]) ++ buf = appendUint32(buf, d.h[2]) ++ buf = appendUint32(buf, d.h[3]) ++ buf = appendUint32(buf, d.h[4]) ++ buf = appendUint32(buf, d.h[5]) ++ buf = appendUint32(buf, d.h[6]) ++ buf = appendUint32(buf, d.h[7]) ++ buf = append(buf, d.x[:d.nx]...) ++ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) ++ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) ++ return buf, nil ++} + -+ attrValues := []C.CFTypeRef{ -+ C.CFTypeRef(keyType), -+ C.CFTypeRef(keyClass), -+ } ++// _OSSL_SHA512_CTX layout is taken from ++// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L95. ++type _OSSL_SHA512_CTX struct { ++ h [8]uint64 ++ nl, nh uint64 ++ x [128]byte ++ nx uint32 ++} + -+ // Create attributes dictionary for the key -+ attrDict := C.CFDictionaryCreate( -+ C.kCFAllocatorDefault, -+ (*unsafe.Pointer)(unsafe.Pointer(&attrKeys[0])), -+ (*unsafe.Pointer)(unsafe.Pointer(&attrValues[0])), -+ C.CFIndex(len(attrKeys)), -+ nil, -+ nil, -+ ) -+ if attrDict == 0 { -+ return 0, errors.New("xcrypto: failed to create attributes dictionary") -+ } -+ defer C.CFRelease(C.CFTypeRef(attrDict)) ++func (d *_OSSL_SHA512_CTX) UnmarshalBinary(b []byte) error { ++ b, d.h[0] = consumeUint64(b) ++ b, d.h[1] = consumeUint64(b) ++ b, d.h[2] = consumeUint64(b) ++ b, d.h[3] = consumeUint64(b) ++ b, d.h[4] = consumeUint64(b) ++ b, d.h[5] = consumeUint64(b) ++ b, d.h[6] = consumeUint64(b) ++ b, d.h[7] = consumeUint64(b) ++ b = b[copy(d.x[:], b):] ++ _, n := consumeUint64(b) ++ d.nl = n << 3 ++ d.nh = n >> 61 ++ d.nx = uint32(n) % 128 ++ return nil ++} + -+ // Generate the SecKey -+ var errorRef C.CFErrorRef -+ key := C.SecKeyCreateWithData(encodedKeyCF, attrDict, &errorRef) -+ if err := goCFErrorRef(errorRef); err != nil { -+ return 0, err -+ } -+ return key, nil ++func (d *_OSSL_SHA512_CTX) AppendBinary(buf []byte) ([]byte, error) { ++ buf = appendUint64(buf, d.h[0]) ++ buf = appendUint64(buf, d.h[1]) ++ buf = appendUint64(buf, d.h[2]) ++ buf = appendUint64(buf, d.h[3]) ++ buf = appendUint64(buf, d.h[4]) ++ buf = appendUint64(buf, d.h[5]) ++ buf = appendUint64(buf, d.h[6]) ++ buf = appendUint64(buf, d.h[7]) ++ buf = append(buf, d.x[:d.nx]...) ++ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) ++ buf = appendUint64(buf, d.nl>>3|d.nh<<61) ++ return buf, nil +} + -+// createSecKeyRandom creates a new SecKey with the provided attributes dictionary. -+func createSecKeyRandom(keyType C.CFStringRef, keySize int) ([]byte, C.SecKeyRef, error) { -+ keyAttrs := C.CFDictionaryCreateMutable(C.kCFAllocatorDefault, 0, nil, nil) -+ if keyAttrs == 0 { -+ return nil, 0, errors.New("failed to create key attributes dictionary") ++func getOSSLDigetsContext(ctx ossl.EVP_MD_CTX_PTR) unsafe.Pointer { ++ switch vMajor { ++ case 1: ++ // https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/crypto/evp/evp_local.h#L12. ++ type mdCtx struct { ++ _ [2]unsafe.Pointer ++ _ uint32 ++ md_data unsafe.Pointer ++ } ++ return (*mdCtx)(unsafe.Pointer(ctx)).md_data ++ case 3: ++ // The EVP_MD_CTX memory layout has changed in OpenSSL 3 ++ // and the property holding the internal structure is no longer md_data but algctx. ++ // https://github.com/openssl/openssl/blob/5675a5aaf6a2e489022bcfc18330dae9263e598e/crypto/evp/evp_local.h#L16. ++ type mdCtx struct { ++ _ [3]unsafe.Pointer ++ _ uint32 ++ _ [3]unsafe.Pointer ++ algctx unsafe.Pointer ++ } ++ return (*mdCtx)(unsafe.Pointer(ctx)).algctx ++ default: ++ panic(errUnsupportedVersion()) + } -+ defer C.CFRelease(C.CFTypeRef(keyAttrs)) -+ -+ C.CFDictionarySetValue( -+ keyAttrs, -+ unsafe.Pointer(C.kSecAttrKeyType), -+ unsafe.Pointer(keyType), -+ ) -+ -+ C.CFDictionarySetValue( -+ keyAttrs, -+ unsafe.Pointer(C.kSecAttrKeySizeInBits), -+ unsafe.Pointer(C.CFNumberCreate(C.kCFAllocatorDefault, C.kCFNumberIntType, unsafe.Pointer(&keySize))), -+ ) ++} + -+ // Generate the private key -+ var errorRef C.CFErrorRef -+ var privKeyRef C.SecKeyRef = C.SecKeyCreateRandomKey(C.CFDictionaryRef(keyAttrs), &errorRef) -+ if err := goCFErrorRef(errorRef); err != nil { -+ return nil, 0, err -+ } ++var errHashStateInvalid = errors.New("openssl: can't retrieve hash state") + -+ // Export the private key as DER -+ privData := C.SecKeyCopyExternalRepresentation(privKeyRef, &errorRef) -+ if err := goCFErrorRef(errorRef); err != nil { -+ return nil, 0, err ++func osslHashAppendBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, buf []byte) ([]byte, error) { ++ algctx := getOSSLDigetsContext(ctx) ++ if algctx == nil { ++ return nil, errHashStateInvalid + } -+ defer C.CFRelease(C.CFTypeRef(privData)) -+ -+ privKeyDER := cfDataToBytes(privData) -+ if privKeyDER == nil { -+ return nil, 0, errors.New("failed to convert CFData to bytes") ++ buf = append(buf, magic...) ++ switch ch { ++ case crypto.MD5: ++ d := (*_OSSL_MD5_CTX)(unsafe.Pointer(algctx)) ++ return d.AppendBinary(buf) ++ case crypto.SHA1: ++ d := (*_OSSL_SHA_CTX)(unsafe.Pointer(algctx)) ++ return d.AppendBinary(buf) ++ case crypto.SHA224, crypto.SHA256: ++ d := (*_OSSL_SHA256_CTX)(unsafe.Pointer(algctx)) ++ return d.AppendBinary(buf) ++ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: ++ d := (*_OSSL_SHA512_CTX)(unsafe.Pointer(algctx)) ++ return d.AppendBinary(buf) ++ default: ++ panic("unsupported hash " + ch.String()) + } -+ return privKeyDER, privKeyRef, nil +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go -new file mode 100644 -index 00000000000000..b03a3ca13bdc7f ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go -@@ -0,0 +1,68 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin && cgo + -+package xcrypto -+ -+import ( -+ "crypto" -+ "hash" -+ -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) -+ -+// SupportsHash returns true if a hash.Hash implementation is supported for h. -+func SupportsHash(h crypto.Hash) bool { -+ switch h { -+ case crypto.MD5, crypto.SHA1, crypto.SHA256, crypto.SHA384, crypto.SHA512: -+ return true ++func osslHashUnmarshalBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, b []byte) error { ++ algctx := getOSSLDigetsContext(ctx) ++ if algctx == nil { ++ return errHashStateInvalid ++ } ++ b = b[len(magic):] ++ switch ch { ++ case crypto.MD5: ++ d := (*_OSSL_MD5_CTX)(unsafe.Pointer(algctx)) ++ return d.UnmarshalBinary(b) ++ case crypto.SHA1: ++ d := (*_OSSL_SHA_CTX)(unsafe.Pointer(algctx)) ++ return d.UnmarshalBinary(b) ++ case crypto.SHA224, crypto.SHA256: ++ d := (*_OSSL_SHA256_CTX)(unsafe.Pointer(algctx)) ++ return d.UnmarshalBinary(b) ++ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: ++ d := (*_OSSL_SHA512_CTX)(unsafe.Pointer(algctx)) ++ return d.UnmarshalBinary(b) + default: -+ return false ++ panic("unsupported hash " + ch.String()) + } +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/providersymcrypt.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/providersymcrypt.go +new file mode 100644 +index 00000000000000..b52e4ecfd8d5fd +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/providersymcrypt.go +@@ -0,0 +1,338 @@ ++//go:build !cmd_go_bootstrap && cgo + -+func MD5(p []byte) (sum [16]byte) { -+ return cryptokit.MD5(p) -+} ++package openssl + -+func SHA1(p []byte) (sum [20]byte) { -+ return cryptokit.SHA1(p) -+} ++import ( ++ "crypto" ++ "errors" ++ "runtime" ++ "unsafe" + -+func SHA256(p []byte) (sum [32]byte) { -+ return cryptokit.SHA256(p) -+} ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+func SHA384(p []byte) (sum [48]byte) { -+ return cryptokit.SHA384(p) -+} ++// This file contains code specific to the SymCrypt provider. + -+func SHA512(p []byte) (sum [64]byte) { -+ return cryptokit.SHA512(p) -+} ++const ( ++ _SCOSSL_DIGEST_PARAM_STATE cString = "state\x00" ++ _SCOSSL_DIGEST_PARAM_RECOMPUTE_CHECKSUM cString = "recompute_checksum\x00" ++) + -+// NewMD5 initializes a new MD5 hasher. -+func NewMD5() hash.Hash { -+ return cryptokit.NewMD5() -+} ++const ( ++ _SYMCRYPT_BLOB_MAGIC = 0x636D7973 // "cysm" in little-endian + -+// NewSHA1 initializes a new SHA1 hasher. -+func NewSHA1() hash.Hash { -+ return cryptokit.NewSHA1() -+} ++ _SymCryptBlobTypeHashState = 0x100 ++ _SymCryptBlobTypeMd2State = _SymCryptBlobTypeHashState + 1 ++ _SymCryptBlobTypeMd4State = _SymCryptBlobTypeHashState + 2 ++ _SymCryptBlobTypeMd5State = _SymCryptBlobTypeHashState + 3 ++ _SymCryptBlobTypeSha1State = _SymCryptBlobTypeHashState + 4 ++ _SymCryptBlobTypeSha256State = _SymCryptBlobTypeHashState + 5 ++ _SymCryptBlobTypeSha384State = _SymCryptBlobTypeHashState + 6 ++ _SymCryptBlobTypeSha512State = _SymCryptBlobTypeHashState + 7 ++ _SymCryptBlobTypeSha3_256State = _SymCryptBlobTypeHashState + 8 ++ _SymCryptBlobTypeSha3_384State = _SymCryptBlobTypeHashState + 9 ++ _SymCryptBlobTypeSha3_512State = _SymCryptBlobTypeHashState + 10 ++ _SymCryptBlobTypeSha224State = _SymCryptBlobTypeHashState + 11 ++ _SymCryptBlobTypeSha512_224State = _SymCryptBlobTypeHashState + 12 ++ _SymCryptBlobTypeSha512_256State = _SymCryptBlobTypeHashState + 13 ++ _SymCryptBlobTypeSha3_224State = _SymCryptBlobTypeHashState + 14 + -+// NewSHA256 initializes a new SHA256 hasher. -+func NewSHA256() hash.Hash { -+ return cryptokit.NewSHA256() -+} ++ _SYMCRYPT_MD5_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_MD5_STATE_EXPORT_BLOB{})) ++ _SYMCRYPT_SHA1_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_SHA1_STATE_EXPORT_BLOB{})) ++ _SYMCRYPT_SHA256_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_SHA256_STATE_EXPORT_BLOB{})) ++ _SYMCRYPT_SHA512_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_SHA512_STATE_EXPORT_BLOB{})) ++) + -+// NewSHA384 initializes a new SHA384 hasher. -+func NewSHA384() hash.Hash { -+ return cryptokit.NewSHA384() ++type _SYMCRYPT_BLOB_HEADER struct { ++ magic uint32 ++ size uint32 ++ _type uint32 +} + -+// NewSHA512 initializes a new SHA512 hasher. -+func NewSHA512() hash.Hash { -+ return cryptokit.NewSHA512() ++type _SYMCRYPT_BLOB_TRAILER struct { ++ checksum [8]uint8 +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go -new file mode 100644 -index 00000000000000..3cc2d5d31927e0 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go -@@ -0,0 +1,66 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin && cgo -+ -+package xcrypto -+ -+import ( -+ "errors" -+ "hash" + -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) -+ -+// ExtractHKDF performs the extract step of HKDF using the specified hash function. -+func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { -+ // Handle empty secret -+ if len(secret) == 0 { -+ return nil, errors.New("secret cannot be empty") -+ } ++// _UINT64 is a 64-bit unsigned integer, stored in native endianess. ++// It is used to represent a SymCrypt UINT64 type without making the ++// parent struct 8-byte aligned, given that the Windows ABI makes ++// the struct 4-byte aligned. ++type _UINT64 [2]uint32 + -+ hash, err := hashToCryptoHash(h()) -+ if err != nil { -+ return nil, err ++func newUINT64(v uint64) _UINT64 { ++ var u _UINT64 ++ if isBigEndian { ++ u[0], u[1] = uint32(v>>32), uint32(v) ++ } else { ++ u[0], u[1] = uint32(v), uint32(v>>32) + } ++ return u ++} + -+ // Default salt to a zero-filled array if not provided -+ if len(salt) == 0 { -+ salt = make([]byte, hash.Size()) ++func (u *_UINT64) uint64() uint64 { ++ if isBigEndian { ++ return uint64(u[0])<<32 | (uint64(u[1])) + } ++ return uint64(u[0]) | (uint64(u[1]) << 32) ++} + -+ prk, err := cryptokit.ExtractHKDF(hash, secret, salt) -+ if err != nil { -+ return nil, err ++// symCryptAppendBinary appends the binary representation of a SymCrypt state ++// to the given destination slice. ++func symCryptAppendBinary(dst, chain, buffer []byte, blength _UINT64) []byte { ++ length := blength.uint64() ++ var nx uint64 ++ if len(buffer) <= 64 { ++ nx = length & 0x3f ++ } else { ++ nx = length & 0x7f + } -+ -+ return prk, nil ++ dst = append(dst, chain...) ++ dst = append(dst, buffer[:nx]...) ++ dst = append(dst, make([]byte, len(buffer)-int(nx))...) ++ dst = appendUint64(dst, length) ++ return dst +} + -+// ExpandHKDF performs the expand step of HKDF using the specified hash function. -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { -+ // Handle empty secret -+ if len(pseudorandomKey) == 0 { -+ return nil, errors.New("pseudorandom key cannot be empty") -+ } ++// symCryptUnmarshalBinary unmarshals the binary representation of a SymCrypt state ++// from the given source slice. It returns the length of the data. ++func symCryptUnmarshalBinary(d []byte, chain, buffer []byte) _UINT64 { ++ copy(chain[:], d) ++ d = d[len(chain):] ++ copy(buffer[:], d) ++ d = d[len(buffer):] ++ _, length := consumeUint64(d) ++ return newUINT64(length) ++} + -+ hash, err := hashToCryptoHash(h()) -+ if err != nil { -+ return nil, err ++// swapEndianessUint32 swaps the endianness of the given byte slice ++// in place. It assumes the slice is a backup of a 32-bit integer array. ++func swapEndianessUint32(d []uint8) { ++ for i := 0; i < len(d); i += 4 { ++ d[i], d[i+3] = d[i+3], d[i] ++ d[i+1], d[i+2] = d[i+2], d[i+1] + } + -+ // Determine the maximum expandable key length based on the hash function -+ maxAllowedLength := hash.Size() * 255 -+ -+ // Validate requested key length -+ if keyLength > maxAllowedLength { -+ return nil, errors.New("requested key length exceeds maximum allowable size") -+ } ++} + -+ expandedKey, err := cryptokit.ExpandHKDF(hash, pseudorandomKey, info, keyLength) -+ if err != nil { -+ return nil, err -+ } ++type _SYMCRYPT_MD5_STATE_EXPORT_BLOB struct { ++ header _SYMCRYPT_BLOB_HEADER ++ chain [16]uint8 // little endian ++ length _UINT64 // native endian ++ buffer [64]uint8 ++ _ [8]uint8 // reserved ++ _ _SYMCRYPT_BLOB_TRAILER ++} + -+ return expandedKey, nil ++func (b *_SYMCRYPT_MD5_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { ++ // b.chain is little endian, but Go expects big endian, ++ // we need to swap the bytes. ++ swapEndianessUint32(b.chain[:]) ++ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.length), nil +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go -new file mode 100644 -index 00000000000000..ceb33c5cf99ca2 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go -@@ -0,0 +1,21 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. + -+//go:build darwin ++func (b *_SYMCRYPT_MD5_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { ++ b.length = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) ++ swapEndianessUint32(b.chain[:]) ++} + -+package xcrypto ++type _SYMCRYPT_SHA1_STATE_EXPORT_BLOB struct { ++ header _SYMCRYPT_BLOB_HEADER ++ chain [20]uint8 // big endian ++ length _UINT64 // native endian ++ buffer [64]uint8 ++ _ [8]uint8 // reserved ++ _ _SYMCRYPT_BLOB_TRAILER ++} + -+import "C" -+import ( -+ "hash" ++func (b *_SYMCRYPT_SHA1_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { ++ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.length), nil ++} + -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) ++func (b *_SYMCRYPT_SHA1_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { ++ b.length = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) ++} + -+// NewHMAC returns a new HMAC using xcrypto. -+// The function h must return a hash implemented by -+// CommonCrypto (for example, h could be xcrypto.NewSHA256). -+// If h is not recognized, NewHMAC returns nil. -+func NewHMAC(fh func() hash.Hash, key []byte) hash.Hash { -+ return cryptokit.NewHMAC(fh, key) ++type _SYMCRYPT_SHA256_STATE_EXPORT_BLOB struct { ++ header _SYMCRYPT_BLOB_HEADER ++ chain [32]uint8 // big endian ++ length _UINT64 // native endian ++ buffer [64]uint8 ++ _ [8]uint8 // reserved ++ _ _SYMCRYPT_BLOB_TRAILER ++} ++ ++func (b *_SYMCRYPT_SHA256_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { ++ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.length), nil +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go -new file mode 100644 -index 00000000000000..1f1b25d36981c3 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go -@@ -0,0 +1,65 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. + -+//go:build darwin ++func (b *_SYMCRYPT_SHA256_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { ++ b.length = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) ++} + -+package xcrypto ++type _SYMCRYPT_SHA512_STATE_EXPORT_BLOB struct { ++ header _SYMCRYPT_BLOB_HEADER ++ chain [64]uint8 // big endian ++ lengthL _UINT64 // native endian ++ lengthH _UINT64 // native endian ++ buffer [128]uint8 ++ _ [8]uint8 // reserved ++ _ _SYMCRYPT_BLOB_TRAILER ++} + -+// #include -+import "C" -+import ( -+ "errors" -+ "hash" -+ "unsafe" ++func (b *_SYMCRYPT_SHA512_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { ++ if b.lengthH.uint64() != 0 { ++ return nil, errors.New("exporting state with more than 2^63-1 bytes of data is not supported") ++ } ++ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.lengthL), nil ++} + -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) ++func (b *_SYMCRYPT_SHA512_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { ++ b.lengthL = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) ++} + -+func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { -+ // Map Go hash function to CommonCrypto hash constant -+ ccDigest, err := hashToCCDigestPBKDF2(fh()) -+ if err != nil { ++func symCryptHashAppendBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, buf []byte) ([]byte, error) { ++ size, typ := symCryptHashStateInfo(ch) ++ state := make([]byte, size, _SYMCRYPT_SHA512_STATE_EXPORT_SIZE) // 512 is the largest size ++ var pinner runtime.Pinner ++ pinner.Pin(&state[0]) ++ defer pinner.Unpin() ++ params := [2]ossl.OSSL_PARAM{ ++ ossl.OSSL_PARAM_construct_octet_string(_SCOSSL_DIGEST_PARAM_STATE.ptr(), unsafe.Pointer(&state[0]), len(state)), ++ ossl.OSSL_PARAM_construct_end(), ++ } ++ if _, err := ossl.EVP_MD_CTX_get_params(ctx, (ossl.OSSL_PARAM_PTR)(unsafe.Pointer(¶ms[0]))); err != nil { + return nil, err + } -+ -+ if len(password) == 0 { -+ // CommonCrypto requires a non-empty password -+ // Substitute empty password with placeholder -+ password = make([]byte, 1) ++ if !ossl.OSSL_PARAM_modified(¶ms[0]) { ++ return nil, errors.New("EVP_MD_CTX_get_params did not retrieve the state") + } + -+ // Allocate output buffer for the derived key -+ derivedKey := make([]byte, keyLen) -+ -+ // Call CommonCrypto's PBKDF2 implementation -+ status := C.CCKeyDerivationPBKDF( -+ C.kCCPBKDF2, // PBKDF2 algorithm -+ sbase(password), C.size_t(len(password)), // Password and its length -+ base(salt), C.size_t(len(salt)), // Salt and its length -+ ccDigest, // Digest algorithm -+ C.uint(iter), // Iteration count -+ (*C.uchar)(unsafe.Pointer(&derivedKey[0])), C.size_t(keyLen), // Output buffer for derived key and its length -+ ) ++ header := (*_SYMCRYPT_BLOB_HEADER)(unsafe.Pointer(&state[0])) ++ if header.magic != _SYMCRYPT_BLOB_MAGIC { ++ return nil, errors.New("invalid blob magic") ++ } ++ if header.size != size { ++ return nil, errors.New("invalid blob size") ++ } ++ if header._type != typ { ++ return nil, errors.New("invalid blob type") ++ } + -+ if status != C.kCCSuccess { -+ return nil, errors.New("PBKDF2 key derivation failed") ++ buf = append(buf, magic...) ++ switch ch { ++ case crypto.MD5: ++ blob := (*_SYMCRYPT_MD5_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) ++ return blob.appendBinary(buf) ++ case crypto.SHA1: ++ blob := (*_SYMCRYPT_SHA1_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) ++ return blob.appendBinary(buf) ++ case crypto.SHA224, crypto.SHA256: ++ blob := (*_SYMCRYPT_SHA256_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) ++ return blob.appendBinary(buf) ++ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: ++ blob := (*_SYMCRYPT_SHA512_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) ++ return blob.appendBinary(buf) ++ default: ++ panic("unsupported hash " + ch.String()) + } ++} + -+ return derivedKey, nil ++func symCryptHashUnmarshalBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, b []byte) error { ++ size, typ := symCryptHashStateInfo(ch) ++ hdr := _SYMCRYPT_BLOB_HEADER{ ++ magic: _SYMCRYPT_BLOB_MAGIC, ++ size: size, ++ _type: typ, ++ } ++ var blobPtr unsafe.Pointer ++ b = b[len(magic):] ++ switch ch { ++ case crypto.MD5: ++ var blob _SYMCRYPT_MD5_STATE_EXPORT_BLOB ++ blobPtr = unsafe.Pointer(&blob) ++ blob.header = hdr ++ blob.unmarshalBinary(b) ++ case crypto.SHA1: ++ var blob _SYMCRYPT_SHA1_STATE_EXPORT_BLOB ++ blobPtr = unsafe.Pointer(&blob) ++ blob.header = hdr ++ blob.unmarshalBinary(b) ++ case crypto.SHA224, crypto.SHA256: ++ var blob _SYMCRYPT_SHA256_STATE_EXPORT_BLOB ++ blobPtr = unsafe.Pointer(&blob) ++ blob.header = hdr ++ blob.unmarshalBinary(b) ++ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: ++ var blob _SYMCRYPT_SHA512_STATE_EXPORT_BLOB ++ blobPtr = unsafe.Pointer(&blob) ++ blob.header = hdr ++ blob.unmarshalBinary(b) ++ default: ++ panic("unsupported hash " + ch.String()) ++ } ++ var checksum int32 = 1 ++ var pinner runtime.Pinner ++ pinner.Pin(blobPtr) ++ pinner.Pin(&checksum) ++ defer pinner.Unpin() ++ params := [3]ossl.OSSL_PARAM{ ++ ossl.OSSL_PARAM_construct_octet_string(_SCOSSL_DIGEST_PARAM_STATE.ptr(), blobPtr, int(hdr.size)), ++ ossl.OSSL_PARAM_construct_int32(_SCOSSL_DIGEST_PARAM_RECOMPUTE_CHECKSUM.ptr(), &checksum), ++ ossl.OSSL_PARAM_construct_end(), ++ } ++ _, err := ossl.EVP_MD_CTX_set_params(ctx, (ossl.OSSL_PARAM_PTR)(unsafe.Pointer(¶ms[0]))) ++ return err +} + -+// Mapping Go hash functions to CommonCrypto hash constants -+func hashToCCDigestPBKDF2(hash hash.Hash) (C.CCAlgorithm, error) { -+ switch hash.(type) { -+ case cryptokit.SHA1Hash: -+ return C.kCCPRFHmacAlgSHA1, nil -+ case cryptokit.SHA256Hash: -+ return C.kCCPRFHmacAlgSHA256, nil -+ case cryptokit.SHA384Hash: -+ return C.kCCPRFHmacAlgSHA384, nil -+ case cryptokit.SHA512Hash: -+ return C.kCCPRFHmacAlgSHA512, nil ++func symCryptHashStateInfo(ch crypto.Hash) (size, typ uint32) { ++ switch ch { ++ case crypto.MD5: ++ return _SYMCRYPT_MD5_STATE_EXPORT_SIZE, _SymCryptBlobTypeMd5State ++ case crypto.SHA1: ++ return _SYMCRYPT_SHA1_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha1State ++ case crypto.SHA224: ++ return _SYMCRYPT_SHA256_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha224State ++ case crypto.SHA256: ++ return _SYMCRYPT_SHA256_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha256State ++ case crypto.SHA384: ++ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha384State ++ case crypto.SHA512_224: ++ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha512_224State ++ case crypto.SHA512_256: ++ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha512_256State ++ case crypto.SHA512: ++ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha512State + default: -+ return 0, errors.New("unsupported hash function") ++ panic("unsupported hash " + ch.String()) + } +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go ++ ++// isSymCryptHashStateSerializable checks if the SymCrypt hash state is serializable. ++func isSymCryptHashStateSerializable(md ossl.EVP_MD_PTR) bool { ++ ctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ return false ++ } ++ defer ossl.EVP_MD_CTX_free(ctx) ++ if _, err := ossl.EVP_DigestInit_ex(ctx, md, nil); err != nil { ++ return false ++ } ++ params, err := ossl.EVP_MD_CTX_gettable_params(ctx) ++ if err != nil { ++ return false ++ } ++ if _, err = ossl.OSSL_PARAM_locate_const(params, _SCOSSL_DIGEST_PARAM_STATE.ptr()); err != nil { ++ return false ++ } ++ params, err = ossl.EVP_MD_CTX_settable_params(ctx) ++ if err != nil { ++ return false ++ } ++ if _, err = ossl.OSSL_PARAM_locate_const(params, _SCOSSL_DIGEST_PARAM_STATE.ptr()); err != nil { ++ return false ++ } ++ if _, err = ossl.OSSL_PARAM_locate_const(params, _SCOSSL_DIGEST_PARAM_RECOMPUTE_CHECKSUM.ptr()); err != nil { ++ return false ++ } ++ return true ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rand.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rand.go new file mode 100644 -index 00000000000000..e58c0b3b19a68b +index 00000000000000..b65ffa85f0cba5 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go -@@ -0,0 +1,26 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rand.go +@@ -0,0 +1,22 @@ ++//go:build !cmd_go_bootstrap + -+package xcrypto ++package openssl + -+// #include +import "C" -+import ( -+ "errors" -+ "unsafe" -+) ++import "github.com/microsoft/go-crypto-openssl/internal/ossl" + +type randReader int + +func (randReader) Read(b []byte) (int, error) { ++ if len(b) == 0 { ++ return 0, nil ++ } + // Note: RAND_bytes should never fail; the return value exists only for historical reasons. + // We check it even so. -+ if len(b) > 0 && C.SecRandomCopyBytes(C.kSecRandomDefault, C.size_t(len(b)), unsafe.Pointer(&b[0])) != 0 { -+ return 0, errors.New("crypto/rand: unable to read from source") ++ if _, err := ossl.RAND_bytes(base(b), int32(len(b))); err != nil { ++ return 0, err + } + return len(b), nil +} + +const RandReader = randReader(0) -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rc4.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rc4.go new file mode 100644 -index 00000000000000..e30a9e10ae3730 +index 00000000000000..1276de2124a9c4 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go -@@ -0,0 +1,83 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rc4.go +@@ -0,0 +1,69 @@ ++//go:build !cmd_go_bootstrap + -+package xcrypto ++package openssl + -+// #include +import "C" +import ( -+ "errors" + "runtime" -+ "slices" -+ "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+// RC4Cipher is an instance of RC4 using a particular key. ++// SupportsRC4 returns true if NewRC4Cipher is supported. ++func SupportsRC4() bool { ++ // True for stock OpenSSL 1 w/o FIPS. ++ // False for stock OpenSSL 3 unless the legacy provider is available. ++ return (versionAtOrAbove(3, 0, 0) || !FIPS()) && loadCipher(cipherRC4, cipherModeNone) != nil ++} ++ ++// A RC4Cipher is an instance of RC4 using a particular key. +type RC4Cipher struct { -+ ctx C.CCCryptorRef ++ ctx ossl.EVP_CIPHER_CTX_PTR +} + -+// NewRC4Cipher creates and returns a new RC4 cipher with the given key. ++// NewRC4Cipher creates and returns a new Cipher. +func NewRC4Cipher(key []byte) (*RC4Cipher, error) { -+ // Clone the key to prevent modification. -+ key = slices.Clone(key) -+ var ctx C.CCCryptorRef -+ status := C.CCCryptorCreate( -+ C.kCCEncrypt, // Operation (RC4 stream) -+ C.kCCAlgorithmRC4, // Algorithm -+ 0, // No padding or other options -+ pbase(key), // Key -+ C.size_t(len(key)), // Key length -+ nil, // No IV needed for RC4 -+ &ctx, // Output: CCCryptorRef -+ ) -+ if status != C.kCCSuccess { -+ return nil, errors.New("failed to create RC4 cipher") ++ ctx, err := newCipherCtx(cipherRC4, cipherModeNone, cipherOpEncrypt, key, nil) ++ if err != nil { ++ return nil, err + } -+ c := &RC4Cipher{ctx: ctx} ++ c := &RC4Cipher{ctx} + runtime.SetFinalizer(c, (*RC4Cipher).finalize) + return c, nil +} + -+// finalize releases the RC4 cipher context when no longer needed. +func (c *RC4Cipher) finalize() { + if c.ctx != nil { -+ C.CCCryptorRelease(c.ctx) ++ ossl.EVP_CIPHER_CTX_free(c.ctx) + } +} + -+// Reset zeros the key data and makes the cipher unusable. ++// Reset zeros the key data and makes the Cipher unusable. +func (c *RC4Cipher) Reset() { + if c.ctx != nil { -+ C.CCCryptorRelease(c.ctx) ++ ossl.EVP_CIPHER_CTX_free(c.ctx) + c.ctx = nil + } +} + +// XORKeyStream sets dst to the result of XORing src with the key stream. ++// Dst and src must overlap entirely or not at all. +func (c *RC4Cipher) XORKeyStream(dst, src []byte) { + if c.ctx == nil || len(src) == 0 { + return @@ -16480,277 +16010,646 @@ index 00000000000000..e30a9e10ae3730 + if inexactOverlap(dst[:len(src)], src) { + panic("crypto/rc4: invalid buffer overlap") + } -+ // Ensures `dst` has sufficient space. ++ // panic if len(dst) < len(src) with a runtime out of bound error, ++ // which is what crypto/rc4 does. + _ = dst[len(src)-1] -+ var outLen C.size_t -+ status := C.CCCryptorUpdate( -+ c.ctx, -+ unsafe.Pointer(&*addrNeverEmpty(src)), C.size_t(len(src)), // Input -+ unsafe.Pointer(&*addrNeverEmpty(dst)), C.size_t(len(dst)), // Output -+ &outLen, -+ ) -+ if status != C.kCCSuccess { -+ panic("crypto/cipher: CCCryptorUpdate failed") ++ var outLen int32 ++ if _, err := ossl.EVP_EncryptUpdate(c.ctx, base(dst), &outLen, base(src), int32(len(src))); err != nil { ++ panic("crypto/rc4: " + err.Error()) + } + if int(outLen) != len(src) { + panic("crypto/rc4: src not fully XORed") + } + runtime.KeepAlive(c) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go -new file mode 100644 -index 00000000000000..63df684569e671 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go -@@ -0,0 +1,194 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rsa.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rsa.go +new file mode 100644 +index 00000000000000..9731a8e2e83ac2 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rsa.go +@@ -0,0 +1,366 @@ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++import "C" ++import ( ++ "crypto" ++ "crypto/subtle" ++ "errors" ++ "hash" ++ "runtime" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) ++ ++func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { ++ bad := func(e error) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { ++ return nil, nil, nil, nil, nil, nil, nil, nil, e ++ } ++ pkey, err := generateEVPPKey(ossl.EVP_PKEY_RSA, int32(bits), "") ++ if err != nil { ++ return bad(err) ++ } ++ defer ossl.EVP_PKEY_free(pkey) ++ switch vMajor { ++ case 1: ++ key, err := ossl.EVP_PKEY_get1_RSA(pkey) ++ if err != nil { ++ return bad(err) ++ } ++ defer ossl.RSA_free(key) ++ var n, e, d, p, q, dmp1, dmq1, iqmp ossl.BIGNUM_PTR ++ ossl.RSA_get0_key(key, &n, &e, &d) ++ ossl.RSA_get0_factors(key, &p, &q) ++ ossl.RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp) ++ N, E, D = bnToBig(n), bnToBig(e), bnToBig(d) ++ P, Q = bnToBig(p), bnToBig(q) ++ Dp, Dq, Qinv = bnToBig(dmp1), bnToBig(dmq1), bnToBig(iqmp) ++ case 3: ++ tmp, err := ossl.BN_new() ++ if err != nil { ++ return bad(err) ++ } ++ defer func() { ++ ossl.BN_clear_free(tmp) ++ }() ++ setBigInt := func(bi *BigInt, param cString) bool { ++ if err != nil { ++ return false ++ } ++ if _, err = ossl.EVP_PKEY_get_bn_param(pkey, param.ptr(), &tmp); err != nil { ++ return false ++ } ++ *bi = bnToBig(tmp) ++ ossl.BN_clear(tmp) ++ return true ++ } ++ if !(setBigInt(&N, _OSSL_PKEY_PARAM_RSA_N) && ++ setBigInt(&E, _OSSL_PKEY_PARAM_RSA_E) && ++ setBigInt(&D, _OSSL_PKEY_PARAM_RSA_D) && ++ setBigInt(&P, _OSSL_PKEY_PARAM_RSA_FACTOR1) && ++ setBigInt(&Q, _OSSL_PKEY_PARAM_RSA_FACTOR2) && ++ setBigInt(&Dp, _OSSL_PKEY_PARAM_RSA_EXPONENT1) && ++ setBigInt(&Dq, _OSSL_PKEY_PARAM_RSA_EXPONENT2) && ++ setBigInt(&Qinv, _OSSL_PKEY_PARAM_RSA_COEFFICIENT1)) { ++ return bad(err) ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ return ++} ++ ++type PublicKeyRSA struct { ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey ossl.EVP_PKEY_PTR ++} ++ ++func NewPublicKeyRSA(n, e BigInt) (*PublicKeyRSA, error) { ++ var pkey ossl.EVP_PKEY_PTR ++ switch vMajor { ++ case 1: ++ key, err := ossl.RSA_new() ++ if err != nil { ++ return nil, err ++ } ++ // No need to check for errors here, RSA_set0_* functions will fail ++ // if the BNs are NULL and we will free non-NULL BNs in the error handling. ++ bn, _ := bigToBN(n) ++ be, _ := bigToBN(e) ++ if _, err := ossl.RSA_set0_key(key, bn, be, nil); err != nil { ++ ossl.BN_free(bn) ++ ossl.BN_free(be) ++ ossl.RSA_free(key) ++ return nil, err ++ } ++ pkey, err = ossl.EVP_PKEY_new() ++ if err != nil { ++ ossl.RSA_free(key) ++ return nil, err ++ } ++ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_RSA, (unsafe.Pointer)(key)); err != nil { ++ ossl.RSA_free(key) ++ ossl.EVP_PKEY_free(pkey) ++ return nil, err ++ } ++ case 3: ++ var err error ++ if pkey, err = newRSAKey3(false, n, e, nil, nil, nil, nil, nil, nil); err != nil { ++ return nil, err ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ k := &PublicKeyRSA{_pkey: pkey} ++ runtime.SetFinalizer(k, (*PublicKeyRSA).finalize) ++ return k, nil ++} ++ ++func (k *PublicKeyRSA) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} ++ ++func (k *PublicKeyRSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { ++ // Because of the finalizer, any time _pkey is passed to cgo, that call must ++ // be followed by a call to runtime.KeepAlive, to make sure k is not ++ // collected (and finalized) before the cgo call returns. ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++type PrivateKeyRSA struct { ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey ossl.EVP_PKEY_PTR ++} ++ ++func NewPrivateKeyRSA(n, e, d, p, q, dp, dq, qinv BigInt) (*PrivateKeyRSA, error) { ++ var pkey ossl.EVP_PKEY_PTR ++ switch vMajor { ++ case 1: ++ key, err := ossl.RSA_new() ++ if err != nil { ++ return nil, err ++ } ++ // No need to check for errors here, RSA_set0_* functions will fail ++ // if the BNs are NULL and we will free non-NULL BNs in the error handling. ++ bn, _ := bigToBN(n) ++ be, _ := bigToBN(e) ++ bd, _ := bigToBN(d) ++ if _, err := ossl.RSA_set0_key(key, bn, be, bd); err != nil { ++ ossl.BN_free(bn) ++ ossl.BN_free(be) ++ ossl.BN_clear_free(bd) ++ return nil, err ++ } ++ if p != nil && q != nil { ++ bp, _ := bigToBN(p) ++ bq, _ := bigToBN(q) ++ if _, err := ossl.RSA_set0_factors(key, bp, bq); err != nil { ++ ossl.BN_clear_free(bp) ++ ossl.BN_clear_free(bq) ++ return nil, err ++ } ++ } ++ if dp != nil && dq != nil && qinv != nil { ++ bdp, _ := bigToBN(dp) ++ bdq, _ := bigToBN(dq) ++ bqinv, _ := bigToBN(qinv) ++ if _, err := ossl.RSA_set0_crt_params(key, bdp, bdq, bqinv); err != nil { ++ ossl.BN_free(bdp) ++ ossl.BN_free(bdq) ++ ossl.BN_free(bqinv) ++ return nil, err ++ } ++ } ++ pkey, err = ossl.EVP_PKEY_new() ++ if err != nil { ++ ossl.RSA_free(key) ++ return nil, err ++ } ++ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_RSA, (unsafe.Pointer)(key)); err != nil { ++ ossl.RSA_free(key) ++ ossl.EVP_PKEY_free(pkey) ++ return nil, err ++ } ++ case 3: ++ var err error ++ if pkey, err = newRSAKey3(true, n, e, d, p, q, dp, dq, qinv); err != nil { ++ return nil, err ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ k := &PrivateKeyRSA{_pkey: pkey} ++ runtime.SetFinalizer(k, (*PrivateKeyRSA).finalize) ++ return k, nil ++} ++ ++func (k *PrivateKeyRSA) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} ++ ++func (k *PrivateKeyRSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { ++ // Because of the finalizer, any time _pkey is passed to cgo, that call must ++ // be followed by a call to runtime.KeepAlive, to make sure k is not ++ // collected (and finalized) before the cgo call returns. ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { ++ return evpDecrypt(priv.withKey, ossl.RSA_PKCS1_OAEP_PADDING, h, mgfHash, label, ciphertext) ++} + -+//go:build darwin ++func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) { ++ return evpEncrypt(pub.withKey, ossl.RSA_PKCS1_OAEP_PADDING, h, mgfHash, label, msg) ++} + -+package xcrypto ++func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return evpDecrypt(priv.withKey, ossl.RSA_PKCS1_PADDING, nil, nil, nil, ciphertext) ++} + -+// #include -+import "C" -+import ( -+ "crypto" -+ "errors" -+ "hash" -+ "runtime" -+ "strconv" -+) ++func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) { ++ return evpEncrypt(pub.withKey, ossl.RSA_PKCS1_PADDING, nil, nil, nil, msg) ++} + -+// GenerateKeyRSA generates an RSA key pair on macOS. -+// asn1Data is encoded as PKCS#1 ASN1 DER. -+func GenerateKeyRSA(bits int) (asn1Data []byte, err error) { -+ privKeyDER, privKeyRef, err := createSecKeyRandom(C.kSecAttrKeyTypeRSA, bits) ++func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ ret, err := evpDecrypt(priv.withKey, ossl.RSA_NO_PADDING, nil, nil, nil, ciphertext) + if err != nil { + return nil, err + } -+ C.CFRelease(C.CFTypeRef(privKeyRef)) -+ return privKeyDER, nil ++ // We could return here, but the Go standard library test expects DecryptRSANoPadding to verify the result ++ // in order to defend against errors in the CRT computation. ++ // ++ // The following code tries to replicate the verification implemented in the upstream function decryptAndCheck, found at ++ // https://github.com/golang/go/blob/9de1ac6ac2cad3871760d0aa288f5ca713afd0a6/src/crypto/rsa/rsa.go#L569-L582. ++ pub := &PublicKeyRSA{_pkey: priv._pkey} ++ // A private EVP_PKEY can be used as a public key as it contains the public information. ++ enc, err := EncryptRSANoPadding(pub, ret) ++ if err != nil { ++ return nil, err ++ } ++ // Upstream does not do a constant time comparison because it works with math/big instead of byte slices, ++ // and math/big does not support constant-time arithmetic yet. See #20654 for more info. ++ if subtle.ConstantTimeCompare(ciphertext, enc) != 1 { ++ return nil, errors.New("rsa: internal error") ++ } ++ return ret, nil +} + -+type PublicKeyRSA struct { -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey C.SecKeyRef ++func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) { ++ return evpEncrypt(pub.withKey, ossl.RSA_NO_PADDING, nil, nil, nil, msg) +} + -+func (k *PublicKeyRSA) finalize() { -+ if k._pkey != 0 { -+ C.CFRelease(C.CFTypeRef(k._pkey)) ++func saltLength(saltLen int, sign bool) (int32, error) { ++ // A salt length of -2 is valid in OpenSSL, but not in crypto/rsa, so reject ++ // it, and lengths < -2, before we convert to the OpenSSL sentinel values. ++ if saltLen <= -2 { ++ return 0, errors.New("crypto/rsa: invalid PSS salt length") ++ } ++ // OpenSSL uses sentinel salt length values like Go crypto does, ++ // but the values don't fully match for rsa.PSSSaltLengthAuto (0). ++ if saltLen == 0 { ++ if sign { ++ if vMajor == 1 { ++ // OpenSSL 1.x uses -2 to mean maximal size when signing where Go crypto uses 0. ++ return ossl.RSA_PSS_SALTLEN_MAX_SIGN, nil ++ } ++ // OpenSSL 3.x deprecated RSA_PSS_SALTLEN_MAX_SIGN ++ // and uses -3 to mean maximal size when signing where Go crypto uses 0. ++ return ossl.RSA_PSS_SALTLEN_MAX, nil ++ } ++ // OpenSSL uses -2 to mean auto-detect size when verifying where Go crypto uses 0. ++ return ossl.RSA_PSS_SALTLEN_AUTO, nil + } ++ return int32(saltLen), nil +} + -+// NewPublicKeyRSA creates a new RSA public key from ASN1 DER encoded data. -+func NewPublicKeyRSA(asn1Data []byte) (*PublicKeyRSA, error) { -+ pubKeyRef, err := createSecKeyWithData(asn1Data, C.kSecAttrKeyTypeRSA, C.kSecAttrKeyClassPublic) ++func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { ++ cSaltLen, err := saltLength(saltLen, true) + if err != nil { + return nil, err + } ++ return evpSign(priv.withKey, ossl.RSA_PKCS1_PSS_PADDING, cSaltLen, h, hashed) ++} + -+ key := &PublicKeyRSA{_pkey: pubKeyRef} -+ runtime.SetFinalizer(key, (*PublicKeyRSA).finalize) -+ return key, nil ++func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { ++ cSaltLen, err := saltLength(saltLen, false) ++ if err != nil { ++ return err ++ } ++ return evpVerify(pub.withKey, ossl.RSA_PKCS1_PSS_PADDING, cSaltLen, h, sig, hashed) +} + -+func (k *PublicKeyRSA) withKey(f func(C.SecKeyRef) C.int) C.int { -+ // Because of the finalizer, any time key is passed to cgo, that call must -+ // be followed by a call to runtime.KeepAlive, to make sure k is not -+ // collected (and finalized) before the cgo call returns. -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) ++func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { ++ return evpSign(priv.withKey, ossl.RSA_PKCS1_PADDING, 0, h, hashed) +} + -+type PrivateKeyRSA struct { -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey C.SecKeyRef ++func HashSignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte) ([]byte, error) { ++ return evpHashSign(priv.withKey, h, msg) +} + -+func (k *PrivateKeyRSA) finalize() { -+ if k._pkey != 0 { -+ C.CFRelease(C.CFTypeRef(k._pkey)) ++func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { ++ defer runtime.KeepAlive(pub) ++ var size int32 ++ if err := pub.withKey(func(pkey ossl.EVP_PKEY_PTR) (err error) { ++ size, err = ossl.EVP_PKEY_get_size(pkey) ++ if err != nil { ++ return err ++ } ++ if len(sig) < int(size) { ++ return errors.New("crypto/rsa: verification error") ++ } ++ return nil ++ }); err != nil { ++ return err + } ++ return evpVerify(pub.withKey, ossl.RSA_PKCS1_PADDING, 0, h, sig, hashed) +} + -+// NewPrivateKeyRSA creates a new RSA private key from ASN1 DER encoded data. -+func NewPrivateKeyRSA(asn1Data []byte) (*PrivateKeyRSA, error) { -+ privKeyRef, err := createSecKeyWithData(asn1Data, C.kSecAttrKeyTypeRSA, C.kSecAttrKeyClassPrivate) ++func HashVerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, msg, sig []byte) error { ++ return evpHashVerify(pub.withKey, h, msg, sig) ++} ++ ++func newRSAKey3(isPriv bool, n, e, d, p, q, dp, dq, qinv BigInt) (ossl.EVP_PKEY_PTR, error) { ++ bld, err := newParamBuilder() + if err != nil { + return nil, err + } ++ defer bld.finalize() + -+ key := &PrivateKeyRSA{_pkey: privKeyRef} -+ runtime.SetFinalizer(key, (*PrivateKeyRSA).finalize) -+ return key, nil -+} -+ -+func (k *PrivateKeyRSA) PublicKey() *PublicKeyRSA { -+ var pubKeyRef C.SecKeyRef -+ k.withKey(func(key C.SecKeyRef) C.int { -+ pubKeyRef = C.SecKeyCopyPublicKey(k._pkey) -+ return 0 -+ }) -+ pubKey := &PublicKeyRSA{_pkey: pubKeyRef} -+ runtime.SetFinalizer(pubKey, (*PublicKeyRSA).finalize) -+ return pubKey -+} -+ -+func (k *PrivateKeyRSA) withKey(f func(C.SecKeyRef) C.int) C.int { -+ // Because of the finalizer, any time _pkey is passed to cgo, that call must -+ // be followed by a call to runtime.KeepAlive, to make sure k is not -+ // collected (and finalized) before the cgo call returns. -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_N, n, false) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_E, e, false) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_D, d, false) + -+// DecryptRSAOAEP decrypts data using RSA-OAEP. -+func DecryptRSAOAEP(h hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { -+ if len(label) > 0 { -+ // https://github.com/microsoft/go-crypto-darwin/issues/22 -+ panic("crypto/rsa: label is not supported on macOS") ++ if p != nil && q != nil { ++ allPrecomputedExists := dp != nil && dq != nil && qinv != nil ++ // The precomputed values should only be passed if P and Q are present ++ // and every precomputed value is present. (If any precomputed value is ++ // missing, don't pass any of them.) ++ // ++ // In OpenSSL 3.0 and 3.1, we must also omit P and Q if any precomputed ++ // value is missing. See https://github.com/openssl/openssl/pull/22334 ++ if vMinor >= 2 || allPrecomputedExists { ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_FACTOR1, p, true) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_FACTOR2, q, true) ++ } ++ if allPrecomputedExists { ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_EXPONENT1, dp, true) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_EXPONENT2, dq, true) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_COEFFICIENT1, qinv, true) ++ } + } -+ return evpDecrypt(priv.withKey, algorithmTypeOAEP, ciphertext, h) -+} + -+// EncryptRSAOAEP encrypts data using RSA-OAEP. -+func EncryptRSAOAEP(h hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) { -+ if len(label) > 0 { -+ // https://github.com/microsoft/go-crypto-darwin/issues/22 -+ panic("crypto/rsa: label is not supported on macOS") ++ params, err := bld.build() ++ if err != nil { ++ return nil, err + } -+ return evpEncrypt(pub.withKey, algorithmTypeOAEP, msg, h) ++ defer ossl.OSSL_PARAM_free(params) ++ selection := ossl.EVP_PKEY_PUBLIC_KEY ++ if isPriv { ++ selection = ossl.EVP_PKEY_KEYPAIR ++ } ++ return newEvpFromParams(ossl.EVP_PKEY_RSA, int32(selection), params) +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/tls1prf.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/tls1prf.go +new file mode 100644 +index 00000000000000..a5e24cff4f068c +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/tls1prf.go +@@ -0,0 +1,159 @@ ++//go:build !cmd_go_bootstrap + -+// SignRSAPSS signs data with RSA-PSS. -+func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { -+ return evpSign(priv.withKey, algorithmTypePSS, h, hashed) -+} ++package openssl + -+// VerifyRSAPSS verifies data with RSA-PSS. -+func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { -+ return evpVerify(pub.withKey, algorithmTypePSS, h, hashed, sig) -+} ++import "C" ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ "sync" ++ "unsafe" + -+func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { -+ return evpSign(priv.withKey, algorithmTypePKCS1v15Sig, h, hashed) ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) ++ ++func SupportsTLS1PRF() bool { ++ switch vMajor { ++ case 1: ++ return vMinor >= 1 ++ case 3: ++ _, err := fetchTLS1PRF3() ++ return err == nil ++ default: ++ panic(errUnsupportedVersion()) ++ } +} + -+func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { -+ if pub.withKey(func(key C.SecKeyRef) C.int { -+ size := C.SecKeyGetBlockSize(key) -+ if len(sig) < int(size) { -+ return 0 ++// TLS1PRF implements the TLS 1.0/1.1 pseudo-random function if h is nil, ++// else it implements the TLS 1.2 pseudo-random function. ++// The pseudo-random number will be written to result and will be of length len(result). ++func TLS1PRF(result, secret, label, seed []byte, fh func() hash.Hash) error { ++ var md ossl.EVP_MD_PTR ++ if fh == nil { ++ // TLS 1.0/1.1 PRF doesn't allow to specify the hash function, ++ // it always uses MD5SHA1. If h is nil, then assume ++ // that the caller wants to use TLS 1.0/1.1 PRF. ++ // OpenSSL detects this case by checking if the hash ++ // function is MD5SHA1. ++ md = loadHash(crypto.MD5SHA1).md ++ } else { ++ h, err := hashFuncHash(fh) ++ if err != nil { ++ return err + } -+ return 1 -+ }) == 0 { -+ return errors.New("crypto/rsa: verification error") ++ md = hashToMD(h) ++ } ++ if md == nil { ++ return errors.New("unsupported hash function") + } -+ return evpVerify(pub.withKey, algorithmTypePKCS1v15Sig, h, hashed, sig) -+} + -+// DecryptRSAPKCS1 decrypts data using RSA PKCS#1 v1.5 padding. -+func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ return evpDecrypt(priv.withKey, algorithmTypePKCS1v15Enc, ciphertext, nil) ++ switch vMajor { ++ case 1: ++ return tls1PRF1(result, secret, label, seed, md) ++ case 3: ++ return tls1PRF3(result, secret, label, seed, md) ++ default: ++ return errUnsupportedVersion() ++ } +} + -+// EncryptRSAPKCS1 encrypts data using RSA PKCS#1 v1.5 padding. -+func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) { -+ return evpEncrypt(pub.withKey, algorithmTypePKCS1v15Enc, msg, nil) -+} ++// tls1PRF1 implements TLS1PRF for OpenSSL 1 using the EVP_PKEY API. ++func tls1PRF1(result, secret, label, seed []byte, md ossl.EVP_MD_PTR) error { ++ checkMajorVersion(1) + -+func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ return evpDecrypt(priv.withKey, algorithmTypeRAW, ciphertext, nil) -+} ++ ctx, err := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_TLS1_PRF, nil) ++ if err != nil { ++ return err ++ } ++ defer func() { ++ ossl.EVP_PKEY_CTX_free(ctx) ++ }() + -+func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) { -+ return evpEncrypt(pub.withKey, algorithmTypeRAW, msg, nil) ++ if _, err := ossl.EVP_PKEY_derive_init(ctx); err != nil { ++ return err ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ++ ossl.EVP_PKEY_OP_DERIVE, ++ ossl.EVP_PKEY_CTRL_TLS_MD, ++ 0, unsafe.Pointer(md)); err != nil { ++ return err ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ++ ossl.EVP_PKEY_OP_DERIVE, ++ ossl.EVP_PKEY_CTRL_TLS_SECRET, ++ int32(len(secret)), unsafe.Pointer(base(secret))); err != nil { ++ return err ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ++ ossl.EVP_PKEY_OP_DERIVE, ++ ossl.EVP_PKEY_CTRL_TLS_SEED, ++ int32(len(label)), unsafe.Pointer(base(label))); err != nil { ++ return err ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ++ ossl.EVP_PKEY_OP_DERIVE, ++ ossl.EVP_PKEY_CTRL_TLS_SEED, ++ int32(len(seed)), unsafe.Pointer(base(seed))); err != nil { ++ return err ++ } ++ outLen := len(result) ++ if _, err := ossl.EVP_PKEY_derive(ctx, base(result), &outLen); err != nil { ++ return err ++ } ++ // The Go standard library expects TLS1PRF to return the requested number of bytes, ++ // fail if it doesn't. While there is no known situation where this will happen, ++ // EVP_PKEY_derive handles multiple algorithms and there could be a subtle mismatch ++ // after more code changes in the future. ++ if outLen != len(result) { ++ return errors.New("tls1-prf: derived less bytes than requested") ++ } ++ return nil +} + -+// Helper functions ++// fetchTLS1PRF3 fetches the TLS1-PRF KDF algorithm. ++// It is safe to call this function concurrently. ++// The returned EVP_KDF_PTR shouldn't be freed. ++var fetchTLS1PRF3 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { ++ checkMajorVersion(3) + -+type cfError struct { -+ code int -+ message string -+} ++ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_TLS1_PRF.ptr(), nil) ++ if err != nil { ++ return nil, err ++ } ++ return kdf, nil ++}) + -+func (e *cfError) Error() string { -+ if e.message == "" { -+ return "CFError(" + strconv.Itoa(e.code) + "): unknown error" ++// tls1PRF3 implements TLS1PRF for OpenSSL 3 using the EVP_KDF API. ++func tls1PRF3(result, secret, label, seed []byte, md ossl.EVP_MD_PTR) error { ++ checkMajorVersion(3) ++ ++ kdf, err := fetchTLS1PRF3() ++ if err != nil { ++ return err + } -+ return "CFError(" + strconv.Itoa(e.code) + "): " + e.message -+} ++ ctx, err := ossl.EVP_KDF_CTX_new(kdf) ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_KDF_CTX_free(ctx) + -+func goCFErrorRef(ref C.CFErrorRef) error { -+ if ref == 0 { -+ return nil ++ bld, err := newParamBuilder() ++ if err != nil { ++ return err + } -+ var message string -+ if desc := C.CFErrorCopyDescription(ref); desc != C.CFStringRef(0) { -+ defer C.CFRelease(C.CFTypeRef(desc)) -+ if cstr := C.CFStringGetCStringPtr(desc, C.kCFStringEncodingUTF8); cstr != nil { -+ message = C.GoString(cstr) -+ } ++ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) ++ bld.addOctetString(_OSSL_KDF_PARAM_SECRET, secret) ++ bld.addOctetString(_OSSL_KDF_PARAM_SEED, label) ++ bld.addOctetString(_OSSL_KDF_PARAM_SEED, seed) ++ params, err := bld.build() ++ if err != nil { ++ return err + } -+ return &cfError{ -+ code: int(C.CFErrorGetCode(ref)), -+ message: message, ++ defer ossl.OSSL_PARAM_free(params) ++ ++ if _, err := ossl.EVP_KDF_derive(ctx, base(result), len(result), params); err != nil { ++ return err + } ++ return nil +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/xcrypto.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/xcrypto.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/zaes.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/zaes.go new file mode 100644 -index 00000000000000..d6b428e7ebb68b +index 00000000000000..e60a5dde390be6 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/xcrypto.go -@@ -0,0 +1,49 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/zaes.go +@@ -0,0 +1,86 @@ ++// Code generated by cmd/genaesmodes. DO NOT EDIT. + -+//go:build darwin ++//go:build cgo && !cmd_go_bootstrap + -+package xcrypto ++package openssl + -+// #cgo CFLAGS: -Wno-deprecated-declarations -+// #cgo LDFLAGS: -framework Security -framework CoreFoundation -+import "C" -+import "unsafe" ++import "crypto/cipher" + -+var zero byte ++type cipherWithCBC struct { ++ aesCipher ++} + -+// base returns the address of the underlying array in b, -+// being careful not to panic when b has zero length. -+func base(b []byte) *C.uchar { -+ return (*C.uchar)(unsafe.Pointer(addr(b))) ++type cipherWithCTR struct { ++ aesCipher +} + -+func sbase(b []byte) *C.char { -+ return (*C.char)(unsafe.Pointer(addr(b))) ++type cipherWithCBC_CTR struct { ++ aesCipher ++ cipherWithCBC ++ cipherWithCTR +} + -+func pbase(b []byte) unsafe.Pointer { -+ return unsafe.Pointer(addr(b)) ++type cipherWithGCM struct { ++ aesCipher +} + -+// base returns the address of the underlying array in b, -+// being careful not to panic when b has zero length. -+// If b is empty, it returns a pointer to a zero byte -+// so that it can always be dereferenced. -+func addr(b []byte) *byte { -+ if len(b) == 0 { -+ return &zero -+ } -+ return unsafe.SliceData(b) ++type cipherWithCBC_GCM struct { ++ aesCipher ++ cipherWithCBC ++ cipherWithGCM +} + -+// addrNeverEmpty returns the address of the underlying array in b, -+// being careful not to panic when b has zero length. -+// If b is empty, it returns a pointer to a zero byte -+// so that it can always be dereferenced. -+func addrNeverEmpty(b []byte) *byte { -+ if len(b) == 0 { -+ return &zero ++type cipherWithCTR_GCM struct { ++ aesCipher ++ cipherWithCTR ++ cipherWithGCM ++} ++ ++type cipherWithCBC_CTR_GCM struct { ++ aesCipher ++ cipherWithCBC ++ cipherWithCTR ++ cipherWithGCM ++} ++ ++func newAESBlock(c *evpCipher, kind cipherKind) cipher.Block { ++ aes := aesCipher{c} ++ var block cipher.Block ++ supportsCBC := loadCipher(kind, cipherModeCBC) != nil ++ supportsCTR := loadCipher(kind, cipherModeCTR) != nil ++ supportsGCM := loadCipher(kind, cipherModeGCM) != nil ++ switch { ++ case !supportsCBC && !supportsCTR && !supportsGCM: ++ block = aes ++ case supportsCBC && !supportsCTR && !supportsGCM: ++ block = cipherWithCBC{aes} ++ case !supportsCBC && supportsCTR && !supportsGCM: ++ block = cipherWithCTR{aes} ++ case supportsCBC && supportsCTR && !supportsGCM: ++ block = cipherWithCBC_CTR{aes, ++ cipherWithCBC{aes}, ++ cipherWithCTR{aes}, ++ } ++ case !supportsCBC && !supportsCTR && supportsGCM: ++ block = cipherWithGCM{aes} ++ case supportsCBC && !supportsCTR && supportsGCM: ++ block = cipherWithCBC_GCM{aes, ++ cipherWithCBC{aes}, ++ cipherWithGCM{aes}, ++ } ++ case !supportsCBC && supportsCTR && supportsGCM: ++ block = cipherWithCTR_GCM{aes, ++ cipherWithCTR{aes}, ++ cipherWithGCM{aes}, ++ } ++ case supportsCBC && supportsCTR && supportsGCM: ++ block = cipherWithCBC_CTR_GCM{aes, ++ cipherWithCBC{aes}, ++ cipherWithCTR{aes}, ++ cipherWithGCM{aes}, ++ } ++ default: ++ panic("unreachable") + } -+ return unsafe.SliceData(b) ++ return block +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/LICENSE b/src/vendor/github.com/microsoft/go-crypto-winnative/LICENSE new file mode 100644 @@ -21235,20 +21134,20 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index a6b711219383c2..1cd73c0693cc59 100644 +index a6b711219383c2..8668fcb28e0ba4 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,20 @@ -+# github.com/golang-fips/openssl/v2 v2.0.4-0.20260419202439-d4b2f5e5072f -+## explicit; go 1.22 -+github.com/golang-fips/openssl/v2 -+github.com/golang-fips/openssl/v2/bbig -+github.com/golang-fips/openssl/v2/internal/ossl +# github.com/microsoft/go-crypto-darwin v0.0.2-0.20250714125817-871ed82e87d7 +## explicit; go 1.22 +github.com/microsoft/go-crypto-darwin/bbig +github.com/microsoft/go-crypto-darwin/internal/cryptokit +github.com/microsoft/go-crypto-darwin/xcrypto ++# github.com/microsoft/go-crypto-openssl v0.0.0-20260521141647-8d2a891ca446 ++## explicit; go 1.22 ++github.com/microsoft/go-crypto-openssl/bbig ++github.com/microsoft/go-crypto-openssl/internal/ossl ++github.com/microsoft/go-crypto-openssl/openssl +# github.com/microsoft/go-crypto-winnative v0.0.0-20250703113837-e4483837c98b +## explicit; go 1.22 +github.com/microsoft/go-crypto-winnative/cng diff --git a/patches/0003-Implement-crypto-internal-backend.patch b/patches/0003-Implement-crypto-internal-backend.patch index 70f73731388..5868181d986 100644 --- a/patches/0003-Implement-crypto-internal-backend.patch +++ b/patches/0003-Implement-crypto-internal-backend.patch @@ -55,7 +55,7 @@ desired goexperiments and build tags. src/internal/buildcfg/exp.go | 54 +++ src/runtime/runtime_boring.go | 5 + src/syscall/exec_linux_test.go | 2 +- - 46 files changed, 2317 insertions(+), 23 deletions(-) + 46 files changed, 2318 insertions(+), 22 deletions(-) create mode 100644 src/cmd/go/systemcrypto_test.go create mode 100644 src/crypto/internal/backend/backend_test.go create mode 100644 src/crypto/internal/backend/bbig/big.go @@ -677,7 +677,7 @@ index 2f46a6b44bffe1..69071289e2de81 100644 ! go build -o $devnull cmd/buildid diff --git a/src/cmd/internal/testdir/testdir_test.go b/src/cmd/internal/testdir/testdir_test.go -index 483a9ec33c6798..fad922e3f844ab 100644 +index 529445a7dab59d..e2d64bb8335119 100644 --- a/src/cmd/internal/testdir/testdir_test.go +++ b/src/cmd/internal/testdir/testdir_test.go @@ -118,6 +118,13 @@ func Test(t *testing.T) { @@ -856,7 +856,7 @@ index 00000000000000..77f3ca5d262769 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/bbig/big_openssl.go b/src/crypto/internal/backend/bbig/big_openssl.go new file mode 100644 -index 00000000000000..e6695dd66b1d02 +index 00000000000000..13f667a140e05f --- /dev/null +++ b/src/crypto/internal/backend/bbig/big_openssl.go @@ -0,0 +1,12 @@ @@ -868,7 +868,7 @@ index 00000000000000..e6695dd66b1d02 + +package bbig + -+import "github.com/golang-fips/openssl/v2/bbig" ++import "github.com/microsoft/go-crypto-openssl/bbig" + +var Enc = bbig.Enc +var Dec = bbig.Dec @@ -1842,7 +1842,7 @@ index 00000000000000..289d6594eac54b +} diff --git a/src/crypto/internal/backend/fips140/openssl_cgo.go b/src/crypto/internal/backend/fips140/openssl_cgo.go new file mode 100644 -index 00000000000000..a24db78572f528 +index 00000000000000..5f99705f9d8c20 --- /dev/null +++ b/src/crypto/internal/backend/fips140/openssl_cgo.go @@ -0,0 +1,59 @@ @@ -1858,7 +1858,7 @@ index 00000000000000..a24db78572f528 + _ "crypto/internal/backend/internal/opensslsetup" + "syscall" + -+ "github.com/golang-fips/openssl/v2" ++ "github.com/microsoft/go-crypto-openssl/openssl" +) + +const backendEnabled = true @@ -1981,7 +1981,7 @@ index 00000000000000..d3d39fd77f98db +const isSkipFIPSCheck = true diff --git a/src/crypto/internal/backend/internal/opensslsetup/opensslsetup.go b/src/crypto/internal/backend/internal/opensslsetup/opensslsetup.go new file mode 100644 -index 00000000000000..d816f1be17b6a1 +index 00000000000000..cc720b20984666 --- /dev/null +++ b/src/crypto/internal/backend/internal/opensslsetup/opensslsetup.go @@ -0,0 +1,68 @@ @@ -1999,7 +1999,7 @@ index 00000000000000..d816f1be17b6a1 +import ( + "syscall" + -+ "github.com/golang-fips/openssl/v2" ++ "github.com/microsoft/go-crypto-openssl/openssl" +) + +// knownVersions is a list of supported and well-known libcrypto.so suffixes in decreasing version order. @@ -2424,7 +2424,7 @@ index 00000000000000..ce267825dc6ddc +} diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..02c3c67f822ae2 +index 00000000000000..941edd3d1dc98c --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go @@ -0,0 +1,332 @@ @@ -2447,7 +2447,7 @@ index 00000000000000..02c3c67f822ae2 + "crypto/internal/boring/sig" + "hash" + -+ "github.com/golang-fips/openssl/v2" ++ "github.com/microsoft/go-crypto-openssl/openssl" +) + +// Enabled controls whether FIPS crypto is enabled. @@ -2798,7 +2798,7 @@ index 00000000000000..13782a8241b99a + ` +} diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 9bfef9e125e8d3..ba601c2d1d0c6e 100644 +index 4145c70f62440e..df7c5f9181be80 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -353,7 +353,7 @@ var depsRules = ` @@ -2815,7 +2815,7 @@ index 9bfef9e125e8d3..ba601c2d1d0c6e 100644 < github.com/microsoft/go-crypto-winnative/cng; + syscall, -+ github.com/golang-fips/openssl/v2 ++ github.com/microsoft/go-crypto-openssl/openssl + < crypto/internal/backend/internal/opensslsetup + < crypto/internal/backend/fips140; + @@ -2832,7 +2832,7 @@ index 9bfef9e125e8d3..ba601c2d1d0c6e 100644 + + crypto/internal/boring/sig, + crypto/internal/backend/fips140, -+ github.com/golang-fips/openssl/v2, ++ github.com/microsoft/go-crypto-openssl/openssl, + github.com/microsoft/go-crypto-darwin/xcrypto, + github.com/microsoft/go-crypto-winnative/cng + < crypto/internal/backend; @@ -2862,7 +2862,7 @@ index 9bfef9e125e8d3..ba601c2d1d0c6e 100644 + < crypto/internal/boring/bbig; + + CRYPTO, FMT, math/big, internal/saferio, -+ github.com/golang-fips/openssl/v2/bbig, ++ github.com/microsoft/go-crypto-openssl/bbig, + github.com/microsoft/go-crypto-darwin/bbig, + github.com/microsoft/go-crypto-winnative/cng/bbig + < crypto/internal/backend/bbig diff --git a/patches/0004-Use-crypto-backends.patch b/patches/0004-Use-crypto-backends.patch index 4d228485104..f0a42f43117 100644 --- a/patches/0004-Use-crypto-backends.patch +++ b/patches/0004-Use-crypto-backends.patch @@ -218,7 +218,7 @@ index 4aaf46b5d0f0dc..ec58a217400caa 100644 env GO111MODULE=off +# Disable systemcrypto while evaluating test dependencies to avoid importing -+# vendored crypto module dependencies like golang-fips/openssl. This test script ++# vendored crypto module dependencies like go-crypto-openssl. This test script +# is not set up to handle any vendored libraries being imported other than +# golang.org/x/net/http2/hpack, so we must make sure it is the only one. +# @@ -263,8 +263,8 @@ index 7f22b6ba1c5bf0..6d9c27f5537700 100644 // These packages can use internal linking mode. // Others trigger external mode. var internalpkg = []string{ -+ "vendor/github.com/golang-fips/openssl/v2/internal/ossl", -+ "vendor/github.com/golang-fips/openssl/v2", ++ "vendor/github.com/microsoft/go-crypto-openssl/internal/ossl", ++ "vendor/github.com/microsoft/go-crypto-openssl/openssl", "crypto/internal/boring", "crypto/internal/boring/syso", "crypto/x509",