From b91f4592339dfb4eccadbff54333e31652508398 Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 21 May 2026 11:10:05 +0100 Subject: [PATCH 1/4] update openssl backend to point to new location --- eng/_util/cmd/upgrader/upgrader.go | 6 +- .../0001-Vendor-external-dependencies.patch | 56504 ++++++++-------- ...03-Implement-crypto-internal-backend.patch | 22 +- patches/0004-Use-crypto-backends.patch | 8 +- 4 files changed, 28198 insertions(+), 28342 deletions(-) diff --git a/eng/_util/cmd/upgrader/upgrader.go b/eng/_util/cmd/upgrader/upgrader.go index c79af3aea8..d339879584 100644 --- a/eng/_util/cmd/upgrader/upgrader.go +++ b/eng/_util/cmd/upgrader/upgrader.go @@ -28,10 +28,10 @@ type depsInfo struct { var infos = map[string]depsInfo{ "openssl": { - url: "https://github.com/golang-fips/openssl", - mod: "github.com/golang-fips/openssl/v2", + url: "https://github.com/microsoft/go-crypto-openssl", + mod: "github.com/microsoft/go-crypto-openssl", wd: "./go/src", - ref: "v2", + ref: "main", }, "windows": { url: "https://github.com/microsoft/go-crypto-winnative", diff --git a/patches/0001-Vendor-external-dependencies.patch b/patches/0001-Vendor-external-dependencies.patch index 69cc45138d..2ab87f5795 100644 --- a/patches/0001-Vendor-external-dependencies.patch +++ b/patches/0001-Vendor-external-dependencies.patch @@ -37,132 +37,6 @@ Use a 'go' that was recently built by the current branch to ensure stable result src/go.sum | 6 + src/go/build/deps_test.go | 55 +- src/go/build/vendor_test.go | 4 + - .../golang-fips/openssl/v2/.gitignore | 3 + - .../golang-fips/openssl/v2/.gitleaks.toml | 9 + - .../github.com/golang-fips/openssl/v2/LICENSE | 20 + - .../golang-fips/openssl/v2/README.md | 66 + - .../github.com/golang-fips/openssl/v2/aes.go | 157 ++ - .../golang-fips/openssl/v2/bbig/big.go | 37 + - .../github.com/golang-fips/openssl/v2/big.go | 11 + - .../openssl/v2/chacha20poly1305.go | 151 + - .../golang-fips/openssl/v2/cipher.go | 665 +++++ - .../golang-fips/openssl/v2/const.go | 99 + - .../golang-fips/openssl/v2/cshake.go | 255 ++ - .../github.com/golang-fips/openssl/v2/des.go | 118 + - .../github.com/golang-fips/openssl/v2/dsa.go | 305 ++ - .../github.com/golang-fips/openssl/v2/ec.go | 131 + - .../github.com/golang-fips/openssl/v2/ecdh.go | 340 +++ - .../golang-fips/openssl/v2/ecdsa.go | 219 ++ - .../golang-fips/openssl/v2/ed25519.go | 208 ++ - .../github.com/golang-fips/openssl/v2/evp.go | 614 ++++ - .../github.com/golang-fips/openssl/v2/hash.go | 520 ++++ - .../github.com/golang-fips/openssl/v2/hkdf.go | 441 +++ - .../github.com/golang-fips/openssl/v2/hmac.go | 278 ++ - .../openssl/v2/internal/fakecgo/abi_amd64.h | 99 + - .../openssl/v2/internal/fakecgo/abi_arm64.h | 39 + - .../openssl/v2/internal/fakecgo/abi_loong64.h | 60 + - .../openssl/v2/internal/fakecgo/abi_ppc64x.h | 195 ++ - .../openssl/v2/internal/fakecgo/abi_riscv64.h | 72 + - .../openssl/v2/internal/fakecgo/asm_386.s | 29 + - .../openssl/v2/internal/fakecgo/asm_amd64.s | 39 + - .../openssl/v2/internal/fakecgo/asm_arm.s | 52 + - .../openssl/v2/internal/fakecgo/asm_arm64.s | 36 + - .../openssl/v2/internal/fakecgo/asm_loong64.s | 40 + - .../openssl/v2/internal/fakecgo/asm_ppc64le.s | 82 + - .../openssl/v2/internal/fakecgo/asm_riscv64.s | 37 + - .../openssl/v2/internal/fakecgo/asm_s390x.s | 55 + - .../openssl/v2/internal/fakecgo/callbacks.go | 93 + - .../openssl/v2/internal/fakecgo/fakecgo.go | 14 + - .../openssl/v2/internal/fakecgo/fakecgo.lock | 3 + - .../openssl/v2/internal/fakecgo/freebsd.go | 27 + - .../openssl/v2/internal/fakecgo/generate.go | 3 + - .../openssl/v2/internal/fakecgo/go_darwin.go | 88 + - .../openssl/v2/internal/fakecgo/go_freebsd.go | 79 + - .../openssl/v2/internal/fakecgo/go_libinit.go | 72 + - .../openssl/v2/internal/fakecgo/go_linux.go | 79 + - .../openssl/v2/internal/fakecgo/go_setenv.go | 18 + - .../openssl/v2/internal/fakecgo/go_util.go | 38 + - .../openssl/v2/internal/fakecgo/iscgo.go | 19 + - .../openssl/v2/internal/fakecgo/libcgo.go | 39 + - .../v2/internal/fakecgo/libcgo_darwin.go | 26 + - .../v2/internal/fakecgo/libcgo_freebsd.go | 20 + - .../v2/internal/fakecgo/libcgo_linux.go | 20 + - .../openssl/v2/internal/fakecgo/linux.go | 184 ++ - .../openssl/v2/internal/fakecgo/setenv.go | 19 + - .../v2/internal/fakecgo/trampolines_386.s | 121 + - .../v2/internal/fakecgo/trampolines_amd64.s | 107 + - .../v2/internal/fakecgo/trampolines_arm.s | 122 + - .../v2/internal/fakecgo/trampolines_arm64.s | 81 + - .../internal/fakecgo/trampolines_linux_386.s | 78 + - .../fakecgo/trampolines_linux_amd64.s | 69 + - .../internal/fakecgo/trampolines_linux_arm.s | 69 + - .../fakecgo/trampolines_linux_arm64.s | 60 + - .../fakecgo/trampolines_linux_loong64.s | 60 + - .../fakecgo/trampolines_linux_ppc64le.s | 69 + - .../fakecgo/trampolines_linux_riscv64.s | 60 + - .../fakecgo/trampolines_linux_s390x.s | 53 + - .../v2/internal/fakecgo/trampolines_loong64.s | 78 + - .../v2/internal/fakecgo/trampolines_ppc64le.s | 128 + - .../v2/internal/fakecgo/trampolines_riscv64.s | 76 + - .../v2/internal/fakecgo/trampolines_s390x.s | 154 + - .../openssl/v2/internal/fakecgo/zsymbols.go | 165 ++ - .../v2/internal/fakecgo/zsymbols_darwin.go | 59 + - .../v2/internal/fakecgo/zsymbols_freebsd.go | 48 + - .../v2/internal/fakecgo/zsymbols_linux.go | 158 ++ - .../v2/internal/fakecgo/ztrampolines_darwin.s | 19 + - .../internal/fakecgo/ztrampolines_freebsd.s | 16 + - .../v2/internal/fakecgo/ztrampolines_linux.s | 46 + - .../v2/internal/fakecgo/ztrampolines_stubs.s | 55 + - .../openssl/v2/internal/ossl/asm_386.s | 98 + - .../openssl/v2/internal/ossl/asm_amd64.s | 120 + - .../openssl/v2/internal/ossl/asm_arm.s | 104 + - .../openssl/v2/internal/ossl/asm_arm64.s | 97 + - .../openssl/v2/internal/ossl/asm_loong64.s | 116 + - .../openssl/v2/internal/ossl/asm_others.s | 7 + - .../openssl/v2/internal/ossl/asm_ppc64le.s | 141 + - .../openssl/v2/internal/ossl/asm_riscv64.s | 109 + - .../openssl/v2/internal/ossl/asm_s390x.s | 117 + - .../golang-fips/openssl/v2/internal/ossl/dl.h | 12 + - .../openssl/v2/internal/ossl/errors.go | 34 + - .../openssl/v2/internal/ossl/errors_cgo.go | 30 + - .../openssl/v2/internal/ossl/errors_nocgo.go | 16 + - .../openssl/v2/internal/ossl/ossl.go | 59 + - .../openssl/v2/internal/ossl/shims.h | 442 +++ - .../openssl/v2/internal/ossl/syscall_nocgo.go | 84 + - .../v2/internal/ossl/syscall_nocgo_darwin.go | 5 + - .../v2/internal/ossl/syscall_nocgo_freebsd.go | 5 + - .../v2/internal/ossl/syscall_nocgo_linux.go | 5 + - .../v2/internal/ossl/syscall_nocgo_unix.go | 20 + - .../v2/internal/ossl/syscall_nocgo_windows.go | 22 + - .../openssl/v2/internal/ossl/zdl.s | 55 + - .../openssl/v2/internal/ossl/zdl_nocgo.go | 58 + - .../openssl/v2/internal/ossl/zossl.c | 2071 ++++++++++++++ - .../openssl/v2/internal/ossl/zossl.go | 73 + - .../openssl/v2/internal/ossl/zossl.h | 371 +++ - .../openssl/v2/internal/ossl/zossl_cgo.go | 1502 ++++++++++ - .../openssl/v2/internal/ossl/zossl_nocgo.go | 2468 +++++++++++++++++ - .../golang-fips/openssl/v2/mldsa.go | 448 +++ - .../golang-fips/openssl/v2/mlkem.go | 368 +++ - .../golang-fips/openssl/v2/openssl.go | 240 ++ - .../golang-fips/openssl/v2/openssl_cgo.go | 16 + - .../golang-fips/openssl/v2/openssl_nocgo.go | 32 + - .../golang-fips/openssl/v2/osslsetup/fips.go | 166 ++ - .../golang-fips/openssl/v2/osslsetup/init.go | 169 ++ - .../openssl/v2/osslsetup/init_cgo_unix.go | 31 + - .../openssl/v2/osslsetup/init_nocgo_unix.go | 32 + - .../openssl/v2/osslsetup/init_windows.go | 36 + - .../openssl/v2/osslsetup/osslsetup.go | 108 + - .../openssl/v2/osslsetup/osslsetup_cgo.go | 11 + - .../openssl/v2/osslsetup/osslsetup_nocgo.go | 21 + - .../golang-fips/openssl/v2/params.go | 190 ++ - .../golang-fips/openssl/v2/pbkdf2.go | 54 + - .../golang-fips/openssl/v2/provideropenssl.go | 249 ++ - .../openssl/v2/providersymcrypt.go | 330 +++ - .../github.com/golang-fips/openssl/v2/rand.go | 21 + - .../github.com/golang-fips/openssl/v2/rc4.go | 74 + - .../github.com/golang-fips/openssl/v2/rsa.go | 711 +++++ - .../golang-fips/openssl/v2/tls1prf.go | 156 ++ - .../github.com/golang-fips/openssl/v2/zaes.go | 86 + .../microsoft/go-crypto-darwin/LICENSE | 21 + .../microsoft/go-crypto-darwin/bbig/big.go | 31 + .../internal/commoncrypto/commoncrypto.go | 9 + @@ -244,6 +118,129 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../go-crypto-darwin/xcrypto/rand.go | 28 + .../microsoft/go-crypto-darwin/xcrypto/rc4.go | 81 + .../microsoft/go-crypto-darwin/xcrypto/rsa.go | 208 ++ + .../microsoft/go-crypto-openssl/LICENSE | 21 + + .../microsoft/go-crypto-openssl/bbig/big.go | 40 + + .../internal/fakecgo/abi_amd64.h | 99 + + .../internal/fakecgo/abi_arm64.h | 39 + + .../internal/fakecgo/abi_loong64.h | 60 + + .../internal/fakecgo/abi_ppc64x.h | 195 ++ + .../internal/fakecgo/abi_riscv64.h | 72 + + .../internal/fakecgo/asm_386.s | 29 + + .../internal/fakecgo/asm_amd64.s | 39 + + .../internal/fakecgo/asm_arm.s | 52 + + .../internal/fakecgo/asm_arm64.s | 36 + + .../internal/fakecgo/asm_loong64.s | 40 + + .../internal/fakecgo/asm_ppc64le.s | 82 + + .../internal/fakecgo/asm_riscv64.s | 37 + + .../internal/fakecgo/asm_s390x.s | 55 + + .../internal/fakecgo/callbacks.go | 93 + + .../internal/fakecgo/fakecgo.go | 14 + + .../internal/fakecgo/fakecgo.lock | 3 + + .../internal/fakecgo/freebsd.go | 27 + + .../internal/fakecgo/generate.go | 6 + + .../internal/fakecgo/go_darwin.go | 88 + + .../internal/fakecgo/go_freebsd.go | 79 + + .../internal/fakecgo/go_libinit.go | 72 + + .../internal/fakecgo/go_linux.go | 79 + + .../internal/fakecgo/go_setenv.go | 18 + + .../internal/fakecgo/go_util.go | 38 + + .../internal/fakecgo/iscgo.go | 19 + + .../internal/fakecgo/libcgo.go | 39 + + .../internal/fakecgo/libcgo_darwin.go | 26 + + .../internal/fakecgo/libcgo_freebsd.go | 20 + + .../internal/fakecgo/libcgo_linux.go | 20 + + .../internal/fakecgo/linux.go | 184 ++ + .../internal/fakecgo/setenv.go | 19 + + .../internal/fakecgo/trampolines_386.s | 121 + + .../internal/fakecgo/trampolines_amd64.s | 107 + + .../internal/fakecgo/trampolines_arm.s | 122 + + .../internal/fakecgo/trampolines_arm64.s | 81 + + .../internal/fakecgo/trampolines_linux_386.s | 78 + + .../fakecgo/trampolines_linux_amd64.s | 69 + + .../internal/fakecgo/trampolines_linux_arm.s | 69 + + .../fakecgo/trampolines_linux_arm64.s | 60 + + .../fakecgo/trampolines_linux_loong64.s | 60 + + .../fakecgo/trampolines_linux_ppc64le.s | 69 + + .../fakecgo/trampolines_linux_riscv64.s | 60 + + .../fakecgo/trampolines_linux_s390x.s | 53 + + .../internal/fakecgo/trampolines_loong64.s | 78 + + .../internal/fakecgo/trampolines_ppc64le.s | 128 + + .../internal/fakecgo/trampolines_riscv64.s | 76 + + .../internal/fakecgo/trampolines_s390x.s | 154 + + .../internal/fakecgo/zsymbols.go | 165 ++ + .../internal/fakecgo/zsymbols_darwin.go | 59 + + .../internal/fakecgo/zsymbols_freebsd.go | 48 + + .../internal/fakecgo/zsymbols_linux.go | 158 ++ + .../internal/fakecgo/ztrampolines_darwin.s | 19 + + .../internal/fakecgo/ztrampolines_freebsd.s | 16 + + .../internal/fakecgo/ztrampolines_linux.s | 46 + + .../internal/fakecgo/ztrampolines_stubs.s | 55 + + .../go-crypto-openssl/internal/ossl/asm_386.s | 101 + + .../internal/ossl/asm_amd64.s | 123 + + .../go-crypto-openssl/internal/ossl/asm_arm.s | 107 + + .../internal/ossl/asm_arm64.s | 100 + + .../internal/ossl/asm_loong64.s | 119 + + .../internal/ossl/asm_others.s | 10 + + .../internal/ossl/asm_ppc64le.s | 144 + + .../internal/ossl/asm_riscv64.s | 112 + + .../internal/ossl/asm_s390x.s | 120 + + .../go-crypto-openssl/internal/ossl/dl.h | 15 + + .../go-crypto-openssl/internal/ossl/errors.go | 37 + + .../internal/ossl/errors_cgo.go | 33 + + .../internal/ossl/errors_nocgo.go | 19 + + .../go-crypto-openssl/internal/ossl/ossl.go | 62 + + .../go-crypto-openssl/internal/ossl/shims.h | 446 +++ + .../internal/ossl/syscall_nocgo.go | 87 + + .../internal/ossl/syscall_nocgo_darwin.go | 8 + + .../internal/ossl/syscall_nocgo_freebsd.go | 8 + + .../internal/ossl/syscall_nocgo_linux.go | 8 + + .../internal/ossl/syscall_nocgo_unix.go | 23 + + .../internal/ossl/syscall_nocgo_windows.go | 25 + + .../go-crypto-openssl/internal/ossl/zdl.s | 58 + + .../internal/ossl/zdl_nocgo.go | 61 + + .../go-crypto-openssl/internal/ossl/zossl.c | 2083 ++++++++++++++ + .../go-crypto-openssl/internal/ossl/zossl.go | 76 + + .../go-crypto-openssl/internal/ossl/zossl.h | 375 +++ + .../internal/ossl/zossl_cgo.go | 1513 ++++++++++ + .../internal/ossl/zossl_nocgo.go | 2481 +++++++++++++++++ + .../go-crypto-openssl/openssl/aes.go | 158 ++ + .../go-crypto-openssl/openssl/big.go | 14 + + .../openssl/chacha20poly1305.go | 152 + + .../go-crypto-openssl/openssl/cipher.go | 666 +++++ + .../go-crypto-openssl/openssl/const.go | 109 + + .../go-crypto-openssl/openssl/cshake.go | 256 ++ + .../go-crypto-openssl/openssl/des.go | 121 + + .../go-crypto-openssl/openssl/dsa.go | 306 ++ + .../microsoft/go-crypto-openssl/openssl/ec.go | 132 + + .../go-crypto-openssl/openssl/ecdh.go | 341 +++ + .../go-crypto-openssl/openssl/ecdsa.go | 220 ++ + .../go-crypto-openssl/openssl/ed25519.go | 209 ++ + .../go-crypto-openssl/openssl/evp.go | 615 ++++ + .../go-crypto-openssl/openssl/hash.go | 521 ++++ + .../go-crypto-openssl/openssl/hkdf.go | 330 +++ + .../go-crypto-openssl/openssl/hmac.go | 280 ++ + .../go-crypto-openssl/openssl/mldsa.go | 449 +++ + .../go-crypto-openssl/openssl/mlkem.go | 369 +++ + .../go-crypto-openssl/openssl/openssl.go | 183 ++ + .../go-crypto-openssl/openssl/openssl_cgo.go | 17 + + .../openssl/openssl_nocgo.go | 35 + + .../go-crypto-openssl/openssl/params.go | 191 ++ + .../go-crypto-openssl/openssl/pbkdf2.go | 86 + + .../openssl/provideropenssl.go | 250 ++ + .../openssl/providersymcrypt.go | 331 +++ + .../go-crypto-openssl/openssl/rand.go | 37 + + .../go-crypto-openssl/openssl/rc4.go | 76 + + .../go-crypto-openssl/openssl/rsa.go | 712 +++++ + .../go-crypto-openssl/openssl/tls1prf.go | 157 ++ + .../go-crypto-openssl/openssl/zaes.go | 87 + + .../go-crypto-openssl/osslsetup/fips.go | 69 + + .../go-crypto-openssl/osslsetup/init.go | 170 ++ + .../osslsetup/init_cgo_unix.go | 34 + + .../osslsetup/init_nocgo_unix.go | 35 + + .../osslsetup/init_windows.go | 37 + + .../go-crypto-openssl/osslsetup/osslsetup.go | 109 + + .../osslsetup/osslsetup_cgo.go | 12 + + .../osslsetup/osslsetup_nocgo.go | 24 + .../microsoft/go-crypto-winnative/LICENSE | 21 + .../microsoft/go-crypto-winnative/cng/aes.go | 435 +++ .../go-crypto-winnative/cng/bbig/big.go | 31 + @@ -252,7 +249,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../go-crypto-winnative/cng/cipher.go | 52 + .../microsoft/go-crypto-winnative/cng/cng.go | 140 + .../microsoft/go-crypto-winnative/cng/des.go | 106 + - .../microsoft/go-crypto-winnative/cng/dsa.go | 465 ++++ + .../microsoft/go-crypto-winnative/cng/dsa.go | 465 +++ .../microsoft/go-crypto-winnative/cng/ecdh.go | 255 ++ .../go-crypto-winnative/cng/ecdsa.go | 169 ++ .../microsoft/go-crypto-winnative/cng/hash.go | 344 +++ @@ -273,7 +270,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 + src/vendor/modules.txt | 23 + - 265 files changed, 35749 insertions(+), 7 deletions(-) + 262 files changed, 35630 insertions(+), 7 deletions(-) create mode 100644 src/cmd/internal/telemetry/counter/deps_ignore.go create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/LICENSE create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/README.md @@ -296,132 +293,6 @@ Use a 'go' that was recently built by the current branch to ensure stable result create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/internal/telemetry/telemetry.go create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/telemetry.go create mode 100644 src/crypto/internal/backend/deps_ignore.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/LICENSE - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/README.md - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/aes.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/bbig/big.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/big.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/chacha20poly1305.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/cipher.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/const.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/cshake.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/des.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/dsa.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/ec.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/ecdh.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/ed25519.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/evp.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/hash.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/hkdf.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/hmac.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_amd64.h - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_arm64.h - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_loong64.h - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_ppc64x.h - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_riscv64.h - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_386.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_amd64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_arm.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_arm64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_loong64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_ppc64le.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_riscv64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_s390x.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/callbacks.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/fakecgo.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/fakecgo.lock - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/freebsd.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/generate.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_darwin.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_freebsd.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_libinit.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_linux.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_setenv.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_util.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/iscgo.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo_darwin.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo_freebsd.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo_linux.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/linux.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/setenv.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_386.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_amd64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_arm.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_arm64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_386.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_amd64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_arm.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_arm64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_loong64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_ppc64le.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_riscv64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_s390x.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_loong64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_ppc64le.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_riscv64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_s390x.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols_darwin.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols_freebsd.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols_linux.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_darwin.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_freebsd.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_linux.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_stubs.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_386.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_amd64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_arm.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_arm64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_loong64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_others.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_ppc64le.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_riscv64.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_s390x.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/dl.h - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors_cgo.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors_nocgo.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/ossl.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/shims.h - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_darwin.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_freebsd.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_linux.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_unix.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_windows.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zdl.s - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zdl_nocgo.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.c - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.h - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_cgo.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_nocgo.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/mldsa.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/mlkem.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/openssl.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/openssl_cgo.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/openssl_nocgo.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/osslsetup/fips.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init_cgo_unix.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init_nocgo_unix.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init_windows.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup_cgo.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup_nocgo.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/params.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/provideropenssl.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/providersymcrypt.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/rand.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/rc4.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/rsa.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/zaes.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/commoncrypto.go @@ -503,6 +374,129 @@ Use a 'go' that was recently built by the current branch to ensure stable result create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/LICENSE + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/bbig/big.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_amd64.h + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_arm64.h + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_loong64.h + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_ppc64x.h + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_riscv64.h + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_386.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_amd64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_arm.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_arm64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_loong64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_ppc64le.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_riscv64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_s390x.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/callbacks.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/fakecgo.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/fakecgo.lock + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/freebsd.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/generate.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_darwin.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_freebsd.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_libinit.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_linux.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_setenv.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_util.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/iscgo.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo_darwin.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo_freebsd.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo_linux.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/linux.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/setenv.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_386.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_amd64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_arm.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_arm64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_386.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_amd64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_arm.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_arm64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_loong64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_ppc64le.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_riscv64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_s390x.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_loong64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_ppc64le.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_riscv64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_s390x.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols_darwin.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols_freebsd.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols_linux.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_darwin.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_freebsd.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_linux.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_stubs.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_386.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_amd64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_arm.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_arm64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_loong64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_others.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_ppc64le.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_riscv64.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_s390x.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/dl.h + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors_cgo.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors_nocgo.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/ossl.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/shims.h + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_darwin.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_freebsd.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_linux.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_unix.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_windows.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zdl.s + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zdl_nocgo.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.c + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.h + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl_cgo.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl_nocgo.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/aes.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/big.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/chacha20poly1305.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/cipher.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/const.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/cshake.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/des.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/dsa.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ec.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdh.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdsa.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ed25519.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/evp.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hash.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hkdf.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hmac.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/mldsa.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/mlkem.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl_cgo.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl_nocgo.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/params.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/pbkdf2.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/provideropenssl.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/providersymcrypt.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rand.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rc4.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rsa.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/tls1prf.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/zaes.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/fips.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init_cgo_unix.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init_nocgo_unix.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init_windows.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/osslsetup.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/osslsetup_cgo.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/osslsetup_nocgo.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/LICENSE create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/bbig/big.go @@ -2249,7 +2243,7 @@ index 68ae04853cc802..703836c46ee18e 100644 golang.org/x/arch/arm/armasm diff --git a/src/crypto/internal/backend/deps_ignore.go b/src/crypto/internal/backend/deps_ignore.go new file mode 100644 -index 00000000000000..ae4055d2d71303 +index 00000000000000..f5dc9afe4b0ead --- /dev/null +++ b/src/crypto/internal/backend/deps_ignore.go @@ -0,0 +1,22 @@ @@ -2262,8 +2256,8 @@ index 00000000000000..ae4055d2d71303 +package main + +import ( -+ _ "github.com/golang-fips/openssl/v2" -+ _ "github.com/golang-fips/openssl/v2/bbig" ++ _ "github.com/microsoft/go-crypto-openssl/bbig" ++ _ "github.com/microsoft/go-crypto-openssl/openssl" + + _ "github.com/microsoft/go-crypto-darwin/bbig" + _ "github.com/microsoft/go-crypto-darwin/xcrypto" @@ -2276,7 +2270,7 @@ index 00000000000000..ae4055d2d71303 +// that are used by the backend package. This allows to track +// their versions in a single patch file. diff --git a/src/go.mod b/src/go.mod -index 8703fad3b226c9..10ccf74f86ae3b 100644 +index 8703fad3b226c9..fe3cd514ef512d 100644 --- a/src/go.mod +++ b/src/go.mod @@ -11,3 +11,9 @@ require ( @@ -2285,19 +2279,19 @@ index 8703fad3b226c9..10ccf74f86ae3b 100644 ) + +require ( -+ github.com/golang-fips/openssl/v2 v2.0.4-0.20260514124455-0301bcb6ccce + github.com/microsoft/go-crypto-darwin v0.0.3-0.20260512212935-d0ce8397e44b ++ github.com/microsoft/go-crypto-openssl v0.0.0-20260521090922-bd6798f35c69 + github.com/microsoft/go-crypto-winnative v0.0.0-20260512074019-00d811a4aefe +) diff --git a/src/go.sum b/src/go.sum -index 43554ff45c183e..143b3063c17042 100644 +index 43554ff45c183e..01f4f244d6f7be 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,9 @@ -+github.com/golang-fips/openssl/v2 v2.0.4-0.20260514124455-0301bcb6ccce h1:Kl2/ytBV5nuKMGe6YNZsm3IEq9y1i0xjf/LUdAXBK9A= -+github.com/golang-fips/openssl/v2 v2.0.4-0.20260514124455-0301bcb6ccce/go.mod h1:E+yPtdllHdy5S8YLMfcIRcqjqQySyiexqxxaLK7+cQQ= +github.com/microsoft/go-crypto-darwin v0.0.3-0.20260512212935-d0ce8397e44b h1:HADuteQytnLec1jmAOGPGCukWIxObrAm/CBYtVzuo5o= +github.com/microsoft/go-crypto-darwin v0.0.3-0.20260512212935-d0ce8397e44b/go.mod h1:QahyqOoEDhEJ08aC1WtiWq691LyNgXq3qrjI4QmdPzM= ++github.com/microsoft/go-crypto-openssl v0.0.0-20260521090922-bd6798f35c69 h1:gtZRTEEfTbjAKMNbDGXeayGoReqVhBIw+J8QzgWuBEs= ++github.com/microsoft/go-crypto-openssl v0.0.0-20260521090922-bd6798f35c69/go.mod h1:gJrjX+yWGi9pkbfPVDDh+ZbgjtQoRSXHjb/ZyjwKk34= +github.com/microsoft/go-crypto-winnative v0.0.0-20260512074019-00d811a4aefe h1:WDbUuTTKY8VElMRA3JJ8Quvj9xK9GqEcTiBZ3BF+7mI= +github.com/microsoft/go-crypto-winnative v0.0.0-20260512074019-00d811a4aefe/go.mod h1:a1Z07CJIuWa8WT/pzFIGNTTKS96s8o1B1TPOziAHUxw= golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI= @@ -2330,9 +2324,9 @@ index 25cb06182cae3d..02b52e2ab9c296 100644 - crypto/internal/boring/syso, - crypto/internal/boring/bcache + syscall, strconv -+ < github.com/golang-fips/openssl/v2/internal/fakecgo -+ < github.com/golang-fips/openssl/v2/internal/ossl -+ < github.com/golang-fips/openssl/v2/osslsetup; ++ < github.com/microsoft/go-crypto-openssl/internal/fakecgo ++ < github.com/microsoft/go-crypto-openssl/internal/ossl ++ < github.com/microsoft/go-crypto-openssl/osslsetup; + + syscall, strconv + < github.com/microsoft/go-crypto-winnative/internal/subtle @@ -2346,8 +2340,8 @@ index 25cb06182cae3d..02b52e2ab9c296 100644 + < crypto/cipher; + + crypto, crypto/subtle, hash, crypto/cipher, -+ github.com/golang-fips/openssl/v2/osslsetup -+ < github.com/golang-fips/openssl/v2; ++ github.com/microsoft/go-crypto-openssl/osslsetup ++ < github.com/microsoft/go-crypto-openssl/openssl; + + crypto, crypto/subtle, hash, crypto/cipher, + github.com/microsoft/go-crypto-darwin/internal/commoncrypto, @@ -2377,7 +2371,7 @@ index 25cb06182cae3d..02b52e2ab9c296 100644 # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. -+ math/big, github.com/golang-fips/openssl/v2 < github.com/golang-fips/openssl/v2/bbig; ++ math/big, github.com/microsoft/go-crypto-openssl/openssl < github.com/microsoft/go-crypto-openssl/bbig; + math/big, github.com/microsoft/go-crypto-darwin/xcrypto < github.com/microsoft/go-crypto-darwin/bbig; + math/big, github.com/microsoft/go-crypto-winnative/cng < github.com/microsoft/go-crypto-winnative/cng/bbig; + @@ -2398,7 +2392,7 @@ index 25cb06182cae3d..02b52e2ab9c296 100644 var imports []string var haveImport = map[string]bool{} - if pkg == "crypto/internal/boring" { -+ if pkg == "crypto/internal/boring" || strings.HasPrefix(pkg, "github.com/golang-fips/openssl/v2") || strings.HasPrefix(pkg, "github.com/microsoft/go-crypto-darwin") { ++ if pkg == "crypto/internal/boring" || strings.HasPrefix(pkg, "github.com/microsoft/go-crypto-openssl/openssl") || strings.HasPrefix(pkg, "github.com/microsoft/go-crypto-darwin") { haveImport["C"] = true // kludge: prevent C from appearing in crypto/internal/boring imports } fset := token.NewFileSet() @@ -2417,21450 +2411,629 @@ index 7f6237ffd59c11..8f68bc361081f1 100644 } // Verify that the vendor directories contain only packages matching the list above. -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/.gitignore b/src/vendor/github.com/golang-fips/openssl/v2/.gitignore -new file mode 100644 -index 00000000000000..0846322952e4df ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/.gitignore -@@ -0,0 +1,3 @@ -+**/.DS_Store -+.vscode/ -+.github/benchcheck/benchcheck -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml b/src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml -new file mode 100644 -index 00000000000000..aed2e22df2d555 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml -@@ -0,0 +1,9 @@ -+# -+# GitLeaks Repo Specific Configuration -+# -+# This allowlist is used to ignore false positives during secret scans. -+ -+[allowlist] -+paths = [ -+ 'ecdh_test.go', -+] -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/LICENSE b/src/vendor/github.com/golang-fips/openssl/v2/LICENSE +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE b/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE new file mode 100644 -index 00000000000000..97e85154015761 +index 00000000000000..9e841e7a26e4eb --- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/LICENSE -@@ -0,0 +1,20 @@ -+The MIT License (MIT) ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE +@@ -0,0 +1,21 @@ ++ MIT License + -+Copyright (c) 2022 The Golang FIPS Authors ++ Copyright (c) Microsoft Corporation. + -+Permission is hereby granted, free of charge, to any person obtaining a copy of -+this software and associated documentation files (the "Software"), to deal in -+the Software without restriction, including without limitation the rights to -+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -+the Software, and to permit persons to whom the Software is furnished to do so, -+subject to the following conditions: ++ Permission is hereby granted, free of charge, to any person obtaining a copy ++ of this software and associated documentation files (the "Software"), to deal ++ in the Software without restriction, including without limitation the rights ++ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ copies of the Software, and to permit persons to whom the Software is ++ furnished to do so, subject to the following conditions: + -+The above copyright notice and this permission notice shall be included in all -+copies or substantial portions of the Software. ++ The above copyright notice and this permission notice shall be included in all ++ copies or substantial portions of the Software. + -+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -\ No newline at end of file -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/README.md b/src/vendor/github.com/golang-fips/openssl/v2/README.md ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ SOFTWARE +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go b/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go new file mode 100644 -index 00000000000000..6e4c916be0fdcf +index 00000000000000..73891afeab93d7 --- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/README.md -@@ -0,0 +1,66 @@ -+# Go OpenSSL bindings for FIPS compliance -+ -+[![Go Reference](https://pkg.go.dev/badge/github.com/golang-fips/openssl/v2.svg)](https://pkg.go.dev/github.com/golang-fips/openssl/v2) -+ -+The `openssl` package implements Go crypto primitives using OpenSSL shared libraries and cgo. When configured correctly, OpenSSL can be executed in FIPS mode, making the `openssl` package FIPS compliant. ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go +@@ -0,0 +1,31 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+The `openssl` package is designed to be used as a drop-in replacement for the [boring](https://pkg.go.dev/crypto/internal/boring) package in order to facilitate integrating `openssl` inside a forked Go toolchain. ++package bbig + -+## Disclaimer ++import ( ++ "math/big" + -+A program directly or indirectly using this package in FIPS mode can claim it is using a FIPS-certified cryptographic module (OpenSSL), but it can't claim the program as a whole is FIPS certified without passing the certification process, nor claim it is FIPS compliant without ensuring all crypto APIs and workflows are implemented in a FIPS-compliant manner. ++ "github.com/microsoft/go-crypto-darwin/xcrypto" ++) + -+## Background ++func Enc(b *big.Int) xcrypto.BigInt { ++ if b == nil { ++ return nil ++ } ++ x := b.Bytes() ++ if len(x) == 0 { ++ return xcrypto.BigInt{} ++ } ++ return x ++} + -+FIPS 140-2 is a U.S. government computer security standard used to approve cryptographic modules. FIPS compliance may come up when working with U.S. government and other regulated industries. ++func Dec(b xcrypto.BigInt) *big.Int { ++ if b == nil { ++ return nil ++ } ++ if len(b) == 0 { ++ return new(big.Int) ++ } ++ return new(big.Int).SetBytes(b) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/commoncrypto.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/commoncrypto.go +new file mode 100644 +index 00000000000000..e1b9ee1d005406 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/commoncrypto.go +@@ -0,0 +1,9 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+### Go FIPS compliance ++// Package commoncrypto provides a Go interface to the CommonCrypto API ++package commoncrypto + -+The Go `crypto` package is not FIPS certified, and the Go team has stated that it won't be, e.g. in [golang/go/issues/21734](https://github.com/golang/go/issues/21734#issuecomment-326980213) Adam Langley says: ++//go:generate go run ../../cmd/checkheader shims.h ++//go:generate go run ../../cmd/mkcgo -out zcommoncrypto.go -package commoncrypto --noerrors shims.h ++//go:generate go run ../../cmd/mkcgo -out zcommoncrypto.go -nocgo -package commoncrypto --noerrors shims.h +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/shims.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/shims.h +new file mode 100644 +index 00000000000000..de1f9bc059aa43 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/shims.h +@@ -0,0 +1,72 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+> The status of FIPS 140 for Go itself remains "no plans, basically zero chance". ++// This header file is used by the mkcgo tool to generate cgo and Go bindings ++// for the CommonCrypto C API. Run "go generate ." to regenerate the bindings. ++// Do not include this file, import "zcommoncrypto.h" instead. + -+On the other hand, Google maintains a branch that uses cgo and BoringSSL to implement various crypto primitives: https://github.com/golang/go/blob/dev.boringcrypto/README.boringcrypto.md. As BoringSSL is FIPS 140-2 certified, an application using that branch is more likely to be FIPS 140-2 compliant, yet Google does not provide any liability about the suitability of this code in relation to the FIPS 140-2 standard. ++#ifndef _GO_COMMONCRYPTO_SHIMS_H // only include this header once ++#define _GO_COMMONCRYPTO_SHIMS_H + -+## Features ++#include // uint64_t ++#include // size_t + -+### Multiple OpenSSL versions supported ++// The following includes are used by the checkheader tool. ++// #include + -+The `openssl` package has support for multiple OpenSSL versions, namely 1.1.1, 3.x, and 4.x. ++typedef void *CCCryptorRef; ++typedef uint32_t CCModeOptions; + -+All supported OpenSSL versions pass a small set of automatic tests that ensure they can be built and that there are no major regressions. -+These tests do not validate the cryptographic correctness of the `openssl` package. ++typedef enum { ++ kCCEncrypt = 0, ++ kCCDecrypt = 1, ++} CCOperation; + -+On top of that, the [golang-fips Go fork](https://github.com/golang-fips/go) (maintained by Red Hat) and the [Microsoft build of Go](https://github.com/microsoft/go) test a subset of the supported OpenSSL versions when integrated with the Go `crypto` package. -+These tests are much more exhaustive and validate a specific OpenSSL version can produce working applications. ++typedef enum { ++ kCCModeCBC = 2, ++} CCMode; + -+### Building without OpenSSL headers ++typedef enum { ++ KCCOptionECBMode = 2, ++} CCOptions; + -+The `openssl` package does not use any symbol from the OpenSSL headers. There is no need that have them installed to build an application which imports this library. ++typedef enum { ++ kCCSuccess = 0, ++} CCCryptorStatus; + -+The CI tests in this repository verify that all the functions and constants defined in our headers match the ones in the OpenSSL headers for every supported OpenSSL version. ++typedef enum { ++ kCCPBKDF2 = 2, ++} CCPBKDFAlgorithm; + -+### Portable OpenSSL ++typedef enum { ++ kCCPRFHmacAlgSHA1 = 1, ++ kCCPRFHmacAlgSHA256 = 3, ++ kCCPRFHmacAlgSHA384 = 4, ++ kCCPRFHmacAlgSHA512 = 5, ++} CCPseudoRandomAlgorithm; + -+The OpenSSL bindings are implemented in such a way that the OpenSSL version available when building a program does not have to match with the OpenSSL version used when running it. -+In fact, OpenSSL doesn't need to be present on the builder. -+For example, using the `openssl` package and `go build .` on a Windows host with `GOOS=linux` can produce a program that successfully runs on Linux and uses OpenSSL. ++enum { ++ kCCBlockSizeAES128 = 16, ++ kCCBlockSizeDES = 8, ++}; + -+This feature does not require any additional configuration, but it only works with OpenSSL versions known and supported by the Go toolchain that integrates the `openssl` package. ++typedef enum { ++ ccNoPadding = 0, ++} CCPadding; + -+## Limitations ++typedef enum { ++ kCCAlgorithmAES = 0, ++ kCCAlgorithmDES = 1, ++ kCCAlgorithm3DES = 2, ++ kCCAlgorithmRC4 = 4, ++} CCAlgorithm; + -+- Only Unix, Unix-like and Windows platforms are supported. -+- The build must set `CGO_ENABLED=1`. ++CCCryptorStatus CCCryptorCreate(CCOperation op, CCAlgorithm alg, CCOptions options, const void *key, size_t keyLength, const void *iv, CCCryptorRef *cryptorRef) __attribute__((framework(System, B), slice(key, keyLength), slice(iv))); ++CCCryptorStatus CCCryptorRelease(CCCryptorRef cryptorRef) __attribute__((framework(System, B))); ++CCCryptorStatus CCCryptorUpdate(CCCryptorRef cryptorRef, const void *dataIn, size_t dataInLength, void *dataOut, size_t dataOutAvailable, size_t *dataOutMoved) __attribute__((noescape, nocallback, framework(System, B), slice(dataIn, dataInLength), slice(dataOut, dataOutAvailable))); ++CCCryptorStatus CCKeyDerivationPBKDF(CCPBKDFAlgorithm algorithm, const char *password, size_t passwordLen, const uint8_t *salt, size_t saltLen, CCPseudoRandomAlgorithm prf, unsigned rounds, uint8_t *derivedKey, size_t derivedKeyLen) __attribute__((framework(System, B), slice(password, passwordLen), slice(salt, saltLen), slice(derivedKey, derivedKeyLen))); ++CCCryptorStatus CCCrypt(CCOperation op, CCAlgorithm alg, CCOptions options, const void *key, size_t keyLength, const void *iv, const void *dataIn, size_t dataInLength, void *dataOut, size_t dataOutAvailable, size_t *dataOutMoved) __attribute__((noescape, nocallback, framework(System, B), slice(key, keyLength), slice(iv), slice(dataIn, dataInLength), slice(dataOut, dataOutAvailable))); ++CCCryptorStatus CCCryptorCreateWithMode(CCOperation op, CCMode mode, CCAlgorithm alg, CCPadding padding, const void *iv, const void *key, size_t keyLength, const void *tweak, size_t tweakLength, int numRounds, CCModeOptions options, CCCryptorRef *cryptorRef) __attribute__((framework(System, B), slice(iv), slice(key, keyLength), slice(tweak, tweakLength))); ++CCCryptorStatus CCCryptorReset(CCCryptorRef cryptorRef, const void *iv) __attribute__((framework(System, B), slice(iv))); + -+## Acknowledgements ++#endif // _GO_COMMONCRYPTO_SHIMS_H +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/syscall_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/syscall_nocgo.go +new file mode 100644 +index 00000000000000..fd322bcd1b885c +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/syscall_nocgo.go +@@ -0,0 +1,15 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+The work done to support FIPS compatibility mode leverages code and ideas from other open-source projects: ++//go:build !cgo + -+- All crypto stubs are a mirror of Google's [dev.boringcrypto branch](https://github.com/golang/go/tree/dev.boringcrypto) and the release branch ports of that branch. -+- The mapping between BoringSSL and OpenSSL APIs is taken from the former [Red Hat Go fork](https://pagure.io/go). -+- The portable OpenSSL implementation is ported from Microsoft's [.NET runtime](https://github.com/dotnet/runtime) cryptography module. ++package commoncrypto + -+## Code of Conduct ++import ( ++ "github.com/microsoft/go-crypto-darwin/internal/xsyscall" ++) + -+This project adopts the Go code of conduct: https://go.dev/conduct. -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/aes.go b/src/vendor/github.com/golang-fips/openssl/v2/aes.go ++//go:nosplit ++func syscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { ++ return xsyscall.SyscallN(errType, fn, args...) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.c b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.c new file mode 100644 -index 00000000000000..8d5d44db2ba360 +index 00000000000000..24f6e3d3f50dc1 --- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/aes.go -@@ -0,0 +1,157 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.c +@@ -0,0 +1,47 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+import ( -+ "crypto/cipher" -+ "errors" -+) ++// Code generated by mkcgo. DO NOT EDIT. + -+//go:generate go run github.com/golang-fips/openssl/v2/cmd/genaesmodes -in aes.go -modes CBC,CTR,GCM -out zaes.go -+//go:generate go run github.com/golang-fips/openssl/v2/cmd/gentestvectors -out vectors_test.go ++#include ++#include ++#include ++#include ++#include "zcommoncrypto.h" + -+// Steps to support a new AES mode, e.g. `FOO`: -+// 1. Add `FOO` to the list of modes in the `genaesmodes` command. -+// 2. Run `go generate` to update the generated code. -+// 3. Implement the necessary interfaces for the new struct, which will be named `cipherWithFOO`. ++CCCryptorStatus CCCrypt(CCOperation, CCAlgorithm, CCOptions, const unsigned char*, size_t, const unsigned char*, const unsigned char*, size_t, unsigned char*, size_t, size_t*); ++CCCryptorStatus CCCryptorCreate(CCOperation, CCAlgorithm, CCOptions, const unsigned char*, size_t, const unsigned char*, CCCryptorRef*); ++CCCryptorStatus CCCryptorCreateWithMode(CCOperation, CCMode, CCAlgorithm, CCPadding, const unsigned char*, const unsigned char*, size_t, const unsigned char*, size_t, int, CCModeOptions, CCCryptorRef*); ++CCCryptorStatus CCCryptorRelease(CCCryptorRef); ++CCCryptorStatus CCCryptorReset(CCCryptorRef, const unsigned char*); ++CCCryptorStatus CCCryptorUpdate(CCCryptorRef, const unsigned char*, size_t, unsigned char*, size_t, size_t*); ++CCCryptorStatus CCKeyDerivationPBKDF(CCPBKDFAlgorithm, const char*, size_t, const uint8_t*, size_t, CCPseudoRandomAlgorithm, unsigned, uint8_t*, size_t); + -+// NewAESCipher creates and returns a new AES cipher.Block. -+// The key argument should be the AES key, either 16, 24, or 32 bytes to select -+// AES-128, AES-192, or AES-256. -+// The returned cipher.Block implements the CBC, CTR, and/or GCM modes if -+// the underlying OpenSSL library supports them. -+func NewAESCipher(key []byte) (cipher.Block, error) { -+ var kind cipherKind -+ switch len(key) * 8 { -+ case 128: -+ kind = cipherAES128 -+ case 192: -+ kind = cipherAES192 -+ case 256: -+ kind = cipherAES256 -+ default: -+ return nil, errors.New("crypto/aes: invalid key size") -+ } -+ c, err := newEVPCipher(key, kind) -+ if err != nil { -+ return nil, err -+ } -+ return newAESBlock(c, kind), nil ++CCCryptorStatus _mkcgo_CCCrypt(CCOperation _arg0, CCAlgorithm _arg1, CCOptions _arg2, const unsigned char* _arg3, size_t _arg4, const unsigned char* _arg5, const unsigned char* _arg6, size_t _arg7, unsigned char* _arg8, size_t _arg9, size_t* _arg10) { ++ return CCCrypt(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10); +} + -+// NewGCMTLS returns a GCM cipher specific to TLS -+// and should not be used for non-TLS purposes. -+func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { -+ if c, ok := c.(interface { -+ NewGCMTLS() (cipher.AEAD, error) -+ }); ok { -+ return c.NewGCMTLS() -+ } -+ return nil, errors.New("GCM not supported") ++CCCryptorStatus _mkcgo_CCCryptorCreate(CCOperation _arg0, CCAlgorithm _arg1, CCOptions _arg2, const unsigned char* _arg3, size_t _arg4, const unsigned char* _arg5, CCCryptorRef* _arg6) { ++ return CCCryptorCreate(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); +} + -+// NewGCMTLS13 returns a GCM cipher specific to TLS 1.3 and should not be used -+// for non-TLS purposes. -+func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { -+ if c, ok := c.(interface { -+ NewGCMTLS13() (cipher.AEAD, error) -+ }); ok { -+ return c.NewGCMTLS13() -+ } -+ return nil, errors.New("GCM not supported") ++CCCryptorStatus _mkcgo_CCCryptorCreateWithMode(CCOperation _arg0, CCMode _arg1, CCAlgorithm _arg2, CCPadding _arg3, const unsigned char* _arg4, const unsigned char* _arg5, size_t _arg6, const unsigned char* _arg7, size_t _arg8, int _arg9, CCModeOptions _arg10, CCCryptorRef* _arg11) { ++ return CCCryptorCreateWithMode(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10, _arg11); +} + -+// aesCipher implements the cipher.Block interface. -+type aesCipher struct { -+ cipher *evpCipher ++CCCryptorStatus _mkcgo_CCCryptorRelease(CCCryptorRef _arg0) { ++ return CCCryptorRelease(_arg0); +} + -+func (c aesCipher) BlockSize() int { -+ return c.cipher.blockSize ++CCCryptorStatus _mkcgo_CCCryptorReset(CCCryptorRef _arg0, const unsigned char* _arg1) { ++ return CCCryptorReset(_arg0, _arg1); +} + -+func (c aesCipher) Encrypt(dst, src []byte) { -+ if err := c.cipher.encrypt(dst, src); err != nil { -+ // crypto/aes expects that the panic message starts with "crypto/aes: ". -+ panic("crypto/aes: " + err.Error()) -+ } ++CCCryptorStatus _mkcgo_CCCryptorUpdate(CCCryptorRef _arg0, const unsigned char* _arg1, size_t _arg2, unsigned char* _arg3, size_t _arg4, size_t* _arg5) { ++ return CCCryptorUpdate(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); +} + -+func (c aesCipher) Decrypt(dst, src []byte) { -+ if err := c.cipher.decrypt(dst, src); err != nil { -+ // crypto/aes expects that the panic message starts with "crypto/aes: ". -+ panic("crypto/aes: " + err.Error()) -+ } ++CCCryptorStatus _mkcgo_CCKeyDerivationPBKDF(CCPBKDFAlgorithm _arg0, const char* _arg1, size_t _arg2, const uint8_t* _arg3, size_t _arg4, CCPseudoRandomAlgorithm _arg5, unsigned _arg6, uint8_t* _arg7, size_t _arg8) { ++ return CCKeyDerivationPBKDF(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8); +} + -+// Implement optional interfaces for AES modes. +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.go +new file mode 100644 +index 00000000000000..0a25e0621df627 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.go +@@ -0,0 +1,50 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+func (c cipherWithCBC) NewCBCEncrypter(iv []byte) cipher.BlockMode { -+ return c.cipher.newCBC(iv, cipherOpEncrypt) -+} ++// Code generated by mkcgo. DO NOT EDIT. + -+func (c cipherWithCBC) NewFIPSCBCEncrypter(iv []byte) cipher.BlockMode { -+ return c.cipher.newCBC(iv, cipherOpEncrypt) -+} ++package commoncrypto + -+func (c cipherWithCBC) NewCBCDecrypter(iv []byte) cipher.BlockMode { -+ return c.cipher.newCBC(iv, cipherOpDecrypt) -+} ++const ( ++ KCCEncrypt CCOperation = 0 ++ KCCDecrypt CCOperation = 1 ++) + -+func (c cipherWithCBC) NewFIPSCBCDecrypter(iv []byte) cipher.BlockMode { -+ return c.cipher.newCBC(iv, cipherOpDecrypt) -+} ++const ( ++ KCCModeCBC CCMode = 2 ++) + -+func (c cipherWithCTR) NewCTR(iv []byte) cipher.Stream { -+ return c.cipher.newCTR(iv) -+} ++const ( ++ KCCOptionECBMode CCOptions = 2 ++) + -+func (c cipherWithCTR) NewFIPSCTR(iv []byte) cipher.Stream { -+ return c.cipher.newCTR(iv) -+} ++const ( ++ KCCSuccess CCCryptorStatus = 0 ++) + -+func (c cipherWithGCM) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) { -+ return c.cipher.newGCMChecked(nonceSize, tagSize) -+} ++const ( ++ KCCPBKDF2 CCPBKDFAlgorithm = 2 ++) + -+func (c cipherWithGCM) NewGCMTLS() (cipher.AEAD, error) { -+ return c.cipher.newGCM(cipherGCMTLS12) -+} ++const ( ++ KCCPRFHmacAlgSHA1 CCPseudoRandomAlgorithm = 1 ++ KCCPRFHmacAlgSHA256 CCPseudoRandomAlgorithm = 3 ++ KCCPRFHmacAlgSHA384 CCPseudoRandomAlgorithm = 4 ++ KCCPRFHmacAlgSHA512 CCPseudoRandomAlgorithm = 5 ++) + -+func (c cipherWithGCM) NewGCMTLS13() (cipher.AEAD, error) { -+ return c.cipher.newGCM(cipherGCMTLS13) -+} ++const ( ++ KCCBlockSizeAES128 = 16 ++ KCCBlockSizeDES = 8 ++) + -+// The following interfaces have been copied out of crypto/aes/modes.go. ++const ( ++ CcNoPadding CCPadding = 0 ++) + -+type gcmAble interface { -+ NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) -+} ++const ( ++ KCCAlgorithmAES CCAlgorithm = 0 ++ KCCAlgorithmDES CCAlgorithm = 1 ++ KCCAlgorithm3DES CCAlgorithm = 2 ++ KCCAlgorithmRC4 CCAlgorithm = 4 ++) +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.h +new file mode 100644 +index 00000000000000..016e73758ac4e0 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.h +@@ -0,0 +1,69 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+type cbcEncAble interface { -+ NewCBCEncrypter(iv []byte) cipher.BlockMode -+} ++// Code generated by mkcgo. DO NOT EDIT. + -+type cbcDecAble interface { -+ NewCBCDecrypter(iv []byte) cipher.BlockMode -+} ++#ifndef MKCGO_H // only include this header once ++#define MKCGO_H + -+type ctrAble interface { -+ NewCTR(iv []byte) cipher.Stream -+} ++#include ++#include + -+// Test that the interfaces are implemented. ++typedef void* CCCryptorRef; ++typedef uint32_t CCModeOptions; + -+var ( -+ _ cipher.Block = (*aesCipher)(nil) ++typedef enum { ++ kCCEncrypt = 0, ++ kCCDecrypt = 1, ++} CCOperation; + -+ _ cipher.Block = (*cipherWithCBC)(nil) -+ _ cbcEncAble = (*cipherWithCBC)(nil) -+ _ cbcDecAble = (*cipherWithCBC)(nil) ++typedef enum { ++ kCCModeCBC = 2, ++} CCMode; + -+ _ cipher.Block = (*cipherWithCTR)(nil) -+ _ ctrAble = (*cipherWithCTR)(nil) ++typedef enum { ++ KCCOptionECBMode = 2, ++} CCOptions; + -+ _ cipher.Block = (*cipherWithGCM)(nil) -+ _ gcmAble = (*cipherWithGCM)(nil) -+) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/bbig/big.go b/src/vendor/github.com/golang-fips/openssl/v2/bbig/big.go -new file mode 100644 -index 00000000000000..a81cbdbef93148 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/bbig/big.go -@@ -0,0 +1,37 @@ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. ++typedef enum { ++ kCCSuccess = 0, ++} CCCryptorStatus; + -+// This is a mirror of -+// https://github.com/golang/go/blob/36b87f273cc43e21685179dc1664ebb5493d26ae/src/crypto/internal/boring/bbig/big.go. ++typedef enum { ++ kCCPBKDF2 = 2, ++} CCPBKDFAlgorithm; + -+package bbig ++typedef enum { ++ kCCPRFHmacAlgSHA1 = 1, ++ kCCPRFHmacAlgSHA256 = 3, ++ kCCPRFHmacAlgSHA384 = 4, ++ kCCPRFHmacAlgSHA512 = 5, ++} CCPseudoRandomAlgorithm; + -+import ( -+ "math/big" -+ "unsafe" ++enum { ++ kCCBlockSizeAES128 = 16, ++ kCCBlockSizeDES = 8, ++}; + -+ "github.com/golang-fips/openssl/v2" -+) ++typedef enum { ++ ccNoPadding = 0, ++} CCPadding; + -+func Enc(b *big.Int) openssl.BigInt { -+ if b == nil { -+ return nil -+ } -+ x := b.Bits() -+ if len(x) == 0 { -+ return openssl.BigInt{} -+ } -+ return unsafe.Slice((*uint)(&x[0]), len(x)) -+} ++typedef enum { ++ kCCAlgorithmAES = 0, ++ kCCAlgorithmDES = 1, ++ kCCAlgorithm3DES = 2, ++ kCCAlgorithmRC4 = 4, ++} CCAlgorithm; + -+func Dec(b openssl.BigInt) *big.Int { -+ if b == nil { -+ return nil -+ } -+ if len(b) == 0 { -+ return new(big.Int) -+ } -+ x := unsafe.Slice((*big.Word)(&b[0]), len(b)) -+ return new(big.Int).SetBits(x) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/big.go b/src/vendor/github.com/golang-fips/openssl/v2/big.go -new file mode 100644 -index 00000000000000..6461f241f863fc ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/big.go -@@ -0,0 +1,11 @@ -+package openssl ++uintptr_t mkcgo_err_retrieve(); + -+// This file does not have build constraints to -+// facilitate using BigInt in Go crypto. -+// Go crypto references BigInt unconditionally, -+// even if it is not finally used. ++CCCryptorStatus _mkcgo_CCCrypt(CCOperation, CCAlgorithm, CCOptions, const unsigned char*, size_t, const unsigned char*, const unsigned char*, size_t, unsigned char*, size_t, size_t*); ++CCCryptorStatus _mkcgo_CCCryptorCreate(CCOperation, CCAlgorithm, CCOptions, const unsigned char*, size_t, const unsigned char*, CCCryptorRef*); ++CCCryptorStatus _mkcgo_CCCryptorCreateWithMode(CCOperation, CCMode, CCAlgorithm, CCPadding, const unsigned char*, const unsigned char*, size_t, const unsigned char*, size_t, int, CCModeOptions, CCCryptorRef*); ++CCCryptorStatus _mkcgo_CCCryptorRelease(CCCryptorRef); ++CCCryptorStatus _mkcgo_CCCryptorReset(CCCryptorRef, const unsigned char*); ++CCCryptorStatus _mkcgo_CCCryptorUpdate(CCCryptorRef, const unsigned char*, size_t, unsigned char*, size_t, size_t*); ++CCCryptorStatus _mkcgo_CCKeyDerivationPBKDF(CCPBKDFAlgorithm, const char*, size_t, const uint8_t*, size_t, CCPseudoRandomAlgorithm, unsigned, uint8_t*, size_t); + -+// A BigInt is the raw words from a BigInt. -+// This definition allows us to avoid importing math/big. -+// Conversion between BigInt and *big.Int is in openssl/bbig. -+type BigInt []uint -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/chacha20poly1305.go b/src/vendor/github.com/golang-fips/openssl/v2/chacha20poly1305.go ++#endif // MKCGO_H +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.s new file mode 100644 -index 00000000000000..789076408c515b +index 00000000000000..a722bc56d9dab4 --- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/chacha20poly1305.go -@@ -0,0 +1,151 @@ -+//go:build !cmd_go_bootstrap ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.s +@@ -0,0 +1,76 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+package openssl ++// Code generated by mkcgo. DO NOT EDIT. + -+import ( -+ "crypto/cipher" -+ "errors" -+ "runtime" -+ "sync" -+ "unsafe" ++//go:build !cgo + -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) ++#include "textflag.h" + -+const ( -+ chacha20Poly1305KeySize = 32 -+ chacha20Poly1305NonceSize = 12 -+ chacha20Poly1305Overhead = 16 -+) ++#ifndef GOARCH_amd64 ++#ifndef GOARCH_arm64 ++#ifndef GOARCH_riscv64 ++#ifndef GOARCH_loong64 ++#ifndef GOARCH_mips64 ++#ifndef GOARCH_mips64le ++#ifndef GOARCH_ppc64 ++#ifndef GOARCH_ppc64le ++#ifndef GOARCH_s390x ++#ifndef GOARCH_sparc64 ++#define _GOPTRSIZE 4 ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif + -+var supportsChaCha20Poly1305 = sync.OnceValue(func() bool { -+ return loadCipher(cipherChaCha20Poly1305, cipherModeNone) != nil -+}) ++#ifndef _GOPTRSIZE ++#define _GOPTRSIZE 8 ++#endif ++TEXT _mkcgo_CCCrypt_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CCCrypt(SB) + -+func SupportsChaCha20Poly1305() bool { -+ return supportsChaCha20Poly1305() ++GLOBL ·_mkcgo_CCCrypt_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CCCrypt_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CCCrypt_trampoline<>(SB) ++ ++TEXT _mkcgo_CCCryptorCreate_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CCCryptorCreate(SB) ++ ++GLOBL ·_mkcgo_CCCryptorCreate_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CCCryptorCreate_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CCCryptorCreate_trampoline<>(SB) ++ ++TEXT _mkcgo_CCCryptorCreateWithMode_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CCCryptorCreateWithMode(SB) ++ ++GLOBL ·_mkcgo_CCCryptorCreateWithMode_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CCCryptorCreateWithMode_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CCCryptorCreateWithMode_trampoline<>(SB) ++ ++TEXT _mkcgo_CCCryptorRelease_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CCCryptorRelease(SB) ++ ++GLOBL ·_mkcgo_CCCryptorRelease_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CCCryptorRelease_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CCCryptorRelease_trampoline<>(SB) ++ ++TEXT _mkcgo_CCCryptorReset_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CCCryptorReset(SB) ++ ++GLOBL ·_mkcgo_CCCryptorReset_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CCCryptorReset_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CCCryptorReset_trampoline<>(SB) ++ ++TEXT _mkcgo_CCCryptorUpdate_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CCCryptorUpdate(SB) ++ ++GLOBL ·_mkcgo_CCCryptorUpdate_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CCCryptorUpdate_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CCCryptorUpdate_trampoline<>(SB) ++ ++TEXT _mkcgo_CCKeyDerivationPBKDF_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CCKeyDerivationPBKDF(SB) ++ ++GLOBL ·_mkcgo_CCKeyDerivationPBKDF_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CCKeyDerivationPBKDF_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CCKeyDerivationPBKDF_trampoline<>(SB) ++ +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto_cgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto_cgo.go +new file mode 100644 +index 00000000000000..a774ad9a32ae86 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto_cgo.go +@@ -0,0 +1,64 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++package commoncrypto ++ ++/* ++#cgo CFLAGS: -Wno-attributes ++#cgo darwin LDFLAGS: -framework System ++ ++#include "zcommoncrypto.h" ++#cgo noescape _mkcgo_CCCrypt ++#cgo nocallback _mkcgo_CCCrypt ++#cgo noescape _mkcgo_CCCryptorUpdate ++#cgo nocallback _mkcgo_CCCryptorUpdate ++*/ ++import "C" ++import "unsafe" ++ ++type CCAlgorithm = C.CCAlgorithm ++type CCCryptorRef = C.CCCryptorRef ++type CCCryptorStatus = C.CCCryptorStatus ++type CCMode = C.CCMode ++type CCModeOptions = C.CCModeOptions ++type CCOperation = C.CCOperation ++type CCOptions = C.CCOptions ++type CCPBKDFAlgorithm = C.CCPBKDFAlgorithm ++type CCPadding = C.CCPadding ++type CCPseudoRandomAlgorithm = C.CCPseudoRandomAlgorithm ++ ++//go:nosplit ++func mkcgoNoEscape(p *C.uintptr_t) *C.uintptr_t { ++ x := uintptr(unsafe.Pointer(p)) ++ return (*C.uintptr_t)(unsafe.Pointer(x ^ 0)) +} + -+type chacha20poly1305 struct { -+ key [chacha20Poly1305KeySize]byte ++func CCCrypt(op CCOperation, alg CCAlgorithm, options CCOptions, key []byte, iv []byte, dataIn []byte, dataOut []byte, dataOutMoved *int) CCCryptorStatus { ++ return C._mkcgo_CCCrypt(op, alg, options, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(iv))), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(dataIn))), C.size_t(len(dataIn)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(dataOut))), C.size_t(len(dataOut)), (*C.size_t)(unsafe.Pointer(dataOutMoved))) +} + -+// NewChaCha20Poly1305 returns a ChaCha20-Poly1305 AEAD that uses the given 256-bit key. -+func NewChaCha20Poly1305(key []byte) (cipher.AEAD, error) { -+ if len(key) != chacha20Poly1305KeySize { -+ return nil, errors.New("chacha20poly1305: bad key length") -+ } -+ ret := new(chacha20poly1305) -+ copy(ret.key[:], key) -+ return ret, nil ++func CCCryptorCreate(op CCOperation, alg CCAlgorithm, options CCOptions, key []byte, iv []byte, cryptorRef *CCCryptorRef) CCCryptorStatus { ++ return C._mkcgo_CCCryptorCreate(op, alg, options, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(iv))), cryptorRef) +} + -+func (c *chacha20poly1305) NonceSize() int { -+ return chacha20Poly1305NonceSize ++func CCCryptorCreateWithMode(op CCOperation, mode CCMode, alg CCAlgorithm, padding CCPadding, iv []byte, key []byte, tweak []byte, numRounds int32, options CCModeOptions, cryptorRef *CCCryptorRef) CCCryptorStatus { ++ return C._mkcgo_CCCryptorCreateWithMode(op, mode, alg, padding, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(iv))), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(tweak))), C.size_t(len(tweak)), C.int(numRounds), options, cryptorRef) +} + -+func (c *chacha20poly1305) Overhead() int { -+ return chacha20Poly1305Overhead ++func CCCryptorRelease(cryptorRef CCCryptorRef) CCCryptorStatus { ++ return C._mkcgo_CCCryptorRelease(cryptorRef) +} + -+func (c *chacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte { -+ if len(nonce) != chacha20Poly1305NonceSize { -+ panic("chacha20poly1305: bad nonce length passed to Seal") -+ } -+ if uint64(len(plaintext)) > (1<<38)-64 { -+ panic("chacha20poly1305: plaintext too large") -+ } -+ ret, out := sliceForAppend(dst, len(plaintext)+chacha20Poly1305Overhead) -+ if inexactOverlap(out, plaintext) { -+ panic("chacha20poly1305: invalid buffer overlap of output and input") -+ } -+ if anyOverlap(out, additionalData) { -+ panic("chacha20poly1305: invalid buffer overlap of output and additional data") -+ } -+ ctx, err := newCipherCtx(cipherChaCha20Poly1305, cipherModeNone, cipherOpEncrypt, c.key[:], nil) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.EVP_CIPHER_CTX_free(ctx) -+ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_AEAD_SET_IVLEN, int32(len(nonce)), nil); err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_EncryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { -+ panic(err) -+ } -+ if len(additionalData) > 0 { -+ var discard int32 -+ if _, err := ossl.EVP_EncryptUpdate(ctx, nil, &discard, additionalData); err != nil { -+ panic(err) -+ } -+ } -+ var outl int32 -+ if len(plaintext) > 0 { -+ if _, err := ossl.EVP_EncryptUpdate(ctx, out, &outl, plaintext); err != nil { -+ panic(err) -+ } -+ } -+ var discard int32 -+ if _, err := ossl.EVP_EncryptFinal_ex(ctx, out[outl:], &discard); err != nil { -+ panic(err) -+ } -+ tag := out[len(out)-chacha20Poly1305Overhead:] -+ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_AEAD_GET_TAG, 16, unsafe.Pointer(base(tag))); err != nil { -+ panic(err) -+ } -+ runtime.KeepAlive(c) -+ return ret ++func CCCryptorReset(cryptorRef CCCryptorRef, iv []byte) CCCryptorStatus { ++ return C._mkcgo_CCCryptorReset(cryptorRef, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(iv)))) +} + -+func (c *chacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { -+ if len(nonce) != chacha20Poly1305NonceSize { -+ panic("chacha20poly1305: bad nonce length passed to Open") -+ } -+ if len(ciphertext) < 16 { -+ return nil, errOpen -+ } -+ if uint64(len(ciphertext)) > (1<<38)-48 { -+ panic("chacha20poly1305: ciphertext too large") -+ } -+ tag := ciphertext[len(ciphertext)-chacha20Poly1305Overhead:] -+ ciphertext = ciphertext[:len(ciphertext)-chacha20Poly1305Overhead] -+ ret, out := sliceForAppend(dst, len(ciphertext)) -+ if inexactOverlap(out, ciphertext) { -+ panic("chacha20poly1305: invalid buffer overlap of output and input") -+ } -+ if anyOverlap(out, additionalData) { -+ panic("chacha20poly1305: invalid buffer overlap of output and additional data") -+ } -+ ctx, err := newCipherCtx(cipherChaCha20Poly1305, cipherModeNone, cipherOpDecrypt, c.key[:], nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_CIPHER_CTX_free(ctx) -+ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_AEAD_SET_IVLEN, int32(len(nonce)), nil); err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_AEAD_SET_TAG, 16, unsafe.Pointer(base(tag))); err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EVP_DecryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { -+ return nil, err -+ } -+ if len(additionalData) > 0 { -+ var discard int32 -+ if _, err := ossl.EVP_DecryptUpdate(ctx, nil, &discard, additionalData); err != nil { -+ return nil, err -+ } -+ } -+ var outl int32 -+ if len(ciphertext) > 0 { -+ if _, err := ossl.EVP_DecryptUpdate(ctx, out, &outl, ciphertext); err != nil { -+ return nil, err -+ } -+ } -+ var discard int32 -+ if _, err := ossl.EVP_DecryptFinal_ex(ctx, out[outl:], &discard); err != nil { -+ return nil, errOpen -+ } -+ runtime.KeepAlive(c) -+ return ret[:len(dst)+len(ciphertext)], nil ++func CCCryptorUpdate(cryptorRef CCCryptorRef, dataIn []byte, dataOut []byte, dataOutMoved *int) CCCryptorStatus { ++ return C._mkcgo_CCCryptorUpdate(cryptorRef, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(dataIn))), C.size_t(len(dataIn)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(dataOut))), C.size_t(len(dataOut)), (*C.size_t)(unsafe.Pointer(dataOutMoved))) ++} ++ ++func CCKeyDerivationPBKDF(algorithm CCPBKDFAlgorithm, password []byte, salt []uint8, prf CCPseudoRandomAlgorithm, rounds uint32, derivedKey []uint8) CCCryptorStatus { ++ return C._mkcgo_CCKeyDerivationPBKDF(algorithm, (*C.char)(unsafe.Pointer(unsafe.SliceData(password))), C.size_t(len(password)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(salt))), C.size_t(len(salt)), prf, C.uint(rounds), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(derivedKey))), C.size_t(len(derivedKey))) +} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/cipher.go b/src/vendor/github.com/golang-fips/openssl/v2/cipher.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto_nocgo.go new file mode 100644 -index 00000000000000..f70da2a40b8ee3 +index 00000000000000..b17312278da948 --- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/cipher.go -@@ -0,0 +1,665 @@ -+//go:build !cmd_go_bootstrap ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto_nocgo.go +@@ -0,0 +1,102 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+package openssl ++// Code generated by mkcgo. DO NOT EDIT. ++ ++//go:build !cgo ++ ++package commoncrypto + +import ( -+ "crypto/cipher" -+ "errors" + "runtime" -+ "strconv" -+ "sync" + "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" +) + -+type cipherKind int8 ++var _ = runtime.GOOS + -+const ( -+ cipherAES128 cipherKind = iota -+ cipherAES192 -+ cipherAES256 -+ cipherDES -+ cipherDES3 -+ cipherRC4 -+ cipherChaCha20Poly1305 -+) ++var _mkcgoAlwaysFalseCommoncrypto bool ++var _mkcgoEscapeSinkCommoncrypto unsafe.Pointer + -+func (c cipherKind) String() string { -+ switch c { -+ case cipherAES128: -+ return "AES-128" -+ case cipherAES192: -+ return "AES-192" -+ case cipherAES256: -+ return "AES-256" -+ case cipherDES: -+ return "DES" -+ case cipherDES3: -+ return "DES3" -+ case cipherRC4: -+ return "RC4" -+ case cipherChaCha20Poly1305: -+ return "ChaCha20-Poly1305" -+ default: -+ panic("unknown cipher kind: " + strconv.Itoa(int(c))) ++// mkcgoEscapePtrCommoncrypto forces p to escape to the heap. ++// This implementation is also used in the standard library: ++// https://github.com/golang/go/blob/f71432d223eeb2139b460957817400750fd13655/src/internal/abi/escape.go#L24-L33 ++func mkcgoEscapePtrCommoncrypto(p unsafe.Pointer) unsafe.Pointer { ++ if _mkcgoAlwaysFalseCommoncrypto { ++ _mkcgoEscapeSinkCommoncrypto = p + } ++ return p +} + -+type cipherMode int8 -+ -+const ( -+ cipherModeNone cipherMode = -1 -+ cipherModeECB cipherMode = iota -+ cipherModeCBC -+ cipherModeCTR -+ cipherModeGCM -+) ++type CCCryptorRef unsafe.Pointer ++type CCModeOptions = uint32 + -+// cipherOp is the allowed operations for a cipher, -+// as documented in [EVP_CipherInit_ex]. -+// -+// [EVP_CipherInit_ex]: https://www.openssl.org/docs/man3.0/man3/EVP_CipherInit_ex.html -+type cipherOp int8 ++type CCOperation int32 ++type CCMode int32 ++type CCOptions int32 ++type CCCryptorStatus int32 ++type CCPBKDFAlgorithm int32 ++type CCPseudoRandomAlgorithm int32 ++type CCPadding int32 ++type CCAlgorithm int32 + -+const ( -+ cipherOpNone cipherOp = -1 // leaves the value of the previous call, if any. -+ cipherOpDecrypt cipherOp = 0 -+ cipherOpEncrypt cipherOp = 1 -+) ++//go:cgo_import_dynamic _mkcgo_CCCrypt CCCrypt "/System/Library/Frameworks/System.framework/Versions/B/System" ++//go:cgo_import_dynamic _mkcgo_CCCryptorCreate CCCryptorCreate "/System/Library/Frameworks/System.framework/Versions/B/System" ++//go:cgo_import_dynamic _mkcgo_CCCryptorCreateWithMode CCCryptorCreateWithMode "/System/Library/Frameworks/System.framework/Versions/B/System" ++//go:cgo_import_dynamic _mkcgo_CCCryptorRelease CCCryptorRelease "/System/Library/Frameworks/System.framework/Versions/B/System" ++//go:cgo_import_dynamic _mkcgo_CCCryptorReset CCCryptorReset "/System/Library/Frameworks/System.framework/Versions/B/System" ++//go:cgo_import_dynamic _mkcgo_CCCryptorUpdate CCCryptorUpdate "/System/Library/Frameworks/System.framework/Versions/B/System" ++//go:cgo_import_dynamic _mkcgo_CCKeyDerivationPBKDF CCKeyDerivationPBKDF "/System/Library/Frameworks/System.framework/Versions/B/System" + -+// cacheCipher is a cache of cipherKind to GO_EVP_CIPHER_PTR. -+var cacheCipher sync.Map ++var _mkcgo_CCCrypt_trampoline_addr uintptr + -+type cacheCipherKey struct { -+ kind cipherKind -+ mode cipherMode ++func CCCrypt(op CCOperation, alg CCAlgorithm, options CCOptions, key []byte, iv []byte, dataIn []byte, dataOut []byte, dataOutMoved *int) CCCryptorStatus { ++ r0, _ := syscallN(0, _mkcgo_CCCrypt_trampoline_addr, uintptr(op), uintptr(alg), uintptr(options), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key)), uintptr(unsafe.Pointer(unsafe.SliceData(iv))), uintptr(unsafe.Pointer(unsafe.SliceData(dataIn))), uintptr(len(dataIn)), uintptr(unsafe.Pointer(unsafe.SliceData(dataOut))), uintptr(len(dataOut)), uintptr(unsafe.Pointer(dataOutMoved))) ++ return CCCryptorStatus(r0) +} + -+// loadCipher returns a cipher object for the given k. -+func loadCipher(k cipherKind, mode cipherMode) (cipher ossl.EVP_CIPHER_PTR) { -+ if v, ok := cacheCipher.Load(cacheCipherKey{k, mode}); ok { -+ return v.(ossl.EVP_CIPHER_PTR) -+ } -+ defer func() { -+ if cipher != nil { -+ switch major() { -+ case 3, 4: -+ // On OpenSSL 3, directly operating on a EVP_CIPHER object -+ // not created by EVP_CIPHER has negative performance -+ // implications, as cipher operations will have -+ // to fetch it on every call. Better to just fetch it once here. -+ cipher, _ = ossl.EVP_CIPHER_fetch(nil, ossl.EVP_CIPHER_get0_name(cipher), nil) -+ } -+ } -+ cacheCipher.Store(cacheCipherKey{k, mode}, cipher) -+ }() -+ switch k { -+ case cipherAES128: -+ switch mode { -+ case cipherModeECB: -+ cipher = ossl.EVP_aes_128_ecb() -+ case cipherModeCBC: -+ cipher = ossl.EVP_aes_128_cbc() -+ case cipherModeCTR: -+ cipher = ossl.EVP_aes_128_ctr() -+ case cipherModeGCM: -+ cipher = ossl.EVP_aes_128_gcm() -+ } -+ case cipherAES192: -+ switch mode { -+ case cipherModeECB: -+ cipher = ossl.EVP_aes_192_ecb() -+ case cipherModeCBC: -+ cipher = ossl.EVP_aes_192_cbc() -+ case cipherModeCTR: -+ cipher = ossl.EVP_aes_192_ctr() -+ case cipherModeGCM: -+ cipher = ossl.EVP_aes_192_gcm() -+ } -+ case cipherAES256: -+ switch mode { -+ case cipherModeECB: -+ cipher = ossl.EVP_aes_256_ecb() -+ case cipherModeCBC: -+ cipher = ossl.EVP_aes_256_cbc() -+ case cipherModeCTR: -+ cipher = ossl.EVP_aes_256_ctr() -+ case cipherModeGCM: -+ cipher = ossl.EVP_aes_256_gcm() -+ } -+ case cipherDES: -+ switch mode { -+ case cipherModeECB: -+ cipher = ossl.EVP_des_ecb() -+ case cipherModeCBC: -+ cipher = ossl.EVP_des_cbc() -+ } -+ case cipherDES3: -+ switch mode { -+ case cipherModeECB: -+ cipher = ossl.EVP_des_ede3_ecb() -+ case cipherModeCBC: -+ cipher = ossl.EVP_des_ede3_cbc() -+ } -+ case cipherRC4: -+ cipher = ossl.EVP_rc4() -+ case cipherChaCha20Poly1305: -+ if ossl.EVP_chacha20_poly1305_Available() { -+ cipher = ossl.EVP_chacha20_poly1305() -+ } -+ } -+ return cipher -+} ++var _mkcgo_CCCryptorCreate_trampoline_addr uintptr + -+type evpCipher struct { -+ key []byte -+ kind cipherKind -+ blockSize int ++func CCCryptorCreate(op CCOperation, alg CCAlgorithm, options CCOptions, key []byte, iv []byte, cryptorRef *CCCryptorRef) CCCryptorStatus { ++ r0, _ := syscallN(0, _mkcgo_CCCryptorCreate_trampoline_addr, uintptr(op), uintptr(alg), uintptr(options), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(key)))), uintptr(len(key)), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(iv)))), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(cryptorRef)))) ++ return CCCryptorStatus(r0) +} + -+func newEVPCipher(key []byte, kind cipherKind) (*evpCipher, error) { -+ cipher := loadCipher(kind, cipherModeECB) -+ if cipher == nil { -+ return nil, errors.New("crypto/cipher: unsupported cipher: " + kind.String()) ++var _mkcgo_CCCryptorCreateWithMode_trampoline_addr uintptr ++ ++func CCCryptorCreateWithMode(op CCOperation, mode CCMode, alg CCAlgorithm, padding CCPadding, iv []byte, key []byte, tweak []byte, numRounds int32, options CCModeOptions, cryptorRef *CCCryptorRef) CCCryptorStatus { ++ var r0 uintptr ++ if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" { ++ r0, _ = syscallN(0, _mkcgo_CCCryptorCreateWithMode_trampoline_addr, uintptr(op), uintptr(mode), uintptr(alg), uintptr(padding), uintptr(unsafe.Pointer(unsafe.SliceData(iv))), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key)), uintptr(unsafe.Pointer(unsafe.SliceData(tweak))), uintptr(len(tweak)), uintptr(numRounds)<<32|uintptr(options), uintptr(unsafe.Pointer(cryptorRef))) ++ } else { ++ r0, _ = syscallN(0, _mkcgo_CCCryptorCreateWithMode_trampoline_addr, uintptr(op), uintptr(mode), uintptr(alg), uintptr(padding), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(iv)))), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(key)))), uintptr(len(key)), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(tweak)))), uintptr(len(tweak)), uintptr(numRounds), uintptr(options), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(cryptorRef)))) + } -+ c := &evpCipher{key: make([]byte, len(key)), kind: kind} -+ copy(c.key, key) -+ c.blockSize = int(ossl.EVP_CIPHER_get_block_size(cipher)) -+ return c, nil ++ return CCCryptorStatus(r0) +} + -+func (c *evpCipher) encrypt(dst, src []byte) error { -+ if len(src) < c.blockSize { -+ return errors.New("input not full block") -+ } -+ if len(dst) < c.blockSize { -+ return errors.New("output not full block") -+ } -+ // Only check for overlap between the parts of src and dst that will actually be used. -+ // This matches Go standard library behavior. -+ if inexactOverlap(dst[:c.blockSize], src[:c.blockSize]) { -+ return errors.New("invalid buffer overlap") -+ } -+ enc_ctx, err := newCipherCtx(c.kind, cipherModeECB, cipherOpEncrypt, c.key, nil) -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_CIPHER_CTX_free(enc_ctx) ++var _mkcgo_CCCryptorRelease_trampoline_addr uintptr + -+ var outl int32 -+ if _, err := ossl.EVP_EncryptUpdate(enc_ctx, dst[:c.blockSize], &outl, src[:c.blockSize]); err != nil { -+ return err -+ } -+ runtime.KeepAlive(c) -+ return nil ++func CCCryptorRelease(cryptorRef CCCryptorRef) CCCryptorStatus { ++ r0, _ := syscallN(0, _mkcgo_CCCryptorRelease_trampoline_addr, uintptr(cryptorRef)) ++ return CCCryptorStatus(r0) +} + -+func (c *evpCipher) decrypt(dst, src []byte) error { -+ if len(src) < c.blockSize { -+ return errors.New("input not full block") -+ } -+ if len(dst) < c.blockSize { -+ return errors.New("output not full block") -+ } -+ // Only check for overlap between the parts of src and dst that will actually be used. -+ // This matches Go standard library behavior. -+ if inexactOverlap(dst[:c.blockSize], src[:c.blockSize]) { -+ return errors.New("invalid buffer overlap") -+ } -+ dec_ctx, err := newCipherCtx(c.kind, cipherModeECB, cipherOpDecrypt, c.key, nil) -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_CIPHER_CTX_free(dec_ctx) -+ -+ if _, err := ossl.EVP_CIPHER_CTX_set_padding(dec_ctx, 0); err != nil { -+ return err -+ } ++var _mkcgo_CCCryptorReset_trampoline_addr uintptr + -+ var outl int32 -+ ossl.EVP_DecryptUpdate(dec_ctx, dst[:c.blockSize], &outl, src[:c.blockSize]) -+ runtime.KeepAlive(c) -+ return nil ++func CCCryptorReset(cryptorRef CCCryptorRef, iv []byte) CCCryptorStatus { ++ r0, _ := syscallN(0, _mkcgo_CCCryptorReset_trampoline_addr, uintptr(cryptorRef), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(iv))))) ++ return CCCryptorStatus(r0) +} + -+type cipherCBC struct { -+ ctx ossl.EVP_CIPHER_CTX_PTR -+ blockSize int -+} ++var _mkcgo_CCCryptorUpdate_trampoline_addr uintptr + -+func (c *cipherCBC) finalize() { -+ ossl.EVP_CIPHER_CTX_free(c.ctx) ++func CCCryptorUpdate(cryptorRef CCCryptorRef, dataIn []byte, dataOut []byte, dataOutMoved *int) CCCryptorStatus { ++ r0, _ := syscallN(0, _mkcgo_CCCryptorUpdate_trampoline_addr, uintptr(cryptorRef), uintptr(unsafe.Pointer(unsafe.SliceData(dataIn))), uintptr(len(dataIn)), uintptr(unsafe.Pointer(unsafe.SliceData(dataOut))), uintptr(len(dataOut)), uintptr(unsafe.Pointer(dataOutMoved))) ++ return CCCryptorStatus(r0) +} + -+func (x *cipherCBC) BlockSize() int { return x.blockSize } -+ -+func (x *cipherCBC) CryptBlocks(dst, src []byte) { -+ if inexactOverlap(dst, src) { -+ panic("crypto/cipher: invalid buffer overlap") -+ } -+ if len(src)%x.blockSize != 0 { -+ panic("crypto/cipher: input not full blocks") -+ } -+ if len(dst) < len(src) { -+ panic("crypto/cipher: output smaller than input") -+ } -+ if len(src) > 0 { -+ var outl int32 -+ if _, err := ossl.EVP_CipherUpdate(x.ctx, dst, &outl, src); err != nil { -+ panic("crypto/cipher: " + err.Error()) -+ } -+ runtime.KeepAlive(x) -+ } -+} -+ -+func (x *cipherCBC) SetIV(iv []byte) { -+ if len(iv) != x.blockSize { -+ panic("crypto/cipher: incorrect length IV") -+ } -+ if _, err := ossl.EVP_CipherInit_ex(x.ctx, nil, nil, nil, base(iv), int32(cipherOpNone)); err != nil { -+ panic("crypto/cipher: " + err.Error()) -+ } -+} -+ -+func (c *evpCipher) newCBC(iv []byte, op cipherOp) cipher.BlockMode { -+ ctx, err := newCipherCtx(c.kind, cipherModeCBC, op, c.key, iv) -+ if err != nil { -+ panic(err) -+ } -+ x := &cipherCBC{ctx: ctx, blockSize: c.blockSize} -+ runtime.SetFinalizer(x, (*cipherCBC).finalize) -+ if _, err := ossl.EVP_CIPHER_CTX_set_padding(x.ctx, 0); err != nil { -+ panic("crypto/cipher: " + err.Error()) -+ } -+ return x -+} -+ -+type cipherCTR struct { -+ ctx ossl.EVP_CIPHER_CTX_PTR -+} -+ -+func (x *cipherCTR) XORKeyStream(dst, src []byte) { -+ if inexactOverlap(dst, src) { -+ panic("crypto/cipher: invalid buffer overlap") -+ } -+ if len(dst) < len(src) { -+ panic("crypto/cipher: output smaller than input") -+ } -+ if len(src) == 0 { -+ return -+ } -+ var outl int32 -+ if _, err := ossl.EVP_EncryptUpdate(x.ctx, dst, &outl, src); err != nil { -+ panic("crypto/cipher: " + err.Error()) -+ } -+ runtime.KeepAlive(x) -+} -+ -+func (c *evpCipher) newCTR(iv []byte) cipher.Stream { -+ ctx, err := newCipherCtx(c.kind, cipherModeCTR, cipherOpEncrypt, c.key, iv) -+ if err != nil { -+ panic(err) -+ } -+ x := &cipherCTR{ctx: ctx} -+ runtime.SetFinalizer(x, (*cipherCTR).finalize) -+ return x -+} -+ -+func (c *cipherCTR) finalize() { -+ ossl.EVP_CIPHER_CTX_free(c.ctx) -+} -+ -+type cipherGCMTLS uint8 -+ -+const ( -+ cipherGCMTLSNone cipherGCMTLS = iota -+ cipherGCMTLS12 -+ cipherGCMTLS13 -+) -+ -+type cipherGCM struct { -+ c *evpCipher -+ tls cipherGCMTLS -+ // minNextNonce is the minimum value that the next nonce can be, enforced by -+ // all TLS modes. -+ minNextNonce uint64 -+ // mask is the nonce mask used in TLS 1.3 mode. -+ mask uint64 -+ // maskInitialized is true if mask has been initialized. This happens during -+ // the first Seal. The initialized mask may be 0. Used by TLS 1.3 mode. -+ maskInitialized bool -+ blockSize int -+} -+ -+const ( -+ aesBlockSize = 16 -+ gcmTagSize = 16 -+ gcmStandardNonceSize = 12 -+ // TLS 1.2 additional data is constructed as: -+ // -+ // additional_data = seq_num(8) + TLSCompressed.type(1) + TLSCompressed.version(2) + TLSCompressed.length(2); -+ gcmTls12AddSize = 13 -+ // TLS 1.3 additional data is constructed as: -+ // -+ // additional_data = TLSCiphertext.opaque_type(1) || TLSCiphertext.legacy_record_version(2) || TLSCiphertext.length(2) -+ gcmTls13AddSize = 5 -+ gcmTlsFixedNonceSize = 4 -+) -+ -+type noGCM struct { -+ *evpCipher -+} -+ -+func (g *noGCM) BlockSize() int { -+ return g.blockSize -+} -+ -+func (g *noGCM) Encrypt(dst, src []byte) { -+ g.encrypt(dst, src) -+} -+ -+func (g *noGCM) Decrypt(dst, src []byte) { -+ g.decrypt(dst, src) -+} -+ -+func (c *evpCipher) newGCMChecked(nonceSize, tagSize int) (cipher.AEAD, error) { -+ if nonceSize != gcmStandardNonceSize && tagSize != gcmTagSize { -+ return nil, errors.New("crypto/cipher: GCM tag and nonce sizes can't be non-standard at the same time") -+ } -+ // Fall back to standard library for GCM with non-standard nonce or tag size. -+ if nonceSize != gcmStandardNonceSize { -+ return cipher.NewGCMWithNonceSize(&noGCM{c}, nonceSize) -+ } -+ if tagSize != gcmTagSize { -+ return cipher.NewGCMWithTagSize(&noGCM{c}, tagSize) -+ } -+ return c.newGCM(cipherGCMTLSNone) -+} -+ -+func (c *evpCipher) newGCM(tls cipherGCMTLS) (cipher.AEAD, error) { -+ g := &cipherGCM{c: c, tls: tls, blockSize: c.blockSize} -+ return g, nil -+} -+ -+func (g *cipherGCM) NonceSize() int { -+ return gcmStandardNonceSize -+} -+ -+func (g *cipherGCM) Overhead() int { -+ return gcmTagSize -+} -+ -+func (g *cipherGCM) Seal(dst, nonce, plaintext, aad []byte) []byte { -+ if len(nonce) != gcmStandardNonceSize { -+ panic("cipher: incorrect nonce length given to GCM") -+ } -+ if uint64(len(plaintext)) > ((1<<32)-2)*uint64(g.blockSize) || len(plaintext)+gcmTagSize < len(plaintext) { -+ panic("cipher: message too large for GCM") -+ } -+ if len(dst)+len(plaintext)+gcmTagSize < len(dst) { -+ panic("cipher: message too large for buffer") -+ } -+ if g.tls != cipherGCMTLSNone { -+ if g.tls == cipherGCMTLS12 && len(aad) != gcmTls12AddSize { -+ panic("cipher: incorrect additional data length given to GCM TLS 1.2") -+ } else if g.tls == cipherGCMTLS13 && len(aad) != gcmTls13AddSize { -+ panic("cipher: incorrect additional data length given to GCM TLS 1.3") -+ } -+ counter := bigEndianUint64(nonce[gcmTlsFixedNonceSize:]) -+ if g.tls == cipherGCMTLS13 { -+ // In TLS 1.3, the counter in the nonce has a mask and requires -+ // further decoding. -+ if !g.maskInitialized { -+ // According to TLS 1.3 nonce construction details at -+ // https://tools.ietf.org/html/rfc8446#section-5.3: -+ // -+ // the first record transmitted under a particular traffic -+ // key MUST use sequence number 0. -+ // -+ // The padded sequence number is XORed with [a mask]. -+ // -+ // The resulting quantity (of length iv_length) is used as -+ // the per-record nonce. -+ // -+ // We need to convert from the given nonce to sequence numbers -+ // to keep track of minNextNonce and enforce the counter -+ // maximum. On the first call, we know counter^mask is 0^mask, -+ // so we can simply store it as the mask. -+ g.mask = counter -+ g.maskInitialized = true -+ } -+ counter ^= g.mask -+ } -+ // BoringCrypto enforces strictly monotonically increasing explicit nonces -+ // and to fail after 2^64 - 1 keys as per FIPS 140-2 IG A.5, -+ // but OpenSSL does not perform this check, so it is implemented here. -+ const maxUint64 = 1<<64 - 1 -+ if counter == maxUint64 { -+ panic("cipher: nonce counter must be less than 2^64 - 1") -+ } -+ if counter < g.minNextNonce { -+ panic("cipher: nonce counter must be strictly monotonically increasing") -+ } -+ defer func() { -+ g.minNextNonce = counter + 1 -+ }() -+ } -+ -+ // Make room in dst to append plaintext+overhead. -+ ret, out := sliceForAppend(dst, len(plaintext)+gcmTagSize) -+ -+ // Check delayed until now to make sure len(dst) is accurate. -+ if inexactOverlap(out, plaintext) { -+ panic("cipher: invalid buffer overlap") -+ } -+ -+ ctx, err := newCipherCtx(g.c.kind, cipherModeGCM, cipherOpNone, g.c.key, nil) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.EVP_CIPHER_CTX_free(ctx) -+ // Encrypt additional data. -+ // When sealing a TLS payload, OpenSSL app sets the additional data using -+ // '_EVP_CIPHER_CTX_ctrl(g.ctx, _EVP_CTRL_AEAD_TLS1_AAD, _EVP_AEAD_TLS1_AAD_LEN, base(additionalData))'. -+ // This makes the explicit nonce component to monotonically increase on every Seal operation without -+ // relying in the explicit nonce being securely set externally, -+ // and it also gives some interesting speed gains. -+ // Unfortunately we can't use it because Go expects AEAD.Seal to honor the provided nonce. -+ if _, err := ossl.EVP_EncryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { -+ panic(err) -+ } -+ var outl, discard int32 -+ if _, err := ossl.EVP_EncryptUpdate(ctx, nil, &discard, sliceNeverNil(aad)); err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_EncryptUpdate(ctx, out, &outl, sliceNeverNil(plaintext)); err != nil { -+ panic(err) -+ } -+ if len(plaintext) != int(outl) { -+ panic("cipher: incorrect length returned from GCM EncryptUpdate") -+ } -+ discard = 0 -+ if _, err := ossl.EVP_EncryptFinal_ex(ctx, out[outl:], &discard); err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_GCM_GET_TAG, 16, unsafe.Pointer(base(out[outl:]))); err != nil { -+ panic(err) -+ } -+ runtime.KeepAlive(g) -+ return ret -+} -+ -+func (g *cipherGCM) SealWithRandomNonce(out, nonce, plaintext, aad []byte) { -+ if uint64(len(plaintext)) > uint64((1<<32)-2)*aesBlockSize { -+ panic("crypto/cipher: message too large for GCM") -+ } -+ if len(nonce) != gcmStandardNonceSize { -+ panic("crypto/cipher: incorrect nonce length given to GCMWithRandomNonce") -+ } -+ if len(out) != len(plaintext)+gcmTagSize { -+ panic("crypto/cipher: incorrect output length given to GCMWithRandomNonce") -+ } -+ if inexactOverlap(out, plaintext) { -+ panic("crypto/cipher: invalid buffer overlap of output and input") -+ } -+ if anyOverlap(out, aad) { -+ panic("crypto/cipher: invalid buffer overlap of output and additional data") -+ } -+ -+ if g.tls != cipherGCMTLSNone { -+ panic("cipher: encryption failed") -+ } -+ -+ RandReader.Read(nonce) -+ ctx, err := newCipherCtx(g.c.kind, cipherModeGCM, cipherOpNone, g.c.key, nil) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.EVP_CIPHER_CTX_free(ctx) -+ -+ if _, err := ossl.EVP_EncryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { -+ panic(err) -+ } -+ var outl, discard int32 -+ if _, err := ossl.EVP_EncryptUpdate(ctx, nil, &discard, sliceNeverNil(aad)); err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_EncryptUpdate(ctx, out, &outl, sliceNeverNil(plaintext)); err != nil { -+ panic(err) -+ } -+ if len(plaintext) != int(outl) { -+ panic("cipher: incorrect length returned from GCM EncryptUpdate") -+ } -+ discard = 0 -+ if _, err := ossl.EVP_EncryptFinal_ex(ctx, out[outl:], &discard); err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_GCM_GET_TAG, 16, unsafe.Pointer(base(out[outl:]))); err != nil { -+ panic(err) -+ } -+ runtime.KeepAlive(g) -+} -+ -+var errOpen = errors.New("cipher: message authentication failed") -+ -+func (g *cipherGCM) Open(dst, nonce, ciphertext, aad []byte) (_ []byte, err error) { -+ if len(nonce) != gcmStandardNonceSize { -+ panic("cipher: incorrect nonce length given to GCM") -+ } -+ if len(ciphertext) < gcmTagSize { -+ return nil, errOpen -+ } -+ if uint64(len(ciphertext)) > ((1<<32)-2)*uint64(g.blockSize)+gcmTagSize { -+ return nil, errOpen -+ } -+ // BoringCrypto does not do any TLS check when decrypting, neither do we. -+ -+ tag := ciphertext[len(ciphertext)-gcmTagSize:] -+ ciphertext = ciphertext[:len(ciphertext)-gcmTagSize] -+ -+ // Make room in dst to append ciphertext without tag. -+ ret, out := sliceForAppend(dst, len(ciphertext)) -+ -+ // Check delayed until now to make sure len(dst) is accurate. -+ if inexactOverlap(out, ciphertext) { -+ panic("cipher: invalid buffer overlap") -+ } -+ -+ ctx, err := newCipherCtx(g.c.kind, cipherModeGCM, cipherOpNone, g.c.key, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_CIPHER_CTX_free(ctx) -+ -+ defer func() { -+ if err != nil { -+ // Zero output buffer on error. -+ for i := range out { -+ out[i] = 0 -+ } -+ } -+ }() -+ if _, err := ossl.EVP_DecryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { -+ return nil, errOpen -+ } -+ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_GCM_SET_TAG, 16, unsafe.Pointer(base(tag))); err != nil { -+ return nil, errOpen -+ } -+ var outl, discard int32 -+ if _, err := ossl.EVP_DecryptUpdate(ctx, nil, &discard, sliceNeverNil(aad)); err != nil { -+ return nil, errOpen -+ } -+ if _, err := ossl.EVP_DecryptUpdate(ctx, out, &outl, sliceNeverNil(ciphertext)); err != nil { -+ return nil, errOpen -+ } -+ if len(ciphertext) != int(outl) { -+ return nil, errOpen -+ } -+ discard = 0 -+ if _, err := ossl.EVP_DecryptFinal_ex(ctx, out[outl:], &discard); err != nil { -+ return nil, errOpen -+ } -+ runtime.KeepAlive(g) -+ return ret, nil -+} -+ -+// sliceForAppend is a mirror of crypto/cipher.sliceForAppend. -+func sliceForAppend(in []byte, n int) (head, tail []byte) { -+ if total := len(in) + n; cap(in) >= total { -+ head = in[:total] -+ } else { -+ head = make([]byte, total) -+ copy(head, in) -+ } -+ tail = head[len(in):] -+ return -+} -+ -+func newCipherCtx(kind cipherKind, mode cipherMode, encrypt cipherOp, key, iv []byte) (_ ossl.EVP_CIPHER_CTX_PTR, err error) { -+ cipher := loadCipher(kind, mode) -+ if cipher == nil { -+ panic("crypto/cipher: unsupported cipher: " + kind.String()) -+ } -+ ctx, err := ossl.EVP_CIPHER_CTX_new() -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if err != nil { -+ ossl.EVP_CIPHER_CTX_free(ctx) -+ } -+ }() -+ if kind == cipherRC4 { -+ // RC4 cipher supports a variable key length. -+ // We need to set the key length before setting the key, -+ // and to do so we need to have an initialized cipher ctx. -+ if _, err := ossl.EVP_CipherInit_ex(ctx, cipher, nil, nil, nil, int32(encrypt)); err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EVP_CIPHER_CTX_set_key_length(ctx, int32(len(key))); err != nil { -+ return nil, err -+ } -+ // Pass nil to the next call to EVP_CipherInit_ex to avoid resetting ctx's cipher. -+ cipher = nil -+ } -+ if _, err := ossl.EVP_CipherInit_ex(ctx, cipher, nil, base(key), base(iv), int32(encrypt)); err != nil { -+ return nil, err -+ } -+ return ctx, nil -+} -+ -+// The following two functions are a mirror of golang.org/x/crypto/internal/subtle. -+ -+func anyOverlap(x, y []byte) bool { -+ return len(x) > 0 && len(y) > 0 && -+ uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) && -+ uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1])) -+} ++var _mkcgo_CCKeyDerivationPBKDF_trampoline_addr uintptr + -+func inexactOverlap(x, y []byte) bool { -+ if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] { -+ return false -+ } -+ return anyOverlap(x, y) ++func CCKeyDerivationPBKDF(algorithm CCPBKDFAlgorithm, password []byte, salt []uint8, prf CCPseudoRandomAlgorithm, rounds uint32, derivedKey []uint8) CCCryptorStatus { ++ r0, _ := syscallN(0, _mkcgo_CCKeyDerivationPBKDF_trampoline_addr, uintptr(algorithm), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(password)))), uintptr(len(password)), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(salt)))), uintptr(len(salt)), uintptr(prf), uintptr(rounds), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(derivedKey)))), uintptr(len(derivedKey))) ++ return CCCryptorStatus(r0) +} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/const.go b/src/vendor/github.com/golang-fips/openssl/v2/const.go -new file mode 100644 -index 00000000000000..a8165e13f85164 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/const.go -@@ -0,0 +1,99 @@ -+package openssl -+ -+import "unsafe" -+ -+// cString is a null-terminated string, -+// akin to C's char*. -+type cString string -+ -+// str returns the string value. -+func (s cString) str() string { -+ return string(s) -+} -+ -+// ptr returns a pointer to the string data. -+// It panics if the string is not null-terminated. -+// -+// The memory pointed to by the returned pointer should -+// not be modified and it must only be passed to -+// "const char*" parameters. Any attempt to modify it -+// will result in a runtime panic, as Go strings are -+// allocated in read-only memory. -+func (s cString) ptr() *byte { -+ if len(s) == 0 { -+ return nil -+ } -+ if s[len(s)-1] != 0 { -+ panic("must be null-terminated") -+ } -+ return unsafe.StringData(string(s)) -+} -+ -+const ( //checkheader:ignore -+ // Key types -+ _KeyTypeRSA cString = "RSA\x00" -+ _KeyTypeEC cString = "EC\x00" -+ _KeyTypeED25519 cString = "ED25519\x00" -+ _KeyTypeX25519 cString = "X25519\x00" -+ _KeyTypeMLKEM768 cString = "ML-KEM-768\x00" -+ _KeyTypeMLKEM1024 cString = "ML-KEM-1024\x00" -+ _KeyTypeMLDSA44 cString = "ML-DSA-44\x00" -+ _KeyTypeMLDSA65 cString = "ML-DSA-65\x00" -+ _KeyTypeMLDSA87 cString = "ML-DSA-87\x00" -+ _KeyTypeChacha20Poly1305 cString = "CHACHA20-POLY1305\x00" -+ -+ // Digest names -+ _DigestNameSHAKE128 cString = "SHAKE-128\x00" -+ _DigestNameSHAKE256 cString = "SHAKE-256\x00" -+ -+ // KDF names -+ _OSSL_KDF_NAME_HKDF cString = "HKDF\x00" -+ _OSSL_KDF_NAME_PBKDF2 cString = "PBKDF2\x00" -+ _OSSL_KDF_NAME_TLS1_PRF cString = "TLS1-PRF\x00" -+ _OSSL_KDF_NAME_TLS13_KDF cString = "TLS13-KDF\x00" -+ _OSSL_MAC_NAME_HMAC cString = "HMAC\x00" -+ -+ // KDF parameters -+ _OSSL_KDF_PARAM_DIGEST cString = "digest\x00" -+ _OSSL_KDF_PARAM_SECRET cString = "secret\x00" -+ _OSSL_KDF_PARAM_SEED cString = "seed\x00" -+ _OSSL_KDF_PARAM_KEY cString = "key\x00" -+ _OSSL_KDF_PARAM_INFO cString = "info\x00" -+ _OSSL_KDF_PARAM_SALT cString = "salt\x00" -+ _OSSL_KDF_PARAM_MODE cString = "mode\x00" -+ -+ // TLS3-KDF parameters -+ _OSSL_KDF_PARAM_PREFIX cString = "prefix\x00" -+ _OSSL_KDF_PARAM_LABEL cString = "label\x00" -+ _OSSL_KDF_PARAM_DATA cString = "data\x00" -+ -+ // PKEY parameters -+ _OSSL_PKEY_PARAM_PUB_KEY cString = "pub\x00" -+ _OSSL_PKEY_PARAM_PRIV_KEY cString = "priv\x00" -+ _OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY cString = "encoded-pub-key\x00" -+ _OSSL_PKEY_PARAM_GROUP_NAME cString = "group\x00" -+ _OSSL_PKEY_PARAM_EC_PUB_X cString = "qx\x00" -+ _OSSL_PKEY_PARAM_EC_PUB_Y cString = "qy\x00" -+ _OSSL_PKEY_PARAM_FFC_PBITS cString = "pbits\x00" -+ _OSSL_PKEY_PARAM_FFC_QBITS cString = "qbits\x00" -+ _OSSL_PKEY_PARAM_RSA_N cString = "n\x00" -+ _OSSL_PKEY_PARAM_RSA_E cString = "e\x00" -+ _OSSL_PKEY_PARAM_RSA_D cString = "d\x00" -+ _OSSL_PKEY_PARAM_FFC_P cString = "p\x00" -+ _OSSL_PKEY_PARAM_FFC_Q cString = "q\x00" -+ _OSSL_PKEY_PARAM_FFC_G cString = "g\x00" -+ _OSSL_PKEY_PARAM_RSA_FACTOR1 cString = "rsa-factor1\x00" -+ _OSSL_PKEY_PARAM_RSA_FACTOR2 cString = "rsa-factor2\x00" -+ _OSSL_PKEY_PARAM_RSA_EXPONENT1 cString = "rsa-exponent1\x00" -+ _OSSL_PKEY_PARAM_RSA_EXPONENT2 cString = "rsa-exponent2\x00" -+ _OSSL_PKEY_PARAM_RSA_COEFFICIENT1 cString = "rsa-coefficient1\x00" -+ _OSSL_PKEY_PARAM_ML_KEM_SEED cString = "seed\x00" -+ _OSSL_PKEY_PARAM_ML_DSA_SEED cString = "seed\x00" -+ -+ // Signature parameters -+ _OSSL_SIGNATURE_PARAM_CONTEXT_STRING cString = "context-string\x00" -+ _OSSL_SIGNATURE_PARAM_MU cString = "mu\x00" -+ -+ // MAC parameters -+ _OSSL_MAC_PARAM_DIGEST cString = "digest\x00" -+) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/cshake.go b/src/vendor/github.com/golang-fips/openssl/v2/cshake.go -new file mode 100644 -index 00000000000000..b37b8e7cc10ac0 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/cshake.go -@@ -0,0 +1,255 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "runtime" -+ "strconv" -+ "sync" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// shakeOneShot applies the SHAKE extendable output function to data and -+// writes the output to out. -+func shakeOneShot(secuirtyBits int, data []byte, out []byte) { -+ // Can't use EVP_Digest because it doesn't support output lengths -+ // larger than the block size, while crypto/sha3 supports any length. -+ alg := loadShake(secuirtyBits) -+ if alg == nil { -+ panic("openssl: unsupported SHAKE" + strconv.Itoa(secuirtyBits) + " function") -+ } -+ ctx, err := ossl.EVP_MD_CTX_new() -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.EVP_MD_CTX_free(ctx) -+ if _, err := ossl.EVP_DigestInit_ex(ctx, alg.md, nil); err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_DigestUpdate(ctx, data); err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_DigestFinalXOF(ctx, out); err != nil { -+ panic(err) -+ } -+} -+ -+// SumSHAKE128 applies the SHAKE128 extendable output function to data and -+// returns an output of the given length in bytes. -+func SumSHAKE128(data []byte, length int) []byte { -+ out := make([]byte, length) -+ shakeOneShot(128, data, out) -+ return out -+} -+ -+// SumSHAKE256 applies the SHAKE256 extendable output function to data and -+// returns an output of the given length in bytes. -+func SumSHAKE256(data []byte, length int) []byte { -+ out := make([]byte, length) -+ shakeOneShot(256, data, out) -+ return out -+} -+ -+var shakeSupported sync.Map -+ -+var hasDigestSqueeze = sync.OnceValue(ossl.EVP_DigestSqueeze_Available) -+ -+// SupportsSHAKE returns true if the SHAKE extendable output functions -+// with the given securityBits are supported. -+func SupportsSHAKE(securityBits int) bool { -+ if !hasDigestSqueeze() { -+ // SHAKE MD's are supported since OpenSSL 1.1.1, but -+ // EVP_DigestSqueeze (added in OpenSSL 3.3) is required to -+ // implement [sha3.SHAKE]'s streaming Read API. -+ return false -+ } -+ if v, ok := shakeSupported.Load(securityBits); ok { -+ return v.(bool) -+ } -+ alg := loadShake(securityBits) -+ if alg == nil { -+ shakeSupported.Store(securityBits, false) -+ return false -+ } -+ // EVP_MD objects can be non-nil but the underlying provider may not -+ // support EVP_DigestSqueeze. We need to test it. -+ var supported bool -+ if ctx, _ := ossl.EVP_MD_CTX_new(); ctx != nil { -+ defer ossl.EVP_MD_CTX_free(ctx) -+ if _, err := ossl.EVP_DigestInit_ex(ctx, alg.md, nil); err == nil { -+ var tmp [1]byte -+ _, err := ossl.EVP_DigestSqueeze(ctx, tmp[:]) -+ supported = err == nil -+ } -+ } -+ shakeSupported.Store(securityBits, supported) -+ return supported -+} -+ -+// SupportsCSHAKE returns true if the CSHAKE extendable output functions -+// with the given securityBits are supported. -+func SupportsCSHAKE(securityBits int) bool { -+ // OpenSSL tracker issue https://github.com/openssl/openssl/issues/28358 -+ return false -+} -+ -+// SHAKE is an instance of a SHAKE extendable output function. -+type SHAKE struct { -+ alg *shakeAlgorithm -+ ctx ossl.EVP_MD_CTX_PTR -+ lastXofLen int -+} -+ -+// NewSHAKE128 creates a new SHAKE128 XOF. -+func NewSHAKE128() *SHAKE { -+ return newSHAKE(128) -+} -+ -+// NewSHAKE256 creates a new SHAKE256 XOF. -+func NewSHAKE256() *SHAKE { -+ return newSHAKE(256) -+} -+ -+// NewCSHAKE128 creates a new cSHAKE128 XOF. -+// -+// N is used to define functions based on cSHAKE, it can be empty when plain -+// cSHAKE is desired. S is a customization byte string used for domain -+// separation. When N and S are both empty, this is equivalent to NewSHAKE128. -+func NewCSHAKE128(N, S []byte) *SHAKE { -+ if len(N) == 0 && len(S) == 0 { -+ return NewSHAKE128() -+ } -+ return nil -+} -+ -+// NewCSHAKE256 creates a new cSHAKE256 XOF. -+// -+// N is used to define functions based on cSHAKE, it can be empty when plain -+// cSHAKE is desired. S is a customization byte string used for domain -+// separation. When N and S are both empty, this is equivalent to NewSHAKE256. -+func NewCSHAKE256(N, S []byte) *SHAKE { -+ if len(N) == 0 && len(S) == 0 { -+ return NewSHAKE256() -+ } -+ return nil -+} -+ -+func newSHAKE(securityBits int) *SHAKE { -+ alg := loadShake(securityBits) -+ if alg == nil { -+ panic("openssl: unsupported SHAKE" + strconv.Itoa(securityBits) + " function") -+ } -+ ctx, err := ossl.EVP_MD_CTX_new() -+ if err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_DigestInit_ex(ctx, alg.md, nil); err != nil { -+ ossl.EVP_MD_CTX_free(ctx) -+ panic(err) -+ } -+ s := &SHAKE{alg: alg, ctx: ctx} -+ runtime.SetFinalizer(s, (*SHAKE).finalize) -+ return s -+} -+ -+func (s *SHAKE) finalize() { -+ ossl.EVP_MD_CTX_free(s.ctx) -+} -+ -+// Write absorbs more data into the XOF's state. -+// -+// It panics if any output has already been read. -+func (s *SHAKE) Write(p []byte) (n int, err error) { -+ defer runtime.KeepAlive(s) -+ if len(p) == 0 { -+ return 0, nil -+ } -+ if _, err := ossl.EVP_DigestUpdate(s.ctx, p); err != nil { -+ panic(err) -+ } -+ return len(p), nil -+} -+ -+// Read squeezes more output from the XOF. -+// -+// Any call to Write after a call to Read will panic. -+func (s *SHAKE) Read(p []byte) (n int, err error) { -+ defer runtime.KeepAlive(s) -+ if len(p) == 0 { -+ return 0, nil -+ } -+ if len(p) != s.lastXofLen { -+ if _, err := ossl.EVP_MD_CTX_ctrl(s.ctx, ossl.EVP_MD_CTRL_XOF_LEN, int32(len(p)), nil); err != nil { -+ panic(err) -+ } -+ s.lastXofLen = len(p) -+ } -+ if _, err := ossl.EVP_DigestSqueeze(s.ctx, p); err != nil { -+ panic(err) -+ } -+ return len(p), nil -+} -+ -+// Reset resets the XOF to its initial state. -+func (s *SHAKE) Reset() { -+ defer runtime.KeepAlive(s) -+ if _, err := ossl.EVP_DigestInit_ex(s.ctx, nil, nil); err != nil { -+ panic(err) -+ } -+ s.lastXofLen = 0 -+} -+ -+// BlockSize returns the rate of the XOF. -+func (s *SHAKE) BlockSize() int { -+ return s.alg.blockSize -+} -+ -+func (s *SHAKE) MarshalBinary() ([]byte, error) { -+ return nil, errMarshallUnsupported{} -+} -+ -+func (s *SHAKE) AppendBinary(b []byte) ([]byte, error) { -+ return nil, errMarshallUnsupported{} -+} -+ -+func (s *SHAKE) UnmarshalBinary(data []byte) error { -+ return errMarshallUnsupported{} -+} -+ -+type shakeAlgorithm struct { -+ md ossl.EVP_MD_PTR -+ blockSize int -+} -+ -+var cacheSHAKE sync.Map -+ -+// loadShake converts a crypto.Hash to a EVP_MD. -+func loadShake(securityBits int) (alg *shakeAlgorithm) { -+ if v, ok := cacheSHAKE.Load(securityBits); ok { -+ return v.(*shakeAlgorithm) -+ } -+ defer func() { -+ cacheSHAKE.Store(securityBits, alg) -+ }() -+ -+ var name cString -+ switch securityBits { -+ case 128: -+ name = _DigestNameSHAKE128 -+ case 256: -+ name = _DigestNameSHAKE256 -+ default: -+ return nil -+ } -+ -+ md, err := ossl.EVP_MD_fetch(nil, name.ptr(), nil) -+ if err != nil || md == nil { -+ return nil -+ } -+ -+ alg = new(shakeAlgorithm) -+ alg.md = md -+ alg.blockSize = int(ossl.EVP_MD_get_block_size(md)) -+ return alg -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/des.go b/src/vendor/github.com/golang-fips/openssl/v2/des.go -new file mode 100644 -index 00000000000000..71586bbb74bbee ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/des.go -@@ -0,0 +1,118 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "crypto/cipher" -+ "errors" -+) -+ -+// SupportsDESCipher returns true if NewDESCipher is supported, -+// which uses ECB mode. -+// If CBC is also supported, then the returned cipher.Block -+// will also implement NewCBCEncrypter and NewCBCDecrypter. -+func SupportsDESCipher() bool { -+ switch major() { -+ case 1: -+ // DES is not part of the OpenSSL 1.x FIPS module. -+ return !FIPS() && loadCipher(cipherDES, cipherModeECB) != nil -+ default: -+ // On OpenSSL 3+ availability is decided by the algorithm probe: -+ // EVP_CIPHER_fetch returns nil unless the legacy provider is loaded. -+ return loadCipher(cipherDES, cipherModeECB) != nil -+ } -+} -+ -+// SupportsTripleDESCipher returns true if NewTripleDESCipher is supported, -+// which uses ECB mode. -+// If CBC is also supported, then the returned cipher.Block -+// will also implement NewCBCEncrypter and NewCBCDecrypter. -+func SupportsTripleDESCipher() bool { -+ // Should always be true for stock OpenSSL, -+ // even when using the FIPS provider. -+ return loadCipher(cipherDES3, cipherModeECB) != nil -+} -+ -+func NewDESCipher(key []byte) (cipher.Block, error) { -+ if len(key) != 8 { -+ return nil, errors.New("crypto/des: invalid key size") -+ } -+ return newDESCipher(key, cipherDES) -+} -+ -+func NewTripleDESCipher(key []byte) (cipher.Block, error) { -+ if len(key) != 24 { -+ return nil, errors.New("crypto/des: invalid key size") -+ } -+ return newDESCipher(key, cipherDES3) -+} -+ -+func newDESCipher(key []byte, kind cipherKind) (cipher.Block, error) { -+ c, err := newEVPCipher(key, kind) -+ if err != nil { -+ return nil, err -+ } -+ if loadCipher(kind, cipherModeCBC) == nil { -+ return &desCipherWithoutCBC{c}, nil -+ } -+ return &desCipher{c}, nil -+} -+ -+type desExtraModes interface { -+ NewCBCEncrypter(iv []byte) cipher.BlockMode -+ NewCBCDecrypter(iv []byte) cipher.BlockMode -+} -+ -+var _ desExtraModes = (*desCipher)(nil) -+ -+type desCipher struct { -+ *evpCipher -+} -+ -+func (c *desCipher) BlockSize() int { -+ return c.blockSize -+} -+ -+func (c *desCipher) Encrypt(dst, src []byte) { -+ if err := c.encrypt(dst, src); err != nil { -+ // crypto/des expects that the panic message starts with "crypto/des: ". -+ panic("crypto/des: " + err.Error()) -+ } -+} -+ -+func (c *desCipher) Decrypt(dst, src []byte) { -+ if err := c.decrypt(dst, src); err != nil { -+ // crypto/des expects that the panic message starts with "crypto/des: ". -+ panic("crypto/des: " + err.Error()) -+ } -+} -+ -+func (c *desCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { -+ return c.newCBC(iv, cipherOpEncrypt) -+} -+ -+func (c *desCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { -+ return c.newCBC(iv, cipherOpDecrypt) -+} -+ -+type desCipherWithoutCBC struct { -+ *evpCipher -+} -+ -+func (c *desCipherWithoutCBC) BlockSize() int { -+ return c.blockSize -+} -+ -+func (c *desCipherWithoutCBC) Encrypt(dst, src []byte) { -+ if err := c.encrypt(dst, src); err != nil { -+ // crypto/des expects that the panic message starts with "crypto/des: ". -+ panic("crypto/des: " + err.Error()) -+ } -+} -+ -+func (c *desCipherWithoutCBC) Decrypt(dst, src []byte) { -+ if err := c.decrypt(dst, src); err != nil { -+ // crypto/des expects that the panic message starts with "crypto/des: ". -+ panic("crypto/des: " + err.Error()) -+ } -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/dsa.go b/src/vendor/github.com/golang-fips/openssl/v2/dsa.go -new file mode 100644 -index 00000000000000..3a025ff7d40011 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/dsa.go -@@ -0,0 +1,305 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "runtime" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// SupportsDSA returns true if the OpenSSL library supports DSA. -+func SupportsDSA() bool { -+ ctx, err := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_DSA, nil) -+ if err != nil { -+ return false -+ } -+ ossl.EVP_PKEY_CTX_free(ctx) -+ return true -+} -+ -+// DSAParameters contains the DSA parameters. -+type DSAParameters struct { -+ P, Q, G BigInt -+} -+ -+// PrivateKeyDSA represents a DSA private key. -+type PrivateKeyDSA struct { -+ DSAParameters -+ X, Y BigInt -+ -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func (k *PrivateKeyDSA) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PrivateKeyDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} -+ -+// PublicKeyDSA represents a DSA public key. -+type PublicKeyDSA struct { -+ DSAParameters -+ Y BigInt -+ -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func (k *PublicKeyDSA) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PublicKeyDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} -+ -+// GenerateParametersDSA generates a set of DSA parameters. -+func GenerateParametersDSA(l, n int) (DSAParameters, error) { -+ // The DSA parameters are generated by creating a new DSA key and -+ // extracting the domain parameters from it. -+ -+ // Generate a new DSA key context and set the known parameters. -+ ctx, err := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_DSA, nil) -+ if err != nil { -+ return DSAParameters{}, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if _, err := ossl.EVP_PKEY_paramgen_init(ctx); err != nil { -+ return DSAParameters{}, err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_DSA, -1, ossl.EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, int32(l), nil); err != nil { -+ return DSAParameters{}, err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_DSA, -1, ossl.EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, int32(n), nil); err != nil { -+ return DSAParameters{}, err -+ } -+ var pkey ossl.EVP_PKEY_PTR -+ if _, err := ossl.EVP_PKEY_paramgen(ctx, &pkey); err != nil { -+ return DSAParameters{}, err -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ -+ // Extract the domain parameters from the generated key. -+ var p, q, g ossl.BIGNUM_PTR -+ switch major() { -+ case 1: -+ dsa := getDSA(pkey) -+ ossl.DSA_get0_pqg(dsa, &p, &q, &g) -+ case 3, 4: -+ defer func() { -+ ossl.BN_free(p) -+ ossl.BN_free(q) -+ ossl.BN_free(g) -+ }() -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_P.ptr(), &p); err != nil { -+ return DSAParameters{}, err -+ } -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_Q.ptr(), &q); err != nil { -+ return DSAParameters{}, err -+ } -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_G.ptr(), &g); err != nil { -+ return DSAParameters{}, err -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ -+ return DSAParameters{ -+ P: bnToBig(p), -+ Q: bnToBig(q), -+ G: bnToBig(g), -+ }, nil -+} -+ -+// NewPrivateKeyDSA creates a new DSA private key from the given parameters. -+func NewPrivateKeyDSA(params DSAParameters, x, y BigInt) (*PrivateKeyDSA, error) { -+ if x == nil || y == nil { -+ panic("x and y must not be nil") -+ } -+ pkey, err := newDSA(params, x, y) -+ if err != nil { -+ return nil, err -+ } -+ k := &PrivateKeyDSA{params, x, y, pkey} -+ runtime.SetFinalizer(k, (*PrivateKeyDSA).finalize) -+ return k, nil -+} -+ -+// NewPublicKeyDSA creates a new DSA public key from the given parameters. -+func NewPublicKeyDSA(params DSAParameters, y BigInt) (*PublicKeyDSA, error) { -+ if y == nil { -+ panic("y must not be nil") -+ } -+ pkey, err := newDSA(params, nil, y) -+ if err != nil { -+ return nil, err -+ } -+ k := &PublicKeyDSA{params, y, pkey} -+ runtime.SetFinalizer(k, (*PublicKeyDSA).finalize) -+ return k, nil -+} -+ -+// GenerateKeyDSA generates a new private DSA key using the given parameters. -+func GenerateKeyDSA(params DSAParameters) (x, y BigInt, err error) { -+ pkey, err := newDSA(params, nil, nil) -+ if err != nil { -+ return nil, nil, err -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ var bx, by ossl.BIGNUM_PTR -+ switch major() { -+ case 1: -+ dsa := getDSA(pkey) -+ ossl.DSA_get0_key(dsa, &by, &bx) -+ case 3, 4: -+ defer func() { -+ ossl.BN_clear_free(bx) -+ ossl.BN_free(by) -+ }() -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PUB_KEY.ptr(), &by); err != nil { -+ return nil, nil, err -+ } -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &bx); err != nil { -+ return nil, nil, err -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ return bnToBig(bx), bnToBig(by), nil -+} -+ -+// SignDSA signs a hash (which should be the result of hashing a larger message). -+func SignDSA(priv *PrivateKeyDSA, hash []byte) ([]byte, error) { -+ return evpSign(priv.withKey, 0, 0, 0, hash) -+} -+ -+// VerifyDSA verifiessig using the public key, pub. -+func VerifyDSA(pub *PublicKeyDSA, hash []byte, sig []byte) bool { -+ return evpVerify(pub.withKey, 0, 0, 0, sig, hash) == nil -+} -+ -+func newDSA(params DSAParameters, x, y BigInt) (ossl.EVP_PKEY_PTR, error) { -+ switch major() { -+ case 1: -+ return newDSA1(params, x, y) -+ case 3, 4: -+ return newDSA3(params, x, y) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+func newDSA1(params DSAParameters, x, y BigInt) (pkey ossl.EVP_PKEY_PTR, err error) { -+ checkMajorVersion(1) -+ -+ dsa, err := ossl.DSA_new() -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if pkey == nil { -+ ossl.DSA_free(dsa) -+ } -+ }() -+ // No need to check for errors here, DSA_set0_* functions will fail -+ // if the BNs are NULL and we will free non-NULL BNs in the error handling. -+ p, _ := bigToBN(params.P) -+ q, _ := bigToBN(params.Q) -+ g, _ := bigToBN(params.G) -+ if _, err := ossl.DSA_set0_pqg(dsa, p, q, g); err != nil { -+ ossl.BN_free(p) -+ ossl.BN_free(q) -+ ossl.BN_free(g) -+ return nil, err -+ } -+ if y != nil { -+ pub, _ := bigToBN(y) -+ priv, _ := bigToBN(x) -+ if _, err := ossl.DSA_set0_key(dsa, pub, priv); err != nil { -+ ossl.BN_free(pub) -+ ossl.BN_clear_free(priv) -+ return nil, err -+ } -+ } else { -+ if _, err := ossl.DSA_generate_key(dsa); err != nil { -+ return nil, err -+ } -+ } -+ pkey, err = ossl.EVP_PKEY_new() -+ if err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_DSA, unsafe.Pointer(dsa)); err != nil { -+ ossl.EVP_PKEY_free(pkey) -+ return nil, err -+ } -+ return pkey, nil -+} -+ -+func newDSA3(params DSAParameters, x, y BigInt) (ossl.EVP_PKEY_PTR, error) { -+ checkMajorVersion(3, 4) -+ -+ bld := newParamBuilder() -+ defer bld.finalize() -+ -+ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_P, params.P, false) -+ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_Q, params.Q, false) -+ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_G, params.G, false) -+ selection := int32(ossl.EVP_PKEY_KEYPAIR) -+ if y != nil { -+ bld.addBigInt(_OSSL_PKEY_PARAM_PUB_KEY, y, false) -+ if x == nil { -+ selection = ossl.EVP_PKEY_PUBLIC_KEY -+ } -+ } -+ if x != nil { -+ bld.addBigInt(_OSSL_PKEY_PARAM_PRIV_KEY, x, true) -+ } -+ bldparams, err := bld.build() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.OSSL_PARAM_free(bldparams) -+ pkey, err := newEvpFromParams(ossl.EVP_PKEY_DSA, selection, bldparams) -+ if err != nil { -+ return nil, err -+ } -+ if y != nil { -+ return pkey, nil -+ } -+ // pkey doesn't contain the public component, but the crypto/dsa package -+ // expects it to be always there. Generate a new key using pkey as domain -+ // parameters placeholder. -+ defer ossl.EVP_PKEY_free(pkey) -+ ctx, err := ossl.EVP_PKEY_CTX_new_from_pkey(nil, pkey, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if _, err := ossl.EVP_PKEY_keygen_init(ctx); err != nil { -+ return nil, err -+ } -+ var gkey ossl.EVP_PKEY_PTR -+ if _, err := ossl.EVP_PKEY_keygen(ctx, &gkey); err != nil { -+ return nil, err -+ } -+ return gkey, nil -+} -+ -+// getDSA returns the DSA from pkey. -+// If pkey does not contain an DSA it panics. -+// The returned key should not be freed. -+func getDSA(pkey ossl.EVP_PKEY_PTR) ossl.DSA_PTR { -+ key, err := ossl.EVP_PKEY_get0_DSA(pkey) -+ if err != nil { -+ panic(err) -+ } -+ return key -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ec.go b/src/vendor/github.com/golang-fips/openssl/v2/ec.go -new file mode 100644 -index 00000000000000..666493af4d51d4 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/ec.go -@@ -0,0 +1,131 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "errors" -+ "strconv" -+ "sync" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+func SupportsCurve(curve string) bool { -+ switch curve { -+ case "P-224", "P-256", "P-384", "P-521": -+ return true -+ case "X25519": -+ return supportsX25519() -+ default: -+ return false -+ } -+} -+ -+var supportsX25519 = sync.OnceValue(func() bool { -+ ctx, _ := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_X25519, nil) -+ if ctx != nil { -+ ossl.EVP_PKEY_CTX_free(ctx) -+ return true -+ } -+ return false -+}) -+ -+func curveID(curve string) int32 { -+ switch curve { -+ case "P-224": -+ return ossl.EVP_PKEY_EC -+ case "P-256": -+ return ossl.EVP_PKEY_EC -+ case "P-384": -+ return ossl.EVP_PKEY_EC -+ case "P-521": -+ return ossl.EVP_PKEY_EC -+ case "X25519": -+ return ossl.EVP_PKEY_X25519 -+ default: -+ panic("openssl: unknown curve " + curve) -+ } -+} -+ -+func curveNID(curve string) int32 { -+ switch curve { -+ case "P-224": -+ return ossl.NID_secp224r1 -+ case "P-256": -+ return ossl.NID_X9_62_prime256v1 -+ case "P-384": -+ return ossl.NID_secp384r1 -+ case "P-521": -+ return ossl.NID_secp521r1 -+ default: -+ panic("openssl: unknown curve " + curve) -+ } -+} -+ -+// curveSize returns the size of the curve in bytes. -+func curveSize(curve string) int { -+ switch curve { -+ case "P-224": -+ return 224 / 8 -+ case "P-256": -+ return 256 / 8 -+ case "P-384": -+ return 384 / 8 -+ case "P-521": -+ return (521 + 7) / 8 -+ default: -+ panic("openssl: unknown curve " + curve) -+ } -+} -+ -+// encodeEcPoint encodes pt. -+func encodeEcPoint(group ossl.EC_GROUP_PTR, pt ossl.EC_POINT_PTR) ([]byte, error) { -+ // Get encoded point size. -+ n, err := ossl.EC_POINT_point2oct(group, pt, ossl.POINT_CONVERSION_UNCOMPRESSED, nil, nil) -+ if err != nil { -+ return nil, err -+ } -+ // Encode point into bytes. -+ bytes := make([]byte, n) -+ if _, err = ossl.EC_POINT_point2oct(group, pt, ossl.POINT_CONVERSION_UNCOMPRESSED, bytes, nil); err != nil { -+ return nil, err -+ } -+ return bytes, nil -+} -+ -+// generateAndEncodeEcPublicKey calls newPubKeyPointFn to generate a public key point and then encodes it. -+func generateAndEncodeEcPublicKey(nid int32, newPubKeyPointFn func(group ossl.EC_GROUP_PTR) (ossl.EC_POINT_PTR, error)) ([]byte, error) { -+ group, err := ossl.EC_GROUP_new_by_curve_name(nid) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EC_GROUP_free(group) -+ pt, err := newPubKeyPointFn(group) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EC_POINT_free(pt) -+ return encodeEcPoint(group, pt) -+} -+ -+func extractPKEYRawPublic(pkey ossl.EVP_PKEY_PTR, pub []byte) error { -+ keylen := len(pub) -+ if _, err := ossl.EVP_PKEY_get_raw_public_key(pkey, pub, &keylen); err != nil { -+ return err -+ } -+ if keylen != len(pub) { -+ return errors.New("bad public key length: " + strconv.Itoa(keylen)) -+ } -+ return nil -+} -+ -+func extractPKEYRawPrivate(pkey ossl.EVP_PKEY_PTR, pub []byte) error { -+ keylen := len(pub) -+ if _, err := ossl.EVP_PKEY_get_raw_private_key(pkey, pub, &keylen); err != nil { -+ return err -+ } -+ if keylen != len(pub) { -+ return errors.New("bad private key length: " + strconv.Itoa(keylen)) -+ } -+ return nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go b/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go -new file mode 100644 -index 00000000000000..212b53b9a4e583 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go -@@ -0,0 +1,340 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "errors" -+ "runtime" -+ "slices" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+const publicKeySizeX25519 = 32 -+const privateKeySizeX25519 = 32 -+ -+type PublicKeyECDH struct { -+ _pkey ossl.EVP_PKEY_PTR -+ bytes []byte -+} -+ -+func (k *PublicKeyECDH) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+type PrivateKeyECDH struct { -+ _pkey ossl.EVP_PKEY_PTR -+ curve string -+} -+ -+func (k *PrivateKeyECDH) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) { -+ expectedLen := publicKeySizeX25519 -+ if curve != "X25519" { -+ expectedLen = 1 + 2*curveSize(curve) -+ } -+ if len(bytes) != expectedLen { -+ return nil, errors.New("NewPublicKeyECDH: wrong key length") -+ } -+ -+ pkey, err := newECDHPkey(curve, bytes, false) -+ if err != nil { -+ return nil, err -+ } -+ k := &PublicKeyECDH{pkey, slices.Clone(bytes)} -+ runtime.SetFinalizer(k, (*PublicKeyECDH).finalize) -+ return k, nil -+} -+ -+func (k *PublicKeyECDH) Bytes() []byte { return k.bytes } -+ -+func NewPrivateKeyECDH(curve string, bytes []byte) (*PrivateKeyECDH, error) { -+ expectedLen := privateKeySizeX25519 -+ if curve != "X25519" { -+ expectedLen = curveSize(curve) -+ } -+ if len(bytes) != expectedLen { -+ return nil, errors.New("NewPrivateKeyECDH: wrong key length") -+ } -+ pkey, err := newECDHPkey(curve, bytes, true) -+ if err != nil { -+ return nil, err -+ } -+ k := &PrivateKeyECDH{pkey, curve} -+ runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize) -+ return k, nil -+} -+ -+func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { -+ defer runtime.KeepAlive(k) -+ var pkey ossl.EVP_PKEY_PTR -+ defer func() { -+ ossl.EVP_PKEY_free(pkey) -+ }() -+ -+ var bytes []byte -+ if k.curve == "X25519" { -+ pkey = k._pkey -+ if _, err := ossl.EVP_PKEY_up_ref(pkey); err != nil { -+ return nil, err -+ } -+ bytes = make([]byte, publicKeySizeX25519) -+ if err := extractPKEYRawPublic(pkey, bytes); err != nil { -+ return nil, err -+ } -+ } else { -+ switch major() { -+ case 1: -+ var err error -+ pkey, err = ossl.EVP_PKEY_new() -+ if err != nil { -+ return nil, err -+ } -+ key := getECKey(k._pkey) -+ if _, err := ossl.EVP_PKEY_set1_EC_KEY(pkey, key); err != nil { -+ return nil, err -+ } -+ pt := ossl.EC_KEY_get0_public_key(key) -+ if pt == nil { -+ return nil, fail("missing ECDH public key") -+ } -+ group := ossl.EC_KEY_get0_group(key) -+ if bytes, err = encodeEcPoint(group, pt); err != nil { -+ return nil, err -+ } -+ case 3, 4: -+ pkey = k._pkey -+ if _, err := ossl.EVP_PKEY_up_ref(pkey); err != nil { -+ return nil, err -+ } -+ var cbytes *byte -+ n, err := ossl.EVP_PKEY_get1_encoded_public_key(k._pkey, &cbytes) -+ if err != nil { -+ return nil, err -+ } -+ bytes = goBytes(unsafe.Pointer(cbytes), n) -+ cryptoFree(unsafe.Pointer(cbytes)) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ } -+ pub := &PublicKeyECDH{pkey, bytes} -+ pkey = nil -+ runtime.SetFinalizer(pub, (*PublicKeyECDH).finalize) -+ return pub, nil -+} -+ -+func newECDHPkey(curve string, bytes []byte, isPrivate bool) (ossl.EVP_PKEY_PTR, error) { -+ if curve == "X25519" { -+ if isPrivate { -+ return ossl.EVP_PKEY_new_raw_private_key(ossl.EVP_PKEY_X25519, nil, bytes) -+ } else { -+ return ossl.EVP_PKEY_new_raw_public_key(ossl.EVP_PKEY_X25519, nil, bytes) -+ } -+ } -+ nid := curveNID(curve) -+ switch major() { -+ case 1: -+ return newECDHPkey1(nid, bytes, isPrivate) -+ case 3, 4: -+ return newECDHPkey3(nid, bytes, isPrivate) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+func newECDHPkey1(nid int32, bytes []byte, isPrivate bool) (pkey ossl.EVP_PKEY_PTR, err error) { -+ checkMajorVersion(1) -+ -+ key, err := ossl.EC_KEY_new_by_curve_name(nid) -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if pkey == nil { -+ ossl.EC_KEY_free(key) -+ } -+ }() -+ group := ossl.EC_KEY_get0_group(key) -+ if isPrivate { -+ priv, err := ossl.BN_bin2bn(bytes, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.BN_clear_free(priv) -+ if _, err := ossl.EC_KEY_set_private_key(key, priv); err != nil { -+ return nil, err -+ } -+ pub, err := pointMult(group, priv) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EC_POINT_free(pub) -+ if _, err := ossl.EC_KEY_set_public_key(key, pub); err != nil { -+ return nil, err -+ } -+ } else { -+ pub, err := ossl.EC_POINT_new(group) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EC_POINT_free(pub) -+ if _, err := ossl.EC_POINT_oct2point(group, pub, bytes, nil); err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EC_KEY_set_public_key(key, pub); err != nil { -+ return nil, err -+ } -+ } -+ if _, err := ossl.EC_KEY_check_key(key); err != nil { -+ // Match upstream error message. -+ if isPrivate { -+ return nil, errors.New("crypto/ecdh: invalid private key") -+ } else { -+ return nil, errors.New("crypto/ecdh: invalid public key") -+ } -+ } -+ return newEVPPKEY(key) -+} -+ -+func newECDHPkey3(nid int32, bytes []byte, isPrivate bool) (ossl.EVP_PKEY_PTR, error) { -+ checkMajorVersion(3, 4) -+ -+ bld := newParamBuilder() -+ defer bld.finalize() -+ bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, ossl.OBJ_nid2sn(nid), 0) -+ var selection int32 -+ if isPrivate { -+ priv, err := ossl.BN_bin2bn(bytes, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.BN_clear_free(priv) -+ pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group ossl.EC_GROUP_PTR) (ossl.EC_POINT_PTR, error) { -+ return pointMult(group, priv) -+ }) -+ if err != nil { -+ return nil, err -+ } -+ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubBytes) -+ bld.addBN(_OSSL_PKEY_PARAM_PRIV_KEY, priv) -+ selection = ossl.EVP_PKEY_KEYPAIR -+ } else { -+ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, bytes) -+ selection = ossl.EVP_PKEY_PUBLIC_KEY -+ } -+ -+ params, err := bld.build() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ pkey, err := newEvpFromParams(ossl.EVP_PKEY_EC, selection, params) -+ if err != nil { -+ return nil, err -+ } -+ -+ if err := checkPkey(pkey, isPrivate); err != nil { -+ ossl.EVP_PKEY_free(pkey) -+ return nil, errors.New("crypto/ecdh: " + err.Error()) -+ } -+ return pkey, nil -+} -+ -+func pointMult(group ossl.EC_GROUP_PTR, priv ossl.BIGNUM_PTR) (ossl.EC_POINT_PTR, error) { -+ // OpenSSL does not expose any method to generate the public -+ // key from the private key [1], so we have to calculate it here. -+ // [1] https://github.com/openssl/openssl/issues/18437#issuecomment-1144717206 -+ pt, err := ossl.EC_POINT_new(group) -+ if err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EC_POINT_mul(group, pt, priv, nil, nil, nil); err != nil { -+ ossl.EC_POINT_free(pt) -+ return nil, err -+ } -+ return pt, nil -+} -+ -+func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) { -+ defer runtime.KeepAlive(priv) -+ defer runtime.KeepAlive(pub) -+ ctx, err := ossl.EVP_PKEY_CTX_new(priv._pkey, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if _, err := ossl.EVP_PKEY_derive_init(ctx); err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EVP_PKEY_derive_set_peer(ctx, pub._pkey); err != nil { -+ return nil, err -+ } -+ var keylen int -+ if _, err := ossl.EVP_PKEY_derive(ctx, nil, &keylen); err != nil { -+ return nil, err -+ } -+ out := make([]byte, keylen) -+ if _, err := ossl.EVP_PKEY_derive(ctx, out, &keylen); err != nil { -+ return nil, err -+ } -+ return out, nil -+} -+ -+func GenerateKeyECDH(curve string) (*PrivateKeyECDH, []byte, error) { -+ pkey, err := generateEVPPKey(curveID(curve), 0, curve) -+ if err != nil { -+ return nil, nil, err -+ } -+ var k *PrivateKeyECDH -+ defer func() { -+ if k == nil { -+ ossl.EVP_PKEY_free(pkey) -+ } -+ }() -+ var bytes []byte -+ if curve == "X25519" { -+ bytes = make([]byte, privateKeySizeX25519) -+ keylen := len(bytes) -+ if _, err := ossl.EVP_PKEY_get_raw_private_key(pkey, bytes, &keylen); err != nil { -+ return nil, nil, err -+ } -+ } else { -+ var priv ossl.BIGNUM_PTR -+ switch major() { -+ case 1: -+ key := getECKey(pkey) -+ priv = ossl.EC_KEY_get0_private_key(key) -+ if priv == nil { -+ return nil, nil, fail("missing ECDH private key") -+ } -+ case 3, 4: -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &priv); err != nil { -+ return nil, nil, err -+ } -+ defer ossl.BN_clear_free(priv) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ // We should not leak bit length of the secret scalar in the key. -+ // For this reason, we use BN_bn2binpad instead of BN_bn2bin with fixed length. -+ // The fixed length is the order of the large prime subgroup of the curve, -+ // returned by EVP_PKEY_get_bits, which is generally the upper bound for -+ // generating a private ECDH key. -+ bits, err := ossl.EVP_PKEY_get_bits(pkey) -+ if err != nil { -+ return nil, nil, err -+ } -+ bytes = make([]byte, (bits+7)/8) -+ if err := bnToBinPad(priv, bytes); err != nil { -+ return nil, nil, err -+ } -+ } -+ k = &PrivateKeyECDH{pkey, curve} -+ runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize) -+ return k, bytes, nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go b/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go -new file mode 100644 -index 00000000000000..eb7ccff87c14bd ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go -@@ -0,0 +1,219 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "crypto" -+ "runtime" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+type PrivateKeyECDSA struct { -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func (k *PrivateKeyECDSA) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PrivateKeyECDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} -+ -+type PublicKeyECDSA struct { -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func (k *PublicKeyECDSA) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PublicKeyECDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} -+ -+func NewPublicKeyECDSA(curve string, x, y BigInt) (*PublicKeyECDSA, error) { -+ pkey, err := newECDSAKey(curve, x, y, nil) -+ if err != nil { -+ return nil, err -+ } -+ k := &PublicKeyECDSA{_pkey: pkey} -+ runtime.SetFinalizer(k, (*PublicKeyECDSA).finalize) -+ return k, nil -+} -+ -+func NewPrivateKeyECDSA(curve string, x, y, d BigInt) (*PrivateKeyECDSA, error) { -+ pkey, err := newECDSAKey(curve, x, y, d) -+ if err != nil { -+ return nil, err -+ } -+ k := &PrivateKeyECDSA{_pkey: pkey} -+ runtime.SetFinalizer(k, (*PrivateKeyECDSA).finalize) -+ return k, nil -+} -+ -+func GenerateKeyECDSA(curve string) (x, y, d BigInt, err error) { -+ // Generate the private key. -+ pkey, err := generateEVPPKey(ossl.EVP_PKEY_EC, 0, curve) -+ if err != nil { -+ return nil, nil, nil, err -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ -+ var bx, by, bd ossl.BIGNUM_PTR -+ defer func() { -+ ossl.BN_free(bx) -+ ossl.BN_free(by) -+ }() -+ switch major() { -+ case 1: -+ // Retrieve the internal EC_KEY, which holds the X, Y, and D coordinates. -+ key := getECKey(pkey) -+ group := ossl.EC_KEY_get0_group(key) -+ pt := ossl.EC_KEY_get0_public_key(key) -+ // Allocate two big numbers to store the X and Y coordinates. -+ bx, err = ossl.BN_new() -+ if err != nil { -+ return nil, nil, nil, err -+ } -+ by, err = ossl.BN_new() -+ if err != nil { -+ return nil, nil, nil, err -+ } -+ // Get X and Y. -+ if _, err := ossl.EC_POINT_get_affine_coordinates_GFp(group, pt, bx, by, nil); err != nil { -+ return nil, nil, nil, err -+ } -+ // Get Z. We don't need to free it, get0 does not increase the reference count. -+ bd = ossl.EC_KEY_get0_private_key(key) -+ case 3, 4: -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_X.ptr(), &bx); err != nil { -+ return nil, nil, nil, err -+ } -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_Y.ptr(), &by); err != nil { -+ return nil, nil, nil, err -+ } -+ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &bd); err != nil { -+ return nil, nil, nil, err -+ } -+ defer ossl.BN_clear_free(bd) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ -+ // Get D. -+ return bnToBig(bx), bnToBig(by), bnToBig(bd), nil -+} -+ -+func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) { -+ return evpSign(priv.withKey, 0, 0, 0, hash) -+} -+ -+func HashSignECDSA(priv *PrivateKeyECDSA, h crypto.Hash, msg []byte) ([]byte, error) { -+ return evpHashSign(priv.withKey, h, msg) -+} -+ -+func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool { -+ return evpVerify(pub.withKey, 0, 0, 0, sig, hash) == nil -+} -+ -+func HashVerifyECDSA(pub *PublicKeyECDSA, h crypto.Hash, msg, sig []byte) bool { -+ return evpHashVerify(pub.withKey, h, msg, sig) == nil -+} -+ -+func newECDSAKey(curve string, x, y, d BigInt) (ossl.EVP_PKEY_PTR, error) { -+ nid := curveNID(curve) -+ bx, err := bigToBN(x) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.BN_free(bx) -+ by, err := bigToBN(y) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.BN_free(by) -+ var bd ossl.BIGNUM_PTR -+ if d != nil { -+ bd, err = bigToBN(d) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.BN_clear_free(bd) -+ } -+ switch major() { -+ case 1: -+ return newECDSAKey1(nid, bx, by, bd) -+ case 3, 4: -+ return newECDSAKey3(nid, bx, by, bd) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+func newECDSAKey1(nid int32, bx, by, bd ossl.BIGNUM_PTR) (pkey ossl.EVP_PKEY_PTR, err error) { -+ checkMajorVersion(1) -+ -+ key, err := ossl.EC_KEY_new_by_curve_name(nid) -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if pkey == nil { -+ defer ossl.EC_KEY_free(key) -+ } -+ }() -+ if _, err := ossl.EC_KEY_set_public_key_affine_coordinates(key, bx, by); err != nil { -+ return nil, err -+ } -+ if bd != nil { -+ if _, err := ossl.EC_KEY_set_private_key(key, bd); err != nil { -+ return nil, err -+ } -+ } -+ -+ return newEVPPKEY(key) -+} -+ -+func newECDSAKey3(nid int32, bx, by, bd ossl.BIGNUM_PTR) (ossl.EVP_PKEY_PTR, error) { -+ checkMajorVersion(3, 4) -+ -+ // Create the encoded public key public key from bx and by. -+ pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group ossl.EC_GROUP_PTR) (ossl.EC_POINT_PTR, error) { -+ pt, err := ossl.EC_POINT_new(group) -+ if err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EC_POINT_set_affine_coordinates(group, pt, bx, by, nil); err != nil { -+ ossl.EC_POINT_free(pt) -+ return nil, err -+ } -+ return pt, nil -+ }) -+ if err != nil { -+ return nil, err -+ } -+ // Construct the parameters. -+ bld := newParamBuilder() -+ defer bld.finalize() -+ bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, ossl.OBJ_nid2sn(nid), 0) -+ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubBytes) -+ var selection int32 -+ if bd != nil { -+ bld.addBN(_OSSL_PKEY_PARAM_PRIV_KEY, bd) -+ selection = ossl.EVP_PKEY_KEYPAIR -+ } else { -+ selection = ossl.EVP_PKEY_PUBLIC_KEY -+ } -+ params, err := bld.build() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ return newEvpFromParams(ossl.EVP_PKEY_EC, selection, params) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go b/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go -new file mode 100644 -index 00000000000000..0baf58dc756106 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go -@@ -0,0 +1,208 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "errors" -+ "runtime" -+ "strconv" -+ "sync" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+const ( -+ // publicKeySizeEd25519 is the size, in bytes, of public keys as used in crypto/ed25519. -+ publicKeySizeEd25519 = 32 -+ // privateKeySizeEd25519 is the size, in bytes, of private keys as used in crypto/ed25519. -+ privateKeySizeEd25519 = 64 -+ // signatureSizeEd25519 is the size, in bytes, of signatures generated and verified by crypto/ed25519. -+ signatureSizeEd25519 = 64 -+ // seedSizeEd25519 is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032. -+ seedSizeEd25519 = 32 -+) -+ -+// TODO: Add support for Ed25519ph and Ed25519ctx when OpenSSL supports them, -+// which will probably be in 3.2.0 (https://github.com/openssl/openssl/issues/20418). -+ -+var supportsEd25519 = sync.OnceValue(func() bool { -+ switch major() { -+ case 1: -+ ctx, _ := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_ED25519, nil) -+ if ctx != nil { -+ ossl.EVP_PKEY_CTX_free(ctx) -+ return true -+ } -+ case 3, 4: -+ sig, _ := ossl.EVP_SIGNATURE_fetch(nil, _KeyTypeED25519.ptr(), nil) -+ if sig != nil { -+ ossl.EVP_SIGNATURE_free(sig) -+ return true -+ } -+ } -+ return false -+}) -+ -+// SupportsEd25519 returns true if the current OpenSSL version supports -+// GenerateKeyEd25519, NewKeyFromSeedEd25519, SignEd25519 and VerifyEd25519. -+func SupportsEd25519() bool { -+ return supportsEd25519() -+} -+ -+type PublicKeyEd25519 struct { -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func (k *PublicKeyEd25519) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PublicKeyEd25519) Bytes() ([]byte, error) { -+ defer runtime.KeepAlive(k) -+ pub := make([]byte, publicKeySizeEd25519) -+ if err := extractPKEYRawPublic(k._pkey, pub); err != nil { -+ return nil, err -+ } -+ return pub, nil -+} -+ -+type PrivateKeyEd25519 struct { -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func (k *PrivateKeyEd25519) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PrivateKeyEd25519) Bytes() ([]byte, error) { -+ defer runtime.KeepAlive(k) -+ priv := make([]byte, privateKeySizeEd25519) -+ if err := extractPKEYPrivEd25519(k._pkey, priv); err != nil { -+ return nil, err -+ } -+ return priv, nil -+} -+ -+func (k *PrivateKeyEd25519) Public() (*PublicKeyEd25519, error) { -+ pub := make([]byte, publicKeySizeEd25519) -+ if err := extractPKEYRawPublic(k._pkey, pub); err != nil { -+ return nil, err -+ } -+ pubk, err := NewPublicKeyEd25519(pub) -+ if err != nil { -+ return nil, err -+ } -+ return pubk, nil -+} -+ -+// GenerateKeyEd25519 generates a private key. -+func GenerateKeyEd25519() (*PrivateKeyEd25519, error) { -+ pkeyPriv, err := generateEVPPKey(ossl.EVP_PKEY_ED25519, 0, "") -+ if err != nil { -+ return nil, err -+ } -+ priv := &PrivateKeyEd25519{_pkey: pkeyPriv} -+ runtime.SetFinalizer(priv, (*PrivateKeyEd25519).finalize) -+ return priv, nil -+} -+ -+// Deprecated: use NewPrivateKeyEd25519 instead. -+func NewPrivateKeyEd25119(priv []byte) (*PrivateKeyEd25519, error) { -+ return NewPrivateKeyEd25519(priv) -+} -+ -+func NewPrivateKeyEd25519(priv []byte) (*PrivateKeyEd25519, error) { -+ if len(priv) != privateKeySizeEd25519 { -+ panic("ed25519: bad private key length: " + strconv.Itoa(len(priv))) -+ } -+ return NewPrivateKeyEd25519FromSeed(priv[:seedSizeEd25519]) -+} -+ -+// Deprecated: use NewPublicKeyEd25519 instead. -+func NewPublicKeyEd25119(pub []byte) (*PublicKeyEd25519, error) { -+ return NewPublicKeyEd25519(pub) -+} -+ -+func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { -+ if len(pub) != publicKeySizeEd25519 { -+ panic("ed25519: bad public key length: " + strconv.Itoa(len(pub))) -+ } -+ pkey, err := ossl.EVP_PKEY_new_raw_public_key(ossl.EVP_PKEY_ED25519, nil, pub) -+ if err != nil { -+ return nil, err -+ } -+ pubk := &PublicKeyEd25519{_pkey: pkey} -+ runtime.SetFinalizer(pubk, (*PublicKeyEd25519).finalize) -+ return pubk, nil -+} -+ -+// NewPrivateKeyEd25519FromSeed calculates a private key from a seed. It will panic if -+// len(seed) is not [SeedSize]. RFC 8032's private keys correspond to seeds in this -+// package. -+func NewPrivateKeyEd25519FromSeed(seed []byte) (*PrivateKeyEd25519, error) { -+ if len(seed) != seedSizeEd25519 { -+ panic("ed25519: bad seed length: " + strconv.Itoa(len(seed))) -+ } -+ pkey, err := ossl.EVP_PKEY_new_raw_private_key(ossl.EVP_PKEY_ED25519, nil, seed) -+ if err != nil { -+ return nil, err -+ } -+ priv := &PrivateKeyEd25519{_pkey: pkey} -+ runtime.SetFinalizer(priv, (*PrivateKeyEd25519).finalize) -+ return priv, nil -+} -+ -+func extractPKEYPrivEd25519(pkey ossl.EVP_PKEY_PTR, priv []byte) error { -+ if err := extractPKEYRawPublic(pkey, priv[seedSizeEd25519:]); err != nil { -+ return err -+ } -+ return extractPKEYRawPrivate(pkey, priv[:seedSizeEd25519]) -+} -+ -+// SignEd25519 signs the message with priv and returns a signature. -+func SignEd25519(priv *PrivateKeyEd25519, message []byte) (sig []byte, err error) { -+ // Outline the function body so that the returned key can be stack-allocated. -+ sig = make([]byte, signatureSizeEd25519) -+ err = signEd25519(priv, sig, message) -+ if err != nil { -+ return nil, err -+ } -+ return sig, err -+} -+ -+func signEd25519(priv *PrivateKeyEd25519, sig, message []byte) error { -+ defer runtime.KeepAlive(priv) -+ ctx, err := ossl.EVP_MD_CTX_new() -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_MD_CTX_free(ctx) -+ if _, err := ossl.EVP_DigestSignInit(ctx, nil, nil, nil, priv._pkey); err != nil { -+ return err -+ } -+ siglen := signatureSizeEd25519 -+ if _, err := ossl.EVP_DigestSign(ctx, sig, &siglen, message); err != nil { -+ return err -+ } -+ if siglen != signatureSizeEd25519 { -+ return errors.New("ed25519: bad signature length: " + strconv.Itoa(siglen)) -+ } -+ return nil -+} -+ -+// VerifyEd25519 reports whether sig is a valid signature of message by pub. -+func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error { -+ defer runtime.KeepAlive(pub) -+ ctx, err := ossl.EVP_MD_CTX_new() -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_MD_CTX_free(ctx) -+ if _, err := ossl.EVP_DigestVerifyInit(ctx, nil, nil, nil, pub._pkey); err != nil { -+ return err -+ } -+ if _, err := ossl.EVP_DigestVerify(ctx, sig, message); err != nil { -+ return errors.New("ed25519: invalid signature") -+ } -+ return nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/evp.go b/src/vendor/github.com/golang-fips/openssl/v2/evp.go -new file mode 100644 -index 00000000000000..ff59409e3d1f76 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/evp.go -@@ -0,0 +1,614 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "crypto" -+ "errors" -+ "hash" -+ "strconv" -+ "sync" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// cacheMD is a cache of crypto.Hash to GOossl.EVP_MD_PTR. -+var cacheMD sync.Map -+ -+// hashFuncHash calls fn() and returns its result. -+// If fn() panics, the panic is recovered and returned as an error. -+// This is used to avoid aborting the program when calling -+// an unsupported hash function. It is the caller's responsibility -+// to check the returned value. -+func hashFuncHash(fn func() hash.Hash) (h hash.Hash, err error) { -+ defer func() { -+ r := recover() -+ if r == nil { -+ return -+ } -+ h = nil -+ switch e := r.(type) { -+ case error: -+ err = e -+ case string: -+ err = errors.New(e) -+ default: -+ err = errors.New("unsupported panic") -+ } -+ }() -+ return fn(), nil -+} -+ -+// hashToMD converts a hash.Hash implementation from this package to a GOossl.EVP_MD_PTR. -+func hashToMD(h hash.Hash) ossl.EVP_MD_PTR { -+ if h, ok := h.(*Hash); ok { -+ return h.alg.md -+ } -+ return nil -+} -+ -+// hashToCryptoHash converts a hash.Hash implementation from this package to a crypto.Hash. -+func hashToCryptoHash(h hash.Hash) crypto.Hash { -+ if h, ok := h.(*Hash); ok { -+ return h.alg.ch -+ } -+ return 0 -+} -+ -+// hashFuncToMD converts a hash.Hash function to a GOossl.EVP_MD_PTR. -+// See [hashFuncHash] for details on error handling. -+func hashFuncToMD(fn func() hash.Hash) (ossl.EVP_MD_PTR, error) { -+ h, err := hashFuncHash(fn) -+ if err != nil { -+ return nil, err -+ } -+ md := hashToMD(h) -+ if md == nil { -+ return nil, errors.New("unsupported hash function") -+ } -+ return md, nil -+} -+ -+// provider is an identifier for a known provider. -+type provider uint8 -+ -+const ( -+ providerNone provider = iota -+ providerOSSLDefault -+ providerOSSLFIPS -+ providerSymCrypt -+) -+ -+type hashAlgorithm struct { -+ md ossl.EVP_MD_PTR -+ ch crypto.Hash -+ size int -+ blockSize int -+ provider provider -+ marshallable bool -+ magic string -+ marshalledSize int -+} -+ -+// loadHash converts a crypto.Hash to a EVP_MD. -+func loadHash(ch crypto.Hash, must bool) (h *hashAlgorithm) { -+ defer func() { -+ if h == nil && must { -+ panic("openssl: unsupported hash function: " + strconv.Itoa(int(ch))) -+ } -+ }() -+ if v, ok := cacheMD.Load(ch); ok { -+ return v.(*hashAlgorithm) -+ } -+ -+ var hash hashAlgorithm -+ switch ch { -+ case crypto.RIPEMD160: -+ hash.md = ossl.EVP_ripemd160() -+ case crypto.MD4: -+ hash.md = ossl.EVP_md4() -+ case crypto.MD5: -+ hash.md = ossl.EVP_md5() -+ hash.magic = magicMD5 -+ hash.marshalledSize = marshaledSizeMD5 -+ case crypto.MD5SHA1: -+ hash.md = ossl.EVP_md5_sha1() -+ case crypto.SHA1: -+ hash.md = ossl.EVP_sha1() -+ hash.magic = magic1 -+ hash.marshalledSize = marshaledSize1 -+ case crypto.SHA224: -+ hash.md = ossl.EVP_sha224() -+ hash.magic = magic224 -+ hash.marshalledSize = marshaledSize256 -+ case crypto.SHA256: -+ hash.md = ossl.EVP_sha256() -+ hash.magic = magic256 -+ hash.marshalledSize = marshaledSize256 -+ case crypto.SHA384: -+ hash.md = ossl.EVP_sha384() -+ hash.magic = magic384 -+ hash.marshalledSize = marshaledSize512 -+ case crypto.SHA512: -+ hash.md = ossl.EVP_sha512() -+ hash.magic = magic512 -+ hash.marshalledSize = marshaledSize512 -+ case crypto.SHA512_224: -+ hash.md = ossl.EVP_sha512_224() -+ hash.magic = magic512_224 -+ hash.marshalledSize = marshaledSize512 -+ case crypto.SHA512_256: -+ hash.md = ossl.EVP_sha512_256() -+ hash.magic = magic512_256 -+ hash.marshalledSize = marshaledSize512 -+ case crypto.SHA3_224: -+ hash.md = ossl.EVP_sha3_224() -+ case crypto.SHA3_256: -+ hash.md = ossl.EVP_sha3_256() -+ case crypto.SHA3_384: -+ hash.md = ossl.EVP_sha3_384() -+ case crypto.SHA3_512: -+ hash.md = ossl.EVP_sha3_512() -+ } -+ if hash.md == nil { -+ cacheMD.Store(ch, (*hashAlgorithm)(nil)) -+ return nil -+ } -+ hash.ch = ch -+ hash.size = int(ossl.EVP_MD_get_size(hash.md)) -+ hash.blockSize = int(ossl.EVP_MD_get_block_size(hash.md)) -+ switch major() { -+ case 3, 4: -+ // On OpenSSL 3, directly operating on a EVP_MD object -+ // not created by EVP_MD_fetch has negative performance -+ // implications, as digest operations will have -+ // to fetch it on every call. Better to just fetch it once here. -+ md, _ := ossl.EVP_MD_fetch(nil, ossl.EVP_MD_get0_name(hash.md), nil) -+ // Don't overwrite md in case it can't be fetched, as the md may still be used -+ // outside of EVP_MD_CTX, for example to sign and verify RSA signatures. -+ if md != nil { -+ hash.md = md -+ } -+ } -+ if hash.magic != "" { -+ if hash.marshalledSize == 0 { -+ panic("marshalledSize must be set for " + hash.magic) -+ } -+ } -+ -+ switch major() { -+ case 1: -+ hash.provider = providerOSSLDefault -+ case 3, 4: -+ if prov := ossl.EVP_MD_get0_provider(hash.md); prov != nil { -+ cname := ossl.OSSL_PROVIDER_get0_name(prov) -+ switch goString(cname) { -+ case "default": -+ hash.provider = providerOSSLDefault -+ hash.marshallable = hash.magic != "" -+ case "fips": -+ hash.provider = providerOSSLFIPS -+ hash.marshallable = hash.magic != "" -+ case "symcryptprovider": -+ hash.provider = providerSymCrypt -+ hash.marshallable = hash.magic != "" && isSymCryptHashStateSerializable(hash.md) -+ } -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ -+ cacheMD.Store(ch, &hash) -+ return &hash -+} -+ -+// generateEVPPKey generates a new EVP_PKEY with the given id and properties. -+func generateEVPPKey(id, bits int32, curve string) (ossl.EVP_PKEY_PTR, error) { -+ if bits != 0 && curve != "" { -+ return nil, fail("incorrect generateEVPPKey parameters") -+ } -+ var pkey ossl.EVP_PKEY_PTR -+ switch major() { -+ case 1: -+ ctx, err := ossl.EVP_PKEY_CTX_new_id(id, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if _, err := ossl.EVP_PKEY_keygen_init(ctx); err != nil { -+ return nil, err -+ } -+ if bits != 0 { -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, id, -1, ossl.EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, nil); err != nil { -+ return nil, err -+ } -+ } -+ if id == ossl.EVP_PKEY_EC && curve != "" { -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, id, -1, ossl.EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, curveNID(curve), nil); err != nil { -+ return nil, err -+ } -+ } -+ if _, err := ossl.EVP_PKEY_keygen(ctx, &pkey); err != nil { -+ return nil, err -+ } -+ case 3, 4: -+ var err error -+ switch id { -+ case ossl.EVP_PKEY_RSA: -+ pkey, err = ossl.EVP_PKEY_Q_keygen_RSA(nil, nil, _KeyTypeRSA.ptr(), int(bits)) -+ case ossl.EVP_PKEY_EC: -+ pkey, err = ossl.EVP_PKEY_Q_keygen_EC(nil, nil, _KeyTypeEC.ptr(), ossl.OBJ_nid2sn(curveNID(curve))) -+ case ossl.EVP_PKEY_ED25519: -+ pkey, err = ossl.EVP_PKEY_Q_keygen_ED25519(nil, nil, _KeyTypeED25519.ptr()) -+ case ossl.EVP_PKEY_X25519: -+ pkey, err = ossl.EVP_PKEY_Q_keygen_X25519(nil, nil, _KeyTypeX25519.ptr()) -+ case ossl.EVP_PKEY_MLKEM_768: -+ pkey, err = ossl.EVP_PKEY_Q_keygen_MLKEM(nil, nil, _KeyTypeMLKEM768.ptr()) -+ case ossl.EVP_PKEY_MLKEM_1024: -+ pkey, err = ossl.EVP_PKEY_Q_keygen_MLKEM(nil, nil, _KeyTypeMLKEM1024.ptr()) -+ case ossl.EVP_PKEY_ML_DSA_44: -+ pkey, err = ossl.EVP_PKEY_Q_keygen_MLDSA(nil, nil, _KeyTypeMLDSA44.ptr()) -+ case ossl.EVP_PKEY_ML_DSA_65: -+ pkey, err = ossl.EVP_PKEY_Q_keygen_MLDSA(nil, nil, _KeyTypeMLDSA65.ptr()) -+ case ossl.EVP_PKEY_ML_DSA_87: -+ pkey, err = ossl.EVP_PKEY_Q_keygen_MLDSA(nil, nil, _KeyTypeMLDSA87.ptr()) -+ default: -+ panic("unsupported key type '" + strconv.Itoa(int(id)) + "'") -+ } -+ if err != nil { -+ return nil, err -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ -+ return pkey, nil -+} -+ -+type withKeyFunc func(func(ossl.EVP_PKEY_PTR) error) error -+type initFunc func(ossl.EVP_PKEY_CTX_PTR) error -+type cryptFunc func(ossl.EVP_PKEY_CTX_PTR, []byte, *int, []byte) error -+type verifyFunc func(ossl.EVP_PKEY_CTX_PTR, []byte, []byte) error -+ -+func setupEVP(withKey withKeyFunc, padding int32, -+ h, mgfHash hash.Hash, label []byte, saltLen int32, ch crypto.Hash, -+ init initFunc) (_ ossl.EVP_PKEY_CTX_PTR, err error) { -+ var ctx ossl.EVP_PKEY_CTX_PTR -+ if err := withKey(func(pkey ossl.EVP_PKEY_PTR) error { -+ ctx, err = ossl.EVP_PKEY_CTX_new(pkey, nil) -+ return err -+ }); err != nil { -+ return nil, err -+ } -+ defer func() { -+ if err != nil { -+ if ctx != nil { -+ ossl.EVP_PKEY_CTX_free(ctx) -+ ctx = nil -+ } -+ } -+ }() -+ if err := init(ctx); err != nil { -+ return nil, err -+ } -+ if padding == 0 { -+ return ctx, nil -+ } -+ // Each padding type has its own requirements in terms of when to apply the padding, -+ // so it can't be just set at this point. -+ switch padding { -+ case ossl.RSA_PKCS1_OAEP_PADDING: -+ err = setOAEPPadding(ctx, h, mgfHash, label) -+ case ossl.RSA_PKCS1_PSS_PADDING: -+ err = setPSSPadding(ctx, saltLen, ch) -+ case ossl.RSA_PKCS1_PADDING: -+ err = setPKCS1Padding(ctx, ch) -+ default: -+ _, err = ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PADDING, padding, nil) -+ } -+ if err != nil { -+ return nil, err -+ } -+ return ctx, nil -+} -+ -+func setPSSPadding(ctx ossl.EVP_PKEY_CTX_PTR, saltLen int32, ch crypto.Hash) error { -+ alg := loadHash(ch, false) -+ if alg == nil { -+ return errors.New("crypto/rsa: unsupported hash function") -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(alg.md)); err != nil { -+ return err -+ } -+ // setPadding must happen after setting EVP_PKEY_CTRL_MD. -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PADDING, ossl.RSA_PKCS1_PSS_PADDING, nil); err != nil { -+ return err -+ } -+ if saltLen != 0 { -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PSS_SALTLEN, saltLen, nil); err != nil { -+ return err -+ } -+ } -+ return nil -+} -+ -+func setPKCS1Padding(ctx ossl.EVP_PKEY_CTX_PTR, ch crypto.Hash) error { -+ if ch == 0 { -+ // We support unhashed messages. -+ return nil -+ } -+ alg := loadHash(ch, false) -+ if alg == nil { -+ return errors.New("crypto/rsa: unsupported hash function") -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, -1, ossl.EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(alg.md)); err != nil { -+ return err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PADDING, ossl.RSA_PKCS1_PADDING, nil); err != nil { -+ return err -+ } -+ return nil -+} -+ -+func setOAEPPadding(ctx ossl.EVP_PKEY_CTX_PTR, h, mgfHash hash.Hash, label []byte) error { -+ md := hashToMD(h) -+ if md == nil { -+ return errors.New("crypto/rsa: unsupported hash function") -+ } -+ var mgfMD ossl.EVP_MD_PTR -+ if mgfHash != nil { -+ // mgfHash is optional, but if it is set it must match a supported hash function. -+ mgfMD = hashToMD(mgfHash) -+ if mgfMD == nil { -+ return errors.New("crypto/rsa: unsupported hash function") -+ } -+ } -+ // setPadding must happen before setting EVP_PKEY_CTRL_RSA_OAEP_MD. -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PADDING, ossl.RSA_PKCS1_OAEP_PADDING, nil); err != nil { -+ return err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_OAEP_MD, 0, unsafe.Pointer(md)); err != nil { -+ return err -+ } -+ if mgfHash != nil { -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_MGF1_MD, 0, unsafe.Pointer(mgfMD)); err != nil { -+ return err -+ } -+ } -+ // ctx takes ownership of label, so malloc a copy for OpenSSL to free. -+ // OpenSSL does not take ownership of the label if the length is zero, -+ // so better avoid the allocation. -+ var clabel *byte -+ if len(label) > 0 { -+ clabel = (*byte)(cryptoMalloc(len(label))) -+ copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label) -+ var err error -+ switch major() { -+ case 3, 4: -+ _, err = ossl.EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, unsafe.Slice(clabel, len(label))) -+ default: -+ _, err = ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_OAEP_LABEL, int32(len(label)), unsafe.Pointer(clabel)) -+ } -+ if err != nil { -+ cryptoFree(unsafe.Pointer(clabel)) -+ return err -+ } -+ } -+ return nil -+} -+ -+func cryptEVP(withKey withKeyFunc, padding int32, -+ h, mgfHash hash.Hash, label []byte, saltLen int32, ch crypto.Hash, -+ init initFunc, crypt cryptFunc, in []byte) ([]byte, error) { -+ -+ ctx, err := setupEVP(withKey, padding, h, mgfHash, label, saltLen, ch, init) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ var pkeySize int32 -+ if err := withKey(func(pkey ossl.EVP_PKEY_PTR) (err error) { -+ pkeySize, err = ossl.EVP_PKEY_get_size(pkey) -+ return err -+ }); err != nil { -+ return nil, err -+ } -+ outLen := int(pkeySize) -+ out := make([]byte, pkeySize) -+ if err := crypt(ctx, out, &outLen, in); err != nil { -+ return nil, err -+ } -+ // The size returned by EVP_PKEY_get_size() is only preliminary and not exact, -+ // so the final contents of the out buffer may be smaller. -+ return out[:outLen], nil -+} -+ -+func verifyEVP(withKey withKeyFunc, padding int32, -+ h hash.Hash, label []byte, saltLen int32, ch crypto.Hash, -+ init initFunc, verify verifyFunc, -+ sig, in []byte) error { -+ -+ ctx, err := setupEVP(withKey, padding, h, nil, label, saltLen, ch, init) -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ return verify(ctx, sig, in) -+} -+ -+func evpEncrypt(withKey withKeyFunc, padding int32, h, mgfHash hash.Hash, label, msg []byte) ([]byte, error) { -+ encryptInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { -+ _, err := ossl.EVP_PKEY_encrypt_init(ctx) -+ return err -+ } -+ encrypt := func(ctx ossl.EVP_PKEY_CTX_PTR, out []byte, outLen *int, in []byte) error { -+ if _, err := ossl.EVP_PKEY_encrypt(ctx, out, outLen, in); err != nil { -+ return err -+ } -+ return nil -+ } -+ return cryptEVP(withKey, padding, h, mgfHash, label, 0, 0, encryptInit, encrypt, msg) -+} -+ -+func evpDecrypt(withKey withKeyFunc, padding int32, h, mgfHash hash.Hash, label, msg []byte) ([]byte, error) { -+ decryptInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { -+ _, err := ossl.EVP_PKEY_decrypt_init(ctx) -+ return err -+ } -+ decrypt := func(ctx ossl.EVP_PKEY_CTX_PTR, out []byte, outLen *int, in []byte) error { -+ _, err := ossl.EVP_PKEY_decrypt(ctx, out, outLen, in) -+ return err -+ } -+ return cryptEVP(withKey, padding, h, mgfHash, label, 0, 0, decryptInit, decrypt, msg) -+} -+ -+func evpSign(withKey withKeyFunc, padding int32, saltLen int32, h crypto.Hash, hashed []byte) ([]byte, error) { -+ signtInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { -+ _, err := ossl.EVP_PKEY_sign_init(ctx) -+ return err -+ } -+ sign := func(ctx ossl.EVP_PKEY_CTX_PTR, out []byte, outLen *int, in []byte) error { -+ _, err := ossl.EVP_PKEY_sign(ctx, out, outLen, in) -+ return err -+ } -+ return cryptEVP(withKey, padding, nil, nil, nil, saltLen, h, signtInit, sign, hashed) -+} -+ -+func evpVerify(withKey withKeyFunc, padding int32, saltLen int32, h crypto.Hash, sig, hashed []byte) error { -+ verifyInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { -+ _, err := ossl.EVP_PKEY_verify_init(ctx) -+ return err -+ } -+ verify := func(ctx ossl.EVP_PKEY_CTX_PTR, sig []byte, in []byte) error { -+ _, err := ossl.EVP_PKEY_verify(ctx, sig, in) -+ return err -+ } -+ return verifyEVP(withKey, padding, nil, nil, saltLen, h, verifyInit, verify, sig, hashed) -+} -+ -+func evpHashSign(withKey withKeyFunc, h crypto.Hash, msg []byte) ([]byte, error) { -+ alg := loadHash(h, false) -+ if alg == nil { -+ return nil, errors.New("unsupported hash function: " + strconv.Itoa(int(h))) -+ } -+ var out []byte -+ var outLen int -+ ctx, err := ossl.EVP_MD_CTX_new() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_MD_CTX_free(ctx) -+ if err := withKey(func(key ossl.EVP_PKEY_PTR) error { -+ _, err := ossl.EVP_DigestSignInit(ctx, nil, alg.md, nil, key) -+ return err -+ }); err != nil { -+ return nil, err -+ } -+ if len(msg) > 0 { -+ if _, err := ossl.EVP_DigestUpdate(ctx, msg); err != nil { -+ return nil, err -+ } -+ } -+ // Obtain the signature length -+ if _, err := ossl.EVP_DigestSignFinal(ctx, nil, &outLen); err != nil { -+ return nil, err -+ } -+ out = make([]byte, outLen) -+ // Obtain the signature -+ if _, err := ossl.EVP_DigestSignFinal(ctx, out, &outLen); err != nil { -+ return nil, err -+ } -+ return out[:outLen], nil -+} -+ -+func evpHashVerify(withKey withKeyFunc, h crypto.Hash, msg, sig []byte) error { -+ alg := loadHash(h, false) -+ if alg == nil { -+ return errors.New("unsupported hash function: " + strconv.Itoa(int(h))) -+ } -+ ctx, err := ossl.EVP_MD_CTX_new() -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_MD_CTX_free(ctx) -+ if err := withKey(func(key ossl.EVP_PKEY_PTR) error { -+ _, err := ossl.EVP_DigestVerifyInit(ctx, nil, alg.md, nil, key) -+ return err -+ }); err != nil { -+ return err -+ } -+ if len(msg) > 0 { -+ if _, err := ossl.EVP_DigestUpdate(ctx, msg); err != nil { -+ return err -+ } -+ } -+ if _, err := ossl.EVP_DigestVerifyFinal(ctx, sig); err != nil { -+ return err -+ } -+ return nil -+} -+ -+func newEVPPKEY(key ossl.EC_KEY_PTR) (ossl.EVP_PKEY_PTR, error) { -+ pkey, err := ossl.EVP_PKEY_new() -+ if err != nil { -+ return nil, err -+ } -+ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_EC, unsafe.Pointer(key)); err != nil { -+ ossl.EVP_PKEY_free(pkey) -+ return nil, err -+ } -+ return pkey, nil -+} -+ -+// getECKey returns the EC_KEY from pkey. -+// If pkey does not contain an EC_KEY it panics. -+// The returned key should not be freed. -+func getECKey(pkey ossl.EVP_PKEY_PTR) ossl.EC_KEY_PTR { -+ key, err := ossl.EVP_PKEY_get0_EC_KEY(pkey) -+ if err != nil { -+ panic(err) -+ } -+ return key -+} -+ -+func newEvpFromParams(id int32, selection int32, params ossl.OSSL_PARAM_PTR) (ossl.EVP_PKEY_PTR, error) { -+ ctx, err := ossl.EVP_PKEY_CTX_new_id(id, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if _, err := ossl.EVP_PKEY_fromdata_init(ctx); err != nil { -+ return nil, err -+ } -+ var pkey ossl.EVP_PKEY_PTR -+ if _, err := ossl.EVP_PKEY_fromdata(ctx, &pkey, selection, params); err != nil { -+ //versionguardcheck:ignore OpenSSL 3.0.0–3.0.2 leak EVP_PKEY on error: https://github.com/openssl/openssl/issues/17407. -+ if major() == 3 && minor() == 0 && patch() <= 2 { -+ ossl.EVP_PKEY_free(pkey) -+ } -+ return nil, err -+ } -+ return pkey, nil -+} -+ -+func checkPkey(pkey ossl.EVP_PKEY_PTR, isPrivate bool) error { -+ ctx, err := ossl.EVP_PKEY_CTX_new(pkey, nil) -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if isPrivate { -+ if _, err := ossl.EVP_PKEY_private_check(ctx); err != nil { -+ // Match upstream error message. -+ return errors.New("invalid private key") -+ } -+ } else { -+ // Upstream Go does a partial check here, so do we. -+ if _, err := ossl.EVP_PKEY_public_check_quick(ctx); err != nil { -+ // Match upstream error message. -+ return errors.New("invalid public key") -+ } -+ } -+ return nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hash.go b/src/vendor/github.com/golang-fips/openssl/v2/hash.go -new file mode 100644 -index 00000000000000..d9c2c6c5f989e0 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/hash.go -@@ -0,0 +1,520 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "crypto" -+ "errors" -+ "hash" -+ "runtime" -+ "strconv" -+ "sync" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+const ( -+ magicMD5 = "md5\x01" -+ magic1 = "sha\x01" -+ magic224 = "sha\x02" -+ magic256 = "sha\x03" -+ magic384 = "sha\x04" -+ magic512_224 = "sha\x05" -+ magic512_256 = "sha\x06" -+ magic512 = "sha\x07" -+ -+ marshaledSizeMD5 = len(magicMD5) + 4*4 + 64 + 8 // from crypto/md5 -+ marshaledSize1 = len(magic1) + 5*4 + 64 + 8 // from crypto/sha1 -+ marshaledSize256 = len(magic256) + 8*4 + 64 + 8 // from crypto/sha256 -+ marshaledSize512 = len(magic512) + 8*8 + 128 + 8 // from crypto/sha512 -+) -+ -+// maxHashSize is the size of SHA52 and SHA3_512, the largest hashes we support. -+const maxHashSize = 64 -+ -+type HashCloner = hash.Cloner -+ -+func hashOneShot(ch crypto.Hash, p []byte, sum []byte) bool { -+ _, err := ossl.EVP_Digest(p, sum, nil, loadHash(ch, true).md, nil) -+ return err == nil -+} -+ -+func MD4(p []byte) (sum [16]byte) { -+ if !hashOneShot(crypto.MD4, p, sum[:]) { -+ panic("openssl: MD4 failed") -+ } -+ return -+} -+ -+func MD5(p []byte) (sum [16]byte) { -+ if !hashOneShot(crypto.MD5, p, sum[:]) { -+ panic("openssl: MD5 failed") -+ } -+ return -+} -+ -+func SHA1(p []byte) (sum [20]byte) { -+ if !hashOneShot(crypto.SHA1, p, sum[:]) { -+ panic("openssl: SHA1 failed") -+ } -+ return -+} -+ -+func SHA224(p []byte) (sum [28]byte) { -+ if !hashOneShot(crypto.SHA224, p, sum[:]) { -+ panic("openssl: SHA224 failed") -+ } -+ return -+} -+ -+func SHA256(p []byte) (sum [32]byte) { -+ if !hashOneShot(crypto.SHA256, p, sum[:]) { -+ panic("openssl: SHA256 failed") -+ } -+ return -+} -+ -+func SHA384(p []byte) (sum [48]byte) { -+ if !hashOneShot(crypto.SHA384, p, sum[:]) { -+ panic("openssl: SHA384 failed") -+ } -+ return -+} -+ -+func SHA512(p []byte) (sum [64]byte) { -+ if !hashOneShot(crypto.SHA512, p, sum[:]) { -+ panic("openssl: SHA512 failed") -+ } -+ return -+} -+ -+func SHA512_224(p []byte) (sum [28]byte) { -+ if !hashOneShot(crypto.SHA512_224, p, sum[:]) { -+ panic("openssl: SHA512 failed") -+ } -+ return -+} -+ -+func SHA512_256(p []byte) (sum [32]byte) { -+ if !hashOneShot(crypto.SHA512_256, p, sum[:]) { -+ panic("openssl: SHA512_256 failed") -+ } -+ return -+} -+ -+// cacheHashSupported is a cache of crypto.Hash support. -+var cacheHashSupported sync.Map -+ -+// SupportsHash reports whether the current OpenSSL version supports the given hash. -+func SupportsHash(h crypto.Hash) bool { -+ if v, ok := cacheHashSupported.Load(h); ok { -+ return v.(bool) -+ } -+ alg := loadHash(h, false) -+ if alg == nil { -+ cacheHashSupported.Store(h, false) -+ return false -+ } -+ // EVP_MD objects can be non-nil even when they can't be used -+ // in a EVP_MD_CTX, e.g. MD5 in FIPS mode. We need to prove -+ // if they can be used by passing them to a EVP_MD_CTX. -+ var supported bool -+ if ctx, _ := ossl.EVP_MD_CTX_new(); ctx != nil { -+ _, err := ossl.EVP_DigestInit_ex(ctx, alg.md, nil) -+ supported = err == nil -+ ossl.EVP_MD_CTX_free(ctx) -+ } -+ cacheHashSupported.Store(h, supported) -+ return supported -+} -+ -+func SumSHA3_224(p []byte) (sum [28]byte) { -+ if !hashOneShot(crypto.SHA3_224, p, sum[:]) { -+ panic("openssl: SHA3_224 failed") -+ } -+ return -+} -+ -+func SumSHA3_256(p []byte) (sum [32]byte) { -+ if !hashOneShot(crypto.SHA3_256, p, sum[:]) { -+ panic("openssl: SHA3_256 failed") -+ } -+ return -+} -+ -+func SumSHA3_384(p []byte) (sum [48]byte) { -+ if !hashOneShot(crypto.SHA3_384, p, sum[:]) { -+ panic("openssl: SHA3_384 failed") -+ } -+ return -+} -+ -+func SumSHA3_512(p []byte) (sum [64]byte) { -+ if !hashOneShot(crypto.SHA3_512, p, sum[:]) { -+ panic("openssl: SHA3_512 failed") -+ } -+ return -+} -+ -+// NewMD4 returns a new MD4 hash. -+// The returned hash doesn't implement encoding.BinaryMarshaler and -+// encoding.BinaryUnmarshaler. -+func NewMD4() hash.Hash { -+ return newHash(crypto.MD4) -+} -+ -+// NewMD5 returns a new MD5 hash. -+func NewMD5() hash.Hash { -+ return newHash(crypto.MD5) -+} -+ -+// NewSHA1 returns a new SHA1 hash. -+func NewSHA1() hash.Hash { -+ return newHash(crypto.SHA1) -+} -+ -+// NewSHA224 returns a new SHA224 hash. -+func NewSHA224() hash.Hash { -+ return newHash(crypto.SHA224) -+} -+ -+// NewSHA256 returns a new SHA256 hash. -+func NewSHA256() hash.Hash { -+ return newHash(crypto.SHA256) -+} -+ -+// NewSHA384 returns a new SHA384 hash. -+func NewSHA384() hash.Hash { -+ return newHash(crypto.SHA384) -+} -+ -+// NewSHA512 returns a new SHA512 hash. -+func NewSHA512() hash.Hash { -+ return newHash(crypto.SHA512) -+} -+ -+// NewSHA512_224 returns a new SHA512_224 hash. -+func NewSHA512_224() hash.Hash { -+ return newHash(crypto.SHA512_224) -+} -+ -+// NewSHA512_256 returns a new SHA512_256 hash. -+func NewSHA512_256() hash.Hash { -+ return newHash(crypto.SHA512_256) -+} -+ -+// NewSHA3_224 returns a new SHA3-224 hash. -+func NewSHA3_224() *Hash { -+ return newHash(crypto.SHA3_224) -+} -+ -+// NewSHA3_256 creates a new SHA3-256 hash. -+func NewSHA3_256() *Hash { -+ return newHash(crypto.SHA3_256) -+} -+ -+// NewSHA3_384 creates a new SHA3-384 hash. -+func NewSHA3_384() *Hash { -+ return newHash(crypto.SHA3_384) -+} -+ -+// NewSHA3_512 creates a new SHA3-512 hash. -+func NewSHA3_512() *Hash { -+ return newHash(crypto.SHA3_512) -+} -+ -+var _ hash.Hash = (*Hash)(nil) -+var _ HashCloner = (*Hash)(nil) -+ -+// FIPSApprovedHash reports whether this hash algorithm is FIPS 140-3 approved. -+func FIPSApprovedHash(h hash.Hash) bool { -+ xh, ok := h.(*Hash) -+ if !ok { -+ return false -+ } -+ switch xh.alg.ch { -+ case crypto.SHA224, crypto.SHA256, crypto.SHA384, crypto.SHA512, -+ crypto.SHA512_224, crypto.SHA512_256, -+ crypto.SHA3_224, crypto.SHA3_256, crypto.SHA3_384, crypto.SHA3_512: -+ return true -+ default: -+ return false -+ } -+} -+ -+// hashBufSize is the size of the buffer used for hashing. -+// 256 bytes is a reasonable compromise for general purpose use, -+// and the resulting evpHash size is still similar to the -+// upstream sha512 hash object. -+const hashBufSize = 256 -+ -+// Hash implements generic hash methods. -+type Hash struct { -+ alg *hashAlgorithm -+ ctx ossl.EVP_MD_CTX_PTR -+ // ctx2 is used in Hash.Sum to avoid changing -+ // the state of ctx. Having it here allows reusing the -+ // same allocated object multiple times. -+ ctx2 ossl.EVP_MD_CTX_PTR -+ -+ // buf is a buffer for data not yet written to ctx. -+ // It is used to reduce calls into OpenSSL for small writes. -+ // The buffer size is a trade-off between memory usage and -+ // number of calls into OpenSSL. -+ buf [hashBufSize]byte -+ nbuf int -+} -+ -+func newHash(ch crypto.Hash) *Hash { -+ // Don't call init() yet, it would be wasteful -+ // if the caller only wants to know the hash type. This -+ // is a common pattern in this package, as some functions -+ // accept a `func() hash.Hash` parameter and call it just -+ // to know the hash type. -+ return &Hash{alg: loadHash(ch, true)} -+} -+ -+func (h *Hash) finalize() { -+ if h.ctx != nil { -+ ossl.EVP_MD_CTX_free(h.ctx) -+ } -+ if h.ctx2 != nil { -+ ossl.EVP_MD_CTX_free(h.ctx2) -+ } -+} -+ -+func (h *Hash) init() { -+ if h.ctx != nil { -+ return -+ } -+ var err error -+ h.ctx, err = ossl.EVP_MD_CTX_new() -+ if err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_DigestInit_ex(h.ctx, h.alg.md, nil); err != nil { -+ ossl.EVP_MD_CTX_free(h.ctx) -+ panic(err) -+ } -+ h.ctx2, err = ossl.EVP_MD_CTX_new() -+ if err != nil { -+ ossl.EVP_MD_CTX_free(h.ctx) -+ panic(err) -+ } -+ runtime.SetFinalizer(h, (*Hash).finalize) -+} -+ -+func (h *Hash) write(p []byte) int { -+ if len(p) == 0 { -+ return 0 -+ } -+ if h.nbuf > 0 && h.nbuf+len(p) > len(h.buf) { -+ // We have buffered data and adding p would exceed the buffer, -+ // flush the buffer first. -+ h.flush() -+ } -+ if len(p) > len(h.buf) { -+ // p is larger than the buffer, write it directly. -+ h.init() -+ if _, err := ossl.EVP_DigestUpdate(h.ctx, p); err != nil { -+ panic(err) -+ } -+ } else { -+ // Otherwise, buffer it. -+ h.nbuf += copy(h.buf[h.nbuf:], p) -+ } -+ runtime.KeepAlive(h) -+ return len(p) -+} -+ -+func (h *Hash) flush() { -+ h.init() -+ if h.nbuf > 0 { -+ if _, err := ossl.EVP_DigestUpdate(h.ctx, h.buf[:h.nbuf]); err != nil { -+ panic(err) -+ } -+ h.nbuf = 0 -+ } -+} -+ -+func (h *Hash) Reset() { -+ h.nbuf = 0 -+ if h.ctx == nil { -+ // The hash is not initialized yet, no need to reset ctx. -+ return -+ } -+ // There is no need to reset h.ctx2 because it is always reset in evpHash.Sum. -+ if _, err := ossl.EVP_DigestInit_ex(h.ctx, nil, nil); err != nil { -+ panic(err) -+ } -+ runtime.KeepAlive(h) -+} -+ -+func (h *Hash) Write(p []byte) (int, error) { -+ return h.write(p), nil -+} -+ -+func (h *Hash) WriteString(s string) (int, error) { -+ return h.write(unsafe.Slice(unsafe.StringData(s), len(s))), nil -+} -+ -+func (h *Hash) WriteByte(c byte) error { -+ h.write(unsafe.Slice(&c, 1)) -+ return nil -+} -+ -+func (h *Hash) Size() int { -+ return h.alg.size -+} -+ -+func (h *Hash) BlockSize() int { -+ return h.alg.blockSize -+} -+ -+func (h *Hash) Sum(in []byte) []byte { -+ out := append(in, make([]byte, h.Size(), maxHashSize)...) -+ if h.ctx == nil { -+ // Fast path: if ctx hasn't been initialized, all data is in the buffer -+ // and we can use the one-shot EVP_Digest function. -+ if _, err := ossl.EVP_Digest(h.buf[:h.nbuf], out[len(in):], nil, h.alg.md, nil); err != nil { -+ panic(err) -+ } -+ return out -+ } -+ // Slow path: copy h.ctx into h.ctx2 and call EVP_DigestFinal_ex using h.ctx2. -+ // This is necessary because Go hash.Hash mandates that Sum has no effect -+ // on the underlying stream. In particular it is OK to Sum, then Write more, -+ // then Sum again, and the second Sum acts as if the first didn't happen. -+ if _, err := ossl.EVP_MD_CTX_copy_ex(h.ctx2, h.ctx); err != nil { -+ panic(err) -+ } -+ if h.nbuf > 0 { -+ // If we have buffered data, update ctx2 with it -+ if _, err := ossl.EVP_DigestUpdate(h.ctx2, h.buf[:h.nbuf]); err != nil { -+ panic(err) -+ } -+ } -+ if _, err := ossl.EVP_DigestFinal_ex(h.ctx2, out[len(in):], nil); err != nil { -+ panic(err) -+ } -+ runtime.KeepAlive(h) -+ return out -+} -+ -+// Clone returns a new Hash object that is a deep clone of itself. -+// The duplicate object contains all state and data contained in the -+// original object at the point of duplication. -+func (h *Hash) Clone() (HashCloner, error) { -+ h2 := &Hash{alg: h.alg, nbuf: h.nbuf} -+ copy(h2.buf[:h.nbuf], h.buf[:h.nbuf]) -+ if h.ctx != nil { -+ var err error -+ h2.ctx, err = ossl.EVP_MD_CTX_new() -+ if err != nil { -+ panic(err) -+ } -+ if _, err := ossl.EVP_MD_CTX_copy_ex(h2.ctx, h.ctx); err != nil { -+ ossl.EVP_MD_CTX_free(h2.ctx) -+ panic(err) -+ } -+ h2.ctx2, err = ossl.EVP_MD_CTX_new() -+ if err != nil { -+ ossl.EVP_MD_CTX_free(h2.ctx) -+ panic(err) -+ } -+ runtime.SetFinalizer(h2, (*Hash).finalize) -+ } -+ runtime.KeepAlive(h) -+ return h2, nil -+} -+ -+type errMarshallUnsupported struct{} -+ -+func (e errMarshallUnsupported) Error() string { -+ return "cryptokit: hash state is not marshallable" -+} -+ -+func (e errMarshallUnsupported) Unwrap() error { -+ return errors.ErrUnsupported -+} -+ -+func (d *Hash) MarshalBinary() ([]byte, error) { -+ if d.alg == nil || !d.alg.marshallable { -+ return nil, errMarshallUnsupported{} -+ } -+ buf := make([]byte, 0, d.alg.marshalledSize) -+ return d.AppendBinary(buf) -+} -+ -+func (d *Hash) AppendBinary(buf []byte) ([]byte, error) { -+ defer runtime.KeepAlive(d) -+ if d.alg == nil || !d.alg.marshallable { -+ return nil, errMarshallUnsupported{} -+ } -+ d.flush() -+ switch d.alg.provider { -+ case providerOSSLDefault, providerOSSLFIPS: -+ return osslHashAppendBinary(d.ctx, d.alg.ch, d.alg.magic, buf) -+ case providerSymCrypt: -+ return symCryptHashAppendBinary(d.ctx, d.alg.ch, d.alg.magic, buf) -+ default: -+ panic("openssl: unknown hash provider" + strconv.Itoa(int(d.alg.provider))) -+ } -+} -+ -+func (d *Hash) UnmarshalBinary(b []byte) error { -+ defer runtime.KeepAlive(d) -+ d.flush() -+ if d.alg == nil || !d.alg.marshallable { -+ return errMarshallUnsupported{} -+ } -+ if len(b) < len(d.alg.magic) || string(b[:len(d.alg.magic)]) != d.alg.magic { -+ return errors.New("openssl: invalid hash state identifier") -+ } -+ if len(b) != d.alg.marshalledSize { -+ return errors.New("openssl: invalid hash state size") -+ } -+ switch d.alg.provider { -+ case providerOSSLDefault, providerOSSLFIPS: -+ return osslHashUnmarshalBinary(d.ctx, d.alg.ch, d.alg.magic, b) -+ case providerSymCrypt: -+ return symCryptHashUnmarshalBinary(d.ctx, d.alg.ch, d.alg.magic, b) -+ default: -+ panic("openssl: unknown hash provider" + strconv.Itoa(int(d.alg.provider))) -+ } -+} -+ -+// appendUint64 appends x into b as a big endian byte sequence. -+func appendUint64(b []byte, x uint64) []byte { -+ return append(b, -+ byte(x>>56), -+ byte(x>>48), -+ byte(x>>40), -+ byte(x>>32), -+ byte(x>>24), -+ byte(x>>16), -+ byte(x>>8), -+ byte(x), -+ ) -+} -+ -+// appendUint32 appends x into b as a big endian byte sequence. -+func appendUint32(b []byte, x uint32) []byte { -+ return append(b, byte(x>>24), byte(x>>16), byte(x>>8), byte(x)) -+} -+ -+// consumeUint64 reads a big endian uint64 number from b. -+func consumeUint64(b []byte) ([]byte, uint64) { -+ _ = b[7] -+ x := uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | -+ uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 -+ return b[8:], x -+} -+ -+// consumeUint32 reads a big endian uint32 number from b. -+func consumeUint32(b []byte) ([]byte, uint32) { -+ _ = b[3] -+ x := uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24 -+ return b[4:], x -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go b/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go -new file mode 100644 -index 00000000000000..695bf122165169 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go -@@ -0,0 +1,441 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "errors" -+ "hash" -+ "io" -+ "runtime" -+ "sync" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// SupprtHKDF reports whether the current OpenSSL version supports HKDF. -+func SupportsHKDF() bool { -+ switch major() { -+ case 1: -+ return true -+ case 3, 4: -+ _, err := fetchHKDF3() -+ return err == nil -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+// SupprtsTLS13KDF reports whether the current OpenSSL version supports TLS13-KDF. -+func SupportsTLS13KDF() bool { -+ switch major() { -+ case 1: -+ return false -+ case 3, 4: -+ // TLS13-KDF is available in OpenSSL 3.0.0 and later. -+ _, err := fetchTLS13_KDF() -+ return err == nil -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+func newHKDFCtx1(md ossl.EVP_MD_PTR, mode int32, secret, salt, pseudorandomKey, info []byte) (ctx ossl.EVP_PKEY_CTX_PTR, err error) { -+ checkMajorVersion(1) -+ -+ ctx, err = ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_HKDF, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if err != nil { -+ ossl.EVP_PKEY_CTX_free(ctx) -+ } -+ }() -+ -+ if _, err := ossl.EVP_PKEY_derive_init(ctx); err != nil { -+ return ctx, err -+ } -+ -+ ctrlSlice := func(ctrl int32, data []byte) bool { -+ if err != nil { -+ return false -+ } -+ if len(data) == 0 { -+ return true // No data to set. -+ } -+ _, err = ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ossl.EVP_PKEY_OP_DERIVE, ctrl, int32(len(data)), unsafe.Pointer(base(data))) -+ return err == nil -+ } -+ -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ossl.EVP_PKEY_OP_DERIVE, ossl.EVP_PKEY_CTRL_HKDF_MODE, mode, nil); err != nil { -+ return ctx, err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ossl.EVP_PKEY_OP_DERIVE, ossl.EVP_PKEY_CTRL_HKDF_MD, 0, unsafe.Pointer(md)); err != nil { -+ return ctx, err -+ } -+ if ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_KEY, secret) && -+ ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_SALT, salt) && -+ ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_KEY, pseudorandomKey) && -+ ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_INFO, info) { -+ return ctx, err -+ } -+ return ctx, nil -+} -+ -+type hkdf1 struct { -+ ctx ossl.EVP_PKEY_CTX_PTR -+ -+ hashLen int -+ buf []byte -+} -+ -+func (c *hkdf1) finalize() { -+ if c.ctx != nil { -+ ossl.EVP_PKEY_CTX_free(c.ctx) -+ } -+} -+ -+func (c *hkdf1) Read(p []byte) (int, error) { -+ defer runtime.KeepAlive(c) -+ -+ // EVP_PKEY_derive doesn't support incremental output, each call -+ // derives the key from scratch and returns the requested bytes. -+ // To implement io.Reader, we need to ask for len(c.buf) + len(p) -+ // bytes and copy the last derived len(p) bytes to p. -+ // We use c.buf to know how many bytes we've already derived and -+ // to avoid allocating the whole output buffer on each call. -+ prevLen := len(c.buf) -+ needLen := len(p) -+ remains := 255*c.hashLen - prevLen -+ // Check whether enough data can be generated. -+ if remains < needLen { -+ return 0, errors.New("hkdf: entropy limit reached") -+ } -+ c.buf = append(c.buf, make([]byte, needLen)...) -+ outLen := prevLen + needLen -+ if _, err := ossl.EVP_PKEY_derive(c.ctx, c.buf, &outLen); err != nil { -+ return 0, err -+ } -+ n := copy(p, c.buf[prevLen:outLen]) -+ return n, nil -+} -+ -+// hkdfAllZerosSalt is a preallocated buffer of zeros used in ExtractHKDF(). -+// The size should be kept as large as the output length of any hash algorithm -+// used with HKDF. -+var hkdfAllZerosSalt [64]byte -+ -+// ExtractHDKF implements the HDKF extract step. -+// If salt is nil, then this function replaces it internally with a buffer of -+// zeros whose length equals the output length of the specified hash algorithm. -+func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { -+ if !SupportsHKDF() { -+ return nil, errUnsupportedVersion() -+ } -+ -+ md, err := hashFuncToMD(h) -+ if err != nil { -+ return nil, err -+ } -+ -+ // If calling code specifies nil salt, replace it with a buffer of hashLen -+ // zeros, as specified in RFC 5896 and as OpenSSL EVP_KDF-HKDF documentation -+ // instructs. Take a slice of a preallocated buffer to avoid allocating new -+ // buffer per call, but fall back to allocating a buffer if preallocated -+ // buffer is not large enough. -+ if salt == nil { -+ hlen := h().Size() -+ if hlen > len(hkdfAllZerosSalt) { -+ salt = make([]byte, hlen) -+ } else { -+ salt = hkdfAllZerosSalt[:hlen] -+ } -+ } -+ -+ switch major() { -+ case 1: -+ ctx, err := newHKDFCtx1(md, ossl.EVP_KDF_HKDF_MODE_EXTRACT_ONLY, secret, salt, nil, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ var keylen int -+ if _, err := ossl.EVP_PKEY_derive(ctx, nil, &keylen); err != nil { -+ return nil, err -+ } -+ out := make([]byte, keylen) -+ if _, err := ossl.EVP_PKEY_derive(ctx, out, &keylen); err != nil { -+ return nil, err -+ } -+ return out[:keylen], nil -+ case 3, 4: -+ ctx, err := newHKDFCtx3(md, ossl.EVP_KDF_HKDF_MODE_EXTRACT_ONLY, secret, salt, nil, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_KDF_CTX_free(ctx) -+ size, err := ossl.EVP_KDF_CTX_get_kdf_size(ctx) -+ if err != nil { -+ return nil, err -+ } -+ out := make([]byte, size) -+ if _, err := ossl.EVP_KDF_derive(ctx, out, nil); err != nil { -+ return nil, err -+ } -+ return out, nil -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+// ExpandHKDFOneShot derives a key from the given hash, key, and optional context info. -+func ExpandHKDFOneShot(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { -+ if !SupportsHKDF() { -+ return nil, errUnsupportedVersion() -+ } -+ -+ md, err := hashFuncToMD(h) -+ if err != nil { -+ return nil, err -+ } -+ -+ out := make([]byte, keyLength) -+ switch major() { -+ case 1: -+ ctx, err := newHKDFCtx1(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if len(out) == 0 { -+ // Nothing to do, so exit early. -+ // We also can't call EVP_PKEY_derive because some engines error on zero-length output. -+ // We can only exit after calling newHKDFCtx1 because we still need it to validate the parameters. -+ return out, nil -+ } -+ keylen := keyLength -+ if _, err := ossl.EVP_PKEY_derive(ctx, out, &keylen); err != nil { -+ return nil, err -+ } -+ case 3, 4: -+ ctx, err := newHKDFCtx3(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_KDF_CTX_free(ctx) -+ if len(out) == 0 { -+ // Nothing to do, so exit early. -+ // We also can't call EVP_PKEY_derive because some engines error on zero-length output. -+ // We can only exit after calling newHKDFCtx3 because we still need it to validate the parameters. -+ return out, nil -+ } -+ if _, err := ossl.EVP_KDF_derive(ctx, out, nil); err != nil { -+ return nil, err -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ return out, nil -+} -+ -+// ExpandTLS13KDF derives a key from the given hash, key, label and context. It will use -+// "TLS13-KDF" algorithm to do so. -+func ExpandTLS13KDF(h func() hash.Hash, pseudorandomKey, label, context []byte, keyLength int) ([]byte, error) { -+ if !SupportsTLS13KDF() { -+ return nil, errUnsupportedVersion() -+ } -+ -+ md, err := hashFuncToMD(h) -+ if err != nil { -+ return nil, err -+ } -+ -+ out := make([]byte, keyLength) -+ -+ ctx, err := newTLS13KDFExpandCtx3(md, label, context, pseudorandomKey) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_KDF_CTX_free(ctx) -+ if _, err := ossl.EVP_KDF_derive(ctx, out, nil); err != nil { -+ return nil, err -+ } -+ return out, nil -+} -+ -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { -+ if !SupportsHKDF() { -+ return nil, errUnsupportedVersion() -+ } -+ -+ md, err := hashFuncToMD(h) -+ if err != nil { -+ return nil, err -+ } -+ -+ size := int(ossl.EVP_MD_get_size(md)) -+ -+ switch major() { -+ case 1: -+ ctx, err := newHKDFCtx1(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) -+ if err != nil { -+ return nil, err -+ } -+ c := &hkdf1{ctx: ctx, hashLen: size} -+ runtime.SetFinalizer(c, (*hkdf1).finalize) -+ return c, nil -+ case 3, 4: -+ ctx, err := newHKDFCtx3(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) -+ if err != nil { -+ return nil, err -+ } -+ c := &hkdf3{ctx: ctx, hashLen: size} -+ runtime.SetFinalizer(c, (*hkdf3).finalize) -+ return c, nil -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+type hkdf3 struct { -+ ctx ossl.EVP_KDF_CTX_PTR -+ -+ hashLen int -+ buf []byte -+} -+ -+func (c *hkdf3) finalize() { -+ if c.ctx != nil { -+ ossl.EVP_KDF_CTX_free(c.ctx) -+ } -+} -+ -+// fetchTLS13_KDF fetches the TLS13-KDF algorithm. -+// It is safe to call this function concurrently. -+// The returned EVP_KDF_PTR shouldn't be freed. -+var fetchTLS13_KDF = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { -+ checkMajorVersion(3, 4) -+ -+ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_TLS13_KDF.ptr(), nil) -+ if err != nil { -+ return nil, err -+ } -+ return kdf, nil -+}) -+ -+// newTLS13KDFExpandCtx3 fetches the "TLS13-KDF" for TLS 1.3 handshakes. -+func newTLS13KDFExpandCtx3(md ossl.EVP_MD_PTR, label, context, pseudorandomKey []byte) (_ ossl.EVP_KDF_CTX_PTR, err error) { -+ checkMajorVersion(3, 4) -+ -+ kdf, err := fetchTLS13_KDF() -+ if err != nil { -+ return nil, err -+ } -+ -+ ctx, err := ossl.EVP_KDF_CTX_new(kdf) -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if err != nil { -+ ossl.EVP_KDF_CTX_free(ctx) -+ } -+ }() -+ -+ bld := newParamBuilder() -+ defer bld.finalize() -+ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) -+ bld.addInt32(_OSSL_KDF_PARAM_MODE, int32(ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY)) -+ bld.addOctetString(_OSSL_KDF_PARAM_PREFIX, []byte("tls13 ")) -+ bld.addOctetString(_OSSL_KDF_PARAM_LABEL, label) -+ bld.addOctetString(_OSSL_KDF_PARAM_DATA, context) -+ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) -+ -+ params, err := bld.build() -+ if err != nil { -+ return ctx, err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ -+ if _, err := ossl.EVP_KDF_CTX_set_params(ctx, params); err != nil { -+ return ctx, err -+ } -+ return ctx, nil -+} -+ -+// fetchHKDF3 fetches the HKDF algorithm. -+// It is safe to call this function concurrently. -+// The returned EVP_KDF_PTR shouldn't be freed. -+var fetchHKDF3 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { -+ checkMajorVersion(3, 4) -+ -+ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_HKDF.ptr(), nil) -+ if err != nil { -+ return nil, err -+ } -+ return kdf, nil -+}) -+ -+// newHKDFCtx3 implements HKDF for OpenSSL 3 using the EVP_KDF API. -+func newHKDFCtx3(md ossl.EVP_MD_PTR, mode int32, secret, salt, pseudorandomKey, info []byte) (_ ossl.EVP_KDF_CTX_PTR, err error) { -+ checkMajorVersion(3, 4) -+ -+ kdf, err := fetchHKDF3() -+ if err != nil { -+ return nil, err -+ } -+ ctx, err := ossl.EVP_KDF_CTX_new(kdf) -+ if err != nil { -+ return nil, err -+ } -+ defer func() { -+ if err != nil { -+ ossl.EVP_KDF_CTX_free(ctx) -+ } -+ }() -+ -+ bld := newParamBuilder() -+ defer bld.finalize() -+ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) -+ bld.addInt32(_OSSL_KDF_PARAM_MODE, int32(mode)) -+ bld.addOctetString(_OSSL_KDF_PARAM_KEY, secret) -+ bld.addOctetString(_OSSL_KDF_PARAM_SALT, salt) -+ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) -+ bld.addOctetString(_OSSL_KDF_PARAM_INFO, info) -+ params, err := bld.build() -+ if err != nil { -+ return ctx, err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ -+ if _, err := ossl.EVP_KDF_CTX_set_params(ctx, params); err != nil { -+ return ctx, err -+ } -+ return ctx, nil -+} -+ -+func (c *hkdf3) Read(p []byte) (int, error) { -+ defer runtime.KeepAlive(c) -+ -+ // EVP_KDF_derive doesn't support incremental output, each call -+ // derives the key from scratch and returns the requested bytes. -+ // To implement io.Reader, we need to ask for len(c.buf) + len(p) -+ // bytes and copy the last derived len(p) bytes to p. -+ // We use c.buf to know how many bytes we've already derived and -+ // to avoid allocating the whole output buffer on each call. -+ prevLen := len(c.buf) -+ needLen := len(p) -+ remains := 255*c.hashLen - prevLen -+ // Check whether enough data can be generated. -+ if remains < needLen { -+ return 0, errors.New("hkdf: entropy limit reached") -+ } -+ c.buf = append(c.buf, make([]byte, needLen)...) -+ outLen := prevLen + needLen -+ if _, err := ossl.EVP_KDF_derive(c.ctx, c.buf[:outLen], nil); err != nil { -+ return 0, err -+ } -+ n := copy(p, c.buf[prevLen:outLen]) -+ return n, nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hmac.go b/src/vendor/github.com/golang-fips/openssl/v2/hmac.go -new file mode 100644 -index 00000000000000..7f629c2f74a4db ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/hmac.go -@@ -0,0 +1,278 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "hash" -+ "runtime" -+ "slices" -+ "sync" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// NewHMAC returns a new HMAC using OpenSSL. -+// The function h must return a hash implemented by -+// OpenSSL (for example, h could be openssl.NewSHA256). -+// If h is not recognized, NewHMAC returns nil. -+func NewHMAC(fh func() hash.Hash, key []byte) hash.Hash { -+ h, _ := hashFuncHash(fh) -+ md := hashToMD(h) -+ if md == nil { -+ return nil -+ } -+ -+ if len(key) == 0 { -+ // This is supported in OpenSSL/Standard lib and as such -+ // we must support it here. When using HMAC with a null key -+ // HMAC_Init will try and reuse the key from the ctx. This is -+ // not the behavior previously implemented, so as a workaround -+ // we pass an "empty" key. -+ key = make([]byte, ossl.EVP_MAX_MD_SIZE) -+ } -+ -+ hmac := &opensslHMAC{ -+ size: h.Size(), -+ blockSize: h.BlockSize(), -+ } -+ -+ switch major() { -+ case 1: -+ ctx := newHMAC1(key, md) -+ if ctx.ctx == nil { -+ return nil -+ } -+ hmac.ctx1 = ctx -+ case 3, 4: -+ ctx := newHMAC3(key, md) -+ if ctx.ctx == nil { -+ return nil -+ } -+ hmac.ctx3 = ctx -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ runtime.SetFinalizer(hmac, (*opensslHMAC).finalize) -+ return hmac -+} -+ -+// hmacCtx3 is used for OpenSSL 1. -+type hmacCtx1 struct { -+ ctx ossl.HMAC_CTX_PTR -+} -+ -+// hmacCtx3 is used for OpenSSL 3. -+type hmacCtx3 struct { -+ ctx ossl.EVP_MAC_CTX_PTR -+ key []byte // only set for OpenSSL 3.0.0, 3.0.1, and 3.0.2. -+} -+ -+type opensslHMAC struct { -+ ctx1 hmacCtx1 -+ ctx3 hmacCtx3 -+ size int -+ blockSize int -+ sum [maxHashSize]byte -+} -+ -+func newHMAC1(key []byte, md ossl.EVP_MD_PTR) hmacCtx1 { -+ ctx, err := ossl.HMAC_CTX_new() -+ if err != nil { -+ panic(err) -+ } -+ if _, err := ossl.HMAC_Init_ex(ctx, key, md, nil); err != nil { -+ panic(err) -+ } -+ return hmacCtx1{ctx} -+} -+ -+var hmacDigestsSupported sync.Map -+var fetchHMAC3 = sync.OnceValue(func() ossl.EVP_MAC_PTR { -+ mac, err := ossl.EVP_MAC_fetch(nil, _OSSL_MAC_NAME_HMAC.ptr(), nil) -+ if err != nil { -+ panic(err) -+ } -+ return mac -+}) -+ -+func buildHMAC3Params(md ossl.EVP_MD_PTR) (ossl.OSSL_PARAM_PTR, error) { -+ bld := newParamBuilder() -+ defer bld.finalize() -+ bld.addUTF8String(_OSSL_MAC_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) -+ return bld.build() -+} -+ -+func isHMAC3DigestSupported(md ossl.EVP_MD_PTR) bool { -+ nid := ossl.EVP_MD_get_type(md) -+ if v, ok := hmacDigestsSupported.Load(nid); ok { -+ return v.(bool) -+ } -+ ctx, err := ossl.EVP_MAC_CTX_new(fetchHMAC3()) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.EVP_MAC_CTX_free(ctx) -+ -+ params, err := buildHMAC3Params(md) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ -+ _, err = ossl.EVP_MAC_CTX_set_params(ctx, params) -+ supported := err == nil -+ hmacDigestsSupported.Store(nid, supported) -+ return supported -+} -+ -+func newHMAC3(key []byte, md ossl.EVP_MD_PTR) hmacCtx3 { -+ if !isHMAC3DigestSupported(md) { -+ // The digest is not supported by the HMAC provider. -+ // Don't panic here so the Go standard library to -+ // fall back to the Go implementation. -+ // See https://github.com/golang-fips/openssl/issues/153. -+ return hmacCtx3{} -+ } -+ params, err := buildHMAC3Params(md) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ -+ ctx, err := ossl.EVP_MAC_CTX_new(fetchHMAC3()) -+ if err != nil { -+ panic(err) -+ } -+ -+ if _, err := ossl.EVP_MAC_init(ctx, key, params); err != nil { -+ ossl.EVP_MAC_CTX_free(ctx) -+ panic(err) -+ } -+ var hkey []byte -+ //versionguardcheck:ignore OpenSSL 3.0.0–3.0.2 EVP_MAC_init does not reset without a key: https://github.com/openssl/openssl/issues/17811. -+ if major() == 3 && minor() == 0 && patch() <= 2 { -+ // EVP_MAC_init only resets the ctx internal state if a key is passed -+ // when using OpenSSL 3.0.0, 3.0.1, and 3.0.2. Save a copy of the key -+ // in the context so Reset can use it later. New OpenSSL versions -+ // do not have this issue so it isn't necessary to save the key. -+ hkey = make([]byte, len(key)) -+ copy(hkey, key) -+ } -+ return hmacCtx3{ctx, hkey} -+} -+ -+func (h *opensslHMAC) Reset() { -+ switch major() { -+ case 1: -+ if _, err := ossl.HMAC_Init_ex(h.ctx1.ctx, nil, nil, nil); err != nil { -+ panic(err) -+ } -+ case 3, 4: -+ if _, err := ossl.EVP_MAC_init(h.ctx3.ctx, h.ctx3.key, nil); err != nil { -+ panic(err) -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ -+ runtime.KeepAlive(h) // Next line will keep h alive too; just making doubly sure. -+} -+ -+func (h *opensslHMAC) finalize() { -+ if h.ctx1.ctx != nil { -+ ossl.HMAC_CTX_free(h.ctx1.ctx) -+ } -+ if h.ctx3.ctx != nil { -+ ossl.EVP_MAC_CTX_free(h.ctx3.ctx) -+ } -+} -+ -+func (h *opensslHMAC) Write(p []byte) (int, error) { -+ if len(p) > 0 { -+ switch major() { -+ case 1: -+ ossl.HMAC_Update(h.ctx1.ctx, p) -+ case 3, 4: -+ ossl.EVP_MAC_update(h.ctx3.ctx, p) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ } -+ runtime.KeepAlive(h) -+ return len(p), nil -+} -+ -+func (h *opensslHMAC) Size() int { -+ return h.size -+} -+ -+func (h *opensslHMAC) BlockSize() int { -+ return h.blockSize -+} -+ -+func (h *opensslHMAC) Sum(in []byte) []byte { -+ // Make copy of context because Go hash.Hash mandates -+ // that Sum has no effect on the underlying stream. -+ // In particular it is OK to Sum, then Write more, then Sum again, -+ // and the second Sum acts as if the first didn't happen. -+ switch major() { -+ case 1: -+ ctx2, err := ossl.HMAC_CTX_new() -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.HMAC_CTX_free(ctx2) -+ if _, err := ossl.HMAC_CTX_copy(ctx2, h.ctx1.ctx); err != nil { -+ panic(err) -+ } -+ ossl.HMAC_Final(ctx2, h.sum[:h.size], nil) -+ case 3, 4: -+ ctx2, err := ossl.EVP_MAC_CTX_dup(h.ctx3.ctx) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.EVP_MAC_CTX_free(ctx2) -+ ossl.EVP_MAC_final(ctx2, h.sum[:h.size], nil) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ return append(in, h.sum[:h.size]...) -+} -+ -+func (h *opensslHMAC) Clone() (HashCloner, error) { -+ switch major() { -+ case 1: -+ ctx2, err := ossl.HMAC_CTX_new() -+ if err != nil { -+ panic(err) -+ } -+ if _, err := ossl.HMAC_CTX_copy(ctx2, h.ctx1.ctx); err != nil { -+ ossl.HMAC_CTX_free(ctx2) -+ panic(err) -+ } -+ cl := &opensslHMAC{ -+ ctx1: hmacCtx1{ctx: ctx2}, -+ size: h.size, -+ blockSize: h.blockSize, -+ } -+ runtime.SetFinalizer(cl, (*opensslHMAC).finalize) -+ return cl, nil -+ -+ case 3, 4: -+ ctx2, err := ossl.EVP_MAC_CTX_dup(h.ctx3.ctx) -+ if err != nil { -+ panic(err) -+ } -+ -+ cl := &opensslHMAC{ -+ ctx3: hmacCtx3{ctx: ctx2, key: slices.Clone(h.ctx3.key)}, -+ size: h.size, -+ blockSize: h.blockSize, -+ } -+ runtime.SetFinalizer(cl, (*opensslHMAC).finalize) -+ return cl, nil -+ -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_amd64.h b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_amd64.h -new file mode 100644 -index 00000000000000..9949435fe9e0ae ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_amd64.h -@@ -0,0 +1,99 @@ -+// Copyright 2021 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// Macros for transitioning from the host ABI to Go ABI0. -+// -+// These save the frame pointer, so in general, functions that use -+// these should have zero frame size to suppress the automatic frame -+// pointer, though it's harmless to not do this. -+ -+#ifdef GOOS_windows -+ -+// REGS_HOST_TO_ABI0_STACK is the stack bytes used by -+// PUSH_REGS_HOST_TO_ABI0. -+#define REGS_HOST_TO_ABI0_STACK (28*8 + 8) -+ -+// PUSH_REGS_HOST_TO_ABI0 prepares for transitioning from -+// the host ABI to Go ABI0 code. It saves all registers that are -+// callee-save in the host ABI and caller-save in Go ABI0 and prepares -+// for entry to Go. -+// -+// Save DI SI BP BX R12 R13 R14 R15 X6-X15 registers and the DF flag. -+// Clear the DF flag for the Go ABI. -+// MXCSR matches the Go ABI, so we don't have to set that, -+// and Go doesn't modify it, so we don't have to save it. -+#define PUSH_REGS_HOST_TO_ABI0() \ -+ PUSHFQ \ -+ CLD \ -+ ADJSP $(REGS_HOST_TO_ABI0_STACK - 8) \ -+ MOVQ DI, (0*0)(SP) \ -+ MOVQ SI, (1*8)(SP) \ -+ MOVQ BP, (2*8)(SP) \ -+ MOVQ BX, (3*8)(SP) \ -+ MOVQ R12, (4*8)(SP) \ -+ MOVQ R13, (5*8)(SP) \ -+ MOVQ R14, (6*8)(SP) \ -+ MOVQ R15, (7*8)(SP) \ -+ MOVUPS X6, (8*8)(SP) \ -+ MOVUPS X7, (10*8)(SP) \ -+ MOVUPS X8, (12*8)(SP) \ -+ MOVUPS X9, (14*8)(SP) \ -+ MOVUPS X10, (16*8)(SP) \ -+ MOVUPS X11, (18*8)(SP) \ -+ MOVUPS X12, (20*8)(SP) \ -+ MOVUPS X13, (22*8)(SP) \ -+ MOVUPS X14, (24*8)(SP) \ -+ MOVUPS X15, (26*8)(SP) -+ -+#define POP_REGS_HOST_TO_ABI0() \ -+ MOVQ (0*0)(SP), DI \ -+ MOVQ (1*8)(SP), SI \ -+ MOVQ (2*8)(SP), BP \ -+ MOVQ (3*8)(SP), BX \ -+ MOVQ (4*8)(SP), R12 \ -+ MOVQ (5*8)(SP), R13 \ -+ MOVQ (6*8)(SP), R14 \ -+ MOVQ (7*8)(SP), R15 \ -+ MOVUPS (8*8)(SP), X6 \ -+ MOVUPS (10*8)(SP), X7 \ -+ MOVUPS (12*8)(SP), X8 \ -+ MOVUPS (14*8)(SP), X9 \ -+ MOVUPS (16*8)(SP), X10 \ -+ MOVUPS (18*8)(SP), X11 \ -+ MOVUPS (20*8)(SP), X12 \ -+ MOVUPS (22*8)(SP), X13 \ -+ MOVUPS (24*8)(SP), X14 \ -+ MOVUPS (26*8)(SP), X15 \ -+ ADJSP $-(REGS_HOST_TO_ABI0_STACK - 8) \ -+ POPFQ -+ -+#else -+// SysV ABI -+ -+#define REGS_HOST_TO_ABI0_STACK (6*8) -+ -+// SysV MXCSR matches the Go ABI, so we don't have to set that, -+// and Go doesn't modify it, so we don't have to save it. -+// Both SysV and Go require DF to be cleared, so that's already clear. -+// The SysV and Go frame pointer conventions are compatible. -+#define PUSH_REGS_HOST_TO_ABI0() \ -+ ADJSP $(REGS_HOST_TO_ABI0_STACK) \ -+ MOVQ BP, (5*8)(SP) \ -+ LEAQ (5*8)(SP), BP \ -+ MOVQ BX, (0*8)(SP) \ -+ MOVQ R12, (1*8)(SP) \ -+ MOVQ R13, (2*8)(SP) \ -+ MOVQ R14, (3*8)(SP) \ -+ MOVQ R15, (4*8)(SP) -+ -+#define POP_REGS_HOST_TO_ABI0() \ -+ MOVQ (0*8)(SP), BX \ -+ MOVQ (1*8)(SP), R12 \ -+ MOVQ (2*8)(SP), R13 \ -+ MOVQ (3*8)(SP), R14 \ -+ MOVQ (4*8)(SP), R15 \ -+ MOVQ (5*8)(SP), BP \ -+ ADJSP $-(REGS_HOST_TO_ABI0_STACK) -+ -+#endif -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_arm64.h b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_arm64.h -new file mode 100644 -index 00000000000000..5d5061ec1dbf8c ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_arm64.h -@@ -0,0 +1,39 @@ -+// Copyright 2021 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// Macros for transitioning from the host ABI to Go ABI0. -+// -+// These macros save and restore the callee-saved registers -+// from the stack, but they don't adjust stack pointer, so -+// the user should prepare stack space in advance. -+// SAVE_R19_TO_R28(offset) saves R19 ~ R28 to the stack space -+// of ((offset)+0*8)(RSP) ~ ((offset)+9*8)(RSP). -+// -+// SAVE_F8_TO_F15(offset) saves F8 ~ F15 to the stack space -+// of ((offset)+0*8)(RSP) ~ ((offset)+7*8)(RSP). -+// -+// R29 is not saved because Go will save and restore it. -+ -+#define SAVE_R19_TO_R28(offset) \ -+ STP (R19, R20), ((offset)+0*8)(RSP) \ -+ STP (R21, R22), ((offset)+2*8)(RSP) \ -+ STP (R23, R24), ((offset)+4*8)(RSP) \ -+ STP (R25, R26), ((offset)+6*8)(RSP) \ -+ STP (R27, g), ((offset)+8*8)(RSP) -+#define RESTORE_R19_TO_R28(offset) \ -+ LDP ((offset)+0*8)(RSP), (R19, R20) \ -+ LDP ((offset)+2*8)(RSP), (R21, R22) \ -+ LDP ((offset)+4*8)(RSP), (R23, R24) \ -+ LDP ((offset)+6*8)(RSP), (R25, R26) \ -+ LDP ((offset)+8*8)(RSP), (R27, g) /* R28 */ -+#define SAVE_F8_TO_F15(offset) \ -+ FSTPD (F8, F9), ((offset)+0*8)(RSP) \ -+ FSTPD (F10, F11), ((offset)+2*8)(RSP) \ -+ FSTPD (F12, F13), ((offset)+4*8)(RSP) \ -+ FSTPD (F14, F15), ((offset)+6*8)(RSP) -+#define RESTORE_F8_TO_F15(offset) \ -+ FLDPD ((offset)+0*8)(RSP), (F8, F9) \ -+ FLDPD ((offset)+2*8)(RSP), (F10, F11) \ -+ FLDPD ((offset)+4*8)(RSP), (F12, F13) \ -+ FLDPD ((offset)+6*8)(RSP), (F14, F15) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_loong64.h b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_loong64.h -new file mode 100644 -index 00000000000000..b10d83732f1c6e ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_loong64.h -@@ -0,0 +1,60 @@ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// Macros for transitioning from the host ABI to Go ABI0. -+// -+// These macros save and restore the callee-saved registers -+// from the stack, but they don't adjust stack pointer, so -+// the user should prepare stack space in advance. -+// SAVE_R22_TO_R31(offset) saves R22 ~ R31 to the stack space -+// of ((offset)+0*8)(R3) ~ ((offset)+9*8)(R3). -+// -+// SAVE_F24_TO_F31(offset) saves F24 ~ F31 to the stack space -+// of ((offset)+0*8)(R3) ~ ((offset)+7*8)(R3). -+// -+// Note: g is R22 -+ -+#define SAVE_R22_TO_R31(offset) \ -+ MOVV g, ((offset)+(0*8))(R3) \ -+ MOVV R23, ((offset)+(1*8))(R3) \ -+ MOVV R24, ((offset)+(2*8))(R3) \ -+ MOVV R25, ((offset)+(3*8))(R3) \ -+ MOVV R26, ((offset)+(4*8))(R3) \ -+ MOVV R27, ((offset)+(5*8))(R3) \ -+ MOVV R28, ((offset)+(6*8))(R3) \ -+ MOVV R29, ((offset)+(7*8))(R3) \ -+ MOVV R30, ((offset)+(8*8))(R3) \ -+ MOVV R31, ((offset)+(9*8))(R3) -+ -+#define SAVE_F24_TO_F31(offset) \ -+ MOVD F24, ((offset)+(0*8))(R3) \ -+ MOVD F25, ((offset)+(1*8))(R3) \ -+ MOVD F26, ((offset)+(2*8))(R3) \ -+ MOVD F27, ((offset)+(3*8))(R3) \ -+ MOVD F28, ((offset)+(4*8))(R3) \ -+ MOVD F29, ((offset)+(5*8))(R3) \ -+ MOVD F30, ((offset)+(6*8))(R3) \ -+ MOVD F31, ((offset)+(7*8))(R3) -+ -+#define RESTORE_R22_TO_R31(offset) \ -+ MOVV ((offset)+(0*8))(R3), g \ -+ MOVV ((offset)+(1*8))(R3), R23 \ -+ MOVV ((offset)+(2*8))(R3), R24 \ -+ MOVV ((offset)+(3*8))(R3), R25 \ -+ MOVV ((offset)+(4*8))(R3), R26 \ -+ MOVV ((offset)+(5*8))(R3), R27 \ -+ MOVV ((offset)+(6*8))(R3), R28 \ -+ MOVV ((offset)+(7*8))(R3), R29 \ -+ MOVV ((offset)+(8*8))(R3), R30 \ -+ MOVV ((offset)+(9*8))(R3), R31 -+ -+#define RESTORE_F24_TO_F31(offset) \ -+ MOVD ((offset)+(0*8))(R3), F24 \ -+ MOVD ((offset)+(1*8))(R3), F25 \ -+ MOVD ((offset)+(2*8))(R3), F26 \ -+ MOVD ((offset)+(3*8))(R3), F27 \ -+ MOVD ((offset)+(4*8))(R3), F28 \ -+ MOVD ((offset)+(5*8))(R3), F29 \ -+ MOVD ((offset)+(6*8))(R3), F30 \ -+ MOVD ((offset)+(7*8))(R3), F31 -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_ppc64x.h b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_ppc64x.h -new file mode 100644 -index 00000000000000..245a5266f6e9fa ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_ppc64x.h -@@ -0,0 +1,195 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// Macros for transitioning from the host ABI to Go ABI -+// -+// On PPC64/ELFv2 targets, the following registers are callee -+// saved when called from C. They must be preserved before -+// calling into Go which does not preserve any of them. -+// -+// R14-R31 -+// CR2-4 -+// VR20-31 -+// F14-F31 -+// -+// xcoff(aix) and ELFv1 are similar, but may only require a -+// subset of these. -+// -+// These macros assume a 16 byte aligned stack pointer. This -+// is required by ELFv1, ELFv2, and AIX PPC64. -+ -+#define SAVE_GPR_SIZE (18*8) -+#define SAVE_GPR(offset) \ -+ MOVD R14, (offset+8*0)(R1) \ -+ MOVD R15, (offset+8*1)(R1) \ -+ MOVD R16, (offset+8*2)(R1) \ -+ MOVD R17, (offset+8*3)(R1) \ -+ MOVD R18, (offset+8*4)(R1) \ -+ MOVD R19, (offset+8*5)(R1) \ -+ MOVD R20, (offset+8*6)(R1) \ -+ MOVD R21, (offset+8*7)(R1) \ -+ MOVD R22, (offset+8*8)(R1) \ -+ MOVD R23, (offset+8*9)(R1) \ -+ MOVD R24, (offset+8*10)(R1) \ -+ MOVD R25, (offset+8*11)(R1) \ -+ MOVD R26, (offset+8*12)(R1) \ -+ MOVD R27, (offset+8*13)(R1) \ -+ MOVD R28, (offset+8*14)(R1) \ -+ MOVD R29, (offset+8*15)(R1) \ -+ MOVD g, (offset+8*16)(R1) \ -+ MOVD R31, (offset+8*17)(R1) -+ -+#define RESTORE_GPR(offset) \ -+ MOVD (offset+8*0)(R1), R14 \ -+ MOVD (offset+8*1)(R1), R15 \ -+ MOVD (offset+8*2)(R1), R16 \ -+ MOVD (offset+8*3)(R1), R17 \ -+ MOVD (offset+8*4)(R1), R18 \ -+ MOVD (offset+8*5)(R1), R19 \ -+ MOVD (offset+8*6)(R1), R20 \ -+ MOVD (offset+8*7)(R1), R21 \ -+ MOVD (offset+8*8)(R1), R22 \ -+ MOVD (offset+8*9)(R1), R23 \ -+ MOVD (offset+8*10)(R1), R24 \ -+ MOVD (offset+8*11)(R1), R25 \ -+ MOVD (offset+8*12)(R1), R26 \ -+ MOVD (offset+8*13)(R1), R27 \ -+ MOVD (offset+8*14)(R1), R28 \ -+ MOVD (offset+8*15)(R1), R29 \ -+ MOVD (offset+8*16)(R1), g \ -+ MOVD (offset+8*17)(R1), R31 -+ -+#define SAVE_FPR_SIZE (18*8) -+#define SAVE_FPR(offset) \ -+ FMOVD F14, (offset+8*0)(R1) \ -+ FMOVD F15, (offset+8*1)(R1) \ -+ FMOVD F16, (offset+8*2)(R1) \ -+ FMOVD F17, (offset+8*3)(R1) \ -+ FMOVD F18, (offset+8*4)(R1) \ -+ FMOVD F19, (offset+8*5)(R1) \ -+ FMOVD F20, (offset+8*6)(R1) \ -+ FMOVD F21, (offset+8*7)(R1) \ -+ FMOVD F22, (offset+8*8)(R1) \ -+ FMOVD F23, (offset+8*9)(R1) \ -+ FMOVD F24, (offset+8*10)(R1) \ -+ FMOVD F25, (offset+8*11)(R1) \ -+ FMOVD F26, (offset+8*12)(R1) \ -+ FMOVD F27, (offset+8*13)(R1) \ -+ FMOVD F28, (offset+8*14)(R1) \ -+ FMOVD F29, (offset+8*15)(R1) \ -+ FMOVD F30, (offset+8*16)(R1) \ -+ FMOVD F31, (offset+8*17)(R1) -+ -+#define RESTORE_FPR(offset) \ -+ FMOVD (offset+8*0)(R1), F14 \ -+ FMOVD (offset+8*1)(R1), F15 \ -+ FMOVD (offset+8*2)(R1), F16 \ -+ FMOVD (offset+8*3)(R1), F17 \ -+ FMOVD (offset+8*4)(R1), F18 \ -+ FMOVD (offset+8*5)(R1), F19 \ -+ FMOVD (offset+8*6)(R1), F20 \ -+ FMOVD (offset+8*7)(R1), F21 \ -+ FMOVD (offset+8*8)(R1), F22 \ -+ FMOVD (offset+8*9)(R1), F23 \ -+ FMOVD (offset+8*10)(R1), F24 \ -+ FMOVD (offset+8*11)(R1), F25 \ -+ FMOVD (offset+8*12)(R1), F26 \ -+ FMOVD (offset+8*13)(R1), F27 \ -+ FMOVD (offset+8*14)(R1), F28 \ -+ FMOVD (offset+8*15)(R1), F29 \ -+ FMOVD (offset+8*16)(R1), F30 \ -+ FMOVD (offset+8*17)(R1), F31 -+ -+// Save and restore VR20-31 (aka VSR56-63). These -+// macros must point to a 16B aligned offset. -+#define SAVE_VR_SIZE (12*16) -+#define SAVE_VR(offset, rtmp) \ -+ MOVD $(offset+16*0), rtmp \ -+ STVX V20, (rtmp)(R1) \ -+ MOVD $(offset+16*1), rtmp \ -+ STVX V21, (rtmp)(R1) \ -+ MOVD $(offset+16*2), rtmp \ -+ STVX V22, (rtmp)(R1) \ -+ MOVD $(offset+16*3), rtmp \ -+ STVX V23, (rtmp)(R1) \ -+ MOVD $(offset+16*4), rtmp \ -+ STVX V24, (rtmp)(R1) \ -+ MOVD $(offset+16*5), rtmp \ -+ STVX V25, (rtmp)(R1) \ -+ MOVD $(offset+16*6), rtmp \ -+ STVX V26, (rtmp)(R1) \ -+ MOVD $(offset+16*7), rtmp \ -+ STVX V27, (rtmp)(R1) \ -+ MOVD $(offset+16*8), rtmp \ -+ STVX V28, (rtmp)(R1) \ -+ MOVD $(offset+16*9), rtmp \ -+ STVX V29, (rtmp)(R1) \ -+ MOVD $(offset+16*10), rtmp \ -+ STVX V30, (rtmp)(R1) \ -+ MOVD $(offset+16*11), rtmp \ -+ STVX V31, (rtmp)(R1) -+ -+#define RESTORE_VR(offset, rtmp) \ -+ MOVD $(offset+16*0), rtmp \ -+ LVX (rtmp)(R1), V20 \ -+ MOVD $(offset+16*1), rtmp \ -+ LVX (rtmp)(R1), V21 \ -+ MOVD $(offset+16*2), rtmp \ -+ LVX (rtmp)(R1), V22 \ -+ MOVD $(offset+16*3), rtmp \ -+ LVX (rtmp)(R1), V23 \ -+ MOVD $(offset+16*4), rtmp \ -+ LVX (rtmp)(R1), V24 \ -+ MOVD $(offset+16*5), rtmp \ -+ LVX (rtmp)(R1), V25 \ -+ MOVD $(offset+16*6), rtmp \ -+ LVX (rtmp)(R1), V26 \ -+ MOVD $(offset+16*7), rtmp \ -+ LVX (rtmp)(R1), V27 \ -+ MOVD $(offset+16*8), rtmp \ -+ LVX (rtmp)(R1), V28 \ -+ MOVD $(offset+16*9), rtmp \ -+ LVX (rtmp)(R1), V29 \ -+ MOVD $(offset+16*10), rtmp \ -+ LVX (rtmp)(R1), V30 \ -+ MOVD $(offset+16*11), rtmp \ -+ LVX (rtmp)(R1), V31 -+ -+// LR and CR are saved in the caller's frame. The callee must -+// make space for all other callee-save registers. -+#define SAVE_ALL_REG_SIZE (SAVE_GPR_SIZE+SAVE_FPR_SIZE+SAVE_VR_SIZE) -+ -+// Stack a frame and save all callee-save registers following the -+// host OS's ABI. Fortunately, this is identical for AIX, ELFv1, and -+// ELFv2. All host ABIs require the stack pointer to maintain 16 byte -+// alignment, and save the callee-save registers in the same places. -+// -+// To restate, R1 is assumed to be aligned when this macro is used. -+// This assumes the caller's frame is compliant with the host ABI. -+// CR and LR are saved into the caller's frame per the host ABI. -+// R0 is initialized to $0 as expected by Go. -+#define STACK_AND_SAVE_HOST_TO_GO_ABI(extra) \ -+ MOVD LR, R0 \ -+ MOVD R0, 16(R1) \ -+ MOVW CR, R0 \ -+ MOVD R0, 8(R1) \ -+ MOVDU R1, -(extra)-FIXED_FRAME-SAVE_ALL_REG_SIZE(R1) \ -+ SAVE_GPR(extra+FIXED_FRAME) \ -+ SAVE_FPR(extra+FIXED_FRAME+SAVE_GPR_SIZE) \ -+ SAVE_VR(extra+FIXED_FRAME+SAVE_GPR_SIZE+SAVE_FPR_SIZE, R0) \ -+ MOVD $0, R0 -+ -+// This unstacks the frame, restoring all callee-save registers -+// as saved by STACK_AND_SAVE_HOST_TO_GO_ABI. -+// -+// R0 is not guaranteed to contain $0 after this macro. -+#define UNSTACK_AND_RESTORE_GO_TO_HOST_ABI(extra) \ -+ RESTORE_GPR(extra+FIXED_FRAME) \ -+ RESTORE_FPR(extra+FIXED_FRAME+SAVE_GPR_SIZE) \ -+ RESTORE_VR(extra+FIXED_FRAME+SAVE_GPR_SIZE+SAVE_FPR_SIZE, R0) \ -+ ADD $(extra+FIXED_FRAME+SAVE_ALL_REG_SIZE), R1 \ -+ MOVD 16(R1), R0 \ -+ MOVD R0, LR \ -+ MOVD 8(R1), R0 \ -+ MOVW R0, CR -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_riscv64.h b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_riscv64.h -new file mode 100644 -index 00000000000000..b9322e0c53e2ac ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/abi_riscv64.h -@@ -0,0 +1,72 @@ -+// Copyright 2026 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// Macros for transitioning from the host ABI to Go ABI0. -+// -+// These macros save and restore the callee-saved registers -+// from the stack, but they don't adjust stack pointer, so -+// the user should prepare stack space in advance. -+// SAVE_GPR(offset) saves X8, X9, X18-X27 to the stack space -+// of ((offset)+0*8)(X2) ~ ((offset)+11*8)(X2). -+// -+// SAVE_FPR(offset) saves F8, F9, F18-F27 to the stack space -+// of ((offset)+0*8)(X2) ~ ((offset)+11*8)(X2). -+// -+// Note: g is X27 -+ -+#define SAVE_GPR(offset) \ -+ MOV X8, ((offset)+0*8)(X2) \ -+ MOV X9, ((offset)+1*8)(X2) \ -+ MOV X18, ((offset)+2*8)(X2) \ -+ MOV X19, ((offset)+3*8)(X2) \ -+ MOV X20, ((offset)+4*8)(X2) \ -+ MOV X21, ((offset)+5*8)(X2) \ -+ MOV X22, ((offset)+6*8)(X2) \ -+ MOV X23, ((offset)+7*8)(X2) \ -+ MOV X24, ((offset)+8*8)(X2) \ -+ MOV X25, ((offset)+9*8)(X2) \ -+ MOV X26, ((offset)+10*8)(X2) \ -+ MOV g, ((offset)+11*8)(X2) -+ -+#define RESTORE_GPR(offset) \ -+ MOV ((offset)+0*8)(X2), X8 \ -+ MOV ((offset)+1*8)(X2), X9 \ -+ MOV ((offset)+2*8)(X2), X18 \ -+ MOV ((offset)+3*8)(X2), X19 \ -+ MOV ((offset)+4*8)(X2), X20 \ -+ MOV ((offset)+5*8)(X2), X21 \ -+ MOV ((offset)+6*8)(X2), X22 \ -+ MOV ((offset)+7*8)(X2), X23 \ -+ MOV ((offset)+8*8)(X2), X24 \ -+ MOV ((offset)+9*8)(X2), X25 \ -+ MOV ((offset)+10*8)(X2), X26 \ -+ MOV ((offset)+11*8)(X2), g -+ -+#define SAVE_FPR(offset) \ -+ MOVD F8, ((offset)+0*8)(X2) \ -+ MOVD F9, ((offset)+1*8)(X2) \ -+ MOVD F18, ((offset)+2*8)(X2) \ -+ MOVD F19, ((offset)+3*8)(X2) \ -+ MOVD F20, ((offset)+4*8)(X2) \ -+ MOVD F21, ((offset)+5*8)(X2) \ -+ MOVD F22, ((offset)+6*8)(X2) \ -+ MOVD F23, ((offset)+7*8)(X2) \ -+ MOVD F24, ((offset)+8*8)(X2) \ -+ MOVD F25, ((offset)+9*8)(X2) \ -+ MOVD F26, ((offset)+10*8)(X2) \ -+ MOVD F27, ((offset)+11*8)(X2) -+ -+#define RESTORE_FPR(offset) \ -+ MOVD ((offset)+0*8)(X2), F8 \ -+ MOVD ((offset)+1*8)(X2), F9 \ -+ MOVD ((offset)+2*8)(X2), F18 \ -+ MOVD ((offset)+3*8)(X2), F19 \ -+ MOVD ((offset)+4*8)(X2), F20 \ -+ MOVD ((offset)+5*8)(X2), F21 \ -+ MOVD ((offset)+6*8)(X2), F22 \ -+ MOVD ((offset)+7*8)(X2), F23 \ -+ MOVD ((offset)+8*8)(X2), F24 \ -+ MOVD ((offset)+9*8)(X2), F25 \ -+ MOVD ((offset)+10*8)(X2), F26 \ -+ MOVD ((offset)+11*8)(X2), F27 -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_386.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_386.s -new file mode 100644 -index 00000000000000..7475ec8a0b21fc ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_386.s -@@ -0,0 +1,29 @@ -+// Copyright 2009 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+#include "textflag.h" -+ -+// Called by C code generated by cmd/cgo. -+// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) -+// Saves C callee-saved registers and calls cgocallback with three arguments. -+// fn is the PC of a func(a unsafe.Pointer) function. -+TEXT crosscall2(SB), NOSPLIT, $28-16 -+ MOVL BP, 24(SP) -+ MOVL BX, 20(SP) -+ MOVL SI, 16(SP) -+ MOVL DI, 12(SP) -+ -+ MOVL ctxt+12(FP), AX -+ MOVL AX, 8(SP) -+ MOVL a+4(FP), AX -+ MOVL AX, 4(SP) -+ MOVL fn+0(FP), AX -+ MOVL AX, 0(SP) -+ CALL runtime·cgocallback(SB) -+ -+ MOVL 12(SP), DI -+ MOVL 16(SP), SI -+ MOVL 20(SP), BX -+ MOVL 24(SP), BP -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_amd64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_amd64.s -new file mode 100644 -index 00000000000000..2b7eb57f8ae783 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_amd64.s -@@ -0,0 +1,39 @@ -+// Copyright 2009 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+#include "textflag.h" -+#include "abi_amd64.h" -+ -+// Called by C code generated by cmd/cgo. -+// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) -+// Saves C callee-saved registers and calls cgocallback with three arguments. -+// fn is the PC of a func(a unsafe.Pointer) function. -+// This signature is known to SWIG, so we can't change it. -+TEXT crosscall2(SB), NOSPLIT, $0-0 -+ PUSH_REGS_HOST_TO_ABI0() -+ -+ // Make room for arguments to cgocallback. -+ ADJSP $0x18 -+ -+#ifndef GOOS_windows -+ MOVQ DI, 0x0(SP) // fn -+ MOVQ SI, 0x8(SP) // arg -+ -+ // Skip n in DX. -+ MOVQ CX, 0x10(SP) // ctxt -+ -+#else -+ MOVQ CX, 0x0(SP) // fn -+ MOVQ DX, 0x8(SP) // arg -+ -+ // Skip n in R8. -+ MOVQ R9, 0x10(SP) // ctxt -+ -+#endif -+ -+ CALL runtime·cgocallback(SB) -+ -+ ADJSP $-0x18 -+ POP_REGS_HOST_TO_ABI0() -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_arm.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_arm.s -new file mode 100644 -index 00000000000000..68034e6035aa44 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_arm.s -@@ -0,0 +1,52 @@ -+// Copyright 2012 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+#include "textflag.h" -+ -+// Called by C code generated by cmd/cgo. -+// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) -+// Saves C callee-saved registers and calls cgocallback with three arguments. -+// fn is the PC of a func(a unsafe.Pointer) function. -+TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0 -+ SUB $(8*9), R13 // Reserve space for the floating point registers. -+ -+ // The C arguments arrive in R0, R1, R2, and R3. We want to -+ // pass R0, R1, and R3 to Go, so we push those on the stack. -+ // Also, save C callee-save registers R4-R12. -+ MOVM.WP [R0, R1, R3, R4, R5, R6, R7, R8, R9, g, R11, R12], (R13) -+ -+ // Finally, save the link register R14. This also puts the -+ // arguments we pushed for cgocallback where they need to be, -+ // starting at 4(R13). -+ MOVW.W R14, -4(R13) -+ -+ // Save VFP callee-saved registers D8-D15 (same as S16-S31). -+ // Note: We always save these since we target hard-float ABI. -+ MOVD F8, (13*4+8*1)(R13) -+ MOVD F9, (13*4+8*2)(R13) -+ MOVD F10, (13*4+8*3)(R13) -+ MOVD F11, (13*4+8*4)(R13) -+ MOVD F12, (13*4+8*5)(R13) -+ MOVD F13, (13*4+8*6)(R13) -+ MOVD F14, (13*4+8*7)(R13) -+ MOVD F15, (13*4+8*8)(R13) -+ -+ BL runtime·load_g(SB) -+ -+ // We set up the arguments to cgocallback when saving registers above. -+ BL runtime·cgocallback(SB) -+ -+ MOVD (13*4+8*1)(R13), F8 -+ MOVD (13*4+8*2)(R13), F9 -+ MOVD (13*4+8*3)(R13), F10 -+ MOVD (13*4+8*4)(R13), F11 -+ MOVD (13*4+8*5)(R13), F12 -+ MOVD (13*4+8*6)(R13), F13 -+ MOVD (13*4+8*7)(R13), F14 -+ MOVD (13*4+8*8)(R13), F15 -+ -+ MOVW.P 4(R13), R14 -+ MOVM.IAW (R13), [R0, R1, R3, R4, R5, R6, R7, R8, R9, g, R11, R12] -+ ADD $(8*9), R13 -+ MOVW R14, R15 -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_arm64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_arm64.s -new file mode 100644 -index 00000000000000..50e5261d922c56 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_arm64.s -@@ -0,0 +1,36 @@ -+// Copyright 2015 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+#include "textflag.h" -+#include "abi_arm64.h" -+ -+// Called by C code generated by cmd/cgo. -+// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) -+// Saves C callee-saved registers and calls cgocallback with three arguments. -+// fn is the PC of a func(a unsafe.Pointer) function. -+TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0 -+/* -+ * We still need to save all callee save register as before, and then -+ * push 3 args for fn (R0, R1, R3), skipping R2. -+ * Also note that at procedure entry in gc world, 8(RSP) will be the -+ * first arg. -+ */ -+ SUB $(8*24), RSP -+ STP (R0, R1), (8*1)(RSP) -+ MOVD R3, (8*3)(RSP) -+ -+ SAVE_R19_TO_R28(8*4) -+ SAVE_F8_TO_F15(8*14) -+ STP (R29, R30), (8*22)(RSP) -+ -+ // Initialize Go ABI environment -+ BL runtime·load_g(SB) -+ BL runtime·cgocallback(SB) -+ -+ RESTORE_R19_TO_R28(8*4) -+ RESTORE_F8_TO_F15(8*14) -+ LDP (8*22)(RSP), (R29, R30) -+ -+ ADD $(8*24), RSP -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_loong64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_loong64.s -new file mode 100644 -index 00000000000000..e81df86a56e4ad ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_loong64.s -@@ -0,0 +1,40 @@ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+#include "textflag.h" -+#include "abi_loong64.h" -+ -+// Called by C code generated by cmd/cgo. -+// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) -+// Saves C callee-saved registers and calls cgocallback with three arguments. -+// fn is the PC of a func(a unsafe.Pointer) function. -+TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0 -+/* -+ * We still need to save all callee save register as before, and then -+ * push 3 args for fn (R4, R5, R7), skipping R6. -+ * Also note that at procedure entry in gc world, 8(R29) will be the -+ * first arg. -+ */ -+ -+ ADDV $(-23*8), R3 -+ MOVV R4, (1*8)(R3) // fn unsafe.Pointer -+ MOVV R5, (2*8)(R3) // a unsafe.Pointer -+ MOVV R7, (3*8)(R3) // ctxt uintptr -+ -+ SAVE_R22_TO_R31((4*8)) -+ SAVE_F24_TO_F31((14*8)) -+ MOVV R1, (22*8)(R3) -+ -+ // Initialize Go ABI environment -+ JAL runtime·load_g(SB) -+ -+ JAL runtime·cgocallback(SB) -+ -+ RESTORE_R22_TO_R31((4*8)) -+ RESTORE_F24_TO_F31((14*8)) -+ MOVV (22*8)(R3), R1 -+ -+ ADDV $(23*8), R3 -+ -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_ppc64le.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_ppc64le.s -new file mode 100644 -index 00000000000000..6d1938cd8d8bcd ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_ppc64le.s -@@ -0,0 +1,82 @@ -+// Copyright 2014 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+#include "textflag.h" -+#include "abi_ppc64x.h" -+ -+// Called by C code generated by cmd/cgo. -+// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) -+// Saves C callee-saved registers and calls cgocallback with three arguments. -+// fn is the PC of a func(a unsafe.Pointer) function. -+// -+// This is a simplified version that only saves GPR and FPR registers, -+// not vector registers. This keeps the stack frame smaller to avoid -+// exceeding the nosplit stack limit. -+// -+// On PPC64LE ELFv2, callee-save registers are: -+// R14-R31 (18 GPRs = 144 bytes) -+// F14-F31 (18 FPRs = 144 bytes) -+// CR2-CR4 (saved in CR field) -+// -+// Stack layout (must be 16-byte aligned): -+// 32 (FIXED_FRAME) + 24 (args) + 144 (GPR) + 144 (FPR) = 344 -+// Rounded to 352 for 16-byte alignment. -+ -+#define FIXED_FRAME 32 -+#define SAVE_SIZE 352 -+#define GPR_OFFSET (FIXED_FRAME+24) -+#define FPR_OFFSET (GPR_OFFSET+SAVE_GPR_SIZE) -+ -+TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0 -+ // Save LR and CR in caller's frame per ELFv2 ABI -+ MOVD LR, R0 -+ MOVD R0, 16(R1) -+ MOVW CR, R0 -+ MOVD R0, 8(R1) -+ -+ // Allocate our stack frame -+ MOVDU R1, -SAVE_SIZE(R1) -+ -+ // Save TOC (R2) in case needed -+ MOVD R2, 24(R1) -+ -+ // Save callee-save GPRs -+ SAVE_GPR(GPR_OFFSET) -+ -+ // Save callee-save FPRs -+ SAVE_FPR(FPR_OFFSET) -+ -+ // Initialize R0 to 0 as expected by Go -+ MOVD $0, R0 -+ -+ // Load the current g. -+ BL runtime·load_g(SB) -+ -+ // Set up arguments for cgocallback -+ MOVD R3, FIXED_FRAME+0(R1) // fn unsafe.Pointer -+ MOVD R4, FIXED_FRAME+8(R1) // a unsafe.Pointer -+ -+ // Skip R5 = n uint32 -+ MOVD R6, FIXED_FRAME+16(R1) // ctxt uintptr -+ BL runtime·cgocallback(SB) -+ -+ // Restore callee-save FPRs -+ RESTORE_FPR(FPR_OFFSET) -+ -+ // Restore callee-save GPRs -+ RESTORE_GPR(GPR_OFFSET) -+ -+ // Restore TOC -+ MOVD 24(R1), R2 -+ -+ // Deallocate stack frame -+ ADD $SAVE_SIZE, R1 -+ -+ // Restore LR and CR from caller's frame -+ MOVD 16(R1), R0 -+ MOVD R0, LR -+ MOVD 8(R1), R0 -+ MOVW R0, CR -+ -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_riscv64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_riscv64.s -new file mode 100644 -index 00000000000000..d34699e5a84d2a ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_riscv64.s -@@ -0,0 +1,37 @@ -+// Copyright 2020 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+#include "textflag.h" -+#include "abi_riscv64.h" -+ -+// Called by C code generated by cmd/cgo. -+// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) -+// Saves C callee-saved registers and calls cgocallback with three arguments. -+// fn is the PC of a func(a unsafe.Pointer) function. -+TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0 -+/* -+ * Push arguments for fn (X10, X11, X13), along with all callee-save -+ * registers. Note that at procedure entry the first argument is at -+ * 8(X2). -+ */ -+ ADD $(-8*29), X2 -+ MOV X10, (8*1)(X2) // fn unsafe.Pointer -+ MOV X11, (8*2)(X2) // a unsafe.Pointer -+ MOV X13, (8*3)(X2) // ctxt uintptr -+ -+ SAVE_GPR((8*4)) -+ MOV X1, (8*16)(X2) -+ SAVE_FPR((8*17)) -+ -+ // Initialize Go ABI environment -+ CALL runtime·load_g(SB) -+ CALL runtime·cgocallback(SB) -+ -+ RESTORE_GPR((8*4)) -+ MOV (8*16)(X2), X1 -+ RESTORE_FPR((8*17)) -+ -+ ADD $(8*29), X2 -+ -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_s390x.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_s390x.s -new file mode 100644 -index 00000000000000..b64466501dee38 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/asm_s390x.s -@@ -0,0 +1,55 @@ -+// Copyright 2016 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+#include "textflag.h" -+ -+// Called by C code generated by cmd/cgo. -+// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) -+// Saves C callee-saved registers and calls cgocallback with three arguments. -+// fn is the PC of a func(a unsafe.Pointer) function. -+TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0 -+ // Start with standard C stack frame layout and linkage. -+ -+ // Save R6-R15 in the register save area of the calling function. -+ STMG R6, R15, 48(R15) -+ -+ // Allocate 96 bytes on the stack. -+ MOVD $-96(R15), R15 -+ -+ // Save F8-F15 in our stack frame. -+ FMOVD F8, 32(R15) -+ FMOVD F9, 40(R15) -+ FMOVD F10, 48(R15) -+ FMOVD F11, 56(R15) -+ FMOVD F12, 64(R15) -+ FMOVD F13, 72(R15) -+ FMOVD F14, 80(R15) -+ FMOVD F15, 88(R15) -+ -+ // Initialize Go ABI environment. -+ BL runtime·load_g(SB) -+ -+ MOVD R2, 8(R15) // fn unsafe.Pointer -+ MOVD R3, 16(R15) // a unsafe.Pointer -+ -+ // Skip R4 = n uint32 -+ MOVD R5, 24(R15) // ctxt uintptr -+ BL runtime·cgocallback(SB) -+ -+ FMOVD 32(R15), F8 -+ FMOVD 40(R15), F9 -+ FMOVD 48(R15), F10 -+ FMOVD 56(R15), F11 -+ FMOVD 64(R15), F12 -+ FMOVD 72(R15), F13 -+ FMOVD 80(R15), F14 -+ FMOVD 88(R15), F15 -+ -+ // De-allocate stack frame. -+ MOVD $96(R15), R15 -+ -+ // Restore R6-R15. -+ LMG 48(R15), R6, R15 -+ -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/callbacks.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/callbacks.go -new file mode 100644 -index 00000000000000..f29e690cc15b3a ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/callbacks.go -@@ -0,0 +1,93 @@ -+// Copyright 2011 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+package fakecgo -+ -+import ( -+ _ "unsafe" -+) -+ -+// TODO: decide if we need _runtime_cgo_panic_internal -+ -+//go:linkname x_cgo_init_trampoline x_cgo_init_trampoline -+//go:linkname _cgo_init _cgo_init -+var x_cgo_init_trampoline byte -+var _cgo_init = &x_cgo_init_trampoline -+ -+// Creates a new system thread without updating any Go state. -+// -+// This method is invoked during shared library loading to create a new OS -+// thread to perform the runtime initialization. This method is similar to -+// _cgo_sys_thread_start except that it doesn't update any Go state. -+ -+//go:linkname x_cgo_thread_start_trampoline x_cgo_thread_start_trampoline -+//go:linkname _cgo_thread_start _cgo_thread_start -+var x_cgo_thread_start_trampoline byte -+var _cgo_thread_start = &x_cgo_thread_start_trampoline -+ -+// Notifies that the runtime has been initialized. -+// -+// We currently block at every CGO entry point (via _cgo_wait_runtime_init_done) -+// to ensure that the runtime has been initialized before the CGO call is -+// executed. This is necessary for shared libraries where we kickoff runtime -+// initialization in a separate thread and return without waiting for this -+// thread to complete the init. -+ -+//go:linkname x_cgo_notify_runtime_init_done_trampoline x_cgo_notify_runtime_init_done_trampoline -+//go:linkname _cgo_notify_runtime_init_done _cgo_notify_runtime_init_done -+var x_cgo_notify_runtime_init_done_trampoline byte -+var _cgo_notify_runtime_init_done = &x_cgo_notify_runtime_init_done_trampoline -+ -+// Indicates whether a dummy thread key has been created or not. -+// -+// When calling go exported function from C, we register a destructor -+// callback, for a dummy thread key, by using pthread_key_create. -+ -+//go:linkname _cgo_pthread_key_created _cgo_pthread_key_created -+var x_cgo_pthread_key_created uintptr -+var _cgo_pthread_key_created = &x_cgo_pthread_key_created -+ -+// Set the x_crosscall2_ptr C function pointer variable point to crosscall2. -+// It's for the runtime package to call at init time. -+func set_crosscall2() { -+ // nothing needs to be done here for fakecgo -+ // because it's possible to just call cgocallback directly -+} -+ -+//go:linkname _set_crosscall2 runtime.set_crosscall2 -+var _set_crosscall2 = set_crosscall2 -+ -+// Store the g into the thread-specific value. -+// So that pthread_key_destructor will dropm when the thread is exiting. -+ -+//go:linkname x_cgo_bindm_trampoline x_cgo_bindm_trampoline -+//go:linkname _cgo_bindm _cgo_bindm -+var x_cgo_bindm_trampoline byte -+var _cgo_bindm = &x_cgo_bindm_trampoline -+ -+// TODO: decide if we need x_cgo_set_context_function -+// TODO: decide if we need _cgo_yield -+ -+var ( -+ // In Go 1.20 the race detector was rewritten to pure Go -+ // on darwin. This means that when CGO_ENABLED=0 is set -+ // fakecgo is built with race detector code. This is not -+ // good since this code is pretending to be C. The go:norace -+ // pragma is not enough, since it only applies to the native -+ // ABIInternal function. The ABIO wrapper (which is necessary, -+ // since all references to text symbols from assembly will use it) -+ // does not inherit the go:norace pragma, so it will still be -+ // instrumented by the race detector. -+ // -+ // To circumvent this issue, using closure calls in the -+ // assembly, which forces the compiler to use the ABIInternal -+ // native implementation (which has go:norace) instead. -+ threadentry_call = threadentry -+ x_cgo_init_call = x_cgo_init -+ x_cgo_setenv_call = x_cgo_setenv -+ x_cgo_unsetenv_call = x_cgo_unsetenv -+ x_cgo_thread_start_call = x_cgo_thread_start -+) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/fakecgo.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/fakecgo.go -new file mode 100644 -index 00000000000000..58b95e1f4157f2 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/fakecgo.go -@@ -0,0 +1,14 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2025 The Ebitengine Authors -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+package fakecgo -+ -+import _ "unsafe" -+ -+// setg_trampoline calls setg with the G provided -+func setg_trampoline(setg uintptr, G uintptr) -+ -+// call5 takes fn the C function and 5 arguments and calls the function with those arguments -+func call5(fn, a1, a2, a3, a4, a5 uintptr) uintptr -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/fakecgo.lock b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/fakecgo.lock -new file mode 100644 -index 00000000000000..9b0650d53777bd ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/fakecgo.lock -@@ -0,0 +1,3 @@ -+{ -+ "commit_hash": "5110604b3385278be6887d0feead513a1bfe7a82" -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/freebsd.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/freebsd.go -new file mode 100644 -index 00000000000000..bb73a709e69188 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/freebsd.go -@@ -0,0 +1,27 @@ -+// Copyright 2010 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build freebsd && !cgo -+ -+package fakecgo -+ -+import _ "unsafe" // for go:linkname -+ -+// Supply environ and __progname, because we don't -+// link against the standard FreeBSD crt0.o and the -+// libc dynamic library needs them. -+ -+// Note: when building with cross-compiling or CGO_ENABLED=0, add -+// the following argument to `go` so that these symbols are defined by -+// making fakecgo the Cgo. -+// -gcflags="github.com/ebitengine/purego/internal/fakecgo=-std" -+ -+//go:linkname _environ environ -+//go:linkname _progname __progname -+ -+//go:cgo_export_dynamic environ -+//go:cgo_export_dynamic __progname -+ -+var _environ uintptr -+var _progname uintptr -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/generate.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/generate.go -new file mode 100644 -index 00000000000000..ca8d5f843f8421 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/generate.go -@@ -0,0 +1,3 @@ -+package fakecgo -+ -+//go:generate go run update_tool.go -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_darwin.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_darwin.go -new file mode 100644 -index 00000000000000..d0868f0f790351 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_darwin.go -@@ -0,0 +1,88 @@ -+// Copyright 2011 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo -+ -+package fakecgo -+ -+import "unsafe" -+ -+//go:nosplit -+//go:norace -+func _cgo_sys_thread_start(ts *ThreadStart) { -+ var attr pthread_attr_t -+ var ign, oset sigset_t -+ var p pthread_t -+ var size size_t -+ var err int -+ -+ sigfillset(&ign) -+ pthread_sigmask(SIG_SETMASK, &ign, &oset) -+ -+ size = pthread_get_stacksize_np(pthread_self()) -+ pthread_attr_init(&attr) -+ pthread_attr_setstacksize(&attr, size) -+ // Leave stacklo=0 and set stackhi=size; mstart will do the rest. -+ ts.g.stackhi = uintptr(size) -+ -+ err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts) -+ -+ pthread_sigmask(SIG_SETMASK, &oset, nil) -+ -+ if err != 0 { -+ print("fakecgo: pthread_create failed: ") -+ println(err) -+ abort() -+ } -+} -+ -+// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function -+// -+//go:linkname x_threadentry_trampoline threadentry_trampoline -+var x_threadentry_trampoline byte -+var threadentry_trampolineABI0 = &x_threadentry_trampoline -+ -+//go:nosplit -+//go:norace -+func threadentry(v unsafe.Pointer) unsafe.Pointer { -+ ts := *(*ThreadStart)(v) -+ free(v) -+ -+ // TODO: support ios -+ //#if TARGET_OS_IPHONE -+ // darwin_arm_init_thread_exception_port(); -+ //#endif -+ setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g))) -+ -+ // faking funcs in go is a bit a... involved - but the following works :) -+ fn := uintptr(unsafe.Pointer(&ts.fn)) -+ (*(*func())(unsafe.Pointer(&fn)))() -+ -+ return nil -+} -+ -+// here we will store a pointer to the provided setg func -+var setg_func uintptr -+ -+// x_cgo_init(G *g, void (*setg)(void*)) (runtime/cgo/gcc_linux_amd64.c) -+// This get's called during startup, adjusts stacklo, and provides a pointer to setg_gcc for us -+// Additionally, if we set _cgo_init to non-null, go won't do it's own TLS setup -+// This function can't be go:systemstack since go is not in a state where the systemcheck would work. -+// -+//go:nosplit -+//go:norace -+func x_cgo_init(g *G, setg uintptr) { -+ var size size_t -+ -+ setg_func = setg -+ size = pthread_get_stacksize_np(pthread_self()) -+ g.stacklo = uintptr(unsafe.Add(unsafe.Pointer(&size), -size+4096)) -+ -+ //TODO: support ios -+ //#if TARGET_OS_IPHONE -+ // darwin_arm_init_mach_exception_handler(); -+ // darwin_arm_init_thread_exception_port(); -+ // init_working_dir(); -+ //#endif -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_freebsd.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_freebsd.go -new file mode 100644 -index 00000000000000..55ff71e2672086 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_freebsd.go -@@ -0,0 +1,79 @@ -+// Copyright 2011 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo -+ -+package fakecgo -+ -+import "unsafe" -+ -+//go:nosplit -+func _cgo_sys_thread_start(ts *ThreadStart) { -+ var attr pthread_attr_t -+ var ign, oset sigset_t -+ var p pthread_t -+ var size size_t -+ var err int -+ -+ // fprintf(stderr, "runtime/cgo: _cgo_sys_thread_start: fn=%p, g=%p\n", ts->fn, ts->g); // debug -+ sigfillset(&ign) -+ pthread_sigmask(SIG_SETMASK, &ign, &oset) -+ -+ pthread_attr_init(&attr) -+ pthread_attr_getstacksize(&attr, &size) -+ // Leave stacklo=0 and set stackhi=size; mstart will do the rest. -+ ts.g.stackhi = uintptr(size) -+ -+ err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts) -+ -+ pthread_sigmask(SIG_SETMASK, &oset, nil) -+ -+ if err != 0 { -+ print("fakecgo: pthread_create failed: ") -+ println(err) -+ abort() -+ } -+} -+ -+// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function -+// -+//go:linkname x_threadentry_trampoline threadentry_trampoline -+var x_threadentry_trampoline byte -+var threadentry_trampolineABI0 = &x_threadentry_trampoline -+ -+//go:nosplit -+func threadentry(v unsafe.Pointer) unsafe.Pointer { -+ ts := *(*ThreadStart)(v) -+ free(v) -+ -+ setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g))) -+ -+ // faking funcs in go is a bit a... involved - but the following works :) -+ fn := uintptr(unsafe.Pointer(&ts.fn)) -+ (*(*func())(unsafe.Pointer(&fn)))() -+ -+ return nil -+} -+ -+// here we will store a pointer to the provided setg func -+var setg_func uintptr -+ -+// x_cgo_init(G *g, void (*setg)(void*)) (runtime/cgo/gcc_linux_amd64.c) -+// This get's called during startup, adjusts stacklo, and provides a pointer to setg_gcc for us -+// Additionally, if we set _cgo_init to non-null, go won't do it's own TLS setup -+// This function can't be go:systemstack since go is not in a state where the systemcheck would work. -+// -+//go:nosplit -+func x_cgo_init(g *G, setg uintptr) { -+ var size size_t -+ var attr pthread_attr_t -+ -+ setg_func = setg -+ pthread_attr_init(&attr) -+ pthread_attr_getstacksize(&attr, &size) -+ // runtime/cgo uses __builtin_frame_address(0) instead of `uintptr(unsafe.Pointer(&size))` -+ // but this should be OK since we are taking the address of the first variable in this function. -+ g.stacklo = uintptr(unsafe.Pointer(&size)) - uintptr(size) + 4096 -+ pthread_attr_destroy(&attr) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_libinit.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_libinit.go -new file mode 100644 -index 00000000000000..e5a66f39d4f3f5 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_libinit.go -@@ -0,0 +1,72 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+package fakecgo -+ -+import ( -+ "syscall" -+ "unsafe" -+) -+ -+var ( -+ pthread_g pthread_key_t -+ -+ runtime_init_cond = PTHREAD_COND_INITIALIZER -+ runtime_init_mu = PTHREAD_MUTEX_INITIALIZER -+ runtime_init_done int -+) -+ -+//go:nosplit -+//go:norace -+func x_cgo_notify_runtime_init_done() { -+ pthread_mutex_lock(&runtime_init_mu) -+ runtime_init_done = 1 -+ pthread_cond_broadcast(&runtime_init_cond) -+ pthread_mutex_unlock(&runtime_init_mu) -+} -+ -+// Store the g into a thread-specific value associated with the pthread key pthread_g. -+// And pthread_key_destructor will dropm when the thread is exiting. -+// -+//go:norace -+func x_cgo_bindm(g unsafe.Pointer) { -+ // We assume this will always succeed, otherwise, there might be extra M leaking, -+ // when a C thread exits after a cgo call. -+ // We only invoke this function once per thread in runtime.needAndBindM, -+ // and the next calls just reuse the bound m. -+ pthread_setspecific(pthread_g, g) -+} -+ -+// _cgo_try_pthread_create retries pthread_create if it fails with -+// EAGAIN. -+// -+//go:nosplit -+//go:norace -+func _cgo_try_pthread_create(thread *pthread_t, attr *pthread_attr_t, pfn unsafe.Pointer, arg *ThreadStart) int { -+ var ts syscall.Timespec -+ // tries needs to be the same type as syscall.Timespec.Nsec -+ // but the fields are int32 on 32bit and int64 on 64bit. -+ // tries is assigned to syscall.Timespec.Nsec in order to match its type. -+ tries := ts.Nsec -+ var err int -+ -+ for tries = 0; tries < 20; tries++ { -+ // inlined this call because it ran out of stack when inlining was disabled -+ err = int(call5(pthread_createABI0, uintptr(unsafe.Pointer(thread)), uintptr(unsafe.Pointer(attr)), uintptr(pfn), uintptr(unsafe.Pointer(arg)), 0)) -+ if err == 0 { -+ // inlined this call because it ran out of stack when inlining was disabled -+ call5(pthread_detachABI0, uintptr(*thread), 0, 0, 0, 0) -+ return 0 -+ } -+ if err != int(syscall.EAGAIN) { -+ return err -+ } -+ ts.Sec = 0 -+ ts.Nsec = (tries + 1) * 1000 * 1000 // Milliseconds. -+ // inlined this call because it ran out of stack when inlining was disabled -+ call5(nanosleepABI0, uintptr(unsafe.Pointer(&ts)), 0, 0, 0, 0) -+ } -+ return int(syscall.EAGAIN) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_linux.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_linux.go -new file mode 100644 -index 00000000000000..089d9fe489407b ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_linux.go -@@ -0,0 +1,79 @@ -+// Copyright 2011 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo -+ -+package fakecgo -+ -+import "unsafe" -+ -+//go:nosplit -+func _cgo_sys_thread_start(ts *ThreadStart) { -+ var attr pthread_attr_t -+ var ign, oset sigset_t -+ var p pthread_t -+ var size size_t -+ var err int -+ -+ //fprintf(stderr, "runtime/cgo: _cgo_sys_thread_start: fn=%p, g=%p\n", ts->fn, ts->g); // debug -+ sigfillset(&ign) -+ pthread_sigmask(SIG_SETMASK, &ign, &oset) -+ -+ pthread_attr_init(&attr) -+ pthread_attr_getstacksize(&attr, &size) -+ // Leave stacklo=0 and set stackhi=size; mstart will do the rest. -+ ts.g.stackhi = uintptr(size) -+ -+ err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts) -+ -+ pthread_sigmask(SIG_SETMASK, &oset, nil) -+ -+ if err != 0 { -+ print("fakecgo: pthread_create failed: ") -+ println(err) -+ abort() -+ } -+} -+ -+// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function -+// -+//go:linkname x_threadentry_trampoline threadentry_trampoline -+var x_threadentry_trampoline byte -+var threadentry_trampolineABI0 = &x_threadentry_trampoline -+ -+//go:nosplit -+func threadentry(v unsafe.Pointer) unsafe.Pointer { -+ ts := *(*ThreadStart)(v) -+ free(v) -+ -+ setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g))) -+ -+ // faking funcs in go is a bit a... involved - but the following works :) -+ fn := uintptr(unsafe.Pointer(&ts.fn)) -+ (*(*func())(unsafe.Pointer(&fn)))() -+ -+ return nil -+} -+ -+// here we will store a pointer to the provided setg func -+var setg_func uintptr -+ -+// x_cgo_init(G *g, void (*setg)(void*)) (runtime/cgo/gcc_linux_amd64.c) -+// This get's called during startup, adjusts stacklo, and provides a pointer to setg_gcc for us -+// Additionally, if we set _cgo_init to non-null, go won't do it's own TLS setup -+// This function can't be go:systemstack since go is not in a state where the systemcheck would work. -+// -+//go:nosplit -+func x_cgo_init(g *G, setg uintptr) { -+ var size size_t -+ var attr pthread_attr_t -+ -+ setg_func = setg -+ pthread_attr_init(&attr) -+ pthread_attr_getstacksize(&attr, &size) -+ // runtime/cgo uses __builtin_frame_address(0) instead of `uintptr(unsafe.Pointer(&size))` -+ // but this should be OK since we are taking the address of the first variable in this function. -+ g.stacklo = uintptr(unsafe.Pointer(&size)) - uintptr(size) + 4096 -+ pthread_attr_destroy(&attr) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_setenv.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_setenv.go -new file mode 100644 -index 00000000000000..e42d84f0b75ea6 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_setenv.go -@@ -0,0 +1,18 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+package fakecgo -+ -+//go:nosplit -+//go:norace -+func x_cgo_setenv(arg *[2]*byte) { -+ setenv(arg[0], arg[1], 1) -+} -+ -+//go:nosplit -+//go:norace -+func x_cgo_unsetenv(arg *[1]*byte) { -+ unsetenv(arg[0]) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_util.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_util.go -new file mode 100644 -index 00000000000000..ff190007e8b6c0 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/go_util.go -@@ -0,0 +1,38 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+package fakecgo -+ -+import "unsafe" -+ -+// _cgo_thread_start is split into three parts in cgo since only one part is system dependent (keep it here for easier handling) -+ -+// _cgo_thread_start(ThreadStart *arg) (runtime/cgo/gcc_util.c) -+// This get's called instead of the go code for creating new threads -+// -> pthread_* stuff is used, so threads are setup correctly for C -+// If this is missing, TLS is only setup correctly on thread 1! -+// This function should be go:systemstack instead of go:nosplit (but that requires runtime) -+// -+//go:nosplit -+//go:norace -+func x_cgo_thread_start(arg *ThreadStart) { -+ var ts *ThreadStart -+ // Make our own copy that can persist after we return. -+ // _cgo_tsan_acquire(); -+ ts = (*ThreadStart)(malloc(unsafe.Sizeof(*ts))) -+ // _cgo_tsan_release(); -+ if ts == nil { -+ println("fakecgo: out of memory in thread_start") -+ abort() -+ } -+ // *ts = *arg would cause a writebarrier so copy using slices -+ const ptrSize = unsafe.Sizeof(uintptr(0)) -+ s1 := unsafe.Slice((*uintptr)(unsafe.Pointer(ts)), unsafe.Sizeof(*ts)/ptrSize) -+ s2 := unsafe.Slice((*uintptr)(unsafe.Pointer(arg)), unsafe.Sizeof(*arg)/ptrSize) -+ for i := range s2 { -+ s1[i] = s2[i] -+ } -+ _cgo_sys_thread_start(ts) // OS-dependent half -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/iscgo.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/iscgo.go -new file mode 100644 -index 00000000000000..28af41cc640724 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/iscgo.go -@@ -0,0 +1,19 @@ -+// Copyright 2010 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+// The runtime package contains an uninitialized definition -+// for runtime·iscgo. Override it to tell the runtime we're here. -+// There are various function pointers that should be set too, -+// but those depend on dynamic linker magic to get initialized -+// correctly, and sometimes they break. This variable is a -+// backup: it depends only on old C style static linking rules. -+ -+package fakecgo -+ -+import _ "unsafe" // for go:linkname -+ -+//go:linkname _iscgo runtime.iscgo -+var _iscgo bool = true -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo.go -new file mode 100644 -index 00000000000000..38f94419397d8d ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo.go -@@ -0,0 +1,39 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+package fakecgo -+ -+type ( -+ size_t uintptr -+ // Sources: -+ // Darwin (32 bytes) - https://github.com/apple/darwin-xnu/blob/2ff845c2e033bd0ff64b5b6aa6063a1f8f65aa32/bsd/sys/_types.h#L74 -+ // FreeBSD (32 bytes) - https://github.com/DoctorWkt/xv6-freebsd/blob/d2a294c2a984baed27676068b15ed9a29b06ab6f/include/signal.h#L98C9-L98C21 -+ // Linux (128 bytes) - https://github.com/torvalds/linux/blob/ab75170520d4964f3acf8bb1f91d34cbc650688e/arch/x86/include/asm/signal.h#L25 -+ sigset_t [128]byte -+ pthread_attr_t [64]byte -+ pthread_t int -+ pthread_key_t uint64 -+) -+ -+// for pthread_sigmask: -+ -+type sighow int32 -+ -+const ( -+ SIG_BLOCK sighow = 0 -+ SIG_UNBLOCK sighow = 1 -+ SIG_SETMASK sighow = 2 -+) -+ -+type G struct { -+ stacklo uintptr -+ stackhi uintptr -+} -+ -+type ThreadStart struct { -+ g *G -+ tls *uintptr -+ fn uintptr -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo_darwin.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo_darwin.go -new file mode 100644 -index 00000000000000..ecdcb2e7852560 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo_darwin.go -@@ -0,0 +1,26 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo -+ -+package fakecgo -+ -+type ( -+ pthread_mutex_t struct { -+ sig int64 -+ opaque [56]byte -+ } -+ pthread_cond_t struct { -+ sig int64 -+ opaque [40]byte -+ } -+) -+ -+var ( -+ PTHREAD_COND_INITIALIZER = pthread_cond_t{sig: 0x3CB0B1BB} -+ PTHREAD_MUTEX_INITIALIZER = pthread_mutex_t{sig: 0x32AAABA7} -+) -+ -+type stack_t struct { -+ /* not implemented */ -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo_freebsd.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo_freebsd.go -new file mode 100644 -index 00000000000000..4bfb70c3d5ee9a ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo_freebsd.go -@@ -0,0 +1,20 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo -+ -+package fakecgo -+ -+type ( -+ pthread_cond_t uintptr -+ pthread_mutex_t uintptr -+) -+ -+var ( -+ PTHREAD_COND_INITIALIZER = pthread_cond_t(0) -+ PTHREAD_MUTEX_INITIALIZER = pthread_mutex_t(0) -+) -+ -+type stack_t struct { -+ /* not implemented */ -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo_linux.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo_linux.go -new file mode 100644 -index 00000000000000..b08a44a1001bc0 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/libcgo_linux.go -@@ -0,0 +1,20 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo -+ -+package fakecgo -+ -+type ( -+ pthread_cond_t [48]byte -+ pthread_mutex_t [48]byte -+) -+ -+var ( -+ PTHREAD_COND_INITIALIZER = pthread_cond_t{} -+ PTHREAD_MUTEX_INITIALIZER = pthread_mutex_t{} -+) -+ -+type stack_t struct { -+ /* not implemented */ -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/linux.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/linux.go -new file mode 100644 -index 00000000000000..f98e272e42720e ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/linux.go -@@ -0,0 +1,184 @@ -+// Copyright 2016 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo && linux -+ -+package fakecgo -+ -+import "unsafe" -+ -+// argset matches runtime/cgocall.go:argset. -+type argset struct { -+ args *uintptr -+ retval uintptr -+} -+ -+//go:nosplit -+//go:norace -+func (a *argset) arg(i int) unsafe.Pointer { -+ return *(*unsafe.Pointer)(unsafe.Add(unsafe.Pointer(a.args), uintptr(i)*unsafe.Sizeof(uintptr(0)))) -+} -+ -+//go:linkname _cgo_libc_setegid syscall.cgo_libc_setegid -+//go:linkname _cgo_libc_seteuid syscall.cgo_libc_seteuid -+//go:linkname _cgo_libc_setgid syscall.cgo_libc_setgid -+//go:linkname _cgo_libc_setregid syscall.cgo_libc_setregid -+//go:linkname _cgo_libc_setresgid syscall.cgo_libc_setresgid -+//go:linkname _cgo_libc_setresuid syscall.cgo_libc_setresuid -+//go:linkname _cgo_libc_setreuid syscall.cgo_libc_setreuid -+//go:linkname _cgo_libc_setuid syscall.cgo_libc_setuid -+//go:linkname _cgo_libc_setgroups syscall.cgo_libc_setgroups -+ -+var _cgo_libc_setegid = &_cgo_purego_setegid_trampoline -+var _cgo_libc_seteuid = &_cgo_purego_seteuid_trampoline -+var _cgo_libc_setgid = &_cgo_purego_setgid_trampoline -+var _cgo_libc_setregid = &_cgo_purego_setregid_trampoline -+var _cgo_libc_setresgid = &_cgo_purego_setresgid_trampoline -+var _cgo_libc_setresuid = &_cgo_purego_setresuid_trampoline -+var _cgo_libc_setreuid = &_cgo_purego_setreuid_trampoline -+var _cgo_libc_setuid = &_cgo_purego_setuid_trampoline -+var _cgo_libc_setgroups = &_cgo_purego_setgroups_trampoline -+ -+//go:nosplit -+//go:norace -+func errno() int32 { -+ // this indirection is to avoid go vet complaining about possible misuse of unsafe.Pointer -+ loc := __errno_location() -+ return **(**int32)(unsafe.Pointer(&loc)) -+} -+ -+//go:linkname _cgo_purego_setegid_trampoline _cgo_purego_setegid_trampoline -+var _cgo_purego_setegid_trampoline byte -+var x_cgo_purego_setegid_call = x_cgo_purego_setegid -+ -+//go:nosplit -+//go:norace -+func x_cgo_purego_setegid(c *argset) { -+ ret := setegid(uint32(uintptr(c.arg(0)))) -+ if ret == -1 { -+ c.retval = uintptr(errno()) -+ } else { -+ c.retval = uintptr(ret) -+ } -+} -+ -+//go:linkname _cgo_purego_seteuid_trampoline _cgo_purego_seteuid_trampoline -+var _cgo_purego_seteuid_trampoline byte -+var x_cgo_purego_seteuid_call = x_cgo_purego_seteuid -+ -+//go:nosplit -+//go:norace -+func x_cgo_purego_seteuid(c *argset) { -+ ret := seteuid(uint32(uintptr(c.arg(0)))) -+ if ret == -1 { -+ c.retval = uintptr(errno()) -+ } else { -+ c.retval = uintptr(ret) -+ } -+} -+ -+//go:linkname _cgo_purego_setgid_trampoline _cgo_purego_setgid_trampoline -+var _cgo_purego_setgid_trampoline byte -+var x_cgo_purego_setgid_call = x_cgo_purego_setgid -+ -+//go:nosplit -+//go:norace -+func x_cgo_purego_setgid(c *argset) { -+ ret := setgid(uint32(uintptr(c.arg(0)))) -+ if ret == -1 { -+ c.retval = uintptr(errno()) -+ } else { -+ c.retval = uintptr(ret) -+ } -+} -+ -+//go:linkname _cgo_purego_setregid_trampoline _cgo_purego_setregid_trampoline -+var _cgo_purego_setregid_trampoline byte -+var x_cgo_purego_setregid_call = x_cgo_purego_setregid -+ -+//go:nosplit -+//go:norace -+func x_cgo_purego_setregid(c *argset) { -+ ret := setregid(uint32(uintptr(c.arg(0))), uint32(uintptr(c.arg(1)))) -+ if ret == -1 { -+ c.retval = uintptr(errno()) -+ } else { -+ c.retval = uintptr(ret) -+ } -+} -+ -+//go:linkname _cgo_purego_setresgid_trampoline _cgo_purego_setresgid_trampoline -+var _cgo_purego_setresgid_trampoline byte -+var x_cgo_purego_setresgid_call = x_cgo_purego_setresgid -+ -+//go:nosplit -+//go:norace -+func x_cgo_purego_setresgid(c *argset) { -+ ret := setresgid(uint32(uintptr(c.arg(0))), uint32(uintptr(c.arg(1))), uint32(uintptr(c.arg(2)))) -+ if ret == -1 { -+ c.retval = uintptr(errno()) -+ } else { -+ c.retval = uintptr(ret) -+ } -+} -+ -+//go:linkname _cgo_purego_setresuid_trampoline _cgo_purego_setresuid_trampoline -+var _cgo_purego_setresuid_trampoline byte -+var x_cgo_purego_setresuid_call = x_cgo_purego_setresuid -+ -+//go:nosplit -+//go:norace -+func x_cgo_purego_setresuid(c *argset) { -+ ret := setresuid(uint32(uintptr(c.arg(0))), uint32(uintptr(c.arg(1))), uint32(uintptr(c.arg(2)))) -+ if ret == -1 { -+ c.retval = uintptr(errno()) -+ } else { -+ c.retval = uintptr(ret) -+ } -+} -+ -+//go:linkname _cgo_purego_setreuid_trampoline _cgo_purego_setreuid_trampoline -+var _cgo_purego_setreuid_trampoline byte -+var x_cgo_purego_setreuid_call = x_cgo_purego_setreuid -+ -+//go:nosplit -+//go:norace -+func x_cgo_purego_setreuid(c *argset) { -+ ret := setreuid(uint32(uintptr(c.arg(0))), uint32(uintptr(c.arg(1)))) -+ if ret == -1 { -+ c.retval = uintptr(errno()) -+ } else { -+ c.retval = uintptr(ret) -+ } -+} -+ -+//go:linkname _cgo_purego_setuid_trampoline _cgo_purego_setuid_trampoline -+var _cgo_purego_setuid_trampoline byte -+var x_cgo_purego_setuid_call = x_cgo_purego_setuid -+ -+//go:nosplit -+//go:norace -+func x_cgo_purego_setuid(c *argset) { -+ ret := setuid(uint32(uintptr(c.arg(0)))) -+ if ret == -1 { -+ c.retval = uintptr(errno()) -+ } else { -+ c.retval = uintptr(ret) -+ } -+} -+ -+//go:linkname _cgo_purego_setgroups_trampoline _cgo_purego_setgroups_trampoline -+var _cgo_purego_setgroups_trampoline byte -+var x_cgo_purego_setgroups_call = x_cgo_purego_setgroups -+ -+//go:nosplit -+//go:norace -+func x_cgo_purego_setgroups(c *argset) { -+ ret := setgroups(uint32(uintptr(c.arg(0))), (*uint32)(c.arg(1))) -+ if ret == -1 { -+ c.retval = uintptr(errno()) -+ } else { -+ c.retval = uintptr(ret) -+ } -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/setenv.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/setenv.go -new file mode 100644 -index 00000000000000..f30af0e1515699 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/setenv.go -@@ -0,0 +1,19 @@ -+// Copyright 2011 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+package fakecgo -+ -+import _ "unsafe" // for go:linkname -+ -+//go:linkname x_cgo_setenv_trampoline x_cgo_setenv_trampoline -+//go:linkname _cgo_setenv runtime._cgo_setenv -+var x_cgo_setenv_trampoline byte -+var _cgo_setenv = &x_cgo_setenv_trampoline -+ -+//go:linkname x_cgo_unsetenv_trampoline x_cgo_unsetenv_trampoline -+//go:linkname _cgo_unsetenv runtime._cgo_unsetenv -+var x_cgo_unsetenv_trampoline byte -+var _cgo_unsetenv = &x_cgo_unsetenv_trampoline -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_386.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_386.s -new file mode 100644 -index 00000000000000..cf56a6c71575eb ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_386.s -@@ -0,0 +1,121 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2026 The Ebitengine Authors -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+#include "textflag.h" -+#include "go_asm.h" -+ -+// These trampolines map the gcc ABI to Go ABI0 and then call into the Go equivalent functions. -+// On i386, both GCC and Go use stack-based calling conventions. -+// -+// When C calls a function, the stack looks like: -+// 0(SP) = return address -+// 4(SP) = arg1 -+// 8(SP) = arg2 -+// ... -+// -+// When we declare a Go function with frame size $N-0, Go's prologue -+// effectively does SUB $N, SP, so the C arguments shift up by N bytes: -+// N+0(SP) = return address -+// N+4(SP) = arg1 -+// N+8(SP) = arg2 -+// -+// Go ABI0 on 386 expects arguments starting at 0(FP) which equals N+4(SP) -+// after the prologue (where N is the local frame size). -+ -+TEXT x_cgo_init_trampoline(SB), NOSPLIT, $8-0 -+ // C args at 12(SP) and 16(SP) after frame setup (8 bytes local + 4 bytes ret addr) -+ // Go function expects args at 0(SP) and 4(SP) in local frame -+ MOVL 12(SP), AX // first C arg -+ MOVL 16(SP), BX // second C arg -+ MOVL AX, 0(SP) // Go arg 1 -+ MOVL BX, 4(SP) // Go arg 2 -+ MOVL ·x_cgo_init_call(SB), CX -+ MOVL (CX), CX -+ CALL CX -+ RET -+ -+TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $4-0 -+ // C args at 8(SP) after frame setup (4 bytes local + 4 bytes ret addr) -+ MOVL 8(SP), AX // first C arg -+ MOVL AX, 0(SP) // Go arg 1 -+ MOVL ·x_cgo_thread_start_call(SB), CX -+ MOVL (CX), CX -+ CALL CX -+ RET -+ -+TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $4-0 -+ MOVL 8(SP), AX // first C arg -+ MOVL AX, 0(SP) // Go arg 1 -+ MOVL ·x_cgo_setenv_call(SB), CX -+ MOVL (CX), CX -+ CALL CX -+ RET -+ -+TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $4-0 -+ MOVL 8(SP), AX // first C arg -+ MOVL AX, 0(SP) // Go arg 1 -+ MOVL ·x_cgo_unsetenv_call(SB), CX -+ MOVL (CX), CX -+ CALL CX -+ RET -+ -+TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0-0 -+ CALL ·x_cgo_notify_runtime_init_done(SB) -+ RET -+ -+TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 -+ CALL ·x_cgo_bindm(SB) -+ RET -+ -+// func setg_trampoline(setg uintptr, g uintptr) -+// This is called from Go, so args are at normal FP positions -+TEXT ·setg_trampoline(SB), NOSPLIT, $4-8 -+ MOVL g+4(FP), AX -+ MOVL setg+0(FP), BX -+ -+ // setg expects g in 0(SP) -+ MOVL AX, 0(SP) -+ CALL BX -+ RET -+ -+TEXT threadentry_trampoline(SB), NOSPLIT, $24-4 -+ // Save callee-saved registers -+ MOVL BP, 20(SP) -+ MOVL BX, 16(SP) -+ MOVL SI, 12(SP) -+ MOVL DI, 8(SP) -+ -+ // Move C argument (arg) to stack for Go function -+ MOVL arg+0(FP), AX -+ MOVL AX, 0(SP) -+ -+ MOVL ·threadentry_call(SB), CX -+ MOVL (CX), CX -+ CALL CX -+ -+ // Restore callee-saved registers -+ MOVL 8(SP), DI -+ MOVL 12(SP), SI -+ MOVL 16(SP), BX -+ MOVL 20(SP), BP -+ RET -+ -+TEXT ·call5(SB), NOSPLIT, $24-28 -+ MOVL fn+0(FP), AX -+ MOVL a1+4(FP), BX -+ MOVL a2+8(FP), CX -+ MOVL a3+12(FP), DX -+ MOVL a4+16(FP), SI -+ MOVL a5+20(FP), DI -+ -+ // Place arguments on local stack frame for C calling convention -+ MOVL BX, 0(SP) // a1 -+ MOVL CX, 4(SP) // a2 -+ MOVL DX, 8(SP) // a3 -+ MOVL SI, 12(SP) // a4 -+ MOVL DI, 16(SP) // a5 -+ CALL AX -+ MOVL AX, r1+24(FP) -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_amd64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_amd64.s -new file mode 100644 -index 00000000000000..a4ca5ea98214fd ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_amd64.s -@@ -0,0 +1,107 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+/* -+trampoline for emulating required C functions for cgo in go (see cgo.go) -+(we convert cdecl calling convention to go and vice-versa) -+ -+C Calling convention cdecl used here (we only need integer args): -+1. arg: DI -+2. arg: SI -+3. arg: DX -+4. arg: CX -+5. arg: R8 -+6. arg: R9 -+We don't need floats with these functions -> AX=0 -+return value will be in AX -+temporary register is R11 -+*/ -+#include "textflag.h" -+#include "go_asm.h" -+#include "abi_amd64.h" -+ -+// these trampolines map the gcc ABI to Go ABI and then calls into the Go equivalent functions. -+ -+TEXT x_cgo_init_trampoline(SB), NOSPLIT, $16 -+ MOVQ DI, AX -+ MOVQ SI, BX -+ MOVQ ·x_cgo_init_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET -+ -+TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_thread_start_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET -+ -+TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_setenv_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET -+ -+TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_unsetenv_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET -+ -+TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0 -+ JMP ·x_cgo_notify_runtime_init_done(SB) -+ -+TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 -+ JMP ·x_cgo_bindm(SB) -+ -+// func setg_trampoline(setg uintptr, g uintptr) -+TEXT ·setg_trampoline(SB), NOSPLIT, $0-16 -+ MOVQ G+8(FP), DI -+ MOVQ setg+0(FP), R11 -+ XORL AX, AX -+ CALL R11 -+ RET -+ -+TEXT threadentry_trampoline(SB), NOSPLIT, $0 -+ // See crosscall2. -+ PUSH_REGS_HOST_TO_ABI0() -+ -+ // X15 is designated by Go as a fixed zero register. -+ // Calling directly into ABIInternal, ensure it is zero. -+ PXOR X15, X15 -+ -+ MOVQ DI, AX -+ MOVQ ·threadentry_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ -+ POP_REGS_HOST_TO_ABI0() -+ RET -+ -+TEXT ·call5(SB), NOSPLIT, $0-56 -+ MOVQ fn+0(FP), R11 -+ MOVQ a1+8(FP), DI -+ MOVQ a2+16(FP), SI -+ MOVQ a3+24(FP), DX -+ MOVQ a4+32(FP), CX -+ MOVQ a5+40(FP), R8 -+ -+ XORL AX, AX // no floats -+ -+ PUSHQ BP // save BP -+ MOVQ SP, BP // save SP inside BP bc BP is callee-saved -+ SUBQ $16, SP // allocate space for alignment -+ ANDQ $-16, SP // align on 16 bytes for SSE -+ -+ CALL R11 -+ -+ MOVQ BP, SP // get SP back -+ POPQ BP // restore BP -+ -+ MOVQ AX, ret+48(FP) -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_arm.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_arm.s -new file mode 100644 -index 00000000000000..c17925d60d6787 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_arm.s -@@ -0,0 +1,122 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2026 The Ebitengine Authors -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+#include "textflag.h" -+#include "go_asm.h" -+ -+// These trampolines map the gcc ABI to Go ABI0 and then call into the Go equivalent functions. -+// On ARM32, Go ABI0 uses stack-based calling convention. -+// Arguments are placed on the stack starting at 4(SP) after the prologue. -+ -+TEXT x_cgo_init_trampoline(SB), NOSPLIT, $8-0 -+ MOVW R0, 4(R13) -+ MOVW R1, 8(R13) -+ MOVW ·x_cgo_init_call(SB), R12 -+ MOVW (R12), R12 -+ CALL (R12) -+ RET -+ -+TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $8-0 -+ MOVW R0, 4(R13) -+ MOVW ·x_cgo_thread_start_call(SB), R12 -+ MOVW (R12), R12 -+ CALL (R12) -+ RET -+ -+TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $8-0 -+ MOVW R0, 4(R13) -+ MOVW ·x_cgo_setenv_call(SB), R12 -+ MOVW (R12), R12 -+ CALL (R12) -+ RET -+ -+TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $8-0 -+ MOVW R0, 4(R13) -+ MOVW ·x_cgo_unsetenv_call(SB), R12 -+ MOVW (R12), R12 -+ CALL (R12) -+ RET -+ -+TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0-0 -+ CALL ·x_cgo_notify_runtime_init_done(SB) -+ RET -+ -+TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 -+ CALL ·x_cgo_bindm(SB) -+ RET -+ -+// func setg_trampoline(setg uintptr, g uintptr) -+TEXT ·setg_trampoline(SB), NOSPLIT, $0-8 -+ MOVW G+4(FP), R0 -+ MOVW setg+0(FP), R12 -+ BL (R12) -+ RET -+ -+TEXT threadentry_trampoline(SB), NOSPLIT, $104-0 -+ // Save C callee-saved registers at C-to-Go boundary. -+ // See crosscall2 in asm_arm.s. -+ // ARM AAPCS callee-saved: R4-R11 (includes g=R10), D8-D15. -+ // LR is saved/restored by the Go-managed frame prologue/epilogue. -+ MOVW R0, 4(R13) // arg for threadentry_call -+ -+ MOVW R4, 8(R13) -+ MOVW R5, 12(R13) -+ MOVW R6, 16(R13) -+ MOVW R7, 20(R13) -+ MOVW R8, 24(R13) -+ MOVW R9, 28(R13) -+ MOVW g, 32(R13) // R10 -+ MOVW R11, 36(R13) -+ -+ MOVD F8, 40(R13) -+ MOVD F9, 48(R13) -+ MOVD F10, 56(R13) -+ MOVD F11, 64(R13) -+ MOVD F12, 72(R13) -+ MOVD F13, 80(R13) -+ MOVD F14, 88(R13) -+ MOVD F15, 96(R13) -+ -+ MOVW ·threadentry_call(SB), R12 -+ MOVW (R12), R12 -+ CALL (R12) -+ -+ MOVD 40(R13), F8 -+ MOVD 48(R13), F9 -+ MOVD 56(R13), F10 -+ MOVD 64(R13), F11 -+ MOVD 72(R13), F12 -+ MOVD 80(R13), F13 -+ MOVD 88(R13), F14 -+ MOVD 96(R13), F15 -+ -+ MOVW 8(R13), R4 -+ MOVW 12(R13), R5 -+ MOVW 16(R13), R6 -+ MOVW 20(R13), R7 -+ MOVW 24(R13), R8 -+ MOVW 28(R13), R9 -+ MOVW 32(R13), g -+ MOVW 36(R13), R11 -+ -+ RET -+ -+TEXT ·call5(SB), NOSPLIT, $8-28 -+ MOVW fn+0(FP), R12 -+ MOVW a1+4(FP), R0 -+ MOVW a2+8(FP), R1 -+ MOVW a3+12(FP), R2 -+ MOVW a4+16(FP), R3 -+ MOVW a5+20(FP), R4 -+ -+ // Store 5th arg below SP (in local frame area) -+ MOVW R4, arg5-8(SP) -+ -+ // Align SP to 8 bytes for call (required by ARM AAPCS) -+ SUB $8, R13 -+ CALL (R12) -+ ADD $8, R13 -+ MOVW R0, r1+24(FP) -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_arm64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_arm64.s -new file mode 100644 -index 00000000000000..1deb2747ad3245 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_arm64.s -@@ -0,0 +1,81 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+#include "textflag.h" -+#include "go_asm.h" -+#include "abi_arm64.h" -+ -+// These trampolines map the gcc ABI to Go ABIInternal and then calls into the Go equivalent functions. -+// Note that C arguments are passed in R0-R7, which matches Go ABIInternal for the first eight arguments. -+// R9 is used as a temporary register. -+ -+TEXT x_cgo_init_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_init_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET -+ -+TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_thread_start_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET -+ -+TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_setenv_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET -+ -+TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_unsetenv_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET -+ -+TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0-0 -+ CALL ·x_cgo_notify_runtime_init_done(SB) -+ RET -+ -+TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 -+ CALL ·x_cgo_bindm(SB) -+ RET -+ -+// func setg_trampoline(setg uintptr, g uintptr) -+TEXT ·setg_trampoline(SB), NOSPLIT, $0-16 -+ MOVD G+8(FP), R0 -+ MOVD setg+0(FP), R9 -+ CALL R9 -+ RET -+ -+TEXT threadentry_trampoline(SB), NOSPLIT, $0-0 -+ // See crosscall2. -+ SUB $(8*24), RSP -+ STP (R0, R1), (8*1)(RSP) -+ MOVD R3, (8*3)(RSP) -+ -+ SAVE_R19_TO_R28(8*4) -+ SAVE_F8_TO_F15(8*14) -+ -+ MOVD ·threadentry_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ MOVD $0, R0 // TODO: get the return value from threadentry -+ -+ RESTORE_R19_TO_R28(8*4) -+ RESTORE_F8_TO_F15(8*14) -+ ADD $(8*24), RSP -+ RET -+ -+TEXT ·call5(SB), NOSPLIT, $0-0 -+ MOVD fn+0(FP), R9 -+ MOVD a1+8(FP), R0 -+ MOVD a2+16(FP), R1 -+ MOVD a3+24(FP), R2 -+ MOVD a4+32(FP), R3 -+ MOVD a5+40(FP), R4 -+ CALL R9 -+ MOVD R0, ret+48(FP) -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_386.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_386.s -new file mode 100644 -index 00000000000000..eea96638fa9a9b ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_386.s -@@ -0,0 +1,78 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2026 The Ebitengine Authors -+ -+//go:build !cgo && linux -+ -+#include "textflag.h" -+ -+TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT, $4-0 -+ MOVL 8(SP), AX -+ MOVL AX, 0(SP) -+ MOVL ·x_cgo_purego_setegid_call(SB), CX -+ MOVL (CX), CX -+ CALL CX -+ RET -+ -+TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT, $4-0 -+ MOVL 8(SP), AX -+ MOVL AX, 0(SP) -+ MOVL ·x_cgo_purego_seteuid_call(SB), CX -+ MOVL (CX), CX -+ CALL CX -+ RET -+ -+TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT, $4-0 -+ MOVL 8(SP), AX -+ MOVL AX, 0(SP) -+ MOVL ·x_cgo_purego_setgid_call(SB), CX -+ MOVL (CX), CX -+ CALL CX -+ RET -+ -+TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT, $4-0 -+ MOVL 8(SP), AX -+ MOVL AX, 0(SP) -+ MOVL ·x_cgo_purego_setregid_call(SB), CX -+ MOVL (CX), CX -+ CALL CX -+ RET -+ -+TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT, $4-0 -+ MOVL 8(SP), AX -+ MOVL AX, 0(SP) -+ MOVL ·x_cgo_purego_setresgid_call(SB), CX -+ MOVL (CX), CX -+ CALL CX -+ RET -+ -+TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT, $4-0 -+ MOVL 8(SP), AX -+ MOVL AX, 0(SP) -+ MOVL ·x_cgo_purego_setresuid_call(SB), CX -+ MOVL (CX), CX -+ CALL CX -+ RET -+ -+TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT, $4-0 -+ MOVL 8(SP), AX -+ MOVL AX, 0(SP) -+ MOVL ·x_cgo_purego_setreuid_call(SB), CX -+ MOVL (CX), CX -+ CALL CX -+ RET -+ -+TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT, $4-0 -+ MOVL 8(SP), AX -+ MOVL AX, 0(SP) -+ MOVL ·x_cgo_purego_setuid_call(SB), CX -+ MOVL (CX), CX -+ CALL CX -+ RET -+ -+TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT, $4-0 -+ MOVL 8(SP), AX -+ MOVL AX, 0(SP) -+ MOVL ·x_cgo_purego_setgroups_call(SB), CX -+ MOVL (CX), CX -+ CALL CX -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_amd64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_amd64.s -new file mode 100644 -index 00000000000000..424ebc1e7cbb42 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_amd64.s -@@ -0,0 +1,69 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2026 The Ebitengine Authors -+ -+//go:build !cgo && linux -+ -+#include "textflag.h" -+ -+TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_purego_setegid_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET -+ -+TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_purego_seteuid_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET -+ -+TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_purego_setgid_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET -+ -+TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_purego_setregid_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET -+ -+TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_purego_setresgid_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET -+ -+TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_purego_setresuid_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET -+ -+TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_purego_setreuid_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET -+ -+TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_purego_setuid_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET -+ -+TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_purego_setgroups_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_arm.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_arm.s -new file mode 100644 -index 00000000000000..284fe5d0e3a87a ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_arm.s -@@ -0,0 +1,69 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2026 The Ebitengine Authors -+ -+//go:build !cgo && linux -+ -+#include "textflag.h" -+ -+TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT, $8-0 -+ MOVW R0, 4(R13) -+ MOVW ·x_cgo_purego_setegid_call(SB), R12 -+ MOVW (R12), R12 -+ CALL (R12) -+ RET -+ -+TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT, $8-0 -+ MOVW R0, 4(R13) -+ MOVW ·x_cgo_purego_seteuid_call(SB), R12 -+ MOVW (R12), R12 -+ CALL (R12) -+ RET -+ -+TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT, $8-0 -+ MOVW R0, 4(R13) -+ MOVW ·x_cgo_purego_setgid_call(SB), R12 -+ MOVW (R12), R12 -+ CALL (R12) -+ RET -+ -+TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT, $8-0 -+ MOVW R0, 4(R13) -+ MOVW ·x_cgo_purego_setregid_call(SB), R12 -+ MOVW (R12), R12 -+ CALL (R12) -+ RET -+ -+TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT, $8-0 -+ MOVW R0, 4(R13) -+ MOVW ·x_cgo_purego_setresgid_call(SB), R12 -+ MOVW (R12), R12 -+ CALL (R12) -+ RET -+ -+TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT, $8-0 -+ MOVW R0, 4(R13) -+ MOVW ·x_cgo_purego_setresuid_call(SB), R12 -+ MOVW (R12), R12 -+ CALL (R12) -+ RET -+ -+TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT, $8-0 -+ MOVW R0, 4(R13) -+ MOVW ·x_cgo_purego_setreuid_call(SB), R12 -+ MOVW (R12), R12 -+ CALL (R12) -+ RET -+ -+TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT, $8-0 -+ MOVW R0, 4(R13) -+ MOVW ·x_cgo_purego_setuid_call(SB), R12 -+ MOVW (R12), R12 -+ CALL (R12) -+ RET -+ -+TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT, $8-0 -+ MOVW R0, 4(R13) -+ MOVW ·x_cgo_purego_setgroups_call(SB), R12 -+ MOVW (R12), R12 -+ CALL (R12) -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_arm64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_arm64.s -new file mode 100644 -index 00000000000000..771910817b7686 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_arm64.s -@@ -0,0 +1,60 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2026 The Ebitengine Authors -+ -+//go:build !cgo && linux -+ -+#include "textflag.h" -+ -+TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_purego_setegid_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET -+ -+TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_purego_seteuid_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET -+ -+TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_purego_setgid_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET -+ -+TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_purego_setregid_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET -+ -+TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_purego_setresgid_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET -+ -+TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_purego_setresuid_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET -+ -+TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_purego_setreuid_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET -+ -+TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_purego_setuid_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET -+ -+TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_purego_setgroups_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_loong64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_loong64.s -new file mode 100644 -index 00000000000000..ebcc1176c0a0a6 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_loong64.s -@@ -0,0 +1,60 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2026 The Ebitengine Authors -+ -+//go:build !cgo && linux -+ -+#include "textflag.h" -+ -+TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT, $8 -+ MOVV ·x_cgo_purego_setegid_call(SB), R23 -+ MOVV (R23), R23 -+ CALL (R23) -+ RET -+ -+TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT, $8 -+ MOVV ·x_cgo_purego_seteuid_call(SB), R23 -+ MOVV (R23), R23 -+ CALL (R23) -+ RET -+ -+TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT, $8 -+ MOVV ·x_cgo_purego_setgid_call(SB), R23 -+ MOVV (R23), R23 -+ CALL (R23) -+ RET -+ -+TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT, $8 -+ MOVV ·x_cgo_purego_setregid_call(SB), R23 -+ MOVV (R23), R23 -+ CALL (R23) -+ RET -+ -+TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT, $8 -+ MOVV ·x_cgo_purego_setresgid_call(SB), R23 -+ MOVV (R23), R23 -+ CALL (R23) -+ RET -+ -+TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT, $8 -+ MOVV ·x_cgo_purego_setresuid_call(SB), R23 -+ MOVV (R23), R23 -+ CALL (R23) -+ RET -+ -+TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT, $8 -+ MOVV ·x_cgo_purego_setreuid_call(SB), R23 -+ MOVV (R23), R23 -+ CALL (R23) -+ RET -+ -+TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT, $8 -+ MOVV ·x_cgo_purego_setuid_call(SB), R23 -+ MOVV (R23), R23 -+ CALL (R23) -+ RET -+ -+TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT, $8 -+ MOVV ·x_cgo_purego_setgroups_call(SB), R23 -+ MOVV (R23), R23 -+ CALL (R23) -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_ppc64le.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_ppc64le.s -new file mode 100644 -index 00000000000000..59a95a929fb5c2 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_ppc64le.s -@@ -0,0 +1,69 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2026 The Ebitengine Authors -+ -+//go:build !cgo && linux -+ -+#include "textflag.h" -+ -+TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT, $8-0 -+ MOVD ·x_cgo_purego_setegid_call(SB), R12 -+ MOVD (R12), R12 -+ MOVD R12, CTR -+ CALL CTR -+ RET -+ -+TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT, $8-0 -+ MOVD ·x_cgo_purego_seteuid_call(SB), R12 -+ MOVD (R12), R12 -+ MOVD R12, CTR -+ CALL CTR -+ RET -+ -+TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT, $8-0 -+ MOVD ·x_cgo_purego_setgid_call(SB), R12 -+ MOVD (R12), R12 -+ MOVD R12, CTR -+ CALL CTR -+ RET -+ -+TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT, $8-0 -+ MOVD ·x_cgo_purego_setregid_call(SB), R12 -+ MOVD (R12), R12 -+ MOVD R12, CTR -+ CALL CTR -+ RET -+ -+TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT, $8-0 -+ MOVD ·x_cgo_purego_setresgid_call(SB), R12 -+ MOVD (R12), R12 -+ MOVD R12, CTR -+ CALL CTR -+ RET -+ -+TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT, $8-0 -+ MOVD ·x_cgo_purego_setresuid_call(SB), R12 -+ MOVD (R12), R12 -+ MOVD R12, CTR -+ CALL CTR -+ RET -+ -+TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT, $8-0 -+ MOVD ·x_cgo_purego_setreuid_call(SB), R12 -+ MOVD (R12), R12 -+ MOVD R12, CTR -+ CALL CTR -+ RET -+ -+TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT, $8-0 -+ MOVD ·x_cgo_purego_setuid_call(SB), R12 -+ MOVD (R12), R12 -+ MOVD R12, CTR -+ CALL CTR -+ RET -+ -+TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT, $8-0 -+ MOVD ·x_cgo_purego_setgroups_call(SB), R12 -+ MOVD (R12), R12 -+ MOVD R12, CTR -+ CALL CTR -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_riscv64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_riscv64.s -new file mode 100644 -index 00000000000000..9e892dbd2daf71 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_riscv64.s -@@ -0,0 +1,60 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2026 The Ebitengine Authors -+ -+//go:build !cgo && linux -+ -+#include "textflag.h" -+ -+TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT, $8 -+ MOV ·x_cgo_purego_setegid_call(SB), X5 -+ MOV (X5), X5 -+ CALL X5 -+ RET -+ -+TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT, $8 -+ MOV ·x_cgo_purego_seteuid_call(SB), X5 -+ MOV (X5), X5 -+ CALL X5 -+ RET -+ -+TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT, $8 -+ MOV ·x_cgo_purego_setgid_call(SB), X5 -+ MOV (X5), X5 -+ CALL X5 -+ RET -+ -+TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT, $8 -+ MOV ·x_cgo_purego_setregid_call(SB), X5 -+ MOV (X5), X5 -+ CALL X5 -+ RET -+ -+TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT, $8 -+ MOV ·x_cgo_purego_setresgid_call(SB), X5 -+ MOV (X5), X5 -+ CALL X5 -+ RET -+ -+TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT, $8 -+ MOV ·x_cgo_purego_setresuid_call(SB), X5 -+ MOV (X5), X5 -+ CALL X5 -+ RET -+ -+TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT, $8 -+ MOV ·x_cgo_purego_setreuid_call(SB), X5 -+ MOV (X5), X5 -+ CALL X5 -+ RET -+ -+TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT, $8 -+ MOV ·x_cgo_purego_setuid_call(SB), X5 -+ MOV (X5), X5 -+ CALL X5 -+ RET -+ -+TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT, $8 -+ MOV ·x_cgo_purego_setgroups_call(SB), X5 -+ MOV (X5), X5 -+ CALL X5 -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_s390x.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_s390x.s -new file mode 100644 -index 00000000000000..ce4247c989f4c1 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_linux_s390x.s -@@ -0,0 +1,53 @@ -+// Code generated by 'go generate' with gen.go. DO NOT EDIT. -+ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build go1.27 && !cgo -+ -+#include "textflag.h" -+ -+TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT|NOFRAME, $0 -+ MOVD ·x_cgo_purego_setegid_call(SB), R1 -+ MOVD (R1), R1 -+ BR R1 -+ -+TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT|NOFRAME, $0 -+ MOVD ·x_cgo_purego_seteuid_call(SB), R1 -+ MOVD (R1), R1 -+ BR R1 -+ -+TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT|NOFRAME, $0 -+ MOVD ·x_cgo_purego_setgid_call(SB), R1 -+ MOVD (R1), R1 -+ BR R1 -+ -+TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT|NOFRAME, $0 -+ MOVD ·x_cgo_purego_setregid_call(SB), R1 -+ MOVD (R1), R1 -+ BR R1 -+ -+TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT|NOFRAME, $0 -+ MOVD ·x_cgo_purego_setresgid_call(SB), R1 -+ MOVD (R1), R1 -+ BR R1 -+ -+TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT|NOFRAME, $0 -+ MOVD ·x_cgo_purego_setresuid_call(SB), R1 -+ MOVD (R1), R1 -+ BR R1 -+ -+TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT|NOFRAME, $0 -+ MOVD ·x_cgo_purego_setreuid_call(SB), R1 -+ MOVD (R1), R1 -+ BR R1 -+ -+TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT|NOFRAME, $0 -+ MOVD ·x_cgo_purego_setuid_call(SB), R1 -+ MOVD (R1), R1 -+ BR R1 -+ -+TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT|NOFRAME, $0 -+ MOVD ·x_cgo_purego_setgroups_call(SB), R1 -+ MOVD (R1), R1 -+ BR R1 -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_loong64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_loong64.s -new file mode 100644 -index 00000000000000..b93b5da90a8333 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_loong64.s -@@ -0,0 +1,78 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2025 The Ebitengine Authors -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+#include "textflag.h" -+#include "go_asm.h" -+#include "abi_loong64.h" -+ -+// these trampolines map the gcc ABI to Go ABI and then calls into the Go equivalent functions. -+// R23 is used as temporary register. -+ -+TEXT x_cgo_init_trampoline(SB), NOSPLIT, $16 -+ MOVV ·x_cgo_init_call(SB), R23 -+ MOVV (R23), R23 -+ CALL (R23) -+ RET -+ -+TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $8 -+ MOVV ·x_cgo_thread_start_call(SB), R23 -+ MOVV (R23), R23 -+ CALL (R23) -+ RET -+ -+TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $8 -+ MOVV ·x_cgo_setenv_call(SB), R23 -+ MOVV (R23), R23 -+ CALL (R23) -+ RET -+ -+TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $8 -+ MOVV ·x_cgo_unsetenv_call(SB), R23 -+ MOVV (R23), R23 -+ CALL (R23) -+ RET -+ -+TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0 -+ CALL ·x_cgo_notify_runtime_init_done(SB) -+ RET -+ -+TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 -+ CALL ·x_cgo_bindm(SB) -+ RET -+ -+// func setg_trampoline(setg uintptr, g uintptr) -+TEXT ·setg_trampoline(SB), NOSPLIT, $0 -+ MOVV G+8(FP), R4 -+ MOVV setg+0(FP), R23 -+ CALL (R23) -+ RET -+ -+TEXT threadentry_trampoline(SB), NOSPLIT, $176 -+ // See crosscall2. -+ MOVV R4, (1*8)(R3) // fn unsafe.Pointer -+ MOVV R5, (2*8)(R3) // a unsafe.Pointer -+ MOVV R7, (3*8)(R3) // ctxt uintptr -+ -+ SAVE_R22_TO_R31((4*8)) -+ SAVE_F24_TO_F31((14*8)) -+ -+ MOVV ·threadentry_call(SB), R23 -+ MOVV (R23), R23 -+ CALL (R23) -+ -+ RESTORE_R22_TO_R31((4*8)) -+ RESTORE_F24_TO_F31((14*8)) -+ RET -+ -+TEXT ·call5(SB), NOSPLIT, $0-0 -+ MOVV fn+0(FP), R23 -+ MOVV a1+8(FP), R4 -+ MOVV a2+16(FP), R5 -+ MOVV a3+24(FP), R6 -+ MOVV a4+32(FP), R7 -+ MOVV a5+40(FP), R8 -+ CALL (R23) -+ MOVV R4, ret+48(FP) -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_ppc64le.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_ppc64le.s -new file mode 100644 -index 00000000000000..444529d8ae820b ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_ppc64le.s -@@ -0,0 +1,128 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2026 The Ebitengine Authors -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+#include "textflag.h" -+#include "go_asm.h" -+#include "abi_ppc64x.h" -+ -+// These trampolines map the C ABI to Go ABI and call into the Go equivalent functions. -+ -+TEXT x_cgo_init_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_init_call(SB), R12 -+ MOVD (R12), R12 -+ MOVD R12, CTR -+ CALL CTR -+ RET -+ -+TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_thread_start_call(SB), R12 -+ MOVD (R12), R12 -+ MOVD R12, CTR -+ CALL CTR -+ RET -+ -+TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_setenv_call(SB), R12 -+ MOVD (R12), R12 -+ MOVD R12, CTR -+ CALL CTR -+ RET -+ -+TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_unsetenv_call(SB), R12 -+ MOVD (R12), R12 -+ MOVD R12, CTR -+ CALL CTR -+ RET -+ -+TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0-0 -+ CALL ·x_cgo_notify_runtime_init_done(SB) -+ RET -+ -+TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0-0 -+ CALL ·x_cgo_bindm(SB) -+ RET -+ -+// func setg_trampoline(setg uintptr, g uintptr) -+TEXT ·setg_trampoline(SB), NOSPLIT, $16-16 -+ MOVD R31, 8(R1) // save R31 (load_g clobbers it) -+ -+ MOVD setg+0(FP), R12 -+ MOVD newg+8(FP), R3 -+ -+ MOVD R12, CTR -+ CALL CTR -+ -+ CALL runtime·load_g(SB) -+ -+ MOVD 8(R1), R31 -+ XOR R0, R0, R0 -+ RET -+ -+TEXT threadentry_trampoline(SB), NOSPLIT|NOFRAME, $0-0 -+ // Called from C (pthread_create). Must save all C callee-saved registers. -+ // Uses NOFRAME for proper ELFv2 backchain via MOVDU. -+ MOVD LR, R0 -+ MOVD R0, 16(R1) -+ MOVW CR, R0 -+ MOVD R0, 8(R1) -+ -+ MOVDU R1, -320(R1) -+ -+ SAVE_GPR(32) -+ SAVE_FPR(32+SAVE_GPR_SIZE) -+ -+ MOVD $0, R0 -+ -+ MOVD ·threadentry_call(SB), R12 -+ MOVD (R12), R12 -+ MOVD R12, CTR -+ CALL CTR -+ -+ RESTORE_FPR(32+SAVE_GPR_SIZE) -+ RESTORE_GPR(32) -+ -+ ADD $320, R1 -+ -+ MOVD 16(R1), R0 -+ MOVD R0, LR -+ MOVD 8(R1), R0 -+ MOVW R0, CR -+ RET -+ -+TEXT ·call5(SB), NOSPLIT|NOFRAME, $0-56 -+ MOVD LR, R20 -+ MOVW CR, R21 -+ -+ // Load arguments from Go stack into C argument registers -+ // Go placed args at 32(R1), 40(R1), etc. -+ MOVD 32(R1), R12 // fn -+ MOVD 40(R1), R3 // a1 → first C arg -+ MOVD 48(R1), R4 // a2 → second C arg -+ MOVD 56(R1), R5 // a3 → third C arg -+ MOVD 64(R1), R6 // a4 → fourth C arg -+ MOVD 72(R1), R7 // a5 → fifth C arg -+ -+ MOVDU R1, -32(R1) -+ -+ MOVD R12, CTR -+ CALL CTR -+ -+ // Store return value -+ // After MOVDU -32, original 80(R1) is now at 80+32=112(R1) -+ MOVD R3, (80+32)(R1) -+ -+ // Deallocate frame -+ ADD $32, R1 -+ -+ // Clear R0 before returning to Go code. -+ // Go uses R0 as a constant 0 register for things like "std r0,X(r1)" -+ // to zero stack locations. C functions may leave garbage in R0. -+ XOR R0, R0, R0 -+ -+ // Restore LR/CR from non-volatile registers -+ MOVD R20, LR -+ MOVW R21, CR -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_riscv64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_riscv64.s -new file mode 100644 -index 00000000000000..b162fdde234629 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_riscv64.s -@@ -0,0 +1,76 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2026 The Ebitengine Authors -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+#include "textflag.h" -+#include "go_asm.h" -+#include "abi_riscv64.h" -+ -+// these trampolines map the gcc ABI to Go ABI and then calls into the Go equivalent functions. -+// X5 is used as temporary register. -+ -+TEXT x_cgo_init_trampoline(SB), NOSPLIT, $16 -+ MOV ·x_cgo_init_call(SB), X5 -+ MOV (X5), X5 -+ CALL X5 -+ RET -+ -+TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $8 -+ MOV ·x_cgo_thread_start_call(SB), X5 -+ MOV (X5), X5 -+ CALL X5 -+ RET -+ -+TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $8 -+ MOV ·x_cgo_setenv_call(SB), X5 -+ MOV (X5), X5 -+ CALL X5 -+ RET -+ -+TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $8 -+ MOV ·x_cgo_unsetenv_call(SB), X5 -+ MOV (X5), X5 -+ CALL X5 -+ RET -+ -+TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0 -+ CALL ·x_cgo_notify_runtime_init_done(SB) -+ RET -+ -+TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 -+ CALL ·x_cgo_bindm(SB) -+ RET -+ -+// func setg_trampoline(setg uintptr, g uintptr) -+TEXT ·setg_trampoline(SB), NOSPLIT, $0 -+ MOV gp+8(FP), X10 -+ MOV setg+0(FP), X5 -+ CALL X5 -+ RET -+ -+TEXT threadentry_trampoline(SB), NOSPLIT, $200 -+ MOV X10, 8(SP) -+ -+ SAVE_GPR(8*2) -+ SAVE_FPR(8*14) -+ -+ MOV ·threadentry_call(SB), X5 -+ MOV (X5), X5 -+ CALL X5 -+ -+ RESTORE_GPR(8*2) -+ RESTORE_FPR(8*14) -+ -+ RET -+ -+TEXT ·call5(SB), NOSPLIT, $0-48 -+ MOV fn+0(FP), X5 -+ MOV a1+8(FP), X10 -+ MOV a2+16(FP), X11 -+ MOV a3+24(FP), X12 -+ MOV a4+32(FP), X13 -+ MOV a5+40(FP), X14 -+ CALL X5 -+ MOV X10, ret+48(FP) -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_s390x.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_s390x.s -new file mode 100644 -index 00000000000000..2b68d438e4ec1d ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/trampolines_s390x.s -@@ -0,0 +1,154 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2026 The Ebitengine Authors -+ -+//go:build go1.27 && !cgo && linux -+ -+#include "textflag.h" -+#include "go_asm.h" -+ -+// these trampolines map the gcc ABI to Go ABI and then calls into the Go equivalent functions. -+// Note that C arguments are passed in R2-R6, which matches Go ABIInternal for the first five arguments. -+// R1 is used as a temporary register. -+ -+TEXT x_cgo_init_trampoline(SB), NOSPLIT|NOFRAME, $0-0 -+ MOVD R15, R1 -+ SUB $192, R15 -+ MOVD R1, 0(R15) // backchain -+ MOVD R14, 160(R15) // save R14 -+ MOVD R9, 168(R15) // save R9 (Go runtime needs this preserved) -+ -+ MOVD ·x_cgo_init_call(SB), R1 -+ MOVD (R1), R1 -+ BL R1 -+ -+ MOVD 168(R15), R9 -+ MOVD 160(R15), R14 -+ ADD $192, R15 -+ BR R14 -+ -+TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT|NOFRAME, $0-0 -+ MOVD R15, R1 -+ SUB $176, R15 -+ MOVD R1, 0(R15) // backchain -+ MOVD R14, 152(R15) // save R14 -+ -+ MOVD ·x_cgo_thread_start_call(SB), R1 -+ MOVD (R1), R1 -+ BL R1 -+ -+ MOVD 152(R15), R14 -+ ADD $176, R15 -+ BR R14 -+ -+TEXT x_cgo_setenv_trampoline(SB), NOSPLIT|NOFRAME, $0-0 -+ MOVD R15, R1 -+ SUB $176, R15 -+ MOVD R1, 0(R15) // backchain -+ MOVD R14, 152(R15) // save R14 -+ -+ MOVD ·x_cgo_setenv_call(SB), R1 -+ MOVD (R1), R1 -+ BL R1 -+ -+ MOVD 152(R15), R14 -+ ADD $176, R15 -+ BR R14 -+ -+TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT|NOFRAME, $0-0 -+ MOVD R15, R1 -+ SUB $176, R15 -+ MOVD R1, 0(R15) // backchain -+ MOVD R14, 152(R15) // save R14 -+ -+ MOVD ·x_cgo_unsetenv_call(SB), R1 -+ MOVD (R1), R1 -+ BL R1 -+ -+ MOVD 152(R15), R14 -+ ADD $176, R15 -+ BR R14 -+ -+// These just tail-call into Go functions -+TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT|NOFRAME, $0-0 -+ BR ·x_cgo_notify_runtime_init_done(SB) -+ -+TEXT x_cgo_bindm_trampoline(SB), NOSPLIT|NOFRAME, $0-0 -+ BR ·x_cgo_bindm(SB) -+ -+// setg_trampoline(setg uintptr, g uintptr) - called from Go -+TEXT ·setg_trampoline(SB), NOSPLIT|NOFRAME, $0-16 -+ MOVD 8(R15), R1 // setg function pointer -+ MOVD 16(R15), R2 // g pointer -> C arg -+ -+ MOVD R14, R0 -+ MOVD R15, R3 -+ SUB $160, R15 -+ MOVD R3, 0(R15) -+ MOVD R0, 112(R15) -+ -+ BL R1 // call setg_gcc -+ BL runtime·load_g(SB) -+ -+ MOVD 112(R15), R14 -+ ADD $160, R15 -+ BR R14 -+ -+TEXT threadentry_trampoline(SB), NOSPLIT|NOFRAME, $0-0 -+ STMG R6, R15, 48(R15) // C save area -+ MOVD R15, R1 -+ SUB $176, R15 -+ MOVD R1, 0(R15) // backchain -+ -+ MOVD ·threadentry_call(SB), R1 -+ MOVD (R1), R1 -+ BL R1 -+ -+ ADD $176, R15 -+ LMG 48(R15), R6, R15 -+ RET -+ -+TEXT ·call5(SB), NOSPLIT|NOFRAME, $0-56 -+ // Load Go args before modifying R15 -+ MOVD 8(R15), R1 // fn -+ MOVD 16(R15), R7 // a1 -+ MOVD 24(R15), R8 // a2 -+ MOVD 32(R15), R9 // a3 -+ MOVD 40(R15), R10 // a4 -+ MOVD 48(R15), R11 // a5 -+ -+ // Save state -+ MOVD R15, R0 // original R15 -+ MOVD R12, R6 // Go's R12 -+ ADD $-128, R15 -+ -+ // Set up C frame with backchain -+ MOVD R0, 0(R15) // backchain -> original R15 -+ MOVD R0, R3 // R3 = original R15 (can't use R0 as base!) -+ MOVD 0(R3), R7 // save 0(original R15) -+ MOVD $0, 0(R3) // terminate backchain -+ -+ // Save context -+ MOVD R14, 8(R15) -+ MOVD R6, 16(R15) // R12 -+ MOVD R0, 24(R15) // original R15 -+ MOVD R7, 32(R15) // saved backchain -+ -+ // Set up C args (reload a1 since R7 was clobbered) -+ MOVD 16(R3), R2 // a1 (use R3 as base, not R0!) -+ MOVD R8, R3 // a2 -+ MOVD R9, R4 // a3 -+ MOVD R10, R5 // a4 -+ MOVD R11, R6 // a5 -+ -+ BL R1 -+ -+ // Store result and restore -+ MOVD 24(R15), R3 // original R15 -+ MOVD R2, 56(R3) // return value -+ MOVD 32(R15), R7 -+ MOVD R7, 0(R3) // restore backchain -+ -+ MOVD 8(R15), R14 -+ MOVD 16(R15), R12 -+ MOVD 24(R15), R15 -+ BR R14 -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols.go -new file mode 100644 -index 00000000000000..e1339193b9764d ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols.go -@@ -0,0 +1,165 @@ -+// Code generated by 'go generate' with gen.go. DO NOT EDIT. -+ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+package fakecgo -+ -+import ( -+ "syscall" -+ "unsafe" -+) -+ -+//go:nosplit -+//go:norace -+func malloc(size uintptr) unsafe.Pointer { -+ ret := call5(mallocABI0, uintptr(size), 0, 0, 0, 0) -+ // this indirection is to avoid go vet complaining about possible misuse of unsafe.Pointer -+ return *(*unsafe.Pointer)(unsafe.Pointer(&ret)) -+} -+ -+//go:nosplit -+//go:norace -+func free(ptr unsafe.Pointer) { -+ call5(freeABI0, uintptr(ptr), 0, 0, 0, 0) -+} -+ -+//go:nosplit -+//go:norace -+func setenv(name *byte, value *byte, overwrite int32) int32 { -+ return int32(call5(setenvABI0, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(value)), uintptr(overwrite), 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func unsetenv(name *byte) int32 { -+ return int32(call5(unsetenvABI0, uintptr(unsafe.Pointer(name)), 0, 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func sigfillset(set *sigset_t) int32 { -+ return int32(call5(sigfillsetABI0, uintptr(unsafe.Pointer(set)), 0, 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func nanosleep(ts *syscall.Timespec, rem *syscall.Timespec) int32 { -+ return int32(call5(nanosleepABI0, uintptr(unsafe.Pointer(ts)), uintptr(unsafe.Pointer(rem)), 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func abort() { -+ call5(abortABI0, 0, 0, 0, 0, 0) -+} -+ -+//go:nosplit -+//go:norace -+func pthread_attr_init(attr *pthread_attr_t) int32 { -+ return int32(call5(pthread_attr_initABI0, uintptr(unsafe.Pointer(attr)), 0, 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func pthread_create(thread *pthread_t, attr *pthread_attr_t, start unsafe.Pointer, arg unsafe.Pointer) int32 { -+ return int32(call5(pthread_createABI0, uintptr(unsafe.Pointer(thread)), uintptr(unsafe.Pointer(attr)), uintptr(start), uintptr(arg), 0)) -+} -+ -+//go:nosplit -+//go:norace -+func pthread_detach(thread pthread_t) int32 { -+ return int32(call5(pthread_detachABI0, uintptr(thread), 0, 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func pthread_sigmask(how sighow, ign *sigset_t, oset *sigset_t) int32 { -+ return int32(call5(pthread_sigmaskABI0, uintptr(how), uintptr(unsafe.Pointer(ign)), uintptr(unsafe.Pointer(oset)), 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func pthread_mutex_lock(mutex *pthread_mutex_t) int32 { -+ return int32(call5(pthread_mutex_lockABI0, uintptr(unsafe.Pointer(mutex)), 0, 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func pthread_mutex_unlock(mutex *pthread_mutex_t) int32 { -+ return int32(call5(pthread_mutex_unlockABI0, uintptr(unsafe.Pointer(mutex)), 0, 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func pthread_cond_broadcast(cond *pthread_cond_t) int32 { -+ return int32(call5(pthread_cond_broadcastABI0, uintptr(unsafe.Pointer(cond)), 0, 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func pthread_setspecific(key pthread_key_t, value unsafe.Pointer) int32 { -+ return int32(call5(pthread_setspecificABI0, uintptr(key), uintptr(value), 0, 0, 0)) -+} -+ -+//go:linkname _malloc _malloc -+var _malloc uint8 -+var mallocABI0 = uintptr(unsafe.Pointer(&_malloc)) -+ -+//go:linkname _free _free -+var _free uint8 -+var freeABI0 = uintptr(unsafe.Pointer(&_free)) -+ -+//go:linkname _setenv _setenv -+var _setenv uint8 -+var setenvABI0 = uintptr(unsafe.Pointer(&_setenv)) -+ -+//go:linkname _unsetenv _unsetenv -+var _unsetenv uint8 -+var unsetenvABI0 = uintptr(unsafe.Pointer(&_unsetenv)) -+ -+//go:linkname _sigfillset _sigfillset -+var _sigfillset uint8 -+var sigfillsetABI0 = uintptr(unsafe.Pointer(&_sigfillset)) -+ -+//go:linkname _nanosleep _nanosleep -+var _nanosleep uint8 -+var nanosleepABI0 = uintptr(unsafe.Pointer(&_nanosleep)) -+ -+//go:linkname _abort _abort -+var _abort uint8 -+var abortABI0 = uintptr(unsafe.Pointer(&_abort)) -+ -+//go:linkname _pthread_attr_init _pthread_attr_init -+var _pthread_attr_init uint8 -+var pthread_attr_initABI0 = uintptr(unsafe.Pointer(&_pthread_attr_init)) -+ -+//go:linkname _pthread_create _pthread_create -+var _pthread_create uint8 -+var pthread_createABI0 = uintptr(unsafe.Pointer(&_pthread_create)) -+ -+//go:linkname _pthread_detach _pthread_detach -+var _pthread_detach uint8 -+var pthread_detachABI0 = uintptr(unsafe.Pointer(&_pthread_detach)) -+ -+//go:linkname _pthread_sigmask _pthread_sigmask -+var _pthread_sigmask uint8 -+var pthread_sigmaskABI0 = uintptr(unsafe.Pointer(&_pthread_sigmask)) -+ -+//go:linkname _pthread_mutex_lock _pthread_mutex_lock -+var _pthread_mutex_lock uint8 -+var pthread_mutex_lockABI0 = uintptr(unsafe.Pointer(&_pthread_mutex_lock)) -+ -+//go:linkname _pthread_mutex_unlock _pthread_mutex_unlock -+var _pthread_mutex_unlock uint8 -+var pthread_mutex_unlockABI0 = uintptr(unsafe.Pointer(&_pthread_mutex_unlock)) -+ -+//go:linkname _pthread_cond_broadcast _pthread_cond_broadcast -+var _pthread_cond_broadcast uint8 -+var pthread_cond_broadcastABI0 = uintptr(unsafe.Pointer(&_pthread_cond_broadcast)) -+ -+//go:linkname _pthread_setspecific _pthread_setspecific -+var _pthread_setspecific uint8 -+var pthread_setspecificABI0 = uintptr(unsafe.Pointer(&_pthread_setspecific)) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols_darwin.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols_darwin.go -new file mode 100644 -index 00000000000000..960f8168eb88d7 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols_darwin.go -@@ -0,0 +1,59 @@ -+// Code generated by 'go generate' with gen.go. DO NOT EDIT. -+ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo -+ -+package fakecgo -+ -+import "unsafe" -+ -+//go:cgo_import_dynamic purego_malloc malloc "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_free free "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_setenv setenv "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_unsetenv unsetenv "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_sigfillset sigfillset "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_nanosleep nanosleep "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_abort abort "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_create pthread_create "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_detach pthread_detach "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_mutex_lock pthread_mutex_lock "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_mutex_unlock pthread_mutex_unlock "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_cond_broadcast pthread_cond_broadcast "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_setspecific pthread_setspecific "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_self pthread_self "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_get_stacksize_np pthread_get_stacksize_np "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_attr_setstacksize pthread_attr_setstacksize "/usr/lib/libSystem.B.dylib" -+ -+//go:nosplit -+//go:norace -+func pthread_self() pthread_t { -+ return pthread_t(call5(pthread_selfABI0, 0, 0, 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func pthread_get_stacksize_np(thread pthread_t) size_t { -+ return size_t(call5(pthread_get_stacksize_npABI0, uintptr(thread), 0, 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func pthread_attr_setstacksize(attr *pthread_attr_t, size size_t) int32 { -+ return int32(call5(pthread_attr_setstacksizeABI0, uintptr(unsafe.Pointer(attr)), uintptr(size), 0, 0, 0)) -+} -+ -+//go:linkname _pthread_self _pthread_self -+var _pthread_self uint8 -+var pthread_selfABI0 = uintptr(unsafe.Pointer(&_pthread_self)) -+ -+//go:linkname _pthread_get_stacksize_np _pthread_get_stacksize_np -+var _pthread_get_stacksize_np uint8 -+var pthread_get_stacksize_npABI0 = uintptr(unsafe.Pointer(&_pthread_get_stacksize_np)) -+ -+//go:linkname _pthread_attr_setstacksize _pthread_attr_setstacksize -+var _pthread_attr_setstacksize uint8 -+var pthread_attr_setstacksizeABI0 = uintptr(unsafe.Pointer(&_pthread_attr_setstacksize)) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols_freebsd.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols_freebsd.go -new file mode 100644 -index 00000000000000..d69775596fddf3 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols_freebsd.go -@@ -0,0 +1,48 @@ -+// Code generated by 'go generate' with gen.go. DO NOT EDIT. -+ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo -+ -+package fakecgo -+ -+import "unsafe" -+ -+//go:cgo_import_dynamic purego_malloc malloc "libc.so.7" -+//go:cgo_import_dynamic purego_free free "libc.so.7" -+//go:cgo_import_dynamic purego_setenv setenv "libc.so.7" -+//go:cgo_import_dynamic purego_unsetenv unsetenv "libc.so.7" -+//go:cgo_import_dynamic purego_sigfillset sigfillset "libc.so.7" -+//go:cgo_import_dynamic purego_nanosleep nanosleep "libc.so.7" -+//go:cgo_import_dynamic purego_abort abort "libc.so.7" -+//go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "libpthread.so" -+//go:cgo_import_dynamic purego_pthread_create pthread_create "libpthread.so" -+//go:cgo_import_dynamic purego_pthread_detach pthread_detach "libpthread.so" -+//go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "libpthread.so" -+//go:cgo_import_dynamic purego_pthread_mutex_lock pthread_mutex_lock "libpthread.so" -+//go:cgo_import_dynamic purego_pthread_mutex_unlock pthread_mutex_unlock "libpthread.so" -+//go:cgo_import_dynamic purego_pthread_cond_broadcast pthread_cond_broadcast "libpthread.so" -+//go:cgo_import_dynamic purego_pthread_setspecific pthread_setspecific "libpthread.so" -+//go:cgo_import_dynamic purego_pthread_attr_getstacksize pthread_attr_getstacksize "libpthread.so" -+//go:cgo_import_dynamic purego_pthread_attr_destroy pthread_attr_destroy "libpthread.so" -+ -+//go:nosplit -+//go:norace -+func pthread_attr_getstacksize(attr *pthread_attr_t, stacksize *size_t) int32 { -+ return int32(call5(pthread_attr_getstacksizeABI0, uintptr(unsafe.Pointer(attr)), uintptr(unsafe.Pointer(stacksize)), 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func pthread_attr_destroy(attr *pthread_attr_t) int32 { -+ return int32(call5(pthread_attr_destroyABI0, uintptr(unsafe.Pointer(attr)), 0, 0, 0, 0)) -+} -+ -+//go:linkname _pthread_attr_getstacksize _pthread_attr_getstacksize -+var _pthread_attr_getstacksize uint8 -+var pthread_attr_getstacksizeABI0 = uintptr(unsafe.Pointer(&_pthread_attr_getstacksize)) -+ -+//go:linkname _pthread_attr_destroy _pthread_attr_destroy -+var _pthread_attr_destroy uint8 -+var pthread_attr_destroyABI0 = uintptr(unsafe.Pointer(&_pthread_attr_destroy)) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols_linux.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols_linux.go -new file mode 100644 -index 00000000000000..cbb120431ab6bb ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/zsymbols_linux.go -@@ -0,0 +1,158 @@ -+// Code generated by 'go generate' with gen.go. DO NOT EDIT. -+ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo -+ -+package fakecgo -+ -+import "unsafe" -+ -+//go:cgo_import_dynamic purego_malloc malloc "libc.so.6" -+//go:cgo_import_dynamic purego_free free "libc.so.6" -+//go:cgo_import_dynamic purego_setenv setenv "libc.so.6" -+//go:cgo_import_dynamic purego_unsetenv unsetenv "libc.so.6" -+//go:cgo_import_dynamic purego_sigfillset sigfillset "libc.so.6" -+//go:cgo_import_dynamic purego_nanosleep nanosleep "libc.so.6" -+//go:cgo_import_dynamic purego_abort abort "libc.so.6" -+//go:cgo_import_dynamic purego___errno_location __errno_location "libc.so.6" -+//go:cgo_import_dynamic purego_setegid setegid "libc.so.6" -+//go:cgo_import_dynamic purego_seteuid seteuid "libc.so.6" -+//go:cgo_import_dynamic purego_setgid setgid "libc.so.6" -+//go:cgo_import_dynamic purego_setregid setregid "libc.so.6" -+//go:cgo_import_dynamic purego_setresgid setresgid "libc.so.6" -+//go:cgo_import_dynamic purego_setresuid setresuid "libc.so.6" -+//go:cgo_import_dynamic purego_setreuid setreuid "libc.so.6" -+//go:cgo_import_dynamic purego_setuid setuid "libc.so.6" -+//go:cgo_import_dynamic purego_setgroups setgroups "libc.so.6" -+//go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "libpthread.so.0" -+//go:cgo_import_dynamic purego_pthread_create pthread_create "libpthread.so.0" -+//go:cgo_import_dynamic purego_pthread_detach pthread_detach "libpthread.so.0" -+//go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "libpthread.so.0" -+//go:cgo_import_dynamic purego_pthread_mutex_lock pthread_mutex_lock "libpthread.so.0" -+//go:cgo_import_dynamic purego_pthread_mutex_unlock pthread_mutex_unlock "libpthread.so.0" -+//go:cgo_import_dynamic purego_pthread_cond_broadcast pthread_cond_broadcast "libpthread.so.0" -+//go:cgo_import_dynamic purego_pthread_setspecific pthread_setspecific "libpthread.so.0" -+//go:cgo_import_dynamic purego_pthread_attr_getstacksize pthread_attr_getstacksize "libpthread.so.0" -+//go:cgo_import_dynamic purego_pthread_attr_destroy pthread_attr_destroy "libpthread.so.0" -+ -+//go:nosplit -+//go:norace -+func __errno_location() uintptr { -+ return uintptr(call5(__errno_locationABI0, 0, 0, 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func setegid(egid uint32) int32 { -+ return int32(call5(setegidABI0, uintptr(egid), 0, 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func seteuid(euid uint32) int32 { -+ return int32(call5(seteuidABI0, uintptr(euid), 0, 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func setgid(gid uint32) int32 { -+ return int32(call5(setgidABI0, uintptr(gid), 0, 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func setregid(rgid uint32, egid uint32) int32 { -+ return int32(call5(setregidABI0, uintptr(rgid), uintptr(egid), 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func setresgid(rgid uint32, egid uint32, sgid uint32) int32 { -+ return int32(call5(setresgidABI0, uintptr(rgid), uintptr(egid), uintptr(sgid), 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func setresuid(ruid uint32, euid uint32, suid uint32) int32 { -+ return int32(call5(setresuidABI0, uintptr(ruid), uintptr(euid), uintptr(suid), 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func setreuid(ruid uint32, euid uint32) int32 { -+ return int32(call5(setreuidABI0, uintptr(ruid), uintptr(euid), 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func setuid(uid uint32) int32 { -+ return int32(call5(setuidABI0, uintptr(uid), 0, 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func setgroups(ngid uint32, gidset *uint32) int32 { -+ return int32(call5(setgroupsABI0, uintptr(ngid), uintptr(unsafe.Pointer(gidset)), 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func pthread_attr_getstacksize(attr *pthread_attr_t, stacksize *size_t) int32 { -+ return int32(call5(pthread_attr_getstacksizeABI0, uintptr(unsafe.Pointer(attr)), uintptr(unsafe.Pointer(stacksize)), 0, 0, 0)) -+} -+ -+//go:nosplit -+//go:norace -+func pthread_attr_destroy(attr *pthread_attr_t) int32 { -+ return int32(call5(pthread_attr_destroyABI0, uintptr(unsafe.Pointer(attr)), 0, 0, 0, 0)) -+} -+ -+//go:linkname ___errno_location ___errno_location -+var ___errno_location uint8 -+var __errno_locationABI0 = uintptr(unsafe.Pointer(&___errno_location)) -+ -+//go:linkname _setegid _setegid -+var _setegid uint8 -+var setegidABI0 = uintptr(unsafe.Pointer(&_setegid)) -+ -+//go:linkname _seteuid _seteuid -+var _seteuid uint8 -+var seteuidABI0 = uintptr(unsafe.Pointer(&_seteuid)) -+ -+//go:linkname _setgid _setgid -+var _setgid uint8 -+var setgidABI0 = uintptr(unsafe.Pointer(&_setgid)) -+ -+//go:linkname _setregid _setregid -+var _setregid uint8 -+var setregidABI0 = uintptr(unsafe.Pointer(&_setregid)) -+ -+//go:linkname _setresgid _setresgid -+var _setresgid uint8 -+var setresgidABI0 = uintptr(unsafe.Pointer(&_setresgid)) -+ -+//go:linkname _setresuid _setresuid -+var _setresuid uint8 -+var setresuidABI0 = uintptr(unsafe.Pointer(&_setresuid)) -+ -+//go:linkname _setreuid _setreuid -+var _setreuid uint8 -+var setreuidABI0 = uintptr(unsafe.Pointer(&_setreuid)) -+ -+//go:linkname _setuid _setuid -+var _setuid uint8 -+var setuidABI0 = uintptr(unsafe.Pointer(&_setuid)) -+ -+//go:linkname _setgroups _setgroups -+var _setgroups uint8 -+var setgroupsABI0 = uintptr(unsafe.Pointer(&_setgroups)) -+ -+//go:linkname _pthread_attr_getstacksize _pthread_attr_getstacksize -+var _pthread_attr_getstacksize uint8 -+var pthread_attr_getstacksizeABI0 = uintptr(unsafe.Pointer(&_pthread_attr_getstacksize)) -+ -+//go:linkname _pthread_attr_destroy _pthread_attr_destroy -+var _pthread_attr_destroy uint8 -+var pthread_attr_destroyABI0 = uintptr(unsafe.Pointer(&_pthread_attr_destroy)) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_darwin.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_darwin.s -new file mode 100644 -index 00000000000000..35ef7ac11cb955 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_darwin.s -@@ -0,0 +1,19 @@ -+// Code generated by 'go generate' with gen.go. DO NOT EDIT. -+ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo -+ -+#include "textflag.h" -+ -+// these stubs are here because it is not possible to go:linkname directly the C functions -+ -+TEXT _pthread_self(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_self(SB) -+ -+TEXT _pthread_get_stacksize_np(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_get_stacksize_np(SB) -+ -+TEXT _pthread_attr_setstacksize(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_attr_setstacksize(SB) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_freebsd.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_freebsd.s -new file mode 100644 -index 00000000000000..da07005c0bc988 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_freebsd.s -@@ -0,0 +1,16 @@ -+// Code generated by 'go generate' with gen.go. DO NOT EDIT. -+ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo -+ -+#include "textflag.h" -+ -+// these stubs are here because it is not possible to go:linkname directly the C functions -+ -+TEXT _pthread_attr_getstacksize(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_attr_getstacksize(SB) -+ -+TEXT _pthread_attr_destroy(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_attr_destroy(SB) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_linux.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_linux.s -new file mode 100644 -index 00000000000000..ba2cb38918d538 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_linux.s -@@ -0,0 +1,46 @@ -+// Code generated by 'go generate' with gen.go. DO NOT EDIT. -+ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo -+ -+#include "textflag.h" -+ -+// these stubs are here because it is not possible to go:linkname directly the C functions -+ -+TEXT ___errno_location(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego___errno_location(SB) -+ -+TEXT _setegid(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_setegid(SB) -+ -+TEXT _seteuid(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_seteuid(SB) -+ -+TEXT _setgid(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_setgid(SB) -+ -+TEXT _setregid(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_setregid(SB) -+ -+TEXT _setresgid(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_setresgid(SB) -+ -+TEXT _setresuid(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_setresuid(SB) -+ -+TEXT _setreuid(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_setreuid(SB) -+ -+TEXT _setuid(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_setuid(SB) -+ -+TEXT _setgroups(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_setgroups(SB) -+ -+TEXT _pthread_attr_getstacksize(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_attr_getstacksize(SB) -+ -+TEXT _pthread_attr_destroy(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_attr_destroy(SB) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_stubs.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_stubs.s -new file mode 100644 -index 00000000000000..067583d68517a9 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/fakecgo/ztrampolines_stubs.s -@@ -0,0 +1,55 @@ -+// Code generated by 'go generate' with gen.go. DO NOT EDIT. -+ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo && (darwin || freebsd || linux) -+ -+#include "textflag.h" -+ -+// these stubs are here because it is not possible to go:linkname directly the C functions -+ -+TEXT _malloc(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_malloc(SB) -+ -+TEXT _free(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_free(SB) -+ -+TEXT _setenv(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_setenv(SB) -+ -+TEXT _unsetenv(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_unsetenv(SB) -+ -+TEXT _sigfillset(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_sigfillset(SB) -+ -+TEXT _nanosleep(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_nanosleep(SB) -+ -+TEXT _abort(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_abort(SB) -+ -+TEXT _pthread_attr_init(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_attr_init(SB) -+ -+TEXT _pthread_create(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_create(SB) -+ -+TEXT _pthread_detach(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_detach(SB) -+ -+TEXT _pthread_sigmask(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_sigmask(SB) -+ -+TEXT _pthread_mutex_lock(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_mutex_lock(SB) -+ -+TEXT _pthread_mutex_unlock(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_mutex_unlock(SB) -+ -+TEXT _pthread_cond_broadcast(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_cond_broadcast(SB) -+ -+TEXT _pthread_setspecific(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_setspecific(SB) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_386.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_386.s -new file mode 100644 -index 00000000000000..f414d62c0f1ff7 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_386.s -@@ -0,0 +1,98 @@ -+// Copyright 2026 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo -+ -+#include "go_asm.h" -+#include "textflag.h" -+ -+TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $16-0 -+ MOVL 20(SP), AX // libcArgs from C caller (frame_size + ret_addr = 16 + 4) -+ MOVL AX, 0(SP) // pass to Go function -+ CALL ·syscallNSystemStack(SB) -+ RET -+ -+TEXT ·syscallNAsm(SB), NOSPLIT, $16-4 -+ // Frame layout: 16 bytes local storage -+ // 0(SP) - saved BP (original SP) -+ // 4(SP) - saved libcArgs pointer -+ // 8(SP) - saved fn pointer -+ // 12(SP) - scratch -+ -+ // Load args pointer FIRST before any stack modifications -+ MOVL libcArgs+0(FP), SI -+ -+ // Save original SP and libcArgs in local frame -+ MOVL SP, BP -+ ADDL $16, BP // BP = original SP (before frame allocation) -+ MOVL BP, 0(SP) // save original SP -+ MOVL SI, 4(SP) // save libcArgs pointer -+ -+ // Load struct fields -+ MOVL libcCallInfo_fn(SI), AX -+ MOVL AX, 8(SP) // save fn pointer -+ MOVL libcCallInfo_n(SI), CX -+ MOVL libcCallInfo_args(SI), BX -+ -+ // Allocate 16 bytes for fast path (0-3 args) -+ MOVL SP, BP -+ SUBL $16, SP -+ -+ // Fast path for 0-3 args, otherwise fall through to manyargs -+ CMPL CX, $0; JE _0args -+ CMPL CX, $1; JE _1args -+ CMPL CX, $2; JE _2args -+ CMPL CX, $3; JE _3args -+ -+ // manyargs: 4+ args, restore SP and reallocate -+ MOVL BP, SP -+ -+ // Calculate stack space needed: n*4 bytes, aligned to 16 -+ MOVL CX, AX -+ SHLL $2, AX // AX = n * 4 -+ ADDL $15, AX -+ ANDL $~15, AX // 16-byte align -+ SUBL AX, SP -+ -+ // Copy all args to stack -+ // BX = args pointer, CX = count, DI = dest -+ MOVL SP, DI -+ -+copy_loop: -+ DECL CX -+ MOVL (BX)(CX*4), AX -+ MOVL AX, (DI)(CX*4) -+ CMPL CX, $0 -+ JNE copy_loop -+ JMP _0args -+ -+// Fast path: fall through to copy args -+_3args: -+ MOVL 8(BX), AX -+ MOVL AX, 8(SP) -+ -+_2args: -+ MOVL 4(BX), AX -+ MOVL AX, 4(SP) -+ -+_1args: -+ MOVL 0(BX), AX -+ MOVL AX, 0(SP) -+ -+_0args: -+ MOVL 8(BP), DX // fn pointer from saved location -+ CALL DX -+ MOVL BP, SP -+ -+ret: -+ // Reload libcArgs pointer from saved location -+ MOVL 4(SP), SI -+ -+ // Save return values (AX already has r1, need to save DX before it's clobbered) -+ MOVL DX, 12(SP) // temporarily save r2 -+ MOVL AX, libcCallInfo_r1(SI) -+ MOVL 12(SP), AX -+ MOVL AX, libcCallInfo_r2(SI) -+ -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_amd64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_amd64.s -new file mode 100644 -index 00000000000000..512d8087daf527 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_amd64.s -@@ -0,0 +1,120 @@ -+// Copyright 2009 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo -+ -+#include "go_asm.h" -+#include "textflag.h" -+ -+TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $16 -+#ifdef GOOS_windows -+ MOVQ CX, 0(SP) -+ -+#else -+ MOVQ DI, 0(SP) -+ -+#endif -+ CALL ·syscallNSystemStack(SB) -+ RET -+ -+#ifdef GOOS_windows -+#define RegArgsN 4 -+#else -+#define RegArgsN 6 -+#endif -+ -+TEXT ·syscallNAsm(SB), NOSPLIT, $16-8 -+ // Load pointer from stack (ABI0 calling convention) -+ // Store argument and original SP in a callee-saved register -+ MOVQ libcArgs+0(FP), R13 -+ MOVQ SP, R14 -+ -+ // Align stack to 16 bytes -+ ANDQ $~15, SP -+ -+ MOVQ libcCallInfo_fn(R13), R11 -+ MOVQ libcCallInfo_n(R13), CX -+ MOVQ libcCallInfo_args(R13), R10 -+ -+ // Fast version, do not store args on the stack. -+ CMPL CX, $0; JE _0args -+ CMPL CX, $1; JE _1args -+ CMPL CX, $2; JE _2args -+ CMPL CX, $3; JE _3args -+ CMPL CX, $4; JE _4args -+ -+#ifndef GOOS_windows // Windows does not pass more than 4 args in registers -+ CMPL CX, $5; JE _5args -+ CMPL CX, $6; JE _6args -+ -+#endif -+ -+ // Reserve stack space for remaining args -+ MOVQ CX, R12 -+ SUBQ $RegArgsN, R12 -+ ADDQ $1, R12 // make even number of words for stack alignment -+ ANDQ $~1, R12 -+ SHLQ $3, R12 -+ SUBQ R12, SP -+ -+ // Copy args to the stack. -+ // CX: count of stack arguments (n-RegArgsN) -+ // SI: &args[RegArgsN] -+ // DI: copy of RSP -+ SUBQ $RegArgsN, CX -+ MOVQ R10, SI -+ ADDQ $(8*RegArgsN), SI -+ MOVQ SP, DI -+ CLD -+ REP; MOVSQ -+ -+#ifndef GOOS_windows -+_6args: -+ MOVQ (5*8)(R10), R9 -+ -+_5args: -+ MOVQ (4*8)(R10), R8 -+ -+#endif -+_4args: -+ MOVQ (3*8)(R10), CX -+ -+_3args: -+ MOVQ (2*8)(R10), DX -+ -+_2args: -+ MOVQ (1*8)(R10), SI -+ -+_1args: -+ MOVQ (0*8)(R10), DI -+ -+_0args: -+ -+ XORL AX, AX // vararg: say "no float args" -+ -+#ifdef GOOS_windows -+ // Windows x64 syscall ABI: first four integer args in CX, DX, R8, R9 -+ // and 32 bytes of shadow space on the stack. -+ ADJSP $32 -+ MOVQ CX, R9 -+ MOVQ DX, R8 -+ MOVQ SI, DX -+ MOVQ DI, CX -+ -+#endif -+ -+ CALL R11 -+ -+#ifdef GOOS_windows -+ ADJSP $-32 -+ -+#endif -+ -+ MOVQ R14, SP // free stack space -+ -+ // Return result. -+ MOVQ AX, libcCallInfo_r1(R13) -+ MOVQ DX, libcCallInfo_r2(R13) -+ -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_arm.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_arm.s -new file mode 100644 -index 00000000000000..ff8e2c5513b7fa ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_arm.s -@@ -0,0 +1,104 @@ -+// Copyright 2026 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo -+ -+#include "go_asm.h" -+#include "textflag.h" -+ -+TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $8 -+ MOVW R0, 4(R13) -+ CALL ·syscallNSystemStack(SB) -+ RET -+ -+TEXT ·syscallNAsm(SB), NOSPLIT, $0-4 -+ // Load args pointer first, before modifying SP -+ MOVW libcArgs+0(FP), R0 -+ -+ // Save callee-saved registers R4-R7 and LR. -+ // We use R4 for libcArgs pointer. -+ // We use R5 for args pointer. -+ // We use R6 for n, then reused for saving SP. -+ // We use R7 for scratch. -+ MOVM.DB.W [R4-R7, R14], (R13) -+ -+ MOVW R0, R4 // Move libcArgs to R4 -+ -+ MOVW libcCallInfo_n(R4), R6 -+ MOVW libcCallInfo_args(R4), R5 -+ MOVW libcCallInfo_fn(R4), R12 -+ -+ CMP $4, R6 -+ BGT args_stack -+ -+ CMP $0, R6 -+ BEQ call -+ CMP $1, R6 -+ BEQ args_1 -+ CMP $2, R6 -+ BEQ args_2 -+ CMP $3, R6 -+ BEQ args_3 -+ -+args_4: -+ MOVM.IA (R5), [R0, R1, R2, R3] -+ B call -+ -+args_3: -+ MOVM.IA (R5), [R0, R1, R2] -+ B call -+ -+args_2: -+ MOVM.IA (R5), [R0, R1] -+ B call -+ -+args_1: -+ MOVW (R5), R0 -+ B call -+ -+args_stack: -+ // Calculate stack space needed: (n-4)*4 -+ SUB $4, R6, R7 -+ MOVW R7, R2 -+ SLL $2, R2 // bytes -+ -+ // Save SP (R6 is free now, n no longer needed) -+ MOVW R13, R6 -+ -+ // Allocate stack -+ SUB R2, R13 -+ BIC $7, R13 // Align to 8 bytes -+ -+ // Copy args -+ ADD $16, R5, R14 // Src = args + 16 -+ MOVW R13, R3 // Dst = SP -+ -+copy_loop: -+ MOVW.P 4(R14), R1 // read -+ MOVW.P R1, 4(R3) // write -+ SUB $1, R7 -+ CMP $0, R7 -+ BNE copy_loop -+ -+ // Load first 4 args -+ MOVM.IA (R5), [R0, R1, R2, R3] -+ -+ // Reload fn -+ MOVW libcCallInfo_fn(R4), R12 -+ -+ BL (R12) -+ -+ // Restore SP -+ MOVW R6, R13 -+ B ret -+ -+call: -+ BL (R12) -+ -+ret: -+ MOVW R0, libcCallInfo_r1(R4) -+ MOVW R1, libcCallInfo_r2(R4) -+ -+ MOVM.IA.W (R13), [R4-R7, R14] -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_arm64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_arm64.s -new file mode 100644 -index 00000000000000..261a7e4cb90d56 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_arm64.s -@@ -0,0 +1,97 @@ -+// Copyright 2015 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo -+ -+#include "go_asm.h" -+#include "textflag.h" -+ -+TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $16 -+ MOVD R0, 8(RSP) -+ CALL ·syscallNSystemStack(SB) -+ RET -+ -+TEXT ·syscallNAsm(SB), NOSPLIT, $0-16 -+ // Save original stack pointer -+ MOVD RSP, R20 -+ -+ // Load pointer from stack (ABI0 calling convention) -+ MOVD libcArgs+0(FP), R3 -+ -+ MOVD libcCallInfo_args(R3), R12 -+ MOVD libcCallInfo_fn(R3), R13 -+ -+ // Do we have more than 8 arguments? -+ MOVD libcCallInfo_n(R3), R0 -+ CMP $0, R0; BEQ _0args -+ CMP $1, R0; BEQ _1args -+ CMP $2, R0; BEQ _2args -+ CMP $3, R0; BEQ _3args -+ CMP $4, R0; BEQ _4args -+ CMP $5, R0; BEQ _5args -+ CMP $6, R0; BEQ _6args -+ CMP $7, R0; BEQ _7args -+ CMP $8, R0; BEQ _8args -+ -+ // Reserve stack space for remaining args -+ SUB $8, R0, R2 -+ ADD $1, R2, R3 // make even number of words for stack alignment -+ AND $~1, R3 -+ LSL $3, R3 -+ SUB R3, RSP -+ -+ // R4: size of stack arguments (n-8)*8 -+ // R5: &args[8] -+ // R6: loop counter, from 0 to (n-8)*8 -+ // R7: scratch -+ // R8: copy of RSP - (R2)(RSP) assembles as (R2)(ZR) -+ SUB $8, R0, R4 -+ LSL $3, R4 -+ ADD $(8*8), R12, R5 -+ MOVD $0, R6 -+ MOVD RSP, R8 -+ -+stackargs: -+ MOVD (R6)(R5), R7 -+ MOVD R7, (R6)(R8) -+ ADD $8, R6 -+ CMP R6, R4 -+ BNE stackargs -+ -+_8args: -+ MOVD (7*8)(R12), R7 -+ -+_7args: -+ MOVD (6*8)(R12), R6 -+ -+_6args: -+ MOVD (5*8)(R12), R5 -+ -+_5args: -+ MOVD (4*8)(R12), R4 -+ -+_4args: -+ MOVD (3*8)(R12), R3 -+ -+_3args: -+ MOVD (2*8)(R12), R2 -+ -+_2args: -+ MOVD (1*8)(R12), R1 -+ -+_1args: -+ MOVD (0*8)(R12), R0 -+ -+_0args: -+ -+ BL (R13) -+ -+ // Restore original stack pointer -+ MOVD R20, RSP -+ -+ MOVD libcArgs+0(FP), R3 -+ MOVD R0, libcCallInfo_r1(R3) // save r1 -+ MOVD R1, libcCallInfo_r2(R3) // save r2 -+ -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_loong64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_loong64.s -new file mode 100644 -index 00000000000000..83ab9979dfdbfe ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_loong64.s -@@ -0,0 +1,116 @@ -+// Copyright 2015 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo -+ -+#include "go_asm.h" -+#include "textflag.h" -+ -+TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $16 -+ MOVV R4, 8(R3) -+ CALL ·syscallNSystemStack(SB) -+ RET -+ -+TEXT ·syscallNAsm(SB), NOSPLIT, $0-8 -+ // Load pointer from stack (ABI0 calling convention) -+ MOVV libcArgs+0(FP), R12 -+ -+ // Save original stack pointer -+ MOVV R3, R23 -+ -+ // Align stack to 16 bytes for C calling convention -+ MOVV $-16, R15 -+ AND R15, R3 -+ -+ MOVV libcCallInfo_args(R12), R13 -+ MOVV libcCallInfo_fn(R12), R14 -+ -+ // Do we have more than 8 arguments? -+ MOVV libcCallInfo_n(R12), R4 -+ BEQ R4, R0, _0args -+ MOVV $1, R15 -+ BEQ R4, R15, _1args -+ MOVV $2, R15 -+ BEQ R4, R15, _2args -+ MOVV $3, R15 -+ BEQ R4, R15, _3args -+ MOVV $4, R15 -+ BEQ R4, R15, _4args -+ MOVV $5, R15 -+ BEQ R4, R15, _5args -+ MOVV $6, R15 -+ BEQ R4, R15, _6args -+ MOVV $7, R15 -+ BEQ R4, R15, _7args -+ MOVV $8, R15 -+ BEQ R4, R15, _8args -+ -+ // Reserve stack space for remaining args -+ MOVV R4, R16 -+ ADDV $-8, R16 // R16 = n-8 -+ MOVV R16, R12 // R12 = n-8 (reuse R12, no longer need libcArgs) -+ ADDV $1, R12 // R12 = (n-8)+1 -+ MOVV $-2, R15 -+ AND R15, R12 // make even number of words for stack alignment -+ SLLV $3, R12 // R12 = bytes to reserve -+ SUBV R12, R3 // SP -= bytes -+ -+ // R16: size of stack arguments (n-8)*8 -+ // R15: &args[8] -+ // R17: loop counter, from 0 to (n-8)*8 -+ // R18: scratch -+ // R19: copy of R3 (SP) -+ // R20: scratch -+ SLLV $3, R16 // R16 = (n-8)*8 -+ MOVV R13, R15 -+ ADDV $(8*8), R15 // R15 = args + 64 = &args[8] -+ MOVV R0, R17 // R17 = 0 (loop counter) -+ MOVV R3, R19 // R19 = SP copy -+ -+stackargs: -+ MOVV R15, R18 -+ ADDV R17, R18 // R18 = &args[8] + counter -+ MOVV (R18), R18 // R18 = args[8 + counter/8] -+ MOVV R19, R20 -+ ADDV R17, R20 // R20 = SP_copy + counter -+ MOVV R18, (R20) // stack[counter/8] = R18 -+ ADDV $8, R17 // counter += 8 -+ BNE R17, R16, stackargs // while counter != (n-8)*8 -+ -+_8args: -+ MOVV (7*8)(R13), R11 -+ -+_7args: -+ MOVV (6*8)(R13), R10 -+ -+_6args: -+ MOVV (5*8)(R13), R9 -+ -+_5args: -+ MOVV (4*8)(R13), R8 -+ -+_4args: -+ MOVV (3*8)(R13), R7 -+ -+_3args: -+ MOVV (2*8)(R13), R6 -+ -+_2args: -+ MOVV (1*8)(R13), R5 -+ -+_1args: -+ MOVV (0*8)(R13), R4 -+ -+_0args: -+ -+ CALL (R14) -+ -+ // Restore original stack pointer -+ MOVV R23, R3 -+ -+ MOVV libcArgs+0(FP), R12 -+ MOVV R4, libcCallInfo_r1(R12) // save r1 -+ MOVV R5, libcCallInfo_r2(R12) // save r2 -+ -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_others.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_others.s -new file mode 100644 -index 00000000000000..59cfb27799734a ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_others.s -@@ -0,0 +1,7 @@ -+// Copyright 2009 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo && !arm && !arm64 && !386 && !amd64 && !loong64 && !ppc64le && !riscv64 && (!s390x || !go1.27) -+ -+// This file silences errors about body-less functions. -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_ppc64le.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_ppc64le.s -new file mode 100644 -index 00000000000000..a78a1ffca7bda7 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_ppc64le.s -@@ -0,0 +1,141 @@ -+// Copyright 2009 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo -+ -+#include "go_asm.h" -+#include "textflag.h" -+ -+TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT|NOFRAME, $0-0 -+ // R3 already contains the libcArgs pointer from cgocall -+ MOVD LR, R0 -+ MOVD R0, 16(R1) -+ MOVDU R1, -32(R1) -+ MOVD R3, 32(R1) -+ CALL ·syscallNSystemStack(SB) -+ ADD $32, R1 -+ MOVD 16(R1), R0 -+ MOVD R0, LR -+ RET -+ -+// PPC64LE ELFv2 ABI: R3-R10 args, R3-R4 return, R14-R31 callee-saved -+// Go ABI: R3-R10, R14-R17 args, R20-R21 scratch, R30=g, R31=scratch -+// We use R24-R28 which are callee-saved in both ABIs. -+// Go frame: 48 locals + 32 linkage = 80 bytes. Locals start at 32(R1). -+ -+TEXT ·syscallNAsm(SB), NOSPLIT, $48-8 -+ // Save callee-saved registers we'll use -+ MOVD R24, 32(R1) -+ MOVD R25, 40(R1) -+ MOVD R26, 48(R1) -+ MOVD R27, 56(R1) -+ MOVD R28, 64(R1) -+ -+ // Load libcArgs pointer from stack (ABI0 calling convention) -+ MOVD libcArgs+0(FP), R11 -+ -+ // Store values we need across the C call in callee-saved registers -+ MOVD R1, R24 // R24 = original SP -+ MOVD R11, R25 // R25 = libcArgs -+ MOVD libcCallInfo_args(R11), R26 // R26 = args -+ MOVD libcCallInfo_fn(R11), R27 // R27 = fn -+ MOVD libcCallInfo_n(R11), R28 // R28 = n -+ -+ // Do we have more than 8 arguments? -+ CMP R28, $8 -+ BLE _allocsmall -+ -+ // >8 args: allocate large frame ((n-8+1) & ~1) * 8 + 96 -+ SUB $8, R28, R3 -+ ADD $1, R3 -+ MOVD $~1, R4 -+ AND R4, R3 -+ SLD $3, R3 -+ ADD $96, R3 -+ NEG R3, R4 -+ ADD R4, R24, R1 -+ MOVD $~15, R3 -+ AND R3, R1 // 16-byte align -+ MOVD R24, 0(R1) // back chain -+ MOVD R2, 24(R1) // save TOC -+ -+ // Copy args[8..n-1] to stack at offset 96 -+ MOVD $8, R3 -+ -+_stackargs: -+ SLD $3, R3, R5 -+ MOVD (R26)(R5), R6 -+ SUB $8, R3, R7 -+ SLD $3, R7 -+ ADD $96, R7 -+ MOVD R6, (R1)(R7) -+ ADD $1, R3 -+ CMP R3, R28 -+ BLT _stackargs -+ BR _8args -+ -+_allocsmall: -+ // <=8 args: allocate minimum 96-byte C frame -+ ADD $-96, R24, R1 -+ MOVD $~15, R3 -+ AND R3, R1 -+ MOVD R24, 0(R1) // back chain -+ MOVD R2, 24(R1) // save TOC -+ -+ // Branch to appropriate label based on arg count -+ CMP R28, $0; BEQ _0args -+ CMP R28, $1; BEQ _1args -+ CMP R28, $2; BEQ _2args -+ CMP R28, $3; BEQ _3args -+ CMP R28, $4; BEQ _4args -+ CMP R28, $5; BEQ _5args -+ CMP R28, $6; BEQ _6args -+ CMP R28, $7; BEQ _7args -+ -+_8args: -+ MOVD (7*8)(R26), R10 -+ -+_7args: -+ MOVD (6*8)(R26), R9 -+ -+_6args: -+ MOVD (5*8)(R26), R8 -+ -+_5args: -+ MOVD (4*8)(R26), R7 -+ -+_4args: -+ MOVD (3*8)(R26), R6 -+ -+_3args: -+ MOVD (2*8)(R26), R5 -+ -+_2args: -+ MOVD (1*8)(R26), R4 -+ -+_1args: -+ MOVD (0*8)(R26), R3 -+ -+_0args: -+ // ELFv2: function address in R12 and CTR -+ MOVD R27, R12 -+ MOVD R12, CTR -+ BL (CTR) -+ -+ // Restore TOC and stack pointer -+ MOVD 24(R1), R2 -+ MOVD R24, R1 -+ -+ // Save return values -+ MOVD R3, libcCallInfo_r1(R25) -+ MOVD R4, libcCallInfo_r2(R25) -+ -+ // Restore callee-saved registers -+ MOVD 32(R1), R24 -+ MOVD 40(R1), R25 -+ MOVD 48(R1), R26 -+ MOVD 56(R1), R27 -+ MOVD 64(R1), R28 -+ -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_riscv64.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_riscv64.s -new file mode 100644 -index 00000000000000..6ff0ddd2922d8b ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_riscv64.s -@@ -0,0 +1,109 @@ -+// Copyright 2015 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo -+ -+#include "go_asm.h" -+#include "textflag.h" -+ -+TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $16 -+ MOV A0, 8(X2) -+ CALL ·syscallNSystemStack(SB) -+ RET -+ -+TEXT ·syscallNAsm(SB), NOSPLIT, $0-8 -+ // Load pointer from stack (ABI0 calling convention) -+ MOV libcArgs+0(FP), X5 -+ -+ // Save original stack pointer -+ MOV X2, X20 -+ -+ // Align stack to 16 bytes for C calling convention -+ ANDI $-16, X2, X2 -+ -+ MOV libcCallInfo_args(X5), X30 -+ MOV libcCallInfo_fn(X5), X29 -+ -+ // Do we have more than 8 arguments? -+ MOV libcCallInfo_n(X5), X10 -+ BEQ X10, ZERO, _0args -+ MOV $1, X6 -+ BEQ X10, X6, _1args -+ MOV $2, X6 -+ BEQ X10, X6, _2args -+ MOV $3, X6 -+ BEQ X10, X6, _3args -+ MOV $4, X6 -+ BEQ X10, X6, _4args -+ MOV $5, X6 -+ BEQ X10, X6, _5args -+ MOV $6, X6 -+ BEQ X10, X6, _6args -+ MOV $7, X6 -+ BEQ X10, X6, _7args -+ MOV $8, X6 -+ BEQ X10, X6, _8args -+ -+ // Reserve stack space for remaining args -+ ADDI $-8, X10, X7 -+ ADDI $1, X7, X5 // make even number of words for stack alignment -+ ANDI $-2, X5, X5 -+ SLLI $3, X5, X5 -+ SUB X5, X2, X2 -+ -+ // X6: size of stack arguments (n-8)*8 -+ // X7: &args[8] -+ // X8: loop counter, from 0 to (n-8)*8 -+ // X9: scratch -+ // X28: copy of X2 (SP) -+ ADDI $-8, X10, X6 -+ SLLI $3, X6, X6 -+ ADDI $(8*8), X7, X7 -+ MOV ZERO, X8 -+ MOV X2, X28 -+ -+stackargs: -+ ADD X8, X7, X9 -+ MOV (X9), X9 -+ ADD X8, X28, X31 -+ MOV X9, (X31) -+ ADDI $8, X8, X8 -+ BNE X8, X6, stackargs -+ -+_8args: -+ MOV (7*8)(X30), X17 -+ -+_7args: -+ MOV (6*8)(X30), X16 -+ -+_6args: -+ MOV (5*8)(X30), X15 -+ -+_5args: -+ MOV (4*8)(X30), X14 -+ -+_4args: -+ MOV (3*8)(X30), X13 -+ -+_3args: -+ MOV (2*8)(X30), X12 -+ -+_2args: -+ MOV (1*8)(X30), X11 -+ -+_1args: -+ MOV (0*8)(X30), X10 -+ -+_0args: -+ -+ CALL X29 -+ -+ // Restore original stack pointer -+ MOV X20, X2 -+ -+ MOV libcArgs+0(FP), X5 -+ MOV X10, libcCallInfo_r1(X5) // save r1 -+ MOV X11, libcCallInfo_r2(X5) // save r2 -+ -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_s390x.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_s390x.s -new file mode 100644 -index 00000000000000..0fbccc3731dae4 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/asm_s390x.s -@@ -0,0 +1,117 @@ -+// Copyright 2009 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build go1.27 && !cgo -+ -+#include "go_asm.h" -+#include "textflag.h" -+ -+// S390X ELF ABI: -+// - Args in R2-R6, float args in F0, F2, F4, F6 -+// - Return values in R2, R3 (and F0 for floats) -+// - Callee-saved: R6-R13, R15, F8-F15 -+// - R14 is link register (return address) -+// - R15 is stack pointer -+// - Standard frame: 160 bytes minimum with register save area at 48(R15) -+ -+TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT|NOFRAME, $0-0 -+ // R2 already contains the libcArgs pointer from cgocall -+ // Save callee-saved registers to caller's save area -+ STMG R6, R15, 48(R15) -+ MOVD R15, R1 -+ SUB $32, R15 -+ MOVD R1, 0(R15) -+ MOVD R2, 8(R15) -+ BL ·syscallNSystemStack(SB) -+ ADD $32, R15 -+ LMG 48(R15), R6, R15 -+ RET -+ -+TEXT ·syscallNAsm(SB), NOSPLIT, $64-8 -+ // Save callee-saved registers we'll use (R6-R11) -+ STMG R6, R11, 8(R15) -+ -+ // Load libcArgs pointer from stack (ABI0 calling convention) -+ MOVD libcArgs+0(FP), R11 -+ -+ // Store values we need across the C call in callee-saved registers -+ MOVD R15, R7 // R7 = original SP -+ MOVD R11, R8 // R8 = libcArgs -+ MOVD libcCallInfo_args(R11), R9 // R9 = args -+ MOVD libcCallInfo_fn(R11), R10 // R10 = fn -+ MOVD libcCallInfo_n(R11), R6 // R6 = n -+ -+ // Do we have more than 5 arguments? -+ CMPBLE R6, $5, _allocsmall -+ -+ // >5 args: allocate frame for stack args ((n-5+1) & ~1) * 8 + 160 -+ MOVD R6, R1 -+ SUB $5, R1 -+ ADD $1, R1 -+ MOVD $~1, R0 -+ AND R0, R1 -+ SLD $3, R1 -+ ADD $160, R1 -+ SUB R1, R7, R15 -+ MOVD $~15, R0 -+ AND R0, R15 // 16-byte align -+ MOVD R7, 0(R15) // back chain -+ -+ // Copy args[5..n-1] to stack at offset 160 -+ MOVD $5, R1 -+ -+_stackargs: -+ SLD $3, R1, R3 -+ MOVD (R9)(R3*1), R0 -+ SUB $5, R1, R4 -+ SLD $3, R4 -+ ADD $160, R4 -+ MOVD R0, (R15)(R4*1) -+ ADD $1, R1 -+ CMP R1, R6 -+ BLT _stackargs -+ BR _5args -+ -+_allocsmall: -+ // <=5 args: allocate minimum 160-byte C frame -+ SUB $160, R7, R15 -+ MOVD $~15, R0 -+ AND R0, R15 -+ MOVD R7, 0(R15) // back chain -+ -+ // Branch to appropriate label based on arg count -+ CMPBEQ R6, $0, _0args -+ CMPBEQ R6, $1, _1args -+ CMPBEQ R6, $2, _2args -+ CMPBEQ R6, $3, _3args -+ CMPBEQ R6, $4, _4args -+ -+_5args: -+ MOVD (4*8)(R9), R6 -+ -+_4args: -+ MOVD (3*8)(R9), R5 -+ -+_3args: -+ MOVD (2*8)(R9), R4 -+ -+_2args: -+ MOVD (1*8)(R9), R3 -+ -+_1args: -+ MOVD (0*8)(R9), R2 -+ -+_0args: -+ BL R10 -+ -+ // Restore stack pointer -+ MOVD R7, R15 -+ -+ // Save return values -+ MOVD R2, libcCallInfo_r1(R8) -+ MOVD R3, libcCallInfo_r2(R8) -+ -+ // Restore callee-saved registers (R6-R11) -+ LMG 8(R15), R6, R11 -+ RET -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/dl.h b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/dl.h -new file mode 100644 -index 00000000000000..e94cca9e27e30a ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/dl.h -@@ -0,0 +1,12 @@ -+// This header file is used by the mkcgo tool to generate cgo and Go bindings for the -+// OpenSSL C API. Run "go generate ." to regenerate the bindings. -+ -+#ifndef _GO_DL_SHIMS_H // only include this header once -+#define _GO_DL_SHIMS_H -+ -+void *dlopen(const char *path, int flags); -+int dlclose(void *handle); -+void *dlsym(void *handle, const char *symbol); -+char *dlerror(void); -+ -+#endif // _GO_DL_SHIMS_H -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors.go -new file mode 100644 -index 00000000000000..4b8fd49edd2d40 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors.go -@@ -0,0 +1,34 @@ -+package ossl -+ -+import ( -+ "errors" -+ "unsafe" -+) -+ -+// newMkcgoErr constructs an error from the given message and OpenSSL error state. -+func newMkcgoErr(msg string, state uintptr) error { -+ if state == 0 { -+ // No error -+ return nil -+ } -+ bio := BIO_PTR(state) -+ defer BIO_free(bio) -+ // Retrieve pointer to data, which is owned by bio. -+ var data *byte -+ n := BIO_ctrl(bio, BIO_CTRL_INFO, 0, unsafe.Pointer(&data)) -+ if n == 0 { -+ // If no errors in queue, return simple message -+ return errors.New(msg + " failed") -+ } -+ const extra = "\nopenssl error(s):\n" -+ buf := make([]byte, len(msg)+len(extra)+int(n)) -+ copy(buf, msg) -+ copy(buf[len(msg):], extra) -+ copy(buf[len(msg)+len(extra):], unsafe.Slice(data, n)) -+ // Remove trailing line jump if present. -+ if buf[len(buf)-1] == '\n' { -+ buf = buf[:len(buf)-1] -+ } -+ // Avoid an allocation by constructing the string directly from the byte slice. -+ return errors.New(unsafe.String(unsafe.SliceData(buf), len(buf))) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors_cgo.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors_cgo.go -new file mode 100644 -index 00000000000000..f7678a67c0231a ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors_cgo.go -@@ -0,0 +1,30 @@ -+package ossl -+ -+/* -+#include "zossl.h" -+ -+// Force mkcgo_err_retrieve to be stack-guarded, -+// even when it doesn't actually need it. -+// This is necessary to ensure Go binaries built -+// with -fstack-protector-strong comply with BinSkim BA3003, -+// so that at least one function in the binary uses __stack_chk_guard. -+// See https://github.com/microsoft/go/issues/2240. -+ -+#define MKCGO_STACK_PROTECT -+ -+#if defined(__has_attribute) -+#if __has_attribute(stack_protect) -+#undef MKCGO_STACK_PROTECT -+#define MKCGO_STACK_PROTECT __attribute__((stack_protect)) -+#endif -+#endif -+ -+// mkcgo_err_retrieve retrieves the error state from OpenSSL. -+uintptr_t MKCGO_STACK_PROTECT mkcgo_err_retrieve() { -+ // BIO operations using BIO_s_mem should not fail. -+ _BIO_PTR bio = _mkcgo_BIO_new(_mkcgo_BIO_s_mem(), NULL); -+ _mkcgo_ERR_print_errors(bio); -+ return (uintptr_t)bio; -+} -+*/ -+import "C" -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors_nocgo.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors_nocgo.go -new file mode 100644 -index 00000000000000..822ff8fbbdf9a1 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/errors_nocgo.go -@@ -0,0 +1,16 @@ -+//go:build !cgo -+ -+package ossl -+ -+// retrieveErrorState retrieves errors from the OpenSSL error queue. -+// It might run on the system stack, so it can't allocate Go memory -+// nor grow the stack over the nosplit limit. -+// -+//go:nosplit -+func retrieveErrorState() uintptr { -+ // BIO operations using BIO_s_mem should not fail. -+ smem := syscallNRaw(_mkcgo_BIO_s_mem) -+ bio := syscallNRaw(_mkcgo_BIO_new, smem) -+ syscallNRaw(_mkcgo_ERR_print_errors, bio) -+ return bio -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/ossl.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/ossl.go -new file mode 100644 -index 00000000000000..9d38464e9fb964 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/ossl.go -@@ -0,0 +1,59 @@ -+// Package ossl provides a Go interface to OpenSSL. -+package ossl -+ -+//go:generate go run ../../cmd/mkcgo -out zossl.go -mode dynload -package ossl shims.h -+//go:generate go run ../../cmd/mkcgo -out zossl.go -nocgo -mode dynload -package ossl shims.h -+//go:generate go run ../../cmd/mkcgo -out zdl.go -nocgo -mode dynamic -noerrors -package ossl -tags unix dl.h -+ -+import "unsafe" -+ -+const _OSSL_PARAM_UNMODIFIED uint = uint(^uintptr(0)) -+ -+// OSSL_PARAM is a structure to pass or request object parameters. -+// https://docs.openssl.org/3.0/man3/OSSL_PARAM/. -+type OSSL_PARAM struct { -+ Key *byte -+ DataType uint32 -+ Data unsafe.Pointer -+ DataSize uint -+ ReturnSize uint -+} -+ -+func ossl_param_construct(key *byte, dataType uint32, data unsafe.Pointer, dataSize int) OSSL_PARAM { -+ return OSSL_PARAM{ -+ Key: key, -+ DataType: dataType, -+ Data: data, -+ DataSize: uint(dataSize), -+ ReturnSize: _OSSL_PARAM_UNMODIFIED, -+ } -+} -+ -+func OSSL_PARAM_construct_octet_string(key *byte, data unsafe.Pointer, dataSize int) OSSL_PARAM { -+ return ossl_param_construct(key, OSSL_PARAM_OCTET_STRING, data, dataSize) -+} -+ -+func OSSL_PARAM_construct_int32(key *byte, data *int32) OSSL_PARAM { -+ return ossl_param_construct(key, OSSL_PARAM_INTEGER, unsafe.Pointer(data), 4) -+} -+ -+func OSSL_PARAM_construct_end() OSSL_PARAM { -+ return OSSL_PARAM{} -+} -+ -+func OSSL_PARAM_modified(param *OSSL_PARAM) bool { -+ // If ReturnSize is not set, the parameter has not been modified. -+ return param != nil && param.ReturnSize != _OSSL_PARAM_UNMODIFIED -+} -+ -+// goString converts a C string (byte pointer) to a Go string -+func goString(p *byte) string { -+ if p == nil { -+ return "" -+ } -+ end := unsafe.Pointer(p) -+ for *(*byte)(end) != 0 { -+ end = unsafe.Add(end, 1) -+ } -+ return string(unsafe.Slice(p, uintptr(end)-uintptr(unsafe.Pointer(p)))) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/shims.h b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/shims.h -new file mode 100644 -index 00000000000000..7c71f0d811fe80 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/shims.h -@@ -0,0 +1,442 @@ -+// This header file is used by the mkcgo tool to generate cgo and Go bindings for the -+// OpenSSL C API. Run "go generate ." to regenerate the bindings. -+// Do not include this file, import "zossl.h" instead. -+ -+#ifndef _GO_OSSL_SHIMS_H // only include this header once -+#define _GO_OSSL_SHIMS_H -+ -+#include // size_t -+#include // uint64_t -+ -+// The following includes are used by the checkheader tool. -+// #include -+// #include -+// #include -+// #include -+// #include -+// #include -+// #include -+// #include -+// #include -+// #include -+// #include -+// #if OPENSSL_VERSION_NUMBER >= 0x30000000L -+// #include -+// #include -+// #include -+// #include -+// #endif -+// #if OPENSSL_VERSION_NUMBER < 0x10100000L -+// #include -+// #endif -+ -+enum { -+ _POINT_CONVERSION_UNCOMPRESSED = 4, -+ -+ _OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002, -+ _OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004, -+ _OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008, -+ _OPENSSL_INIT_LOAD_CONFIG = 0x00000040, -+ -+ _EVP_CTRL_GCM_GET_TAG = 0x10, -+ _EVP_CTRL_GCM_SET_TAG = 0x11, -+ _EVP_CTRL_AEAD_SET_IVLEN = 0x9, -+ _EVP_CTRL_AEAD_GET_TAG = 0x10, -+ _EVP_CTRL_AEAD_SET_TAG = 0x11, -+ _EVP_PKEY_CTRL_MD = 1, -+ _EVP_PKEY_RSA = 6, -+ _EVP_PKEY_EC = 408, -+ _EVP_PKEY_TLS1_PRF = 1021, -+ _EVP_PKEY_X25519 = 1034, -+ _EVP_PKEY_HKDF = 1036, -+ _EVP_PKEY_ED25519 = 1087, -+ _EVP_PKEY_DSA = 116, -+ _EVP_PKEY_MLKEM_768 = 1455, -+ _EVP_PKEY_MLKEM_1024 = 1456, -+ _EVP_PKEY_ML_DSA_44 = 1457, -+ _EVP_PKEY_ML_DSA_65 = 1458, -+ _EVP_PKEY_ML_DSA_87 = 1459, -+ _EVP_PKEY_OP_DERIVE = (1 << 10), // this value differs between OpenSSL 1 and 3, but we only use it in 1 -+ _EVP_MAX_MD_SIZE = 64, -+ -+ _EVP_PKEY_PUBLIC_KEY = 0x86, -+ _EVP_PKEY_KEYPAIR = 0x87, -+ -+ _EVP_MD_CTRL_XOF_LEN = 0x3, -+ -+ _EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001, -+ -+ _EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1, -+ _EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2, -+ -+ _EVP_PKEY_CTRL_TLS_MD = 0x1000, -+ _EVP_PKEY_CTRL_TLS_SECRET = 0x1001, -+ _EVP_PKEY_CTRL_TLS_SEED = 0x1002, -+ _EVP_PKEY_CTRL_HKDF_MD = 0x1003, -+ _EVP_PKEY_CTRL_HKDF_SALT = 0x1004, -+ _EVP_PKEY_CTRL_HKDF_KEY = 0x1005, -+ _EVP_PKEY_CTRL_HKDF_INFO = 0x1006, -+ _EVP_PKEY_CTRL_HKDF_MODE = 0x1007, -+ -+ _NID_X9_62_prime256v1 = 415, -+ _NID_secp224r1 = 713, -+ _NID_secp384r1 = 715, -+ _NID_secp521r1 = 716, -+ -+ _NID_ML_KEM_768 = 1455, -+ _NID_ML_KEM_1024 = 1456, -+ _NID_ML_DSA_44 = 1457, -+ _NID_ML_DSA_65 = 1458, -+ _NID_ML_DSA_87 = 1459, -+ -+ _RSA_PKCS1_PADDING = 1, -+ _RSA_NO_PADDING = 3, -+ _RSA_PKCS1_OAEP_PADDING = 4, -+ _RSA_PKCS1_PSS_PADDING = 6, -+ _RSA_PSS_SALTLEN_DIGEST = -1, -+ _RSA_PSS_SALTLEN_AUTO = -2, -+ _RSA_PSS_SALTLEN_MAX_SIGN = -2, -+ _RSA_PSS_SALTLEN_MAX = -3, -+ _EVP_PKEY_CTRL_RSA_PADDING = 0x1001, -+ _EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002, -+ _EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003, -+ _EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005, -+ _EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009, -+ _EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A, -+ _EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001, -+ _EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002, -+ -+ _OSSL_PARAM_INTEGER = 1, -+ _OSSL_PARAM_OCTET_STRING = 5, -+ -+ BIO_CTRL_INFO = 3, -+}; -+ -+typedef void* _OPENSSL_INIT_SETTINGS_PTR; -+typedef void* _OSSL_LIB_CTX_PTR; -+typedef void* _OSSL_PROVIDER_PTR; -+typedef void* _ENGINE_PTR; -+typedef void* _EVP_PKEY_PTR; -+typedef void* _EVP_PKEY_CTX_PTR; -+typedef void* _EVP_MD_PTR; -+typedef void* _EVP_MD_CTX_PTR; -+typedef void* _HMAC_CTX_PTR; -+typedef void* _EVP_CIPHER_PTR; -+typedef void* _EVP_CIPHER_CTX_PTR; -+typedef void* _EC_KEY_PTR; -+typedef void* _EC_POINT_PTR; -+typedef void* _EC_GROUP_PTR; -+typedef void* _RSA_PTR; -+typedef void* _BIGNUM_PTR; -+typedef void* _BN_CTX_PTR; -+typedef void* _EVP_MAC_PTR; -+typedef void* _EVP_MAC_CTX_PTR; -+typedef void* _OSSL_PARAM_BLD_PTR; -+typedef void* _OSSL_PARAM_PTR; -+typedef void* _EVP_SIGNATURE_PTR; -+typedef void* _EVP_KEYMGMT_PTR; -+typedef void* _DSA_PTR; -+typedef void* _EVP_KDF_PTR; -+typedef void* _EVP_KDF_CTX_PTR; -+typedef void* _BIO_METHOD_PTR; -+typedef void* _BIO_PTR; -+typedef int point_conversion_form_t; -+ -+// Tags used by mkcgo to determine which OpenSSL version each function is available in: -+// - no tag: available in all supported versions (OpenSSL 1.1.1+) -+// - legacy_1: Only OpenSSL 1 -+// - 3: OpenSSL 3.0 or later -+// - 33: OpenSSL 3.3 or later -+ -+// The noescape/nocallback attributes are performance optimizations. -+// Only add functions that have been observed to benefit from these -+// directives, not every function that is merely expected to meet -+// the noescape/nocallback criteria. -+ -+// BIO API -+const _BIO_METHOD_PTR BIO_s_mem(void) __attribute__((tag(""),tag("init_3"),noerror)); -+_BIO_PTR BIO_new(const _BIO_METHOD_PTR type) __attribute__((tag(""),tag("init_3"))); -+int BIO_free(_BIO_PTR a) __attribute__((tag(""),tag("init_3"),noerror,noescape,nocallback)); -+long BIO_ctrl(_BIO_PTR bp, int cmd, long larg, void *parg) __attribute__((tag(""),tag("init_3"),noerror,noescape,nocallback)); -+ -+// ERR API -+unsigned long ERR_peek_error(void) __attribute__((noerror)); -+void ERR_print_errors(_BIO_PTR bp) __attribute__((tag(""),tag("init_3"),noescape,nocallback)); -+ -+// OPENSSL API -+const char *OpenSSL_version(int type) __attribute__((noerror)); -+void OPENSSL_init(void); -+int OPENSSL_init_crypto(uint64_t ops, const _OPENSSL_INIT_SETTINGS_PTR settings); -+unsigned long OpenSSL_version_num(void) __attribute__((tag("version"),optional,noerror)); -+unsigned int OPENSSL_version_major(void) __attribute__((tag("version"),optional,noerror)); -+unsigned int OPENSSL_version_minor(void) __attribute__((tag("version"),optional,noerror)); -+unsigned int OPENSSL_version_patch(void) __attribute__((tag("version"),optional,noerror)); -+ -+// CRYPTO API -+void *CRYPTO_malloc(size_t num, const char *file, int line); -+void CRYPTO_free(void *str, const char *file, int line); -+ -+// FIPS API -+int FIPS_mode(void) __attribute__((tag("legacy_1"),tag("init_1"),noerror)); -+int FIPS_mode_set(int r) __attribute__((tag("legacy_1"),tag("init_1"))); -+ -+// EVP Config API -+int EVP_default_properties_is_fips_enabled(_OSSL_LIB_CTX_PTR libctx) __attribute__((tag("3"),tag("init_3"),noerror)); -+int EVP_default_properties_enable_fips(_OSSL_LIB_CTX_PTR libctx, int enable) __attribute__((tag("3"))); -+ -+// OSSL_PROVIDER API -+int OSSL_PROVIDER_available(_OSSL_LIB_CTX_PTR libctx, const char *name) __attribute__((tag("3"),noerror)); -+_OSSL_PROVIDER_PTR OSSL_PROVIDER_try_load(_OSSL_LIB_CTX_PTR libctx, const char *name, int retain_fallbacks) __attribute__((tag("3"))); -+const char *OSSL_PROVIDER_get0_name(const _OSSL_PROVIDER_PTR prov) __attribute__((tag("3"),noerror)); -+ -+// RAND API -+int RAND_bytes(unsigned char *arg0, int arg1) __attribute__((noescape,nocallback,slice("arg0","arg1"))); -+ -+// EVP_MD API -+_EVP_MD_PTR EVP_MD_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"),tag("init_3"))); -+void EVP_MD_free(_EVP_MD_PTR md) __attribute__((tag("3"),tag("init_3"))); -+const char *EVP_MD_get0_name(const _EVP_MD_PTR md) __attribute__((tag("3"),noerror)); -+int EVP_MD_get_type(const _EVP_MD_PTR md) __attribute__((tag("3"),noerror)); -+const _OSSL_PROVIDER_PTR EVP_MD_get0_provider(const _EVP_MD_PTR md) __attribute__((tag("3"),tag("init_3"),noerror)); -+int EVP_MD_get_size(const _EVP_MD_PTR md) __attribute__((tag("3"),tag("legacy_1","EVP_MD_size"),noerror)); -+int EVP_MD_get_block_size(const _EVP_MD_PTR md) __attribute__((tag("3"),tag("legacy_1","EVP_MD_block_size"),noerror)); -+const _EVP_MD_PTR EVP_md5_sha1(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_ripemd160(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_md4(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_md5(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha1(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha224(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha256(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha384(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha512(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha512_224(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha512_256(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha3_224(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha3_256(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha3_384(void) __attribute__((noerror)); -+const _EVP_MD_PTR EVP_sha3_512(void) __attribute__((noerror)); -+ -+_EVP_MD_CTX_PTR EVP_MD_CTX_new(void); -+void EVP_MD_CTX_free(_EVP_MD_CTX_PTR ctx); -+int EVP_MD_CTX_ctrl(_EVP_MD_CTX_PTR ctx, int cmd, int p1, void *p2); -+int EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR out, const _EVP_MD_CTX_PTR in); -+const _OSSL_PARAM_PTR EVP_MD_CTX_gettable_params(_EVP_MD_CTX_PTR ctx) __attribute__((tag("3"))); -+const _OSSL_PARAM_PTR EVP_MD_CTX_settable_params(_EVP_MD_CTX_PTR ctx) __attribute__((tag("3"))); -+int EVP_MD_CTX_get_params(_EVP_MD_CTX_PTR ctx, _OSSL_PARAM_PTR params) __attribute__((tag("3"),noescape,nocallback)); -+int EVP_MD_CTX_set_params(_EVP_MD_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"),noescape,nocallback)); -+int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const _EVP_MD_PTR type, _ENGINE_PTR impl) __attribute__((noescape,nocallback,slice("data","count"),slice("md","size"))); -+int EVP_DigestInit_ex(_EVP_MD_CTX_PTR ctx, const _EVP_MD_PTR type, _ENGINE_PTR impl); -+int EVP_DigestInit(_EVP_MD_CTX_PTR ctx, const _EVP_MD_PTR type); -+int EVP_DigestUpdate(_EVP_MD_CTX_PTR ctx, const void *d, size_t cnt) __attribute__((noescape,nocallback,slice("d","cnt"))); -+int EVP_DigestFinal_ex(_EVP_MD_CTX_PTR ctx, unsigned char *md, unsigned int *s) __attribute__((noescape,nocallback,slice("md","s"))); -+int EVP_DigestFinalXOF(_EVP_MD_CTX_PTR ctx, unsigned char *md, size_t mdlen) __attribute__((tag("33"),noescape,nocallback,slice("md","mdlen"))); -+int EVP_DigestSqueeze(_EVP_MD_CTX_PTR ctx, unsigned char *out, size_t outlen) __attribute__((tag("33"),optional,noescape,nocallback,slice("out","outlen"))); -+int EVP_DigestSign(_EVP_MD_CTX_PTR ctx, unsigned char *sigret, size_t *siglen, const unsigned char *tbs, size_t tbslen) __attribute__((noescape,nocallback,slice("sigret","siglen"),slice("tbs","tbslen"))); -+int EVP_DigestSignInit(_EVP_MD_CTX_PTR ctx, _EVP_PKEY_CTX_PTR *pctx, const _EVP_MD_PTR type, _ENGINE_PTR e, _EVP_PKEY_PTR pkey); -+int EVP_DigestSignFinal(_EVP_MD_CTX_PTR ctx, unsigned char *sig, size_t *siglen) __attribute__((slice("sig","siglen"))); -+int EVP_DigestVerifyInit(_EVP_MD_CTX_PTR ctx, _EVP_PKEY_CTX_PTR *pctx, const _EVP_MD_PTR type, _ENGINE_PTR e, _EVP_PKEY_PTR pkey); -+int EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR ctx, const unsigned char *sig, size_t siglen) __attribute__((slice("sig","siglen"))); -+int EVP_DigestVerify(_EVP_MD_CTX_PTR ctx, const unsigned char *sigret, size_t siglen, const unsigned char *tbs, size_t tbslen) __attribute__((slice("sigret","siglen"),slice("tbs","tbslen"))); -+ -+// HMAC API -+int HMAC_Init_ex(_HMAC_CTX_PTR arg0, const void *arg1, int arg2, const _EVP_MD_PTR arg3, _ENGINE_PTR arg4) __attribute__((tag("legacy_1"),noescape,nocallback,slice("arg1","arg2"))); -+int HMAC_Update(_HMAC_CTX_PTR arg0, const unsigned char *arg1, size_t arg2) __attribute__((tag("legacy_1"),noescape,nocallback,slice("arg1","arg2"))); -+int HMAC_Final(_HMAC_CTX_PTR arg0, unsigned char *arg1, unsigned int *arg2) __attribute__((tag("legacy_1"),noescape,nocallback,slice("arg1","arg2"))); -+ -+_HMAC_CTX_PTR HMAC_CTX_new(void) __attribute__((tag("legacy_1"))); -+int HMAC_CTX_copy(_HMAC_CTX_PTR dest, _HMAC_CTX_PTR src) __attribute__((tag("legacy_1"),noescape,nocallback)); -+void HMAC_CTX_free(_HMAC_CTX_PTR arg0) __attribute__((tag("legacy_1"),noescape,nocallback)); -+ -+// EVP_CIPHER API -+_EVP_CIPHER_PTR EVP_CIPHER_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); -+const char *EVP_CIPHER_get0_name(const _EVP_CIPHER_PTR cipher) __attribute__((tag("3"),noerror)); -+const _EVP_CIPHER_PTR EVP_aes_128_gcm(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_128_cbc(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_128_ctr(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_128_ecb(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_192_gcm(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_192_cbc(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_192_ctr(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_192_ecb(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_256_cbc(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_256_ctr(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_256_ecb(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_aes_256_gcm(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_des_ecb(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_des_cbc(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_des_ede3_ecb(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_des_ede3_cbc(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_rc4(void) __attribute__((noerror)); -+const _EVP_CIPHER_PTR EVP_chacha20_poly1305(void) __attribute__((optional,noerror)); -+int EVP_CIPHER_get_block_size(const _EVP_CIPHER_PTR cipher) __attribute__((tag("3"),tag("legacy_1","EVP_CIPHER_block_size"),noerror)); -+ -+_EVP_CIPHER_CTX_PTR EVP_CIPHER_CTX_new(void); -+int EVP_CIPHER_CTX_set_padding(_EVP_CIPHER_CTX_PTR x, int padding); -+int EVP_CIPHER_CTX_set_key_length(_EVP_CIPHER_CTX_PTR x, int keylen); -+void EVP_CIPHER_CTX_free(_EVP_CIPHER_CTX_PTR arg0); -+int EVP_CIPHER_CTX_ctrl(_EVP_CIPHER_CTX_PTR ctx, int type, int arg, void *ptr); -+int EVP_CipherInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv, int enc); -+int EVP_CipherUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) __attribute__((noescape,nocallback,slice("out","outl"),slice("in","inl"))); -+int EVP_EncryptInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv); -+int EVP_EncryptUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) __attribute__((noescape,nocallback,slice("out","outl"),slice("in","inl"))); -+int EVP_EncryptFinal_ex(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl) __attribute__((noescape,nocallback,slice("out","outl"))); -+int EVP_DecryptInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv); -+int EVP_DecryptUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) __attribute__((noescape,nocallback,slice("out","outl"),slice("in","inl"))); -+int EVP_DecryptFinal_ex(_EVP_CIPHER_CTX_PTR ctx, unsigned char *outm, int *outl) __attribute__((noescape,nocallback,slice("outm","outl"))); -+ -+// EVP_PKEY API -+_EVP_PKEY_PTR EVP_PKEY_new(void); -+_EVP_PKEY_PTR EVP_PKEY_new_raw_private_key(int type, _ENGINE_PTR e, const unsigned char *key, size_t keylen) __attribute__((slice("key","keylen"))); -+_EVP_PKEY_PTR EVP_PKEY_new_raw_public_key(int type, _ENGINE_PTR e, const unsigned char *key, size_t keylen) __attribute__((slice("key","keylen"))); -+int EVP_PKEY_get_size(const _EVP_PKEY_PTR pkey) __attribute__((tag("3"),tag("legacy_1","EVP_PKEY_size"))); -+int EVP_PKEY_get_bits(const _EVP_PKEY_PTR pkey) __attribute__((tag("3"),tag("legacy_1","EVP_PKEY_bits"))); -+void EVP_PKEY_free(_EVP_PKEY_PTR arg0); -+_RSA_PTR EVP_PKEY_get1_RSA(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); -+int EVP_PKEY_assign(_EVP_PKEY_PTR pkey, int type, void *key) __attribute__((tag("legacy_1"))); -+_EC_KEY_PTR EVP_PKEY_get0_EC_KEY(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); -+_DSA_PTR EVP_PKEY_get0_DSA(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); -+int EVP_PKEY_set1_encoded_public_key(_EVP_PKEY_PTR pkey, const unsigned char *pub, size_t publen) __attribute__((tag("3"),slice("pub","publen"))); -+size_t EVP_PKEY_get1_encoded_public_key(_EVP_PKEY_PTR pkey, unsigned char **ppub) __attribute__((tag("3"))); -+int EVP_PKEY_get_bn_param(const _EVP_PKEY_PTR pkey, const char *key_name, _BIGNUM_PTR *bn) __attribute__((tag("3"),noescape,nocallback)); -+int EVP_PKEY_get_octet_string_param(const _EVP_PKEY_PTR pkey, const char *key_name, unsigned char *buf, size_t buf_len, size_t *out_len) __attribute__((tag("3"),slice("buf","buf_len"))); -+int EVP_PKEY_up_ref(_EVP_PKEY_PTR key); -+int EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR pkey, _EC_KEY_PTR key) __attribute__((tag("legacy_1"))); -+int EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR ctx, void *label, int labellen) __attribute__((tag("3"),slice("label","labellen"))); -+int EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR pkey, unsigned char *pub, size_t *publen) __attribute__((noescape,nocallback,slice("pub","publen"))); -+int EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR pkey, unsigned char *priv, size_t *privlen) __attribute__((noescape,nocallback,slice("priv","privlen"))); -+int EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); -+int EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *pkey, int selection, _OSSL_PARAM_PTR params) __attribute__((tag("3"))); -+int EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR ctx); -+int EVP_PKEY_paramgen(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *ppkey); -+int EVP_PKEY_keygen_init(_EVP_PKEY_CTX_PTR ctx); -+int EVP_PKEY_keygen(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *ppkey) __attribute__((noescape,nocallback)); -+int EVP_PKEY_decrypt(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4) __attribute__((slice("arg1","arg2"),slice("arg3","arg4"))); -+int EVP_PKEY_encrypt(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4) __attribute__((slice("arg1","arg2"),slice("arg3","arg4"))); -+int EVP_PKEY_decrypt_init(_EVP_PKEY_CTX_PTR arg0); -+int EVP_PKEY_encrypt_init(_EVP_PKEY_CTX_PTR arg0); -+int EVP_PKEY_sign_init(_EVP_PKEY_CTX_PTR arg0); -+int EVP_PKEY_verify_init(_EVP_PKEY_CTX_PTR arg0); -+int EVP_PKEY_sign(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4) __attribute__((slice("arg1","arg2"),slice("arg3","arg4"))); -+int EVP_PKEY_verify(_EVP_PKEY_CTX_PTR ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen) __attribute__((slice("sig","siglen"),slice("tbs","tbslen"))); -+int EVP_PKEY_derive_init(_EVP_PKEY_CTX_PTR ctx); -+int EVP_PKEY_derive_set_peer(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR peer); -+int EVP_PKEY_derive(_EVP_PKEY_CTX_PTR ctx, unsigned char *key, size_t *keylen) __attribute__((noescape,nocallback,slice("key","keylen"))); -+int EVP_PKEY_public_check_quick(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); -+int EVP_PKEY_private_check(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); -+_EVP_PKEY_PTR EVP_PKEY_Q_keygen(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, ...) __attribute__((tag("3"))); -+_EVP_PKEY_PTR EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, size_t arg1) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); -+_EVP_PKEY_PTR EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, const char *arg1) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); -+_EVP_PKEY_PTR EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); -+_EVP_PKEY_PTR EVP_PKEY_Q_keygen_X25519(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); -+_EVP_PKEY_PTR EVP_PKEY_Q_keygen_MLKEM(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); -+_EVP_PKEY_PTR EVP_PKEY_Q_keygen_MLDSA(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); -+ -+_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new(_EVP_PKEY_PTR arg0, _ENGINE_PTR arg1); -+_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new_id(int id, _ENGINE_PTR e); -+_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR libctx, _EVP_PKEY_PTR pkey, const char *propquery) __attribute__((tag("3"))); -+void EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR arg0); -+int EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR ctx, int keytype, int optype, int cmd, int p1, void *p2); -+int EVP_PKEY_CTX_set_params(_EVP_PKEY_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"),noescape,nocallback)); -+int EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR arg0, int arg1) __attribute__((tag("3"))); -+int EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR arg0, const _EVP_MD_PTR arg1) __attribute__((tag("3"))); -+int EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"),slice("arg1","arg2"))); -+int EVP_PKEY_CTX_set1_hkdf_key(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"),slice("arg1","arg2"))); -+int EVP_PKEY_CTX_add1_hkdf_info(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"),slice("arg1","arg2"))); -+ -+// RSA API -+_RSA_PTR RSA_new(void) __attribute__((tag("legacy_1"))); -+void RSA_free(_RSA_PTR arg0) __attribute__((tag("legacy_1"))); -+void RSA_get0_factors(const _RSA_PTR rsa, const _BIGNUM_PTR *p, const _BIGNUM_PTR *q) __attribute__((tag("legacy_1"),noerror)); -+int RSA_set0_factors(_RSA_PTR rsa, _BIGNUM_PTR p, _BIGNUM_PTR q) __attribute__((tag("legacy_1"))); -+void RSA_get0_crt_params(const _RSA_PTR r, const _BIGNUM_PTR *dmp1, const _BIGNUM_PTR *dmq1, const _BIGNUM_PTR *iqmp) __attribute__((tag("legacy_1"),noerror)); -+int RSA_set0_crt_params(_RSA_PTR rsa, _BIGNUM_PTR dmp1, _BIGNUM_PTR dmp2, _BIGNUM_PTR iqmp) __attribute__((tag("legacy_1"))); -+void RSA_get0_key(const _RSA_PTR rsa, const _BIGNUM_PTR *n, const _BIGNUM_PTR *e, const _BIGNUM_PTR *d) __attribute__((tag("legacy_1"),noerror)); -+int RSA_set0_key(_RSA_PTR r, _BIGNUM_PTR n, _BIGNUM_PTR e, _BIGNUM_PTR d) __attribute__((tag("legacy_1"))); -+ -+// BIGNUM API -+_BIGNUM_PTR BN_new(void); -+void BN_free(_BIGNUM_PTR arg0); -+void BN_clear(_BIGNUM_PTR arg0); -+void BN_clear_free(_BIGNUM_PTR arg0); -+int BN_num_bits(const _BIGNUM_PTR arg0) __attribute__((noerror)); -+_BIGNUM_PTR BN_bin2bn(const unsigned char *arg0, int arg1, _BIGNUM_PTR arg2) __attribute__((slice("arg0","arg1"))); -+_BIGNUM_PTR BN_lebin2bn(const unsigned char *s, int slen, _BIGNUM_PTR ret) __attribute__((slice("s","slen"))); -+int BN_bn2lebinpad(const _BIGNUM_PTR a, unsigned char *to, int tolen) __attribute__((errcond("== -1"),slice("to","tolen"))); -+int BN_bn2binpad(const _BIGNUM_PTR a, unsigned char *to, int tolen) __attribute__((errcond("== -1"),slice("to","tolen"))); -+ -+// EC API -+int EC_KEY_set_public_key_affine_coordinates(_EC_KEY_PTR key, _BIGNUM_PTR x, _BIGNUM_PTR y) __attribute__((tag("legacy_1"))); -+int EC_KEY_set_public_key(_EC_KEY_PTR key, const _EC_POINT_PTR pub) __attribute__((tag("legacy_1"))); -+void EC_KEY_free(_EC_KEY_PTR arg0) __attribute__((tag("legacy_1"))); -+const _EC_GROUP_PTR EC_KEY_get0_group(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"),noerror)); -+const _BIGNUM_PTR EC_KEY_get0_private_key(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"),noerror)); -+const _EC_POINT_PTR EC_KEY_get0_public_key(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"),noerror)); -+_EC_KEY_PTR EC_KEY_new_by_curve_name(int arg0) __attribute__((tag("legacy_1"))); -+int EC_KEY_set_private_key(_EC_KEY_PTR arg0, const _BIGNUM_PTR arg1) __attribute__((tag("legacy_1"))); -+int EC_KEY_check_key(const _EC_KEY_PTR key) __attribute__((tag("legacy_1"))); -+_EC_POINT_PTR EC_POINT_new(const _EC_GROUP_PTR arg0); -+void EC_POINT_free(_EC_POINT_PTR arg0); -+int EC_POINT_mul(const _EC_GROUP_PTR group, _EC_POINT_PTR r, const _BIGNUM_PTR n, const _EC_POINT_PTR q, const _BIGNUM_PTR m, _BN_CTX_PTR ctx); -+int EC_POINT_get_affine_coordinates_GFp(const _EC_GROUP_PTR arg0, const _EC_POINT_PTR arg1, _BIGNUM_PTR arg2, _BIGNUM_PTR arg3, _BN_CTX_PTR arg4) __attribute__((tag("legacy_1"))); -+int EC_POINT_set_affine_coordinates(const _EC_GROUP_PTR arg0, _EC_POINT_PTR arg1, const _BIGNUM_PTR arg2, const _BIGNUM_PTR arg3, _BN_CTX_PTR arg4) __attribute__((tag("3"))); -+size_t EC_POINT_point2oct(const _EC_GROUP_PTR group, const _EC_POINT_PTR p, point_conversion_form_t form, unsigned char *buf, size_t buflen, _BN_CTX_PTR ctx) __attribute__((slice("buf","buflen"))); -+int EC_POINT_oct2point(const _EC_GROUP_PTR group, _EC_POINT_PTR p, const unsigned char *buf, size_t buflen, _BN_CTX_PTR ctx) __attribute__((slice("buf","buflen"))); -+_EC_GROUP_PTR EC_GROUP_new_by_curve_name(int nid); -+void EC_GROUP_free(_EC_GROUP_PTR group); -+ -+// EVP_MAC API -+_EVP_MAC_PTR EVP_MAC_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); -+_EVP_MAC_CTX_PTR EVP_MAC_CTX_new(_EVP_MAC_PTR arg0) __attribute__((tag("3"))); -+int EVP_MAC_CTX_set_params(_EVP_MAC_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); -+void EVP_MAC_CTX_free(_EVP_MAC_CTX_PTR arg0) __attribute__((tag("3"),noescape,nocallback)); -+_EVP_MAC_CTX_PTR EVP_MAC_CTX_dup(const _EVP_MAC_CTX_PTR arg0) __attribute__((tag("3"))); -+int EVP_MAC_init(_EVP_MAC_CTX_PTR ctx, const unsigned char *key, size_t keylen, const _OSSL_PARAM_PTR params) __attribute__((tag("3"),noescape,nocallback,slice("key","keylen"))); -+int EVP_MAC_update(_EVP_MAC_CTX_PTR ctx, const unsigned char *data, size_t datalen) __attribute__((tag("3"),noescape,nocallback,slice("data","datalen"))); -+int EVP_MAC_final(_EVP_MAC_CTX_PTR ctx, unsigned char *out, size_t *outl, size_t outsize) __attribute__((tag("3"),noescape,nocallback,slice("out","outsize"))); -+ -+// OSSL_PARAM API -+void OSSL_PARAM_free(_OSSL_PARAM_PTR p) __attribute__((tag("3"))); -+const _OSSL_PARAM_PTR OSSL_PARAM_locate_const(const _OSSL_PARAM_PTR p, const char *key) __attribute__((tag("3"))); -+_OSSL_PARAM_BLD_PTR OSSL_PARAM_BLD_new(void) __attribute__((tag("3"),noerror)); -+void OSSL_PARAM_BLD_free(_OSSL_PARAM_BLD_PTR bld) __attribute__((tag("3"))); -+_OSSL_PARAM_PTR OSSL_PARAM_BLD_to_param(_OSSL_PARAM_BLD_PTR bld) __attribute__((tag("3"))); -+int OSSL_PARAM_BLD_push_utf8_string(_OSSL_PARAM_BLD_PTR bld, const char *key, const char *buf, size_t bsize) __attribute__((tag("3"),slice("buf","bsize"))); -+int OSSL_PARAM_BLD_push_octet_string(_OSSL_PARAM_BLD_PTR bld, const char *key, const void *buf, size_t bsize) __attribute__((tag("3"),slice("buf","bsize"))); -+int OSSL_PARAM_BLD_push_BN(_OSSL_PARAM_BLD_PTR bld, const char *key, const _BIGNUM_PTR bn) __attribute__((tag("3"))); -+int OSSL_PARAM_BLD_push_int32(_OSSL_PARAM_BLD_PTR bld, const char *key, int32_t num) __attribute__((tag("3"))); -+ -+// EVP_SIGNATURE API -+_EVP_SIGNATURE_PTR EVP_SIGNATURE_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); -+void EVP_SIGNATURE_free(_EVP_SIGNATURE_PTR signature) __attribute__((tag("3"))); -+ -+// DSA API -+_DSA_PTR DSA_new(void) __attribute__((tag("legacy_1"))); -+void DSA_free(_DSA_PTR r) __attribute__((tag("legacy_1"))); -+int DSA_generate_key(_DSA_PTR a) __attribute__((tag("legacy_1"))); -+void DSA_get0_pqg(const _DSA_PTR d, const _BIGNUM_PTR *p, const _BIGNUM_PTR *q, const _BIGNUM_PTR *g) __attribute__((tag("legacy_1"))); -+int DSA_set0_pqg(_DSA_PTR d, _BIGNUM_PTR p, _BIGNUM_PTR q, _BIGNUM_PTR g) __attribute__((tag("legacy_1"))); -+void DSA_get0_key(const _DSA_PTR d, const _BIGNUM_PTR *pub_key, const _BIGNUM_PTR *priv_key) __attribute__((tag("legacy_1"))); -+int DSA_set0_key(_DSA_PTR d, _BIGNUM_PTR pub_key, _BIGNUM_PTR priv_key) __attribute__((tag("legacy_1"))); -+ -+// EVP_KDF API -+_EVP_KDF_PTR EVP_KDF_fetch(_OSSL_LIB_CTX_PTR libctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); -+void EVP_KDF_free(_EVP_KDF_PTR kdf) __attribute__((tag("3"))); -+_EVP_KDF_CTX_PTR EVP_KDF_CTX_new(_EVP_KDF_PTR kdf) __attribute__((tag("3"))); -+int EVP_KDF_CTX_set_params(_EVP_KDF_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); -+void EVP_KDF_CTX_free(_EVP_KDF_CTX_PTR ctx) __attribute__((tag("3"))); -+size_t EVP_KDF_CTX_get_kdf_size(_EVP_KDF_CTX_PTR ctx) __attribute__((tag("3"))); -+int EVP_KDF_derive(_EVP_KDF_CTX_PTR ctx, unsigned char *key, size_t keylen, const _OSSL_PARAM_PTR params) __attribute__((tag("3"),slice("key","keylen"))); -+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, const _EVP_MD_PTR digest, int keylen, unsigned char *out) __attribute__((slice("pass","passlen"),slice("salt","saltlen"),slice("out","keylen"))); -+ -+// OBJ API -+const char *OBJ_nid2sn(int n) __attribute__((noerror)); -+ -+// EVP KEM API for ML-KEM (OpenSSL 3.x) -+_EVP_KEYMGMT_PTR EVP_KEYMGMT_fetch(_OSSL_LIB_CTX_PTR libctx, const char *algorithm, const char *properties) __attribute__((tag("3"),optional)); -+void EVP_KEYMGMT_free(_EVP_KEYMGMT_PTR keymgmt) __attribute__((tag("3"))); -+int EVP_PKEY_encapsulate_init(_EVP_PKEY_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); -+int EVP_PKEY_encapsulate(_EVP_PKEY_CTX_PTR ctx, unsigned char *wrappedkey, size_t *wrappedkeylen, unsigned char *genkey, size_t *genkeylen) __attribute__((tag("3"))); -+int EVP_PKEY_decapsulate_init(_EVP_PKEY_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); -+int EVP_PKEY_decapsulate(_EVP_PKEY_CTX_PTR ctx, unsigned char *genkey, size_t *genkeylen, const unsigned char *wrappedkey, size_t wrappedkeylen) __attribute__((tag("3"))); -+ -+#endif // _GO_OSSL_SHIMS_H -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo.go -new file mode 100644 -index 00000000000000..0e3e6ca7d87db2 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo.go -@@ -0,0 +1,84 @@ -+//go:build !cgo -+ -+package ossl -+ -+import ( -+ "unsafe" -+) -+ -+//go:linkname runtime_cgocall runtime.cgocall -+ -+//go:noescape -+func runtime_cgocall(fn uintptr, arg unsafe.Pointer) int32 // from runtime/sys_libc.go -+ -+//go:linkname noescape -+//go:nosplit -+func noescape(p unsafe.Pointer) unsafe.Pointer { -+ x := uintptr(p) -+ return unsafe.Pointer(x ^ 0) -+} -+ -+type libcCallInfo struct { -+ fn uintptr -+ n uintptr // number of parameters -+ args uintptr // parameters -+ r1, r2 uintptr // return values -+ errType uintptr -+} -+ -+//go:noescape -+func syscallNAsm(libcArgs *libcCallInfo) -+ -+// syscallNSystemStack performs a syscall on the system stack. -+// It can't allocate Go memory nor grow the stack over the nosplit limit. -+// -+//go:nosplit -+func syscallNSystemStack(libcArgs *libcCallInfo) { -+ if libcArgs.errType != 0 { -+ libcArgs.n-- -+ } -+ syscallNAsm(libcArgs) -+ if libcArgs.errType != 0 { -+ _mkcgo_error_check(libcArgs.errType, libcArgs.r1, libcArgs.args, libcArgs.n) -+ } -+} -+ -+var syscallNSystemStack_trampoline byte -+var syscallNSystemStackABIInternal = uintptr(unsafe.Pointer(&syscallNSystemStack_trampoline)) -+ -+// syscallN performs a syscall with the given function and arguments. -+// -+// All its parameters and return values must be uintptr in order -+// for the Go compiler to automatically set the //go:uintptrkeepalive -+// directive (which we can't set manually here). -+// See https://github.com/golang/go/blob/9a5a1202f4c4d5a7048b149b65c3e5b82a2de9aa/src/cmd/compile/internal/escape/call.go#L275. -+// -+//go:nosplit -+func syscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { -+ libcArgs := libcCallInfo{ -+ fn: fn, -+ n: uintptr(len(args)), -+ errType: errType, -+ } -+ if libcArgs.n != 0 { -+ libcArgs.args = uintptr(noescape(unsafe.Pointer(&args[0]))) -+ } -+ runtime_cgocall(syscallNSystemStackABIInternal, unsafe.Pointer(&libcArgs)) -+ return libcArgs.r1, libcArgs.r2 -+} -+ -+// syscallNRaw performs a syscall with the given function and arguments, -+// without any error checking nor switching to the system stack. -+// -+//go:nosplit -+func syscallNRaw(fn uintptr, args ...uintptr) uintptr { -+ libcArgs := libcCallInfo{ -+ fn: fn, -+ n: uintptr(len(args)), -+ } -+ if libcArgs.n != 0 { -+ libcArgs.args = uintptr(noescape(unsafe.Pointer(&args[0]))) -+ } -+ syscallNAsm(&libcArgs) -+ return libcArgs.r1 -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_darwin.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_darwin.go -new file mode 100644 -index 00000000000000..c5115146e74dc5 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_darwin.go -@@ -0,0 +1,5 @@ -+//go:build !cgo -+ -+package ossl -+ -+//go:cgo_import_dynamic _ _ "/usr/lib/libSystem.B.dylib" -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_freebsd.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_freebsd.go -new file mode 100644 -index 00000000000000..c16ed6018f87c1 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_freebsd.go -@@ -0,0 +1,5 @@ -+//go:build !cgo -+ -+package ossl -+ -+//go:cgo_import_dynamic _ _ "libc.so.7" -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_linux.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_linux.go -new file mode 100644 -index 00000000000000..9a5cf6f78a7b5b ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_linux.go -@@ -0,0 +1,5 @@ -+//go:build !cgo -+ -+package ossl -+ -+//go:cgo_import_dynamic _ _ "libdl.so.2" -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_unix.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_unix.go -new file mode 100644 -index 00000000000000..5bdbec31d8f2ce ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_unix.go -@@ -0,0 +1,20 @@ -+//go:build !cgo && unix && (go1.27 || !s390x) -+ -+package ossl -+ -+import ( -+ "unsafe" -+ -+ _ "github.com/golang-fips/openssl/v2/internal/fakecgo" -+) -+ -+func dlsym(handle unsafe.Pointer, symbol string, optional bool) uintptr { -+ r0 := Dlsym(handle, unsafe.StringData(symbol)) -+ if r0 == nil { -+ if !optional { -+ panic("cannot get required symbol " + symbol) -+ } -+ return 0 -+ } -+ return uintptr(r0) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_windows.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_windows.go -new file mode 100644 -index 00000000000000..48640cdcbf558f ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/syscall_nocgo_windows.go -@@ -0,0 +1,22 @@ -+//go:build !cgo && windows -+ -+package ossl -+ -+import ( -+ "syscall" -+ "unsafe" -+) -+ -+var modkernel32 = syscall.NewLazyDLL("kernel32.dll") -+var procGetProcAddress = modkernel32.NewProc("GetProcAddress") -+ -+func dlsym(handle unsafe.Pointer, symbol string, optional bool) uintptr { -+ r0, _, err := syscall.SyscallN(procGetProcAddress.Addr(), uintptr(handle), uintptr(unsafe.Pointer(unsafe.StringData(symbol)))) -+ if err != 0 { -+ if !optional { -+ panic("cannot get required symbol " + symbol + ": " + err.Error()) -+ } -+ return 0 -+ } -+ return r0 -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zdl.s b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zdl.s -new file mode 100644 -index 00000000000000..068a94d4c83ae1 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zdl.s -@@ -0,0 +1,55 @@ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+//go:build !cgo && unix -+ -+#include "textflag.h" -+ -+#ifndef GOARCH_amd64 -+#ifndef GOARCH_arm64 -+#ifndef GOARCH_riscv64 -+#ifndef GOARCH_loong64 -+#ifndef GOARCH_mips64 -+#ifndef GOARCH_mips64le -+#ifndef GOARCH_ppc64 -+#ifndef GOARCH_ppc64le -+#ifndef GOARCH_s390x -+#ifndef GOARCH_sparc64 -+#define _GOPTRSIZE 4 -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+ -+#ifndef _GOPTRSIZE -+#define _GOPTRSIZE 8 -+#endif -+TEXT _mkcgo_dlclose_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_dlclose(SB) -+ -+GLOBL ·_mkcgo_dlclose_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_dlclose_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_dlclose_trampoline<>(SB) -+ -+TEXT _mkcgo_dlerror_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_dlerror(SB) -+ -+GLOBL ·_mkcgo_dlerror_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_dlerror_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_dlerror_trampoline<>(SB) -+ -+TEXT _mkcgo_dlopen_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_dlopen(SB) -+ -+GLOBL ·_mkcgo_dlopen_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_dlopen_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_dlopen_trampoline<>(SB) -+ -+TEXT _mkcgo_dlsym_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_dlsym(SB) -+ -+GLOBL ·_mkcgo_dlsym_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_dlsym_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_dlsym_trampoline<>(SB) -+ -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zdl_nocgo.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zdl_nocgo.go -new file mode 100644 -index 00000000000000..0a087c1514bd8b ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zdl_nocgo.go -@@ -0,0 +1,58 @@ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+//go:build !cgo && unix -+ -+package ossl -+ -+import ( -+ "runtime" -+ "unsafe" -+) -+ -+var _ = runtime.GOOS -+ -+var _mkcgoAlwaysFalseDl bool -+var _mkcgoEscapeSinkDl unsafe.Pointer -+ -+// mkcgoEscapePtrDl forces p to escape to the heap. -+// This implementation is also used in the standard library: -+// https://github.com/golang/go/blob/f71432d223eeb2139b460957817400750fd13655/src/internal/abi/escape.go#L24-L33 -+func mkcgoEscapePtrDl(p unsafe.Pointer) unsafe.Pointer { -+ if _mkcgoAlwaysFalseDl { -+ _mkcgoEscapeSinkDl = p -+ } -+ return p -+} -+ -+//go:cgo_import_dynamic _mkcgo_dlclose dlclose "" -+//go:cgo_import_dynamic _mkcgo_dlerror dlerror "" -+//go:cgo_import_dynamic _mkcgo_dlopen dlopen "" -+//go:cgo_import_dynamic _mkcgo_dlsym dlsym "" -+ -+var _mkcgo_dlclose_trampoline_addr uintptr -+ -+func Dlclose(handle unsafe.Pointer) int32 { -+ r0, _ := syscallN(0, _mkcgo_dlclose_trampoline_addr, uintptr(handle)) -+ return int32(r0) -+} -+ -+var _mkcgo_dlerror_trampoline_addr uintptr -+ -+func Dlerror() *byte { -+ r0, _ := syscallN(0, _mkcgo_dlerror_trampoline_addr) -+ return (*byte)(unsafe.Pointer(r0)) -+} -+ -+var _mkcgo_dlopen_trampoline_addr uintptr -+ -+func Dlopen(path *byte, flags int32) unsafe.Pointer { -+ r0, _ := syscallN(0, _mkcgo_dlopen_trampoline_addr, uintptr(mkcgoEscapePtrDl(unsafe.Pointer(path))), uintptr(flags)) -+ return unsafe.Pointer(r0) -+} -+ -+var _mkcgo_dlsym_trampoline_addr uintptr -+ -+func Dlsym(handle unsafe.Pointer, symbol *byte) unsafe.Pointer { -+ r0, _ := syscallN(0, _mkcgo_dlsym_trampoline_addr, uintptr(handle), uintptr(mkcgoEscapePtrDl(unsafe.Pointer(symbol)))) -+ return unsafe.Pointer(r0) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.c b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.c -new file mode 100644 -index 00000000000000..b4567cb95136b1 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.c -@@ -0,0 +1,2071 @@ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+#include -+#include -+#include -+#include -+#include "zossl.h" -+ -+#ifdef _WIN32 -+#include -+#define dlsym GetProcAddress -+#else -+#include -+#endif -+ -+long (*_g_BIO_ctrl)(_BIO_PTR, int, long, void*); -+int (*_g_BIO_free)(_BIO_PTR); -+_BIO_PTR (*_g_BIO_new)(const _BIO_METHOD_PTR); -+const _BIO_METHOD_PTR (*_g_BIO_s_mem)(void); -+_BIGNUM_PTR (*_g_BN_bin2bn)(const unsigned char*, int, _BIGNUM_PTR); -+int (*_g_BN_bn2binpad)(const _BIGNUM_PTR, unsigned char*, int); -+int (*_g_BN_bn2lebinpad)(const _BIGNUM_PTR, unsigned char*, int); -+void (*_g_BN_clear)(_BIGNUM_PTR); -+void (*_g_BN_clear_free)(_BIGNUM_PTR); -+void (*_g_BN_free)(_BIGNUM_PTR); -+_BIGNUM_PTR (*_g_BN_lebin2bn)(const unsigned char*, int, _BIGNUM_PTR); -+_BIGNUM_PTR (*_g_BN_new)(void); -+int (*_g_BN_num_bits)(const _BIGNUM_PTR); -+void (*_g_CRYPTO_free)(void*, const char*, int); -+void* (*_g_CRYPTO_malloc)(size_t, const char*, int); -+void (*_g_DSA_free)(_DSA_PTR); -+int (*_g_DSA_generate_key)(_DSA_PTR); -+void (*_g_DSA_get0_key)(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+void (*_g_DSA_get0_pqg)(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+_DSA_PTR (*_g_DSA_new)(void); -+int (*_g_DSA_set0_key)(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR); -+int (*_g_DSA_set0_pqg)(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR); -+void (*_g_EC_GROUP_free)(_EC_GROUP_PTR); -+_EC_GROUP_PTR (*_g_EC_GROUP_new_by_curve_name)(int); -+int (*_g_EC_KEY_check_key)(const _EC_KEY_PTR); -+void (*_g_EC_KEY_free)(_EC_KEY_PTR); -+const _EC_GROUP_PTR (*_g_EC_KEY_get0_group)(const _EC_KEY_PTR); -+const _BIGNUM_PTR (*_g_EC_KEY_get0_private_key)(const _EC_KEY_PTR); -+const _EC_POINT_PTR (*_g_EC_KEY_get0_public_key)(const _EC_KEY_PTR); -+_EC_KEY_PTR (*_g_EC_KEY_new_by_curve_name)(int); -+int (*_g_EC_KEY_set_private_key)(_EC_KEY_PTR, const _BIGNUM_PTR); -+int (*_g_EC_KEY_set_public_key)(_EC_KEY_PTR, const _EC_POINT_PTR); -+int (*_g_EC_KEY_set_public_key_affine_coordinates)(_EC_KEY_PTR, _BIGNUM_PTR, _BIGNUM_PTR); -+void (*_g_EC_POINT_free)(_EC_POINT_PTR); -+int (*_g_EC_POINT_get_affine_coordinates_GFp)(const _EC_GROUP_PTR, const _EC_POINT_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BN_CTX_PTR); -+int (*_g_EC_POINT_mul)(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _EC_POINT_PTR, const _BIGNUM_PTR, _BN_CTX_PTR); -+_EC_POINT_PTR (*_g_EC_POINT_new)(const _EC_GROUP_PTR); -+int (*_g_EC_POINT_oct2point)(const _EC_GROUP_PTR, _EC_POINT_PTR, const unsigned char*, size_t, _BN_CTX_PTR); -+size_t (*_g_EC_POINT_point2oct)(const _EC_GROUP_PTR, const _EC_POINT_PTR, point_conversion_form_t, unsigned char*, size_t, _BN_CTX_PTR); -+int (*_g_EC_POINT_set_affine_coordinates)(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _BIGNUM_PTR, _BN_CTX_PTR); -+unsigned long (*_g_ERR_peek_error)(void); -+void (*_g_ERR_print_errors)(_BIO_PTR); -+int (*_g_EVP_CIPHER_CTX_ctrl)(_EVP_CIPHER_CTX_PTR, int, int, void*); -+void (*_g_EVP_CIPHER_CTX_free)(_EVP_CIPHER_CTX_PTR); -+_EVP_CIPHER_CTX_PTR (*_g_EVP_CIPHER_CTX_new)(void); -+int (*_g_EVP_CIPHER_CTX_set_key_length)(_EVP_CIPHER_CTX_PTR, int); -+int (*_g_EVP_CIPHER_CTX_set_padding)(_EVP_CIPHER_CTX_PTR, int); -+_EVP_CIPHER_PTR (*_g_EVP_CIPHER_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); -+const char* (*_g_EVP_CIPHER_get0_name)(const _EVP_CIPHER_PTR); -+int (*_g_EVP_CIPHER_get_block_size)(const _EVP_CIPHER_PTR); -+int (*_g_EVP_CipherInit_ex)(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, int); -+int (*_g_EVP_CipherUpdate)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int); -+int (*_g_EVP_DecryptFinal_ex)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*); -+int (*_g_EVP_DecryptInit_ex)(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*); -+int (*_g_EVP_DecryptUpdate)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int); -+int (*_g_EVP_Digest)(const unsigned char*, size_t, unsigned char*, unsigned int*, const _EVP_MD_PTR, _ENGINE_PTR); -+int (*_g_EVP_DigestFinalXOF)(_EVP_MD_CTX_PTR, unsigned char*, size_t); -+int (*_g_EVP_DigestFinal_ex)(_EVP_MD_CTX_PTR, unsigned char*, unsigned int*); -+int (*_g_EVP_DigestInit)(_EVP_MD_CTX_PTR, const _EVP_MD_PTR); -+int (*_g_EVP_DigestInit_ex)(_EVP_MD_CTX_PTR, const _EVP_MD_PTR, _ENGINE_PTR); -+int (*_g_EVP_DigestSign)(_EVP_MD_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); -+int (*_g_EVP_DigestSignFinal)(_EVP_MD_CTX_PTR, unsigned char*, size_t*); -+int (*_g_EVP_DigestSignInit)(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR); -+int (*_g_EVP_DigestSqueeze)(_EVP_MD_CTX_PTR, unsigned char*, size_t); -+int (*_g_EVP_DigestUpdate)(_EVP_MD_CTX_PTR, const unsigned char*, size_t); -+int (*_g_EVP_DigestVerify)(_EVP_MD_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t); -+int (*_g_EVP_DigestVerifyFinal)(_EVP_MD_CTX_PTR, const unsigned char*, size_t); -+int (*_g_EVP_DigestVerifyInit)(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR); -+int (*_g_EVP_EncryptFinal_ex)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*); -+int (*_g_EVP_EncryptInit_ex)(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*); -+int (*_g_EVP_EncryptUpdate)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int); -+void (*_g_EVP_KDF_CTX_free)(_EVP_KDF_CTX_PTR); -+size_t (*_g_EVP_KDF_CTX_get_kdf_size)(_EVP_KDF_CTX_PTR); -+_EVP_KDF_CTX_PTR (*_g_EVP_KDF_CTX_new)(_EVP_KDF_PTR); -+int (*_g_EVP_KDF_CTX_set_params)(_EVP_KDF_CTX_PTR, const _OSSL_PARAM_PTR); -+int (*_g_EVP_KDF_derive)(_EVP_KDF_CTX_PTR, unsigned char*, size_t, const _OSSL_PARAM_PTR); -+_EVP_KDF_PTR (*_g_EVP_KDF_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); -+void (*_g_EVP_KDF_free)(_EVP_KDF_PTR); -+_EVP_KEYMGMT_PTR (*_g_EVP_KEYMGMT_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); -+void (*_g_EVP_KEYMGMT_free)(_EVP_KEYMGMT_PTR); -+_EVP_MAC_CTX_PTR (*_g_EVP_MAC_CTX_dup)(const _EVP_MAC_CTX_PTR); -+void (*_g_EVP_MAC_CTX_free)(_EVP_MAC_CTX_PTR); -+_EVP_MAC_CTX_PTR (*_g_EVP_MAC_CTX_new)(_EVP_MAC_PTR); -+int (*_g_EVP_MAC_CTX_set_params)(_EVP_MAC_CTX_PTR, const _OSSL_PARAM_PTR); -+_EVP_MAC_PTR (*_g_EVP_MAC_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); -+int (*_g_EVP_MAC_final)(_EVP_MAC_CTX_PTR, unsigned char*, size_t*, size_t); -+int (*_g_EVP_MAC_init)(_EVP_MAC_CTX_PTR, const unsigned char*, size_t, const _OSSL_PARAM_PTR); -+int (*_g_EVP_MAC_update)(_EVP_MAC_CTX_PTR, const unsigned char*, size_t); -+int (*_g_EVP_MD_CTX_copy_ex)(_EVP_MD_CTX_PTR, const _EVP_MD_CTX_PTR); -+int (*_g_EVP_MD_CTX_ctrl)(_EVP_MD_CTX_PTR, int, int, void*); -+void (*_g_EVP_MD_CTX_free)(_EVP_MD_CTX_PTR); -+int (*_g_EVP_MD_CTX_get_params)(_EVP_MD_CTX_PTR, _OSSL_PARAM_PTR); -+const _OSSL_PARAM_PTR (*_g_EVP_MD_CTX_gettable_params)(_EVP_MD_CTX_PTR); -+_EVP_MD_CTX_PTR (*_g_EVP_MD_CTX_new)(void); -+int (*_g_EVP_MD_CTX_set_params)(_EVP_MD_CTX_PTR, const _OSSL_PARAM_PTR); -+const _OSSL_PARAM_PTR (*_g_EVP_MD_CTX_settable_params)(_EVP_MD_CTX_PTR); -+_EVP_MD_PTR (*_g_EVP_MD_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); -+void (*_g_EVP_MD_free)(_EVP_MD_PTR); -+const char* (*_g_EVP_MD_get0_name)(const _EVP_MD_PTR); -+const _OSSL_PROVIDER_PTR (*_g_EVP_MD_get0_provider)(const _EVP_MD_PTR); -+int (*_g_EVP_MD_get_block_size)(const _EVP_MD_PTR); -+int (*_g_EVP_MD_get_size)(const _EVP_MD_PTR); -+int (*_g_EVP_MD_get_type)(const _EVP_MD_PTR); -+int (*_g_EVP_PKEY_CTX_add1_hkdf_info)(_EVP_PKEY_CTX_PTR, const unsigned char*, int); -+int (*_g_EVP_PKEY_CTX_ctrl)(_EVP_PKEY_CTX_PTR, int, int, int, int, void*); -+void (*_g_EVP_PKEY_CTX_free)(_EVP_PKEY_CTX_PTR); -+_EVP_PKEY_CTX_PTR (*_g_EVP_PKEY_CTX_new)(_EVP_PKEY_PTR, _ENGINE_PTR); -+_EVP_PKEY_CTX_PTR (*_g_EVP_PKEY_CTX_new_from_pkey)(_OSSL_LIB_CTX_PTR, _EVP_PKEY_PTR, const char*); -+_EVP_PKEY_CTX_PTR (*_g_EVP_PKEY_CTX_new_id)(int, _ENGINE_PTR); -+int (*_g_EVP_PKEY_CTX_set0_rsa_oaep_label)(_EVP_PKEY_CTX_PTR, unsigned char*, int); -+int (*_g_EVP_PKEY_CTX_set1_hkdf_key)(_EVP_PKEY_CTX_PTR, const unsigned char*, int); -+int (*_g_EVP_PKEY_CTX_set1_hkdf_salt)(_EVP_PKEY_CTX_PTR, const unsigned char*, int); -+int (*_g_EVP_PKEY_CTX_set_hkdf_md)(_EVP_PKEY_CTX_PTR, const _EVP_MD_PTR); -+int (*_g_EVP_PKEY_CTX_set_hkdf_mode)(_EVP_PKEY_CTX_PTR, int); -+int (*_g_EVP_PKEY_CTX_set_params)(_EVP_PKEY_CTX_PTR, const _OSSL_PARAM_PTR); -+_EVP_PKEY_PTR (*_g_EVP_PKEY_Q_keygen)(_OSSL_LIB_CTX_PTR, const char*, const char*, ...); -+int (*_g_EVP_PKEY_assign)(_EVP_PKEY_PTR, int, void*); -+int (*_g_EVP_PKEY_decapsulate)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); -+int (*_g_EVP_PKEY_decapsulate_init)(_EVP_PKEY_CTX_PTR, const _OSSL_PARAM_PTR); -+int (*_g_EVP_PKEY_decrypt)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); -+int (*_g_EVP_PKEY_decrypt_init)(_EVP_PKEY_CTX_PTR); -+int (*_g_EVP_PKEY_derive)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*); -+int (*_g_EVP_PKEY_derive_init)(_EVP_PKEY_CTX_PTR); -+int (*_g_EVP_PKEY_derive_set_peer)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR); -+int (*_g_EVP_PKEY_encapsulate)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, unsigned char*, size_t*); -+int (*_g_EVP_PKEY_encapsulate_init)(_EVP_PKEY_CTX_PTR, const _OSSL_PARAM_PTR); -+int (*_g_EVP_PKEY_encrypt)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); -+int (*_g_EVP_PKEY_encrypt_init)(_EVP_PKEY_CTX_PTR); -+void (*_g_EVP_PKEY_free)(_EVP_PKEY_PTR); -+int (*_g_EVP_PKEY_fromdata)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, int, _OSSL_PARAM_PTR); -+int (*_g_EVP_PKEY_fromdata_init)(_EVP_PKEY_CTX_PTR); -+_DSA_PTR (*_g_EVP_PKEY_get0_DSA)(_EVP_PKEY_PTR); -+_EC_KEY_PTR (*_g_EVP_PKEY_get0_EC_KEY)(_EVP_PKEY_PTR); -+_RSA_PTR (*_g_EVP_PKEY_get1_RSA)(_EVP_PKEY_PTR); -+size_t (*_g_EVP_PKEY_get1_encoded_public_key)(_EVP_PKEY_PTR, unsigned char**); -+int (*_g_EVP_PKEY_get_bits)(const _EVP_PKEY_PTR); -+int (*_g_EVP_PKEY_get_bn_param)(const _EVP_PKEY_PTR, const char*, _BIGNUM_PTR*); -+int (*_g_EVP_PKEY_get_octet_string_param)(const _EVP_PKEY_PTR, const char*, unsigned char*, size_t, size_t*); -+int (*_g_EVP_PKEY_get_raw_private_key)(const _EVP_PKEY_PTR, unsigned char*, size_t*); -+int (*_g_EVP_PKEY_get_raw_public_key)(const _EVP_PKEY_PTR, unsigned char*, size_t*); -+int (*_g_EVP_PKEY_get_size)(const _EVP_PKEY_PTR); -+int (*_g_EVP_PKEY_keygen)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*); -+int (*_g_EVP_PKEY_keygen_init)(_EVP_PKEY_CTX_PTR); -+_EVP_PKEY_PTR (*_g_EVP_PKEY_new)(void); -+_EVP_PKEY_PTR (*_g_EVP_PKEY_new_raw_private_key)(int, _ENGINE_PTR, const unsigned char*, size_t); -+_EVP_PKEY_PTR (*_g_EVP_PKEY_new_raw_public_key)(int, _ENGINE_PTR, const unsigned char*, size_t); -+int (*_g_EVP_PKEY_paramgen)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*); -+int (*_g_EVP_PKEY_paramgen_init)(_EVP_PKEY_CTX_PTR); -+int (*_g_EVP_PKEY_private_check)(_EVP_PKEY_CTX_PTR); -+int (*_g_EVP_PKEY_public_check_quick)(_EVP_PKEY_CTX_PTR); -+int (*_g_EVP_PKEY_set1_EC_KEY)(_EVP_PKEY_PTR, _EC_KEY_PTR); -+int (*_g_EVP_PKEY_set1_encoded_public_key)(_EVP_PKEY_PTR, const unsigned char*, size_t); -+int (*_g_EVP_PKEY_sign)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); -+int (*_g_EVP_PKEY_sign_init)(_EVP_PKEY_CTX_PTR); -+int (*_g_EVP_PKEY_up_ref)(_EVP_PKEY_PTR); -+int (*_g_EVP_PKEY_verify)(_EVP_PKEY_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t); -+int (*_g_EVP_PKEY_verify_init)(_EVP_PKEY_CTX_PTR); -+_EVP_SIGNATURE_PTR (*_g_EVP_SIGNATURE_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); -+void (*_g_EVP_SIGNATURE_free)(_EVP_SIGNATURE_PTR); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_128_cbc)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_128_ctr)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_128_ecb)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_128_gcm)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_192_cbc)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_192_ctr)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_192_ecb)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_192_gcm)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_256_cbc)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_256_ctr)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_256_ecb)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_aes_256_gcm)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_chacha20_poly1305)(void); -+int (*_g_EVP_default_properties_enable_fips)(_OSSL_LIB_CTX_PTR, int); -+int (*_g_EVP_default_properties_is_fips_enabled)(_OSSL_LIB_CTX_PTR); -+const _EVP_CIPHER_PTR (*_g_EVP_des_cbc)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_des_ecb)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_des_ede3_cbc)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_des_ede3_ecb)(void); -+const _EVP_MD_PTR (*_g_EVP_md4)(void); -+const _EVP_MD_PTR (*_g_EVP_md5)(void); -+const _EVP_MD_PTR (*_g_EVP_md5_sha1)(void); -+const _EVP_CIPHER_PTR (*_g_EVP_rc4)(void); -+const _EVP_MD_PTR (*_g_EVP_ripemd160)(void); -+const _EVP_MD_PTR (*_g_EVP_sha1)(void); -+const _EVP_MD_PTR (*_g_EVP_sha224)(void); -+const _EVP_MD_PTR (*_g_EVP_sha256)(void); -+const _EVP_MD_PTR (*_g_EVP_sha384)(void); -+const _EVP_MD_PTR (*_g_EVP_sha3_224)(void); -+const _EVP_MD_PTR (*_g_EVP_sha3_256)(void); -+const _EVP_MD_PTR (*_g_EVP_sha3_384)(void); -+const _EVP_MD_PTR (*_g_EVP_sha3_512)(void); -+const _EVP_MD_PTR (*_g_EVP_sha512)(void); -+const _EVP_MD_PTR (*_g_EVP_sha512_224)(void); -+const _EVP_MD_PTR (*_g_EVP_sha512_256)(void); -+int (*_g_FIPS_mode)(void); -+int (*_g_FIPS_mode_set)(int); -+int (*_g_HMAC_CTX_copy)(_HMAC_CTX_PTR, _HMAC_CTX_PTR); -+void (*_g_HMAC_CTX_free)(_HMAC_CTX_PTR); -+_HMAC_CTX_PTR (*_g_HMAC_CTX_new)(void); -+int (*_g_HMAC_Final)(_HMAC_CTX_PTR, unsigned char*, unsigned int*); -+int (*_g_HMAC_Init_ex)(_HMAC_CTX_PTR, const unsigned char*, int, const _EVP_MD_PTR, _ENGINE_PTR); -+int (*_g_HMAC_Update)(_HMAC_CTX_PTR, const unsigned char*, size_t); -+const char* (*_g_OBJ_nid2sn)(int); -+void (*_g_OPENSSL_init)(void); -+int (*_g_OPENSSL_init_crypto)(uint64_t, const _OPENSSL_INIT_SETTINGS_PTR); -+unsigned int (*_g_OPENSSL_version_major)(void); -+unsigned int (*_g_OPENSSL_version_minor)(void); -+unsigned int (*_g_OPENSSL_version_patch)(void); -+void (*_g_OSSL_PARAM_BLD_free)(_OSSL_PARAM_BLD_PTR); -+_OSSL_PARAM_BLD_PTR (*_g_OSSL_PARAM_BLD_new)(void); -+int (*_g_OSSL_PARAM_BLD_push_BN)(_OSSL_PARAM_BLD_PTR, const char*, const _BIGNUM_PTR); -+int (*_g_OSSL_PARAM_BLD_push_int32)(_OSSL_PARAM_BLD_PTR, const char*, int32_t); -+int (*_g_OSSL_PARAM_BLD_push_octet_string)(_OSSL_PARAM_BLD_PTR, const char*, const unsigned char*, size_t); -+int (*_g_OSSL_PARAM_BLD_push_utf8_string)(_OSSL_PARAM_BLD_PTR, const char*, const char*, size_t); -+_OSSL_PARAM_PTR (*_g_OSSL_PARAM_BLD_to_param)(_OSSL_PARAM_BLD_PTR); -+void (*_g_OSSL_PARAM_free)(_OSSL_PARAM_PTR); -+const _OSSL_PARAM_PTR (*_g_OSSL_PARAM_locate_const)(const _OSSL_PARAM_PTR, const char*); -+int (*_g_OSSL_PROVIDER_available)(_OSSL_LIB_CTX_PTR, const char*); -+const char* (*_g_OSSL_PROVIDER_get0_name)(const _OSSL_PROVIDER_PTR); -+_OSSL_PROVIDER_PTR (*_g_OSSL_PROVIDER_try_load)(_OSSL_LIB_CTX_PTR, const char*, int); -+const char* (*_g_OpenSSL_version)(int); -+unsigned long (*_g_OpenSSL_version_num)(void); -+int (*_g_PKCS5_PBKDF2_HMAC)(const char*, int, const unsigned char*, int, int, const _EVP_MD_PTR, int, unsigned char*); -+int (*_g_RAND_bytes)(unsigned char*, int); -+void (*_g_RSA_free)(_RSA_PTR); -+void (*_g_RSA_get0_crt_params)(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+void (*_g_RSA_get0_factors)(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+void (*_g_RSA_get0_key)(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+_RSA_PTR (*_g_RSA_new)(void); -+int (*_g_RSA_set0_crt_params)(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR); -+int (*_g_RSA_set0_factors)(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR); -+int (*_g_RSA_set0_key)(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR); -+ -+#define __mkcgo__dlsym_nocheck(varname, funcname) _g_##varname = (typeof(_g_##varname))dlsym(handle, #funcname); -+ -+#define __mkcgo__dlsym(name) __mkcgo__dlsym2(name, name) -+ -+#define __mkcgo__dlsym2(varname, funcname) \ -+ __mkcgo__dlsym_nocheck(varname, funcname) \ -+ if (_g_##varname == NULL) { \ -+ fprintf(stderr, "Cannot get required symbol " #funcname "\n"); \ -+ abort(); \ -+ } -+ -+void __mkcgo_load_(void* handle) { -+ __mkcgo__dlsym(BIO_ctrl) -+ __mkcgo__dlsym(BIO_free) -+ __mkcgo__dlsym(BIO_new) -+ __mkcgo__dlsym(BIO_s_mem) -+ __mkcgo__dlsym(BN_bin2bn) -+ __mkcgo__dlsym(BN_bn2binpad) -+ __mkcgo__dlsym(BN_bn2lebinpad) -+ __mkcgo__dlsym(BN_clear) -+ __mkcgo__dlsym(BN_clear_free) -+ __mkcgo__dlsym(BN_free) -+ __mkcgo__dlsym(BN_lebin2bn) -+ __mkcgo__dlsym(BN_new) -+ __mkcgo__dlsym(BN_num_bits) -+ __mkcgo__dlsym(CRYPTO_free) -+ __mkcgo__dlsym(CRYPTO_malloc) -+ __mkcgo__dlsym(EC_GROUP_free) -+ __mkcgo__dlsym(EC_GROUP_new_by_curve_name) -+ __mkcgo__dlsym(EC_POINT_free) -+ __mkcgo__dlsym(EC_POINT_mul) -+ __mkcgo__dlsym(EC_POINT_new) -+ __mkcgo__dlsym(EC_POINT_oct2point) -+ __mkcgo__dlsym(EC_POINT_point2oct) -+ __mkcgo__dlsym(ERR_peek_error) -+ __mkcgo__dlsym(ERR_print_errors) -+ __mkcgo__dlsym(EVP_CIPHER_CTX_ctrl) -+ __mkcgo__dlsym(EVP_CIPHER_CTX_free) -+ __mkcgo__dlsym(EVP_CIPHER_CTX_new) -+ __mkcgo__dlsym(EVP_CIPHER_CTX_set_key_length) -+ __mkcgo__dlsym(EVP_CIPHER_CTX_set_padding) -+ __mkcgo__dlsym(EVP_CipherInit_ex) -+ __mkcgo__dlsym(EVP_CipherUpdate) -+ __mkcgo__dlsym(EVP_DecryptFinal_ex) -+ __mkcgo__dlsym(EVP_DecryptInit_ex) -+ __mkcgo__dlsym(EVP_DecryptUpdate) -+ __mkcgo__dlsym(EVP_Digest) -+ __mkcgo__dlsym(EVP_DigestFinal_ex) -+ __mkcgo__dlsym(EVP_DigestInit) -+ __mkcgo__dlsym(EVP_DigestInit_ex) -+ __mkcgo__dlsym(EVP_DigestSign) -+ __mkcgo__dlsym(EVP_DigestSignFinal) -+ __mkcgo__dlsym(EVP_DigestSignInit) -+ __mkcgo__dlsym(EVP_DigestUpdate) -+ __mkcgo__dlsym(EVP_DigestVerify) -+ __mkcgo__dlsym(EVP_DigestVerifyFinal) -+ __mkcgo__dlsym(EVP_DigestVerifyInit) -+ __mkcgo__dlsym(EVP_EncryptFinal_ex) -+ __mkcgo__dlsym(EVP_EncryptInit_ex) -+ __mkcgo__dlsym(EVP_EncryptUpdate) -+ __mkcgo__dlsym(EVP_MD_CTX_copy_ex) -+ __mkcgo__dlsym(EVP_MD_CTX_ctrl) -+ __mkcgo__dlsym(EVP_MD_CTX_free) -+ __mkcgo__dlsym(EVP_MD_CTX_new) -+ __mkcgo__dlsym(EVP_PKEY_CTX_ctrl) -+ __mkcgo__dlsym(EVP_PKEY_CTX_free) -+ __mkcgo__dlsym(EVP_PKEY_CTX_new) -+ __mkcgo__dlsym(EVP_PKEY_CTX_new_id) -+ __mkcgo__dlsym(EVP_PKEY_decrypt) -+ __mkcgo__dlsym(EVP_PKEY_decrypt_init) -+ __mkcgo__dlsym(EVP_PKEY_derive) -+ __mkcgo__dlsym(EVP_PKEY_derive_init) -+ __mkcgo__dlsym(EVP_PKEY_derive_set_peer) -+ __mkcgo__dlsym(EVP_PKEY_encrypt) -+ __mkcgo__dlsym(EVP_PKEY_encrypt_init) -+ __mkcgo__dlsym(EVP_PKEY_free) -+ __mkcgo__dlsym(EVP_PKEY_get_raw_private_key) -+ __mkcgo__dlsym(EVP_PKEY_get_raw_public_key) -+ __mkcgo__dlsym(EVP_PKEY_keygen) -+ __mkcgo__dlsym(EVP_PKEY_keygen_init) -+ __mkcgo__dlsym(EVP_PKEY_new) -+ __mkcgo__dlsym(EVP_PKEY_new_raw_private_key) -+ __mkcgo__dlsym(EVP_PKEY_new_raw_public_key) -+ __mkcgo__dlsym(EVP_PKEY_paramgen) -+ __mkcgo__dlsym(EVP_PKEY_paramgen_init) -+ __mkcgo__dlsym(EVP_PKEY_sign) -+ __mkcgo__dlsym(EVP_PKEY_sign_init) -+ __mkcgo__dlsym(EVP_PKEY_up_ref) -+ __mkcgo__dlsym(EVP_PKEY_verify) -+ __mkcgo__dlsym(EVP_PKEY_verify_init) -+ __mkcgo__dlsym(EVP_aes_128_cbc) -+ __mkcgo__dlsym(EVP_aes_128_ctr) -+ __mkcgo__dlsym(EVP_aes_128_ecb) -+ __mkcgo__dlsym(EVP_aes_128_gcm) -+ __mkcgo__dlsym(EVP_aes_192_cbc) -+ __mkcgo__dlsym(EVP_aes_192_ctr) -+ __mkcgo__dlsym(EVP_aes_192_ecb) -+ __mkcgo__dlsym(EVP_aes_192_gcm) -+ __mkcgo__dlsym(EVP_aes_256_cbc) -+ __mkcgo__dlsym(EVP_aes_256_ctr) -+ __mkcgo__dlsym(EVP_aes_256_ecb) -+ __mkcgo__dlsym(EVP_aes_256_gcm) -+ __mkcgo__dlsym_nocheck(EVP_chacha20_poly1305, EVP_chacha20_poly1305) -+ __mkcgo__dlsym(EVP_des_cbc) -+ __mkcgo__dlsym(EVP_des_ecb) -+ __mkcgo__dlsym(EVP_des_ede3_cbc) -+ __mkcgo__dlsym(EVP_des_ede3_ecb) -+ __mkcgo__dlsym(EVP_md4) -+ __mkcgo__dlsym(EVP_md5) -+ __mkcgo__dlsym(EVP_md5_sha1) -+ __mkcgo__dlsym(EVP_rc4) -+ __mkcgo__dlsym(EVP_ripemd160) -+ __mkcgo__dlsym(EVP_sha1) -+ __mkcgo__dlsym(EVP_sha224) -+ __mkcgo__dlsym(EVP_sha256) -+ __mkcgo__dlsym(EVP_sha384) -+ __mkcgo__dlsym(EVP_sha3_224) -+ __mkcgo__dlsym(EVP_sha3_256) -+ __mkcgo__dlsym(EVP_sha3_384) -+ __mkcgo__dlsym(EVP_sha3_512) -+ __mkcgo__dlsym(EVP_sha512) -+ __mkcgo__dlsym(EVP_sha512_224) -+ __mkcgo__dlsym(EVP_sha512_256) -+ __mkcgo__dlsym(OBJ_nid2sn) -+ __mkcgo__dlsym(OPENSSL_init) -+ __mkcgo__dlsym(OPENSSL_init_crypto) -+ __mkcgo__dlsym(OpenSSL_version) -+ __mkcgo__dlsym(PKCS5_PBKDF2_HMAC) -+ __mkcgo__dlsym(RAND_bytes) -+} -+ -+void __mkcgo_unload_() { -+ _g_BIO_ctrl = NULL; -+ _g_BIO_free = NULL; -+ _g_BIO_new = NULL; -+ _g_BIO_s_mem = NULL; -+ _g_BN_bin2bn = NULL; -+ _g_BN_bn2binpad = NULL; -+ _g_BN_bn2lebinpad = NULL; -+ _g_BN_clear = NULL; -+ _g_BN_clear_free = NULL; -+ _g_BN_free = NULL; -+ _g_BN_lebin2bn = NULL; -+ _g_BN_new = NULL; -+ _g_BN_num_bits = NULL; -+ _g_CRYPTO_free = NULL; -+ _g_CRYPTO_malloc = NULL; -+ _g_EC_GROUP_free = NULL; -+ _g_EC_GROUP_new_by_curve_name = NULL; -+ _g_EC_POINT_free = NULL; -+ _g_EC_POINT_mul = NULL; -+ _g_EC_POINT_new = NULL; -+ _g_EC_POINT_oct2point = NULL; -+ _g_EC_POINT_point2oct = NULL; -+ _g_ERR_peek_error = NULL; -+ _g_ERR_print_errors = NULL; -+ _g_EVP_CIPHER_CTX_ctrl = NULL; -+ _g_EVP_CIPHER_CTX_free = NULL; -+ _g_EVP_CIPHER_CTX_new = NULL; -+ _g_EVP_CIPHER_CTX_set_key_length = NULL; -+ _g_EVP_CIPHER_CTX_set_padding = NULL; -+ _g_EVP_CipherInit_ex = NULL; -+ _g_EVP_CipherUpdate = NULL; -+ _g_EVP_DecryptFinal_ex = NULL; -+ _g_EVP_DecryptInit_ex = NULL; -+ _g_EVP_DecryptUpdate = NULL; -+ _g_EVP_Digest = NULL; -+ _g_EVP_DigestFinal_ex = NULL; -+ _g_EVP_DigestInit = NULL; -+ _g_EVP_DigestInit_ex = NULL; -+ _g_EVP_DigestSign = NULL; -+ _g_EVP_DigestSignFinal = NULL; -+ _g_EVP_DigestSignInit = NULL; -+ _g_EVP_DigestUpdate = NULL; -+ _g_EVP_DigestVerify = NULL; -+ _g_EVP_DigestVerifyFinal = NULL; -+ _g_EVP_DigestVerifyInit = NULL; -+ _g_EVP_EncryptFinal_ex = NULL; -+ _g_EVP_EncryptInit_ex = NULL; -+ _g_EVP_EncryptUpdate = NULL; -+ _g_EVP_MD_CTX_copy_ex = NULL; -+ _g_EVP_MD_CTX_ctrl = NULL; -+ _g_EVP_MD_CTX_free = NULL; -+ _g_EVP_MD_CTX_new = NULL; -+ _g_EVP_PKEY_CTX_ctrl = NULL; -+ _g_EVP_PKEY_CTX_free = NULL; -+ _g_EVP_PKEY_CTX_new = NULL; -+ _g_EVP_PKEY_CTX_new_id = NULL; -+ _g_EVP_PKEY_decrypt = NULL; -+ _g_EVP_PKEY_decrypt_init = NULL; -+ _g_EVP_PKEY_derive = NULL; -+ _g_EVP_PKEY_derive_init = NULL; -+ _g_EVP_PKEY_derive_set_peer = NULL; -+ _g_EVP_PKEY_encrypt = NULL; -+ _g_EVP_PKEY_encrypt_init = NULL; -+ _g_EVP_PKEY_free = NULL; -+ _g_EVP_PKEY_get_raw_private_key = NULL; -+ _g_EVP_PKEY_get_raw_public_key = NULL; -+ _g_EVP_PKEY_keygen = NULL; -+ _g_EVP_PKEY_keygen_init = NULL; -+ _g_EVP_PKEY_new = NULL; -+ _g_EVP_PKEY_new_raw_private_key = NULL; -+ _g_EVP_PKEY_new_raw_public_key = NULL; -+ _g_EVP_PKEY_paramgen = NULL; -+ _g_EVP_PKEY_paramgen_init = NULL; -+ _g_EVP_PKEY_sign = NULL; -+ _g_EVP_PKEY_sign_init = NULL; -+ _g_EVP_PKEY_up_ref = NULL; -+ _g_EVP_PKEY_verify = NULL; -+ _g_EVP_PKEY_verify_init = NULL; -+ _g_EVP_aes_128_cbc = NULL; -+ _g_EVP_aes_128_ctr = NULL; -+ _g_EVP_aes_128_ecb = NULL; -+ _g_EVP_aes_128_gcm = NULL; -+ _g_EVP_aes_192_cbc = NULL; -+ _g_EVP_aes_192_ctr = NULL; -+ _g_EVP_aes_192_ecb = NULL; -+ _g_EVP_aes_192_gcm = NULL; -+ _g_EVP_aes_256_cbc = NULL; -+ _g_EVP_aes_256_ctr = NULL; -+ _g_EVP_aes_256_ecb = NULL; -+ _g_EVP_aes_256_gcm = NULL; -+ _g_EVP_chacha20_poly1305 = NULL; -+ _g_EVP_des_cbc = NULL; -+ _g_EVP_des_ecb = NULL; -+ _g_EVP_des_ede3_cbc = NULL; -+ _g_EVP_des_ede3_ecb = NULL; -+ _g_EVP_md4 = NULL; -+ _g_EVP_md5 = NULL; -+ _g_EVP_md5_sha1 = NULL; -+ _g_EVP_rc4 = NULL; -+ _g_EVP_ripemd160 = NULL; -+ _g_EVP_sha1 = NULL; -+ _g_EVP_sha224 = NULL; -+ _g_EVP_sha256 = NULL; -+ _g_EVP_sha384 = NULL; -+ _g_EVP_sha3_224 = NULL; -+ _g_EVP_sha3_256 = NULL; -+ _g_EVP_sha3_384 = NULL; -+ _g_EVP_sha3_512 = NULL; -+ _g_EVP_sha512 = NULL; -+ _g_EVP_sha512_224 = NULL; -+ _g_EVP_sha512_256 = NULL; -+ _g_OBJ_nid2sn = NULL; -+ _g_OPENSSL_init = NULL; -+ _g_OPENSSL_init_crypto = NULL; -+ _g_OpenSSL_version = NULL; -+ _g_PKCS5_PBKDF2_HMAC = NULL; -+ _g_RAND_bytes = NULL; -+} -+ -+void __mkcgo_load_3(void* handle) { -+ __mkcgo__dlsym(EC_POINT_set_affine_coordinates) -+ __mkcgo__dlsym(EVP_CIPHER_fetch) -+ __mkcgo__dlsym(EVP_CIPHER_get0_name) -+ __mkcgo__dlsym(EVP_CIPHER_get_block_size) -+ __mkcgo__dlsym(EVP_KDF_CTX_free) -+ __mkcgo__dlsym(EVP_KDF_CTX_get_kdf_size) -+ __mkcgo__dlsym(EVP_KDF_CTX_new) -+ __mkcgo__dlsym(EVP_KDF_CTX_set_params) -+ __mkcgo__dlsym(EVP_KDF_derive) -+ __mkcgo__dlsym(EVP_KDF_fetch) -+ __mkcgo__dlsym(EVP_KDF_free) -+ __mkcgo__dlsym_nocheck(EVP_KEYMGMT_fetch, EVP_KEYMGMT_fetch) -+ __mkcgo__dlsym(EVP_KEYMGMT_free) -+ __mkcgo__dlsym(EVP_MAC_CTX_dup) -+ __mkcgo__dlsym(EVP_MAC_CTX_free) -+ __mkcgo__dlsym(EVP_MAC_CTX_new) -+ __mkcgo__dlsym(EVP_MAC_CTX_set_params) -+ __mkcgo__dlsym(EVP_MAC_fetch) -+ __mkcgo__dlsym(EVP_MAC_final) -+ __mkcgo__dlsym(EVP_MAC_init) -+ __mkcgo__dlsym(EVP_MAC_update) -+ __mkcgo__dlsym(EVP_MD_CTX_get_params) -+ __mkcgo__dlsym(EVP_MD_CTX_gettable_params) -+ __mkcgo__dlsym(EVP_MD_CTX_set_params) -+ __mkcgo__dlsym(EVP_MD_CTX_settable_params) -+ __mkcgo__dlsym(EVP_MD_fetch) -+ __mkcgo__dlsym(EVP_MD_free) -+ __mkcgo__dlsym(EVP_MD_get0_name) -+ __mkcgo__dlsym(EVP_MD_get0_provider) -+ __mkcgo__dlsym(EVP_MD_get_block_size) -+ __mkcgo__dlsym(EVP_MD_get_size) -+ __mkcgo__dlsym(EVP_MD_get_type) -+ __mkcgo__dlsym(EVP_PKEY_CTX_add1_hkdf_info) -+ __mkcgo__dlsym(EVP_PKEY_CTX_new_from_pkey) -+ __mkcgo__dlsym(EVP_PKEY_CTX_set0_rsa_oaep_label) -+ __mkcgo__dlsym(EVP_PKEY_CTX_set1_hkdf_key) -+ __mkcgo__dlsym(EVP_PKEY_CTX_set1_hkdf_salt) -+ __mkcgo__dlsym(EVP_PKEY_CTX_set_hkdf_md) -+ __mkcgo__dlsym(EVP_PKEY_CTX_set_hkdf_mode) -+ __mkcgo__dlsym(EVP_PKEY_CTX_set_params) -+ __mkcgo__dlsym(EVP_PKEY_Q_keygen) -+ __mkcgo__dlsym(EVP_PKEY_decapsulate) -+ __mkcgo__dlsym(EVP_PKEY_decapsulate_init) -+ __mkcgo__dlsym(EVP_PKEY_encapsulate) -+ __mkcgo__dlsym(EVP_PKEY_encapsulate_init) -+ __mkcgo__dlsym(EVP_PKEY_fromdata) -+ __mkcgo__dlsym(EVP_PKEY_fromdata_init) -+ __mkcgo__dlsym(EVP_PKEY_get1_encoded_public_key) -+ __mkcgo__dlsym(EVP_PKEY_get_bits) -+ __mkcgo__dlsym(EVP_PKEY_get_bn_param) -+ __mkcgo__dlsym(EVP_PKEY_get_octet_string_param) -+ __mkcgo__dlsym(EVP_PKEY_get_size) -+ __mkcgo__dlsym(EVP_PKEY_private_check) -+ __mkcgo__dlsym(EVP_PKEY_public_check_quick) -+ __mkcgo__dlsym(EVP_PKEY_set1_encoded_public_key) -+ __mkcgo__dlsym(EVP_SIGNATURE_fetch) -+ __mkcgo__dlsym(EVP_SIGNATURE_free) -+ __mkcgo__dlsym(EVP_default_properties_enable_fips) -+ __mkcgo__dlsym(EVP_default_properties_is_fips_enabled) -+ __mkcgo__dlsym(OSSL_PARAM_BLD_free) -+ __mkcgo__dlsym(OSSL_PARAM_BLD_new) -+ __mkcgo__dlsym(OSSL_PARAM_BLD_push_BN) -+ __mkcgo__dlsym(OSSL_PARAM_BLD_push_int32) -+ __mkcgo__dlsym(OSSL_PARAM_BLD_push_octet_string) -+ __mkcgo__dlsym(OSSL_PARAM_BLD_push_utf8_string) -+ __mkcgo__dlsym(OSSL_PARAM_BLD_to_param) -+ __mkcgo__dlsym(OSSL_PARAM_free) -+ __mkcgo__dlsym(OSSL_PARAM_locate_const) -+ __mkcgo__dlsym(OSSL_PROVIDER_available) -+ __mkcgo__dlsym(OSSL_PROVIDER_get0_name) -+ __mkcgo__dlsym(OSSL_PROVIDER_try_load) -+} -+ -+void __mkcgo_unload_3() { -+ _g_EC_POINT_set_affine_coordinates = NULL; -+ _g_EVP_CIPHER_fetch = NULL; -+ _g_EVP_CIPHER_get0_name = NULL; -+ _g_EVP_CIPHER_get_block_size = NULL; -+ _g_EVP_KDF_CTX_free = NULL; -+ _g_EVP_KDF_CTX_get_kdf_size = NULL; -+ _g_EVP_KDF_CTX_new = NULL; -+ _g_EVP_KDF_CTX_set_params = NULL; -+ _g_EVP_KDF_derive = NULL; -+ _g_EVP_KDF_fetch = NULL; -+ _g_EVP_KDF_free = NULL; -+ _g_EVP_KEYMGMT_fetch = NULL; -+ _g_EVP_KEYMGMT_free = NULL; -+ _g_EVP_MAC_CTX_dup = NULL; -+ _g_EVP_MAC_CTX_free = NULL; -+ _g_EVP_MAC_CTX_new = NULL; -+ _g_EVP_MAC_CTX_set_params = NULL; -+ _g_EVP_MAC_fetch = NULL; -+ _g_EVP_MAC_final = NULL; -+ _g_EVP_MAC_init = NULL; -+ _g_EVP_MAC_update = NULL; -+ _g_EVP_MD_CTX_get_params = NULL; -+ _g_EVP_MD_CTX_gettable_params = NULL; -+ _g_EVP_MD_CTX_set_params = NULL; -+ _g_EVP_MD_CTX_settable_params = NULL; -+ _g_EVP_MD_fetch = NULL; -+ _g_EVP_MD_free = NULL; -+ _g_EVP_MD_get0_name = NULL; -+ _g_EVP_MD_get0_provider = NULL; -+ _g_EVP_MD_get_block_size = NULL; -+ _g_EVP_MD_get_size = NULL; -+ _g_EVP_MD_get_type = NULL; -+ _g_EVP_PKEY_CTX_add1_hkdf_info = NULL; -+ _g_EVP_PKEY_CTX_new_from_pkey = NULL; -+ _g_EVP_PKEY_CTX_set0_rsa_oaep_label = NULL; -+ _g_EVP_PKEY_CTX_set1_hkdf_key = NULL; -+ _g_EVP_PKEY_CTX_set1_hkdf_salt = NULL; -+ _g_EVP_PKEY_CTX_set_hkdf_md = NULL; -+ _g_EVP_PKEY_CTX_set_hkdf_mode = NULL; -+ _g_EVP_PKEY_CTX_set_params = NULL; -+ _g_EVP_PKEY_Q_keygen = NULL; -+ _g_EVP_PKEY_decapsulate = NULL; -+ _g_EVP_PKEY_decapsulate_init = NULL; -+ _g_EVP_PKEY_encapsulate = NULL; -+ _g_EVP_PKEY_encapsulate_init = NULL; -+ _g_EVP_PKEY_fromdata = NULL; -+ _g_EVP_PKEY_fromdata_init = NULL; -+ _g_EVP_PKEY_get1_encoded_public_key = NULL; -+ _g_EVP_PKEY_get_bits = NULL; -+ _g_EVP_PKEY_get_bn_param = NULL; -+ _g_EVP_PKEY_get_octet_string_param = NULL; -+ _g_EVP_PKEY_get_size = NULL; -+ _g_EVP_PKEY_private_check = NULL; -+ _g_EVP_PKEY_public_check_quick = NULL; -+ _g_EVP_PKEY_set1_encoded_public_key = NULL; -+ _g_EVP_SIGNATURE_fetch = NULL; -+ _g_EVP_SIGNATURE_free = NULL; -+ _g_EVP_default_properties_enable_fips = NULL; -+ _g_EVP_default_properties_is_fips_enabled = NULL; -+ _g_OSSL_PARAM_BLD_free = NULL; -+ _g_OSSL_PARAM_BLD_new = NULL; -+ _g_OSSL_PARAM_BLD_push_BN = NULL; -+ _g_OSSL_PARAM_BLD_push_int32 = NULL; -+ _g_OSSL_PARAM_BLD_push_octet_string = NULL; -+ _g_OSSL_PARAM_BLD_push_utf8_string = NULL; -+ _g_OSSL_PARAM_BLD_to_param = NULL; -+ _g_OSSL_PARAM_free = NULL; -+ _g_OSSL_PARAM_locate_const = NULL; -+ _g_OSSL_PROVIDER_available = NULL; -+ _g_OSSL_PROVIDER_get0_name = NULL; -+ _g_OSSL_PROVIDER_try_load = NULL; -+} -+ -+void __mkcgo_load_33(void* handle) { -+ __mkcgo__dlsym(EVP_DigestFinalXOF) -+ __mkcgo__dlsym_nocheck(EVP_DigestSqueeze, EVP_DigestSqueeze) -+} -+ -+void __mkcgo_unload_33() { -+ _g_EVP_DigestFinalXOF = NULL; -+ _g_EVP_DigestSqueeze = NULL; -+} -+ -+void __mkcgo_load_init_1(void* handle) { -+ __mkcgo__dlsym(FIPS_mode) -+ __mkcgo__dlsym(FIPS_mode_set) -+} -+ -+void __mkcgo_unload_init_1() { -+ _g_FIPS_mode = NULL; -+ _g_FIPS_mode_set = NULL; -+} -+ -+void __mkcgo_load_init_3(void* handle) { -+ __mkcgo__dlsym(BIO_ctrl) -+ __mkcgo__dlsym(BIO_free) -+ __mkcgo__dlsym(BIO_new) -+ __mkcgo__dlsym(BIO_s_mem) -+ __mkcgo__dlsym(ERR_print_errors) -+ __mkcgo__dlsym(EVP_MD_fetch) -+ __mkcgo__dlsym(EVP_MD_free) -+ __mkcgo__dlsym(EVP_MD_get0_provider) -+ __mkcgo__dlsym(EVP_default_properties_is_fips_enabled) -+} -+ -+void __mkcgo_unload_init_3() { -+ _g_BIO_ctrl = NULL; -+ _g_BIO_free = NULL; -+ _g_BIO_new = NULL; -+ _g_BIO_s_mem = NULL; -+ _g_ERR_print_errors = NULL; -+ _g_EVP_MD_fetch = NULL; -+ _g_EVP_MD_free = NULL; -+ _g_EVP_MD_get0_provider = NULL; -+ _g_EVP_default_properties_is_fips_enabled = NULL; -+} -+ -+void __mkcgo_load_legacy_1(void* handle) { -+ __mkcgo__dlsym(DSA_free) -+ __mkcgo__dlsym(DSA_generate_key) -+ __mkcgo__dlsym(DSA_get0_key) -+ __mkcgo__dlsym(DSA_get0_pqg) -+ __mkcgo__dlsym(DSA_new) -+ __mkcgo__dlsym(DSA_set0_key) -+ __mkcgo__dlsym(DSA_set0_pqg) -+ __mkcgo__dlsym(EC_KEY_check_key) -+ __mkcgo__dlsym(EC_KEY_free) -+ __mkcgo__dlsym(EC_KEY_get0_group) -+ __mkcgo__dlsym(EC_KEY_get0_private_key) -+ __mkcgo__dlsym(EC_KEY_get0_public_key) -+ __mkcgo__dlsym(EC_KEY_new_by_curve_name) -+ __mkcgo__dlsym(EC_KEY_set_private_key) -+ __mkcgo__dlsym(EC_KEY_set_public_key) -+ __mkcgo__dlsym(EC_KEY_set_public_key_affine_coordinates) -+ __mkcgo__dlsym(EC_POINT_get_affine_coordinates_GFp) -+ __mkcgo__dlsym2(EVP_CIPHER_get_block_size, EVP_CIPHER_block_size) -+ __mkcgo__dlsym2(EVP_MD_get_block_size, EVP_MD_block_size) -+ __mkcgo__dlsym2(EVP_MD_get_size, EVP_MD_size) -+ __mkcgo__dlsym(EVP_PKEY_assign) -+ __mkcgo__dlsym(EVP_PKEY_get0_DSA) -+ __mkcgo__dlsym(EVP_PKEY_get0_EC_KEY) -+ __mkcgo__dlsym(EVP_PKEY_get1_RSA) -+ __mkcgo__dlsym2(EVP_PKEY_get_bits, EVP_PKEY_bits) -+ __mkcgo__dlsym2(EVP_PKEY_get_size, EVP_PKEY_size) -+ __mkcgo__dlsym(EVP_PKEY_set1_EC_KEY) -+ __mkcgo__dlsym(FIPS_mode) -+ __mkcgo__dlsym(FIPS_mode_set) -+ __mkcgo__dlsym(HMAC_CTX_copy) -+ __mkcgo__dlsym(HMAC_CTX_free) -+ __mkcgo__dlsym(HMAC_CTX_new) -+ __mkcgo__dlsym(HMAC_Final) -+ __mkcgo__dlsym(HMAC_Init_ex) -+ __mkcgo__dlsym(HMAC_Update) -+ __mkcgo__dlsym(RSA_free) -+ __mkcgo__dlsym(RSA_get0_crt_params) -+ __mkcgo__dlsym(RSA_get0_factors) -+ __mkcgo__dlsym(RSA_get0_key) -+ __mkcgo__dlsym(RSA_new) -+ __mkcgo__dlsym(RSA_set0_crt_params) -+ __mkcgo__dlsym(RSA_set0_factors) -+ __mkcgo__dlsym(RSA_set0_key) -+} -+ -+void __mkcgo_unload_legacy_1() { -+ _g_DSA_free = NULL; -+ _g_DSA_generate_key = NULL; -+ _g_DSA_get0_key = NULL; -+ _g_DSA_get0_pqg = NULL; -+ _g_DSA_new = NULL; -+ _g_DSA_set0_key = NULL; -+ _g_DSA_set0_pqg = NULL; -+ _g_EC_KEY_check_key = NULL; -+ _g_EC_KEY_free = NULL; -+ _g_EC_KEY_get0_group = NULL; -+ _g_EC_KEY_get0_private_key = NULL; -+ _g_EC_KEY_get0_public_key = NULL; -+ _g_EC_KEY_new_by_curve_name = NULL; -+ _g_EC_KEY_set_private_key = NULL; -+ _g_EC_KEY_set_public_key = NULL; -+ _g_EC_KEY_set_public_key_affine_coordinates = NULL; -+ _g_EC_POINT_get_affine_coordinates_GFp = NULL; -+ _g_EVP_CIPHER_get_block_size = NULL; -+ _g_EVP_MD_get_block_size = NULL; -+ _g_EVP_MD_get_size = NULL; -+ _g_EVP_PKEY_assign = NULL; -+ _g_EVP_PKEY_get0_DSA = NULL; -+ _g_EVP_PKEY_get0_EC_KEY = NULL; -+ _g_EVP_PKEY_get1_RSA = NULL; -+ _g_EVP_PKEY_get_bits = NULL; -+ _g_EVP_PKEY_get_size = NULL; -+ _g_EVP_PKEY_set1_EC_KEY = NULL; -+ _g_FIPS_mode = NULL; -+ _g_FIPS_mode_set = NULL; -+ _g_HMAC_CTX_copy = NULL; -+ _g_HMAC_CTX_free = NULL; -+ _g_HMAC_CTX_new = NULL; -+ _g_HMAC_Final = NULL; -+ _g_HMAC_Init_ex = NULL; -+ _g_HMAC_Update = NULL; -+ _g_RSA_free = NULL; -+ _g_RSA_get0_crt_params = NULL; -+ _g_RSA_get0_factors = NULL; -+ _g_RSA_get0_key = NULL; -+ _g_RSA_new = NULL; -+ _g_RSA_set0_crt_params = NULL; -+ _g_RSA_set0_factors = NULL; -+ _g_RSA_set0_key = NULL; -+} -+ -+void __mkcgo_load_version(void* handle) { -+ __mkcgo__dlsym_nocheck(OPENSSL_version_major, OPENSSL_version_major) -+ __mkcgo__dlsym_nocheck(OPENSSL_version_minor, OPENSSL_version_minor) -+ __mkcgo__dlsym_nocheck(OPENSSL_version_patch, OPENSSL_version_patch) -+ __mkcgo__dlsym_nocheck(OpenSSL_version_num, OpenSSL_version_num) -+} -+ -+void __mkcgo_unload_version() { -+ _g_OPENSSL_version_major = NULL; -+ _g_OPENSSL_version_minor = NULL; -+ _g_OPENSSL_version_patch = NULL; -+ _g_OpenSSL_version_num = NULL; -+} -+ -+long _mkcgo_BIO_ctrl(_BIO_PTR _arg0, int _arg1, long _arg2, void* _arg3) { -+ return _g_BIO_ctrl(_arg0, _arg1, _arg2, _arg3); -+} -+ -+int _mkcgo_BIO_free(_BIO_PTR _arg0) { -+ return _g_BIO_free(_arg0); -+} -+ -+_BIO_PTR _mkcgo_BIO_new(const _BIO_METHOD_PTR _arg0, uintptr_t *_err_state) { -+ _BIO_PTR _ret = _g_BIO_new(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+const _BIO_METHOD_PTR _mkcgo_BIO_s_mem(void) { -+ return _g_BIO_s_mem(); -+} -+ -+_BIGNUM_PTR _mkcgo_BN_bin2bn(const unsigned char* _arg0, int _arg1, _BIGNUM_PTR _arg2, uintptr_t *_err_state) { -+ _BIGNUM_PTR _ret = _g_BN_bin2bn(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_BN_bn2binpad(const _BIGNUM_PTR _arg0, unsigned char* _arg1, int _arg2, uintptr_t *_err_state) { -+ int _ret = _g_BN_bn2binpad(_arg0, _arg1, _arg2); -+ if (_ret == -1) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_BN_bn2lebinpad(const _BIGNUM_PTR _arg0, unsigned char* _arg1, int _arg2, uintptr_t *_err_state) { -+ int _ret = _g_BN_bn2lebinpad(_arg0, _arg1, _arg2); -+ if (_ret == -1) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_BN_clear(_BIGNUM_PTR _arg0) { -+ _g_BN_clear(_arg0); -+} -+ -+void _mkcgo_BN_clear_free(_BIGNUM_PTR _arg0) { -+ _g_BN_clear_free(_arg0); -+} -+ -+void _mkcgo_BN_free(_BIGNUM_PTR _arg0) { -+ _g_BN_free(_arg0); -+} -+ -+_BIGNUM_PTR _mkcgo_BN_lebin2bn(const unsigned char* _arg0, int _arg1, _BIGNUM_PTR _arg2, uintptr_t *_err_state) { -+ _BIGNUM_PTR _ret = _g_BN_lebin2bn(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_BIGNUM_PTR _mkcgo_BN_new(uintptr_t *_err_state) { -+ _BIGNUM_PTR _ret = _g_BN_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_BN_num_bits(const _BIGNUM_PTR _arg0) { -+ return _g_BN_num_bits(_arg0); -+} -+ -+void _mkcgo_CRYPTO_free(void* _arg0, const char* _arg1, int _arg2) { -+ _g_CRYPTO_free(_arg0, _arg1, _arg2); -+} -+ -+void* _mkcgo_CRYPTO_malloc(size_t _arg0, const char* _arg1, int _arg2, uintptr_t *_err_state) { -+ void* _ret = _g_CRYPTO_malloc(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_DSA_free(_DSA_PTR _arg0) { -+ _g_DSA_free(_arg0); -+} -+ -+int _mkcgo_DSA_generate_key(_DSA_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_DSA_generate_key(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_DSA_get0_key(const _DSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2) { -+ _g_DSA_get0_key(_arg0, _arg1, _arg2); -+} -+ -+void _mkcgo_DSA_get0_pqg(const _DSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { -+ _g_DSA_get0_pqg(_arg0, _arg1, _arg2, _arg3); -+} -+ -+_DSA_PTR _mkcgo_DSA_new(uintptr_t *_err_state) { -+ _DSA_PTR _ret = _g_DSA_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_DSA_set0_key(_DSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, uintptr_t *_err_state) { -+ int _ret = _g_DSA_set0_key(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_DSA_set0_pqg(_DSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, uintptr_t *_err_state) { -+ int _ret = _g_DSA_set0_pqg(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EC_GROUP_free(_EC_GROUP_PTR _arg0) { -+ _g_EC_GROUP_free(_arg0); -+} -+ -+_EC_GROUP_PTR _mkcgo_EC_GROUP_new_by_curve_name(int _arg0, uintptr_t *_err_state) { -+ _EC_GROUP_PTR _ret = _g_EC_GROUP_new_by_curve_name(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EC_KEY_check_key(const _EC_KEY_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_EC_KEY_check_key(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EC_KEY_free(_EC_KEY_PTR _arg0) { -+ _g_EC_KEY_free(_arg0); -+} -+ -+const _EC_GROUP_PTR _mkcgo_EC_KEY_get0_group(const _EC_KEY_PTR _arg0) { -+ return _g_EC_KEY_get0_group(_arg0); -+} -+ -+const _BIGNUM_PTR _mkcgo_EC_KEY_get0_private_key(const _EC_KEY_PTR _arg0) { -+ return _g_EC_KEY_get0_private_key(_arg0); -+} -+ -+const _EC_POINT_PTR _mkcgo_EC_KEY_get0_public_key(const _EC_KEY_PTR _arg0) { -+ return _g_EC_KEY_get0_public_key(_arg0); -+} -+ -+_EC_KEY_PTR _mkcgo_EC_KEY_new_by_curve_name(int _arg0, uintptr_t *_err_state) { -+ _EC_KEY_PTR _ret = _g_EC_KEY_new_by_curve_name(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EC_KEY_set_private_key(_EC_KEY_PTR _arg0, const _BIGNUM_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EC_KEY_set_private_key(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EC_KEY_set_public_key(_EC_KEY_PTR _arg0, const _EC_POINT_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EC_KEY_set_public_key(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EC_KEY_set_public_key_affine_coordinates(_EC_KEY_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EC_KEY_set_public_key_affine_coordinates(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EC_POINT_free(_EC_POINT_PTR _arg0) { -+ _g_EC_POINT_free(_arg0); -+} -+ -+int _mkcgo_EC_POINT_get_affine_coordinates_GFp(const _EC_GROUP_PTR _arg0, const _EC_POINT_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, _BN_CTX_PTR _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EC_POINT_get_affine_coordinates_GFp(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EC_POINT_mul(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const _BIGNUM_PTR _arg2, const _EC_POINT_PTR _arg3, const _BIGNUM_PTR _arg4, _BN_CTX_PTR _arg5, uintptr_t *_err_state) { -+ int _ret = _g_EC_POINT_mul(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EC_POINT_PTR _mkcgo_EC_POINT_new(const _EC_GROUP_PTR _arg0, uintptr_t *_err_state) { -+ _EC_POINT_PTR _ret = _g_EC_POINT_new(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EC_POINT_oct2point(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const unsigned char* _arg2, size_t _arg3, _BN_CTX_PTR _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EC_POINT_oct2point(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+size_t _mkcgo_EC_POINT_point2oct(const _EC_GROUP_PTR _arg0, const _EC_POINT_PTR _arg1, point_conversion_form_t _arg2, unsigned char* _arg3, size_t _arg4, _BN_CTX_PTR _arg5, uintptr_t *_err_state) { -+ size_t _ret = _g_EC_POINT_point2oct(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EC_POINT_set_affine_coordinates(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const _BIGNUM_PTR _arg2, const _BIGNUM_PTR _arg3, _BN_CTX_PTR _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EC_POINT_set_affine_coordinates(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+unsigned long _mkcgo_ERR_peek_error(void) { -+ return _g_ERR_peek_error(); -+} -+ -+void _mkcgo_ERR_print_errors(_BIO_PTR _arg0) { -+ _g_ERR_print_errors(_arg0); -+} -+ -+int _mkcgo_EVP_CIPHER_CTX_ctrl(_EVP_CIPHER_CTX_PTR _arg0, int _arg1, int _arg2, void* _arg3, uintptr_t *_err_state) { -+ int _ret = _g_EVP_CIPHER_CTX_ctrl(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_CIPHER_CTX_free(_EVP_CIPHER_CTX_PTR _arg0) { -+ _g_EVP_CIPHER_CTX_free(_arg0); -+} -+ -+_EVP_CIPHER_CTX_PTR _mkcgo_EVP_CIPHER_CTX_new(uintptr_t *_err_state) { -+ _EVP_CIPHER_CTX_PTR _ret = _g_EVP_CIPHER_CTX_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_CIPHER_CTX_set_key_length(_EVP_CIPHER_CTX_PTR _arg0, int _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_CIPHER_CTX_set_key_length(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_CIPHER_CTX_set_padding(_EVP_CIPHER_CTX_PTR _arg0, int _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_CIPHER_CTX_set_padding(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_CIPHER_PTR _mkcgo_EVP_CIPHER_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { -+ _EVP_CIPHER_PTR _ret = _g_EVP_CIPHER_fetch(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+const char* _mkcgo_EVP_CIPHER_get0_name(const _EVP_CIPHER_PTR _arg0) { -+ return _g_EVP_CIPHER_get0_name(_arg0); -+} -+ -+int _mkcgo_EVP_CIPHER_get_block_size(const _EVP_CIPHER_PTR _arg0) { -+ return _g_EVP_CIPHER_get_block_size(_arg0); -+} -+ -+int _mkcgo_EVP_CipherInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4, int _arg5, uintptr_t *_err_state) { -+ int _ret = _g_EVP_CipherInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_CipherUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_CipherUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DecryptFinal_ex(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DecryptFinal_ex(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DecryptInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DecryptInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DecryptUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DecryptUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_Digest(const unsigned char* _arg0, size_t _arg1, unsigned char* _arg2, unsigned int* _arg3, const _EVP_MD_PTR _arg4, _ENGINE_PTR _arg5, uintptr_t *_err_state) { -+ int _ret = _g_EVP_Digest(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestFinalXOF(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DigestFinalXOF(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestFinal_ex(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, unsigned int* _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DigestFinal_ex(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestInit(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DigestInit(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestInit_ex(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_PTR _arg1, _ENGINE_PTR _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DigestInit_ex(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestSign(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DigestSign(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestSignFinal(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DigestSignFinal(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestSignInit(_EVP_MD_CTX_PTR _arg0, _EVP_PKEY_CTX_PTR* _arg1, const _EVP_MD_PTR _arg2, _ENGINE_PTR _arg3, _EVP_PKEY_PTR _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DigestSignInit(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_available_EVP_DigestSqueeze() { -+ return _g_EVP_DigestSqueeze != NULL; -+} -+ -+int _mkcgo_EVP_DigestSqueeze(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DigestSqueeze(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestUpdate(_EVP_MD_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DigestUpdate(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestVerify(_EVP_MD_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const unsigned char* _arg3, size_t _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DigestVerify(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DigestVerifyFinal(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_DigestVerifyInit(_EVP_MD_CTX_PTR _arg0, _EVP_PKEY_CTX_PTR* _arg1, const _EVP_MD_PTR _arg2, _ENGINE_PTR _arg3, _EVP_PKEY_PTR _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_DigestVerifyInit(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_EncryptFinal_ex(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_EncryptFinal_ex(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_EncryptInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_EncryptInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_EncryptUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_EncryptUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_KDF_CTX_free(_EVP_KDF_CTX_PTR _arg0) { -+ _g_EVP_KDF_CTX_free(_arg0); -+} -+ -+size_t _mkcgo_EVP_KDF_CTX_get_kdf_size(_EVP_KDF_CTX_PTR _arg0, uintptr_t *_err_state) { -+ size_t _ret = _g_EVP_KDF_CTX_get_kdf_size(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_KDF_CTX_PTR _mkcgo_EVP_KDF_CTX_new(_EVP_KDF_PTR _arg0, uintptr_t *_err_state) { -+ _EVP_KDF_CTX_PTR _ret = _g_EVP_KDF_CTX_new(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_KDF_CTX_set_params(_EVP_KDF_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_KDF_CTX_set_params(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_KDF_derive(_EVP_KDF_CTX_PTR _arg0, unsigned char* _arg1, size_t _arg2, const _OSSL_PARAM_PTR _arg3, uintptr_t *_err_state) { -+ int _ret = _g_EVP_KDF_derive(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_KDF_PTR _mkcgo_EVP_KDF_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { -+ _EVP_KDF_PTR _ret = _g_EVP_KDF_fetch(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_KDF_free(_EVP_KDF_PTR _arg0) { -+ _g_EVP_KDF_free(_arg0); -+} -+ -+int _mkcgo_available_EVP_KEYMGMT_fetch() { -+ return _g_EVP_KEYMGMT_fetch != NULL; -+} -+ -+_EVP_KEYMGMT_PTR _mkcgo_EVP_KEYMGMT_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { -+ _EVP_KEYMGMT_PTR _ret = _g_EVP_KEYMGMT_fetch(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_KEYMGMT_free(_EVP_KEYMGMT_PTR _arg0) { -+ _g_EVP_KEYMGMT_free(_arg0); -+} -+ -+_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_dup(const _EVP_MAC_CTX_PTR _arg0, uintptr_t *_err_state) { -+ _EVP_MAC_CTX_PTR _ret = _g_EVP_MAC_CTX_dup(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_MAC_CTX_free(_EVP_MAC_CTX_PTR _arg0) { -+ _g_EVP_MAC_CTX_free(_arg0); -+} -+ -+_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_new(_EVP_MAC_PTR _arg0, uintptr_t *_err_state) { -+ _EVP_MAC_CTX_PTR _ret = _g_EVP_MAC_CTX_new(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_MAC_CTX_set_params(_EVP_MAC_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_MAC_CTX_set_params(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_MAC_PTR _mkcgo_EVP_MAC_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { -+ _EVP_MAC_PTR _ret = _g_EVP_MAC_fetch(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_MAC_final(_EVP_MAC_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, size_t _arg3, uintptr_t *_err_state) { -+ int _ret = _g_EVP_MAC_final(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_MAC_init(_EVP_MAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const _OSSL_PARAM_PTR _arg3, uintptr_t *_err_state) { -+ int _ret = _g_EVP_MAC_init(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_MAC_update(_EVP_MAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_MAC_update(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_CTX_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_MD_CTX_copy_ex(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_MD_CTX_ctrl(_EVP_MD_CTX_PTR _arg0, int _arg1, int _arg2, void* _arg3, uintptr_t *_err_state) { -+ int _ret = _g_EVP_MD_CTX_ctrl(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_MD_CTX_free(_EVP_MD_CTX_PTR _arg0) { -+ _g_EVP_MD_CTX_free(_arg0); -+} -+ -+int _mkcgo_EVP_MD_CTX_get_params(_EVP_MD_CTX_PTR _arg0, _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_MD_CTX_get_params(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_gettable_params(_EVP_MD_CTX_PTR _arg0, uintptr_t *_err_state) { -+ const _OSSL_PARAM_PTR _ret = _g_EVP_MD_CTX_gettable_params(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_MD_CTX_PTR _mkcgo_EVP_MD_CTX_new(uintptr_t *_err_state) { -+ _EVP_MD_CTX_PTR _ret = _g_EVP_MD_CTX_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_MD_CTX_set_params(_EVP_MD_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_MD_CTX_set_params(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_settable_params(_EVP_MD_CTX_PTR _arg0, uintptr_t *_err_state) { -+ const _OSSL_PARAM_PTR _ret = _g_EVP_MD_CTX_settable_params(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_MD_PTR _mkcgo_EVP_MD_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { -+ _EVP_MD_PTR _ret = _g_EVP_MD_fetch(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_MD_free(_EVP_MD_PTR _arg0) { -+ _g_EVP_MD_free(_arg0); -+} -+ -+const char* _mkcgo_EVP_MD_get0_name(const _EVP_MD_PTR _arg0) { -+ return _g_EVP_MD_get0_name(_arg0); -+} -+ -+const _OSSL_PROVIDER_PTR _mkcgo_EVP_MD_get0_provider(const _EVP_MD_PTR _arg0) { -+ return _g_EVP_MD_get0_provider(_arg0); -+} -+ -+int _mkcgo_EVP_MD_get_block_size(const _EVP_MD_PTR _arg0) { -+ return _g_EVP_MD_get_block_size(_arg0); -+} -+ -+int _mkcgo_EVP_MD_get_size(const _EVP_MD_PTR _arg0) { -+ return _g_EVP_MD_get_size(_arg0); -+} -+ -+int _mkcgo_EVP_MD_get_type(const _EVP_MD_PTR _arg0) { -+ return _g_EVP_MD_get_type(_arg0); -+} -+ -+int _mkcgo_EVP_PKEY_CTX_add1_hkdf_info(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_add1_hkdf_info(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR _arg0, int _arg1, int _arg2, int _arg3, int _arg4, void* _arg5, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_ctrl(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR _arg0) { -+ _g_EVP_PKEY_CTX_free(_arg0); -+} -+ -+_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new(_EVP_PKEY_PTR _arg0, _ENGINE_PTR _arg1, uintptr_t *_err_state) { -+ _EVP_PKEY_CTX_PTR _ret = _g_EVP_PKEY_CTX_new(_arg0, _arg1); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR _arg0, _EVP_PKEY_PTR _arg1, const char* _arg2, uintptr_t *_err_state) { -+ _EVP_PKEY_CTX_PTR _ret = _g_EVP_PKEY_CTX_new_from_pkey(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_id(int _arg0, _ENGINE_PTR _arg1, uintptr_t *_err_state) { -+ _EVP_PKEY_CTX_PTR _ret = _g_EVP_PKEY_CTX_new_id(_arg0, _arg1); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, int _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_set0_rsa_oaep_label(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_CTX_set1_hkdf_key(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_set1_hkdf_key(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_set1_hkdf_salt(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR _arg0, const _EVP_MD_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_set_hkdf_md(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR _arg0, int _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_set_hkdf_mode(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_CTX_set_params(_EVP_PKEY_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_CTX_set_params(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, const char* _arg3, uintptr_t *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2, _arg3); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_MLDSA(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_MLKEM(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, size_t _arg3, uintptr_t *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2, _arg3); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_X25519(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_assign(_EVP_PKEY_PTR _arg0, int _arg1, void* _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_assign(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_decapsulate(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_decapsulate(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_decapsulate_init(_EVP_PKEY_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_decapsulate_init(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_decrypt(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_decrypt(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_decrypt_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_decrypt_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_derive(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_derive(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_derive_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_derive_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_derive_set_peer(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_derive_set_peer(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_encapsulate(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, unsigned char* _arg3, size_t* _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_encapsulate(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_encapsulate_init(_EVP_PKEY_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_encapsulate_init(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_encrypt(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_encrypt(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_encrypt_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_encrypt_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_PKEY_free(_EVP_PKEY_PTR _arg0) { -+ _g_EVP_PKEY_free(_arg0); -+} -+ -+int _mkcgo_EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1, int _arg2, _OSSL_PARAM_PTR _arg3, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_fromdata(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_fromdata_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_DSA_PTR _mkcgo_EVP_PKEY_get0_DSA(_EVP_PKEY_PTR _arg0, uintptr_t *_err_state) { -+ _DSA_PTR _ret = _g_EVP_PKEY_get0_DSA(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EC_KEY_PTR _mkcgo_EVP_PKEY_get0_EC_KEY(_EVP_PKEY_PTR _arg0, uintptr_t *_err_state) { -+ _EC_KEY_PTR _ret = _g_EVP_PKEY_get0_EC_KEY(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_RSA_PTR _mkcgo_EVP_PKEY_get1_RSA(_EVP_PKEY_PTR _arg0, uintptr_t *_err_state) { -+ _RSA_PTR _ret = _g_EVP_PKEY_get1_RSA(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+size_t _mkcgo_EVP_PKEY_get1_encoded_public_key(_EVP_PKEY_PTR _arg0, unsigned char** _arg1, uintptr_t *_err_state) { -+ size_t _ret = _g_EVP_PKEY_get1_encoded_public_key(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_get_bits(const _EVP_PKEY_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_get_bits(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_get_bn_param(const _EVP_PKEY_PTR _arg0, const char* _arg1, _BIGNUM_PTR* _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_get_bn_param(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_get_octet_string_param(const _EVP_PKEY_PTR _arg0, const char* _arg1, unsigned char* _arg2, size_t _arg3, size_t* _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_get_octet_string_param(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR _arg0, unsigned char* _arg1, size_t* _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_get_raw_private_key(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR _arg0, unsigned char* _arg1, size_t* _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_get_raw_public_key(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_get_size(const _EVP_PKEY_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_get_size(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_keygen(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_keygen(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_keygen_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_keygen_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new(uintptr_t *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_private_key(int _arg0, _ENGINE_PTR _arg1, const unsigned char* _arg2, size_t _arg3, uintptr_t *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_new_raw_private_key(_arg0, _arg1, _arg2, _arg3); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_public_key(int _arg0, _ENGINE_PTR _arg1, const unsigned char* _arg2, size_t _arg3, uintptr_t *_err_state) { -+ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_new_raw_public_key(_arg0, _arg1, _arg2, _arg3); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_paramgen(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_paramgen(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_paramgen_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_private_check(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_private_check(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_public_check_quick(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_public_check_quick(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR _arg0, _EC_KEY_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_set1_EC_KEY(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_set1_encoded_public_key(_EVP_PKEY_PTR _arg0, const unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_set1_encoded_public_key(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_sign(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_sign(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_sign_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_sign_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_up_ref(_EVP_PKEY_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_up_ref(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_verify(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const unsigned char* _arg3, size_t _arg4, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_verify(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_PKEY_verify_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { -+ int _ret = _g_EVP_PKEY_verify_init(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_EVP_SIGNATURE_PTR _mkcgo_EVP_SIGNATURE_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { -+ _EVP_SIGNATURE_PTR _ret = _g_EVP_SIGNATURE_fetch(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_EVP_SIGNATURE_free(_EVP_SIGNATURE_PTR _arg0) { -+ _g_EVP_SIGNATURE_free(_arg0); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_cbc(void) { -+ return _g_EVP_aes_128_cbc(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ctr(void) { -+ return _g_EVP_aes_128_ctr(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ecb(void) { -+ return _g_EVP_aes_128_ecb(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_gcm(void) { -+ return _g_EVP_aes_128_gcm(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_cbc(void) { -+ return _g_EVP_aes_192_cbc(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ctr(void) { -+ return _g_EVP_aes_192_ctr(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ecb(void) { -+ return _g_EVP_aes_192_ecb(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_gcm(void) { -+ return _g_EVP_aes_192_gcm(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_cbc(void) { -+ return _g_EVP_aes_256_cbc(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ctr(void) { -+ return _g_EVP_aes_256_ctr(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ecb(void) { -+ return _g_EVP_aes_256_ecb(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_gcm(void) { -+ return _g_EVP_aes_256_gcm(); -+} -+ -+int _mkcgo_available_EVP_chacha20_poly1305() { -+ return _g_EVP_chacha20_poly1305 != NULL; -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_chacha20_poly1305(void) { -+ return _g_EVP_chacha20_poly1305(); -+} -+ -+int _mkcgo_EVP_default_properties_enable_fips(_OSSL_LIB_CTX_PTR _arg0, int _arg1, uintptr_t *_err_state) { -+ int _ret = _g_EVP_default_properties_enable_fips(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_EVP_default_properties_is_fips_enabled(_OSSL_LIB_CTX_PTR _arg0) { -+ return _g_EVP_default_properties_is_fips_enabled(_arg0); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_cbc(void) { -+ return _g_EVP_des_cbc(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_ecb(void) { -+ return _g_EVP_des_ecb(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_cbc(void) { -+ return _g_EVP_des_ede3_cbc(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_ecb(void) { -+ return _g_EVP_des_ede3_ecb(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_md4(void) { -+ return _g_EVP_md4(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_md5(void) { -+ return _g_EVP_md5(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_md5_sha1(void) { -+ return _g_EVP_md5_sha1(); -+} -+ -+const _EVP_CIPHER_PTR _mkcgo_EVP_rc4(void) { -+ return _g_EVP_rc4(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_ripemd160(void) { -+ return _g_EVP_ripemd160(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha1(void) { -+ return _g_EVP_sha1(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha224(void) { -+ return _g_EVP_sha224(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha256(void) { -+ return _g_EVP_sha256(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha384(void) { -+ return _g_EVP_sha384(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha3_224(void) { -+ return _g_EVP_sha3_224(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha3_256(void) { -+ return _g_EVP_sha3_256(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha3_384(void) { -+ return _g_EVP_sha3_384(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha3_512(void) { -+ return _g_EVP_sha3_512(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha512(void) { -+ return _g_EVP_sha512(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha512_224(void) { -+ return _g_EVP_sha512_224(); -+} -+ -+const _EVP_MD_PTR _mkcgo_EVP_sha512_256(void) { -+ return _g_EVP_sha512_256(); -+} -+ -+int _mkcgo_FIPS_mode(void) { -+ return _g_FIPS_mode(); -+} -+ -+int _mkcgo_FIPS_mode_set(int _arg0, uintptr_t *_err_state) { -+ int _ret = _g_FIPS_mode_set(_arg0); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_HMAC_CTX_copy(_HMAC_CTX_PTR _arg0, _HMAC_CTX_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_HMAC_CTX_copy(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_HMAC_CTX_free(_HMAC_CTX_PTR _arg0) { -+ _g_HMAC_CTX_free(_arg0); -+} -+ -+_HMAC_CTX_PTR _mkcgo_HMAC_CTX_new(uintptr_t *_err_state) { -+ _HMAC_CTX_PTR _ret = _g_HMAC_CTX_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_HMAC_Final(_HMAC_CTX_PTR _arg0, unsigned char* _arg1, unsigned int* _arg2, uintptr_t *_err_state) { -+ int _ret = _g_HMAC_Final(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_HMAC_Init_ex(_HMAC_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2, const _EVP_MD_PTR _arg3, _ENGINE_PTR _arg4, uintptr_t *_err_state) { -+ int _ret = _g_HMAC_Init_ex(_arg0, _arg1, _arg2, _arg3, _arg4); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_HMAC_Update(_HMAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { -+ int _ret = _g_HMAC_Update(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+const char* _mkcgo_OBJ_nid2sn(int _arg0) { -+ return _g_OBJ_nid2sn(_arg0); -+} -+ -+void _mkcgo_OPENSSL_init(void) { -+ _g_OPENSSL_init(); -+} -+ -+int _mkcgo_OPENSSL_init_crypto(uint64_t _arg0, const _OPENSSL_INIT_SETTINGS_PTR _arg1, uintptr_t *_err_state) { -+ int _ret = _g_OPENSSL_init_crypto(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_available_OPENSSL_version_major() { -+ return _g_OPENSSL_version_major != NULL; -+} -+ -+unsigned int _mkcgo_OPENSSL_version_major(void) { -+ return _g_OPENSSL_version_major(); -+} -+ -+int _mkcgo_available_OPENSSL_version_minor() { -+ return _g_OPENSSL_version_minor != NULL; -+} -+ -+unsigned int _mkcgo_OPENSSL_version_minor(void) { -+ return _g_OPENSSL_version_minor(); -+} -+ -+int _mkcgo_available_OPENSSL_version_patch() { -+ return _g_OPENSSL_version_patch != NULL; -+} -+ -+unsigned int _mkcgo_OPENSSL_version_patch(void) { -+ return _g_OPENSSL_version_patch(); -+} -+ -+void _mkcgo_OSSL_PARAM_BLD_free(_OSSL_PARAM_BLD_PTR _arg0) { -+ _g_OSSL_PARAM_BLD_free(_arg0); -+} -+ -+_OSSL_PARAM_BLD_PTR _mkcgo_OSSL_PARAM_BLD_new(void) { -+ return _g_OSSL_PARAM_BLD_new(); -+} -+ -+int _mkcgo_OSSL_PARAM_BLD_push_BN(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const _BIGNUM_PTR _arg2, uintptr_t *_err_state) { -+ int _ret = _g_OSSL_PARAM_BLD_push_BN(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_OSSL_PARAM_BLD_push_int32(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, int32_t _arg2, uintptr_t *_err_state) { -+ int _ret = _g_OSSL_PARAM_BLD_push_int32(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_OSSL_PARAM_BLD_push_octet_string(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const unsigned char* _arg2, size_t _arg3, uintptr_t *_err_state) { -+ int _ret = _g_OSSL_PARAM_BLD_push_octet_string(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_OSSL_PARAM_BLD_push_utf8_string(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const char* _arg2, size_t _arg3, uintptr_t *_err_state) { -+ int _ret = _g_OSSL_PARAM_BLD_push_utf8_string(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+_OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_BLD_to_param(_OSSL_PARAM_BLD_PTR _arg0, uintptr_t *_err_state) { -+ _OSSL_PARAM_PTR _ret = _g_OSSL_PARAM_BLD_to_param(_arg0); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_OSSL_PARAM_free(_OSSL_PARAM_PTR _arg0) { -+ _g_OSSL_PARAM_free(_arg0); -+} -+ -+const _OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_locate_const(const _OSSL_PARAM_PTR _arg0, const char* _arg1, uintptr_t *_err_state) { -+ const _OSSL_PARAM_PTR _ret = _g_OSSL_PARAM_locate_const(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_OSSL_PROVIDER_available(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1) { -+ return _g_OSSL_PROVIDER_available(_arg0, _arg1); -+} -+ -+const char* _mkcgo_OSSL_PROVIDER_get0_name(const _OSSL_PROVIDER_PTR _arg0) { -+ return _g_OSSL_PROVIDER_get0_name(_arg0); -+} -+ -+_OSSL_PROVIDER_PTR _mkcgo_OSSL_PROVIDER_try_load(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, int _arg2, uintptr_t *_err_state) { -+ _OSSL_PROVIDER_PTR _ret = _g_OSSL_PROVIDER_try_load(_arg0, _arg1, _arg2); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+const char* _mkcgo_OpenSSL_version(int _arg0) { -+ return _g_OpenSSL_version(_arg0); -+} -+ -+int _mkcgo_available_OpenSSL_version_num() { -+ return _g_OpenSSL_version_num != NULL; -+} -+ -+unsigned long _mkcgo_OpenSSL_version_num(void) { -+ return _g_OpenSSL_version_num(); -+} -+ -+int _mkcgo_PKCS5_PBKDF2_HMAC(const char* _arg0, int _arg1, const unsigned char* _arg2, int _arg3, int _arg4, const _EVP_MD_PTR _arg5, int _arg6, unsigned char* _arg7, uintptr_t *_err_state) { -+ int _ret = _g_PKCS5_PBKDF2_HMAC(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_RAND_bytes(unsigned char* _arg0, int _arg1, uintptr_t *_err_state) { -+ int _ret = _g_RAND_bytes(_arg0, _arg1); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+void _mkcgo_RSA_free(_RSA_PTR _arg0) { -+ _g_RSA_free(_arg0); -+} -+ -+void _mkcgo_RSA_get0_crt_params(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { -+ _g_RSA_get0_crt_params(_arg0, _arg1, _arg2, _arg3); -+} -+ -+void _mkcgo_RSA_get0_factors(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2) { -+ _g_RSA_get0_factors(_arg0, _arg1, _arg2); -+} -+ -+void _mkcgo_RSA_get0_key(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { -+ _g_RSA_get0_key(_arg0, _arg1, _arg2, _arg3); -+} -+ -+_RSA_PTR _mkcgo_RSA_new(uintptr_t *_err_state) { -+ _RSA_PTR _ret = _g_RSA_new(); -+ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_RSA_set0_crt_params(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, uintptr_t *_err_state) { -+ int _ret = _g_RSA_set0_crt_params(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_RSA_set0_factors(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, uintptr_t *_err_state) { -+ int _ret = _g_RSA_set0_factors(_arg0, _arg1, _arg2); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -+int _mkcgo_RSA_set0_key(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, uintptr_t *_err_state) { -+ int _ret = _g_RSA_set0_key(_arg0, _arg1, _arg2, _arg3); -+ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); -+ return _ret; -+} -+ -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.go -new file mode 100644 -index 00000000000000..9f39419e8d14ae ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.go -@@ -0,0 +1,73 @@ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+package ossl -+ -+const ( -+ POINT_CONVERSION_UNCOMPRESSED = 4 -+ OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002 -+ OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004 -+ OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008 -+ OPENSSL_INIT_LOAD_CONFIG = 0x00000040 -+ EVP_CTRL_GCM_GET_TAG = 0x10 -+ EVP_CTRL_GCM_SET_TAG = 0x11 -+ EVP_CTRL_AEAD_SET_IVLEN = 0x9 -+ EVP_CTRL_AEAD_GET_TAG = 0x10 -+ EVP_CTRL_AEAD_SET_TAG = 0x11 -+ EVP_PKEY_CTRL_MD = 1 -+ EVP_PKEY_RSA = 6 -+ EVP_PKEY_EC = 408 -+ EVP_PKEY_TLS1_PRF = 1021 -+ EVP_PKEY_X25519 = 1034 -+ EVP_PKEY_HKDF = 1036 -+ EVP_PKEY_ED25519 = 1087 -+ EVP_PKEY_DSA = 116 -+ EVP_PKEY_MLKEM_768 = 1455 -+ EVP_PKEY_MLKEM_1024 = 1456 -+ EVP_PKEY_ML_DSA_44 = 1457 -+ EVP_PKEY_ML_DSA_65 = 1458 -+ EVP_PKEY_ML_DSA_87 = 1459 -+ EVP_PKEY_OP_DERIVE = (1 << 10) -+ EVP_MAX_MD_SIZE = 64 -+ EVP_PKEY_PUBLIC_KEY = 0x86 -+ EVP_PKEY_KEYPAIR = 0x87 -+ EVP_MD_CTRL_XOF_LEN = 0x3 -+ EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001 -+ EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1 -+ EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2 -+ EVP_PKEY_CTRL_TLS_MD = 0x1000 -+ EVP_PKEY_CTRL_TLS_SECRET = 0x1001 -+ EVP_PKEY_CTRL_TLS_SEED = 0x1002 -+ EVP_PKEY_CTRL_HKDF_MD = 0x1003 -+ EVP_PKEY_CTRL_HKDF_SALT = 0x1004 -+ EVP_PKEY_CTRL_HKDF_KEY = 0x1005 -+ EVP_PKEY_CTRL_HKDF_INFO = 0x1006 -+ EVP_PKEY_CTRL_HKDF_MODE = 0x1007 -+ NID_X9_62_prime256v1 = 415 -+ NID_secp224r1 = 713 -+ NID_secp384r1 = 715 -+ NID_secp521r1 = 716 -+ NID_ML_KEM_768 = 1455 -+ NID_ML_KEM_1024 = 1456 -+ NID_ML_DSA_44 = 1457 -+ NID_ML_DSA_65 = 1458 -+ NID_ML_DSA_87 = 1459 -+ RSA_PKCS1_PADDING = 1 -+ RSA_NO_PADDING = 3 -+ RSA_PKCS1_OAEP_PADDING = 4 -+ RSA_PKCS1_PSS_PADDING = 6 -+ RSA_PSS_SALTLEN_DIGEST = -1 -+ RSA_PSS_SALTLEN_AUTO = -2 -+ RSA_PSS_SALTLEN_MAX_SIGN = -2 -+ RSA_PSS_SALTLEN_MAX = -3 -+ EVP_PKEY_CTRL_RSA_PADDING = 0x1001 -+ EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002 -+ EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003 -+ EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005 -+ EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009 -+ EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A -+ EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001 -+ EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002 -+ OSSL_PARAM_INTEGER = 1 -+ OSSL_PARAM_OCTET_STRING = 5 -+ BIO_CTRL_INFO = 3 -+) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.h b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.h -new file mode 100644 -index 00000000000000..5e172b625edf3a ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl.h -@@ -0,0 +1,371 @@ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+#ifndef MKCGO_H // only include this header once -+#define MKCGO_H -+ -+#include -+#include -+ -+typedef void* _OPENSSL_INIT_SETTINGS_PTR; -+typedef void* _OSSL_LIB_CTX_PTR; -+typedef void* _OSSL_PROVIDER_PTR; -+typedef void* _ENGINE_PTR; -+typedef void* _EVP_PKEY_PTR; -+typedef void* _EVP_PKEY_CTX_PTR; -+typedef void* _EVP_MD_PTR; -+typedef void* _EVP_MD_CTX_PTR; -+typedef void* _HMAC_CTX_PTR; -+typedef void* _EVP_CIPHER_PTR; -+typedef void* _EVP_CIPHER_CTX_PTR; -+typedef void* _EC_KEY_PTR; -+typedef void* _EC_POINT_PTR; -+typedef void* _EC_GROUP_PTR; -+typedef void* _RSA_PTR; -+typedef void* _BIGNUM_PTR; -+typedef void* _BN_CTX_PTR; -+typedef void* _EVP_MAC_PTR; -+typedef void* _EVP_MAC_CTX_PTR; -+typedef void* _OSSL_PARAM_BLD_PTR; -+typedef void* _OSSL_PARAM_PTR; -+typedef void* _EVP_SIGNATURE_PTR; -+typedef void* _EVP_KEYMGMT_PTR; -+typedef void* _DSA_PTR; -+typedef void* _EVP_KDF_PTR; -+typedef void* _EVP_KDF_CTX_PTR; -+typedef void* _BIO_METHOD_PTR; -+typedef void* _BIO_PTR; -+typedef int point_conversion_form_t; -+ -+enum { -+ _POINT_CONVERSION_UNCOMPRESSED = 4, -+ _OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002, -+ _OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004, -+ _OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008, -+ _OPENSSL_INIT_LOAD_CONFIG = 0x00000040, -+ _EVP_CTRL_GCM_GET_TAG = 0x10, -+ _EVP_CTRL_GCM_SET_TAG = 0x11, -+ _EVP_CTRL_AEAD_SET_IVLEN = 0x9, -+ _EVP_CTRL_AEAD_GET_TAG = 0x10, -+ _EVP_CTRL_AEAD_SET_TAG = 0x11, -+ _EVP_PKEY_CTRL_MD = 1, -+ _EVP_PKEY_RSA = 6, -+ _EVP_PKEY_EC = 408, -+ _EVP_PKEY_TLS1_PRF = 1021, -+ _EVP_PKEY_X25519 = 1034, -+ _EVP_PKEY_HKDF = 1036, -+ _EVP_PKEY_ED25519 = 1087, -+ _EVP_PKEY_DSA = 116, -+ _EVP_PKEY_MLKEM_768 = 1455, -+ _EVP_PKEY_MLKEM_1024 = 1456, -+ _EVP_PKEY_ML_DSA_44 = 1457, -+ _EVP_PKEY_ML_DSA_65 = 1458, -+ _EVP_PKEY_ML_DSA_87 = 1459, -+ _EVP_PKEY_OP_DERIVE = (1 << 10), -+ _EVP_MAX_MD_SIZE = 64, -+ _EVP_PKEY_PUBLIC_KEY = 0x86, -+ _EVP_PKEY_KEYPAIR = 0x87, -+ _EVP_MD_CTRL_XOF_LEN = 0x3, -+ _EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001, -+ _EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1, -+ _EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2, -+ _EVP_PKEY_CTRL_TLS_MD = 0x1000, -+ _EVP_PKEY_CTRL_TLS_SECRET = 0x1001, -+ _EVP_PKEY_CTRL_TLS_SEED = 0x1002, -+ _EVP_PKEY_CTRL_HKDF_MD = 0x1003, -+ _EVP_PKEY_CTRL_HKDF_SALT = 0x1004, -+ _EVP_PKEY_CTRL_HKDF_KEY = 0x1005, -+ _EVP_PKEY_CTRL_HKDF_INFO = 0x1006, -+ _EVP_PKEY_CTRL_HKDF_MODE = 0x1007, -+ _NID_X9_62_prime256v1 = 415, -+ _NID_secp224r1 = 713, -+ _NID_secp384r1 = 715, -+ _NID_secp521r1 = 716, -+ _NID_ML_KEM_768 = 1455, -+ _NID_ML_KEM_1024 = 1456, -+ _NID_ML_DSA_44 = 1457, -+ _NID_ML_DSA_65 = 1458, -+ _NID_ML_DSA_87 = 1459, -+ _RSA_PKCS1_PADDING = 1, -+ _RSA_NO_PADDING = 3, -+ _RSA_PKCS1_OAEP_PADDING = 4, -+ _RSA_PKCS1_PSS_PADDING = 6, -+ _RSA_PSS_SALTLEN_DIGEST = -1, -+ _RSA_PSS_SALTLEN_AUTO = -2, -+ _RSA_PSS_SALTLEN_MAX_SIGN = -2, -+ _RSA_PSS_SALTLEN_MAX = -3, -+ _EVP_PKEY_CTRL_RSA_PADDING = 0x1001, -+ _EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002, -+ _EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003, -+ _EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005, -+ _EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009, -+ _EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A, -+ _EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001, -+ _EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002, -+ _OSSL_PARAM_INTEGER = 1, -+ _OSSL_PARAM_OCTET_STRING = 5, -+ BIO_CTRL_INFO = 3, -+}; -+ -+uintptr_t mkcgo_err_retrieve(); -+void __mkcgo_load_(void* handle); -+void __mkcgo_unload_(); -+void __mkcgo_load_3(void* handle); -+void __mkcgo_unload_3(); -+void __mkcgo_load_33(void* handle); -+void __mkcgo_unload_33(); -+void __mkcgo_load_init_1(void* handle); -+void __mkcgo_unload_init_1(); -+void __mkcgo_load_init_3(void* handle); -+void __mkcgo_unload_init_3(); -+void __mkcgo_load_legacy_1(void* handle); -+void __mkcgo_unload_legacy_1(); -+void __mkcgo_load_version(void* handle); -+void __mkcgo_unload_version(); -+ -+int _mkcgo_available_EVP_DigestSqueeze(); -+int _mkcgo_available_EVP_KEYMGMT_fetch(); -+int _mkcgo_available_EVP_chacha20_poly1305(); -+int _mkcgo_available_OPENSSL_version_major(); -+int _mkcgo_available_OPENSSL_version_minor(); -+int _mkcgo_available_OPENSSL_version_patch(); -+int _mkcgo_available_OpenSSL_version_num(); -+ -+long _mkcgo_BIO_ctrl(_BIO_PTR, int, long, void*); -+int _mkcgo_BIO_free(_BIO_PTR); -+_BIO_PTR _mkcgo_BIO_new(const _BIO_METHOD_PTR, uintptr_t *); -+const _BIO_METHOD_PTR _mkcgo_BIO_s_mem(void); -+_BIGNUM_PTR _mkcgo_BN_bin2bn(const unsigned char*, int, _BIGNUM_PTR, uintptr_t *); -+int _mkcgo_BN_bn2binpad(const _BIGNUM_PTR, unsigned char*, int, uintptr_t *); -+int _mkcgo_BN_bn2lebinpad(const _BIGNUM_PTR, unsigned char*, int, uintptr_t *); -+void _mkcgo_BN_clear(_BIGNUM_PTR); -+void _mkcgo_BN_clear_free(_BIGNUM_PTR); -+void _mkcgo_BN_free(_BIGNUM_PTR); -+_BIGNUM_PTR _mkcgo_BN_lebin2bn(const unsigned char*, int, _BIGNUM_PTR, uintptr_t *); -+_BIGNUM_PTR _mkcgo_BN_new(uintptr_t *); -+int _mkcgo_BN_num_bits(const _BIGNUM_PTR); -+void _mkcgo_CRYPTO_free(void*, const char*, int); -+void* _mkcgo_CRYPTO_malloc(size_t, const char*, int, uintptr_t *); -+void _mkcgo_DSA_free(_DSA_PTR); -+int _mkcgo_DSA_generate_key(_DSA_PTR, uintptr_t *); -+void _mkcgo_DSA_get0_key(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+void _mkcgo_DSA_get0_pqg(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+_DSA_PTR _mkcgo_DSA_new(uintptr_t *); -+int _mkcgo_DSA_set0_key(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, uintptr_t *); -+int _mkcgo_DSA_set0_pqg(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR, uintptr_t *); -+void _mkcgo_EC_GROUP_free(_EC_GROUP_PTR); -+_EC_GROUP_PTR _mkcgo_EC_GROUP_new_by_curve_name(int, uintptr_t *); -+int _mkcgo_EC_KEY_check_key(const _EC_KEY_PTR, uintptr_t *); -+void _mkcgo_EC_KEY_free(_EC_KEY_PTR); -+const _EC_GROUP_PTR _mkcgo_EC_KEY_get0_group(const _EC_KEY_PTR); -+const _BIGNUM_PTR _mkcgo_EC_KEY_get0_private_key(const _EC_KEY_PTR); -+const _EC_POINT_PTR _mkcgo_EC_KEY_get0_public_key(const _EC_KEY_PTR); -+_EC_KEY_PTR _mkcgo_EC_KEY_new_by_curve_name(int, uintptr_t *); -+int _mkcgo_EC_KEY_set_private_key(_EC_KEY_PTR, const _BIGNUM_PTR, uintptr_t *); -+int _mkcgo_EC_KEY_set_public_key(_EC_KEY_PTR, const _EC_POINT_PTR, uintptr_t *); -+int _mkcgo_EC_KEY_set_public_key_affine_coordinates(_EC_KEY_PTR, _BIGNUM_PTR, _BIGNUM_PTR, uintptr_t *); -+void _mkcgo_EC_POINT_free(_EC_POINT_PTR); -+int _mkcgo_EC_POINT_get_affine_coordinates_GFp(const _EC_GROUP_PTR, const _EC_POINT_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BN_CTX_PTR, uintptr_t *); -+int _mkcgo_EC_POINT_mul(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _EC_POINT_PTR, const _BIGNUM_PTR, _BN_CTX_PTR, uintptr_t *); -+_EC_POINT_PTR _mkcgo_EC_POINT_new(const _EC_GROUP_PTR, uintptr_t *); -+int _mkcgo_EC_POINT_oct2point(const _EC_GROUP_PTR, _EC_POINT_PTR, const unsigned char*, size_t, _BN_CTX_PTR, uintptr_t *); -+size_t _mkcgo_EC_POINT_point2oct(const _EC_GROUP_PTR, const _EC_POINT_PTR, point_conversion_form_t, unsigned char*, size_t, _BN_CTX_PTR, uintptr_t *); -+int _mkcgo_EC_POINT_set_affine_coordinates(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _BIGNUM_PTR, _BN_CTX_PTR, uintptr_t *); -+unsigned long _mkcgo_ERR_peek_error(void); -+void _mkcgo_ERR_print_errors(_BIO_PTR); -+int _mkcgo_EVP_CIPHER_CTX_ctrl(_EVP_CIPHER_CTX_PTR, int, int, void*, uintptr_t *); -+void _mkcgo_EVP_CIPHER_CTX_free(_EVP_CIPHER_CTX_PTR); -+_EVP_CIPHER_CTX_PTR _mkcgo_EVP_CIPHER_CTX_new(uintptr_t *); -+int _mkcgo_EVP_CIPHER_CTX_set_key_length(_EVP_CIPHER_CTX_PTR, int, uintptr_t *); -+int _mkcgo_EVP_CIPHER_CTX_set_padding(_EVP_CIPHER_CTX_PTR, int, uintptr_t *); -+_EVP_CIPHER_PTR _mkcgo_EVP_CIPHER_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); -+const char* _mkcgo_EVP_CIPHER_get0_name(const _EVP_CIPHER_PTR); -+int _mkcgo_EVP_CIPHER_get_block_size(const _EVP_CIPHER_PTR); -+int _mkcgo_EVP_CipherInit_ex(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, int, uintptr_t *); -+int _mkcgo_EVP_CipherUpdate(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int, uintptr_t *); -+int _mkcgo_EVP_DecryptFinal_ex(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, uintptr_t *); -+int _mkcgo_EVP_DecryptInit_ex(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, uintptr_t *); -+int _mkcgo_EVP_DecryptUpdate(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int, uintptr_t *); -+int _mkcgo_EVP_Digest(const unsigned char*, size_t, unsigned char*, unsigned int*, const _EVP_MD_PTR, _ENGINE_PTR, uintptr_t *); -+int _mkcgo_EVP_DigestFinalXOF(_EVP_MD_CTX_PTR, unsigned char*, size_t, uintptr_t *); -+int _mkcgo_EVP_DigestFinal_ex(_EVP_MD_CTX_PTR, unsigned char*, unsigned int*, uintptr_t *); -+int _mkcgo_EVP_DigestInit(_EVP_MD_CTX_PTR, const _EVP_MD_PTR, uintptr_t *); -+int _mkcgo_EVP_DigestInit_ex(_EVP_MD_CTX_PTR, const _EVP_MD_PTR, _ENGINE_PTR, uintptr_t *); -+int _mkcgo_EVP_DigestSign(_EVP_MD_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, uintptr_t *); -+int _mkcgo_EVP_DigestSignFinal(_EVP_MD_CTX_PTR, unsigned char*, size_t*, uintptr_t *); -+int _mkcgo_EVP_DigestSignInit(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR, uintptr_t *); -+int _mkcgo_EVP_DigestSqueeze(_EVP_MD_CTX_PTR, unsigned char*, size_t, uintptr_t *); -+int _mkcgo_EVP_DigestUpdate(_EVP_MD_CTX_PTR, const unsigned char*, size_t, uintptr_t *); -+int _mkcgo_EVP_DigestVerify(_EVP_MD_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t, uintptr_t *); -+int _mkcgo_EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR, const unsigned char*, size_t, uintptr_t *); -+int _mkcgo_EVP_DigestVerifyInit(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR, uintptr_t *); -+int _mkcgo_EVP_EncryptFinal_ex(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, uintptr_t *); -+int _mkcgo_EVP_EncryptInit_ex(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, uintptr_t *); -+int _mkcgo_EVP_EncryptUpdate(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int, uintptr_t *); -+void _mkcgo_EVP_KDF_CTX_free(_EVP_KDF_CTX_PTR); -+size_t _mkcgo_EVP_KDF_CTX_get_kdf_size(_EVP_KDF_CTX_PTR, uintptr_t *); -+_EVP_KDF_CTX_PTR _mkcgo_EVP_KDF_CTX_new(_EVP_KDF_PTR, uintptr_t *); -+int _mkcgo_EVP_KDF_CTX_set_params(_EVP_KDF_CTX_PTR, const _OSSL_PARAM_PTR, uintptr_t *); -+int _mkcgo_EVP_KDF_derive(_EVP_KDF_CTX_PTR, unsigned char*, size_t, const _OSSL_PARAM_PTR, uintptr_t *); -+_EVP_KDF_PTR _mkcgo_EVP_KDF_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); -+void _mkcgo_EVP_KDF_free(_EVP_KDF_PTR); -+_EVP_KEYMGMT_PTR _mkcgo_EVP_KEYMGMT_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); -+void _mkcgo_EVP_KEYMGMT_free(_EVP_KEYMGMT_PTR); -+_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_dup(const _EVP_MAC_CTX_PTR, uintptr_t *); -+void _mkcgo_EVP_MAC_CTX_free(_EVP_MAC_CTX_PTR); -+_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_new(_EVP_MAC_PTR, uintptr_t *); -+int _mkcgo_EVP_MAC_CTX_set_params(_EVP_MAC_CTX_PTR, const _OSSL_PARAM_PTR, uintptr_t *); -+_EVP_MAC_PTR _mkcgo_EVP_MAC_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); -+int _mkcgo_EVP_MAC_final(_EVP_MAC_CTX_PTR, unsigned char*, size_t*, size_t, uintptr_t *); -+int _mkcgo_EVP_MAC_init(_EVP_MAC_CTX_PTR, const unsigned char*, size_t, const _OSSL_PARAM_PTR, uintptr_t *); -+int _mkcgo_EVP_MAC_update(_EVP_MAC_CTX_PTR, const unsigned char*, size_t, uintptr_t *); -+int _mkcgo_EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR, const _EVP_MD_CTX_PTR, uintptr_t *); -+int _mkcgo_EVP_MD_CTX_ctrl(_EVP_MD_CTX_PTR, int, int, void*, uintptr_t *); -+void _mkcgo_EVP_MD_CTX_free(_EVP_MD_CTX_PTR); -+int _mkcgo_EVP_MD_CTX_get_params(_EVP_MD_CTX_PTR, _OSSL_PARAM_PTR, uintptr_t *); -+const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_gettable_params(_EVP_MD_CTX_PTR, uintptr_t *); -+_EVP_MD_CTX_PTR _mkcgo_EVP_MD_CTX_new(uintptr_t *); -+int _mkcgo_EVP_MD_CTX_set_params(_EVP_MD_CTX_PTR, const _OSSL_PARAM_PTR, uintptr_t *); -+const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_settable_params(_EVP_MD_CTX_PTR, uintptr_t *); -+_EVP_MD_PTR _mkcgo_EVP_MD_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); -+void _mkcgo_EVP_MD_free(_EVP_MD_PTR); -+const char* _mkcgo_EVP_MD_get0_name(const _EVP_MD_PTR); -+const _OSSL_PROVIDER_PTR _mkcgo_EVP_MD_get0_provider(const _EVP_MD_PTR); -+int _mkcgo_EVP_MD_get_block_size(const _EVP_MD_PTR); -+int _mkcgo_EVP_MD_get_size(const _EVP_MD_PTR); -+int _mkcgo_EVP_MD_get_type(const _EVP_MD_PTR); -+int _mkcgo_EVP_PKEY_CTX_add1_hkdf_info(_EVP_PKEY_CTX_PTR, const unsigned char*, int, uintptr_t *); -+int _mkcgo_EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR, int, int, int, int, void*, uintptr_t *); -+void _mkcgo_EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR); -+_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new(_EVP_PKEY_PTR, _ENGINE_PTR, uintptr_t *); -+_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR, _EVP_PKEY_PTR, const char*, uintptr_t *); -+_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_id(int, _ENGINE_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR, unsigned char*, int, uintptr_t *); -+int _mkcgo_EVP_PKEY_CTX_set1_hkdf_key(_EVP_PKEY_CTX_PTR, const unsigned char*, int, uintptr_t *); -+int _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR, const unsigned char*, int, uintptr_t *); -+int _mkcgo_EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR, const _EVP_MD_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR, int, uintptr_t *); -+int _mkcgo_EVP_PKEY_CTX_set_params(_EVP_PKEY_CTX_PTR, const _OSSL_PARAM_PTR, uintptr_t *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR, const char*, const char*, const char*, uintptr_t *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_MLDSA(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_MLKEM(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR, const char*, const char*, size_t, uintptr_t *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_X25519(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); -+int _mkcgo_EVP_PKEY_assign(_EVP_PKEY_PTR, int, void*, uintptr_t *); -+int _mkcgo_EVP_PKEY_decapsulate(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, uintptr_t *); -+int _mkcgo_EVP_PKEY_decapsulate_init(_EVP_PKEY_CTX_PTR, const _OSSL_PARAM_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_decrypt(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, uintptr_t *); -+int _mkcgo_EVP_PKEY_decrypt_init(_EVP_PKEY_CTX_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_derive(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, uintptr_t *); -+int _mkcgo_EVP_PKEY_derive_init(_EVP_PKEY_CTX_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_derive_set_peer(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_encapsulate(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, unsigned char*, size_t*, uintptr_t *); -+int _mkcgo_EVP_PKEY_encapsulate_init(_EVP_PKEY_CTX_PTR, const _OSSL_PARAM_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_encrypt(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, uintptr_t *); -+int _mkcgo_EVP_PKEY_encrypt_init(_EVP_PKEY_CTX_PTR, uintptr_t *); -+void _mkcgo_EVP_PKEY_free(_EVP_PKEY_PTR); -+int _mkcgo_EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, int, _OSSL_PARAM_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR, uintptr_t *); -+_DSA_PTR _mkcgo_EVP_PKEY_get0_DSA(_EVP_PKEY_PTR, uintptr_t *); -+_EC_KEY_PTR _mkcgo_EVP_PKEY_get0_EC_KEY(_EVP_PKEY_PTR, uintptr_t *); -+_RSA_PTR _mkcgo_EVP_PKEY_get1_RSA(_EVP_PKEY_PTR, uintptr_t *); -+size_t _mkcgo_EVP_PKEY_get1_encoded_public_key(_EVP_PKEY_PTR, unsigned char**, uintptr_t *); -+int _mkcgo_EVP_PKEY_get_bits(const _EVP_PKEY_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_get_bn_param(const _EVP_PKEY_PTR, const char*, _BIGNUM_PTR*, uintptr_t *); -+int _mkcgo_EVP_PKEY_get_octet_string_param(const _EVP_PKEY_PTR, const char*, unsigned char*, size_t, size_t*, uintptr_t *); -+int _mkcgo_EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR, unsigned char*, size_t*, uintptr_t *); -+int _mkcgo_EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR, unsigned char*, size_t*, uintptr_t *); -+int _mkcgo_EVP_PKEY_get_size(const _EVP_PKEY_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_keygen(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, uintptr_t *); -+int _mkcgo_EVP_PKEY_keygen_init(_EVP_PKEY_CTX_PTR, uintptr_t *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new(uintptr_t *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_private_key(int, _ENGINE_PTR, const unsigned char*, size_t, uintptr_t *); -+_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_public_key(int, _ENGINE_PTR, const unsigned char*, size_t, uintptr_t *); -+int _mkcgo_EVP_PKEY_paramgen(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, uintptr_t *); -+int _mkcgo_EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_private_check(_EVP_PKEY_CTX_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_public_check_quick(_EVP_PKEY_CTX_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR, _EC_KEY_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_set1_encoded_public_key(_EVP_PKEY_PTR, const unsigned char*, size_t, uintptr_t *); -+int _mkcgo_EVP_PKEY_sign(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, uintptr_t *); -+int _mkcgo_EVP_PKEY_sign_init(_EVP_PKEY_CTX_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_up_ref(_EVP_PKEY_PTR, uintptr_t *); -+int _mkcgo_EVP_PKEY_verify(_EVP_PKEY_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t, uintptr_t *); -+int _mkcgo_EVP_PKEY_verify_init(_EVP_PKEY_CTX_PTR, uintptr_t *); -+_EVP_SIGNATURE_PTR _mkcgo_EVP_SIGNATURE_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); -+void _mkcgo_EVP_SIGNATURE_free(_EVP_SIGNATURE_PTR); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_cbc(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ctr(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ecb(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_gcm(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_cbc(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ctr(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ecb(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_gcm(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_cbc(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ctr(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ecb(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_gcm(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_chacha20_poly1305(void); -+int _mkcgo_EVP_default_properties_enable_fips(_OSSL_LIB_CTX_PTR, int, uintptr_t *); -+int _mkcgo_EVP_default_properties_is_fips_enabled(_OSSL_LIB_CTX_PTR); -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_cbc(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_ecb(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_cbc(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_ecb(void); -+const _EVP_MD_PTR _mkcgo_EVP_md4(void); -+const _EVP_MD_PTR _mkcgo_EVP_md5(void); -+const _EVP_MD_PTR _mkcgo_EVP_md5_sha1(void); -+const _EVP_CIPHER_PTR _mkcgo_EVP_rc4(void); -+const _EVP_MD_PTR _mkcgo_EVP_ripemd160(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha1(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha224(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha256(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha384(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha3_224(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha3_256(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha3_384(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha3_512(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha512(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha512_224(void); -+const _EVP_MD_PTR _mkcgo_EVP_sha512_256(void); -+int _mkcgo_FIPS_mode(void); -+int _mkcgo_FIPS_mode_set(int, uintptr_t *); -+int _mkcgo_HMAC_CTX_copy(_HMAC_CTX_PTR, _HMAC_CTX_PTR, uintptr_t *); -+void _mkcgo_HMAC_CTX_free(_HMAC_CTX_PTR); -+_HMAC_CTX_PTR _mkcgo_HMAC_CTX_new(uintptr_t *); -+int _mkcgo_HMAC_Final(_HMAC_CTX_PTR, unsigned char*, unsigned int*, uintptr_t *); -+int _mkcgo_HMAC_Init_ex(_HMAC_CTX_PTR, const unsigned char*, int, const _EVP_MD_PTR, _ENGINE_PTR, uintptr_t *); -+int _mkcgo_HMAC_Update(_HMAC_CTX_PTR, const unsigned char*, size_t, uintptr_t *); -+const char* _mkcgo_OBJ_nid2sn(int); -+void _mkcgo_OPENSSL_init(void); -+int _mkcgo_OPENSSL_init_crypto(uint64_t, const _OPENSSL_INIT_SETTINGS_PTR, uintptr_t *); -+unsigned int _mkcgo_OPENSSL_version_major(void); -+unsigned int _mkcgo_OPENSSL_version_minor(void); -+unsigned int _mkcgo_OPENSSL_version_patch(void); -+void _mkcgo_OSSL_PARAM_BLD_free(_OSSL_PARAM_BLD_PTR); -+_OSSL_PARAM_BLD_PTR _mkcgo_OSSL_PARAM_BLD_new(void); -+int _mkcgo_OSSL_PARAM_BLD_push_BN(_OSSL_PARAM_BLD_PTR, const char*, const _BIGNUM_PTR, uintptr_t *); -+int _mkcgo_OSSL_PARAM_BLD_push_int32(_OSSL_PARAM_BLD_PTR, const char*, int32_t, uintptr_t *); -+int _mkcgo_OSSL_PARAM_BLD_push_octet_string(_OSSL_PARAM_BLD_PTR, const char*, const unsigned char*, size_t, uintptr_t *); -+int _mkcgo_OSSL_PARAM_BLD_push_utf8_string(_OSSL_PARAM_BLD_PTR, const char*, const char*, size_t, uintptr_t *); -+_OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_BLD_to_param(_OSSL_PARAM_BLD_PTR, uintptr_t *); -+void _mkcgo_OSSL_PARAM_free(_OSSL_PARAM_PTR); -+const _OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_locate_const(const _OSSL_PARAM_PTR, const char*, uintptr_t *); -+int _mkcgo_OSSL_PROVIDER_available(_OSSL_LIB_CTX_PTR, const char*); -+const char* _mkcgo_OSSL_PROVIDER_get0_name(const _OSSL_PROVIDER_PTR); -+_OSSL_PROVIDER_PTR _mkcgo_OSSL_PROVIDER_try_load(_OSSL_LIB_CTX_PTR, const char*, int, uintptr_t *); -+const char* _mkcgo_OpenSSL_version(int); -+unsigned long _mkcgo_OpenSSL_version_num(void); -+int _mkcgo_PKCS5_PBKDF2_HMAC(const char*, int, const unsigned char*, int, int, const _EVP_MD_PTR, int, unsigned char*, uintptr_t *); -+int _mkcgo_RAND_bytes(unsigned char*, int, uintptr_t *); -+void _mkcgo_RSA_free(_RSA_PTR); -+void _mkcgo_RSA_get0_crt_params(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+void _mkcgo_RSA_get0_factors(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+void _mkcgo_RSA_get0_key(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); -+_RSA_PTR _mkcgo_RSA_new(uintptr_t *); -+int _mkcgo_RSA_set0_crt_params(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR, uintptr_t *); -+int _mkcgo_RSA_set0_factors(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, uintptr_t *); -+int _mkcgo_RSA_set0_key(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR, uintptr_t *); -+ -+#endif // MKCGO_H -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_cgo.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_cgo.go -new file mode 100644 -index 00000000000000..9faa8e16a69cf6 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_cgo.go -@@ -0,0 +1,1502 @@ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+package ossl -+ -+/* -+#cgo CFLAGS: -Wno-attributes -+#cgo unix LDFLAGS: -ldl -+ -+#include "zossl.h" -+#cgo noescape _mkcgo_BIO_ctrl -+#cgo nocallback _mkcgo_BIO_ctrl -+#cgo noescape _mkcgo_BIO_free -+#cgo nocallback _mkcgo_BIO_free -+#cgo noescape _mkcgo_ERR_print_errors -+#cgo nocallback _mkcgo_ERR_print_errors -+#cgo noescape _mkcgo_EVP_CipherUpdate -+#cgo nocallback _mkcgo_EVP_CipherUpdate -+#cgo noescape _mkcgo_EVP_DecryptFinal_ex -+#cgo nocallback _mkcgo_EVP_DecryptFinal_ex -+#cgo noescape _mkcgo_EVP_DecryptUpdate -+#cgo nocallback _mkcgo_EVP_DecryptUpdate -+#cgo noescape _mkcgo_EVP_Digest -+#cgo nocallback _mkcgo_EVP_Digest -+#cgo noescape _mkcgo_EVP_DigestFinalXOF -+#cgo nocallback _mkcgo_EVP_DigestFinalXOF -+#cgo noescape _mkcgo_EVP_DigestFinal_ex -+#cgo nocallback _mkcgo_EVP_DigestFinal_ex -+#cgo noescape _mkcgo_EVP_DigestSign -+#cgo nocallback _mkcgo_EVP_DigestSign -+#cgo noescape _mkcgo_EVP_DigestSqueeze -+#cgo nocallback _mkcgo_EVP_DigestSqueeze -+#cgo noescape _mkcgo_EVP_DigestUpdate -+#cgo nocallback _mkcgo_EVP_DigestUpdate -+#cgo noescape _mkcgo_EVP_EncryptFinal_ex -+#cgo nocallback _mkcgo_EVP_EncryptFinal_ex -+#cgo noescape _mkcgo_EVP_EncryptUpdate -+#cgo nocallback _mkcgo_EVP_EncryptUpdate -+#cgo noescape _mkcgo_EVP_MAC_CTX_free -+#cgo nocallback _mkcgo_EVP_MAC_CTX_free -+#cgo noescape _mkcgo_EVP_MAC_final -+#cgo nocallback _mkcgo_EVP_MAC_final -+#cgo noescape _mkcgo_EVP_MAC_init -+#cgo nocallback _mkcgo_EVP_MAC_init -+#cgo noescape _mkcgo_EVP_MAC_update -+#cgo nocallback _mkcgo_EVP_MAC_update -+#cgo noescape _mkcgo_EVP_MD_CTX_get_params -+#cgo nocallback _mkcgo_EVP_MD_CTX_get_params -+#cgo noescape _mkcgo_EVP_MD_CTX_set_params -+#cgo nocallback _mkcgo_EVP_MD_CTX_set_params -+#cgo noescape _mkcgo_EVP_PKEY_CTX_set_params -+#cgo nocallback _mkcgo_EVP_PKEY_CTX_set_params -+#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_EC -+#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_EC -+#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_ED25519 -+#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_ED25519 -+#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_MLDSA -+#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_MLDSA -+#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_MLKEM -+#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_MLKEM -+#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_RSA -+#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_RSA -+#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_X25519 -+#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_X25519 -+#cgo noescape _mkcgo_EVP_PKEY_derive -+#cgo nocallback _mkcgo_EVP_PKEY_derive -+#cgo noescape _mkcgo_EVP_PKEY_get_bn_param -+#cgo nocallback _mkcgo_EVP_PKEY_get_bn_param -+#cgo noescape _mkcgo_EVP_PKEY_get_raw_private_key -+#cgo nocallback _mkcgo_EVP_PKEY_get_raw_private_key -+#cgo noescape _mkcgo_EVP_PKEY_get_raw_public_key -+#cgo nocallback _mkcgo_EVP_PKEY_get_raw_public_key -+#cgo noescape _mkcgo_EVP_PKEY_keygen -+#cgo nocallback _mkcgo_EVP_PKEY_keygen -+#cgo noescape _mkcgo_HMAC_CTX_copy -+#cgo nocallback _mkcgo_HMAC_CTX_copy -+#cgo noescape _mkcgo_HMAC_CTX_free -+#cgo nocallback _mkcgo_HMAC_CTX_free -+#cgo noescape _mkcgo_HMAC_Final -+#cgo nocallback _mkcgo_HMAC_Final -+#cgo noescape _mkcgo_HMAC_Init_ex -+#cgo nocallback _mkcgo_HMAC_Init_ex -+#cgo noescape _mkcgo_HMAC_Update -+#cgo nocallback _mkcgo_HMAC_Update -+#cgo noescape _mkcgo_RAND_bytes -+#cgo nocallback _mkcgo_RAND_bytes -+*/ -+import "C" -+import "unsafe" -+ -+type BIGNUM_PTR = C._BIGNUM_PTR -+type BIO_METHOD_PTR = C._BIO_METHOD_PTR -+type BIO_PTR = C._BIO_PTR -+type BN_CTX_PTR = C._BN_CTX_PTR -+type DSA_PTR = C._DSA_PTR -+type EC_GROUP_PTR = C._EC_GROUP_PTR -+type EC_KEY_PTR = C._EC_KEY_PTR -+type EC_POINT_PTR = C._EC_POINT_PTR -+type ENGINE_PTR = C._ENGINE_PTR -+type EVP_CIPHER_CTX_PTR = C._EVP_CIPHER_CTX_PTR -+type EVP_CIPHER_PTR = C._EVP_CIPHER_PTR -+type EVP_KDF_CTX_PTR = C._EVP_KDF_CTX_PTR -+type EVP_KDF_PTR = C._EVP_KDF_PTR -+type EVP_KEYMGMT_PTR = C._EVP_KEYMGMT_PTR -+type EVP_MAC_CTX_PTR = C._EVP_MAC_CTX_PTR -+type EVP_MAC_PTR = C._EVP_MAC_PTR -+type EVP_MD_CTX_PTR = C._EVP_MD_CTX_PTR -+type EVP_MD_PTR = C._EVP_MD_PTR -+type EVP_PKEY_CTX_PTR = C._EVP_PKEY_CTX_PTR -+type EVP_PKEY_PTR = C._EVP_PKEY_PTR -+type EVP_SIGNATURE_PTR = C._EVP_SIGNATURE_PTR -+type HMAC_CTX_PTR = C._HMAC_CTX_PTR -+type OPENSSL_INIT_SETTINGS_PTR = C._OPENSSL_INIT_SETTINGS_PTR -+type OSSL_LIB_CTX_PTR = C._OSSL_LIB_CTX_PTR -+type OSSL_PARAM_BLD_PTR = C._OSSL_PARAM_BLD_PTR -+type OSSL_PARAM_PTR = C._OSSL_PARAM_PTR -+type OSSL_PROVIDER_PTR = C._OSSL_PROVIDER_PTR -+type RSA_PTR = C._RSA_PTR -+type Point_conversion_form_t = C.point_conversion_form_t -+ -+func MkcgoLoad_(handle unsafe.Pointer) { -+ C.__mkcgo_load_(handle) -+} -+ -+func MkcgoUnload_() { -+ C.__mkcgo_unload_() -+} -+ -+func MkcgoLoad_3(handle unsafe.Pointer) { -+ C.__mkcgo_load_3(handle) -+} -+ -+func MkcgoUnload_3() { -+ C.__mkcgo_unload_3() -+} -+ -+func MkcgoLoad_33(handle unsafe.Pointer) { -+ C.__mkcgo_load_33(handle) -+} -+ -+func MkcgoUnload_33() { -+ C.__mkcgo_unload_33() -+} -+ -+func MkcgoLoad_init_1(handle unsafe.Pointer) { -+ C.__mkcgo_load_init_1(handle) -+} -+ -+func MkcgoUnload_init_1() { -+ C.__mkcgo_unload_init_1() -+} -+ -+func MkcgoLoad_init_3(handle unsafe.Pointer) { -+ C.__mkcgo_load_init_3(handle) -+} -+ -+func MkcgoUnload_init_3() { -+ C.__mkcgo_unload_init_3() -+} -+ -+func MkcgoLoad_legacy_1(handle unsafe.Pointer) { -+ C.__mkcgo_load_legacy_1(handle) -+} -+ -+func MkcgoUnload_legacy_1() { -+ C.__mkcgo_unload_legacy_1() -+} -+ -+func MkcgoLoad_version(handle unsafe.Pointer) { -+ C.__mkcgo_load_version(handle) -+} -+ -+func MkcgoUnload_version() { -+ C.__mkcgo_unload_version() -+} -+ -+//go:nosplit -+func mkcgoNoEscape(p *C.uintptr_t) *C.uintptr_t { -+ x := uintptr(unsafe.Pointer(p)) -+ return (*C.uintptr_t)(unsafe.Pointer(x ^ 0)) -+} -+ -+func BIO_ctrl(bp BIO_PTR, cmd int32, larg int64, parg unsafe.Pointer) int64 { -+ return int64(C._mkcgo_BIO_ctrl(bp, C.int(cmd), C.long(larg), parg)) -+} -+ -+func BIO_free(a BIO_PTR) int32 { -+ return int32(C._mkcgo_BIO_free(a)) -+} -+ -+func BIO_new(__type BIO_METHOD_PTR) (BIO_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_BIO_new(__type, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("BIO_new", uintptr(_err)) -+} -+ -+func BIO_s_mem() BIO_METHOD_PTR { -+ return C._mkcgo_BIO_s_mem() -+} -+ -+func BN_bin2bn(arg0 []byte, arg2 BIGNUM_PTR) (BIGNUM_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_BN_bin2bn((*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg0))), C.int(len(arg0)), arg2, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("BN_bin2bn", uintptr(_err)) -+} -+ -+func BN_bn2binpad(a BIGNUM_PTR, to []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_BN_bn2binpad(a, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(to))), C.int(len(to)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("BN_bn2binpad", uintptr(_err)) -+} -+ -+func BN_bn2lebinpad(a BIGNUM_PTR, to []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_BN_bn2lebinpad(a, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(to))), C.int(len(to)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("BN_bn2lebinpad", uintptr(_err)) -+} -+ -+func BN_clear(arg0 BIGNUM_PTR) { -+ C._mkcgo_BN_clear(arg0) -+} -+ -+func BN_clear_free(arg0 BIGNUM_PTR) { -+ C._mkcgo_BN_clear_free(arg0) -+} -+ -+func BN_free(arg0 BIGNUM_PTR) { -+ C._mkcgo_BN_free(arg0) -+} -+ -+func BN_lebin2bn(s []byte, ret BIGNUM_PTR) (BIGNUM_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_BN_lebin2bn((*C.uchar)(unsafe.Pointer(unsafe.SliceData(s))), C.int(len(s)), ret, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("BN_lebin2bn", uintptr(_err)) -+} -+ -+func BN_new() (BIGNUM_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_BN_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("BN_new", uintptr(_err)) -+} -+ -+func BN_num_bits(arg0 BIGNUM_PTR) int32 { -+ return int32(C._mkcgo_BN_num_bits(arg0)) -+} -+ -+func CRYPTO_free(str unsafe.Pointer, file *byte, line int32) { -+ C._mkcgo_CRYPTO_free(str, (*C.char)(unsafe.Pointer(file)), C.int(line)) -+} -+ -+func CRYPTO_malloc(num int, file *byte, line int32) (unsafe.Pointer, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_CRYPTO_malloc(C.size_t(num), (*C.char)(unsafe.Pointer(file)), C.int(line), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("CRYPTO_malloc", uintptr(_err)) -+} -+ -+func DSA_free(r DSA_PTR) { -+ C._mkcgo_DSA_free(r) -+} -+ -+func DSA_generate_key(a DSA_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_DSA_generate_key(a, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("DSA_generate_key", uintptr(_err)) -+} -+ -+func DSA_get0_key(d DSA_PTR, pub_key *BIGNUM_PTR, priv_key *BIGNUM_PTR) { -+ C._mkcgo_DSA_get0_key(d, pub_key, priv_key) -+} -+ -+func DSA_get0_pqg(d DSA_PTR, p *BIGNUM_PTR, q *BIGNUM_PTR, g *BIGNUM_PTR) { -+ C._mkcgo_DSA_get0_pqg(d, p, q, g) -+} -+ -+func DSA_new() (DSA_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_DSA_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("DSA_new", uintptr(_err)) -+} -+ -+func DSA_set0_key(d DSA_PTR, pub_key BIGNUM_PTR, priv_key BIGNUM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_DSA_set0_key(d, pub_key, priv_key, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("DSA_set0_key", uintptr(_err)) -+} -+ -+func DSA_set0_pqg(d DSA_PTR, p BIGNUM_PTR, q BIGNUM_PTR, g BIGNUM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_DSA_set0_pqg(d, p, q, g, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("DSA_set0_pqg", uintptr(_err)) -+} -+ -+func EC_GROUP_free(group EC_GROUP_PTR) { -+ C._mkcgo_EC_GROUP_free(group) -+} -+ -+func EC_GROUP_new_by_curve_name(nid int32) (EC_GROUP_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EC_GROUP_new_by_curve_name(C.int(nid), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EC_GROUP_new_by_curve_name", uintptr(_err)) -+} -+ -+func EC_KEY_check_key(key EC_KEY_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EC_KEY_check_key(key, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_KEY_check_key", uintptr(_err)) -+} -+ -+func EC_KEY_free(arg0 EC_KEY_PTR) { -+ C._mkcgo_EC_KEY_free(arg0) -+} -+ -+func EC_KEY_get0_group(arg0 EC_KEY_PTR) EC_GROUP_PTR { -+ return C._mkcgo_EC_KEY_get0_group(arg0) -+} -+ -+func EC_KEY_get0_private_key(arg0 EC_KEY_PTR) BIGNUM_PTR { -+ return C._mkcgo_EC_KEY_get0_private_key(arg0) -+} -+ -+func EC_KEY_get0_public_key(arg0 EC_KEY_PTR) EC_POINT_PTR { -+ return C._mkcgo_EC_KEY_get0_public_key(arg0) -+} -+ -+func EC_KEY_new_by_curve_name(arg0 int32) (EC_KEY_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EC_KEY_new_by_curve_name(C.int(arg0), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EC_KEY_new_by_curve_name", uintptr(_err)) -+} -+ -+func EC_KEY_set_private_key(arg0 EC_KEY_PTR, arg1 BIGNUM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EC_KEY_set_private_key(arg0, arg1, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_KEY_set_private_key", uintptr(_err)) -+} -+ -+func EC_KEY_set_public_key(key EC_KEY_PTR, pub EC_POINT_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EC_KEY_set_public_key(key, pub, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_KEY_set_public_key", uintptr(_err)) -+} -+ -+func EC_KEY_set_public_key_affine_coordinates(key EC_KEY_PTR, x BIGNUM_PTR, y BIGNUM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EC_KEY_set_public_key_affine_coordinates(key, x, y, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_KEY_set_public_key_affine_coordinates", uintptr(_err)) -+} -+ -+func EC_POINT_free(arg0 EC_POINT_PTR) { -+ C._mkcgo_EC_POINT_free(arg0) -+} -+ -+func EC_POINT_get_affine_coordinates_GFp(arg0 EC_GROUP_PTR, arg1 EC_POINT_PTR, arg2 BIGNUM_PTR, arg3 BIGNUM_PTR, arg4 BN_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EC_POINT_get_affine_coordinates_GFp(arg0, arg1, arg2, arg3, arg4, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_POINT_get_affine_coordinates_GFp", uintptr(_err)) -+} -+ -+func EC_POINT_mul(group EC_GROUP_PTR, r EC_POINT_PTR, n BIGNUM_PTR, q EC_POINT_PTR, m BIGNUM_PTR, ctx BN_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EC_POINT_mul(group, r, n, q, m, ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_POINT_mul", uintptr(_err)) -+} -+ -+func EC_POINT_new(arg0 EC_GROUP_PTR) (EC_POINT_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EC_POINT_new(arg0, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EC_POINT_new", uintptr(_err)) -+} -+ -+func EC_POINT_oct2point(group EC_GROUP_PTR, p EC_POINT_PTR, buf []byte, ctx BN_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EC_POINT_oct2point(group, p, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(buf))), C.size_t(len(buf)), ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_POINT_oct2point", uintptr(_err)) -+} -+ -+func EC_POINT_point2oct(group EC_GROUP_PTR, p EC_POINT_PTR, form Point_conversion_form_t, buf []byte, ctx BN_CTX_PTR) (int, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EC_POINT_point2oct(group, p, form, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(buf))), C.size_t(len(buf)), ctx, mkcgoNoEscape(&_err)) -+ return int(_ret), newMkcgoErr("EC_POINT_point2oct", uintptr(_err)) -+} -+ -+func EC_POINT_set_affine_coordinates(arg0 EC_GROUP_PTR, arg1 EC_POINT_PTR, arg2 BIGNUM_PTR, arg3 BIGNUM_PTR, arg4 BN_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EC_POINT_set_affine_coordinates(arg0, arg1, arg2, arg3, arg4, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EC_POINT_set_affine_coordinates", uintptr(_err)) -+} -+ -+func ERR_peek_error() uint64 { -+ return uint64(C._mkcgo_ERR_peek_error()) -+} -+ -+func ERR_print_errors(bp BIO_PTR) { -+ C._mkcgo_ERR_print_errors(bp) -+} -+ -+func EVP_CIPHER_CTX_ctrl(ctx EVP_CIPHER_CTX_PTR, __type int32, arg int32, ptr unsafe.Pointer) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_CIPHER_CTX_ctrl(ctx, C.int(__type), C.int(arg), ptr, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_CIPHER_CTX_ctrl", uintptr(_err)) -+} -+ -+func EVP_CIPHER_CTX_free(arg0 EVP_CIPHER_CTX_PTR) { -+ C._mkcgo_EVP_CIPHER_CTX_free(arg0) -+} -+ -+func EVP_CIPHER_CTX_new() (EVP_CIPHER_CTX_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_CIPHER_CTX_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_CIPHER_CTX_new", uintptr(_err)) -+} -+ -+func EVP_CIPHER_CTX_set_key_length(x EVP_CIPHER_CTX_PTR, keylen int32) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_CIPHER_CTX_set_key_length(x, C.int(keylen), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_CIPHER_CTX_set_key_length", uintptr(_err)) -+} -+ -+func EVP_CIPHER_CTX_set_padding(x EVP_CIPHER_CTX_PTR, padding int32) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_CIPHER_CTX_set_padding(x, C.int(padding), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_CIPHER_CTX_set_padding", uintptr(_err)) -+} -+ -+func EVP_CIPHER_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_CIPHER_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_CIPHER_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_CIPHER_fetch", uintptr(_err)) -+} -+ -+func EVP_CIPHER_get0_name(cipher EVP_CIPHER_PTR) *byte { -+ return (*byte)(unsafe.Pointer(C._mkcgo_EVP_CIPHER_get0_name(cipher))) -+} -+ -+func EVP_CIPHER_get_block_size(cipher EVP_CIPHER_PTR) int32 { -+ return int32(C._mkcgo_EVP_CIPHER_get_block_size(cipher)) -+} -+ -+func EVP_CipherInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte, enc int32) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_CipherInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)), C.int(enc), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_CipherInit_ex", uintptr(_err)) -+} -+ -+func EVP_CipherUpdate(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32, in []byte) (int32, error) { -+ if outl != nil && int(*outl) > len(out) { -+ panic("EVP_CipherUpdate: *outl exceeds len(out)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_CipherUpdate(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(in))), C.int(len(in)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_CipherUpdate", uintptr(_err)) -+} -+ -+func EVP_DecryptFinal_ex(ctx EVP_CIPHER_CTX_PTR, outm []byte, outl *int32) (int32, error) { -+ if outl != nil && int(*outl) > len(outm) { -+ panic("EVP_DecryptFinal_ex: *outl exceeds len(outm)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DecryptFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(outm))), (*C.int)(unsafe.Pointer(outl)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DecryptFinal_ex", uintptr(_err)) -+} -+ -+func EVP_DecryptInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DecryptInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DecryptInit_ex", uintptr(_err)) -+} -+ -+func EVP_DecryptUpdate(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32, in []byte) (int32, error) { -+ if outl != nil && int(*outl) > len(out) { -+ panic("EVP_DecryptUpdate: *outl exceeds len(out)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DecryptUpdate(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(in))), C.int(len(in)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DecryptUpdate", uintptr(_err)) -+} -+ -+func EVP_Digest(data []byte, md []byte, size *uint32, __type EVP_MD_PTR, impl ENGINE_PTR) (int32, error) { -+ if size != nil && int(*size) > len(md) { -+ panic("EVP_Digest: *size exceeds len(md)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_Digest((*C.uchar)(unsafe.Pointer(unsafe.SliceData(data))), C.size_t(len(data)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(md))), (*C.uint)(unsafe.Pointer(size)), __type, impl, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_Digest", uintptr(_err)) -+} -+ -+func EVP_DigestFinalXOF(ctx EVP_MD_CTX_PTR, md []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DigestFinalXOF(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(md))), C.size_t(len(md)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestFinalXOF", uintptr(_err)) -+} -+ -+func EVP_DigestFinal_ex(ctx EVP_MD_CTX_PTR, md []byte, s *uint32) (int32, error) { -+ if s != nil && int(*s) > len(md) { -+ panic("EVP_DigestFinal_ex: *s exceeds len(md)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DigestFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(md))), (*C.uint)(unsafe.Pointer(s)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestFinal_ex", uintptr(_err)) -+} -+ -+func EVP_DigestInit(ctx EVP_MD_CTX_PTR, __type EVP_MD_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DigestInit(ctx, __type, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestInit", uintptr(_err)) -+} -+ -+func EVP_DigestInit_ex(ctx EVP_MD_CTX_PTR, __type EVP_MD_PTR, impl ENGINE_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DigestInit_ex(ctx, __type, impl, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestInit_ex", uintptr(_err)) -+} -+ -+func EVP_DigestSign(ctx EVP_MD_CTX_PTR, sigret []byte, siglen *int, tbs []byte) (int32, error) { -+ if siglen != nil && int(*siglen) > len(sigret) { -+ panic("EVP_DigestSign: *siglen exceeds len(sigret)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DigestSign(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(sigret))), (*C.size_t)(unsafe.Pointer(siglen)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(tbs))), C.size_t(len(tbs)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestSign", uintptr(_err)) -+} -+ -+func EVP_DigestSignFinal(ctx EVP_MD_CTX_PTR, sig []byte, siglen *int) (int32, error) { -+ if siglen != nil && int(*siglen) > len(sig) { -+ panic("EVP_DigestSignFinal: *siglen exceeds len(sig)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DigestSignFinal(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(sig))), (*C.size_t)(unsafe.Pointer(siglen)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestSignFinal", uintptr(_err)) -+} -+ -+func EVP_DigestSignInit(ctx EVP_MD_CTX_PTR, pctx *EVP_PKEY_CTX_PTR, __type EVP_MD_PTR, e ENGINE_PTR, pkey EVP_PKEY_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DigestSignInit(ctx, pctx, __type, e, pkey, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestSignInit", uintptr(_err)) -+} -+ -+func EVP_DigestSqueeze_Available() bool { -+ return C._mkcgo_available_EVP_DigestSqueeze() != 0 -+} -+ -+func EVP_DigestSqueeze(ctx EVP_MD_CTX_PTR, out []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DigestSqueeze(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), C.size_t(len(out)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestSqueeze", uintptr(_err)) -+} -+ -+func EVP_DigestUpdate(ctx EVP_MD_CTX_PTR, d []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DigestUpdate(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(d))), C.size_t(len(d)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestUpdate", uintptr(_err)) -+} -+ -+func EVP_DigestVerify(ctx EVP_MD_CTX_PTR, sigret []byte, tbs []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DigestVerify(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(sigret))), C.size_t(len(sigret)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(tbs))), C.size_t(len(tbs)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestVerify", uintptr(_err)) -+} -+ -+func EVP_DigestVerifyFinal(ctx EVP_MD_CTX_PTR, sig []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DigestVerifyFinal(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(sig))), C.size_t(len(sig)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestVerifyFinal", uintptr(_err)) -+} -+ -+func EVP_DigestVerifyInit(ctx EVP_MD_CTX_PTR, pctx *EVP_PKEY_CTX_PTR, __type EVP_MD_PTR, e ENGINE_PTR, pkey EVP_PKEY_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_DigestVerifyInit(ctx, pctx, __type, e, pkey, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_DigestVerifyInit", uintptr(_err)) -+} -+ -+func EVP_EncryptFinal_ex(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32) (int32, error) { -+ if outl != nil && int(*outl) > len(out) { -+ panic("EVP_EncryptFinal_ex: *outl exceeds len(out)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_EncryptFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), (*C.int)(unsafe.Pointer(outl)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_EncryptFinal_ex", uintptr(_err)) -+} -+ -+func EVP_EncryptInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_EncryptInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_EncryptInit_ex", uintptr(_err)) -+} -+ -+func EVP_EncryptUpdate(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32, in []byte) (int32, error) { -+ if outl != nil && int(*outl) > len(out) { -+ panic("EVP_EncryptUpdate: *outl exceeds len(out)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_EncryptUpdate(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(in))), C.int(len(in)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_EncryptUpdate", uintptr(_err)) -+} -+ -+func EVP_KDF_CTX_free(ctx EVP_KDF_CTX_PTR) { -+ C._mkcgo_EVP_KDF_CTX_free(ctx) -+} -+ -+func EVP_KDF_CTX_get_kdf_size(ctx EVP_KDF_CTX_PTR) (int, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_KDF_CTX_get_kdf_size(ctx, mkcgoNoEscape(&_err)) -+ return int(_ret), newMkcgoErr("EVP_KDF_CTX_get_kdf_size", uintptr(_err)) -+} -+ -+func EVP_KDF_CTX_new(kdf EVP_KDF_PTR) (EVP_KDF_CTX_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_KDF_CTX_new(kdf, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_KDF_CTX_new", uintptr(_err)) -+} -+ -+func EVP_KDF_CTX_set_params(ctx EVP_KDF_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_KDF_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_KDF_CTX_set_params", uintptr(_err)) -+} -+ -+func EVP_KDF_derive(ctx EVP_KDF_CTX_PTR, key []byte, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_KDF_derive(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_KDF_derive", uintptr(_err)) -+} -+ -+func EVP_KDF_fetch(libctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_KDF_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_KDF_fetch(libctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_KDF_fetch", uintptr(_err)) -+} -+ -+func EVP_KDF_free(kdf EVP_KDF_PTR) { -+ C._mkcgo_EVP_KDF_free(kdf) -+} -+ -+func EVP_KEYMGMT_fetch_Available() bool { -+ return C._mkcgo_available_EVP_KEYMGMT_fetch() != 0 -+} -+ -+func EVP_KEYMGMT_fetch(libctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_KEYMGMT_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_KEYMGMT_fetch(libctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_KEYMGMT_fetch", uintptr(_err)) -+} -+ -+func EVP_KEYMGMT_free(keymgmt EVP_KEYMGMT_PTR) { -+ C._mkcgo_EVP_KEYMGMT_free(keymgmt) -+} -+ -+func EVP_MAC_CTX_dup(arg0 EVP_MAC_CTX_PTR) (EVP_MAC_CTX_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MAC_CTX_dup(arg0, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_MAC_CTX_dup", uintptr(_err)) -+} -+ -+func EVP_MAC_CTX_free(arg0 EVP_MAC_CTX_PTR) { -+ C._mkcgo_EVP_MAC_CTX_free(arg0) -+} -+ -+func EVP_MAC_CTX_new(arg0 EVP_MAC_PTR) (EVP_MAC_CTX_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MAC_CTX_new(arg0, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_MAC_CTX_new", uintptr(_err)) -+} -+ -+func EVP_MAC_CTX_set_params(ctx EVP_MAC_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MAC_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MAC_CTX_set_params", uintptr(_err)) -+} -+ -+func EVP_MAC_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_MAC_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MAC_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_MAC_fetch", uintptr(_err)) -+} -+ -+func EVP_MAC_final(ctx EVP_MAC_CTX_PTR, out []byte, outl *int) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MAC_final(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), (*C.size_t)(unsafe.Pointer(outl)), C.size_t(len(out)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MAC_final", uintptr(_err)) -+} -+ -+func EVP_MAC_init(ctx EVP_MAC_CTX_PTR, key []byte, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MAC_init(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MAC_init", uintptr(_err)) -+} -+ -+func EVP_MAC_update(ctx EVP_MAC_CTX_PTR, data []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MAC_update(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(data))), C.size_t(len(data)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MAC_update", uintptr(_err)) -+} -+ -+func EVP_MD_CTX_copy_ex(out EVP_MD_CTX_PTR, in EVP_MD_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MD_CTX_copy_ex(out, in, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MD_CTX_copy_ex", uintptr(_err)) -+} -+ -+func EVP_MD_CTX_ctrl(ctx EVP_MD_CTX_PTR, cmd int32, p1 int32, p2 unsafe.Pointer) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MD_CTX_ctrl(ctx, C.int(cmd), C.int(p1), p2, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MD_CTX_ctrl", uintptr(_err)) -+} -+ -+func EVP_MD_CTX_free(ctx EVP_MD_CTX_PTR) { -+ C._mkcgo_EVP_MD_CTX_free(ctx) -+} -+ -+func EVP_MD_CTX_get_params(ctx EVP_MD_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MD_CTX_get_params(ctx, params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MD_CTX_get_params", uintptr(_err)) -+} -+ -+func EVP_MD_CTX_gettable_params(ctx EVP_MD_CTX_PTR) (OSSL_PARAM_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MD_CTX_gettable_params(ctx, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_MD_CTX_gettable_params", uintptr(_err)) -+} -+ -+func EVP_MD_CTX_new() (EVP_MD_CTX_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MD_CTX_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_MD_CTX_new", uintptr(_err)) -+} -+ -+func EVP_MD_CTX_set_params(ctx EVP_MD_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MD_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_MD_CTX_set_params", uintptr(_err)) -+} -+ -+func EVP_MD_CTX_settable_params(ctx EVP_MD_CTX_PTR) (OSSL_PARAM_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MD_CTX_settable_params(ctx, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_MD_CTX_settable_params", uintptr(_err)) -+} -+ -+func EVP_MD_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_MD_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_MD_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_MD_fetch", uintptr(_err)) -+} -+ -+func EVP_MD_free(md EVP_MD_PTR) { -+ C._mkcgo_EVP_MD_free(md) -+} -+ -+func EVP_MD_get0_name(md EVP_MD_PTR) *byte { -+ return (*byte)(unsafe.Pointer(C._mkcgo_EVP_MD_get0_name(md))) -+} -+ -+func EVP_MD_get0_provider(md EVP_MD_PTR) OSSL_PROVIDER_PTR { -+ return C._mkcgo_EVP_MD_get0_provider(md) -+} -+ -+func EVP_MD_get_block_size(md EVP_MD_PTR) int32 { -+ return int32(C._mkcgo_EVP_MD_get_block_size(md)) -+} -+ -+func EVP_MD_get_size(md EVP_MD_PTR) int32 { -+ return int32(C._mkcgo_EVP_MD_get_size(md)) -+} -+ -+func EVP_MD_get_type(md EVP_MD_PTR) int32 { -+ return int32(C._mkcgo_EVP_MD_get_type(md)) -+} -+ -+func EVP_PKEY_CTX_add1_hkdf_info(arg0 EVP_PKEY_CTX_PTR, arg1 []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_CTX_add1_hkdf_info(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), C.int(len(arg1)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_add1_hkdf_info", uintptr(_err)) -+} -+ -+func EVP_PKEY_CTX_ctrl(ctx EVP_PKEY_CTX_PTR, keytype int32, optype int32, cmd int32, p1 int32, p2 unsafe.Pointer) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_CTX_ctrl(ctx, C.int(keytype), C.int(optype), C.int(cmd), C.int(p1), p2, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_ctrl", uintptr(_err)) -+} -+ -+func EVP_PKEY_CTX_free(arg0 EVP_PKEY_CTX_PTR) { -+ C._mkcgo_EVP_PKEY_CTX_free(arg0) -+} -+ -+func EVP_PKEY_CTX_new(arg0 EVP_PKEY_PTR, arg1 ENGINE_PTR) (EVP_PKEY_CTX_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_CTX_new(arg0, arg1, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_CTX_new", uintptr(_err)) -+} -+ -+func EVP_PKEY_CTX_new_from_pkey(libctx OSSL_LIB_CTX_PTR, pkey EVP_PKEY_PTR, propquery *byte) (EVP_PKEY_CTX_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_CTX_new_from_pkey(libctx, pkey, (*C.char)(unsafe.Pointer(propquery)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_CTX_new_from_pkey", uintptr(_err)) -+} -+ -+func EVP_PKEY_CTX_new_id(id int32, e ENGINE_PTR) (EVP_PKEY_CTX_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_CTX_new_id(C.int(id), e, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_CTX_new_id", uintptr(_err)) -+} -+ -+func EVP_PKEY_CTX_set0_rsa_oaep_label(ctx EVP_PKEY_CTX_PTR, label []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(label))), C.int(len(label)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set0_rsa_oaep_label", uintptr(_err)) -+} -+ -+func EVP_PKEY_CTX_set1_hkdf_key(arg0 EVP_PKEY_CTX_PTR, arg1 []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_CTX_set1_hkdf_key(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), C.int(len(arg1)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set1_hkdf_key", uintptr(_err)) -+} -+ -+func EVP_PKEY_CTX_set1_hkdf_salt(arg0 EVP_PKEY_CTX_PTR, arg1 []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_CTX_set1_hkdf_salt(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), C.int(len(arg1)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set1_hkdf_salt", uintptr(_err)) -+} -+ -+func EVP_PKEY_CTX_set_hkdf_md(arg0 EVP_PKEY_CTX_PTR, arg1 EVP_MD_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_CTX_set_hkdf_md(arg0, arg1, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set_hkdf_md", uintptr(_err)) -+} -+ -+func EVP_PKEY_CTX_set_hkdf_mode(arg0 EVP_PKEY_CTX_PTR, arg1 int32) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_CTX_set_hkdf_mode(arg0, C.int(arg1), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set_hkdf_mode", uintptr(_err)) -+} -+ -+func EVP_PKEY_CTX_set_params(ctx EVP_PKEY_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set_params", uintptr(_err)) -+} -+ -+func EVP_PKEY_Q_keygen_EC(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 *byte) (EVP_PKEY_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_Q_keygen_EC(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), (*C.char)(unsafe.Pointer(arg1)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_EC", uintptr(_err)) -+} -+ -+func EVP_PKEY_Q_keygen_ED25519(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_Q_keygen_ED25519(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_ED25519", uintptr(_err)) -+} -+ -+func EVP_PKEY_Q_keygen_MLDSA(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_Q_keygen_MLDSA(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_MLDSA", uintptr(_err)) -+} -+ -+func EVP_PKEY_Q_keygen_MLKEM(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_Q_keygen_MLKEM(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_MLKEM", uintptr(_err)) -+} -+ -+func EVP_PKEY_Q_keygen_RSA(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 int) (EVP_PKEY_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_Q_keygen_RSA(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), C.size_t(arg1), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_RSA", uintptr(_err)) -+} -+ -+func EVP_PKEY_Q_keygen_X25519(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_Q_keygen_X25519(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_X25519", uintptr(_err)) -+} -+ -+func EVP_PKEY_assign(pkey EVP_PKEY_PTR, __type int32, key unsafe.Pointer) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_assign(pkey, C.int(__type), key, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_assign", uintptr(_err)) -+} -+ -+func EVP_PKEY_decapsulate(ctx EVP_PKEY_CTX_PTR, genkey *byte, genkeylen *int, wrappedkey *byte, wrappedkeylen int) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_decapsulate(ctx, (*C.uchar)(unsafe.Pointer(genkey)), (*C.size_t)(unsafe.Pointer(genkeylen)), (*C.uchar)(unsafe.Pointer(wrappedkey)), C.size_t(wrappedkeylen), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_decapsulate", uintptr(_err)) -+} -+ -+func EVP_PKEY_decapsulate_init(ctx EVP_PKEY_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_decapsulate_init(ctx, params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_decapsulate_init", uintptr(_err)) -+} -+ -+func EVP_PKEY_decrypt(arg0 EVP_PKEY_CTX_PTR, arg1 []byte, arg2 *int, arg3 []byte) (int32, error) { -+ if arg2 != nil && int(*arg2) > len(arg1) { -+ panic("EVP_PKEY_decrypt: *arg2 exceeds len(arg1)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_decrypt(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg3))), C.size_t(len(arg3)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_decrypt", uintptr(_err)) -+} -+ -+func EVP_PKEY_decrypt_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_decrypt_init(arg0, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_decrypt_init", uintptr(_err)) -+} -+ -+func EVP_PKEY_derive(ctx EVP_PKEY_CTX_PTR, key []byte, keylen *int) (int32, error) { -+ if keylen != nil && int(*keylen) > len(key) { -+ panic("EVP_PKEY_derive: *keylen exceeds len(key)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_derive(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), (*C.size_t)(unsafe.Pointer(keylen)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_derive", uintptr(_err)) -+} -+ -+func EVP_PKEY_derive_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_derive_init(ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_derive_init", uintptr(_err)) -+} -+ -+func EVP_PKEY_derive_set_peer(ctx EVP_PKEY_CTX_PTR, peer EVP_PKEY_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_derive_set_peer(ctx, peer, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_derive_set_peer", uintptr(_err)) -+} -+ -+func EVP_PKEY_encapsulate(ctx EVP_PKEY_CTX_PTR, wrappedkey *byte, wrappedkeylen *int, genkey *byte, genkeylen *int) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_encapsulate(ctx, (*C.uchar)(unsafe.Pointer(wrappedkey)), (*C.size_t)(unsafe.Pointer(wrappedkeylen)), (*C.uchar)(unsafe.Pointer(genkey)), (*C.size_t)(unsafe.Pointer(genkeylen)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_encapsulate", uintptr(_err)) -+} -+ -+func EVP_PKEY_encapsulate_init(ctx EVP_PKEY_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_encapsulate_init(ctx, params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_encapsulate_init", uintptr(_err)) -+} -+ -+func EVP_PKEY_encrypt(arg0 EVP_PKEY_CTX_PTR, arg1 []byte, arg2 *int, arg3 []byte) (int32, error) { -+ if arg2 != nil && int(*arg2) > len(arg1) { -+ panic("EVP_PKEY_encrypt: *arg2 exceeds len(arg1)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_encrypt(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg3))), C.size_t(len(arg3)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_encrypt", uintptr(_err)) -+} -+ -+func EVP_PKEY_encrypt_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_encrypt_init(arg0, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_encrypt_init", uintptr(_err)) -+} -+ -+func EVP_PKEY_free(arg0 EVP_PKEY_PTR) { -+ C._mkcgo_EVP_PKEY_free(arg0) -+} -+ -+func EVP_PKEY_fromdata(ctx EVP_PKEY_CTX_PTR, pkey *EVP_PKEY_PTR, selection int32, params OSSL_PARAM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_fromdata(ctx, pkey, C.int(selection), params, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_fromdata", uintptr(_err)) -+} -+ -+func EVP_PKEY_fromdata_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_fromdata_init(ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_fromdata_init", uintptr(_err)) -+} -+ -+func EVP_PKEY_get0_DSA(pkey EVP_PKEY_PTR) (DSA_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_get0_DSA(pkey, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_get0_DSA", uintptr(_err)) -+} -+ -+func EVP_PKEY_get0_EC_KEY(pkey EVP_PKEY_PTR) (EC_KEY_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_get0_EC_KEY(pkey, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_get0_EC_KEY", uintptr(_err)) -+} -+ -+func EVP_PKEY_get1_RSA(pkey EVP_PKEY_PTR) (RSA_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_get1_RSA(pkey, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_get1_RSA", uintptr(_err)) -+} -+ -+func EVP_PKEY_get1_encoded_public_key(pkey EVP_PKEY_PTR, ppub **byte) (int, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_get1_encoded_public_key(pkey, (**C.uchar)(unsafe.Pointer(ppub)), mkcgoNoEscape(&_err)) -+ return int(_ret), newMkcgoErr("EVP_PKEY_get1_encoded_public_key", uintptr(_err)) -+} -+ -+func EVP_PKEY_get_bits(pkey EVP_PKEY_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_get_bits(pkey, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_get_bits", uintptr(_err)) -+} -+ -+func EVP_PKEY_get_bn_param(pkey EVP_PKEY_PTR, key_name *byte, bn *BIGNUM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_get_bn_param(pkey, (*C.char)(unsafe.Pointer(key_name)), bn, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_get_bn_param", uintptr(_err)) -+} -+ -+func EVP_PKEY_get_octet_string_param(pkey EVP_PKEY_PTR, key_name *byte, buf []byte, out_len *int) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_get_octet_string_param(pkey, (*C.char)(unsafe.Pointer(key_name)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(buf))), C.size_t(len(buf)), (*C.size_t)(unsafe.Pointer(out_len)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_get_octet_string_param", uintptr(_err)) -+} -+ -+func EVP_PKEY_get_raw_private_key(pkey EVP_PKEY_PTR, priv []byte, privlen *int) (int32, error) { -+ if privlen != nil && int(*privlen) > len(priv) { -+ panic("EVP_PKEY_get_raw_private_key: *privlen exceeds len(priv)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_get_raw_private_key(pkey, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(priv))), (*C.size_t)(unsafe.Pointer(privlen)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_get_raw_private_key", uintptr(_err)) -+} -+ -+func EVP_PKEY_get_raw_public_key(pkey EVP_PKEY_PTR, pub []byte, publen *int) (int32, error) { -+ if publen != nil && int(*publen) > len(pub) { -+ panic("EVP_PKEY_get_raw_public_key: *publen exceeds len(pub)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_get_raw_public_key(pkey, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(pub))), (*C.size_t)(unsafe.Pointer(publen)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_get_raw_public_key", uintptr(_err)) -+} -+ -+func EVP_PKEY_get_size(pkey EVP_PKEY_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_get_size(pkey, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_get_size", uintptr(_err)) -+} -+ -+func EVP_PKEY_keygen(ctx EVP_PKEY_CTX_PTR, ppkey *EVP_PKEY_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_keygen(ctx, ppkey, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_keygen", uintptr(_err)) -+} -+ -+func EVP_PKEY_keygen_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_keygen_init(ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_keygen_init", uintptr(_err)) -+} -+ -+func EVP_PKEY_new() (EVP_PKEY_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_new", uintptr(_err)) -+} -+ -+func EVP_PKEY_new_raw_private_key(__type int32, e ENGINE_PTR, key []byte) (EVP_PKEY_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_new_raw_private_key(C.int(__type), e, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_new_raw_private_key", uintptr(_err)) -+} -+ -+func EVP_PKEY_new_raw_public_key(__type int32, e ENGINE_PTR, key []byte) (EVP_PKEY_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_new_raw_public_key(C.int(__type), e, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_PKEY_new_raw_public_key", uintptr(_err)) -+} -+ -+func EVP_PKEY_paramgen(ctx EVP_PKEY_CTX_PTR, ppkey *EVP_PKEY_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_paramgen(ctx, ppkey, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_paramgen", uintptr(_err)) -+} -+ -+func EVP_PKEY_paramgen_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_paramgen_init(ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_paramgen_init", uintptr(_err)) -+} -+ -+func EVP_PKEY_private_check(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_private_check(ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_private_check", uintptr(_err)) -+} -+ -+func EVP_PKEY_public_check_quick(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_public_check_quick(ctx, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_public_check_quick", uintptr(_err)) -+} -+ -+func EVP_PKEY_set1_EC_KEY(pkey EVP_PKEY_PTR, key EC_KEY_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_set1_EC_KEY(pkey, key, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_set1_EC_KEY", uintptr(_err)) -+} -+ -+func EVP_PKEY_set1_encoded_public_key(pkey EVP_PKEY_PTR, pub []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_set1_encoded_public_key(pkey, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(pub))), C.size_t(len(pub)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_set1_encoded_public_key", uintptr(_err)) -+} -+ -+func EVP_PKEY_sign(arg0 EVP_PKEY_CTX_PTR, arg1 []byte, arg2 *int, arg3 []byte) (int32, error) { -+ if arg2 != nil && int(*arg2) > len(arg1) { -+ panic("EVP_PKEY_sign: *arg2 exceeds len(arg1)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_sign(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg3))), C.size_t(len(arg3)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_sign", uintptr(_err)) -+} -+ -+func EVP_PKEY_sign_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_sign_init(arg0, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_sign_init", uintptr(_err)) -+} -+ -+func EVP_PKEY_up_ref(key EVP_PKEY_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_up_ref(key, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_up_ref", uintptr(_err)) -+} -+ -+func EVP_PKEY_verify(ctx EVP_PKEY_CTX_PTR, sig []byte, tbs []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_verify(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(sig))), C.size_t(len(sig)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(tbs))), C.size_t(len(tbs)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_verify", uintptr(_err)) -+} -+ -+func EVP_PKEY_verify_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_PKEY_verify_init(arg0, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_PKEY_verify_init", uintptr(_err)) -+} -+ -+func EVP_SIGNATURE_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_SIGNATURE_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_SIGNATURE_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("EVP_SIGNATURE_fetch", uintptr(_err)) -+} -+ -+func EVP_SIGNATURE_free(signature EVP_SIGNATURE_PTR) { -+ C._mkcgo_EVP_SIGNATURE_free(signature) -+} -+ -+func EVP_aes_128_cbc() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_128_cbc() -+} -+ -+func EVP_aes_128_ctr() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_128_ctr() -+} -+ -+func EVP_aes_128_ecb() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_128_ecb() -+} -+ -+func EVP_aes_128_gcm() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_128_gcm() -+} -+ -+func EVP_aes_192_cbc() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_192_cbc() -+} -+ -+func EVP_aes_192_ctr() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_192_ctr() -+} -+ -+func EVP_aes_192_ecb() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_192_ecb() -+} -+ -+func EVP_aes_192_gcm() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_192_gcm() -+} -+ -+func EVP_aes_256_cbc() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_256_cbc() -+} -+ -+func EVP_aes_256_ctr() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_256_ctr() -+} -+ -+func EVP_aes_256_ecb() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_256_ecb() -+} -+ -+func EVP_aes_256_gcm() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_aes_256_gcm() -+} -+ -+func EVP_chacha20_poly1305_Available() bool { -+ return C._mkcgo_available_EVP_chacha20_poly1305() != 0 -+} -+ -+func EVP_chacha20_poly1305() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_chacha20_poly1305() -+} -+ -+func EVP_default_properties_enable_fips(libctx OSSL_LIB_CTX_PTR, enable int32) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_EVP_default_properties_enable_fips(libctx, C.int(enable), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("EVP_default_properties_enable_fips", uintptr(_err)) -+} -+ -+func EVP_default_properties_is_fips_enabled(libctx OSSL_LIB_CTX_PTR) int32 { -+ return int32(C._mkcgo_EVP_default_properties_is_fips_enabled(libctx)) -+} -+ -+func EVP_des_cbc() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_des_cbc() -+} -+ -+func EVP_des_ecb() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_des_ecb() -+} -+ -+func EVP_des_ede3_cbc() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_des_ede3_cbc() -+} -+ -+func EVP_des_ede3_ecb() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_des_ede3_ecb() -+} -+ -+func EVP_md4() EVP_MD_PTR { -+ return C._mkcgo_EVP_md4() -+} -+ -+func EVP_md5() EVP_MD_PTR { -+ return C._mkcgo_EVP_md5() -+} -+ -+func EVP_md5_sha1() EVP_MD_PTR { -+ return C._mkcgo_EVP_md5_sha1() -+} -+ -+func EVP_rc4() EVP_CIPHER_PTR { -+ return C._mkcgo_EVP_rc4() -+} -+ -+func EVP_ripemd160() EVP_MD_PTR { -+ return C._mkcgo_EVP_ripemd160() -+} -+ -+func EVP_sha1() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha1() -+} -+ -+func EVP_sha224() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha224() -+} -+ -+func EVP_sha256() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha256() -+} -+ -+func EVP_sha384() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha384() -+} -+ -+func EVP_sha3_224() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha3_224() -+} -+ -+func EVP_sha3_256() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha3_256() -+} -+ -+func EVP_sha3_384() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha3_384() -+} -+ -+func EVP_sha3_512() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha3_512() -+} -+ -+func EVP_sha512() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha512() -+} -+ -+func EVP_sha512_224() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha512_224() -+} -+ -+func EVP_sha512_256() EVP_MD_PTR { -+ return C._mkcgo_EVP_sha512_256() -+} -+ -+func FIPS_mode() int32 { -+ return int32(C._mkcgo_FIPS_mode()) -+} -+ -+func FIPS_mode_set(r int32) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_FIPS_mode_set(C.int(r), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("FIPS_mode_set", uintptr(_err)) -+} -+ -+func HMAC_CTX_copy(dest HMAC_CTX_PTR, src HMAC_CTX_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_HMAC_CTX_copy(dest, src, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("HMAC_CTX_copy", uintptr(_err)) -+} -+ -+func HMAC_CTX_free(arg0 HMAC_CTX_PTR) { -+ C._mkcgo_HMAC_CTX_free(arg0) -+} -+ -+func HMAC_CTX_new() (HMAC_CTX_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_HMAC_CTX_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("HMAC_CTX_new", uintptr(_err)) -+} -+ -+func HMAC_Final(arg0 HMAC_CTX_PTR, arg1 []byte, arg2 *uint32) (int32, error) { -+ if arg2 != nil && int(*arg2) > len(arg1) { -+ panic("HMAC_Final: *arg2 exceeds len(arg1)") -+ } -+ var _err C.uintptr_t -+ _ret := C._mkcgo_HMAC_Final(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), (*C.uint)(unsafe.Pointer(arg2)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("HMAC_Final", uintptr(_err)) -+} -+ -+func HMAC_Init_ex(arg0 HMAC_CTX_PTR, arg1 []byte, arg3 EVP_MD_PTR, arg4 ENGINE_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_HMAC_Init_ex(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), C.int(len(arg1)), arg3, arg4, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("HMAC_Init_ex", uintptr(_err)) -+} -+ -+func HMAC_Update(arg0 HMAC_CTX_PTR, arg1 []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_HMAC_Update(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), C.size_t(len(arg1)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("HMAC_Update", uintptr(_err)) -+} -+ -+func OBJ_nid2sn(n int32) *byte { -+ return (*byte)(unsafe.Pointer(C._mkcgo_OBJ_nid2sn(C.int(n)))) -+} -+ -+func OPENSSL_init() { -+ C._mkcgo_OPENSSL_init() -+} -+ -+func OPENSSL_init_crypto(ops uint64, settings OPENSSL_INIT_SETTINGS_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_OPENSSL_init_crypto(C.uint64_t(ops), settings, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("OPENSSL_init_crypto", uintptr(_err)) -+} -+ -+func OPENSSL_version_major_Available() bool { -+ return C._mkcgo_available_OPENSSL_version_major() != 0 -+} -+ -+func OPENSSL_version_major() uint32 { -+ return uint32(C._mkcgo_OPENSSL_version_major()) -+} -+ -+func OPENSSL_version_minor_Available() bool { -+ return C._mkcgo_available_OPENSSL_version_minor() != 0 -+} -+ -+func OPENSSL_version_minor() uint32 { -+ return uint32(C._mkcgo_OPENSSL_version_minor()) -+} -+ -+func OPENSSL_version_patch_Available() bool { -+ return C._mkcgo_available_OPENSSL_version_patch() != 0 -+} -+ -+func OPENSSL_version_patch() uint32 { -+ return uint32(C._mkcgo_OPENSSL_version_patch()) -+} -+ -+func OSSL_PARAM_BLD_free(bld OSSL_PARAM_BLD_PTR) { -+ C._mkcgo_OSSL_PARAM_BLD_free(bld) -+} -+ -+func OSSL_PARAM_BLD_new() OSSL_PARAM_BLD_PTR { -+ return C._mkcgo_OSSL_PARAM_BLD_new() -+} -+ -+func OSSL_PARAM_BLD_push_BN(bld OSSL_PARAM_BLD_PTR, key *byte, bn BIGNUM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_OSSL_PARAM_BLD_push_BN(bld, (*C.char)(unsafe.Pointer(key)), bn, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_BN", uintptr(_err)) -+} -+ -+func OSSL_PARAM_BLD_push_int32(bld OSSL_PARAM_BLD_PTR, key *byte, num int32) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_OSSL_PARAM_BLD_push_int32(bld, (*C.char)(unsafe.Pointer(key)), C.int32_t(num), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_int32", uintptr(_err)) -+} -+ -+func OSSL_PARAM_BLD_push_octet_string(bld OSSL_PARAM_BLD_PTR, key *byte, buf []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_OSSL_PARAM_BLD_push_octet_string(bld, (*C.char)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(buf))), C.size_t(len(buf)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_octet_string", uintptr(_err)) -+} -+ -+func OSSL_PARAM_BLD_push_utf8_string(bld OSSL_PARAM_BLD_PTR, key *byte, buf []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_OSSL_PARAM_BLD_push_utf8_string(bld, (*C.char)(unsafe.Pointer(key)), (*C.char)(unsafe.Pointer(unsafe.SliceData(buf))), C.size_t(len(buf)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_utf8_string", uintptr(_err)) -+} -+ -+func OSSL_PARAM_BLD_to_param(bld OSSL_PARAM_BLD_PTR) (OSSL_PARAM_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_OSSL_PARAM_BLD_to_param(bld, mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("OSSL_PARAM_BLD_to_param", uintptr(_err)) -+} -+ -+func OSSL_PARAM_free(p OSSL_PARAM_PTR) { -+ C._mkcgo_OSSL_PARAM_free(p) -+} -+ -+func OSSL_PARAM_locate_const(p OSSL_PARAM_PTR, key *byte) (OSSL_PARAM_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_OSSL_PARAM_locate_const(p, (*C.char)(unsafe.Pointer(key)), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("OSSL_PARAM_locate_const", uintptr(_err)) -+} -+ -+func OSSL_PROVIDER_available(libctx OSSL_LIB_CTX_PTR, name *byte) int32 { -+ return int32(C._mkcgo_OSSL_PROVIDER_available(libctx, (*C.char)(unsafe.Pointer(name)))) -+} -+ -+func OSSL_PROVIDER_get0_name(prov OSSL_PROVIDER_PTR) *byte { -+ return (*byte)(unsafe.Pointer(C._mkcgo_OSSL_PROVIDER_get0_name(prov))) -+} -+ -+func OSSL_PROVIDER_try_load(libctx OSSL_LIB_CTX_PTR, name *byte, retain_fallbacks int32) (OSSL_PROVIDER_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_OSSL_PROVIDER_try_load(libctx, (*C.char)(unsafe.Pointer(name)), C.int(retain_fallbacks), mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("OSSL_PROVIDER_try_load", uintptr(_err)) -+} -+ -+func OpenSSL_version(__type int32) *byte { -+ return (*byte)(unsafe.Pointer(C._mkcgo_OpenSSL_version(C.int(__type)))) -+} -+ -+func OpenSSL_version_num_Available() bool { -+ return C._mkcgo_available_OpenSSL_version_num() != 0 -+} -+ -+func OpenSSL_version_num() uint64 { -+ return uint64(C._mkcgo_OpenSSL_version_num()) -+} -+ -+func PKCS5_PBKDF2_HMAC(pass []byte, salt []byte, iter int32, digest EVP_MD_PTR, out []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_PKCS5_PBKDF2_HMAC((*C.char)(unsafe.Pointer(unsafe.SliceData(pass))), C.int(len(pass)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(salt))), C.int(len(salt)), C.int(iter), digest, C.int(len(out)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("PKCS5_PBKDF2_HMAC", uintptr(_err)) -+} -+ -+func RAND_bytes(arg0 []byte) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_RAND_bytes((*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg0))), C.int(len(arg0)), mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("RAND_bytes", uintptr(_err)) -+} -+ -+func RSA_free(arg0 RSA_PTR) { -+ C._mkcgo_RSA_free(arg0) -+} -+ -+func RSA_get0_crt_params(r RSA_PTR, dmp1 *BIGNUM_PTR, dmq1 *BIGNUM_PTR, iqmp *BIGNUM_PTR) { -+ C._mkcgo_RSA_get0_crt_params(r, dmp1, dmq1, iqmp) -+} -+ -+func RSA_get0_factors(rsa RSA_PTR, p *BIGNUM_PTR, q *BIGNUM_PTR) { -+ C._mkcgo_RSA_get0_factors(rsa, p, q) -+} -+ -+func RSA_get0_key(rsa RSA_PTR, n *BIGNUM_PTR, e *BIGNUM_PTR, d *BIGNUM_PTR) { -+ C._mkcgo_RSA_get0_key(rsa, n, e, d) -+} -+ -+func RSA_new() (RSA_PTR, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_RSA_new(mkcgoNoEscape(&_err)) -+ return _ret, newMkcgoErr("RSA_new", uintptr(_err)) -+} -+ -+func RSA_set0_crt_params(rsa RSA_PTR, dmp1 BIGNUM_PTR, dmp2 BIGNUM_PTR, iqmp BIGNUM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_RSA_set0_crt_params(rsa, dmp1, dmp2, iqmp, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("RSA_set0_crt_params", uintptr(_err)) -+} -+ -+func RSA_set0_factors(rsa RSA_PTR, p BIGNUM_PTR, q BIGNUM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_RSA_set0_factors(rsa, p, q, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("RSA_set0_factors", uintptr(_err)) -+} -+ -+func RSA_set0_key(r RSA_PTR, n BIGNUM_PTR, e BIGNUM_PTR, d BIGNUM_PTR) (int32, error) { -+ var _err C.uintptr_t -+ _ret := C._mkcgo_RSA_set0_key(r, n, e, d, mkcgoNoEscape(&_err)) -+ return int32(_ret), newMkcgoErr("RSA_set0_key", uintptr(_err)) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_nocgo.go b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_nocgo.go -new file mode 100644 -index 00000000000000..9940275b3749ff ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/internal/ossl/zossl_nocgo.go -@@ -0,0 +1,2468 @@ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+//go:build !cgo -+ -+package ossl -+ -+import ( -+ "runtime" -+ "unsafe" -+) -+ -+var _ = runtime.GOOS -+ -+var _mkcgoAlwaysFalseOssl bool -+var _mkcgoEscapeSinkOssl unsafe.Pointer -+ -+// mkcgoEscapePtrOssl forces p to escape to the heap. -+// This implementation is also used in the standard library: -+// https://github.com/golang/go/blob/f71432d223eeb2139b460957817400750fd13655/src/internal/abi/escape.go#L24-L33 -+func mkcgoEscapePtrOssl(p unsafe.Pointer) unsafe.Pointer { -+ if _mkcgoAlwaysFalseOssl { -+ _mkcgoEscapeSinkOssl = p -+ } -+ return p -+} -+ -+type OPENSSL_INIT_SETTINGS_PTR unsafe.Pointer -+type OSSL_LIB_CTX_PTR unsafe.Pointer -+type OSSL_PROVIDER_PTR unsafe.Pointer -+type ENGINE_PTR unsafe.Pointer -+type EVP_PKEY_PTR unsafe.Pointer -+type EVP_PKEY_CTX_PTR unsafe.Pointer -+type EVP_MD_PTR unsafe.Pointer -+type EVP_MD_CTX_PTR unsafe.Pointer -+type HMAC_CTX_PTR unsafe.Pointer -+type EVP_CIPHER_PTR unsafe.Pointer -+type EVP_CIPHER_CTX_PTR unsafe.Pointer -+type EC_KEY_PTR unsafe.Pointer -+type EC_POINT_PTR unsafe.Pointer -+type EC_GROUP_PTR unsafe.Pointer -+type RSA_PTR unsafe.Pointer -+type BIGNUM_PTR unsafe.Pointer -+type BN_CTX_PTR unsafe.Pointer -+type EVP_MAC_PTR unsafe.Pointer -+type EVP_MAC_CTX_PTR unsafe.Pointer -+type OSSL_PARAM_BLD_PTR unsafe.Pointer -+type OSSL_PARAM_PTR unsafe.Pointer -+type EVP_SIGNATURE_PTR unsafe.Pointer -+type EVP_KEYMGMT_PTR unsafe.Pointer -+type DSA_PTR unsafe.Pointer -+type EVP_KDF_PTR unsafe.Pointer -+type EVP_KDF_CTX_PTR unsafe.Pointer -+type BIO_METHOD_PTR unsafe.Pointer -+type BIO_PTR unsafe.Pointer -+type Point_conversion_form_t = int32 -+ -+var _mkcgo_BIO_ctrl uintptr -+ -+func BIO_ctrl(bp BIO_PTR, cmd int32, larg int64, parg unsafe.Pointer) int64 { -+ r0, _ := syscallN(0, _mkcgo_BIO_ctrl, uintptr(bp), uintptr(cmd), uintptr(larg), uintptr(parg)) -+ return int64(r0) -+} -+ -+var _mkcgo_BIO_free uintptr -+ -+func BIO_free(a BIO_PTR) int32 { -+ r0, _ := syscallN(0, _mkcgo_BIO_free, uintptr(a)) -+ return int32(r0) -+} -+ -+var _mkcgo_BIO_new uintptr -+ -+func BIO_new(__type BIO_METHOD_PTR) (BIO_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_BIO_new, uintptr(__type), uintptr(unsafe.Pointer(&_err))) -+ return BIO_PTR(r0), newMkcgoErr("BIO_new", _err) -+} -+ -+var _mkcgo_BIO_s_mem uintptr -+ -+func BIO_s_mem() BIO_METHOD_PTR { -+ r0, _ := syscallN(0, _mkcgo_BIO_s_mem) -+ return BIO_METHOD_PTR(r0) -+} -+ -+var _mkcgo_BN_bin2bn uintptr -+ -+func BN_bin2bn(arg0 []byte, arg2 BIGNUM_PTR) (BIGNUM_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_BN_bin2bn, uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg0)))), uintptr(len(arg0)), uintptr(arg2), uintptr(unsafe.Pointer(&_err))) -+ return BIGNUM_PTR(r0), newMkcgoErr("BN_bin2bn", _err) -+} -+ -+var _mkcgo_BN_bn2binpad uintptr -+ -+func BN_bn2binpad(a BIGNUM_PTR, to []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(2, _mkcgo_BN_bn2binpad, uintptr(a), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(to)))), uintptr(len(to)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("BN_bn2binpad", _err) -+} -+ -+var _mkcgo_BN_bn2lebinpad uintptr -+ -+func BN_bn2lebinpad(a BIGNUM_PTR, to []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(2, _mkcgo_BN_bn2lebinpad, uintptr(a), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(to)))), uintptr(len(to)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("BN_bn2lebinpad", _err) -+} -+ -+var _mkcgo_BN_clear uintptr -+ -+func BN_clear(arg0 BIGNUM_PTR) { -+ syscallN(0, _mkcgo_BN_clear, uintptr(arg0)) -+} -+ -+var _mkcgo_BN_clear_free uintptr -+ -+func BN_clear_free(arg0 BIGNUM_PTR) { -+ syscallN(0, _mkcgo_BN_clear_free, uintptr(arg0)) -+} -+ -+var _mkcgo_BN_free uintptr -+ -+func BN_free(arg0 BIGNUM_PTR) { -+ syscallN(0, _mkcgo_BN_free, uintptr(arg0)) -+} -+ -+var _mkcgo_BN_lebin2bn uintptr -+ -+func BN_lebin2bn(s []byte, ret BIGNUM_PTR) (BIGNUM_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_BN_lebin2bn, uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(s)))), uintptr(len(s)), uintptr(ret), uintptr(unsafe.Pointer(&_err))) -+ return BIGNUM_PTR(r0), newMkcgoErr("BN_lebin2bn", _err) -+} -+ -+var _mkcgo_BN_new uintptr -+ -+func BN_new() (BIGNUM_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_BN_new, uintptr(unsafe.Pointer(&_err))) -+ return BIGNUM_PTR(r0), newMkcgoErr("BN_new", _err) -+} -+ -+var _mkcgo_BN_num_bits uintptr -+ -+func BN_num_bits(arg0 BIGNUM_PTR) int32 { -+ r0, _ := syscallN(0, _mkcgo_BN_num_bits, uintptr(arg0)) -+ return int32(r0) -+} -+ -+var _mkcgo_CRYPTO_free uintptr -+ -+func CRYPTO_free(str unsafe.Pointer, file *byte, line int32) { -+ syscallN(0, _mkcgo_CRYPTO_free, uintptr(str), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(file))), uintptr(line)) -+} -+ -+var _mkcgo_CRYPTO_malloc uintptr -+ -+func CRYPTO_malloc(num int, file *byte, line int32) (unsafe.Pointer, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_CRYPTO_malloc, uintptr(num), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(file))), uintptr(line), uintptr(unsafe.Pointer(&_err))) -+ return unsafe.Pointer(r0), newMkcgoErr("CRYPTO_malloc", _err) -+} -+ -+var _mkcgo_DSA_free uintptr -+ -+func DSA_free(r DSA_PTR) { -+ syscallN(0, _mkcgo_DSA_free, uintptr(r)) -+} -+ -+var _mkcgo_DSA_generate_key uintptr -+ -+func DSA_generate_key(a DSA_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_DSA_generate_key, uintptr(a), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("DSA_generate_key", _err) -+} -+ -+var _mkcgo_DSA_get0_key uintptr -+ -+func DSA_get0_key(d DSA_PTR, pub_key *BIGNUM_PTR, priv_key *BIGNUM_PTR) { -+ syscallN(0, _mkcgo_DSA_get0_key, uintptr(d), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(pub_key))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(priv_key)))) -+} -+ -+var _mkcgo_DSA_get0_pqg uintptr -+ -+func DSA_get0_pqg(d DSA_PTR, p *BIGNUM_PTR, q *BIGNUM_PTR, g *BIGNUM_PTR) { -+ syscallN(0, _mkcgo_DSA_get0_pqg, uintptr(d), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(p))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(q))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(g)))) -+} -+ -+var _mkcgo_DSA_new uintptr -+ -+func DSA_new() (DSA_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_DSA_new, uintptr(unsafe.Pointer(&_err))) -+ return DSA_PTR(r0), newMkcgoErr("DSA_new", _err) -+} -+ -+var _mkcgo_DSA_set0_key uintptr -+ -+func DSA_set0_key(d DSA_PTR, pub_key BIGNUM_PTR, priv_key BIGNUM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_DSA_set0_key, uintptr(d), uintptr(pub_key), uintptr(priv_key), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("DSA_set0_key", _err) -+} -+ -+var _mkcgo_DSA_set0_pqg uintptr -+ -+func DSA_set0_pqg(d DSA_PTR, p BIGNUM_PTR, q BIGNUM_PTR, g BIGNUM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_DSA_set0_pqg, uintptr(d), uintptr(p), uintptr(q), uintptr(g), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("DSA_set0_pqg", _err) -+} -+ -+var _mkcgo_EC_GROUP_free uintptr -+ -+func EC_GROUP_free(group EC_GROUP_PTR) { -+ syscallN(0, _mkcgo_EC_GROUP_free, uintptr(group)) -+} -+ -+var _mkcgo_EC_GROUP_new_by_curve_name uintptr -+ -+func EC_GROUP_new_by_curve_name(nid int32) (EC_GROUP_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EC_GROUP_new_by_curve_name, uintptr(nid), uintptr(unsafe.Pointer(&_err))) -+ return EC_GROUP_PTR(r0), newMkcgoErr("EC_GROUP_new_by_curve_name", _err) -+} -+ -+var _mkcgo_EC_KEY_check_key uintptr -+ -+func EC_KEY_check_key(key EC_KEY_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EC_KEY_check_key, uintptr(key), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EC_KEY_check_key", _err) -+} -+ -+var _mkcgo_EC_KEY_free uintptr -+ -+func EC_KEY_free(arg0 EC_KEY_PTR) { -+ syscallN(0, _mkcgo_EC_KEY_free, uintptr(arg0)) -+} -+ -+var _mkcgo_EC_KEY_get0_group uintptr -+ -+func EC_KEY_get0_group(arg0 EC_KEY_PTR) EC_GROUP_PTR { -+ r0, _ := syscallN(0, _mkcgo_EC_KEY_get0_group, uintptr(arg0)) -+ return EC_GROUP_PTR(r0) -+} -+ -+var _mkcgo_EC_KEY_get0_private_key uintptr -+ -+func EC_KEY_get0_private_key(arg0 EC_KEY_PTR) BIGNUM_PTR { -+ r0, _ := syscallN(0, _mkcgo_EC_KEY_get0_private_key, uintptr(arg0)) -+ return BIGNUM_PTR(r0) -+} -+ -+var _mkcgo_EC_KEY_get0_public_key uintptr -+ -+func EC_KEY_get0_public_key(arg0 EC_KEY_PTR) EC_POINT_PTR { -+ r0, _ := syscallN(0, _mkcgo_EC_KEY_get0_public_key, uintptr(arg0)) -+ return EC_POINT_PTR(r0) -+} -+ -+var _mkcgo_EC_KEY_new_by_curve_name uintptr -+ -+func EC_KEY_new_by_curve_name(arg0 int32) (EC_KEY_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EC_KEY_new_by_curve_name, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) -+ return EC_KEY_PTR(r0), newMkcgoErr("EC_KEY_new_by_curve_name", _err) -+} -+ -+var _mkcgo_EC_KEY_set_private_key uintptr -+ -+func EC_KEY_set_private_key(arg0 EC_KEY_PTR, arg1 BIGNUM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EC_KEY_set_private_key, uintptr(arg0), uintptr(arg1), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EC_KEY_set_private_key", _err) -+} -+ -+var _mkcgo_EC_KEY_set_public_key uintptr -+ -+func EC_KEY_set_public_key(key EC_KEY_PTR, pub EC_POINT_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EC_KEY_set_public_key, uintptr(key), uintptr(pub), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EC_KEY_set_public_key", _err) -+} -+ -+var _mkcgo_EC_KEY_set_public_key_affine_coordinates uintptr -+ -+func EC_KEY_set_public_key_affine_coordinates(key EC_KEY_PTR, x BIGNUM_PTR, y BIGNUM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EC_KEY_set_public_key_affine_coordinates, uintptr(key), uintptr(x), uintptr(y), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EC_KEY_set_public_key_affine_coordinates", _err) -+} -+ -+var _mkcgo_EC_POINT_free uintptr -+ -+func EC_POINT_free(arg0 EC_POINT_PTR) { -+ syscallN(0, _mkcgo_EC_POINT_free, uintptr(arg0)) -+} -+ -+var _mkcgo_EC_POINT_get_affine_coordinates_GFp uintptr -+ -+func EC_POINT_get_affine_coordinates_GFp(arg0 EC_GROUP_PTR, arg1 EC_POINT_PTR, arg2 BIGNUM_PTR, arg3 BIGNUM_PTR, arg4 BN_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EC_POINT_get_affine_coordinates_GFp, uintptr(arg0), uintptr(arg1), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EC_POINT_get_affine_coordinates_GFp", _err) -+} -+ -+var _mkcgo_EC_POINT_mul uintptr -+ -+func EC_POINT_mul(group EC_GROUP_PTR, r EC_POINT_PTR, n BIGNUM_PTR, q EC_POINT_PTR, m BIGNUM_PTR, ctx BN_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EC_POINT_mul, uintptr(group), uintptr(r), uintptr(n), uintptr(q), uintptr(m), uintptr(ctx), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EC_POINT_mul", _err) -+} -+ -+var _mkcgo_EC_POINT_new uintptr -+ -+func EC_POINT_new(arg0 EC_GROUP_PTR) (EC_POINT_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EC_POINT_new, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) -+ return EC_POINT_PTR(r0), newMkcgoErr("EC_POINT_new", _err) -+} -+ -+var _mkcgo_EC_POINT_oct2point uintptr -+ -+func EC_POINT_oct2point(group EC_GROUP_PTR, p EC_POINT_PTR, buf []byte, ctx BN_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EC_POINT_oct2point, uintptr(group), uintptr(p), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(buf)))), uintptr(len(buf)), uintptr(ctx), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EC_POINT_oct2point", _err) -+} -+ -+var _mkcgo_EC_POINT_point2oct uintptr -+ -+func EC_POINT_point2oct(group EC_GROUP_PTR, p EC_POINT_PTR, form Point_conversion_form_t, buf []byte, ctx BN_CTX_PTR) (int, error) { -+ var _err uintptr -+ r0, _ := syscallN(4, _mkcgo_EC_POINT_point2oct, uintptr(group), uintptr(p), uintptr(form), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(buf)))), uintptr(len(buf)), uintptr(ctx), uintptr(unsafe.Pointer(&_err))) -+ return int(r0), newMkcgoErr("EC_POINT_point2oct", _err) -+} -+ -+var _mkcgo_EC_POINT_set_affine_coordinates uintptr -+ -+func EC_POINT_set_affine_coordinates(arg0 EC_GROUP_PTR, arg1 EC_POINT_PTR, arg2 BIGNUM_PTR, arg3 BIGNUM_PTR, arg4 BN_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EC_POINT_set_affine_coordinates, uintptr(arg0), uintptr(arg1), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EC_POINT_set_affine_coordinates", _err) -+} -+ -+var _mkcgo_ERR_peek_error uintptr -+ -+func ERR_peek_error() uint64 { -+ r0, _ := syscallN(0, _mkcgo_ERR_peek_error) -+ return uint64(r0) -+} -+ -+var _mkcgo_ERR_print_errors uintptr -+ -+func ERR_print_errors(bp BIO_PTR) { -+ syscallN(0, _mkcgo_ERR_print_errors, uintptr(bp)) -+} -+ -+var _mkcgo_EVP_CIPHER_CTX_ctrl uintptr -+ -+func EVP_CIPHER_CTX_ctrl(ctx EVP_CIPHER_CTX_PTR, __type int32, arg int32, ptr unsafe.Pointer) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_CIPHER_CTX_ctrl, uintptr(ctx), uintptr(__type), uintptr(arg), uintptr(ptr), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_CIPHER_CTX_ctrl", _err) -+} -+ -+var _mkcgo_EVP_CIPHER_CTX_free uintptr -+ -+func EVP_CIPHER_CTX_free(arg0 EVP_CIPHER_CTX_PTR) { -+ syscallN(0, _mkcgo_EVP_CIPHER_CTX_free, uintptr(arg0)) -+} -+ -+var _mkcgo_EVP_CIPHER_CTX_new uintptr -+ -+func EVP_CIPHER_CTX_new() (EVP_CIPHER_CTX_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_CIPHER_CTX_new, uintptr(unsafe.Pointer(&_err))) -+ return EVP_CIPHER_CTX_PTR(r0), newMkcgoErr("EVP_CIPHER_CTX_new", _err) -+} -+ -+var _mkcgo_EVP_CIPHER_CTX_set_key_length uintptr -+ -+func EVP_CIPHER_CTX_set_key_length(x EVP_CIPHER_CTX_PTR, keylen int32) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_CIPHER_CTX_set_key_length, uintptr(x), uintptr(keylen), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_CIPHER_CTX_set_key_length", _err) -+} -+ -+var _mkcgo_EVP_CIPHER_CTX_set_padding uintptr -+ -+func EVP_CIPHER_CTX_set_padding(x EVP_CIPHER_CTX_PTR, padding int32) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_CIPHER_CTX_set_padding, uintptr(x), uintptr(padding), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_CIPHER_CTX_set_padding", _err) -+} -+ -+var _mkcgo_EVP_CIPHER_fetch uintptr -+ -+func EVP_CIPHER_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_CIPHER_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_CIPHER_fetch, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(algorithm))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(properties))), uintptr(unsafe.Pointer(&_err))) -+ return EVP_CIPHER_PTR(r0), newMkcgoErr("EVP_CIPHER_fetch", _err) -+} -+ -+var _mkcgo_EVP_CIPHER_get0_name uintptr -+ -+func EVP_CIPHER_get0_name(cipher EVP_CIPHER_PTR) *byte { -+ r0, _ := syscallN(0, _mkcgo_EVP_CIPHER_get0_name, uintptr(cipher)) -+ return (*byte)(unsafe.Pointer(r0)) -+} -+ -+var _mkcgo_EVP_CIPHER_get_block_size uintptr -+ -+func EVP_CIPHER_get_block_size(cipher EVP_CIPHER_PTR) int32 { -+ r0, _ := syscallN(0, _mkcgo_EVP_CIPHER_get_block_size, uintptr(cipher)) -+ return int32(r0) -+} -+ -+var _mkcgo_EVP_CipherInit_ex uintptr -+ -+func EVP_CipherInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte, enc int32) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_CipherInit_ex, uintptr(ctx), uintptr(__type), uintptr(impl), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(iv))), uintptr(enc), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_CipherInit_ex", _err) -+} -+ -+var _mkcgo_EVP_CipherUpdate uintptr -+ -+func EVP_CipherUpdate(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32, in []byte) (int32, error) { -+ if outl != nil && int(*outl) > len(out) { -+ panic("EVP_CipherUpdate: *outl exceeds len(out)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_CipherUpdate, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(unsafe.Pointer(outl)), uintptr(unsafe.Pointer(unsafe.SliceData(in))), uintptr(len(in)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_CipherUpdate", _err) -+} -+ -+var _mkcgo_EVP_DecryptFinal_ex uintptr -+ -+func EVP_DecryptFinal_ex(ctx EVP_CIPHER_CTX_PTR, outm []byte, outl *int32) (int32, error) { -+ if outl != nil && int(*outl) > len(outm) { -+ panic("EVP_DecryptFinal_ex: *outl exceeds len(outm)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DecryptFinal_ex, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(outm))), uintptr(unsafe.Pointer(outl)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DecryptFinal_ex", _err) -+} -+ -+var _mkcgo_EVP_DecryptInit_ex uintptr -+ -+func EVP_DecryptInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DecryptInit_ex, uintptr(ctx), uintptr(__type), uintptr(impl), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(iv))), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DecryptInit_ex", _err) -+} -+ -+var _mkcgo_EVP_DecryptUpdate uintptr -+ -+func EVP_DecryptUpdate(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32, in []byte) (int32, error) { -+ if outl != nil && int(*outl) > len(out) { -+ panic("EVP_DecryptUpdate: *outl exceeds len(out)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DecryptUpdate, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(unsafe.Pointer(outl)), uintptr(unsafe.Pointer(unsafe.SliceData(in))), uintptr(len(in)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DecryptUpdate", _err) -+} -+ -+var _mkcgo_EVP_Digest uintptr -+ -+func EVP_Digest(data []byte, md []byte, size *uint32, __type EVP_MD_PTR, impl ENGINE_PTR) (int32, error) { -+ if size != nil && int(*size) > len(md) { -+ panic("EVP_Digest: *size exceeds len(md)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_Digest, uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data)), uintptr(unsafe.Pointer(unsafe.SliceData(md))), uintptr(unsafe.Pointer(size)), uintptr(__type), uintptr(impl), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_Digest", _err) -+} -+ -+var _mkcgo_EVP_DigestFinalXOF uintptr -+ -+func EVP_DigestFinalXOF(ctx EVP_MD_CTX_PTR, md []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DigestFinalXOF, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(md))), uintptr(len(md)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DigestFinalXOF", _err) -+} -+ -+var _mkcgo_EVP_DigestFinal_ex uintptr -+ -+func EVP_DigestFinal_ex(ctx EVP_MD_CTX_PTR, md []byte, s *uint32) (int32, error) { -+ if s != nil && int(*s) > len(md) { -+ panic("EVP_DigestFinal_ex: *s exceeds len(md)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DigestFinal_ex, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(md))), uintptr(unsafe.Pointer(s)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DigestFinal_ex", _err) -+} -+ -+var _mkcgo_EVP_DigestInit uintptr -+ -+func EVP_DigestInit(ctx EVP_MD_CTX_PTR, __type EVP_MD_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DigestInit, uintptr(ctx), uintptr(__type), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DigestInit", _err) -+} -+ -+var _mkcgo_EVP_DigestInit_ex uintptr -+ -+func EVP_DigestInit_ex(ctx EVP_MD_CTX_PTR, __type EVP_MD_PTR, impl ENGINE_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DigestInit_ex, uintptr(ctx), uintptr(__type), uintptr(impl), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DigestInit_ex", _err) -+} -+ -+var _mkcgo_EVP_DigestSign uintptr -+ -+func EVP_DigestSign(ctx EVP_MD_CTX_PTR, sigret []byte, siglen *int, tbs []byte) (int32, error) { -+ if siglen != nil && int(*siglen) > len(sigret) { -+ panic("EVP_DigestSign: *siglen exceeds len(sigret)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DigestSign, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(sigret))), uintptr(unsafe.Pointer(siglen)), uintptr(unsafe.Pointer(unsafe.SliceData(tbs))), uintptr(len(tbs)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DigestSign", _err) -+} -+ -+var _mkcgo_EVP_DigestSignFinal uintptr -+ -+func EVP_DigestSignFinal(ctx EVP_MD_CTX_PTR, sig []byte, siglen *int) (int32, error) { -+ if siglen != nil && int(*siglen) > len(sig) { -+ panic("EVP_DigestSignFinal: *siglen exceeds len(sig)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DigestSignFinal, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(sig)))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(siglen))), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DigestSignFinal", _err) -+} -+ -+var _mkcgo_EVP_DigestSignInit uintptr -+ -+func EVP_DigestSignInit(ctx EVP_MD_CTX_PTR, pctx *EVP_PKEY_CTX_PTR, __type EVP_MD_PTR, e ENGINE_PTR, pkey EVP_PKEY_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DigestSignInit, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(pctx))), uintptr(__type), uintptr(e), uintptr(pkey), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DigestSignInit", _err) -+} -+ -+func EVP_DigestSqueeze_Available() bool { -+ return _mkcgo_EVP_DigestSqueeze != 0 -+} -+ -+var _mkcgo_EVP_DigestSqueeze uintptr -+ -+func EVP_DigestSqueeze(ctx EVP_MD_CTX_PTR, out []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DigestSqueeze, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(len(out)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DigestSqueeze", _err) -+} -+ -+var _mkcgo_EVP_DigestUpdate uintptr -+ -+func EVP_DigestUpdate(ctx EVP_MD_CTX_PTR, d []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DigestUpdate, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(d))), uintptr(len(d)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DigestUpdate", _err) -+} -+ -+var _mkcgo_EVP_DigestVerify uintptr -+ -+func EVP_DigestVerify(ctx EVP_MD_CTX_PTR, sigret []byte, tbs []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DigestVerify, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(sigret)))), uintptr(len(sigret)), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(tbs)))), uintptr(len(tbs)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DigestVerify", _err) -+} -+ -+var _mkcgo_EVP_DigestVerifyFinal uintptr -+ -+func EVP_DigestVerifyFinal(ctx EVP_MD_CTX_PTR, sig []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DigestVerifyFinal, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(sig)))), uintptr(len(sig)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DigestVerifyFinal", _err) -+} -+ -+var _mkcgo_EVP_DigestVerifyInit uintptr -+ -+func EVP_DigestVerifyInit(ctx EVP_MD_CTX_PTR, pctx *EVP_PKEY_CTX_PTR, __type EVP_MD_PTR, e ENGINE_PTR, pkey EVP_PKEY_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_DigestVerifyInit, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(pctx))), uintptr(__type), uintptr(e), uintptr(pkey), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_DigestVerifyInit", _err) -+} -+ -+var _mkcgo_EVP_EncryptFinal_ex uintptr -+ -+func EVP_EncryptFinal_ex(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32) (int32, error) { -+ if outl != nil && int(*outl) > len(out) { -+ panic("EVP_EncryptFinal_ex: *outl exceeds len(out)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_EncryptFinal_ex, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(unsafe.Pointer(outl)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_EncryptFinal_ex", _err) -+} -+ -+var _mkcgo_EVP_EncryptInit_ex uintptr -+ -+func EVP_EncryptInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_EncryptInit_ex, uintptr(ctx), uintptr(__type), uintptr(impl), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(iv))), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_EncryptInit_ex", _err) -+} -+ -+var _mkcgo_EVP_EncryptUpdate uintptr -+ -+func EVP_EncryptUpdate(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32, in []byte) (int32, error) { -+ if outl != nil && int(*outl) > len(out) { -+ panic("EVP_EncryptUpdate: *outl exceeds len(out)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_EncryptUpdate, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(unsafe.Pointer(outl)), uintptr(unsafe.Pointer(unsafe.SliceData(in))), uintptr(len(in)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_EncryptUpdate", _err) -+} -+ -+var _mkcgo_EVP_KDF_CTX_free uintptr -+ -+func EVP_KDF_CTX_free(ctx EVP_KDF_CTX_PTR) { -+ syscallN(0, _mkcgo_EVP_KDF_CTX_free, uintptr(ctx)) -+} -+ -+var _mkcgo_EVP_KDF_CTX_get_kdf_size uintptr -+ -+func EVP_KDF_CTX_get_kdf_size(ctx EVP_KDF_CTX_PTR) (int, error) { -+ var _err uintptr -+ r0, _ := syscallN(4, _mkcgo_EVP_KDF_CTX_get_kdf_size, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) -+ return int(r0), newMkcgoErr("EVP_KDF_CTX_get_kdf_size", _err) -+} -+ -+var _mkcgo_EVP_KDF_CTX_new uintptr -+ -+func EVP_KDF_CTX_new(kdf EVP_KDF_PTR) (EVP_KDF_CTX_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_KDF_CTX_new, uintptr(kdf), uintptr(unsafe.Pointer(&_err))) -+ return EVP_KDF_CTX_PTR(r0), newMkcgoErr("EVP_KDF_CTX_new", _err) -+} -+ -+var _mkcgo_EVP_KDF_CTX_set_params uintptr -+ -+func EVP_KDF_CTX_set_params(ctx EVP_KDF_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_KDF_CTX_set_params, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_KDF_CTX_set_params", _err) -+} -+ -+var _mkcgo_EVP_KDF_derive uintptr -+ -+func EVP_KDF_derive(ctx EVP_KDF_CTX_PTR, key []byte, params OSSL_PARAM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_KDF_derive, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(key)))), uintptr(len(key)), uintptr(params), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_KDF_derive", _err) -+} -+ -+var _mkcgo_EVP_KDF_fetch uintptr -+ -+func EVP_KDF_fetch(libctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_KDF_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_KDF_fetch, uintptr(libctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(algorithm))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(properties))), uintptr(unsafe.Pointer(&_err))) -+ return EVP_KDF_PTR(r0), newMkcgoErr("EVP_KDF_fetch", _err) -+} -+ -+var _mkcgo_EVP_KDF_free uintptr -+ -+func EVP_KDF_free(kdf EVP_KDF_PTR) { -+ syscallN(0, _mkcgo_EVP_KDF_free, uintptr(kdf)) -+} -+ -+func EVP_KEYMGMT_fetch_Available() bool { -+ return _mkcgo_EVP_KEYMGMT_fetch != 0 -+} -+ -+var _mkcgo_EVP_KEYMGMT_fetch uintptr -+ -+func EVP_KEYMGMT_fetch(libctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_KEYMGMT_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_KEYMGMT_fetch, uintptr(libctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(algorithm))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(properties))), uintptr(unsafe.Pointer(&_err))) -+ return EVP_KEYMGMT_PTR(r0), newMkcgoErr("EVP_KEYMGMT_fetch", _err) -+} -+ -+var _mkcgo_EVP_KEYMGMT_free uintptr -+ -+func EVP_KEYMGMT_free(keymgmt EVP_KEYMGMT_PTR) { -+ syscallN(0, _mkcgo_EVP_KEYMGMT_free, uintptr(keymgmt)) -+} -+ -+var _mkcgo_EVP_MAC_CTX_dup uintptr -+ -+func EVP_MAC_CTX_dup(arg0 EVP_MAC_CTX_PTR) (EVP_MAC_CTX_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_MAC_CTX_dup, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) -+ return EVP_MAC_CTX_PTR(r0), newMkcgoErr("EVP_MAC_CTX_dup", _err) -+} -+ -+var _mkcgo_EVP_MAC_CTX_free uintptr -+ -+func EVP_MAC_CTX_free(arg0 EVP_MAC_CTX_PTR) { -+ syscallN(0, _mkcgo_EVP_MAC_CTX_free, uintptr(arg0)) -+} -+ -+var _mkcgo_EVP_MAC_CTX_new uintptr -+ -+func EVP_MAC_CTX_new(arg0 EVP_MAC_PTR) (EVP_MAC_CTX_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_MAC_CTX_new, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) -+ return EVP_MAC_CTX_PTR(r0), newMkcgoErr("EVP_MAC_CTX_new", _err) -+} -+ -+var _mkcgo_EVP_MAC_CTX_set_params uintptr -+ -+func EVP_MAC_CTX_set_params(ctx EVP_MAC_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_MAC_CTX_set_params, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_MAC_CTX_set_params", _err) -+} -+ -+var _mkcgo_EVP_MAC_fetch uintptr -+ -+func EVP_MAC_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_MAC_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_MAC_fetch, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(algorithm))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(properties))), uintptr(unsafe.Pointer(&_err))) -+ return EVP_MAC_PTR(r0), newMkcgoErr("EVP_MAC_fetch", _err) -+} -+ -+var _mkcgo_EVP_MAC_final uintptr -+ -+func EVP_MAC_final(ctx EVP_MAC_CTX_PTR, out []byte, outl *int) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_MAC_final, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(unsafe.Pointer(outl)), uintptr(len(out)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_MAC_final", _err) -+} -+ -+var _mkcgo_EVP_MAC_init uintptr -+ -+func EVP_MAC_init(ctx EVP_MAC_CTX_PTR, key []byte, params OSSL_PARAM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_MAC_init, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key)), uintptr(params), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_MAC_init", _err) -+} -+ -+var _mkcgo_EVP_MAC_update uintptr -+ -+func EVP_MAC_update(ctx EVP_MAC_CTX_PTR, data []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_MAC_update, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_MAC_update", _err) -+} -+ -+var _mkcgo_EVP_MD_CTX_copy_ex uintptr -+ -+func EVP_MD_CTX_copy_ex(out EVP_MD_CTX_PTR, in EVP_MD_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_MD_CTX_copy_ex, uintptr(out), uintptr(in), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_MD_CTX_copy_ex", _err) -+} -+ -+var _mkcgo_EVP_MD_CTX_ctrl uintptr -+ -+func EVP_MD_CTX_ctrl(ctx EVP_MD_CTX_PTR, cmd int32, p1 int32, p2 unsafe.Pointer) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_MD_CTX_ctrl, uintptr(ctx), uintptr(cmd), uintptr(p1), uintptr(p2), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_MD_CTX_ctrl", _err) -+} -+ -+var _mkcgo_EVP_MD_CTX_free uintptr -+ -+func EVP_MD_CTX_free(ctx EVP_MD_CTX_PTR) { -+ syscallN(0, _mkcgo_EVP_MD_CTX_free, uintptr(ctx)) -+} -+ -+var _mkcgo_EVP_MD_CTX_get_params uintptr -+ -+func EVP_MD_CTX_get_params(ctx EVP_MD_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_MD_CTX_get_params, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_MD_CTX_get_params", _err) -+} -+ -+var _mkcgo_EVP_MD_CTX_gettable_params uintptr -+ -+func EVP_MD_CTX_gettable_params(ctx EVP_MD_CTX_PTR) (OSSL_PARAM_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_MD_CTX_gettable_params, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) -+ return OSSL_PARAM_PTR(r0), newMkcgoErr("EVP_MD_CTX_gettable_params", _err) -+} -+ -+var _mkcgo_EVP_MD_CTX_new uintptr -+ -+func EVP_MD_CTX_new() (EVP_MD_CTX_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_MD_CTX_new, uintptr(unsafe.Pointer(&_err))) -+ return EVP_MD_CTX_PTR(r0), newMkcgoErr("EVP_MD_CTX_new", _err) -+} -+ -+var _mkcgo_EVP_MD_CTX_set_params uintptr -+ -+func EVP_MD_CTX_set_params(ctx EVP_MD_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_MD_CTX_set_params, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_MD_CTX_set_params", _err) -+} -+ -+var _mkcgo_EVP_MD_CTX_settable_params uintptr -+ -+func EVP_MD_CTX_settable_params(ctx EVP_MD_CTX_PTR) (OSSL_PARAM_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_MD_CTX_settable_params, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) -+ return OSSL_PARAM_PTR(r0), newMkcgoErr("EVP_MD_CTX_settable_params", _err) -+} -+ -+var _mkcgo_EVP_MD_fetch uintptr -+ -+func EVP_MD_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_MD_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_MD_fetch, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(algorithm))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(properties))), uintptr(unsafe.Pointer(&_err))) -+ return EVP_MD_PTR(r0), newMkcgoErr("EVP_MD_fetch", _err) -+} -+ -+var _mkcgo_EVP_MD_free uintptr -+ -+func EVP_MD_free(md EVP_MD_PTR) { -+ syscallN(0, _mkcgo_EVP_MD_free, uintptr(md)) -+} -+ -+var _mkcgo_EVP_MD_get0_name uintptr -+ -+func EVP_MD_get0_name(md EVP_MD_PTR) *byte { -+ r0, _ := syscallN(0, _mkcgo_EVP_MD_get0_name, uintptr(md)) -+ return (*byte)(unsafe.Pointer(r0)) -+} -+ -+var _mkcgo_EVP_MD_get0_provider uintptr -+ -+func EVP_MD_get0_provider(md EVP_MD_PTR) OSSL_PROVIDER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_MD_get0_provider, uintptr(md)) -+ return OSSL_PROVIDER_PTR(r0) -+} -+ -+var _mkcgo_EVP_MD_get_block_size uintptr -+ -+func EVP_MD_get_block_size(md EVP_MD_PTR) int32 { -+ r0, _ := syscallN(0, _mkcgo_EVP_MD_get_block_size, uintptr(md)) -+ return int32(r0) -+} -+ -+var _mkcgo_EVP_MD_get_size uintptr -+ -+func EVP_MD_get_size(md EVP_MD_PTR) int32 { -+ r0, _ := syscallN(0, _mkcgo_EVP_MD_get_size, uintptr(md)) -+ return int32(r0) -+} -+ -+var _mkcgo_EVP_MD_get_type uintptr -+ -+func EVP_MD_get_type(md EVP_MD_PTR) int32 { -+ r0, _ := syscallN(0, _mkcgo_EVP_MD_get_type, uintptr(md)) -+ return int32(r0) -+} -+ -+var _mkcgo_EVP_PKEY_CTX_add1_hkdf_info uintptr -+ -+func EVP_PKEY_CTX_add1_hkdf_info(arg0 EVP_PKEY_CTX_PTR, arg1 []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_add1_hkdf_info, uintptr(arg0), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg1)))), uintptr(len(arg1)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_add1_hkdf_info", _err) -+} -+ -+var _mkcgo_EVP_PKEY_CTX_ctrl uintptr -+ -+func EVP_PKEY_CTX_ctrl(ctx EVP_PKEY_CTX_PTR, keytype int32, optype int32, cmd int32, p1 int32, p2 unsafe.Pointer) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_ctrl, uintptr(ctx), uintptr(keytype), uintptr(optype), uintptr(cmd), uintptr(p1), uintptr(p2), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_ctrl", _err) -+} -+ -+var _mkcgo_EVP_PKEY_CTX_free uintptr -+ -+func EVP_PKEY_CTX_free(arg0 EVP_PKEY_CTX_PTR) { -+ syscallN(0, _mkcgo_EVP_PKEY_CTX_free, uintptr(arg0)) -+} -+ -+var _mkcgo_EVP_PKEY_CTX_new uintptr -+ -+func EVP_PKEY_CTX_new(arg0 EVP_PKEY_PTR, arg1 ENGINE_PTR) (EVP_PKEY_CTX_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_CTX_new, uintptr(arg0), uintptr(arg1), uintptr(unsafe.Pointer(&_err))) -+ return EVP_PKEY_CTX_PTR(r0), newMkcgoErr("EVP_PKEY_CTX_new", _err) -+} -+ -+var _mkcgo_EVP_PKEY_CTX_new_from_pkey uintptr -+ -+func EVP_PKEY_CTX_new_from_pkey(libctx OSSL_LIB_CTX_PTR, pkey EVP_PKEY_PTR, propquery *byte) (EVP_PKEY_CTX_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_CTX_new_from_pkey, uintptr(libctx), uintptr(pkey), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(propquery))), uintptr(unsafe.Pointer(&_err))) -+ return EVP_PKEY_CTX_PTR(r0), newMkcgoErr("EVP_PKEY_CTX_new_from_pkey", _err) -+} -+ -+var _mkcgo_EVP_PKEY_CTX_new_id uintptr -+ -+func EVP_PKEY_CTX_new_id(id int32, e ENGINE_PTR) (EVP_PKEY_CTX_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_CTX_new_id, uintptr(id), uintptr(e), uintptr(unsafe.Pointer(&_err))) -+ return EVP_PKEY_CTX_PTR(r0), newMkcgoErr("EVP_PKEY_CTX_new_id", _err) -+} -+ -+var _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label uintptr -+ -+func EVP_PKEY_CTX_set0_rsa_oaep_label(ctx EVP_PKEY_CTX_PTR, label []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(label)))), uintptr(len(label)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_set0_rsa_oaep_label", _err) -+} -+ -+var _mkcgo_EVP_PKEY_CTX_set1_hkdf_key uintptr -+ -+func EVP_PKEY_CTX_set1_hkdf_key(arg0 EVP_PKEY_CTX_PTR, arg1 []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_set1_hkdf_key, uintptr(arg0), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg1)))), uintptr(len(arg1)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_set1_hkdf_key", _err) -+} -+ -+var _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt uintptr -+ -+func EVP_PKEY_CTX_set1_hkdf_salt(arg0 EVP_PKEY_CTX_PTR, arg1 []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt, uintptr(arg0), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg1)))), uintptr(len(arg1)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_set1_hkdf_salt", _err) -+} -+ -+var _mkcgo_EVP_PKEY_CTX_set_hkdf_md uintptr -+ -+func EVP_PKEY_CTX_set_hkdf_md(arg0 EVP_PKEY_CTX_PTR, arg1 EVP_MD_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_set_hkdf_md, uintptr(arg0), uintptr(arg1), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_set_hkdf_md", _err) -+} -+ -+var _mkcgo_EVP_PKEY_CTX_set_hkdf_mode uintptr -+ -+func EVP_PKEY_CTX_set_hkdf_mode(arg0 EVP_PKEY_CTX_PTR, arg1 int32) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_set_hkdf_mode, uintptr(arg0), uintptr(arg1), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_set_hkdf_mode", _err) -+} -+ -+var _mkcgo_EVP_PKEY_CTX_set_params uintptr -+ -+func EVP_PKEY_CTX_set_params(ctx EVP_PKEY_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_set_params, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_set_params", _err) -+} -+ -+var _mkcgo_EVP_PKEY_Q_keygen uintptr -+ -+func EVP_PKEY_Q_keygen_EC(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 *byte) (EVP_PKEY_PTR, error) { -+ var _err uintptr -+ var r0 uintptr -+ if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" { -+ r0, _ = syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(arg1)), uintptr(unsafe.Pointer(&_err))) -+ } else { -+ r0, _ = syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), uintptr(unsafe.Pointer(arg1)), uintptr(unsafe.Pointer(&_err))) -+ } -+ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_Q_keygen_EC", _err) -+} -+ -+func EVP_PKEY_Q_keygen_ED25519(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), uintptr(unsafe.Pointer(&_err))) -+ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_Q_keygen_ED25519", _err) -+} -+ -+func EVP_PKEY_Q_keygen_MLDSA(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), uintptr(unsafe.Pointer(&_err))) -+ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_Q_keygen_MLDSA", _err) -+} -+ -+func EVP_PKEY_Q_keygen_MLKEM(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), uintptr(unsafe.Pointer(&_err))) -+ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_Q_keygen_MLKEM", _err) -+} -+ -+func EVP_PKEY_Q_keygen_RSA(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 int) (EVP_PKEY_PTR, error) { -+ var _err uintptr -+ var r0 uintptr -+ if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" { -+ r0, _ = syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), 0, 0, 0, 0, 0, uintptr(arg1), uintptr(unsafe.Pointer(&_err))) -+ } else { -+ r0, _ = syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), uintptr(arg1), uintptr(unsafe.Pointer(&_err))) -+ } -+ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_Q_keygen_RSA", _err) -+} -+ -+func EVP_PKEY_Q_keygen_X25519(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), uintptr(unsafe.Pointer(&_err))) -+ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_Q_keygen_X25519", _err) -+} -+ -+var _mkcgo_EVP_PKEY_assign uintptr -+ -+func EVP_PKEY_assign(pkey EVP_PKEY_PTR, __type int32, key unsafe.Pointer) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_assign, uintptr(pkey), uintptr(__type), uintptr(key), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_assign", _err) -+} -+ -+var _mkcgo_EVP_PKEY_decapsulate uintptr -+ -+func EVP_PKEY_decapsulate(ctx EVP_PKEY_CTX_PTR, genkey *byte, genkeylen *int, wrappedkey *byte, wrappedkeylen int) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_decapsulate, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(genkey))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(genkeylen))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(wrappedkey))), uintptr(wrappedkeylen), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_decapsulate", _err) -+} -+ -+var _mkcgo_EVP_PKEY_decapsulate_init uintptr -+ -+func EVP_PKEY_decapsulate_init(ctx EVP_PKEY_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_decapsulate_init, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_decapsulate_init", _err) -+} -+ -+var _mkcgo_EVP_PKEY_decrypt uintptr -+ -+func EVP_PKEY_decrypt(arg0 EVP_PKEY_CTX_PTR, arg1 []byte, arg2 *int, arg3 []byte) (int32, error) { -+ if arg2 != nil && int(*arg2) > len(arg1) { -+ panic("EVP_PKEY_decrypt: *arg2 exceeds len(arg1)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_decrypt, uintptr(arg0), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg1)))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(arg2))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg3)))), uintptr(len(arg3)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_decrypt", _err) -+} -+ -+var _mkcgo_EVP_PKEY_decrypt_init uintptr -+ -+func EVP_PKEY_decrypt_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_decrypt_init, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_decrypt_init", _err) -+} -+ -+var _mkcgo_EVP_PKEY_derive uintptr -+ -+func EVP_PKEY_derive(ctx EVP_PKEY_CTX_PTR, key []byte, keylen *int) (int32, error) { -+ if keylen != nil && int(*keylen) > len(key) { -+ panic("EVP_PKEY_derive: *keylen exceeds len(key)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_derive, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(unsafe.Pointer(keylen)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_derive", _err) -+} -+ -+var _mkcgo_EVP_PKEY_derive_init uintptr -+ -+func EVP_PKEY_derive_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_derive_init, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_derive_init", _err) -+} -+ -+var _mkcgo_EVP_PKEY_derive_set_peer uintptr -+ -+func EVP_PKEY_derive_set_peer(ctx EVP_PKEY_CTX_PTR, peer EVP_PKEY_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_derive_set_peer, uintptr(ctx), uintptr(peer), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_derive_set_peer", _err) -+} -+ -+var _mkcgo_EVP_PKEY_encapsulate uintptr -+ -+func EVP_PKEY_encapsulate(ctx EVP_PKEY_CTX_PTR, wrappedkey *byte, wrappedkeylen *int, genkey *byte, genkeylen *int) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_encapsulate, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(wrappedkey))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(wrappedkeylen))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(genkey))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(genkeylen))), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_encapsulate", _err) -+} -+ -+var _mkcgo_EVP_PKEY_encapsulate_init uintptr -+ -+func EVP_PKEY_encapsulate_init(ctx EVP_PKEY_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_encapsulate_init, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_encapsulate_init", _err) -+} -+ -+var _mkcgo_EVP_PKEY_encrypt uintptr -+ -+func EVP_PKEY_encrypt(arg0 EVP_PKEY_CTX_PTR, arg1 []byte, arg2 *int, arg3 []byte) (int32, error) { -+ if arg2 != nil && int(*arg2) > len(arg1) { -+ panic("EVP_PKEY_encrypt: *arg2 exceeds len(arg1)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_encrypt, uintptr(arg0), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg1)))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(arg2))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg3)))), uintptr(len(arg3)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_encrypt", _err) -+} -+ -+var _mkcgo_EVP_PKEY_encrypt_init uintptr -+ -+func EVP_PKEY_encrypt_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_encrypt_init, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_encrypt_init", _err) -+} -+ -+var _mkcgo_EVP_PKEY_free uintptr -+ -+func EVP_PKEY_free(arg0 EVP_PKEY_PTR) { -+ syscallN(0, _mkcgo_EVP_PKEY_free, uintptr(arg0)) -+} -+ -+var _mkcgo_EVP_PKEY_fromdata uintptr -+ -+func EVP_PKEY_fromdata(ctx EVP_PKEY_CTX_PTR, pkey *EVP_PKEY_PTR, selection int32, params OSSL_PARAM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_fromdata, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(pkey))), uintptr(selection), uintptr(params), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_fromdata", _err) -+} -+ -+var _mkcgo_EVP_PKEY_fromdata_init uintptr -+ -+func EVP_PKEY_fromdata_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_fromdata_init, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_fromdata_init", _err) -+} -+ -+var _mkcgo_EVP_PKEY_get0_DSA uintptr -+ -+func EVP_PKEY_get0_DSA(pkey EVP_PKEY_PTR) (DSA_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_get0_DSA, uintptr(pkey), uintptr(unsafe.Pointer(&_err))) -+ return DSA_PTR(r0), newMkcgoErr("EVP_PKEY_get0_DSA", _err) -+} -+ -+var _mkcgo_EVP_PKEY_get0_EC_KEY uintptr -+ -+func EVP_PKEY_get0_EC_KEY(pkey EVP_PKEY_PTR) (EC_KEY_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_get0_EC_KEY, uintptr(pkey), uintptr(unsafe.Pointer(&_err))) -+ return EC_KEY_PTR(r0), newMkcgoErr("EVP_PKEY_get0_EC_KEY", _err) -+} -+ -+var _mkcgo_EVP_PKEY_get1_RSA uintptr -+ -+func EVP_PKEY_get1_RSA(pkey EVP_PKEY_PTR) (RSA_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_get1_RSA, uintptr(pkey), uintptr(unsafe.Pointer(&_err))) -+ return RSA_PTR(r0), newMkcgoErr("EVP_PKEY_get1_RSA", _err) -+} -+ -+var _mkcgo_EVP_PKEY_get1_encoded_public_key uintptr -+ -+func EVP_PKEY_get1_encoded_public_key(pkey EVP_PKEY_PTR, ppub **byte) (int, error) { -+ var _err uintptr -+ r0, _ := syscallN(4, _mkcgo_EVP_PKEY_get1_encoded_public_key, uintptr(pkey), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(ppub))), uintptr(unsafe.Pointer(&_err))) -+ return int(r0), newMkcgoErr("EVP_PKEY_get1_encoded_public_key", _err) -+} -+ -+var _mkcgo_EVP_PKEY_get_bits uintptr -+ -+func EVP_PKEY_get_bits(pkey EVP_PKEY_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_get_bits, uintptr(pkey), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_get_bits", _err) -+} -+ -+var _mkcgo_EVP_PKEY_get_bn_param uintptr -+ -+func EVP_PKEY_get_bn_param(pkey EVP_PKEY_PTR, key_name *byte, bn *BIGNUM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_get_bn_param, uintptr(pkey), uintptr(unsafe.Pointer(key_name)), uintptr(unsafe.Pointer(bn)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_get_bn_param", _err) -+} -+ -+var _mkcgo_EVP_PKEY_get_octet_string_param uintptr -+ -+func EVP_PKEY_get_octet_string_param(pkey EVP_PKEY_PTR, key_name *byte, buf []byte, out_len *int) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_get_octet_string_param, uintptr(pkey), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key_name))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(buf)))), uintptr(len(buf)), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(out_len))), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_get_octet_string_param", _err) -+} -+ -+var _mkcgo_EVP_PKEY_get_raw_private_key uintptr -+ -+func EVP_PKEY_get_raw_private_key(pkey EVP_PKEY_PTR, priv []byte, privlen *int) (int32, error) { -+ if privlen != nil && int(*privlen) > len(priv) { -+ panic("EVP_PKEY_get_raw_private_key: *privlen exceeds len(priv)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_get_raw_private_key, uintptr(pkey), uintptr(unsafe.Pointer(unsafe.SliceData(priv))), uintptr(unsafe.Pointer(privlen)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_get_raw_private_key", _err) -+} -+ -+var _mkcgo_EVP_PKEY_get_raw_public_key uintptr -+ -+func EVP_PKEY_get_raw_public_key(pkey EVP_PKEY_PTR, pub []byte, publen *int) (int32, error) { -+ if publen != nil && int(*publen) > len(pub) { -+ panic("EVP_PKEY_get_raw_public_key: *publen exceeds len(pub)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_get_raw_public_key, uintptr(pkey), uintptr(unsafe.Pointer(unsafe.SliceData(pub))), uintptr(unsafe.Pointer(publen)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_get_raw_public_key", _err) -+} -+ -+var _mkcgo_EVP_PKEY_get_size uintptr -+ -+func EVP_PKEY_get_size(pkey EVP_PKEY_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_get_size, uintptr(pkey), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_get_size", _err) -+} -+ -+var _mkcgo_EVP_PKEY_keygen uintptr -+ -+func EVP_PKEY_keygen(ctx EVP_PKEY_CTX_PTR, ppkey *EVP_PKEY_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_keygen, uintptr(ctx), uintptr(unsafe.Pointer(ppkey)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_keygen", _err) -+} -+ -+var _mkcgo_EVP_PKEY_keygen_init uintptr -+ -+func EVP_PKEY_keygen_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_keygen_init, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_keygen_init", _err) -+} -+ -+var _mkcgo_EVP_PKEY_new uintptr -+ -+func EVP_PKEY_new() (EVP_PKEY_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_new, uintptr(unsafe.Pointer(&_err))) -+ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_new", _err) -+} -+ -+var _mkcgo_EVP_PKEY_new_raw_private_key uintptr -+ -+func EVP_PKEY_new_raw_private_key(__type int32, e ENGINE_PTR, key []byte) (EVP_PKEY_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_new_raw_private_key, uintptr(__type), uintptr(e), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(key)))), uintptr(len(key)), uintptr(unsafe.Pointer(&_err))) -+ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_new_raw_private_key", _err) -+} -+ -+var _mkcgo_EVP_PKEY_new_raw_public_key uintptr -+ -+func EVP_PKEY_new_raw_public_key(__type int32, e ENGINE_PTR, key []byte) (EVP_PKEY_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_new_raw_public_key, uintptr(__type), uintptr(e), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(key)))), uintptr(len(key)), uintptr(unsafe.Pointer(&_err))) -+ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_new_raw_public_key", _err) -+} -+ -+var _mkcgo_EVP_PKEY_paramgen uintptr -+ -+func EVP_PKEY_paramgen(ctx EVP_PKEY_CTX_PTR, ppkey *EVP_PKEY_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_paramgen, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(ppkey))), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_paramgen", _err) -+} -+ -+var _mkcgo_EVP_PKEY_paramgen_init uintptr -+ -+func EVP_PKEY_paramgen_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_paramgen_init, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_paramgen_init", _err) -+} -+ -+var _mkcgo_EVP_PKEY_private_check uintptr -+ -+func EVP_PKEY_private_check(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_private_check, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_private_check", _err) -+} -+ -+var _mkcgo_EVP_PKEY_public_check_quick uintptr -+ -+func EVP_PKEY_public_check_quick(ctx EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_public_check_quick, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_public_check_quick", _err) -+} -+ -+var _mkcgo_EVP_PKEY_set1_EC_KEY uintptr -+ -+func EVP_PKEY_set1_EC_KEY(pkey EVP_PKEY_PTR, key EC_KEY_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_set1_EC_KEY, uintptr(pkey), uintptr(key), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_set1_EC_KEY", _err) -+} -+ -+var _mkcgo_EVP_PKEY_set1_encoded_public_key uintptr -+ -+func EVP_PKEY_set1_encoded_public_key(pkey EVP_PKEY_PTR, pub []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_set1_encoded_public_key, uintptr(pkey), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(pub)))), uintptr(len(pub)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_set1_encoded_public_key", _err) -+} -+ -+var _mkcgo_EVP_PKEY_sign uintptr -+ -+func EVP_PKEY_sign(arg0 EVP_PKEY_CTX_PTR, arg1 []byte, arg2 *int, arg3 []byte) (int32, error) { -+ if arg2 != nil && int(*arg2) > len(arg1) { -+ panic("EVP_PKEY_sign: *arg2 exceeds len(arg1)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_sign, uintptr(arg0), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg1)))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(arg2))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg3)))), uintptr(len(arg3)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_sign", _err) -+} -+ -+var _mkcgo_EVP_PKEY_sign_init uintptr -+ -+func EVP_PKEY_sign_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_sign_init, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_sign_init", _err) -+} -+ -+var _mkcgo_EVP_PKEY_up_ref uintptr -+ -+func EVP_PKEY_up_ref(key EVP_PKEY_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_up_ref, uintptr(key), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_up_ref", _err) -+} -+ -+var _mkcgo_EVP_PKEY_verify uintptr -+ -+func EVP_PKEY_verify(ctx EVP_PKEY_CTX_PTR, sig []byte, tbs []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_verify, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(sig)))), uintptr(len(sig)), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(tbs)))), uintptr(len(tbs)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_verify", _err) -+} -+ -+var _mkcgo_EVP_PKEY_verify_init uintptr -+ -+func EVP_PKEY_verify_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_verify_init, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_PKEY_verify_init", _err) -+} -+ -+var _mkcgo_EVP_SIGNATURE_fetch uintptr -+ -+func EVP_SIGNATURE_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_SIGNATURE_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_EVP_SIGNATURE_fetch, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(algorithm))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(properties))), uintptr(unsafe.Pointer(&_err))) -+ return EVP_SIGNATURE_PTR(r0), newMkcgoErr("EVP_SIGNATURE_fetch", _err) -+} -+ -+var _mkcgo_EVP_SIGNATURE_free uintptr -+ -+func EVP_SIGNATURE_free(signature EVP_SIGNATURE_PTR) { -+ syscallN(0, _mkcgo_EVP_SIGNATURE_free, uintptr(signature)) -+} -+ -+var _mkcgo_EVP_aes_128_cbc uintptr -+ -+func EVP_aes_128_cbc() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_aes_128_cbc) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_aes_128_ctr uintptr -+ -+func EVP_aes_128_ctr() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_aes_128_ctr) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_aes_128_ecb uintptr -+ -+func EVP_aes_128_ecb() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_aes_128_ecb) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_aes_128_gcm uintptr -+ -+func EVP_aes_128_gcm() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_aes_128_gcm) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_aes_192_cbc uintptr -+ -+func EVP_aes_192_cbc() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_aes_192_cbc) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_aes_192_ctr uintptr -+ -+func EVP_aes_192_ctr() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_aes_192_ctr) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_aes_192_ecb uintptr -+ -+func EVP_aes_192_ecb() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_aes_192_ecb) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_aes_192_gcm uintptr -+ -+func EVP_aes_192_gcm() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_aes_192_gcm) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_aes_256_cbc uintptr -+ -+func EVP_aes_256_cbc() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_aes_256_cbc) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_aes_256_ctr uintptr -+ -+func EVP_aes_256_ctr() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_aes_256_ctr) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_aes_256_ecb uintptr -+ -+func EVP_aes_256_ecb() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_aes_256_ecb) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_aes_256_gcm uintptr -+ -+func EVP_aes_256_gcm() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_aes_256_gcm) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+func EVP_chacha20_poly1305_Available() bool { -+ return _mkcgo_EVP_chacha20_poly1305 != 0 -+} -+ -+var _mkcgo_EVP_chacha20_poly1305 uintptr -+ -+func EVP_chacha20_poly1305() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_chacha20_poly1305) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_default_properties_enable_fips uintptr -+ -+func EVP_default_properties_enable_fips(libctx OSSL_LIB_CTX_PTR, enable int32) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_EVP_default_properties_enable_fips, uintptr(libctx), uintptr(enable), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("EVP_default_properties_enable_fips", _err) -+} -+ -+var _mkcgo_EVP_default_properties_is_fips_enabled uintptr -+ -+func EVP_default_properties_is_fips_enabled(libctx OSSL_LIB_CTX_PTR) int32 { -+ r0, _ := syscallN(0, _mkcgo_EVP_default_properties_is_fips_enabled, uintptr(libctx)) -+ return int32(r0) -+} -+ -+var _mkcgo_EVP_des_cbc uintptr -+ -+func EVP_des_cbc() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_des_cbc) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_des_ecb uintptr -+ -+func EVP_des_ecb() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_des_ecb) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_des_ede3_cbc uintptr -+ -+func EVP_des_ede3_cbc() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_des_ede3_cbc) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_des_ede3_ecb uintptr -+ -+func EVP_des_ede3_ecb() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_des_ede3_ecb) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_md4 uintptr -+ -+func EVP_md4() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_md4) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_EVP_md5 uintptr -+ -+func EVP_md5() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_md5) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_EVP_md5_sha1 uintptr -+ -+func EVP_md5_sha1() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_md5_sha1) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_EVP_rc4 uintptr -+ -+func EVP_rc4() EVP_CIPHER_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_rc4) -+ return EVP_CIPHER_PTR(r0) -+} -+ -+var _mkcgo_EVP_ripemd160 uintptr -+ -+func EVP_ripemd160() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_ripemd160) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_EVP_sha1 uintptr -+ -+func EVP_sha1() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_sha1) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_EVP_sha224 uintptr -+ -+func EVP_sha224() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_sha224) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_EVP_sha256 uintptr -+ -+func EVP_sha256() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_sha256) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_EVP_sha384 uintptr -+ -+func EVP_sha384() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_sha384) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_EVP_sha3_224 uintptr -+ -+func EVP_sha3_224() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_sha3_224) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_EVP_sha3_256 uintptr -+ -+func EVP_sha3_256() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_sha3_256) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_EVP_sha3_384 uintptr -+ -+func EVP_sha3_384() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_sha3_384) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_EVP_sha3_512 uintptr -+ -+func EVP_sha3_512() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_sha3_512) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_EVP_sha512 uintptr -+ -+func EVP_sha512() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_sha512) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_EVP_sha512_224 uintptr -+ -+func EVP_sha512_224() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_sha512_224) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_EVP_sha512_256 uintptr -+ -+func EVP_sha512_256() EVP_MD_PTR { -+ r0, _ := syscallN(0, _mkcgo_EVP_sha512_256) -+ return EVP_MD_PTR(r0) -+} -+ -+var _mkcgo_FIPS_mode uintptr -+ -+func FIPS_mode() int32 { -+ r0, _ := syscallN(0, _mkcgo_FIPS_mode) -+ return int32(r0) -+} -+ -+var _mkcgo_FIPS_mode_set uintptr -+ -+func FIPS_mode_set(r int32) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_FIPS_mode_set, uintptr(r), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("FIPS_mode_set", _err) -+} -+ -+var _mkcgo_HMAC_CTX_copy uintptr -+ -+func HMAC_CTX_copy(dest HMAC_CTX_PTR, src HMAC_CTX_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_HMAC_CTX_copy, uintptr(dest), uintptr(src), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("HMAC_CTX_copy", _err) -+} -+ -+var _mkcgo_HMAC_CTX_free uintptr -+ -+func HMAC_CTX_free(arg0 HMAC_CTX_PTR) { -+ syscallN(0, _mkcgo_HMAC_CTX_free, uintptr(arg0)) -+} -+ -+var _mkcgo_HMAC_CTX_new uintptr -+ -+func HMAC_CTX_new() (HMAC_CTX_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_HMAC_CTX_new, uintptr(unsafe.Pointer(&_err))) -+ return HMAC_CTX_PTR(r0), newMkcgoErr("HMAC_CTX_new", _err) -+} -+ -+var _mkcgo_HMAC_Final uintptr -+ -+func HMAC_Final(arg0 HMAC_CTX_PTR, arg1 []byte, arg2 *uint32) (int32, error) { -+ if arg2 != nil && int(*arg2) > len(arg1) { -+ panic("HMAC_Final: *arg2 exceeds len(arg1)") -+ } -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_HMAC_Final, uintptr(arg0), uintptr(unsafe.Pointer(unsafe.SliceData(arg1))), uintptr(unsafe.Pointer(arg2)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("HMAC_Final", _err) -+} -+ -+var _mkcgo_HMAC_Init_ex uintptr -+ -+func HMAC_Init_ex(arg0 HMAC_CTX_PTR, arg1 []byte, arg3 EVP_MD_PTR, arg4 ENGINE_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_HMAC_Init_ex, uintptr(arg0), uintptr(unsafe.Pointer(unsafe.SliceData(arg1))), uintptr(len(arg1)), uintptr(arg3), uintptr(arg4), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("HMAC_Init_ex", _err) -+} -+ -+var _mkcgo_HMAC_Update uintptr -+ -+func HMAC_Update(arg0 HMAC_CTX_PTR, arg1 []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_HMAC_Update, uintptr(arg0), uintptr(unsafe.Pointer(unsafe.SliceData(arg1))), uintptr(len(arg1)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("HMAC_Update", _err) -+} -+ -+var _mkcgo_OBJ_nid2sn uintptr -+ -+func OBJ_nid2sn(n int32) *byte { -+ r0, _ := syscallN(0, _mkcgo_OBJ_nid2sn, uintptr(n)) -+ return (*byte)(unsafe.Pointer(r0)) -+} -+ -+var _mkcgo_OPENSSL_init uintptr -+ -+func OPENSSL_init() { -+ syscallN(0, _mkcgo_OPENSSL_init) -+} -+ -+var _mkcgo_OPENSSL_init_crypto uintptr -+ -+func OPENSSL_init_crypto(ops uint64, settings OPENSSL_INIT_SETTINGS_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_OPENSSL_init_crypto, uintptr(ops), uintptr(settings), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("OPENSSL_init_crypto", _err) -+} -+ -+func OPENSSL_version_major_Available() bool { -+ return _mkcgo_OPENSSL_version_major != 0 -+} -+ -+var _mkcgo_OPENSSL_version_major uintptr -+ -+func OPENSSL_version_major() uint32 { -+ r0, _ := syscallN(0, _mkcgo_OPENSSL_version_major) -+ return uint32(r0) -+} -+ -+func OPENSSL_version_minor_Available() bool { -+ return _mkcgo_OPENSSL_version_minor != 0 -+} -+ -+var _mkcgo_OPENSSL_version_minor uintptr -+ -+func OPENSSL_version_minor() uint32 { -+ r0, _ := syscallN(0, _mkcgo_OPENSSL_version_minor) -+ return uint32(r0) -+} -+ -+func OPENSSL_version_patch_Available() bool { -+ return _mkcgo_OPENSSL_version_patch != 0 -+} -+ -+var _mkcgo_OPENSSL_version_patch uintptr -+ -+func OPENSSL_version_patch() uint32 { -+ r0, _ := syscallN(0, _mkcgo_OPENSSL_version_patch) -+ return uint32(r0) -+} -+ -+var _mkcgo_OSSL_PARAM_BLD_free uintptr -+ -+func OSSL_PARAM_BLD_free(bld OSSL_PARAM_BLD_PTR) { -+ syscallN(0, _mkcgo_OSSL_PARAM_BLD_free, uintptr(bld)) -+} -+ -+var _mkcgo_OSSL_PARAM_BLD_new uintptr -+ -+func OSSL_PARAM_BLD_new() OSSL_PARAM_BLD_PTR { -+ r0, _ := syscallN(0, _mkcgo_OSSL_PARAM_BLD_new) -+ return OSSL_PARAM_BLD_PTR(r0) -+} -+ -+var _mkcgo_OSSL_PARAM_BLD_push_BN uintptr -+ -+func OSSL_PARAM_BLD_push_BN(bld OSSL_PARAM_BLD_PTR, key *byte, bn BIGNUM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_OSSL_PARAM_BLD_push_BN, uintptr(bld), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(bn), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("OSSL_PARAM_BLD_push_BN", _err) -+} -+ -+var _mkcgo_OSSL_PARAM_BLD_push_int32 uintptr -+ -+func OSSL_PARAM_BLD_push_int32(bld OSSL_PARAM_BLD_PTR, key *byte, num int32) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_OSSL_PARAM_BLD_push_int32, uintptr(bld), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(num), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("OSSL_PARAM_BLD_push_int32", _err) -+} -+ -+var _mkcgo_OSSL_PARAM_BLD_push_octet_string uintptr -+ -+func OSSL_PARAM_BLD_push_octet_string(bld OSSL_PARAM_BLD_PTR, key *byte, buf []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_OSSL_PARAM_BLD_push_octet_string, uintptr(bld), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(buf)))), uintptr(len(buf)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("OSSL_PARAM_BLD_push_octet_string", _err) -+} -+ -+var _mkcgo_OSSL_PARAM_BLD_push_utf8_string uintptr -+ -+func OSSL_PARAM_BLD_push_utf8_string(bld OSSL_PARAM_BLD_PTR, key *byte, buf []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_OSSL_PARAM_BLD_push_utf8_string, uintptr(bld), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(buf)))), uintptr(len(buf)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("OSSL_PARAM_BLD_push_utf8_string", _err) -+} -+ -+var _mkcgo_OSSL_PARAM_BLD_to_param uintptr -+ -+func OSSL_PARAM_BLD_to_param(bld OSSL_PARAM_BLD_PTR) (OSSL_PARAM_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_OSSL_PARAM_BLD_to_param, uintptr(bld), uintptr(unsafe.Pointer(&_err))) -+ return OSSL_PARAM_PTR(r0), newMkcgoErr("OSSL_PARAM_BLD_to_param", _err) -+} -+ -+var _mkcgo_OSSL_PARAM_free uintptr -+ -+func OSSL_PARAM_free(p OSSL_PARAM_PTR) { -+ syscallN(0, _mkcgo_OSSL_PARAM_free, uintptr(p)) -+} -+ -+var _mkcgo_OSSL_PARAM_locate_const uintptr -+ -+func OSSL_PARAM_locate_const(p OSSL_PARAM_PTR, key *byte) (OSSL_PARAM_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_OSSL_PARAM_locate_const, uintptr(p), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(unsafe.Pointer(&_err))) -+ return OSSL_PARAM_PTR(r0), newMkcgoErr("OSSL_PARAM_locate_const", _err) -+} -+ -+var _mkcgo_OSSL_PROVIDER_available uintptr -+ -+func OSSL_PROVIDER_available(libctx OSSL_LIB_CTX_PTR, name *byte) int32 { -+ r0, _ := syscallN(0, _mkcgo_OSSL_PROVIDER_available, uintptr(libctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(name)))) -+ return int32(r0) -+} -+ -+var _mkcgo_OSSL_PROVIDER_get0_name uintptr -+ -+func OSSL_PROVIDER_get0_name(prov OSSL_PROVIDER_PTR) *byte { -+ r0, _ := syscallN(0, _mkcgo_OSSL_PROVIDER_get0_name, uintptr(prov)) -+ return (*byte)(unsafe.Pointer(r0)) -+} -+ -+var _mkcgo_OSSL_PROVIDER_try_load uintptr -+ -+func OSSL_PROVIDER_try_load(libctx OSSL_LIB_CTX_PTR, name *byte, retain_fallbacks int32) (OSSL_PROVIDER_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_OSSL_PROVIDER_try_load, uintptr(libctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(name))), uintptr(retain_fallbacks), uintptr(unsafe.Pointer(&_err))) -+ return OSSL_PROVIDER_PTR(r0), newMkcgoErr("OSSL_PROVIDER_try_load", _err) -+} -+ -+var _mkcgo_OpenSSL_version uintptr -+ -+func OpenSSL_version(__type int32) *byte { -+ r0, _ := syscallN(0, _mkcgo_OpenSSL_version, uintptr(__type)) -+ return (*byte)(unsafe.Pointer(r0)) -+} -+ -+func OpenSSL_version_num_Available() bool { -+ return _mkcgo_OpenSSL_version_num != 0 -+} -+ -+var _mkcgo_OpenSSL_version_num uintptr -+ -+func OpenSSL_version_num() uint64 { -+ r0, _ := syscallN(0, _mkcgo_OpenSSL_version_num) -+ return uint64(r0) -+} -+ -+var _mkcgo_PKCS5_PBKDF2_HMAC uintptr -+ -+func PKCS5_PBKDF2_HMAC(pass []byte, salt []byte, iter int32, digest EVP_MD_PTR, out []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_PKCS5_PBKDF2_HMAC, uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(pass)))), uintptr(len(pass)), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(salt)))), uintptr(len(salt)), uintptr(iter), uintptr(digest), uintptr(len(out)), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(out)))), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("PKCS5_PBKDF2_HMAC", _err) -+} -+ -+var _mkcgo_RAND_bytes uintptr -+ -+func RAND_bytes(arg0 []byte) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_RAND_bytes, uintptr(unsafe.Pointer(unsafe.SliceData(arg0))), uintptr(len(arg0)), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("RAND_bytes", _err) -+} -+ -+var _mkcgo_RSA_free uintptr -+ -+func RSA_free(arg0 RSA_PTR) { -+ syscallN(0, _mkcgo_RSA_free, uintptr(arg0)) -+} -+ -+var _mkcgo_RSA_get0_crt_params uintptr -+ -+func RSA_get0_crt_params(r RSA_PTR, dmp1 *BIGNUM_PTR, dmq1 *BIGNUM_PTR, iqmp *BIGNUM_PTR) { -+ syscallN(0, _mkcgo_RSA_get0_crt_params, uintptr(r), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(dmp1))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(dmq1))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(iqmp)))) -+} -+ -+var _mkcgo_RSA_get0_factors uintptr -+ -+func RSA_get0_factors(rsa RSA_PTR, p *BIGNUM_PTR, q *BIGNUM_PTR) { -+ syscallN(0, _mkcgo_RSA_get0_factors, uintptr(rsa), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(p))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(q)))) -+} -+ -+var _mkcgo_RSA_get0_key uintptr -+ -+func RSA_get0_key(rsa RSA_PTR, n *BIGNUM_PTR, e *BIGNUM_PTR, d *BIGNUM_PTR) { -+ syscallN(0, _mkcgo_RSA_get0_key, uintptr(rsa), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(n))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(e))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(d)))) -+} -+ -+var _mkcgo_RSA_new uintptr -+ -+func RSA_new() (RSA_PTR, error) { -+ var _err uintptr -+ r0, _ := syscallN(1, _mkcgo_RSA_new, uintptr(unsafe.Pointer(&_err))) -+ return RSA_PTR(r0), newMkcgoErr("RSA_new", _err) -+} -+ -+var _mkcgo_RSA_set0_crt_params uintptr -+ -+func RSA_set0_crt_params(rsa RSA_PTR, dmp1 BIGNUM_PTR, dmp2 BIGNUM_PTR, iqmp BIGNUM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_RSA_set0_crt_params, uintptr(rsa), uintptr(dmp1), uintptr(dmp2), uintptr(iqmp), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("RSA_set0_crt_params", _err) -+} -+ -+var _mkcgo_RSA_set0_factors uintptr -+ -+func RSA_set0_factors(rsa RSA_PTR, p BIGNUM_PTR, q BIGNUM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_RSA_set0_factors, uintptr(rsa), uintptr(p), uintptr(q), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("RSA_set0_factors", _err) -+} -+ -+var _mkcgo_RSA_set0_key uintptr -+ -+func RSA_set0_key(r RSA_PTR, n BIGNUM_PTR, e BIGNUM_PTR, d BIGNUM_PTR) (int32, error) { -+ var _err uintptr -+ r0, _ := syscallN(3, _mkcgo_RSA_set0_key, uintptr(r), uintptr(n), uintptr(e), uintptr(d), uintptr(unsafe.Pointer(&_err))) -+ return int32(r0), newMkcgoErr("RSA_set0_key", _err) -+} -+ -+//go:nosplit -+func _mkcgo_error_check(errType, r1, args, n uintptr) { -+ var hasError bool -+ switch errType { -+ case 1: -+ hasError = r1 == 0 -+ case 2: -+ hasError = int32(r1) == -1 -+ case 3: -+ hasError = int32(r1) <= 0 -+ case 4: -+ hasError = int64(r1) <= 0 -+ default: -+ panic("invalid error check type") -+ } -+ if hasError { -+ **(**uintptr)(unsafe.Pointer(args + unsafe.Sizeof(uintptr(0))*n)) = retrieveErrorState() -+ } -+} -+ -+func MkcgoLoad_(handle unsafe.Pointer) { -+ _mkcgo_BIO_ctrl = dlsym(handle, "BIO_ctrl\x00", false) -+ _mkcgo_BIO_free = dlsym(handle, "BIO_free\x00", false) -+ _mkcgo_BIO_new = dlsym(handle, "BIO_new\x00", false) -+ _mkcgo_BIO_s_mem = dlsym(handle, "BIO_s_mem\x00", false) -+ _mkcgo_BN_bin2bn = dlsym(handle, "BN_bin2bn\x00", false) -+ _mkcgo_BN_bn2binpad = dlsym(handle, "BN_bn2binpad\x00", false) -+ _mkcgo_BN_bn2lebinpad = dlsym(handle, "BN_bn2lebinpad\x00", false) -+ _mkcgo_BN_clear = dlsym(handle, "BN_clear\x00", false) -+ _mkcgo_BN_clear_free = dlsym(handle, "BN_clear_free\x00", false) -+ _mkcgo_BN_free = dlsym(handle, "BN_free\x00", false) -+ _mkcgo_BN_lebin2bn = dlsym(handle, "BN_lebin2bn\x00", false) -+ _mkcgo_BN_new = dlsym(handle, "BN_new\x00", false) -+ _mkcgo_BN_num_bits = dlsym(handle, "BN_num_bits\x00", false) -+ _mkcgo_CRYPTO_free = dlsym(handle, "CRYPTO_free\x00", false) -+ _mkcgo_CRYPTO_malloc = dlsym(handle, "CRYPTO_malloc\x00", false) -+ _mkcgo_EC_GROUP_free = dlsym(handle, "EC_GROUP_free\x00", false) -+ _mkcgo_EC_GROUP_new_by_curve_name = dlsym(handle, "EC_GROUP_new_by_curve_name\x00", false) -+ _mkcgo_EC_POINT_free = dlsym(handle, "EC_POINT_free\x00", false) -+ _mkcgo_EC_POINT_mul = dlsym(handle, "EC_POINT_mul\x00", false) -+ _mkcgo_EC_POINT_new = dlsym(handle, "EC_POINT_new\x00", false) -+ _mkcgo_EC_POINT_oct2point = dlsym(handle, "EC_POINT_oct2point\x00", false) -+ _mkcgo_EC_POINT_point2oct = dlsym(handle, "EC_POINT_point2oct\x00", false) -+ _mkcgo_ERR_peek_error = dlsym(handle, "ERR_peek_error\x00", false) -+ _mkcgo_ERR_print_errors = dlsym(handle, "ERR_print_errors\x00", false) -+ _mkcgo_EVP_CIPHER_CTX_ctrl = dlsym(handle, "EVP_CIPHER_CTX_ctrl\x00", false) -+ _mkcgo_EVP_CIPHER_CTX_free = dlsym(handle, "EVP_CIPHER_CTX_free\x00", false) -+ _mkcgo_EVP_CIPHER_CTX_new = dlsym(handle, "EVP_CIPHER_CTX_new\x00", false) -+ _mkcgo_EVP_CIPHER_CTX_set_key_length = dlsym(handle, "EVP_CIPHER_CTX_set_key_length\x00", false) -+ _mkcgo_EVP_CIPHER_CTX_set_padding = dlsym(handle, "EVP_CIPHER_CTX_set_padding\x00", false) -+ _mkcgo_EVP_CipherInit_ex = dlsym(handle, "EVP_CipherInit_ex\x00", false) -+ _mkcgo_EVP_CipherUpdate = dlsym(handle, "EVP_CipherUpdate\x00", false) -+ _mkcgo_EVP_DecryptFinal_ex = dlsym(handle, "EVP_DecryptFinal_ex\x00", false) -+ _mkcgo_EVP_DecryptInit_ex = dlsym(handle, "EVP_DecryptInit_ex\x00", false) -+ _mkcgo_EVP_DecryptUpdate = dlsym(handle, "EVP_DecryptUpdate\x00", false) -+ _mkcgo_EVP_Digest = dlsym(handle, "EVP_Digest\x00", false) -+ _mkcgo_EVP_DigestFinal_ex = dlsym(handle, "EVP_DigestFinal_ex\x00", false) -+ _mkcgo_EVP_DigestInit = dlsym(handle, "EVP_DigestInit\x00", false) -+ _mkcgo_EVP_DigestInit_ex = dlsym(handle, "EVP_DigestInit_ex\x00", false) -+ _mkcgo_EVP_DigestSign = dlsym(handle, "EVP_DigestSign\x00", false) -+ _mkcgo_EVP_DigestSignFinal = dlsym(handle, "EVP_DigestSignFinal\x00", false) -+ _mkcgo_EVP_DigestSignInit = dlsym(handle, "EVP_DigestSignInit\x00", false) -+ _mkcgo_EVP_DigestUpdate = dlsym(handle, "EVP_DigestUpdate\x00", false) -+ _mkcgo_EVP_DigestVerify = dlsym(handle, "EVP_DigestVerify\x00", false) -+ _mkcgo_EVP_DigestVerifyFinal = dlsym(handle, "EVP_DigestVerifyFinal\x00", false) -+ _mkcgo_EVP_DigestVerifyInit = dlsym(handle, "EVP_DigestVerifyInit\x00", false) -+ _mkcgo_EVP_EncryptFinal_ex = dlsym(handle, "EVP_EncryptFinal_ex\x00", false) -+ _mkcgo_EVP_EncryptInit_ex = dlsym(handle, "EVP_EncryptInit_ex\x00", false) -+ _mkcgo_EVP_EncryptUpdate = dlsym(handle, "EVP_EncryptUpdate\x00", false) -+ _mkcgo_EVP_MD_CTX_copy_ex = dlsym(handle, "EVP_MD_CTX_copy_ex\x00", false) -+ _mkcgo_EVP_MD_CTX_ctrl = dlsym(handle, "EVP_MD_CTX_ctrl\x00", false) -+ _mkcgo_EVP_MD_CTX_free = dlsym(handle, "EVP_MD_CTX_free\x00", false) -+ _mkcgo_EVP_MD_CTX_new = dlsym(handle, "EVP_MD_CTX_new\x00", false) -+ _mkcgo_EVP_PKEY_CTX_ctrl = dlsym(handle, "EVP_PKEY_CTX_ctrl\x00", false) -+ _mkcgo_EVP_PKEY_CTX_free = dlsym(handle, "EVP_PKEY_CTX_free\x00", false) -+ _mkcgo_EVP_PKEY_CTX_new = dlsym(handle, "EVP_PKEY_CTX_new\x00", false) -+ _mkcgo_EVP_PKEY_CTX_new_id = dlsym(handle, "EVP_PKEY_CTX_new_id\x00", false) -+ _mkcgo_EVP_PKEY_decrypt = dlsym(handle, "EVP_PKEY_decrypt\x00", false) -+ _mkcgo_EVP_PKEY_decrypt_init = dlsym(handle, "EVP_PKEY_decrypt_init\x00", false) -+ _mkcgo_EVP_PKEY_derive = dlsym(handle, "EVP_PKEY_derive\x00", false) -+ _mkcgo_EVP_PKEY_derive_init = dlsym(handle, "EVP_PKEY_derive_init\x00", false) -+ _mkcgo_EVP_PKEY_derive_set_peer = dlsym(handle, "EVP_PKEY_derive_set_peer\x00", false) -+ _mkcgo_EVP_PKEY_encrypt = dlsym(handle, "EVP_PKEY_encrypt\x00", false) -+ _mkcgo_EVP_PKEY_encrypt_init = dlsym(handle, "EVP_PKEY_encrypt_init\x00", false) -+ _mkcgo_EVP_PKEY_free = dlsym(handle, "EVP_PKEY_free\x00", false) -+ _mkcgo_EVP_PKEY_get_raw_private_key = dlsym(handle, "EVP_PKEY_get_raw_private_key\x00", false) -+ _mkcgo_EVP_PKEY_get_raw_public_key = dlsym(handle, "EVP_PKEY_get_raw_public_key\x00", false) -+ _mkcgo_EVP_PKEY_keygen = dlsym(handle, "EVP_PKEY_keygen\x00", false) -+ _mkcgo_EVP_PKEY_keygen_init = dlsym(handle, "EVP_PKEY_keygen_init\x00", false) -+ _mkcgo_EVP_PKEY_new = dlsym(handle, "EVP_PKEY_new\x00", false) -+ _mkcgo_EVP_PKEY_new_raw_private_key = dlsym(handle, "EVP_PKEY_new_raw_private_key\x00", false) -+ _mkcgo_EVP_PKEY_new_raw_public_key = dlsym(handle, "EVP_PKEY_new_raw_public_key\x00", false) -+ _mkcgo_EVP_PKEY_paramgen = dlsym(handle, "EVP_PKEY_paramgen\x00", false) -+ _mkcgo_EVP_PKEY_paramgen_init = dlsym(handle, "EVP_PKEY_paramgen_init\x00", false) -+ _mkcgo_EVP_PKEY_sign = dlsym(handle, "EVP_PKEY_sign\x00", false) -+ _mkcgo_EVP_PKEY_sign_init = dlsym(handle, "EVP_PKEY_sign_init\x00", false) -+ _mkcgo_EVP_PKEY_up_ref = dlsym(handle, "EVP_PKEY_up_ref\x00", false) -+ _mkcgo_EVP_PKEY_verify = dlsym(handle, "EVP_PKEY_verify\x00", false) -+ _mkcgo_EVP_PKEY_verify_init = dlsym(handle, "EVP_PKEY_verify_init\x00", false) -+ _mkcgo_EVP_aes_128_cbc = dlsym(handle, "EVP_aes_128_cbc\x00", false) -+ _mkcgo_EVP_aes_128_ctr = dlsym(handle, "EVP_aes_128_ctr\x00", false) -+ _mkcgo_EVP_aes_128_ecb = dlsym(handle, "EVP_aes_128_ecb\x00", false) -+ _mkcgo_EVP_aes_128_gcm = dlsym(handle, "EVP_aes_128_gcm\x00", false) -+ _mkcgo_EVP_aes_192_cbc = dlsym(handle, "EVP_aes_192_cbc\x00", false) -+ _mkcgo_EVP_aes_192_ctr = dlsym(handle, "EVP_aes_192_ctr\x00", false) -+ _mkcgo_EVP_aes_192_ecb = dlsym(handle, "EVP_aes_192_ecb\x00", false) -+ _mkcgo_EVP_aes_192_gcm = dlsym(handle, "EVP_aes_192_gcm\x00", false) -+ _mkcgo_EVP_aes_256_cbc = dlsym(handle, "EVP_aes_256_cbc\x00", false) -+ _mkcgo_EVP_aes_256_ctr = dlsym(handle, "EVP_aes_256_ctr\x00", false) -+ _mkcgo_EVP_aes_256_ecb = dlsym(handle, "EVP_aes_256_ecb\x00", false) -+ _mkcgo_EVP_aes_256_gcm = dlsym(handle, "EVP_aes_256_gcm\x00", false) -+ _mkcgo_EVP_chacha20_poly1305 = dlsym(handle, "EVP_chacha20_poly1305\x00", true) -+ _mkcgo_EVP_des_cbc = dlsym(handle, "EVP_des_cbc\x00", false) -+ _mkcgo_EVP_des_ecb = dlsym(handle, "EVP_des_ecb\x00", false) -+ _mkcgo_EVP_des_ede3_cbc = dlsym(handle, "EVP_des_ede3_cbc\x00", false) -+ _mkcgo_EVP_des_ede3_ecb = dlsym(handle, "EVP_des_ede3_ecb\x00", false) -+ _mkcgo_EVP_md4 = dlsym(handle, "EVP_md4\x00", false) -+ _mkcgo_EVP_md5 = dlsym(handle, "EVP_md5\x00", false) -+ _mkcgo_EVP_md5_sha1 = dlsym(handle, "EVP_md5_sha1\x00", false) -+ _mkcgo_EVP_rc4 = dlsym(handle, "EVP_rc4\x00", false) -+ _mkcgo_EVP_ripemd160 = dlsym(handle, "EVP_ripemd160\x00", false) -+ _mkcgo_EVP_sha1 = dlsym(handle, "EVP_sha1\x00", false) -+ _mkcgo_EVP_sha224 = dlsym(handle, "EVP_sha224\x00", false) -+ _mkcgo_EVP_sha256 = dlsym(handle, "EVP_sha256\x00", false) -+ _mkcgo_EVP_sha384 = dlsym(handle, "EVP_sha384\x00", false) -+ _mkcgo_EVP_sha3_224 = dlsym(handle, "EVP_sha3_224\x00", false) -+ _mkcgo_EVP_sha3_256 = dlsym(handle, "EVP_sha3_256\x00", false) -+ _mkcgo_EVP_sha3_384 = dlsym(handle, "EVP_sha3_384\x00", false) -+ _mkcgo_EVP_sha3_512 = dlsym(handle, "EVP_sha3_512\x00", false) -+ _mkcgo_EVP_sha512 = dlsym(handle, "EVP_sha512\x00", false) -+ _mkcgo_EVP_sha512_224 = dlsym(handle, "EVP_sha512_224\x00", false) -+ _mkcgo_EVP_sha512_256 = dlsym(handle, "EVP_sha512_256\x00", false) -+ _mkcgo_OBJ_nid2sn = dlsym(handle, "OBJ_nid2sn\x00", false) -+ _mkcgo_OPENSSL_init = dlsym(handle, "OPENSSL_init\x00", false) -+ _mkcgo_OPENSSL_init_crypto = dlsym(handle, "OPENSSL_init_crypto\x00", false) -+ _mkcgo_OpenSSL_version = dlsym(handle, "OpenSSL_version\x00", false) -+ _mkcgo_PKCS5_PBKDF2_HMAC = dlsym(handle, "PKCS5_PBKDF2_HMAC\x00", false) -+ _mkcgo_RAND_bytes = dlsym(handle, "RAND_bytes\x00", false) -+} -+ -+func MkcgoUnload_() { -+ _mkcgo_BIO_ctrl = 0 -+ _mkcgo_BIO_free = 0 -+ _mkcgo_BIO_new = 0 -+ _mkcgo_BIO_s_mem = 0 -+ _mkcgo_BN_bin2bn = 0 -+ _mkcgo_BN_bn2binpad = 0 -+ _mkcgo_BN_bn2lebinpad = 0 -+ _mkcgo_BN_clear = 0 -+ _mkcgo_BN_clear_free = 0 -+ _mkcgo_BN_free = 0 -+ _mkcgo_BN_lebin2bn = 0 -+ _mkcgo_BN_new = 0 -+ _mkcgo_BN_num_bits = 0 -+ _mkcgo_CRYPTO_free = 0 -+ _mkcgo_CRYPTO_malloc = 0 -+ _mkcgo_EC_GROUP_free = 0 -+ _mkcgo_EC_GROUP_new_by_curve_name = 0 -+ _mkcgo_EC_POINT_free = 0 -+ _mkcgo_EC_POINT_mul = 0 -+ _mkcgo_EC_POINT_new = 0 -+ _mkcgo_EC_POINT_oct2point = 0 -+ _mkcgo_EC_POINT_point2oct = 0 -+ _mkcgo_ERR_peek_error = 0 -+ _mkcgo_ERR_print_errors = 0 -+ _mkcgo_EVP_CIPHER_CTX_ctrl = 0 -+ _mkcgo_EVP_CIPHER_CTX_free = 0 -+ _mkcgo_EVP_CIPHER_CTX_new = 0 -+ _mkcgo_EVP_CIPHER_CTX_set_key_length = 0 -+ _mkcgo_EVP_CIPHER_CTX_set_padding = 0 -+ _mkcgo_EVP_CipherInit_ex = 0 -+ _mkcgo_EVP_CipherUpdate = 0 -+ _mkcgo_EVP_DecryptFinal_ex = 0 -+ _mkcgo_EVP_DecryptInit_ex = 0 -+ _mkcgo_EVP_DecryptUpdate = 0 -+ _mkcgo_EVP_Digest = 0 -+ _mkcgo_EVP_DigestFinal_ex = 0 -+ _mkcgo_EVP_DigestInit = 0 -+ _mkcgo_EVP_DigestInit_ex = 0 -+ _mkcgo_EVP_DigestSign = 0 -+ _mkcgo_EVP_DigestSignFinal = 0 -+ _mkcgo_EVP_DigestSignInit = 0 -+ _mkcgo_EVP_DigestUpdate = 0 -+ _mkcgo_EVP_DigestVerify = 0 -+ _mkcgo_EVP_DigestVerifyFinal = 0 -+ _mkcgo_EVP_DigestVerifyInit = 0 -+ _mkcgo_EVP_EncryptFinal_ex = 0 -+ _mkcgo_EVP_EncryptInit_ex = 0 -+ _mkcgo_EVP_EncryptUpdate = 0 -+ _mkcgo_EVP_MD_CTX_copy_ex = 0 -+ _mkcgo_EVP_MD_CTX_ctrl = 0 -+ _mkcgo_EVP_MD_CTX_free = 0 -+ _mkcgo_EVP_MD_CTX_new = 0 -+ _mkcgo_EVP_PKEY_CTX_ctrl = 0 -+ _mkcgo_EVP_PKEY_CTX_free = 0 -+ _mkcgo_EVP_PKEY_CTX_new = 0 -+ _mkcgo_EVP_PKEY_CTX_new_id = 0 -+ _mkcgo_EVP_PKEY_decrypt = 0 -+ _mkcgo_EVP_PKEY_decrypt_init = 0 -+ _mkcgo_EVP_PKEY_derive = 0 -+ _mkcgo_EVP_PKEY_derive_init = 0 -+ _mkcgo_EVP_PKEY_derive_set_peer = 0 -+ _mkcgo_EVP_PKEY_encrypt = 0 -+ _mkcgo_EVP_PKEY_encrypt_init = 0 -+ _mkcgo_EVP_PKEY_free = 0 -+ _mkcgo_EVP_PKEY_get_raw_private_key = 0 -+ _mkcgo_EVP_PKEY_get_raw_public_key = 0 -+ _mkcgo_EVP_PKEY_keygen = 0 -+ _mkcgo_EVP_PKEY_keygen_init = 0 -+ _mkcgo_EVP_PKEY_new = 0 -+ _mkcgo_EVP_PKEY_new_raw_private_key = 0 -+ _mkcgo_EVP_PKEY_new_raw_public_key = 0 -+ _mkcgo_EVP_PKEY_paramgen = 0 -+ _mkcgo_EVP_PKEY_paramgen_init = 0 -+ _mkcgo_EVP_PKEY_sign = 0 -+ _mkcgo_EVP_PKEY_sign_init = 0 -+ _mkcgo_EVP_PKEY_up_ref = 0 -+ _mkcgo_EVP_PKEY_verify = 0 -+ _mkcgo_EVP_PKEY_verify_init = 0 -+ _mkcgo_EVP_aes_128_cbc = 0 -+ _mkcgo_EVP_aes_128_ctr = 0 -+ _mkcgo_EVP_aes_128_ecb = 0 -+ _mkcgo_EVP_aes_128_gcm = 0 -+ _mkcgo_EVP_aes_192_cbc = 0 -+ _mkcgo_EVP_aes_192_ctr = 0 -+ _mkcgo_EVP_aes_192_ecb = 0 -+ _mkcgo_EVP_aes_192_gcm = 0 -+ _mkcgo_EVP_aes_256_cbc = 0 -+ _mkcgo_EVP_aes_256_ctr = 0 -+ _mkcgo_EVP_aes_256_ecb = 0 -+ _mkcgo_EVP_aes_256_gcm = 0 -+ _mkcgo_EVP_chacha20_poly1305 = 0 -+ _mkcgo_EVP_des_cbc = 0 -+ _mkcgo_EVP_des_ecb = 0 -+ _mkcgo_EVP_des_ede3_cbc = 0 -+ _mkcgo_EVP_des_ede3_ecb = 0 -+ _mkcgo_EVP_md4 = 0 -+ _mkcgo_EVP_md5 = 0 -+ _mkcgo_EVP_md5_sha1 = 0 -+ _mkcgo_EVP_rc4 = 0 -+ _mkcgo_EVP_ripemd160 = 0 -+ _mkcgo_EVP_sha1 = 0 -+ _mkcgo_EVP_sha224 = 0 -+ _mkcgo_EVP_sha256 = 0 -+ _mkcgo_EVP_sha384 = 0 -+ _mkcgo_EVP_sha3_224 = 0 -+ _mkcgo_EVP_sha3_256 = 0 -+ _mkcgo_EVP_sha3_384 = 0 -+ _mkcgo_EVP_sha3_512 = 0 -+ _mkcgo_EVP_sha512 = 0 -+ _mkcgo_EVP_sha512_224 = 0 -+ _mkcgo_EVP_sha512_256 = 0 -+ _mkcgo_OBJ_nid2sn = 0 -+ _mkcgo_OPENSSL_init = 0 -+ _mkcgo_OPENSSL_init_crypto = 0 -+ _mkcgo_OpenSSL_version = 0 -+ _mkcgo_PKCS5_PBKDF2_HMAC = 0 -+ _mkcgo_RAND_bytes = 0 -+} -+ -+func MkcgoLoad_3(handle unsafe.Pointer) { -+ _mkcgo_EC_POINT_set_affine_coordinates = dlsym(handle, "EC_POINT_set_affine_coordinates\x00", false) -+ _mkcgo_EVP_CIPHER_fetch = dlsym(handle, "EVP_CIPHER_fetch\x00", false) -+ _mkcgo_EVP_CIPHER_get0_name = dlsym(handle, "EVP_CIPHER_get0_name\x00", false) -+ _mkcgo_EVP_CIPHER_get_block_size = dlsym(handle, "EVP_CIPHER_get_block_size\x00", false) -+ _mkcgo_EVP_KDF_CTX_free = dlsym(handle, "EVP_KDF_CTX_free\x00", false) -+ _mkcgo_EVP_KDF_CTX_get_kdf_size = dlsym(handle, "EVP_KDF_CTX_get_kdf_size\x00", false) -+ _mkcgo_EVP_KDF_CTX_new = dlsym(handle, "EVP_KDF_CTX_new\x00", false) -+ _mkcgo_EVP_KDF_CTX_set_params = dlsym(handle, "EVP_KDF_CTX_set_params\x00", false) -+ _mkcgo_EVP_KDF_derive = dlsym(handle, "EVP_KDF_derive\x00", false) -+ _mkcgo_EVP_KDF_fetch = dlsym(handle, "EVP_KDF_fetch\x00", false) -+ _mkcgo_EVP_KDF_free = dlsym(handle, "EVP_KDF_free\x00", false) -+ _mkcgo_EVP_KEYMGMT_fetch = dlsym(handle, "EVP_KEYMGMT_fetch\x00", true) -+ _mkcgo_EVP_KEYMGMT_free = dlsym(handle, "EVP_KEYMGMT_free\x00", false) -+ _mkcgo_EVP_MAC_CTX_dup = dlsym(handle, "EVP_MAC_CTX_dup\x00", false) -+ _mkcgo_EVP_MAC_CTX_free = dlsym(handle, "EVP_MAC_CTX_free\x00", false) -+ _mkcgo_EVP_MAC_CTX_new = dlsym(handle, "EVP_MAC_CTX_new\x00", false) -+ _mkcgo_EVP_MAC_CTX_set_params = dlsym(handle, "EVP_MAC_CTX_set_params\x00", false) -+ _mkcgo_EVP_MAC_fetch = dlsym(handle, "EVP_MAC_fetch\x00", false) -+ _mkcgo_EVP_MAC_final = dlsym(handle, "EVP_MAC_final\x00", false) -+ _mkcgo_EVP_MAC_init = dlsym(handle, "EVP_MAC_init\x00", false) -+ _mkcgo_EVP_MAC_update = dlsym(handle, "EVP_MAC_update\x00", false) -+ _mkcgo_EVP_MD_CTX_get_params = dlsym(handle, "EVP_MD_CTX_get_params\x00", false) -+ _mkcgo_EVP_MD_CTX_gettable_params = dlsym(handle, "EVP_MD_CTX_gettable_params\x00", false) -+ _mkcgo_EVP_MD_CTX_set_params = dlsym(handle, "EVP_MD_CTX_set_params\x00", false) -+ _mkcgo_EVP_MD_CTX_settable_params = dlsym(handle, "EVP_MD_CTX_settable_params\x00", false) -+ _mkcgo_EVP_MD_fetch = dlsym(handle, "EVP_MD_fetch\x00", false) -+ _mkcgo_EVP_MD_free = dlsym(handle, "EVP_MD_free\x00", false) -+ _mkcgo_EVP_MD_get0_name = dlsym(handle, "EVP_MD_get0_name\x00", false) -+ _mkcgo_EVP_MD_get0_provider = dlsym(handle, "EVP_MD_get0_provider\x00", false) -+ _mkcgo_EVP_MD_get_block_size = dlsym(handle, "EVP_MD_get_block_size\x00", false) -+ _mkcgo_EVP_MD_get_size = dlsym(handle, "EVP_MD_get_size\x00", false) -+ _mkcgo_EVP_MD_get_type = dlsym(handle, "EVP_MD_get_type\x00", false) -+ _mkcgo_EVP_PKEY_CTX_add1_hkdf_info = dlsym(handle, "EVP_PKEY_CTX_add1_hkdf_info\x00", false) -+ _mkcgo_EVP_PKEY_CTX_new_from_pkey = dlsym(handle, "EVP_PKEY_CTX_new_from_pkey\x00", false) -+ _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label = dlsym(handle, "EVP_PKEY_CTX_set0_rsa_oaep_label\x00", false) -+ _mkcgo_EVP_PKEY_CTX_set1_hkdf_key = dlsym(handle, "EVP_PKEY_CTX_set1_hkdf_key\x00", false) -+ _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt = dlsym(handle, "EVP_PKEY_CTX_set1_hkdf_salt\x00", false) -+ _mkcgo_EVP_PKEY_CTX_set_hkdf_md = dlsym(handle, "EVP_PKEY_CTX_set_hkdf_md\x00", false) -+ _mkcgo_EVP_PKEY_CTX_set_hkdf_mode = dlsym(handle, "EVP_PKEY_CTX_set_hkdf_mode\x00", false) -+ _mkcgo_EVP_PKEY_CTX_set_params = dlsym(handle, "EVP_PKEY_CTX_set_params\x00", false) -+ _mkcgo_EVP_PKEY_Q_keygen = dlsym(handle, "EVP_PKEY_Q_keygen\x00", false) -+ _mkcgo_EVP_PKEY_decapsulate = dlsym(handle, "EVP_PKEY_decapsulate\x00", false) -+ _mkcgo_EVP_PKEY_decapsulate_init = dlsym(handle, "EVP_PKEY_decapsulate_init\x00", false) -+ _mkcgo_EVP_PKEY_encapsulate = dlsym(handle, "EVP_PKEY_encapsulate\x00", false) -+ _mkcgo_EVP_PKEY_encapsulate_init = dlsym(handle, "EVP_PKEY_encapsulate_init\x00", false) -+ _mkcgo_EVP_PKEY_fromdata = dlsym(handle, "EVP_PKEY_fromdata\x00", false) -+ _mkcgo_EVP_PKEY_fromdata_init = dlsym(handle, "EVP_PKEY_fromdata_init\x00", false) -+ _mkcgo_EVP_PKEY_get1_encoded_public_key = dlsym(handle, "EVP_PKEY_get1_encoded_public_key\x00", false) -+ _mkcgo_EVP_PKEY_get_bits = dlsym(handle, "EVP_PKEY_get_bits\x00", false) -+ _mkcgo_EVP_PKEY_get_bn_param = dlsym(handle, "EVP_PKEY_get_bn_param\x00", false) -+ _mkcgo_EVP_PKEY_get_octet_string_param = dlsym(handle, "EVP_PKEY_get_octet_string_param\x00", false) -+ _mkcgo_EVP_PKEY_get_size = dlsym(handle, "EVP_PKEY_get_size\x00", false) -+ _mkcgo_EVP_PKEY_private_check = dlsym(handle, "EVP_PKEY_private_check\x00", false) -+ _mkcgo_EVP_PKEY_public_check_quick = dlsym(handle, "EVP_PKEY_public_check_quick\x00", false) -+ _mkcgo_EVP_PKEY_set1_encoded_public_key = dlsym(handle, "EVP_PKEY_set1_encoded_public_key\x00", false) -+ _mkcgo_EVP_SIGNATURE_fetch = dlsym(handle, "EVP_SIGNATURE_fetch\x00", false) -+ _mkcgo_EVP_SIGNATURE_free = dlsym(handle, "EVP_SIGNATURE_free\x00", false) -+ _mkcgo_EVP_default_properties_enable_fips = dlsym(handle, "EVP_default_properties_enable_fips\x00", false) -+ _mkcgo_EVP_default_properties_is_fips_enabled = dlsym(handle, "EVP_default_properties_is_fips_enabled\x00", false) -+ _mkcgo_OSSL_PARAM_BLD_free = dlsym(handle, "OSSL_PARAM_BLD_free\x00", false) -+ _mkcgo_OSSL_PARAM_BLD_new = dlsym(handle, "OSSL_PARAM_BLD_new\x00", false) -+ _mkcgo_OSSL_PARAM_BLD_push_BN = dlsym(handle, "OSSL_PARAM_BLD_push_BN\x00", false) -+ _mkcgo_OSSL_PARAM_BLD_push_int32 = dlsym(handle, "OSSL_PARAM_BLD_push_int32\x00", false) -+ _mkcgo_OSSL_PARAM_BLD_push_octet_string = dlsym(handle, "OSSL_PARAM_BLD_push_octet_string\x00", false) -+ _mkcgo_OSSL_PARAM_BLD_push_utf8_string = dlsym(handle, "OSSL_PARAM_BLD_push_utf8_string\x00", false) -+ _mkcgo_OSSL_PARAM_BLD_to_param = dlsym(handle, "OSSL_PARAM_BLD_to_param\x00", false) -+ _mkcgo_OSSL_PARAM_free = dlsym(handle, "OSSL_PARAM_free\x00", false) -+ _mkcgo_OSSL_PARAM_locate_const = dlsym(handle, "OSSL_PARAM_locate_const\x00", false) -+ _mkcgo_OSSL_PROVIDER_available = dlsym(handle, "OSSL_PROVIDER_available\x00", false) -+ _mkcgo_OSSL_PROVIDER_get0_name = dlsym(handle, "OSSL_PROVIDER_get0_name\x00", false) -+ _mkcgo_OSSL_PROVIDER_try_load = dlsym(handle, "OSSL_PROVIDER_try_load\x00", false) -+} -+ -+func MkcgoUnload_3() { -+ _mkcgo_EC_POINT_set_affine_coordinates = 0 -+ _mkcgo_EVP_CIPHER_fetch = 0 -+ _mkcgo_EVP_CIPHER_get0_name = 0 -+ _mkcgo_EVP_CIPHER_get_block_size = 0 -+ _mkcgo_EVP_KDF_CTX_free = 0 -+ _mkcgo_EVP_KDF_CTX_get_kdf_size = 0 -+ _mkcgo_EVP_KDF_CTX_new = 0 -+ _mkcgo_EVP_KDF_CTX_set_params = 0 -+ _mkcgo_EVP_KDF_derive = 0 -+ _mkcgo_EVP_KDF_fetch = 0 -+ _mkcgo_EVP_KDF_free = 0 -+ _mkcgo_EVP_KEYMGMT_fetch = 0 -+ _mkcgo_EVP_KEYMGMT_free = 0 -+ _mkcgo_EVP_MAC_CTX_dup = 0 -+ _mkcgo_EVP_MAC_CTX_free = 0 -+ _mkcgo_EVP_MAC_CTX_new = 0 -+ _mkcgo_EVP_MAC_CTX_set_params = 0 -+ _mkcgo_EVP_MAC_fetch = 0 -+ _mkcgo_EVP_MAC_final = 0 -+ _mkcgo_EVP_MAC_init = 0 -+ _mkcgo_EVP_MAC_update = 0 -+ _mkcgo_EVP_MD_CTX_get_params = 0 -+ _mkcgo_EVP_MD_CTX_gettable_params = 0 -+ _mkcgo_EVP_MD_CTX_set_params = 0 -+ _mkcgo_EVP_MD_CTX_settable_params = 0 -+ _mkcgo_EVP_MD_fetch = 0 -+ _mkcgo_EVP_MD_free = 0 -+ _mkcgo_EVP_MD_get0_name = 0 -+ _mkcgo_EVP_MD_get0_provider = 0 -+ _mkcgo_EVP_MD_get_block_size = 0 -+ _mkcgo_EVP_MD_get_size = 0 -+ _mkcgo_EVP_MD_get_type = 0 -+ _mkcgo_EVP_PKEY_CTX_add1_hkdf_info = 0 -+ _mkcgo_EVP_PKEY_CTX_new_from_pkey = 0 -+ _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label = 0 -+ _mkcgo_EVP_PKEY_CTX_set1_hkdf_key = 0 -+ _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt = 0 -+ _mkcgo_EVP_PKEY_CTX_set_hkdf_md = 0 -+ _mkcgo_EVP_PKEY_CTX_set_hkdf_mode = 0 -+ _mkcgo_EVP_PKEY_CTX_set_params = 0 -+ _mkcgo_EVP_PKEY_Q_keygen = 0 -+ _mkcgo_EVP_PKEY_decapsulate = 0 -+ _mkcgo_EVP_PKEY_decapsulate_init = 0 -+ _mkcgo_EVP_PKEY_encapsulate = 0 -+ _mkcgo_EVP_PKEY_encapsulate_init = 0 -+ _mkcgo_EVP_PKEY_fromdata = 0 -+ _mkcgo_EVP_PKEY_fromdata_init = 0 -+ _mkcgo_EVP_PKEY_get1_encoded_public_key = 0 -+ _mkcgo_EVP_PKEY_get_bits = 0 -+ _mkcgo_EVP_PKEY_get_bn_param = 0 -+ _mkcgo_EVP_PKEY_get_octet_string_param = 0 -+ _mkcgo_EVP_PKEY_get_size = 0 -+ _mkcgo_EVP_PKEY_private_check = 0 -+ _mkcgo_EVP_PKEY_public_check_quick = 0 -+ _mkcgo_EVP_PKEY_set1_encoded_public_key = 0 -+ _mkcgo_EVP_SIGNATURE_fetch = 0 -+ _mkcgo_EVP_SIGNATURE_free = 0 -+ _mkcgo_EVP_default_properties_enable_fips = 0 -+ _mkcgo_EVP_default_properties_is_fips_enabled = 0 -+ _mkcgo_OSSL_PARAM_BLD_free = 0 -+ _mkcgo_OSSL_PARAM_BLD_new = 0 -+ _mkcgo_OSSL_PARAM_BLD_push_BN = 0 -+ _mkcgo_OSSL_PARAM_BLD_push_int32 = 0 -+ _mkcgo_OSSL_PARAM_BLD_push_octet_string = 0 -+ _mkcgo_OSSL_PARAM_BLD_push_utf8_string = 0 -+ _mkcgo_OSSL_PARAM_BLD_to_param = 0 -+ _mkcgo_OSSL_PARAM_free = 0 -+ _mkcgo_OSSL_PARAM_locate_const = 0 -+ _mkcgo_OSSL_PROVIDER_available = 0 -+ _mkcgo_OSSL_PROVIDER_get0_name = 0 -+ _mkcgo_OSSL_PROVIDER_try_load = 0 -+} -+ -+func MkcgoLoad_33(handle unsafe.Pointer) { -+ _mkcgo_EVP_DigestFinalXOF = dlsym(handle, "EVP_DigestFinalXOF\x00", false) -+ _mkcgo_EVP_DigestSqueeze = dlsym(handle, "EVP_DigestSqueeze\x00", true) -+} -+ -+func MkcgoUnload_33() { -+ _mkcgo_EVP_DigestFinalXOF = 0 -+ _mkcgo_EVP_DigestSqueeze = 0 -+} -+ -+func MkcgoLoad_init_1(handle unsafe.Pointer) { -+ _mkcgo_FIPS_mode = dlsym(handle, "FIPS_mode\x00", false) -+ _mkcgo_FIPS_mode_set = dlsym(handle, "FIPS_mode_set\x00", false) -+} -+ -+func MkcgoUnload_init_1() { -+ _mkcgo_FIPS_mode = 0 -+ _mkcgo_FIPS_mode_set = 0 -+} -+ -+func MkcgoLoad_init_3(handle unsafe.Pointer) { -+ _mkcgo_BIO_ctrl = dlsym(handle, "BIO_ctrl\x00", false) -+ _mkcgo_BIO_free = dlsym(handle, "BIO_free\x00", false) -+ _mkcgo_BIO_new = dlsym(handle, "BIO_new\x00", false) -+ _mkcgo_BIO_s_mem = dlsym(handle, "BIO_s_mem\x00", false) -+ _mkcgo_ERR_print_errors = dlsym(handle, "ERR_print_errors\x00", false) -+ _mkcgo_EVP_MD_fetch = dlsym(handle, "EVP_MD_fetch\x00", false) -+ _mkcgo_EVP_MD_free = dlsym(handle, "EVP_MD_free\x00", false) -+ _mkcgo_EVP_MD_get0_provider = dlsym(handle, "EVP_MD_get0_provider\x00", false) -+ _mkcgo_EVP_default_properties_is_fips_enabled = dlsym(handle, "EVP_default_properties_is_fips_enabled\x00", false) -+} -+ -+func MkcgoUnload_init_3() { -+ _mkcgo_BIO_ctrl = 0 -+ _mkcgo_BIO_free = 0 -+ _mkcgo_BIO_new = 0 -+ _mkcgo_BIO_s_mem = 0 -+ _mkcgo_ERR_print_errors = 0 -+ _mkcgo_EVP_MD_fetch = 0 -+ _mkcgo_EVP_MD_free = 0 -+ _mkcgo_EVP_MD_get0_provider = 0 -+ _mkcgo_EVP_default_properties_is_fips_enabled = 0 -+} -+ -+func MkcgoLoad_legacy_1(handle unsafe.Pointer) { -+ _mkcgo_DSA_free = dlsym(handle, "DSA_free\x00", false) -+ _mkcgo_DSA_generate_key = dlsym(handle, "DSA_generate_key\x00", false) -+ _mkcgo_DSA_get0_key = dlsym(handle, "DSA_get0_key\x00", false) -+ _mkcgo_DSA_get0_pqg = dlsym(handle, "DSA_get0_pqg\x00", false) -+ _mkcgo_DSA_new = dlsym(handle, "DSA_new\x00", false) -+ _mkcgo_DSA_set0_key = dlsym(handle, "DSA_set0_key\x00", false) -+ _mkcgo_DSA_set0_pqg = dlsym(handle, "DSA_set0_pqg\x00", false) -+ _mkcgo_EC_KEY_check_key = dlsym(handle, "EC_KEY_check_key\x00", false) -+ _mkcgo_EC_KEY_free = dlsym(handle, "EC_KEY_free\x00", false) -+ _mkcgo_EC_KEY_get0_group = dlsym(handle, "EC_KEY_get0_group\x00", false) -+ _mkcgo_EC_KEY_get0_private_key = dlsym(handle, "EC_KEY_get0_private_key\x00", false) -+ _mkcgo_EC_KEY_get0_public_key = dlsym(handle, "EC_KEY_get0_public_key\x00", false) -+ _mkcgo_EC_KEY_new_by_curve_name = dlsym(handle, "EC_KEY_new_by_curve_name\x00", false) -+ _mkcgo_EC_KEY_set_private_key = dlsym(handle, "EC_KEY_set_private_key\x00", false) -+ _mkcgo_EC_KEY_set_public_key = dlsym(handle, "EC_KEY_set_public_key\x00", false) -+ _mkcgo_EC_KEY_set_public_key_affine_coordinates = dlsym(handle, "EC_KEY_set_public_key_affine_coordinates\x00", false) -+ _mkcgo_EC_POINT_get_affine_coordinates_GFp = dlsym(handle, "EC_POINT_get_affine_coordinates_GFp\x00", false) -+ _mkcgo_EVP_CIPHER_get_block_size = dlsym(handle, "EVP_CIPHER_block_size\x00", false) -+ _mkcgo_EVP_MD_get_block_size = dlsym(handle, "EVP_MD_block_size\x00", false) -+ _mkcgo_EVP_MD_get_size = dlsym(handle, "EVP_MD_size\x00", false) -+ _mkcgo_EVP_PKEY_assign = dlsym(handle, "EVP_PKEY_assign\x00", false) -+ _mkcgo_EVP_PKEY_get0_DSA = dlsym(handle, "EVP_PKEY_get0_DSA\x00", false) -+ _mkcgo_EVP_PKEY_get0_EC_KEY = dlsym(handle, "EVP_PKEY_get0_EC_KEY\x00", false) -+ _mkcgo_EVP_PKEY_get1_RSA = dlsym(handle, "EVP_PKEY_get1_RSA\x00", false) -+ _mkcgo_EVP_PKEY_get_bits = dlsym(handle, "EVP_PKEY_bits\x00", false) -+ _mkcgo_EVP_PKEY_get_size = dlsym(handle, "EVP_PKEY_size\x00", false) -+ _mkcgo_EVP_PKEY_set1_EC_KEY = dlsym(handle, "EVP_PKEY_set1_EC_KEY\x00", false) -+ _mkcgo_FIPS_mode = dlsym(handle, "FIPS_mode\x00", false) -+ _mkcgo_FIPS_mode_set = dlsym(handle, "FIPS_mode_set\x00", false) -+ _mkcgo_HMAC_CTX_copy = dlsym(handle, "HMAC_CTX_copy\x00", false) -+ _mkcgo_HMAC_CTX_free = dlsym(handle, "HMAC_CTX_free\x00", false) -+ _mkcgo_HMAC_CTX_new = dlsym(handle, "HMAC_CTX_new\x00", false) -+ _mkcgo_HMAC_Final = dlsym(handle, "HMAC_Final\x00", false) -+ _mkcgo_HMAC_Init_ex = dlsym(handle, "HMAC_Init_ex\x00", false) -+ _mkcgo_HMAC_Update = dlsym(handle, "HMAC_Update\x00", false) -+ _mkcgo_RSA_free = dlsym(handle, "RSA_free\x00", false) -+ _mkcgo_RSA_get0_crt_params = dlsym(handle, "RSA_get0_crt_params\x00", false) -+ _mkcgo_RSA_get0_factors = dlsym(handle, "RSA_get0_factors\x00", false) -+ _mkcgo_RSA_get0_key = dlsym(handle, "RSA_get0_key\x00", false) -+ _mkcgo_RSA_new = dlsym(handle, "RSA_new\x00", false) -+ _mkcgo_RSA_set0_crt_params = dlsym(handle, "RSA_set0_crt_params\x00", false) -+ _mkcgo_RSA_set0_factors = dlsym(handle, "RSA_set0_factors\x00", false) -+ _mkcgo_RSA_set0_key = dlsym(handle, "RSA_set0_key\x00", false) -+} -+ -+func MkcgoUnload_legacy_1() { -+ _mkcgo_DSA_free = 0 -+ _mkcgo_DSA_generate_key = 0 -+ _mkcgo_DSA_get0_key = 0 -+ _mkcgo_DSA_get0_pqg = 0 -+ _mkcgo_DSA_new = 0 -+ _mkcgo_DSA_set0_key = 0 -+ _mkcgo_DSA_set0_pqg = 0 -+ _mkcgo_EC_KEY_check_key = 0 -+ _mkcgo_EC_KEY_free = 0 -+ _mkcgo_EC_KEY_get0_group = 0 -+ _mkcgo_EC_KEY_get0_private_key = 0 -+ _mkcgo_EC_KEY_get0_public_key = 0 -+ _mkcgo_EC_KEY_new_by_curve_name = 0 -+ _mkcgo_EC_KEY_set_private_key = 0 -+ _mkcgo_EC_KEY_set_public_key = 0 -+ _mkcgo_EC_KEY_set_public_key_affine_coordinates = 0 -+ _mkcgo_EC_POINT_get_affine_coordinates_GFp = 0 -+ _mkcgo_EVP_CIPHER_get_block_size = 0 -+ _mkcgo_EVP_MD_get_block_size = 0 -+ _mkcgo_EVP_MD_get_size = 0 -+ _mkcgo_EVP_PKEY_assign = 0 -+ _mkcgo_EVP_PKEY_get0_DSA = 0 -+ _mkcgo_EVP_PKEY_get0_EC_KEY = 0 -+ _mkcgo_EVP_PKEY_get1_RSA = 0 -+ _mkcgo_EVP_PKEY_get_bits = 0 -+ _mkcgo_EVP_PKEY_get_size = 0 -+ _mkcgo_EVP_PKEY_set1_EC_KEY = 0 -+ _mkcgo_FIPS_mode = 0 -+ _mkcgo_FIPS_mode_set = 0 -+ _mkcgo_HMAC_CTX_copy = 0 -+ _mkcgo_HMAC_CTX_free = 0 -+ _mkcgo_HMAC_CTX_new = 0 -+ _mkcgo_HMAC_Final = 0 -+ _mkcgo_HMAC_Init_ex = 0 -+ _mkcgo_HMAC_Update = 0 -+ _mkcgo_RSA_free = 0 -+ _mkcgo_RSA_get0_crt_params = 0 -+ _mkcgo_RSA_get0_factors = 0 -+ _mkcgo_RSA_get0_key = 0 -+ _mkcgo_RSA_new = 0 -+ _mkcgo_RSA_set0_crt_params = 0 -+ _mkcgo_RSA_set0_factors = 0 -+ _mkcgo_RSA_set0_key = 0 -+} -+ -+func MkcgoLoad_version(handle unsafe.Pointer) { -+ _mkcgo_OPENSSL_version_major = dlsym(handle, "OPENSSL_version_major\x00", true) -+ _mkcgo_OPENSSL_version_minor = dlsym(handle, "OPENSSL_version_minor\x00", true) -+ _mkcgo_OPENSSL_version_patch = dlsym(handle, "OPENSSL_version_patch\x00", true) -+ _mkcgo_OpenSSL_version_num = dlsym(handle, "OpenSSL_version_num\x00", true) -+} -+ -+func MkcgoUnload_version() { -+ _mkcgo_OPENSSL_version_major = 0 -+ _mkcgo_OPENSSL_version_minor = 0 -+ _mkcgo_OPENSSL_version_patch = 0 -+ _mkcgo_OpenSSL_version_num = 0 -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/mldsa.go b/src/vendor/github.com/golang-fips/openssl/v2/mldsa.go -new file mode 100644 -index 00000000000000..d608947c8b9ae1 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/mldsa.go -@@ -0,0 +1,448 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "errors" -+ "sync" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+const ( -+ // privateKeySizeMLDSA is the size of an ML-DSA private key seed. -+ privateKeySizeMLDSA = 32 -+ -+ // publicKeySizeMLDSA44 is the size of an ML-DSA-44 public key encoding. -+ publicKeySizeMLDSA44 = 1312 -+ -+ // publicKeySizeMLDSA65 is the size of an ML-DSA-65 public key encoding. -+ publicKeySizeMLDSA65 = 1952 -+ -+ // publicKeySizeMLDSA87 is the size of an ML-DSA-87 public key encoding. -+ publicKeySizeMLDSA87 = 2592 -+ -+ // signatureSizeMLDSA44 is the size of an ML-DSA-44 signature. -+ signatureSizeMLDSA44 = 2420 -+ -+ // signatureSizeMLDSA65 is the size of an ML-DSA-65 signature. -+ signatureSizeMLDSA65 = 3309 -+ -+ // signatureSizeMLDSA87 is the size of an ML-DSA-87 signature. -+ signatureSizeMLDSA87 = 4627 -+ -+ // muSizeMLDSA is the size of the pre-hashed mu input to the external-mu -+ // variants of Sign and Verify. -+ muSizeMLDSA = 64 -+ -+ // maxContextSizeMLDSA is the maximum allowed length of the context string -+ // passed to Sign and Verify. -+ maxContextSizeMLDSA = 255 -+) -+ -+// SupportsMLDSA returns true if the given ML-DSA parameter set is supported -+// on this platform. Providers may not implement every security level, so -+// callers must probe each parameter set they intend to use. -+func SupportsMLDSA(params MLDSAParameters) bool { -+ switch params.keyType { -+ case ossl.EVP_PKEY_ML_DSA_44: -+ return supportsMLDSA44() -+ case ossl.EVP_PKEY_ML_DSA_65: -+ return supportsMLDSA65() -+ case ossl.EVP_PKEY_ML_DSA_87: -+ return supportsMLDSA87() -+ default: -+ return false -+ } -+} -+ -+// probeMLDSA reports whether the OpenSSL provider exposes the given ML-DSA -+// algorithm via the keymgmt fetch interface. ML-DSA was added in OpenSSL 3.5; -+// older 3.x releases return nil for unknown algorithm names, and 1.x lacks -+// the fetch interface entirely. -+func probeMLDSA(name cString) bool { -+ if !ossl.EVP_KEYMGMT_fetch_Available() { -+ return false -+ } -+ mgmt, _ := ossl.EVP_KEYMGMT_fetch(nil, name.ptr(), nil) -+ if mgmt == nil { -+ return false -+ } -+ ossl.EVP_KEYMGMT_free(mgmt) -+ return true -+} -+ -+var ( -+ supportsMLDSA44 = sync.OnceValue(func() bool { return probeMLDSA(_KeyTypeMLDSA44) }) -+ supportsMLDSA65 = sync.OnceValue(func() bool { return probeMLDSA(_KeyTypeMLDSA65) }) -+ supportsMLDSA87 = sync.OnceValue(func() bool { return probeMLDSA(_KeyTypeMLDSA87) }) -+) -+ -+// MLDSAParameters represents one of the fixed ML-DSA parameter sets. -+type MLDSAParameters struct { -+ name string -+ keyType int32 -+ keyTypeName cString -+ publicKeySize int -+ signatureSize int -+} -+ -+var ( -+ mldsa44 = MLDSAParameters{ -+ name: "ML-DSA-44", -+ keyType: ossl.EVP_PKEY_ML_DSA_44, -+ keyTypeName: _KeyTypeMLDSA44, -+ publicKeySize: publicKeySizeMLDSA44, -+ signatureSize: signatureSizeMLDSA44, -+ } -+ mldsa65 = MLDSAParameters{ -+ name: "ML-DSA-65", -+ keyType: ossl.EVP_PKEY_ML_DSA_65, -+ keyTypeName: _KeyTypeMLDSA65, -+ publicKeySize: publicKeySizeMLDSA65, -+ signatureSize: signatureSizeMLDSA65, -+ } -+ mldsa87 = MLDSAParameters{ -+ name: "ML-DSA-87", -+ keyType: ossl.EVP_PKEY_ML_DSA_87, -+ keyTypeName: _KeyTypeMLDSA87, -+ publicKeySize: publicKeySizeMLDSA87, -+ signatureSize: signatureSizeMLDSA87, -+ } -+) -+ -+// MLDSA44 returns the ML-DSA-44 parameter set. -+func MLDSA44() MLDSAParameters { return mldsa44 } -+ -+// MLDSA65 returns the ML-DSA-65 parameter set. -+func MLDSA65() MLDSAParameters { return mldsa65 } -+ -+// MLDSA87 returns the ML-DSA-87 parameter set. -+func MLDSA87() MLDSAParameters { return mldsa87 } -+ -+func (params MLDSAParameters) valid() bool { -+ switch params { -+ case mldsa44, mldsa65, mldsa87: -+ return true -+ default: -+ return false -+ } -+} -+ -+// PublicKeySize returns the size of public keys for this parameter set, in bytes. -+func (params MLDSAParameters) PublicKeySize() int { return params.publicKeySize } -+ -+// SignatureSize returns the size of signatures for this parameter set, in bytes. -+func (params MLDSAParameters) SignatureSize() int { return params.signatureSize } -+ -+// String returns the name of the parameter set. -+func (params MLDSAParameters) String() string { return params.name } -+ -+var errInvalidMLDSAParameters = errors.New("mldsa: invalid parameters") -+ -+// PrivateKeyMLDSA is an ML-DSA private key seed. -+type PrivateKeyMLDSA struct { -+ params MLDSAParameters -+ seed [privateKeySizeMLDSA]byte -+} -+ -+// GenerateKeyMLDSA generates a new ML-DSA private key. -+func GenerateKeyMLDSA(params MLDSAParameters) (*PrivateKeyMLDSA, error) { -+ if !params.valid() { -+ return nil, errInvalidMLDSAParameters -+ } -+ key := &PrivateKeyMLDSA{params: params} -+ if err := generateMLDSASeed(params.keyType, key.seed[:]); err != nil { -+ return nil, err -+ } -+ return key, nil -+} -+ -+// NewPrivateKeyMLDSA constructs an ML-DSA private key from its 32-byte seed. -+func NewPrivateKeyMLDSA(params MLDSAParameters, seed []byte) (*PrivateKeyMLDSA, error) { -+ if !params.valid() { -+ return nil, errInvalidMLDSAParameters -+ } -+ if len(seed) != privateKeySizeMLDSA { -+ return nil, errors.New("mldsa: invalid private key size") -+ } -+ key := &PrivateKeyMLDSA{params: params} -+ copy(key.seed[:], seed) -+ return key, nil -+} -+ -+// Bytes returns the private key seed. -+func (key *PrivateKeyMLDSA) Bytes() []byte { -+ return key.seed[:] -+} -+ -+// Parameters returns the parameters associated with this private key. -+func (key *PrivateKeyMLDSA) Parameters() MLDSAParameters { return key.params } -+ -+// PublicKey returns the corresponding public key. -+func (key *PrivateKeyMLDSA) PublicKey() *PublicKeyMLDSA { -+ publicKey := &PublicKeyMLDSA{params: key.params} -+ if err := mldsaExtractPublicKey(key.params, key.seed[:], publicKey.bytes[:key.params.publicKeySize]); err != nil { -+ panic(err) -+ } -+ return publicKey -+} -+ -+// Sign signs message with the private key, optionally binding the signature -+// to a context string. The context string must be at most 255 bytes long. -+func (key *PrivateKeyMLDSA) Sign(message []byte, context string) ([]byte, error) { -+ return mldsaSign(key.params, key.seed[:], message, context) -+} -+ -+// SignExternalMu signs a pre-hashed mu message representative using ML-DSA. -+// mu must be exactly 64 bytes long. -+func (key *PrivateKeyMLDSA) SignExternalMu(mu []byte) ([]byte, error) { -+ if len(mu) != muSizeMLDSA { -+ return nil, errors.New("mldsa: invalid message hash length") -+ } -+ return mldsaSignExternalMu(key.params, key.seed[:], mu) -+} -+ -+// PublicKeyMLDSA is an ML-DSA public key. -+type PublicKeyMLDSA struct { -+ params MLDSAParameters -+ bytes [publicKeySizeMLDSA87]byte -+} -+ -+// NewPublicKeyMLDSA constructs an ML-DSA public key from its encoding. -+func NewPublicKeyMLDSA(params MLDSAParameters, publicKey []byte) (*PublicKeyMLDSA, error) { -+ if !params.valid() { -+ return nil, errInvalidMLDSAParameters -+ } -+ if len(publicKey) != params.publicKeySize { -+ return nil, errors.New("mldsa: invalid public key size") -+ } -+ // Validate by attempting a key import. -+ pkey, err := createMLDSAPublicKey(params.keyType, publicKey) -+ if err != nil { -+ return nil, err -+ } -+ ossl.EVP_PKEY_free(pkey) -+ key := &PublicKeyMLDSA{params: params} -+ copy(key.bytes[:], publicKey) -+ return key, nil -+} -+ -+// Bytes returns the public key encoding. -+func (key *PublicKeyMLDSA) Bytes() []byte { -+ return key.bytes[:key.params.publicKeySize] -+} -+ -+// Parameters returns the parameters associated with this public key. -+func (key *PublicKeyMLDSA) Parameters() MLDSAParameters { return key.params } -+ -+// Verify verifies an ML-DSA signature over message bound to the given context. -+func (key *PublicKeyMLDSA) Verify(message, signature []byte, context string) error { -+ return mldsaVerify(key.params, key.bytes[:key.params.publicKeySize], message, signature, context) -+} -+ -+// VerifyExternalMu verifies an ML-DSA signature over a pre-hashed mu message -+// representative. mu must be exactly 64 bytes long. -+func (key *PublicKeyMLDSA) VerifyExternalMu(mu, signature []byte) error { -+ if len(mu) != muSizeMLDSA { -+ return errors.New("mldsa: invalid message hash length") -+ } -+ return mldsaVerifyExternalMu(key.params, key.bytes[:key.params.publicKeySize], mu, signature) -+} -+ -+// Helper functions -+ -+// generateMLDSASeed generates a new ML-DSA private key and extracts the seed. -+func generateMLDSASeed(keyType int32, seed []byte) error { -+ pkey, err := generateEVPPKey(keyType, 0, "") -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ -+ _, err = ossl.EVP_PKEY_get_octet_string_param(pkey, _OSSL_PKEY_PARAM_ML_DSA_SEED.ptr(), seed, nil) -+ return err -+} -+ -+// createMLDSAPrivateKey creates an ML-DSA EVP_PKEY from a 32-byte seed. -+func createMLDSAPrivateKey(id int32, seed []byte) (ossl.EVP_PKEY_PTR, error) { -+ if len(seed) != privateKeySizeMLDSA { -+ return nil, errors.New("mldsa: invalid seed size") -+ } -+ -+ bld := newParamBuilder() -+ defer bld.finalize() -+ -+ bld.addOctetString(_OSSL_PKEY_PARAM_ML_DSA_SEED, seed) -+ -+ params, err := bld.build() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ -+ return newEvpFromParams(id, ossl.EVP_PKEY_KEYPAIR, params) -+} -+ -+// createMLDSAPublicKey creates an ML-DSA EVP_PKEY from encoded public key bytes. -+func createMLDSAPublicKey(id int32, pubKeyBytes []byte) (ossl.EVP_PKEY_PTR, error) { -+ bld := newParamBuilder() -+ defer bld.finalize() -+ -+ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubKeyBytes) -+ -+ params, err := bld.build() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ -+ return newEvpFromParams(id, ossl.EVP_PKEY_PUBLIC_KEY, params) -+} -+ -+// mldsaExtractPublicKey derives and copies the encoded public key bytes from -+// a private key seed. -+func mldsaExtractPublicKey(params MLDSAParameters, seed, dst []byte) error { -+ pkey, err := createMLDSAPrivateKey(params.keyType, seed) -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ -+ var pubLen int -+ if _, err := ossl.EVP_PKEY_get_octet_string_param(pkey, _OSSL_PKEY_PARAM_PUB_KEY.ptr(), dst, &pubLen); err != nil { -+ return err -+ } -+ if pubLen != params.publicKeySize { -+ return errors.New("mldsa: unexpected public key size") -+ } -+ return nil -+} -+ -+// mldsaSigParams builds the OSSL_PARAM array used to bind a context string -+// (and/or the external-mu flag) to an ML-DSA Sign or Verify operation. -+// Returns nil params when neither is set. -+func mldsaSigParams(context string, externalMu bool) (ossl.OSSL_PARAM_PTR, error) { -+ if len(context) > maxContextSizeMLDSA { -+ return nil, errors.New("mldsa: context too long") -+ } -+ if context == "" && !externalMu { -+ return nil, nil -+ } -+ bld := newParamBuilder() -+ defer bld.finalize() -+ if context != "" { -+ bld.addOctetString(_OSSL_SIGNATURE_PARAM_CONTEXT_STRING, []byte(context)) -+ } -+ if externalMu { -+ bld.addInt32(_OSSL_SIGNATURE_PARAM_MU, 1) -+ } -+ return bld.build() -+} -+ -+func mldsaSign(params MLDSAParameters, seed, message []byte, context string) ([]byte, error) { -+ pkey, err := createMLDSAPrivateKey(params.keyType, seed) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ -+ return mldsaSignWithKey(pkey, params, message, context, false) -+} -+ -+func mldsaSignExternalMu(params MLDSAParameters, seed, mu []byte) ([]byte, error) { -+ pkey, err := createMLDSAPrivateKey(params.keyType, seed) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ -+ return mldsaSignWithKey(pkey, params, mu, "", true) -+} -+ -+func mldsaSignWithKey(pkey ossl.EVP_PKEY_PTR, params MLDSAParameters, message []byte, context string, externalMu bool) ([]byte, error) { -+ mdctx, err := ossl.EVP_MD_CTX_new() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_MD_CTX_free(mdctx) -+ -+ var pctx ossl.EVP_PKEY_CTX_PTR -+ if _, err := ossl.EVP_DigestSignInit(mdctx, &pctx, nil, nil, pkey); err != nil { -+ return nil, err -+ } -+ sigParams, err := mldsaSigParams(context, externalMu) -+ if err != nil { -+ return nil, err -+ } -+ if sigParams != nil { -+ defer ossl.OSSL_PARAM_free(sigParams) -+ if _, err := ossl.EVP_PKEY_CTX_set_params(pctx, sigParams); err != nil { -+ return nil, err -+ } -+ } -+ -+ signature := make([]byte, params.signatureSize) -+ siglen := params.signatureSize -+ if _, err := ossl.EVP_DigestSign(mdctx, signature, &siglen, message); err != nil { -+ return nil, err -+ } -+ if siglen != params.signatureSize { -+ return nil, errors.New("mldsa: unexpected signature length") -+ } -+ return signature[:siglen], nil -+} -+ -+func mldsaVerify(params MLDSAParameters, publicKey, message, signature []byte, context string) error { -+ if len(signature) != params.signatureSize { -+ return errors.New("mldsa: invalid signature length") -+ } -+ pkey, err := createMLDSAPublicKey(params.keyType, publicKey) -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ -+ return mldsaVerifyWithKey(pkey, message, signature, context, false) -+} -+ -+func mldsaVerifyExternalMu(params MLDSAParameters, publicKey, mu, signature []byte) error { -+ if len(signature) != params.signatureSize { -+ return errors.New("mldsa: invalid signature length") -+ } -+ pkey, err := createMLDSAPublicKey(params.keyType, publicKey) -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ -+ return mldsaVerifyWithKey(pkey, mu, signature, "", true) -+} -+ -+func mldsaVerifyWithKey(pkey ossl.EVP_PKEY_PTR, message, signature []byte, context string, externalMu bool) error { -+ mdctx, err := ossl.EVP_MD_CTX_new() -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_MD_CTX_free(mdctx) -+ -+ var pctx ossl.EVP_PKEY_CTX_PTR -+ if _, err := ossl.EVP_DigestVerifyInit(mdctx, &pctx, nil, nil, pkey); err != nil { -+ return err -+ } -+ sigParams, err := mldsaSigParams(context, externalMu) -+ if err != nil { -+ return err -+ } -+ if sigParams != nil { -+ defer ossl.OSSL_PARAM_free(sigParams) -+ if _, err := ossl.EVP_PKEY_CTX_set_params(pctx, sigParams); err != nil { -+ return err -+ } -+ } -+ -+ if _, err := ossl.EVP_DigestVerify(mdctx, signature, message); err != nil { -+ return errors.New("mldsa: invalid signature") -+ } -+ return nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/mlkem.go b/src/vendor/github.com/golang-fips/openssl/v2/mlkem.go -new file mode 100644 -index 00000000000000..1bf7ae9aade6af ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/mlkem.go -@@ -0,0 +1,368 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "errors" -+ "sync" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+const ( -+ // sharedKeySizeMLKEM is the size of a shared key produced by ML-KEM. -+ sharedKeySizeMLKEM = 32 -+ -+ // seedSizeMLKEM is the size of a seed used to generate a decapsulation key. -+ seedSizeMLKEM = 64 -+ -+ // ciphertextSizeMLKEM768 is the size of a ciphertext produced by ML-KEM-768. -+ ciphertextSizeMLKEM768 = 1088 -+ -+ // encapsulationKeySizeMLKEM768 is the size of an ML-KEM-768 encapsulation key. -+ encapsulationKeySizeMLKEM768 = 1184 -+ -+ // ciphertextSizeMLKEM1024 is the size of a ciphertext produced by ML-KEM-1024. -+ ciphertextSizeMLKEM1024 = 1568 -+ -+ // encapsulationKeySizeMLKEM1024 is the size of an ML-KEM-1024 encapsulation key. -+ encapsulationKeySizeMLKEM1024 = 1568 -+) -+ -+// SupportsMLKEM768 returns true if ML-KEM-768 is supported on this platform. -+func SupportsMLKEM768() bool { -+ return supportsMLKEM768() -+} -+ -+// SupportsMLKEM1024 returns true if ML-KEM-1024 is supported on this platform. -+func SupportsMLKEM1024() bool { -+ return supportsMLKEM1024() -+} -+ -+var supportsMLKEM768 = sync.OnceValue(func() bool { -+ // EVP_KEYMGMT_fetch was added in OpenSSL 3.0; if it is not available we -+ // are on 1.x and ML-KEM is not supported. On 3.0–3.4 the fetch returns -+ // nil for the ML-KEM algorithm name, which the probe reports as false. -+ if !ossl.EVP_KEYMGMT_fetch_Available() { -+ return false -+ } -+ sig, _ := ossl.EVP_KEYMGMT_fetch(nil, _KeyTypeMLKEM768.ptr(), nil) -+ if sig == nil { -+ return false -+ } -+ ossl.EVP_KEYMGMT_free(sig) -+ return true -+}) -+ -+var supportsMLKEM1024 = sync.OnceValue(func() bool { -+ if !ossl.EVP_KEYMGMT_fetch_Available() { -+ return false -+ } -+ sig, _ := ossl.EVP_KEYMGMT_fetch(nil, _KeyTypeMLKEM1024.ptr(), nil) -+ if sig == nil { -+ return false -+ } -+ ossl.EVP_KEYMGMT_free(sig) -+ return true -+}) -+ -+// DecapsulationKeyMLKEM768 is the secret key used to decapsulate a shared key -+// from a ciphertext. It includes various precomputed values. -+type DecapsulationKeyMLKEM768 [seedSizeMLKEM]byte -+ -+// GenerateKeyMLKEM768 generates a new decapsulation key, drawing random bytes from -+// the default crypto/rand source. The decapsulation key must be kept secret. -+func GenerateKeyMLKEM768() (DecapsulationKeyMLKEM768, error) { -+ var dk DecapsulationKeyMLKEM768 -+ if err := generateMLKEMSeed(ossl.EVP_PKEY_MLKEM_768, dk[:]); err != nil { -+ return DecapsulationKeyMLKEM768{}, err -+ } -+ return dk, nil -+} -+ -+// NewDecapsulationKeyMLKEM768 expands a decapsulation key from a 64-byte seed in the -+// "d || z" form. The seed must be uniformly random. -+func NewDecapsulationKeyMLKEM768(seed []byte) (DecapsulationKeyMLKEM768, error) { -+ if len(seed) != seedSizeMLKEM { -+ return DecapsulationKeyMLKEM768{}, errors.New("mlkem: invalid seed size") -+ } -+ -+ var dk DecapsulationKeyMLKEM768 -+ copy(dk[:], seed) -+ return dk, nil -+} -+ -+// Bytes returns the decapsulation key as a 64-byte seed in the "d || z" form. -+// -+// The decapsulation key must be kept secret. -+func (dk DecapsulationKeyMLKEM768) Bytes() []byte { -+ return dk[:] -+} -+ -+// Decapsulate generates a shared key from a ciphertext and a decapsulation -+// key. If the ciphertext is not valid, Decapsulate returns an error. -+// -+// The shared key must be kept secret. -+func (dk DecapsulationKeyMLKEM768) Decapsulate(ciphertext []byte) (sharedKey []byte, err error) { -+ return performDecapsulation(ossl.NID_ML_KEM_768, dk[:], ciphertext) -+} -+ -+// EncapsulationKey returns the public encapsulation key necessary to produce -+// ciphertexts. -+func (dk DecapsulationKeyMLKEM768) EncapsulationKey() EncapsulationKeyMLKEM768 { -+ ekBytes := extractEncapsulationKeyBytes(ossl.NID_ML_KEM_768, dk[:], encapsulationKeySizeMLKEM768) -+ var ek EncapsulationKeyMLKEM768 -+ copy(ek[:], ekBytes) -+ return ek -+} -+ -+// An EncapsulationKeyMLKEM768 is the public key used to produce ciphertexts to be -+// decapsulated by the corresponding DecapsulationKeyMLKEM768. -+type EncapsulationKeyMLKEM768 [encapsulationKeySizeMLKEM768]byte -+ -+// NewEncapsulationKeyMLKEM768 parses an encapsulation key from its encoded form. If -+// the encapsulation key is not valid, NewEncapsulationKeyMLKEM768 returns an error. -+func NewEncapsulationKeyMLKEM768(encapsulationKey []byte) (EncapsulationKeyMLKEM768, error) { -+ if len(encapsulationKey) != encapsulationKeySizeMLKEM768 { -+ return EncapsulationKeyMLKEM768{}, errors.New("mlkem: invalid encapsulation key size") -+ } -+ -+ var ek EncapsulationKeyMLKEM768 -+ copy(ek[:], encapsulationKey) -+ return ek, nil -+} -+ -+// Bytes returns the encapsulation key as a byte slice. -+func (ek EncapsulationKeyMLKEM768) Bytes() []byte { -+ return ek[:] -+} -+ -+// Encapsulate generates a shared key and an associated ciphertext from an -+// encapsulation key, drawing random bytes from the default crypto/rand source. -+// -+// The shared key must be kept secret. -+func (ek EncapsulationKeyMLKEM768) Encapsulate() (sharedKey, ciphertext []byte) { -+ return performEncapsulation(ossl.NID_ML_KEM_768, ciphertextSizeMLKEM768, ek[:]) -+} -+ -+func performEncapsulation(id int32, ciphertextSize int, ek []byte) (sharedKey, ciphertext []byte) { -+ pkey, err := createMLKEMPublicKey(id, ek) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ -+ // Create encapsulation context -+ ctx, err := ossl.EVP_PKEY_CTX_new_from_pkey(nil, pkey, nil) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ -+ // Initialize encapsulation -+ if _, err := ossl.EVP_PKEY_encapsulate_init(ctx, nil); err != nil { -+ panic(err) -+ } -+ -+ // Perform encapsulation - allocate buffers based on the key size -+ sharedKey = make([]byte, sharedKeySizeMLKEM) -+ ciphertext = make([]byte, ciphertextSize) -+ -+ sharedKeyLen := len(sharedKey) -+ ciphertextLen := len(ciphertext) -+ -+ if _, err := ossl.EVP_PKEY_encapsulate(ctx, base(ciphertext), &ciphertextLen, base(sharedKey), &sharedKeyLen); err != nil { -+ panic(err) -+ } -+ -+ return sharedKey[:sharedKeyLen], ciphertext[:ciphertextLen] -+} -+ -+func performDecapsulation(id int32, seed, ciphertext []byte) (sharedKey []byte, err error) { -+ if len(ciphertext) == 0 { -+ return nil, errors.New("mlkem: invalid ciphertext size") -+ } -+ -+ pkey, err := createMLKEMPrivateKey(id, seed) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ -+ // Create decapsulation context -+ ctx, err := ossl.EVP_PKEY_CTX_new_from_pkey(nil, pkey, nil) -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ -+ // Initialize decapsulation -+ if _, err := ossl.EVP_PKEY_decapsulate_init(ctx, nil); err != nil { -+ return nil, err -+ } -+ -+ // Perform decapsulation -+ sharedKey = make([]byte, sharedKeySizeMLKEM) -+ sharedKeyLen := len(sharedKey) -+ if _, err := ossl.EVP_PKEY_decapsulate(ctx, base(sharedKey), &sharedKeyLen, base(ciphertext), len(ciphertext)); err != nil { -+ return nil, err -+ } -+ -+ return sharedKey[:sharedKeyLen], nil -+} -+ -+// DecapsulationKeyMLKEM1024 is the secret key used to decapsulate a shared key -+// from a ciphertext. It includes various precomputed values. -+type DecapsulationKeyMLKEM1024 [seedSizeMLKEM]byte -+ -+// GenerateKeyMLKEM1024 generates a new decapsulation key, drawing random bytes from -+// the default crypto/rand source. The decapsulation key must be kept secret. -+func GenerateKeyMLKEM1024() (DecapsulationKeyMLKEM1024, error) { -+ var dk DecapsulationKeyMLKEM1024 -+ if err := generateMLKEMSeed(ossl.EVP_PKEY_MLKEM_1024, dk[:]); err != nil { -+ return DecapsulationKeyMLKEM1024{}, err -+ } -+ return dk, nil -+} -+ -+// NewDecapsulationKeyMLKEM1024 expands a decapsulation key from a 64-byte seed in the -+// "d || z" form. The seed must be uniformly random. -+func NewDecapsulationKeyMLKEM1024(seed []byte) (DecapsulationKeyMLKEM1024, error) { -+ if len(seed) != seedSizeMLKEM { -+ return DecapsulationKeyMLKEM1024{}, errors.New("mlkem: invalid seed size") -+ } -+ -+ var dk DecapsulationKeyMLKEM1024 -+ copy(dk[:], seed) -+ return dk, nil -+} -+ -+// Bytes returns the decapsulation key as a 64-byte seed in the "d || z" form. -+// -+// The decapsulation key must be kept secret. -+func (dk DecapsulationKeyMLKEM1024) Bytes() []byte { -+ return dk[:] -+} -+ -+// Decapsulate generates a shared key from a ciphertext and a decapsulation -+// key. If the ciphertext is not valid, Decapsulate returns an error. -+// -+// The shared key must be kept secret. -+func (dk DecapsulationKeyMLKEM1024) Decapsulate(ciphertext []byte) (sharedKey []byte, err error) { -+ return performDecapsulation(ossl.NID_ML_KEM_1024, dk[:], ciphertext) -+} -+ -+// EncapsulationKey returns the public encapsulation key necessary to produce -+// ciphertexts. -+func (dk DecapsulationKeyMLKEM1024) EncapsulationKey() EncapsulationKeyMLKEM1024 { -+ ekBytes := extractEncapsulationKeyBytes(ossl.NID_ML_KEM_1024, dk[:], encapsulationKeySizeMLKEM1024) -+ var ek EncapsulationKeyMLKEM1024 -+ copy(ek[:], ekBytes) -+ return ek -+} -+ -+// An EncapsulationKeyMLKEM1024 is the public key used to produce ciphertexts to be -+// decapsulated by the corresponding DecapsulationKeyMLKEM1024. -+type EncapsulationKeyMLKEM1024 [encapsulationKeySizeMLKEM1024]byte -+ -+// NewEncapsulationKeyMLKEM1024 parses an encapsulation key from its encoded form. If -+// the encapsulation key is not valid, NewEncapsulationKeyMLKEM1024 returns an error. -+func NewEncapsulationKeyMLKEM1024(encapsulationKey []byte) (EncapsulationKeyMLKEM1024, error) { -+ if len(encapsulationKey) != encapsulationKeySizeMLKEM1024 { -+ return EncapsulationKeyMLKEM1024{}, errors.New("mlkem: invalid encapsulation key size") -+ } -+ -+ var ek EncapsulationKeyMLKEM1024 -+ copy(ek[:], encapsulationKey) -+ return ek, nil -+} -+ -+// Bytes returns the encapsulation key as a byte slice. -+func (ek EncapsulationKeyMLKEM1024) Bytes() []byte { -+ return ek[:] -+} -+ -+// Encapsulate generates a shared key and an associated ciphertext from an -+// encapsulation key, drawing random bytes from the default crypto/rand source. -+// -+// The shared key must be kept secret. -+func (ek EncapsulationKeyMLKEM1024) Encapsulate() (sharedKey, ciphertext []byte) { -+ return performEncapsulation(ossl.NID_ML_KEM_1024, ciphertextSizeMLKEM1024, ek[:]) -+} -+ -+// Helper functions -+ -+// generateMLKEMSeed generates a new ML-KEM seed by creating a key and extracting its seed parameter. -+func generateMLKEMSeed(keyType int32, seed []byte) error { -+ pkey, err := generateEVPPKey(keyType, 0, "") -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ -+ _, err = ossl.EVP_PKEY_get_octet_string_param(pkey, _OSSL_PKEY_PARAM_ML_KEM_SEED.ptr(), seed, nil) -+ return err -+} -+ -+// createMLKEMPrivateKey creates an ML-KEM private key from a seed -+func createMLKEMPrivateKey(id int32, seed []byte) (ossl.EVP_PKEY_PTR, error) { -+ if len(seed) != seedSizeMLKEM { -+ return nil, errors.New("mlkem: invalid seed size") -+ } -+ -+ bld := newParamBuilder() -+ defer bld.finalize() -+ -+ bld.addOctetString(_OSSL_PKEY_PARAM_ML_KEM_SEED, seed) -+ -+ params, err := bld.build() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ -+ return newEvpFromParams(id, ossl.EVP_PKEY_KEYPAIR, params) -+} -+ -+// createMLKEMPublicKey creates an ML-KEM public key from encoded bytes. -+func createMLKEMPublicKey(id int32, pubKeyBytes []byte) (ossl.EVP_PKEY_PTR, error) { -+ bld := newParamBuilder() -+ defer bld.finalize() -+ -+ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubKeyBytes) -+ -+ params, err := bld.build() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ -+ return newEvpFromParams(id, ossl.EVP_PKEY_PUBLIC_KEY, params) -+} -+ -+// extractEncapsulationKeyBytes extracts the encapsulation key bytes from a decapsulation key. -+func extractEncapsulationKeyBytes(id int32, seed []byte, expectedSize int) []byte { -+ pkey, err := createMLKEMPrivateKey(id, seed) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ -+ // Extract public key bytes -+ var pubBytes *byte -+ pubLen, err := ossl.EVP_PKEY_get1_encoded_public_key(pkey, &pubBytes) -+ if err != nil { -+ panic(err) -+ } -+ defer cryptoFree(unsafe.Pointer(pubBytes)) -+ -+ if pubLen != expectedSize { -+ panic(errors.New("mlkem: invalid encapsulation key size")) -+ } -+ -+ // Copy the bytes before pubBytes is freed -+ result := make([]byte, pubLen) -+ copy(result, unsafe.Slice(pubBytes, pubLen)) -+ return result -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/openssl.go b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go -new file mode 100644 -index 00000000000000..212d3979c59529 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go -@@ -0,0 +1,240 @@ -+//go:build !cmd_go_bootstrap -+ -+// Package openssl provides access to OpenSSL cryptographic functions. -+package openssl -+ -+import ( -+ "errors" -+ "math/bits" -+ "strconv" -+ "sync" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+ "github.com/golang-fips/openssl/v2/osslsetup" -+) -+ -+// CheckVersion checks if the OpenSSL version can be loaded -+// and if the FIPS mode is enabled. -+// This function can be called before Init. -+// All OpenSSL functions used in here should be tagged with "init_1" or "init_3" in shims.h. -+func CheckVersion(version string) (exists, fips bool) { -+ return osslsetup.CheckVersion(version) -+} -+ -+var isBigEndian = sync.OnceValue(func() bool { -+ buf := [2]byte{} -+ *(*uint16)(unsafe.Pointer(&buf[0])) = uint16(0xABCD) -+ -+ switch buf { -+ case [2]byte{0xCD, 0xAB}: -+ return false -+ case [2]byte{0xAB, 0xCD}: -+ return true -+ default: -+ panic("Could not determine native endianness.") -+ } -+}) -+ -+func major() int { -+ return osslsetup.VersionMajor() -+} -+ -+func minor() int { -+ return osslsetup.VersionMinor() -+} -+ -+func patch() int { -+ return osslsetup.VersionPatch() -+} -+ -+// Init loads and initializes OpenSSL from the shared library at path. -+// It must be called before any other OpenSSL call, except CheckVersion. -+// -+// Only the first call to Init is effective. -+// Subsequent calls will return the same error result as the one from the first call. -+// -+// The file is passed to dlopen() verbatim to load the OpenSSL shared library. -+// For example, `file=libcrypto.so.1.1.1k-fips` makes Init look for the shared -+// library libcrypto.so.1.1.1k-fips. -+func Init(file string) error { -+ if err := osslsetup.Init(file); err != nil { -+ return err -+ } -+ return nil -+} -+ -+func utoa(n int) string { -+ return strconv.FormatUint(uint64(n), 10) -+} -+ -+func errUnsupportedVersion() error { -+ return errors.New("openssl: unsupported OpenSSL version: " + utoa(major()) + "." + utoa(minor()) + "." + utoa(patch()) + " (minimum supported version is 1.1.1)") -+} -+ -+// checkMajorVersion panics if the current major version is not one of the expected versions. -+func checkMajorVersion(expected ...int) { -+ for _, v := range expected { -+ if major() == v { -+ return -+ } -+ } -+ panic("openssl: incorrect major version (" + strconv.Itoa(major()) + ")") -+} -+ -+type fail string -+ -+func (e fail) Error() string { return "openssl: " + string(e) + " failed" } -+ -+// VersionText returns the version text of the OpenSSL currently loaded. -+// -+//go:fix inline -+func VersionText() string { -+ return osslsetup.VersionText() -+} -+ -+// FIPS returns true if OpenSSL is running in FIPS mode and there is -+// a provider available that supports FIPS. It returns false otherwise. -+// All OpenSSL functions used in here should be tagged with "init_1" or "init_3" in shims.h. -+// -+//go:fix inline -+func FIPS() bool { -+ return osslsetup.FIPS() -+} -+ -+// FIPSCapable returns true if the provider used by default matches the `fips=yes` query. -+// See [osslsetup.FIPSCapable] for details. -+// -+//go:fix inline -+func FIPSCapable() bool { -+ return osslsetup.FIPSCapable() -+} -+ -+// SetFIPS enables or disables FIPS mode. -+// -+// For OpenSSL 3, if there is no provider available that supports FIPS mode, -+// SetFIPS will try to load a built-in provider that supports FIPS mode. -+// -+//go:fix inline -+func SetFIPS(enable bool) error { -+ return osslsetup.SetFIPS(enable) -+} -+ -+// sliceNeverNil returns b if non-nil, and a non-nil zero-length slice otherwise. -+func sliceNeverNil(b []byte) []byte { -+ if b == nil { -+ return []byte{} -+ } -+ return b -+} -+ -+// base returns the address of the underlying array in b, -+// being careful not to panic when b has zero length. -+func base(b []byte) *byte { -+ if len(b) == 0 { -+ return nil -+ } -+ return unsafe.SliceData(b) -+} -+ -+//go:linkname throw runtime.throw -+func throw(string) -+ -+// cryptoMalloc allocates n bytes of memory on the OpenSSL heap, which may be -+// different from the heap which C.malloc allocates on. The allocated object -+// must be freed using cryptoFree. cryptoMalloc is equivalent to the -+// OPENSSL_malloc macro. -+// -+// Like C.malloc, this function is guaranteed to never return nil. If OpenSSL's -+// malloc indicates out of memory, it crashes the program. -+// -+// Only objects which the OpenSSL library will take ownership of (i.e. will be -+// freed by OPENSSL_free / CRYPTO_free) need to be allocated on the OpenSSL -+// heap. -+func cryptoMalloc(n int) unsafe.Pointer { -+ p, _ := ossl.CRYPTO_malloc(n, nil, 0) -+ if p == nil { -+ // Un-recover()-ably crash the program in the same manner as the -+ // C.malloc() wrapper function. -+ throw("openssl: CRYPTO_malloc failed") -+ } -+ return p -+} -+ -+// cryptoFree frees an object allocated on the OpenSSL heap, which may be -+// different from the heap which C.malloc allocates on. cryptoFree is equivalent -+// to the OPENSSL_free macro. -+func cryptoFree(p unsafe.Pointer) { -+ ossl.CRYPTO_free(p, nil, 0) -+} -+ -+const wordBytes = bits.UintSize / 8 -+ -+// Reverse each limb of z. -+func (z BigInt) byteSwap() { -+ for i, d := range z { -+ var n uint = 0 -+ for j := range wordBytes { -+ n |= uint(byte(d)) << (8 * (wordBytes - j - 1)) -+ d >>= 8 -+ } -+ z[i] = n -+ } -+} -+ -+func wbase(b BigInt) *byte { -+ if len(b) == 0 { -+ return nil -+ } -+ return (*byte)(unsafe.Pointer(unsafe.SliceData(b))) -+} -+ -+func bigToBN(x BigInt) (ossl.BIGNUM_PTR, error) { -+ if len(x) == 0 { -+ return nil, nil -+ } -+ if isBigEndian() { -+ z := make(BigInt, len(x)) -+ copy(z, x) -+ z.byteSwap() -+ x = z -+ } -+ // Limbs are always ordered in LSB first, so we can safely apply -+ // BN_lebin2bn regardless of host endianness. -+ bn, err := ossl.BN_lebin2bn(unsafe.Slice(wbase(x), len(x)*wordBytes), nil) -+ if err != nil { -+ return nil, err -+ } -+ return bn, nil -+} -+ -+func bnToBig(bn ossl.BIGNUM_PTR) BigInt { -+ if bn == nil { -+ return nil -+ } -+ -+ // Limbs are always ordered in LSB first, so we can safely apply -+ // BN_bn2lebinpad regardless of host endianness. -+ x := make(BigInt, ossl.BN_num_bits(bn)) -+ if _, err := ossl.BN_bn2lebinpad(bn, unsafe.Slice(wbase(x), len(x)*wordBytes)); err != nil { -+ panic(err) -+ } -+ if isBigEndian() { -+ x.byteSwap() -+ } -+ return x -+} -+ -+// bnToBinPad converts the absolute value of bn into big-endian form and stores -+// it at to, padding with zeroes if necessary. If len(to) is not large enough to -+// hold the result, an error is returned. -+func bnToBinPad(bn ossl.BIGNUM_PTR, to []byte) error { -+ _, err := ossl.BN_bn2binpad(bn, to) -+ return err -+} -+ -+func bigEndianUint64(b []byte) uint64 { -+ _ = b[7] // bounds check hint to compiler; see golang.org/issue/14808 -+ return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | -+ uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/openssl_cgo.go b/src/vendor/github.com/golang-fips/openssl/v2/openssl_cgo.go -new file mode 100644 -index 00000000000000..c35f1bdcbef80b ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/openssl_cgo.go -@@ -0,0 +1,16 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "C" -+import "unsafe" -+ -+// goString converts a C string pointer to a Go string for cgo mode -+func goString(ptr *byte) string { -+ return C.GoString((*C.char)(unsafe.Pointer(ptr))) -+} -+ -+// goBytes converts a C byte array to a Go byte slice for cgo mode -+func goBytes(ptr unsafe.Pointer, length int) []byte { -+ return C.GoBytes(ptr, C.int(length)) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/openssl_nocgo.go b/src/vendor/github.com/golang-fips/openssl/v2/openssl_nocgo.go -new file mode 100644 -index 00000000000000..47bfafa9d4c63f ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/openssl_nocgo.go -@@ -0,0 +1,32 @@ -+//go:build !cgo -+ -+package openssl -+ -+import "unsafe" -+ -+// goString converts a C string pointer to a Go string for nocgo mode -+func goString(ptr *byte) string { -+ if ptr == nil { -+ return "" -+ } -+ var result []byte -+ for i := 0; ; i++ { -+ b := *(*byte)(unsafe.Pointer(uintptr(unsafe.Pointer(ptr)) + uintptr(i))) -+ if b == 0 { -+ break -+ } -+ result = append(result, b) -+ } -+ return string(result) -+} -+ -+// goBytes converts a C byte array to a Go byte slice for nocgo mode -+func goBytes(ptr unsafe.Pointer, length int) []byte { -+ if ptr == nil || length == 0 { -+ return nil -+ } -+ // Copy the data to Go memory, similar to C.GoBytes -+ result := make([]byte, length) -+ copy(result, unsafe.Slice((*byte)(ptr), length)) -+ return result -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/fips.go b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/fips.go -new file mode 100644 -index 00000000000000..138e1ab10f7f75 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/fips.go -@@ -0,0 +1,166 @@ -+//go:build !cmd_go_bootstrap -+ -+package osslsetup -+ -+import ( -+ "errors" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// cString is a null-terminated string, -+// akin to C's char*. -+type cString string -+ -+// ptr returns a pointer to the string data. -+// It panics if the string is not null-terminated. -+// -+// The memory pointed to by the returned pointer should -+// not be modified and it must only be passed to -+// "const char*" parameters. Any attempt to modify it -+// will result in a runtime panic, as Go strings are -+// allocated in read-only memory. -+func (s cString) ptr() *byte { -+ if len(s) == 0 { -+ return nil -+ } -+ if s[len(s)-1] != 0 { -+ panic("must be null-terminated") -+ } -+ return unsafe.StringData(string(s)) -+} -+ -+const ( -+ // Provider names -+ _ProviderNameFips cString = "fips\x00" -+ _ProviderNameDefault cString = "default\x00" -+ -+ // Property strings -+ _PropFIPSYes cString = "fips=yes\x00" -+ _PropFIPSNo cString = "-fips\x00" -+ -+ // Digest Names -+ _DigestNameSHA2_256 cString = "SHA2-256\x00" -+) -+ -+// FIPS returns true if OpenSSL is running in FIPS mode and there is -+// a provider available that supports FIPS. It returns false otherwise. -+// All OpenSSL functions used in here should be tagged with "init_1" or "init_3" in shims.h. -+func FIPS() bool { -+ switch vMajor { -+ case 1: -+ return ossl.FIPS_mode() == 1 -+ case 3, 4: -+ // Check if the default properties contain `fips=1`. -+ if ossl.EVP_default_properties_is_fips_enabled(nil) != 1 { -+ // Note that it is still possible that the provider used by default is FIPS-compliant, -+ // but that wouldn't be a system or user requirement. -+ return false -+ } -+ // Check if the SHA-256 algorithm is available. If it is, then we can be sure that there is a provider available that matches -+ // the `fips=1` query. Most notably, this works for the common case of using the built-in FIPS provider. -+ // -+ // Note that this approach has a small chance of false negative if the FIPS provider doesn't provide the SHA-256 algorithm, -+ // but that is highly unlikely because SHA-256 is one of the most common algorithms and fundamental to many cryptographic operations. -+ // It also has a small chance of false positive if the FIPS provider implements the SHA-256 algorithm but not the other algorithms -+ // used by the caller application, but that is also unlikely because the FIPS provider should provide all common algorithms. -+ return proveSHA256("") -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+// FIPSCapable returns true if the provider used by default matches the `fips=yes` query. -+// It is useful for checking whether OpenSSL is capable of running in FIPS mode regardless -+// of whether FIPS mode is explicitly enabled. For example, Azure Linux 3 doesn't set the -+// `fips=yes` query in the default properties, but sets the default provider to be SCOSSL, -+// which is FIPS-capable. -+// -+// Considerations: -+// - Multiple calls to FIPSCapable can return different values if [SetFIPS] is called in between. -+// - Can return true even if [FIPS] returns false, because [FIPS] also checks whether -+// the default properties contain `fips=yes`. -+// - When using OpenSSL 3, will always return true if [FIPS] returns true. -+// - When using OpenSSL 1, will always return the same value as [FIPS]. -+// - OpenSSL 3 doesn't provide a way to know if a provider is FIPS-capable. This function uses -+// some heuristics that should be treated as an implementation detail that may change in the future. -+func FIPSCapable() bool { -+ if FIPS() { -+ return true -+ } -+ switch vMajor { -+ case 3, 4: -+ // Load the provider with and without the `fips=yes` query. -+ // If the providers are the same, then the default provider is FIPS-capable. -+ provFIPS := sha256Provider(_ProviderNameFips) -+ if provFIPS == nil { -+ return false -+ } -+ provDefault := sha256Provider("") -+ return provFIPS == provDefault -+ } -+ return false -+} -+ -+// SetFIPS enables or disables FIPS mode. -+// -+// For OpenSSL 3, if there is no provider available that supports FIPS mode, -+// SetFIPS will try to load a built-in provider that supports FIPS mode. -+func SetFIPS(enable bool) error { -+ if FIPS() == enable { -+ // Already in the desired state. -+ return nil -+ } -+ var mode int32 -+ if enable { -+ mode = int32(1) -+ } else { -+ mode = int32(0) -+ } -+ switch vMajor { -+ case 1: -+ if _, err := ossl.FIPS_mode_set(mode); err != nil { -+ return err -+ } -+ return nil -+ case 3, 4: -+ var shaProps, provName cString -+ if enable { -+ shaProps = _PropFIPSYes -+ provName = _ProviderNameFips -+ } else { -+ shaProps = _PropFIPSNo -+ provName = _ProviderNameDefault -+ } -+ if !proveSHA256(shaProps) { -+ // There is no provider available that supports the desired FIPS mode. -+ // Try to load the built-in provider associated with the given mode. -+ if p, _ := ossl.OSSL_PROVIDER_try_load(nil, provName.ptr(), 1); p == nil { -+ // The built-in provider was not loaded successfully, we can't enable FIPS mode. -+ return errors.New("openssl: FIPS mode not supported by any provider") -+ } -+ } -+ _, err := ossl.EVP_default_properties_enable_fips(nil, mode) -+ return err -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+// sha256Provider returns the provider for the SHA-256 algorithm -+// using the given properties. -+func sha256Provider(props cString) ossl.OSSL_PROVIDER_PTR { -+ md, _ := ossl.EVP_MD_fetch(nil, _DigestNameSHA2_256.ptr(), props.ptr()) -+ if md == nil { -+ return nil -+ } -+ defer ossl.EVP_MD_free(md) -+ return ossl.EVP_MD_get0_provider(md) -+} -+ -+// proveSHA256 checks if the SHA-256 algorithm is available -+// using the given properties. -+func proveSHA256(props cString) bool { -+ return sha256Provider(props) != nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init.go b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init.go -new file mode 100644 -index 00000000000000..a2e236bab9fddf ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init.go -@@ -0,0 +1,169 @@ -+//go:build !cmd_go_bootstrap -+ -+package osslsetup -+ -+import ( -+ "errors" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// osslHandle is the handle to the OpenSSL shared library loaded in the [Init] function. -+var osslHandle unsafe.Pointer -+ -+// opensslInit loads and initializes OpenSSL. -+// -+// See [Init] for details about file. -+func opensslInit(file string) error { -+ // Load the OpenSSL shared library using dlopen. -+ handle, close, err := openLibrary(file) -+ if err != nil { -+ return err -+ } -+ -+ ossl.MkcgoLoad_(handle) -+ if vMajor == 1 { -+ ossl.MkcgoLoad_legacy_1(handle) -+ } else { -+ ossl.MkcgoLoad_3(handle) -+ if vMajor > 3 || (vMajor == 3 && vMinor >= 3) { -+ ossl.MkcgoLoad_33(handle) -+ } -+ } -+ -+ // Initialize OpenSSL. -+ ossl.OPENSSL_init() -+ if _, err = ossl.OPENSSL_init_crypto( -+ ossl.OPENSSL_INIT_ADD_ALL_CIPHERS| -+ ossl.OPENSSL_INIT_ADD_ALL_DIGESTS| -+ ossl.OPENSSL_INIT_LOAD_CONFIG| -+ ossl.OPENSSL_INIT_LOAD_CRYPTO_STRINGS, -+ nil); err != nil { -+ close() -+ return err -+ } -+ osslHandle = handle -+ return nil -+} -+ -+// initForCheckVersion loads and initialize only the -+// functions required in [CheckVersion]. -+// It returns a close function that must be called to release the resources. -+// -+// This function modifies the vMajor, vMinor, and vPatch global variables as -+// well as other internal global variables that facilitate OpenSSL calls. -+// -+// If the function succeeds, calling the close function restores the previous -+// state of the global variables. If it fails, the global variables are restored -+// before returning. -+func initForCheckVersion(file string) (func(), error) { -+ prevMajor, prevMinor, prevPatch := vMajor, vMinor, vPatch -+ restoreVersion := func() { -+ vMajor, vMinor, vPatch = prevMajor, prevMinor, prevPatch -+ } -+ handle, close, err := openLibrary(file) -+ if err != nil { -+ restoreVersion() -+ return nil, err -+ } -+ initFuncs := func() (loadX func(unsafe.Pointer), unloadX func()) { -+ switch vMajor { -+ case 1: -+ loadX = ossl.MkcgoLoad_init_1 -+ unloadX = ossl.MkcgoUnload_init_1 -+ default: -+ if vMajor < 3 { -+ // openLibrary should have already rejected this. -+ panic(errUnsupportedVersion()) -+ } -+ // Any 3+ major uses the OpenSSL 3 init shim: 3+ guarantees -+ // ABI/API compatibility within the same major. -+ loadX = ossl.MkcgoLoad_init_3 -+ unloadX = ossl.MkcgoUnload_init_3 -+ } -+ return -+ } -+ loadX, unloadX := initFuncs() -+ loadX(handle) -+ return func() { -+ restoreVersion() -+ close() -+ unloadX() -+ if osslHandle != nil { -+ // If osslHandle is not nil, it means that the library was already loaded -+ // and initialized. In this case, we need to reload the functions from -+ // the original handle. -+ loadX, _ = initFuncs() -+ loadX(osslHandle) -+ } -+ }, nil -+} -+ -+// openLibrary loads and initialize the version of OpenSSL. -+// It returns the handle to the OpenSSL shared library -+// and a function that can be called to release the resources. -+func openLibrary(file string) (handle unsafe.Pointer, close func(), err error) { -+ vMajor, vMinor, vPatch = 0, 0, 0 -+ handle, err = dlopen(file) -+ if err != nil { -+ return nil, nil, err -+ } -+ // Retrieve the loaded OpenSSL version and check if it is supported. -+ // Notice that major and minor could not match with the version parameter -+ // in case the name of the shared library file differs from the OpenSSL -+ // version it contains. -+ ossl.MkcgoLoad_version(handle) -+ close = func() { -+ dlclose(handle) -+ if osslHandle == nil { -+ ossl.MkcgoUnload_version() -+ } else { -+ ossl.MkcgoLoad_version(osslHandle) -+ } -+ } -+ defer func() { -+ if err != nil { -+ close() -+ } -+ }() -+ -+ if ossl.OPENSSL_version_major_Available() && -+ ossl.OPENSSL_version_minor_Available() && -+ ossl.OPENSSL_version_patch_Available() { -+ // Likely OpenSSL 3 or later. -+ vMajor = int(ossl.OPENSSL_version_major()) -+ vMinor = int(ossl.OPENSSL_version_minor()) -+ vPatch = int(ossl.OPENSSL_version_patch()) -+ } else if ossl.OpenSSL_version_num_Available() { -+ // Likely OpenSSL 1. -+ ver := ossl.OpenSSL_version_num() -+ vMajor = int(ver >> 28) -+ vMinor = int(ver >> 20 & 0xFF) -+ vPatch = int(ver >> 12 & 0xFF) -+ } else { -+ return handle, nil, errors.New("openssl: version not available") -+ } -+ var supported bool -+ switch vMajor { -+ case 1: -+ supported = vMinor == 1 && vPatch >= 1 -+ default: -+ // 3+ guarantees ABI/API compatibility within the same major, -+ // so any tested major is supported. Untested 3+ majors require -+ // GODEBUG=ms_opensslallowuntested=1. -+ for _, m := range testedMajors { -+ if vMajor == m { -+ supported = true -+ break -+ } -+ } -+ if !supported && vMajor >= 3 && allowUntestedMajor() { -+ supported = true -+ } -+ } -+ if !supported { -+ return handle, nil, errUnsupportedVersion() -+ } -+ return handle, close, nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init_cgo_unix.go b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init_cgo_unix.go -new file mode 100644 -index 00000000000000..0e61cc128ef981 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init_cgo_unix.go -@@ -0,0 +1,31 @@ -+//go:build unix && !cmd_go_bootstrap -+ -+package osslsetup -+ -+// #cgo LDFLAGS: -ldl -+// #include -+// #include -+import "C" -+import ( -+ "errors" -+ "unsafe" -+) -+ -+func dlopen(file string) (handle unsafe.Pointer, err error) { -+ cv := C.CString(file) -+ defer C.free(unsafe.Pointer(cv)) -+ handle = C.dlopen(cv, C.RTLD_LAZY|C.RTLD_LOCAL) -+ if handle == nil { -+ errstr := C.GoString(C.dlerror()) -+ return nil, errors.New("openssl: can't load " + file + ": " + errstr) -+ } -+ return handle, nil -+} -+ -+func dlclose(handle unsafe.Pointer) error { -+ if C.dlclose(handle) != 0 { -+ errstr := C.GoString(C.dlerror()) -+ return errors.New("openssl: can't close libcrypto: " + errstr) -+ } -+ return nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init_nocgo_unix.go b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init_nocgo_unix.go -new file mode 100644 -index 00000000000000..2985d598579236 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init_nocgo_unix.go -@@ -0,0 +1,32 @@ -+//go:build unix && !cmd_go_bootstrap && !cgo && (go1.27 || !s390x) -+ -+package osslsetup -+ -+import ( -+ "errors" -+ "runtime" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+func dlopen(file string) (handle unsafe.Pointer, err error) { -+ const RTLD_LAZY = 1 -+ var RTLD_LOCAL = 0 -+ if runtime.GOOS == "darwin" { -+ RTLD_LOCAL = 4 // darwin uses 4 as RTLD_LOCAL -+ } -+ handle = ossl.Dlopen(unsafe.StringData(file+"\x00"), int32(RTLD_LAZY|RTLD_LOCAL)) -+ if handle == nil { -+ return nil, errors.New("openssl: can't load " + file + ": " + goString(ossl.Dlerror())) -+ } -+ return handle, nil -+} -+ -+func dlclose(handle unsafe.Pointer) error { -+ if ossl.Dlclose(handle) != 0 { -+ errstr := goString(ossl.Dlerror()) -+ return errors.New("openssl: can't close libcrypto: " + errstr) -+ } -+ return nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init_windows.go b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init_windows.go -new file mode 100644 -index 00000000000000..c4981aef84b42f ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/init_windows.go -@@ -0,0 +1,36 @@ -+//go:build !cmd_go_bootstrap -+ -+package osslsetup -+ -+import ( -+ "syscall" -+ "unsafe" -+) -+ -+type dlopenError struct { -+ file string -+ err error -+} -+ -+func (e *dlopenError) Error() string { -+ return "openssl: can't load " + e.file + ": " + e.err.Error() -+} -+ -+func (e *dlopenError) Unwrap() error { -+ return e.err -+} -+ -+func dlopen(file string) (handle unsafe.Pointer, err error) { -+ // As Windows generally does not ship with a system OpenSSL library, let -+ // alone a FIPS 140 certified one, use the default library search order so -+ // that we preferentially load the DLL bundled with the application. -+ h, err := syscall.LoadLibrary(file) -+ if err != nil { -+ return nil, &dlopenError{file: file, err: err} -+ } -+ return unsafe.Pointer(h), nil -+} -+ -+func dlclose(handle unsafe.Pointer) error { -+ return syscall.FreeLibrary(syscall.Handle(handle)) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup.go b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup.go -new file mode 100644 -index 00000000000000..cbf60ff9f1462c ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup.go -@@ -0,0 +1,108 @@ -+//go:build !cmd_go_bootstrap -+ -+package osslsetup -+ -+import ( -+ "errors" -+ "strconv" -+ "sync" -+ "syscall" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+var ( -+ vMajor, vMinor, vPatch int -+) -+ -+// testedMajors lists the OpenSSL major versions this backend has been -+// tested against. [openLibrary] rejects majors not in this list unless -+// GODEBUG=ms_opensslallowuntested=1 is set. OpenSSL 1 is supported only -+// at 1.1.1+; that minor/patch constraint is enforced separately in -+// [openLibrary]. -+var testedMajors = [...]int{1, 3, 4} -+ -+// allowUntestedMajor reports whether the user has set -+// GODEBUG=ms_opensslallowuntested=1. The "ms_" prefix marks this as a -+// Microsoft-defined GODEBUG so it will not collide with upstream Go. -+var allowUntestedMajor = sync.OnceValue(func() bool { -+ godebug, _ := syscall.Getenv("GODEBUG") -+ return godebugAllowUntested(godebug) -+}) -+ -+// godebugAllowUntested reports whether the comma-separated GODEBUG string -+// contains ms_opensslallowuntested=1. Matches internal/godebug parsing: -+// no whitespace trimming. -+func godebugAllowUntested(godebug string) bool { -+ const key = "ms_opensslallowuntested=1" -+ var start int = 0 -+ for i := 0; i <= len(godebug); i++ { -+ if i < len(godebug) && godebug[i] != ',' { -+ continue -+ } -+ if godebug[start:i] == key { -+ return true -+ } -+ start = i + 1 -+ } -+ return false -+} -+ -+func VersionMajor() int { -+ return vMajor -+} -+ -+func VersionMinor() int { -+ return vMinor -+} -+ -+func VersionPatch() int { -+ return vPatch -+} -+ -+func utoa(n int) string { -+ return strconv.FormatUint(uint64(n), 10) -+} -+ -+func errUnsupportedVersion() error { -+ return errors.New("openssl: unsupported OpenSSL version: " + utoa(vMajor) + "." + utoa(vMinor) + "." + utoa(vPatch) + " (minimum supported version is 1.1.1)") -+} -+ -+var ( -+ initOnce sync.Once -+ initErr error -+) -+ -+// Init loads and initializes OpenSSL from the shared library at path. -+// It must be called before any other OpenSSL call, except CheckVersion. -+// -+// Only the first call to Init is effective. -+// Subsequent calls will return the same error result as the one from the first call. -+// -+// The file is passed to dlopen() verbatim to load the OpenSSL shared library. -+// For example, `file=libcrypto.so.1.1.1k-fips` makes Init look for the shared -+// library libcrypto.so.1.1.1k-fips. -+func Init(file string) error { -+ initOnce.Do(func() { -+ initErr = opensslInit(file) -+ }) -+ return initErr -+} -+ -+// VersionText returns the version text of the OpenSSL currently loaded. -+func VersionText() string { -+ return goString(ossl.OpenSSL_version(0)) -+} -+ -+// CheckVersion checks if the OpenSSL version can be loaded -+// and if the FIPS mode is enabled. -+// This function can be called before Init. -+// All OpenSSL functions used in here should be tagged with "init_1" or "init_3" in shims.h. -+func CheckVersion(version string) (exists, fips bool) { -+ close, err := initForCheckVersion(version) -+ if err != nil { -+ return false, false -+ } -+ defer close() -+ return true, FIPS() -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup_cgo.go b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup_cgo.go -new file mode 100644 -index 00000000000000..810ccaa4fc3330 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup_cgo.go -@@ -0,0 +1,11 @@ -+//go:build !cmd_go_bootstrap -+ -+package osslsetup -+ -+import "C" -+import "unsafe" -+ -+// goString converts a C string pointer to a Go string for cgo mode -+func goString(ptr *byte) string { -+ return C.GoString((*C.char)(unsafe.Pointer(ptr))) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup_nocgo.go b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup_nocgo.go -new file mode 100644 -index 00000000000000..fd1cad5692a0bc ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/osslsetup/osslsetup_nocgo.go -@@ -0,0 +1,21 @@ -+//go:build !cgo -+ -+package osslsetup -+ -+import "unsafe" -+ -+// goString converts a C string pointer to a Go string for nocgo mode -+func goString(ptr *byte) string { -+ if ptr == nil { -+ return "" -+ } -+ var result []byte -+ for i := 0; ; i++ { -+ b := *(*byte)(unsafe.Pointer(uintptr(unsafe.Pointer(ptr)) + uintptr(i))) -+ if b == 0 { -+ break -+ } -+ result = append(result, b) -+ } -+ return string(result) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/params.go b/src/vendor/github.com/golang-fips/openssl/v2/params.go -new file mode 100644 -index 00000000000000..d8843d2afa94a8 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/params.go -@@ -0,0 +1,190 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "runtime" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+type addParamError struct { -+ name string -+ err error -+} -+ -+func (e addParamError) Error() string { -+ return "failed to add parameter " + e.name + ": " + e.err.Error() -+} -+ -+type bnParam struct { -+ value ossl.BIGNUM_PTR -+ private bool -+} -+ -+// paramBuilder is a helper for building OSSL_PARAMs. -+// If an error occurs when adding a new parameter, -+// subsequent calls to add parameters are ignored -+// and build() will return the error. -+type paramBuilder struct { -+ bld ossl.OSSL_PARAM_BLD_PTR -+ pinner runtime.Pinner -+ bnToFree []bnParam -+ -+ err error -+} -+ -+// newParamBuilder creates a new paramBuilder. -+// [paramBuilder.finalize] must be called to free the builder. -+func newParamBuilder() *paramBuilder { -+ bld := ossl.OSSL_PARAM_BLD_new() -+ if bld == nil { -+ // If this happens it indicates an issue allocating memory. -+ panic("openssl: failed to create OSSL_PARAM_BLD") -+ } -+ return ¶mBuilder{bld: bld} -+} -+ -+// finalize frees the builder. -+func (b *paramBuilder) finalize() { -+ if b.bld != nil { -+ b.pinner.Unpin() -+ for _, bn := range b.bnToFree { -+ if bn.private { -+ ossl.BN_clear_free(bn.value) -+ } else { -+ ossl.BN_free(bn.value) -+ } -+ } -+ ossl.OSSL_PARAM_BLD_free(b.bld) -+ b.bld = nil -+ } -+} -+ -+// check is used internally to enforce invariants and should not be called by users of paramBuilder. -+// Returns true if it's ok to add parameters to the builder or build it. -+// Returns false if there has been an error while adding a parameter. -+// Panics if the paramBuilder has been freed, e.g. if it has already been built. -+func (b *paramBuilder) check() bool { -+ if b.err != nil { -+ return false -+ } -+ if b.bld == nil { -+ panic("openssl: paramBuilder has been freed") -+ } -+ return true -+} -+ -+// build creates an OSSL_PARAM from the builder. -+// The returned OSSL_PARAM must be freed with OSSL_PARAM_free. -+// If an error occurred while adding parameters, the error is returned -+// and the OSSL_PARAM is nil. Once build() is called, the builder is finalized -+// and cannot be reused. -+func (b *paramBuilder) build() (ossl.OSSL_PARAM_PTR, error) { -+ defer b.finalize() -+ if !b.check() { -+ return nil, b.err -+ } -+ param, err := ossl.OSSL_PARAM_BLD_to_param(b.bld) -+ if err != nil { -+ return nil, err -+ } -+ return param, nil -+} -+ -+// addUTF8String adds a NUL-terminated UTF-8 string to the builder. -+// size should not include the terminating NUL byte. If size is zero, then it will be calculated. -+func (b *paramBuilder) addUTF8String(name cString, value *byte, size int) { -+ if !b.check() { -+ return -+ } -+ // OSSL_PARAM_BLD_push_utf8_string calculates the size if it is zero. -+ if size == 0 { -+ size = cStringLen(value) -+ } -+ if _, err := ossl.OSSL_PARAM_BLD_push_utf8_string(b.bld, name.ptr(), unsafe.Slice(value, size)); err != nil { -+ b.err = addParamError{name.str(), err} -+ } -+} -+ -+// addOctetString adds an octet string to the builder. -+// The value is pinned and will be unpinned when the builder is freed. -+func (b *paramBuilder) addOctetString(name cString, value []byte) { -+ if !b.check() { -+ return -+ } -+ if value == nil { -+ // Short-circuit a nil slice: don't pass anything at all to OpenSSL. -+ // OpenSSL 3.5.6 raises an error when passed null, and expects users -+ // to not call this function at all in this case. -+ // See https://github.com/openssl/openssl/issues/30728 -+ // -+ // Don't short-circuit empty slices, as they might have a meaning. -+ // For example, in KDFs an empty salt is different from a nil salt. -+ return -+ } -+ if len(value) != 0 { -+ b.pinner.Pin(&value[0]) -+ } -+ if _, err := ossl.OSSL_PARAM_BLD_push_octet_string(b.bld, name.ptr(), value); err != nil { -+ b.err = addParamError{name.str(), err} -+ } -+} -+ -+func cStringLen(ptr *byte) int { -+ if ptr == nil { -+ return 0 -+ } -+ for n := 0; ; n++ { -+ if *(*byte)(unsafe.Pointer(uintptr(unsafe.Pointer(ptr)) + uintptr(n))) == 0 { -+ return n -+ } -+ } -+} -+ -+// addInt32 adds an int32 to the builder. -+func (b *paramBuilder) addInt32(name cString, value int32) { -+ if !b.check() { -+ return -+ } -+ if _, err := ossl.OSSL_PARAM_BLD_push_int32(b.bld, name.ptr(), value); err != nil { -+ b.err = addParamError{name.str(), err} -+ } -+} -+ -+// addBN adds a GOossl.BIGNUM_PTR to the builder. -+func (b *paramBuilder) addBN(name cString, value ossl.BIGNUM_PTR) { -+ if !b.check() { -+ return -+ } -+ if _, err := ossl.OSSL_PARAM_BLD_push_BN(b.bld, name.ptr(), value); err != nil { -+ b.err = addParamError{name.str(), err} -+ } -+} -+ -+// addBigInt adds a BigInt to the builder. -+// The BigInt is converted using bigToBN to a BIGNUM that is freed when the builder is finalized. -+// If private is true, the BIGNUM will be cleared with BN_clear_free, -+// otherwise it will be freed with BN_free. -+func (b *paramBuilder) addBigInt(name cString, value BigInt, private bool) { -+ if !b.check() { -+ return -+ } -+ if len(value) == 0 { -+ // Nothing to do. -+ return -+ } -+ bn, err := bigToBN(value) -+ if err != nil { -+ b.err = err -+ return -+ } -+ if b.bnToFree == nil { -+ // Preallocate the slice to avoid growing it later, which would cause allocations and copies. -+ // The maximum known number of BIGNUMs to free are 8 for RSA, so we use that as the capacity. -+ b.bnToFree = make([]bnParam, 0, 8) -+ } -+ b.bnToFree = append(b.bnToFree, bnParam{bn, private}) -+ b.addBN(name, bn) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go b/src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go -new file mode 100644 -index 00000000000000..2e34d4d95f0733 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go -@@ -0,0 +1,54 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "errors" -+ "hash" -+ "sync" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// SupportsPBKDF2 reports whether the current OpenSSL version supports PBKDF2. -+func SupportsPBKDF2() bool { -+ switch major() { -+ case 1: -+ return true -+ case 3, 4: -+ _, err := fetchPBKDF2() -+ return err == nil -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+// fetchPBKDF2 fetches the PBKDF2 algorithm. -+// It is safe to call this function concurrently. -+// The returned EVP_KDF_PTR shouldn't be freed. -+var fetchPBKDF2 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { -+ checkMajorVersion(3, 4) -+ -+ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_PBKDF2.ptr(), nil) -+ if err != nil { -+ return nil, err -+ } -+ return kdf, nil -+}) -+ -+func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { -+ h, err := hashFuncHash(fh) -+ if err != nil { -+ return nil, err -+ } -+ md := hashToMD(h) -+ if md == nil { -+ return nil, errors.New("unsupported hash function") -+ } -+ out := make([]byte, keyLen) -+ _, err = ossl.PKCS5_PBKDF2_HMAC(password, salt, int32(iter), md, out) -+ if err != nil { -+ return nil, err -+ } -+ return out, nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/provideropenssl.go b/src/vendor/github.com/golang-fips/openssl/v2/provideropenssl.go -new file mode 100644 -index 00000000000000..7709a5005a8cc0 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/provideropenssl.go -@@ -0,0 +1,249 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "crypto" -+ "errors" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// This file contains code specific to the built-in OpenSSL providers. -+ -+// _OSSL_MD5_CTX layout is taken from -+// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/md5.h#L33. -+type _OSSL_MD5_CTX struct { -+ h [4]uint32 -+ nl, nh uint32 -+ x [64]byte -+ nx uint32 -+} -+ -+func (d *_OSSL_MD5_CTX) UnmarshalBinary(b []byte) error { -+ b, d.h[0] = consumeUint32(b) -+ b, d.h[1] = consumeUint32(b) -+ b, d.h[2] = consumeUint32(b) -+ b, d.h[3] = consumeUint32(b) -+ b = b[copy(d.x[:], b):] -+ _, n := consumeUint64(b) -+ d.nl = uint32(n << 3) -+ d.nh = uint32(n >> 29) -+ d.nx = uint32(n) % 64 -+ return nil -+} -+ -+func (d *_OSSL_MD5_CTX) AppendBinary(buf []byte) ([]byte, error) { -+ buf = appendUint32(buf, d.h[0]) -+ buf = appendUint32(buf, d.h[1]) -+ buf = appendUint32(buf, d.h[2]) -+ buf = appendUint32(buf, d.h[3]) -+ buf = append(buf, d.x[:d.nx]...) -+ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) -+ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) -+ return buf, nil -+} -+ -+// _OSSL_SHA_CTX layout is taken from -+// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L34. -+type _OSSL_SHA_CTX struct { -+ h [5]uint32 -+ nl, nh uint32 -+ x [64]byte -+ nx uint32 -+} -+ -+func (d *_OSSL_SHA_CTX) UnmarshalBinary(b []byte) error { -+ b, d.h[0] = consumeUint32(b) -+ b, d.h[1] = consumeUint32(b) -+ b, d.h[2] = consumeUint32(b) -+ b, d.h[3] = consumeUint32(b) -+ b, d.h[4] = consumeUint32(b) -+ b = b[copy(d.x[:], b):] -+ _, n := consumeUint64(b) -+ d.nl = uint32(n << 3) -+ d.nh = uint32(n >> 29) -+ d.nx = uint32(n) % 64 -+ return nil -+} -+ -+func (d *_OSSL_SHA_CTX) AppendBinary(buf []byte) ([]byte, error) { -+ buf = appendUint32(buf, d.h[0]) -+ buf = appendUint32(buf, d.h[1]) -+ buf = appendUint32(buf, d.h[2]) -+ buf = appendUint32(buf, d.h[3]) -+ buf = appendUint32(buf, d.h[4]) -+ buf = append(buf, d.x[:d.nx]...) -+ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) -+ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) -+ return buf, nil -+} -+ -+// _OSSL_SHA256_CTX layout is taken from -+// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L51. -+type _OSSL_SHA256_CTX struct { -+ h [8]uint32 -+ nl, nh uint32 -+ x [64]byte -+ nx uint32 -+} -+ -+func (d *_OSSL_SHA256_CTX) UnmarshalBinary(b []byte) error { -+ b, d.h[0] = consumeUint32(b) -+ b, d.h[1] = consumeUint32(b) -+ b, d.h[2] = consumeUint32(b) -+ b, d.h[3] = consumeUint32(b) -+ b, d.h[4] = consumeUint32(b) -+ b, d.h[5] = consumeUint32(b) -+ b, d.h[6] = consumeUint32(b) -+ b, d.h[7] = consumeUint32(b) -+ b = b[copy(d.x[:], b):] -+ _, n := consumeUint64(b) -+ d.nl = uint32(n << 3) -+ d.nh = uint32(n >> 29) -+ d.nx = uint32(n) % 64 -+ return nil -+} -+ -+func (d *_OSSL_SHA256_CTX) AppendBinary(buf []byte) ([]byte, error) { -+ buf = appendUint32(buf, d.h[0]) -+ buf = appendUint32(buf, d.h[1]) -+ buf = appendUint32(buf, d.h[2]) -+ buf = appendUint32(buf, d.h[3]) -+ buf = appendUint32(buf, d.h[4]) -+ buf = appendUint32(buf, d.h[5]) -+ buf = appendUint32(buf, d.h[6]) -+ buf = appendUint32(buf, d.h[7]) -+ buf = append(buf, d.x[:d.nx]...) -+ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) -+ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) -+ return buf, nil -+} -+ -+// _OSSL_SHA512_CTX layout is taken from -+// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L95. -+type _OSSL_SHA512_CTX struct { -+ h [8]uint64 -+ nl, nh uint64 -+ x [128]byte -+ nx uint32 -+} -+ -+func (d *_OSSL_SHA512_CTX) UnmarshalBinary(b []byte) error { -+ b, d.h[0] = consumeUint64(b) -+ b, d.h[1] = consumeUint64(b) -+ b, d.h[2] = consumeUint64(b) -+ b, d.h[3] = consumeUint64(b) -+ b, d.h[4] = consumeUint64(b) -+ b, d.h[5] = consumeUint64(b) -+ b, d.h[6] = consumeUint64(b) -+ b, d.h[7] = consumeUint64(b) -+ b = b[copy(d.x[:], b):] -+ _, n := consumeUint64(b) -+ d.nl = n << 3 -+ d.nh = n >> 61 -+ d.nx = uint32(n) % 128 -+ return nil -+} -+ -+func (d *_OSSL_SHA512_CTX) AppendBinary(buf []byte) ([]byte, error) { -+ buf = appendUint64(buf, d.h[0]) -+ buf = appendUint64(buf, d.h[1]) -+ buf = appendUint64(buf, d.h[2]) -+ buf = appendUint64(buf, d.h[3]) -+ buf = appendUint64(buf, d.h[4]) -+ buf = appendUint64(buf, d.h[5]) -+ buf = appendUint64(buf, d.h[6]) -+ buf = appendUint64(buf, d.h[7]) -+ buf = append(buf, d.x[:d.nx]...) -+ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) -+ buf = appendUint64(buf, d.nl>>3|d.nh<<61) -+ return buf, nil -+} -+ -+func getOSSLDigetsContext(ctx ossl.EVP_MD_CTX_PTR) unsafe.Pointer { -+ switch major() { -+ case 1: -+ // https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/crypto/evp/evp_local.h#L12. -+ type mdCtx struct { -+ _ [2]unsafe.Pointer -+ _ uint32 -+ md_data unsafe.Pointer -+ } -+ return (*mdCtx)(unsafe.Pointer(ctx)).md_data -+ case 3: -+ // The EVP_MD_CTX memory layout has changed in OpenSSL 3 -+ // and the property holding the internal structure is no longer md_data but algctx. -+ // https://github.com/openssl/openssl/blob/5675a5aaf6a2e489022bcfc18330dae9263e598e/crypto/evp/evp_local.h#L16. -+ type mdCtx struct { -+ _ [3]unsafe.Pointer -+ _ uint32 -+ _ [3]unsafe.Pointer -+ algctx unsafe.Pointer -+ } -+ return (*mdCtx)(unsafe.Pointer(ctx)).algctx -+ case 4: -+ // OpenSSL 4 removed the ENGINE, md_data, and update fields from EVP_MD_CTX. -+ // https://github.com/openssl/openssl/blob/openssl-4.0.0-alpha1/crypto/evp/evp_local.h -+ type mdCtx struct { -+ _ [2]unsafe.Pointer // reqdigest, digest -+ _ uint32 // flags -+ _ unsafe.Pointer // pctx -+ algctx unsafe.Pointer -+ } -+ return (*mdCtx)(unsafe.Pointer(ctx)).algctx -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+var errHashStateInvalid = errors.New("openssl: can't retrieve hash state") -+ -+func osslHashAppendBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, buf []byte) ([]byte, error) { -+ algctx := getOSSLDigetsContext(ctx) -+ if algctx == nil { -+ return nil, errHashStateInvalid -+ } -+ buf = append(buf, magic...) -+ switch ch { -+ case crypto.MD5: -+ d := (*_OSSL_MD5_CTX)(unsafe.Pointer(algctx)) -+ return d.AppendBinary(buf) -+ case crypto.SHA1: -+ d := (*_OSSL_SHA_CTX)(unsafe.Pointer(algctx)) -+ return d.AppendBinary(buf) -+ case crypto.SHA224, crypto.SHA256: -+ d := (*_OSSL_SHA256_CTX)(unsafe.Pointer(algctx)) -+ return d.AppendBinary(buf) -+ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: -+ d := (*_OSSL_SHA512_CTX)(unsafe.Pointer(algctx)) -+ return d.AppendBinary(buf) -+ default: -+ panic("unsupported hash " + ch.String()) -+ } -+} -+ -+func osslHashUnmarshalBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, b []byte) error { -+ algctx := getOSSLDigetsContext(ctx) -+ if algctx == nil { -+ return errHashStateInvalid -+ } -+ b = b[len(magic):] -+ switch ch { -+ case crypto.MD5: -+ d := (*_OSSL_MD5_CTX)(unsafe.Pointer(algctx)) -+ return d.UnmarshalBinary(b) -+ case crypto.SHA1: -+ d := (*_OSSL_SHA_CTX)(unsafe.Pointer(algctx)) -+ return d.UnmarshalBinary(b) -+ case crypto.SHA224, crypto.SHA256: -+ d := (*_OSSL_SHA256_CTX)(unsafe.Pointer(algctx)) -+ return d.UnmarshalBinary(b) -+ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: -+ d := (*_OSSL_SHA512_CTX)(unsafe.Pointer(algctx)) -+ return d.UnmarshalBinary(b) -+ default: -+ panic("unsupported hash " + ch.String()) -+ } -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/providersymcrypt.go b/src/vendor/github.com/golang-fips/openssl/v2/providersymcrypt.go -new file mode 100644 -index 00000000000000..bdba34f1378e9c ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/providersymcrypt.go -@@ -0,0 +1,330 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "crypto" -+ "errors" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// This file contains code specific to the SymCrypt provider. -+ -+const ( -+ _SCOSSL_DIGEST_PARAM_STATE cString = "state\x00" -+ _SCOSSL_DIGEST_PARAM_RECOMPUTE_CHECKSUM cString = "recompute_checksum\x00" -+) -+ -+const ( -+ _SYMCRYPT_BLOB_MAGIC = 0x636D7973 // "cysm" in little-endian -+ -+ _SymCryptBlobTypeHashState = 0x100 -+ _SymCryptBlobTypeMd2State = _SymCryptBlobTypeHashState + 1 -+ _SymCryptBlobTypeMd4State = _SymCryptBlobTypeHashState + 2 -+ _SymCryptBlobTypeMd5State = _SymCryptBlobTypeHashState + 3 -+ _SymCryptBlobTypeSha1State = _SymCryptBlobTypeHashState + 4 -+ _SymCryptBlobTypeSha256State = _SymCryptBlobTypeHashState + 5 -+ _SymCryptBlobTypeSha384State = _SymCryptBlobTypeHashState + 6 -+ _SymCryptBlobTypeSha512State = _SymCryptBlobTypeHashState + 7 -+ _SymCryptBlobTypeSha3_256State = _SymCryptBlobTypeHashState + 8 -+ _SymCryptBlobTypeSha3_384State = _SymCryptBlobTypeHashState + 9 -+ _SymCryptBlobTypeSha3_512State = _SymCryptBlobTypeHashState + 10 -+ _SymCryptBlobTypeSha224State = _SymCryptBlobTypeHashState + 11 -+ _SymCryptBlobTypeSha512_224State = _SymCryptBlobTypeHashState + 12 -+ _SymCryptBlobTypeSha512_256State = _SymCryptBlobTypeHashState + 13 -+ _SymCryptBlobTypeSha3_224State = _SymCryptBlobTypeHashState + 14 -+ -+ _SYMCRYPT_MD5_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_MD5_STATE_EXPORT_BLOB{})) -+ _SYMCRYPT_SHA1_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_SHA1_STATE_EXPORT_BLOB{})) -+ _SYMCRYPT_SHA256_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_SHA256_STATE_EXPORT_BLOB{})) -+ _SYMCRYPT_SHA512_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_SHA512_STATE_EXPORT_BLOB{})) -+) -+ -+type _SYMCRYPT_BLOB_HEADER struct { -+ magic uint32 -+ size uint32 -+ _type uint32 -+} -+ -+type _SYMCRYPT_BLOB_TRAILER struct { -+ checksum [8]uint8 -+} -+ -+// _UINT64 is a 64-bit unsigned integer, stored in native endianess. -+// It is used to represent a SymCrypt UINT64 type without making the -+// parent struct 8-byte aligned, given that the Windows ABI makes -+// the struct 4-byte aligned. -+type _UINT64 [2]uint32 -+ -+func newUINT64(v uint64) _UINT64 { -+ var u _UINT64 -+ if isBigEndian() { -+ u[0], u[1] = uint32(v>>32), uint32(v) -+ } else { -+ u[0], u[1] = uint32(v), uint32(v>>32) -+ } -+ return u -+} -+ -+func (u *_UINT64) uint64() uint64 { -+ if isBigEndian() { -+ return uint64(u[0])<<32 | (uint64(u[1])) -+ } -+ return uint64(u[0]) | (uint64(u[1]) << 32) -+} -+ -+// symCryptAppendBinary appends the binary representation of a SymCrypt state -+// to the given destination slice. -+func symCryptAppendBinary(dst, chain, buffer []byte, blength _UINT64) []byte { -+ length := blength.uint64() -+ var nx uint64 -+ if len(buffer) <= 64 { -+ nx = length & 0x3f -+ } else { -+ nx = length & 0x7f -+ } -+ dst = append(dst, chain...) -+ dst = append(dst, buffer[:nx]...) -+ dst = append(dst, make([]byte, len(buffer)-int(nx))...) -+ dst = appendUint64(dst, length) -+ return dst -+} -+ -+// symCryptUnmarshalBinary unmarshals the binary representation of a SymCrypt state -+// from the given source slice. It returns the length of the data. -+func symCryptUnmarshalBinary(d []byte, chain, buffer []byte) _UINT64 { -+ copy(chain[:], d) -+ d = d[len(chain):] -+ copy(buffer[:], d) -+ d = d[len(buffer):] -+ _, length := consumeUint64(d) -+ return newUINT64(length) -+} -+ -+// swapEndianessUint32 swaps the endianness of the given byte slice -+// in place. It assumes the slice is a backup of a 32-bit integer array. -+func swapEndianessUint32(d []uint8) { -+ for i := 0; i < len(d); i += 4 { -+ d[i], d[i+3] = d[i+3], d[i] -+ d[i+1], d[i+2] = d[i+2], d[i+1] -+ } -+ -+} -+ -+type _SYMCRYPT_MD5_STATE_EXPORT_BLOB struct { -+ header _SYMCRYPT_BLOB_HEADER -+ chain [16]uint8 // little endian -+ length _UINT64 // native endian -+ buffer [64]uint8 -+ _ [8]uint8 // reserved -+ _ _SYMCRYPT_BLOB_TRAILER -+} -+ -+func (b *_SYMCRYPT_MD5_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { -+ // b.chain is little endian, but Go expects big endian, -+ // we need to swap the bytes. -+ swapEndianessUint32(b.chain[:]) -+ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.length), nil -+} -+ -+func (b *_SYMCRYPT_MD5_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { -+ b.length = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) -+ swapEndianessUint32(b.chain[:]) -+} -+ -+type _SYMCRYPT_SHA1_STATE_EXPORT_BLOB struct { -+ header _SYMCRYPT_BLOB_HEADER -+ chain [20]uint8 // big endian -+ length _UINT64 // native endian -+ buffer [64]uint8 -+ _ [8]uint8 // reserved -+ _ _SYMCRYPT_BLOB_TRAILER -+} -+ -+func (b *_SYMCRYPT_SHA1_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { -+ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.length), nil -+} -+ -+func (b *_SYMCRYPT_SHA1_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { -+ b.length = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) -+} -+ -+type _SYMCRYPT_SHA256_STATE_EXPORT_BLOB struct { -+ header _SYMCRYPT_BLOB_HEADER -+ chain [32]uint8 // big endian -+ length _UINT64 // native endian -+ buffer [64]uint8 -+ _ [8]uint8 // reserved -+ _ _SYMCRYPT_BLOB_TRAILER -+} -+ -+func (b *_SYMCRYPT_SHA256_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { -+ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.length), nil -+} -+ -+func (b *_SYMCRYPT_SHA256_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { -+ b.length = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) -+} -+ -+type _SYMCRYPT_SHA512_STATE_EXPORT_BLOB struct { -+ header _SYMCRYPT_BLOB_HEADER -+ chain [64]uint8 // big endian -+ lengthL _UINT64 // native endian -+ lengthH _UINT64 // native endian -+ buffer [128]uint8 -+ _ [8]uint8 // reserved -+ _ _SYMCRYPT_BLOB_TRAILER -+} -+ -+func (b *_SYMCRYPT_SHA512_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { -+ if b.lengthH.uint64() != 0 { -+ return nil, errors.New("exporting state with more than 2^63-1 bytes of data is not supported") -+ } -+ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.lengthL), nil -+} -+ -+func (b *_SYMCRYPT_SHA512_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { -+ b.lengthL = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) -+} -+ -+func symCryptHashAppendBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, buf []byte) ([]byte, error) { -+ size, typ := symCryptHashStateInfo(ch) -+ state := make([]byte, size, _SYMCRYPT_SHA512_STATE_EXPORT_SIZE) // 512 is the largest size -+ params := [2]ossl.OSSL_PARAM{ -+ ossl.OSSL_PARAM_construct_octet_string(_SCOSSL_DIGEST_PARAM_STATE.ptr(), unsafe.Pointer(&state[0]), len(state)), -+ ossl.OSSL_PARAM_construct_end(), -+ } -+ if _, err := ossl.EVP_MD_CTX_get_params(ctx, (ossl.OSSL_PARAM_PTR)(unsafe.Pointer(¶ms[0]))); err != nil { -+ return nil, err -+ } -+ if !ossl.OSSL_PARAM_modified(¶ms[0]) { -+ return nil, errors.New("EVP_MD_CTX_get_params did not retrieve the state") -+ } -+ -+ header := (*_SYMCRYPT_BLOB_HEADER)(unsafe.Pointer(&state[0])) -+ if header.magic != _SYMCRYPT_BLOB_MAGIC { -+ return nil, errors.New("invalid blob magic") -+ } -+ if header.size != size { -+ return nil, errors.New("invalid blob size") -+ } -+ if header._type != typ { -+ return nil, errors.New("invalid blob type") -+ } -+ -+ buf = append(buf, magic...) -+ switch ch { -+ case crypto.MD5: -+ blob := (*_SYMCRYPT_MD5_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) -+ return blob.appendBinary(buf) -+ case crypto.SHA1: -+ blob := (*_SYMCRYPT_SHA1_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) -+ return blob.appendBinary(buf) -+ case crypto.SHA224, crypto.SHA256: -+ blob := (*_SYMCRYPT_SHA256_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) -+ return blob.appendBinary(buf) -+ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: -+ blob := (*_SYMCRYPT_SHA512_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) -+ return blob.appendBinary(buf) -+ default: -+ panic("unsupported hash " + ch.String()) -+ } -+} -+ -+func symCryptHashUnmarshalBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, b []byte) error { -+ size, typ := symCryptHashStateInfo(ch) -+ hdr := _SYMCRYPT_BLOB_HEADER{ -+ magic: _SYMCRYPT_BLOB_MAGIC, -+ size: size, -+ _type: typ, -+ } -+ var blobPtr unsafe.Pointer -+ b = b[len(magic):] -+ switch ch { -+ case crypto.MD5: -+ var blob _SYMCRYPT_MD5_STATE_EXPORT_BLOB -+ blobPtr = unsafe.Pointer(&blob) -+ blob.header = hdr -+ blob.unmarshalBinary(b) -+ case crypto.SHA1: -+ var blob _SYMCRYPT_SHA1_STATE_EXPORT_BLOB -+ blobPtr = unsafe.Pointer(&blob) -+ blob.header = hdr -+ blob.unmarshalBinary(b) -+ case crypto.SHA224, crypto.SHA256: -+ var blob _SYMCRYPT_SHA256_STATE_EXPORT_BLOB -+ blobPtr = unsafe.Pointer(&blob) -+ blob.header = hdr -+ blob.unmarshalBinary(b) -+ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: -+ var blob _SYMCRYPT_SHA512_STATE_EXPORT_BLOB -+ blobPtr = unsafe.Pointer(&blob) -+ blob.header = hdr -+ blob.unmarshalBinary(b) -+ default: -+ panic("unsupported hash " + ch.String()) -+ } -+ var checksum int32 = 1 -+ params := [3]ossl.OSSL_PARAM{ -+ ossl.OSSL_PARAM_construct_octet_string(_SCOSSL_DIGEST_PARAM_STATE.ptr(), blobPtr, int(hdr.size)), -+ ossl.OSSL_PARAM_construct_int32(_SCOSSL_DIGEST_PARAM_RECOMPUTE_CHECKSUM.ptr(), &checksum), -+ ossl.OSSL_PARAM_construct_end(), -+ } -+ _, err := ossl.EVP_MD_CTX_set_params(ctx, (ossl.OSSL_PARAM_PTR)(unsafe.Pointer(¶ms[0]))) -+ return err -+} -+ -+func symCryptHashStateInfo(ch crypto.Hash) (size, typ uint32) { -+ switch ch { -+ case crypto.MD5: -+ return _SYMCRYPT_MD5_STATE_EXPORT_SIZE, _SymCryptBlobTypeMd5State -+ case crypto.SHA1: -+ return _SYMCRYPT_SHA1_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha1State -+ case crypto.SHA224: -+ return _SYMCRYPT_SHA256_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha224State -+ case crypto.SHA256: -+ return _SYMCRYPT_SHA256_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha256State -+ case crypto.SHA384: -+ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha384State -+ case crypto.SHA512_224: -+ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha512_224State -+ case crypto.SHA512_256: -+ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha512_256State -+ case crypto.SHA512: -+ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha512State -+ default: -+ panic("unsupported hash " + ch.String()) -+ } -+} -+ -+// isSymCryptHashStateSerializable checks if the SymCrypt hash state is serializable. -+func isSymCryptHashStateSerializable(md ossl.EVP_MD_PTR) bool { -+ ctx, err := ossl.EVP_MD_CTX_new() -+ if err != nil { -+ return false -+ } -+ defer ossl.EVP_MD_CTX_free(ctx) -+ if _, err := ossl.EVP_DigestInit_ex(ctx, md, nil); err != nil { -+ return false -+ } -+ params, err := ossl.EVP_MD_CTX_gettable_params(ctx) -+ if err != nil { -+ return false -+ } -+ if _, err = ossl.OSSL_PARAM_locate_const(params, _SCOSSL_DIGEST_PARAM_STATE.ptr()); err != nil { -+ return false -+ } -+ params, err = ossl.EVP_MD_CTX_settable_params(ctx) -+ if err != nil { -+ return false -+ } -+ if _, err = ossl.OSSL_PARAM_locate_const(params, _SCOSSL_DIGEST_PARAM_STATE.ptr()); err != nil { -+ return false -+ } -+ if _, err = ossl.OSSL_PARAM_locate_const(params, _SCOSSL_DIGEST_PARAM_RECOMPUTE_CHECKSUM.ptr()); err != nil { -+ return false -+ } -+ return true -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/rand.go b/src/vendor/github.com/golang-fips/openssl/v2/rand.go -new file mode 100644 -index 00000000000000..963c3ad733dcf0 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/rand.go -@@ -0,0 +1,21 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "github.com/golang-fips/openssl/v2/internal/ossl" -+ -+type randReader int -+ -+func (randReader) Read(b []byte) (int, error) { -+ if len(b) == 0 { -+ return 0, nil -+ } -+ // Note: RAND_bytes should never fail; the return value exists only for historical reasons. -+ // We check it even so. -+ if _, err := ossl.RAND_bytes(b); err != nil { -+ return 0, err -+ } -+ return len(b), nil -+} -+ -+const RandReader = randReader(0) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/rc4.go b/src/vendor/github.com/golang-fips/openssl/v2/rc4.go -new file mode 100644 -index 00000000000000..390336bfbafcf6 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/rc4.go -@@ -0,0 +1,74 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "runtime" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+// SupportsRC4 returns true if NewRC4Cipher is supported. -+func SupportsRC4() bool { -+ switch major() { -+ case 1: -+ // RC4 is not part of the OpenSSL 1.x FIPS module. -+ return !FIPS() && loadCipher(cipherRC4, cipherModeNone) != nil -+ default: -+ // On OpenSSL 3+ availability is decided by the algorithm probe: -+ // EVP_CIPHER_fetch returns nil unless the legacy provider is loaded. -+ return loadCipher(cipherRC4, cipherModeNone) != nil -+ } -+} -+ -+// A RC4Cipher is an instance of RC4 using a particular key. -+type RC4Cipher struct { -+ ctx ossl.EVP_CIPHER_CTX_PTR -+} -+ -+// NewRC4Cipher creates and returns a new Cipher. -+func NewRC4Cipher(key []byte) (*RC4Cipher, error) { -+ ctx, err := newCipherCtx(cipherRC4, cipherModeNone, cipherOpEncrypt, key, nil) -+ if err != nil { -+ return nil, err -+ } -+ c := &RC4Cipher{ctx} -+ runtime.SetFinalizer(c, (*RC4Cipher).finalize) -+ return c, nil -+} -+ -+func (c *RC4Cipher) finalize() { -+ if c.ctx != nil { -+ ossl.EVP_CIPHER_CTX_free(c.ctx) -+ } -+} -+ -+// Reset zeros the key data and makes the Cipher unusable. -+func (c *RC4Cipher) Reset() { -+ if c.ctx != nil { -+ ossl.EVP_CIPHER_CTX_free(c.ctx) -+ c.ctx = nil -+ } -+} -+ -+// XORKeyStream sets dst to the result of XORing src with the key stream. -+// Dst and src must overlap entirely or not at all. -+func (c *RC4Cipher) XORKeyStream(dst, src []byte) { -+ if c.ctx == nil || len(src) == 0 { -+ return -+ } -+ if inexactOverlap(dst[:len(src)], src) { -+ panic("crypto/rc4: invalid buffer overlap") -+ } -+ // panic if len(dst) < len(src) with a runtime out of bound error, -+ // which is what crypto/rc4 does. -+ _ = dst[len(src)-1] -+ var outLen int32 -+ if _, err := ossl.EVP_EncryptUpdate(c.ctx, dst, &outLen, src); err != nil { -+ panic("crypto/rc4: " + err.Error()) -+ } -+ if int(outLen) != len(src) { -+ panic("crypto/rc4: src not fully XORed") -+ } -+ runtime.KeepAlive(c) -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/rsa.go b/src/vendor/github.com/golang-fips/openssl/v2/rsa.go -new file mode 100644 -index 00000000000000..2e0fa35a3c63f7 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/rsa.go -@@ -0,0 +1,711 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "crypto" -+ "crypto/subtle" -+ "errors" -+ "hash" -+ "runtime" -+ "sync" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { -+ bad := func(e error) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { -+ return nil, nil, nil, nil, nil, nil, nil, nil, e -+ } -+ pkey, err := generateEVPPKey(ossl.EVP_PKEY_RSA, int32(bits), "") -+ if err != nil { -+ return bad(err) -+ } -+ defer ossl.EVP_PKEY_free(pkey) -+ switch major() { -+ case 1: -+ key, err := ossl.EVP_PKEY_get1_RSA(pkey) -+ if err != nil { -+ return bad(err) -+ } -+ defer ossl.RSA_free(key) -+ var n, e, d, p, q, dmp1, dmq1, iqmp ossl.BIGNUM_PTR -+ ossl.RSA_get0_key(key, &n, &e, &d) -+ ossl.RSA_get0_factors(key, &p, &q) -+ ossl.RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp) -+ N, E, D = bnToBig(n), bnToBig(e), bnToBig(d) -+ P, Q = bnToBig(p), bnToBig(q) -+ Dp, Dq, Qinv = bnToBig(dmp1), bnToBig(dmq1), bnToBig(iqmp) -+ case 3, 4: -+ tmp, err := ossl.BN_new() -+ if err != nil { -+ return bad(err) -+ } -+ defer func() { -+ ossl.BN_clear_free(tmp) -+ }() -+ setBigInt := func(bi *BigInt, param cString) bool { -+ if err != nil { -+ return false -+ } -+ if _, err = ossl.EVP_PKEY_get_bn_param(pkey, param.ptr(), &tmp); err != nil { -+ return false -+ } -+ *bi = bnToBig(tmp) -+ ossl.BN_clear(tmp) -+ return true -+ } -+ if !(setBigInt(&N, _OSSL_PKEY_PARAM_RSA_N) && -+ setBigInt(&E, _OSSL_PKEY_PARAM_RSA_E) && -+ setBigInt(&D, _OSSL_PKEY_PARAM_RSA_D) && -+ setBigInt(&P, _OSSL_PKEY_PARAM_RSA_FACTOR1) && -+ setBigInt(&Q, _OSSL_PKEY_PARAM_RSA_FACTOR2) && -+ setBigInt(&Dp, _OSSL_PKEY_PARAM_RSA_EXPONENT1) && -+ setBigInt(&Dq, _OSSL_PKEY_PARAM_RSA_EXPONENT2) && -+ setBigInt(&Qinv, _OSSL_PKEY_PARAM_RSA_COEFFICIENT1)) { -+ return bad(err) -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ return -+} -+ -+type PublicKeyRSA struct { -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func NewPublicKeyRSA(n, e BigInt) (*PublicKeyRSA, error) { -+ var pkey ossl.EVP_PKEY_PTR -+ switch major() { -+ case 1: -+ key, err := ossl.RSA_new() -+ if err != nil { -+ return nil, err -+ } -+ // No need to check for errors here, RSA_set0_* functions will fail -+ // if the BNs are NULL and we will free non-NULL BNs in the error handling. -+ bn, _ := bigToBN(n) -+ be, _ := bigToBN(e) -+ if _, err := ossl.RSA_set0_key(key, bn, be, nil); err != nil { -+ ossl.BN_free(bn) -+ ossl.BN_free(be) -+ ossl.RSA_free(key) -+ return nil, err -+ } -+ pkey, err = ossl.EVP_PKEY_new() -+ if err != nil { -+ ossl.RSA_free(key) -+ return nil, err -+ } -+ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_RSA, (unsafe.Pointer)(key)); err != nil { -+ ossl.RSA_free(key) -+ ossl.EVP_PKEY_free(pkey) -+ return nil, err -+ } -+ case 3, 4: -+ var err error -+ if pkey, err = newRSAKey3(false, n, e, nil, nil, nil, nil, nil, nil); err != nil { -+ return nil, err -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ k := &PublicKeyRSA{_pkey: pkey} -+ runtime.SetFinalizer(k, (*PublicKeyRSA).finalize) -+ return k, nil -+} -+ -+func (k *PublicKeyRSA) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PublicKeyRSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { -+ // Because of the finalizer, any time _pkey is passed to cgo, that call must -+ // be followed by a call to runtime.KeepAlive, to make sure k is not -+ // collected (and finalized) before the cgo call returns. -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} -+ -+type PrivateKeyRSA struct { -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey ossl.EVP_PKEY_PTR -+} -+ -+func NewPrivateKeyRSA(n, e, d, p, q, dp, dq, qinv BigInt) (*PrivateKeyRSA, error) { -+ var pkey ossl.EVP_PKEY_PTR -+ switch major() { -+ case 1: -+ key, err := ossl.RSA_new() -+ if err != nil { -+ return nil, err -+ } -+ // No need to check for errors here, RSA_set0_* functions will fail -+ // if the BNs are NULL and we will free non-NULL BNs in the error handling. -+ bn, _ := bigToBN(n) -+ be, _ := bigToBN(e) -+ bd, _ := bigToBN(d) -+ if _, err := ossl.RSA_set0_key(key, bn, be, bd); err != nil { -+ ossl.BN_free(bn) -+ ossl.BN_free(be) -+ ossl.BN_clear_free(bd) -+ return nil, err -+ } -+ if p != nil && q != nil { -+ bp, _ := bigToBN(p) -+ bq, _ := bigToBN(q) -+ if _, err := ossl.RSA_set0_factors(key, bp, bq); err != nil { -+ ossl.BN_clear_free(bp) -+ ossl.BN_clear_free(bq) -+ return nil, err -+ } -+ } -+ if dp != nil && dq != nil && qinv != nil { -+ bdp, _ := bigToBN(dp) -+ bdq, _ := bigToBN(dq) -+ bqinv, _ := bigToBN(qinv) -+ if _, err := ossl.RSA_set0_crt_params(key, bdp, bdq, bqinv); err != nil { -+ ossl.BN_free(bdp) -+ ossl.BN_free(bdq) -+ ossl.BN_free(bqinv) -+ return nil, err -+ } -+ } -+ pkey, err = ossl.EVP_PKEY_new() -+ if err != nil { -+ ossl.RSA_free(key) -+ return nil, err -+ } -+ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_RSA, (unsafe.Pointer)(key)); err != nil { -+ ossl.RSA_free(key) -+ ossl.EVP_PKEY_free(pkey) -+ return nil, err -+ } -+ case 3, 4: -+ var err error -+ if pkey, err = newRSAKey3(true, n, e, d, p, q, dp, dq, qinv); err != nil { -+ return nil, err -+ } -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ k := &PrivateKeyRSA{_pkey: pkey} -+ runtime.SetFinalizer(k, (*PrivateKeyRSA).finalize) -+ return k, nil -+} -+ -+func (k *PrivateKeyRSA) finalize() { -+ ossl.EVP_PKEY_free(k._pkey) -+} -+ -+func (k *PrivateKeyRSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { -+ // Because of the finalizer, any time _pkey is passed to cgo, that call must -+ // be followed by a call to runtime.KeepAlive, to make sure k is not -+ // collected (and finalized) before the cgo call returns. -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} -+ -+func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { -+ return evpDecrypt(priv.withKey, ossl.RSA_PKCS1_OAEP_PADDING, h, mgfHash, label, ciphertext) -+} -+ -+func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) { -+ return evpEncrypt(pub.withKey, ossl.RSA_PKCS1_OAEP_PADDING, h, mgfHash, label, msg) -+} -+ -+func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ return evpDecrypt(priv.withKey, ossl.RSA_PKCS1_PADDING, nil, nil, nil, ciphertext) -+} -+ -+func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) { -+ return evpEncrypt(pub.withKey, ossl.RSA_PKCS1_PADDING, nil, nil, nil, msg) -+} -+ -+func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ ret, err := evpDecrypt(priv.withKey, ossl.RSA_NO_PADDING, nil, nil, nil, ciphertext) -+ if err != nil { -+ return nil, err -+ } -+ // We could return here, but the Go standard library test expects DecryptRSANoPadding to verify the result -+ // in order to defend against errors in the CRT computation. -+ // -+ // The following code tries to replicate the verification implemented in the upstream function decryptAndCheck, found at -+ // https://github.com/golang/go/blob/9de1ac6ac2cad3871760d0aa288f5ca713afd0a6/src/crypto/rsa/rsa.go#L569-L582. -+ pub := &PublicKeyRSA{_pkey: priv._pkey} -+ // A private EVP_PKEY can be used as a public key as it contains the public information. -+ enc, err := EncryptRSANoPadding(pub, ret) -+ if err != nil { -+ return nil, err -+ } -+ // Upstream does not do a constant time comparison because it works with math/big instead of byte slices, -+ // and math/big does not support constant-time arithmetic yet. See #20654 for more info. -+ if subtle.ConstantTimeCompare(ciphertext, enc) != 1 { -+ return nil, errors.New("rsa: internal error") -+ } -+ return ret, nil -+} -+ -+func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) { -+ return evpEncrypt(pub.withKey, ossl.RSA_NO_PADDING, nil, nil, nil, msg) -+} -+ -+func saltLength(saltLen int, sign bool) (int32, error) { -+ // A salt length of -2 is valid in OpenSSL, but not in crypto/rsa, so reject -+ // it, and lengths < -2, before we convert to the OpenSSL sentinel values. -+ if saltLen <= -2 { -+ return 0, errors.New("crypto/rsa: invalid PSS salt length") -+ } -+ // OpenSSL uses sentinel salt length values like Go crypto does, -+ // but the values don't fully match for rsa.PSSSaltLengthAuto (0). -+ if saltLen == 0 { -+ if sign { -+ if major() == 1 { -+ // OpenSSL 1.x uses -2 to mean maximal size when signing where Go crypto uses 0. -+ return ossl.RSA_PSS_SALTLEN_MAX_SIGN, nil -+ } -+ // OpenSSL 3.x deprecated RSA_PSS_SALTLEN_MAX_SIGN -+ // and uses -3 to mean maximal size when signing where Go crypto uses 0. -+ return ossl.RSA_PSS_SALTLEN_MAX, nil -+ } -+ // OpenSSL uses -2 to mean auto-detect size when verifying where Go crypto uses 0. -+ return ossl.RSA_PSS_SALTLEN_AUTO, nil -+ } -+ return int32(saltLen), nil -+} -+ -+func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { -+ cSaltLen, err := saltLength(saltLen, true) -+ if err != nil { -+ return nil, err -+ } -+ return evpSign(priv.withKey, ossl.RSA_PKCS1_PSS_PADDING, cSaltLen, h, hashed) -+} -+ -+func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { -+ cSaltLen, err := saltLength(saltLen, false) -+ if err != nil { -+ return err -+ } -+ return evpVerify(pub.withKey, ossl.RSA_PKCS1_PSS_PADDING, cSaltLen, h, sig, hashed) -+} -+ -+func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { -+ return evpSign(priv.withKey, ossl.RSA_PKCS1_PADDING, 0, h, hashed) -+} -+ -+func HashSignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte) ([]byte, error) { -+ return evpHashSign(priv.withKey, h, msg) -+} -+ -+func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { -+ defer runtime.KeepAlive(pub) -+ var size int32 -+ if err := pub.withKey(func(pkey ossl.EVP_PKEY_PTR) (err error) { -+ size, err = ossl.EVP_PKEY_get_size(pkey) -+ if err != nil { -+ return err -+ } -+ if len(sig) < int(size) { -+ return errors.New("crypto/rsa: verification error") -+ } -+ return nil -+ }); err != nil { -+ return err -+ } -+ return evpVerify(pub.withKey, ossl.RSA_PKCS1_PADDING, 0, h, sig, hashed) -+} -+ -+func HashVerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, msg, sig []byte) error { -+ return evpHashVerify(pub.withKey, h, msg, sig) -+} -+ -+func newRSAKey3(isPriv bool, n, e, d, p, q, dp, dq, qinv BigInt) (ossl.EVP_PKEY_PTR, error) { -+ bld := newParamBuilder() -+ defer bld.finalize() -+ -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_N, n, false) -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_E, e, false) -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_D, d, false) -+ -+ // OpenSSL 3.0 and 3.1 required all the precomputed values if -+ // P and Q are present. See: -+ // https://github.com/openssl/openssl/pull/22334 -+ // -+ // We could only set P and Q if they exist when using OpenSSL 3.2 -+ // or newer, but the RSA provider might be built with an older -+ // OpenSSL version, in which case it would still require all the -+ // precomputed values. So better always provide all the values or -+ // none of them. -+ if p != nil && q != nil && dp != nil && dq != nil && qinv != nil { -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_FACTOR1, p, true) -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_FACTOR2, q, true) -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_EXPONENT1, dp, true) -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_EXPONENT2, dq, true) -+ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_COEFFICIENT1, qinv, true) -+ } -+ -+ params, err := bld.build() -+ if err != nil { -+ return nil, err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ selection := ossl.EVP_PKEY_PUBLIC_KEY -+ if isPriv { -+ selection = ossl.EVP_PKEY_KEYPAIR -+ } -+ return newEvpFromParams(ossl.EVP_PKEY_RSA, int32(selection), params) -+} -+ -+// SupportsRSAPKCS1v15Encryption returns true if the RSA PKCS1 v1.5 padding is supported for encryption and decryption. -+var SupportsRSAPKCS1v15Encryption = sync.OnceValue(func() bool { -+ pkey := testRSAPrivateKey() -+ ctx, err := ossl.EVP_PKEY_CTX_new(pkey, nil) -+ if err != nil { -+ return false -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ -+ if _, err := ossl.EVP_PKEY_encrypt_init(ctx); err != nil { -+ return false -+ } -+ -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PADDING, ossl.RSA_PKCS1_PADDING, nil); err != nil { -+ return false -+ } -+ -+ // In FIPS mode, setting the padding might succeed, but the actual encryption will fail. -+ // So we need to try to encrypt something to be sure. -+ in := []byte("test") -+ var outLen int -+ if _, err := ossl.EVP_PKEY_encrypt(ctx, nil, &outLen, in); err != nil { -+ return false -+ } -+ return true -+}) -+ -+var rsaPKCS1SignatureSupport sync.Map -+ -+// SupportsRSAPKCS1v15Signature returns true if the RSA PKCS1 v1.5 padding is supported for signatures with the given hash. -+func SupportsRSAPKCS1v15Signature(ch crypto.Hash) (supported bool) { -+ v, ok := rsaPKCS1SignatureSupport.Load(ch) -+ if ok { -+ return v.(bool) -+ } -+ defer func() { -+ rsaPKCS1SignatureSupport.Store(ch, supported) -+ }() -+ -+ pkey := testRSAPrivateKey() -+ ctx, err := ossl.EVP_PKEY_CTX_new(pkey, nil) -+ if err != nil { -+ return false -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if _, err := ossl.EVP_PKEY_sign_init(ctx); err != nil { -+ return false -+ } -+ if setPKCS1Padding(ctx, ch) != nil { -+ return false -+ } -+ // In FIPS mode, setting the padding might succeed, but the actual signature will fail. -+ // So we need to try to sign something to be sure. -+ size := 1 -+ if ch != 0 { -+ size = ch.Size() -+ } -+ in := make([]byte, size, maxHashSize) -+ var outLen int -+ if _, err := ossl.EVP_PKEY_sign(ctx, nil, &outLen, in); err != nil { -+ return false -+ } -+ return true -+} -+ -+var rsaPSSSupport sync.Map -+ -+// SupportsRSAPSS returns true if the RSA PSS padding is supported for signatures with the given hash. -+func SupportsRSAPSS(ch crypto.Hash) (supported bool) { -+ v, ok := rsaPSSSupport.Load(ch) -+ if ok { -+ return v.(bool) -+ } -+ defer func() { -+ rsaPSSSupport.Store(ch, supported) -+ }() -+ -+ if !SupportsHash(ch) { -+ // Short-circuit if the hash itself is not supported. -+ return false -+ } -+ -+ pkey := testRSAPrivateKey() -+ ctx, err := ossl.EVP_PKEY_CTX_new(pkey, nil) -+ if err != nil { -+ return false -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ if _, err := ossl.EVP_PKEY_sign_init(ctx); err != nil { -+ return false -+ } -+ if setPSSPadding(ctx, 0, ch) != nil { -+ return false -+ } -+ // In FIPS mode, setting the padding might succeed, but the actual signature will fail. -+ // So we need to try to sign something to be sure. -+ in := make([]byte, ch.Size(), maxHashSize) -+ var outLen int -+ if _, err := ossl.EVP_PKEY_sign(ctx, nil, &outLen, in); err != nil { -+ return false -+ } -+ return true -+} -+ -+var rsaOAEPSupport sync.Map -+ -+type rsaOAEPSupportEntry struct { -+ ch crypto.Hash -+ mgfHash crypto.Hash -+} -+ -+// SupportsRSAOAEP returns true if the RSA OAEP padding is supported for encryption/decryption -+// with the given hash and MGF hash. -+func SupportsRSAOAEP(h, mgfHash hash.Hash) (supported bool) { -+ ch := hashToCryptoHash(h) -+ if ch == 0 { -+ return false -+ } -+ mgfCh := hashToCryptoHash(mgfHash) -+ if mgfCh == 0 { -+ return false -+ } -+ entry := rsaOAEPSupportEntry{ch, mgfCh} -+ v, ok := rsaOAEPSupport.Load(entry) -+ if ok { -+ return v.(bool) -+ } -+ defer func() { -+ rsaOAEPSupport.Store(entry, supported) -+ }() -+ -+ if !SupportsHash(ch) { -+ // Short-circuit if the hash itself is not supported. -+ return false -+ } -+ -+ pkey := testRSAPrivateKey() -+ ctx, err := ossl.EVP_PKEY_CTX_new(pkey, nil) -+ if err != nil { -+ return false -+ } -+ defer ossl.EVP_PKEY_CTX_free(ctx) -+ -+ if _, err := ossl.EVP_PKEY_encrypt_init(ctx); err != nil { -+ return false -+ } -+ -+ if setOAEPPadding(ctx, h, mgfHash, nil) != nil { -+ return false -+ } -+ -+ // In FIPS mode, setting the padding might succeed, but the actual encryption will fail. -+ // So we need to try to encrypt something to be sure. -+ in := []byte("test") -+ var outLen int -+ if _, err := ossl.EVP_PKEY_encrypt(ctx, nil, &outLen, in); err != nil { -+ return false -+ } -+ return true -+} -+ -+// testRSAPrivateKey returns a test RSA private key for use in capability probing functions. -+// -+// The key is constructed from hard-coded parameters to avoid -+// spurious failures due to key generation issues and to avoid the speed cost of -+// key generation. -+var testRSAPrivateKey = sync.OnceValue(func() ossl.EVP_PKEY_PTR { -+ // RSA-2048 key "testRSA2048": -+ // https://www.rfc-editor.org/rfc/rfc9500.html#section-2.1 -+ N := []byte{ -+ 0xB0, 0xF9, 0xE8, 0x19, 0x43, 0xA7, 0xAE, 0x98, -+ 0x92, 0xAA, 0xDE, 0x17, 0xCA, 0x7C, 0x40, 0xF8, -+ 0x74, 0x4F, 0xED, 0x2F, 0x81, 0x48, 0xE6, 0xC8, -+ 0xEA, 0xA2, 0x7B, 0x7D, 0x00, 0x15, 0x48, 0xFB, -+ 0x51, 0x92, 0xAB, 0x28, 0xB5, 0x6C, 0x50, 0x60, -+ 0xB1, 0x18, 0xCC, 0xD1, 0x31, 0xE5, 0x94, 0x87, -+ 0x4C, 0x6C, 0xA9, 0x89, 0xB5, 0x6C, 0x27, 0x29, -+ 0x6F, 0x09, 0xFB, 0x93, 0xA0, 0x34, 0xDF, 0x32, -+ 0xE9, 0x7C, 0x6F, 0xF0, 0x99, 0x8C, 0xFD, 0x8E, -+ 0x6F, 0x42, 0xDD, 0xA5, 0x8A, 0xCD, 0x1F, 0xA9, -+ 0x79, 0x86, 0xF1, 0x44, 0xF3, 0xD1, 0x54, 0xD6, -+ 0x76, 0x50, 0x17, 0x5E, 0x68, 0x54, 0xB3, 0xA9, -+ 0x52, 0x00, 0x3B, 0xC0, 0x68, 0x87, 0xB8, 0x45, -+ 0x5A, 0xC2, 0xB1, 0x9F, 0x7B, 0x2F, 0x76, 0x50, -+ 0x4E, 0xBC, 0x98, 0xEC, 0x94, 0x55, 0x71, 0xB0, -+ 0x78, 0x92, 0x15, 0x0D, 0xDC, 0x6A, 0x74, 0xCA, -+ 0x0F, 0xBC, 0xD3, 0x54, 0x97, 0xCE, 0x81, 0x53, -+ 0x4D, 0xAF, 0x94, 0x18, 0x84, 0x4B, 0x13, 0xAE, -+ 0xA3, 0x1F, 0x9D, 0x5A, 0x6B, 0x95, 0x57, 0xBB, -+ 0xDF, 0x61, 0x9E, 0xFD, 0x4E, 0x88, 0x7F, 0x2D, -+ 0x42, 0xB8, 0xDD, 0x8B, 0xC9, 0x87, 0xEA, 0xE1, -+ 0xBF, 0x89, 0xCA, 0xB8, 0x5E, 0xE2, 0x1E, 0x35, -+ 0x63, 0x05, 0xDF, 0x6C, 0x07, 0xA8, 0x83, 0x8E, -+ 0x3E, 0xF4, 0x1C, 0x59, 0x5D, 0xCC, 0xE4, 0x3D, -+ 0xAF, 0xC4, 0x91, 0x23, 0xEF, 0x4D, 0x8A, 0xBB, -+ 0xA9, 0x3D, 0x39, 0x05, 0xE4, 0x02, 0x8D, 0x7B, -+ 0xA9, 0x14, 0x84, 0xA2, 0x75, 0x96, 0xE0, 0x7B, -+ 0x4B, 0x6E, 0xD9, 0x92, 0xF0, 0x77, 0xB5, 0x24, -+ 0xD3, 0xDC, 0xFE, 0x7D, 0xDD, 0x55, 0x49, 0xBE, -+ 0x7C, 0xCE, 0x8D, 0xA0, 0x35, 0xCF, 0xA0, 0xB3, -+ 0xFB, 0x8F, 0x9E, 0x46, 0xF7, 0x32, 0xB2, 0xA8, -+ 0x6B, 0x46, 0x01, 0x65, 0xC0, 0x8F, 0x53, 0x13} -+ E := []byte{0x01, 0x00, 0x01} -+ d := []byte{ -+ 0x41, 0x18, 0x8B, 0x20, 0xCF, 0xDB, 0xDB, 0xC2, -+ 0xCF, 0x1F, 0xFE, 0x75, 0x2D, 0xCB, 0xAA, 0x72, -+ 0x39, 0x06, 0x35, 0x2E, 0x26, 0x15, 0xD4, 0x9D, -+ 0xCE, 0x80, 0x59, 0x7F, 0xCF, 0x0A, 0x05, 0x40, -+ 0x3B, 0xEF, 0x00, 0xFA, 0x06, 0x51, 0x82, 0xF7, -+ 0x2D, 0xEC, 0xFB, 0x59, 0x6F, 0x4B, 0x0C, 0xE8, -+ 0xFF, 0x59, 0x70, 0xBA, 0xF0, 0x7A, 0x89, 0xA5, -+ 0x19, 0xEC, 0xC8, 0x16, 0xB2, 0xF4, 0xFF, 0xAC, -+ 0x50, 0x69, 0xAF, 0x1B, 0x06, 0xBF, 0xEF, 0x7B, -+ 0xF6, 0xBC, 0xD7, 0x9E, 0x4E, 0x81, 0xC8, 0xC5, -+ 0xA3, 0xA7, 0xD9, 0x13, 0x0D, 0xC3, 0xCF, 0xBA, -+ 0xDA, 0xE5, 0xF6, 0xD2, 0x88, 0xF9, 0xAE, 0xE3, -+ 0xF6, 0xFF, 0x92, 0xFA, 0xE0, 0xF8, 0x1A, 0xF5, -+ 0x97, 0xBE, 0xC9, 0x6A, 0xE9, 0xFA, 0xB9, 0x40, -+ 0x2C, 0xD5, 0xFE, 0x41, 0xF7, 0x05, 0xBE, 0xBD, -+ 0xB4, 0x7B, 0xB7, 0x36, 0xD3, 0xFE, 0x6C, 0x5A, -+ 0x51, 0xE0, 0xE2, 0x07, 0x32, 0xA9, 0x7B, 0x5E, -+ 0x46, 0xC1, 0xCB, 0xDB, 0x26, 0xD7, 0x48, 0x54, -+ 0xC6, 0xB6, 0x60, 0x4A, 0xED, 0x46, 0x37, 0x35, -+ 0xFF, 0x90, 0x76, 0x04, 0x65, 0x57, 0xCA, 0xF9, -+ 0x49, 0xBF, 0x44, 0x88, 0x95, 0xC2, 0x04, 0x32, -+ 0xC1, 0xE0, 0x9C, 0x01, 0x4E, 0xA7, 0x56, 0x60, -+ 0x43, 0x4F, 0x1A, 0x0F, 0x3B, 0xE2, 0x94, 0xBA, -+ 0xBC, 0x5D, 0x53, 0x0E, 0x6A, 0x10, 0x21, 0x3F, -+ 0x53, 0xB6, 0x03, 0x75, 0xFC, 0x84, 0xA7, 0x57, -+ 0x3F, 0x2A, 0xF1, 0x21, 0x55, 0x84, 0xF5, 0xB4, -+ 0xBD, 0xA6, 0xD4, 0xE8, 0xF9, 0xE1, 0x7A, 0x78, -+ 0xD9, 0x7E, 0x77, 0xB8, 0x6D, 0xA4, 0xA1, 0x84, -+ 0x64, 0x75, 0x31, 0x8A, 0x7A, 0x10, 0xA5, 0x61, -+ 0x01, 0x4E, 0xFF, 0xA2, 0x3A, 0x81, 0xEC, 0x56, -+ 0xE9, 0xE4, 0x10, 0x9D, 0xEF, 0x8C, 0xB3, 0xF7, -+ 0x97, 0x22, 0x3F, 0x7D, 0x8D, 0x0D, 0x43, 0x51} -+ p := []byte{ -+ 0xDD, 0x10, 0x57, 0x02, 0x38, 0x2F, 0x23, 0x2B, -+ 0x36, 0x81, 0xF5, 0x37, 0x91, 0xE2, 0x26, 0x17, -+ 0xC7, 0xBF, 0x4E, 0x9A, 0xCB, 0x81, 0xED, 0x48, -+ 0xDA, 0xF6, 0xD6, 0x99, 0x5D, 0xA3, 0xEA, 0xB6, -+ 0x42, 0x83, 0x9A, 0xFF, 0x01, 0x2D, 0x2E, 0xA6, -+ 0x28, 0xB9, 0x0A, 0xF2, 0x79, 0xFD, 0x3E, 0x6F, -+ 0x7C, 0x93, 0xCD, 0x80, 0xF0, 0x72, 0xF0, 0x1F, -+ 0xF2, 0x44, 0x3B, 0x3E, 0xE8, 0xF2, 0x4E, 0xD4, -+ 0x69, 0xA7, 0x96, 0x13, 0xA4, 0x1B, 0xD2, 0x40, -+ 0x20, 0xF9, 0x2F, 0xD1, 0x10, 0x59, 0xBD, 0x1D, -+ 0x0F, 0x30, 0x1B, 0x5B, 0xA7, 0xA9, 0xD3, 0x63, -+ 0x7C, 0xA8, 0xD6, 0x5C, 0x1A, 0x98, 0x15, 0x41, -+ 0x7D, 0x8E, 0xAB, 0x73, 0x4B, 0x0B, 0x4F, 0x3A, -+ 0x2C, 0x66, 0x1D, 0x9A, 0x1A, 0x82, 0xF3, 0xAC, -+ 0x73, 0x4C, 0x40, 0x53, 0x06, 0x69, 0xAB, 0x8E, -+ 0x47, 0x30, 0x45, 0xA5, 0x8E, 0x65, 0x53, 0x9D} -+ q := []byte{ -+ 0xCC, 0xF1, 0xE5, 0xBB, 0x90, 0xC8, 0xE9, 0x78, -+ 0x1E, 0xA7, 0x5B, 0xEB, 0xF1, 0x0B, 0xC2, 0x52, -+ 0xE1, 0x1E, 0xB0, 0x23, 0xA0, 0x26, 0x0F, 0x18, -+ 0x87, 0x55, 0x2A, 0x56, 0x86, 0x3F, 0x4A, 0x64, -+ 0x21, 0xE8, 0xC6, 0x00, 0xBF, 0x52, 0x3D, 0x6C, -+ 0xB1, 0xB0, 0xAD, 0xBD, 0xD6, 0x5B, 0xFE, 0xE4, -+ 0xA8, 0x8A, 0x03, 0x7E, 0x3D, 0x1A, 0x41, 0x5E, -+ 0x5B, 0xB9, 0x56, 0x48, 0xDA, 0x5A, 0x0C, 0xA2, -+ 0x6B, 0x54, 0xF4, 0xA6, 0x39, 0x48, 0x52, 0x2C, -+ 0x3D, 0x5F, 0x89, 0xB9, 0x4A, 0x72, 0xEF, 0xFF, -+ 0x95, 0x13, 0x4D, 0x59, 0x40, 0xCE, 0x45, 0x75, -+ 0x8F, 0x30, 0x89, 0x80, 0x90, 0x89, 0x56, 0x58, -+ 0x8E, 0xEF, 0x57, 0x5B, 0x3E, 0x4B, 0xC4, 0xC3, -+ 0x68, 0xCF, 0xE8, 0x13, 0xEE, 0x9C, 0x25, 0x2C, -+ 0x2B, 0x02, 0xE0, 0xDF, 0x91, 0xF1, 0xAA, 0x01, -+ 0x93, 0x8D, 0x38, 0x68, 0x5D, 0x60, 0xBA, 0x6F} -+ qInv := []byte{ -+ 0x0A, 0x81, 0xD8, 0xA6, 0x18, 0x31, 0x4A, 0x80, -+ 0x3A, 0xF6, 0x1C, 0x06, 0x71, 0x1F, 0x2C, 0x39, -+ 0xB2, 0x66, 0xFF, 0x41, 0x4D, 0x53, 0x47, 0x6D, -+ 0x1D, 0xA5, 0x2A, 0x43, 0x18, 0xAA, 0xFE, 0x4B, -+ 0x96, 0xF0, 0xDA, 0x07, 0x15, 0x5F, 0x8A, 0x51, -+ 0x34, 0xDA, 0xB8, 0x8E, 0xE2, 0x9E, 0x81, 0x68, -+ 0x07, 0x6F, 0xCD, 0x78, 0xCA, 0x79, 0x1A, 0xC6, -+ 0x34, 0x42, 0xA8, 0x1C, 0xD0, 0x69, 0x39, 0x27, -+ 0xD8, 0x08, 0xE3, 0x35, 0xE8, 0xD8, 0xCB, 0xF2, -+ 0x12, 0x19, 0x07, 0x50, 0x9A, 0x57, 0x75, 0x9B, -+ 0x4F, 0x9A, 0x18, 0xFA, 0x3A, 0x7B, 0x33, 0x37, -+ 0x79, 0xED, 0xDE, 0x7A, 0x45, 0x93, 0x84, 0xF8, -+ 0x44, 0x4A, 0xDA, 0xEC, 0xFF, 0xEC, 0x95, 0xFD, -+ 0x55, 0x2B, 0x0C, 0xFC, 0xB6, 0xC7, 0xF6, 0x92, -+ 0x62, 0x6D, 0xDE, 0x1E, 0xF2, 0x68, 0xA4, 0x0D, -+ 0x2F, 0x67, 0xB5, 0xC8, 0xAA, 0x38, 0x7F, 0xF7} -+ dP := []byte{ -+ 0x09, 0xED, 0x54, 0xEA, 0xED, 0x98, 0xF8, 0x4C, -+ 0x55, 0x7B, 0x4A, 0x86, 0xBF, 0x4F, 0x57, 0x84, -+ 0x93, 0xDC, 0xBC, 0x6B, 0xE9, 0x1D, 0xA1, 0x89, -+ 0x37, 0x04, 0x04, 0xA9, 0x08, 0x72, 0x76, 0xF4, -+ 0xCE, 0x51, 0xD8, 0xA1, 0x00, 0xED, 0x85, 0x7D, -+ 0xC2, 0xB0, 0x64, 0x94, 0x74, 0xF3, 0xF1, 0x5C, -+ 0xD2, 0x4C, 0x54, 0xDB, 0x28, 0x71, 0x10, 0xE5, -+ 0x6E, 0x5C, 0xB0, 0x08, 0x68, 0x2F, 0x91, 0x68, -+ 0xAA, 0x81, 0xF3, 0x14, 0x58, 0xB7, 0x43, 0x1E, -+ 0xCC, 0x1C, 0x44, 0x90, 0x6F, 0xDA, 0x87, 0xCA, -+ 0x89, 0x47, 0x10, 0xC3, 0x71, 0xE9, 0x07, 0x6C, -+ 0x1D, 0x49, 0xFB, 0xAE, 0x51, 0x27, 0x69, 0x34, -+ 0xF2, 0xAD, 0x78, 0x77, 0x89, 0xF4, 0x2D, 0x0F, -+ 0xA0, 0xB4, 0xC9, 0x39, 0x85, 0x5D, 0x42, 0x12, -+ 0x09, 0x6F, 0x70, 0x28, 0x0A, 0x4E, 0xAE, 0x7C, -+ 0x8A, 0x27, 0xD9, 0xC8, 0xD0, 0x77, 0x2E, 0x65} -+ dQ := []byte{ -+ 0x8C, 0xB6, 0x85, 0x7A, 0x7B, 0xD5, 0x46, 0x5F, -+ 0x80, 0x04, 0x7E, 0x9B, 0x87, 0xBC, 0x00, 0x27, -+ 0x31, 0x84, 0x05, 0x81, 0xE0, 0x62, 0x61, 0x39, -+ 0x01, 0x2A, 0x5B, 0x50, 0x5F, 0x0A, 0x33, 0x84, -+ 0x7E, 0xB7, 0xB8, 0xC3, 0x28, 0x99, 0x49, 0xAD, -+ 0x48, 0x6F, 0x3B, 0x4B, 0x3D, 0x53, 0x9A, 0xB5, -+ 0xDA, 0x76, 0x30, 0x21, 0xCB, 0xC8, 0x2C, 0x1B, -+ 0xA2, 0x34, 0xA5, 0x66, 0x8D, 0xED, 0x08, 0x01, -+ 0xB8, 0x59, 0xF3, 0x43, 0xF1, 0xCE, 0x93, 0x04, -+ 0xE6, 0xFA, 0xA2, 0xB0, 0x02, 0xCA, 0xD9, 0xB7, -+ 0x8C, 0xDE, 0x5C, 0xDC, 0x2C, 0x1F, 0xB4, 0x17, -+ 0x1C, 0x42, 0x42, 0x16, 0x70, 0xA6, 0xAB, 0x0F, -+ 0x50, 0xCC, 0x4A, 0x19, 0x4E, 0xB3, 0x6D, 0x1C, -+ 0x91, 0xE9, 0x35, 0xBA, 0x01, 0xB9, 0x59, 0xD8, -+ 0x72, 0x8B, 0x9E, 0x64, 0x42, 0x6B, 0x3F, 0xC3, -+ 0xA7, 0x50, 0x6D, 0xEB, 0x52, 0x39, 0xA8, 0xA7} -+ -+ // Convert []byte to BigInt using BN_bin2bn and bnToBig -+ bytesToBigInt := func(b []byte) BigInt { -+ bn, err := ossl.BN_bin2bn(b, nil) -+ if err != nil { -+ panic(err) -+ } -+ defer ossl.BN_free(bn) -+ return bnToBig(bn) -+ } -+ -+ priv, err := NewPrivateKeyRSA( -+ bytesToBigInt(N), -+ bytesToBigInt(E), -+ bytesToBigInt(d), -+ bytesToBigInt(p), -+ bytesToBigInt(q), -+ bytesToBigInt(dP), -+ bytesToBigInt(dQ), -+ bytesToBigInt(qInv), -+ ) -+ if err != nil { -+ panic("failed to create test RSA private key: " + err.Error()) -+ } -+ // Prevent finalization to avoid freeing OpenSSL objects. -+ runtime.SetFinalizer(priv, nil) -+ return priv._pkey -+}) -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go b/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go -new file mode 100644 -index 00000000000000..1f7dcb7cf38f1f ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go -@@ -0,0 +1,156 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import ( -+ "crypto" -+ "errors" -+ "hash" -+ "sync" -+ "unsafe" -+ -+ "github.com/golang-fips/openssl/v2/internal/ossl" -+) -+ -+func SupportsTLS1PRF() bool { -+ switch major() { -+ case 1: -+ return minor() >= 1 -+ case 3, 4: -+ _, err := fetchTLS1PRF3() -+ return err == nil -+ default: -+ panic(errUnsupportedVersion()) -+ } -+} -+ -+// TLS1PRF implements the TLS 1.0/1.1 pseudo-random function if h is nil, -+// else it implements the TLS 1.2 pseudo-random function. -+// The pseudo-random number will be written to result and will be of length len(result). -+func TLS1PRF(result, secret, label, seed []byte, fh func() hash.Hash) error { -+ var md ossl.EVP_MD_PTR -+ if fh == nil { -+ // TLS 1.0/1.1 PRF doesn't allow to specify the hash function, -+ // it always uses MD5SHA1. If h is nil, then assume -+ // that the caller wants to use TLS 1.0/1.1 PRF. -+ // OpenSSL detects this case by checking if the hash -+ // function is MD5SHA1. -+ md = loadHash(crypto.MD5SHA1, false).md -+ } else { -+ h, err := hashFuncHash(fh) -+ if err != nil { -+ return err -+ } -+ md = hashToMD(h) -+ } -+ if md == nil { -+ return errors.New("unsupported hash function") -+ } -+ -+ switch major() { -+ case 1: -+ return tls1PRF1(result, secret, label, seed, md) -+ case 3, 4: -+ return tls1PRF3(result, secret, label, seed, md) -+ default: -+ return errUnsupportedVersion() -+ } -+} -+ -+// tls1PRF1 implements TLS1PRF for OpenSSL 1 using the EVP_PKEY API. -+func tls1PRF1(result, secret, label, seed []byte, md ossl.EVP_MD_PTR) error { -+ checkMajorVersion(1) -+ -+ ctx, err := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_TLS1_PRF, nil) -+ if err != nil { -+ return err -+ } -+ defer func() { -+ ossl.EVP_PKEY_CTX_free(ctx) -+ }() -+ -+ if _, err := ossl.EVP_PKEY_derive_init(ctx); err != nil { -+ return err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, -+ ossl.EVP_PKEY_OP_DERIVE, -+ ossl.EVP_PKEY_CTRL_TLS_MD, -+ 0, unsafe.Pointer(md)); err != nil { -+ return err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, -+ ossl.EVP_PKEY_OP_DERIVE, -+ ossl.EVP_PKEY_CTRL_TLS_SECRET, -+ int32(len(secret)), unsafe.Pointer(base(secret))); err != nil { -+ return err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, -+ ossl.EVP_PKEY_OP_DERIVE, -+ ossl.EVP_PKEY_CTRL_TLS_SEED, -+ int32(len(label)), unsafe.Pointer(base(label))); err != nil { -+ return err -+ } -+ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, -+ ossl.EVP_PKEY_OP_DERIVE, -+ ossl.EVP_PKEY_CTRL_TLS_SEED, -+ int32(len(seed)), unsafe.Pointer(base(seed))); err != nil { -+ return err -+ } -+ outLen := len(result) -+ if _, err := ossl.EVP_PKEY_derive(ctx, result, &outLen); err != nil { -+ return err -+ } -+ // The Go standard library expects TLS1PRF to return the requested number of bytes, -+ // fail if it doesn't. While there is no known situation where this will happen, -+ // EVP_PKEY_derive handles multiple algorithms and there could be a subtle mismatch -+ // after more code changes in the future. -+ if outLen != len(result) { -+ return errors.New("tls1-prf: derived less bytes than requested") -+ } -+ return nil -+} -+ -+// fetchTLS1PRF3 fetches the TLS1-PRF KDF algorithm. -+// It is safe to call this function concurrently. -+// The returned EVP_KDF_PTR shouldn't be freed. -+var fetchTLS1PRF3 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { -+ checkMajorVersion(3, 4) -+ -+ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_TLS1_PRF.ptr(), nil) -+ if err != nil { -+ return nil, err -+ } -+ return kdf, nil -+}) -+ -+// tls1PRF3 implements TLS1PRF for OpenSSL 3 using the EVP_KDF API. -+func tls1PRF3(result, secret, label, seed []byte, md ossl.EVP_MD_PTR) error { -+ checkMajorVersion(3, 4) -+ -+ kdf, err := fetchTLS1PRF3() -+ if err != nil { -+ return err -+ } -+ ctx, err := ossl.EVP_KDF_CTX_new(kdf) -+ if err != nil { -+ return err -+ } -+ defer ossl.EVP_KDF_CTX_free(ctx) -+ -+ bld := newParamBuilder() -+ defer bld.finalize() -+ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) -+ bld.addOctetString(_OSSL_KDF_PARAM_SECRET, secret) -+ bld.addOctetString(_OSSL_KDF_PARAM_SEED, label) -+ bld.addOctetString(_OSSL_KDF_PARAM_SEED, seed) -+ params, err := bld.build() -+ if err != nil { -+ return err -+ } -+ defer ossl.OSSL_PARAM_free(params) -+ -+ if _, err := ossl.EVP_KDF_derive(ctx, result, params); err != nil { -+ return err -+ } -+ return nil -+} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/zaes.go b/src/vendor/github.com/golang-fips/openssl/v2/zaes.go -new file mode 100644 -index 00000000000000..4d945290e3bdff ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/zaes.go -@@ -0,0 +1,86 @@ -+// Code generated by cmd/genaesmodes. DO NOT EDIT. -+ -+//go:build !cmd_go_bootstrap -+ -+package openssl -+ -+import "crypto/cipher" -+ -+type cipherWithCBC struct { -+ aesCipher -+} -+ -+type cipherWithCTR struct { -+ aesCipher -+} -+ -+type cipherWithCBC_CTR struct { -+ aesCipher -+ cipherWithCBC -+ cipherWithCTR -+} -+ -+type cipherWithGCM struct { -+ aesCipher -+} -+ -+type cipherWithCBC_GCM struct { -+ aesCipher -+ cipherWithCBC -+ cipherWithGCM -+} -+ -+type cipherWithCTR_GCM struct { -+ aesCipher -+ cipherWithCTR -+ cipherWithGCM -+} -+ -+type cipherWithCBC_CTR_GCM struct { -+ aesCipher -+ cipherWithCBC -+ cipherWithCTR -+ cipherWithGCM -+} -+ -+func newAESBlock(c *evpCipher, kind cipherKind) cipher.Block { -+ aes := aesCipher{c} -+ var block cipher.Block -+ supportsCBC := loadCipher(kind, cipherModeCBC) != nil -+ supportsCTR := loadCipher(kind, cipherModeCTR) != nil -+ supportsGCM := loadCipher(kind, cipherModeGCM) != nil -+ switch { -+ case !supportsCBC && !supportsCTR && !supportsGCM: -+ block = aes -+ case supportsCBC && !supportsCTR && !supportsGCM: -+ block = cipherWithCBC{aes} -+ case !supportsCBC && supportsCTR && !supportsGCM: -+ block = cipherWithCTR{aes} -+ case supportsCBC && supportsCTR && !supportsGCM: -+ block = cipherWithCBC_CTR{aes, -+ cipherWithCBC{aes}, -+ cipherWithCTR{aes}, -+ } -+ case !supportsCBC && !supportsCTR && supportsGCM: -+ block = cipherWithGCM{aes} -+ case supportsCBC && !supportsCTR && supportsGCM: -+ block = cipherWithCBC_GCM{aes, -+ cipherWithCBC{aes}, -+ cipherWithGCM{aes}, -+ } -+ case !supportsCBC && supportsCTR && supportsGCM: -+ block = cipherWithCTR_GCM{aes, -+ cipherWithCTR{aes}, -+ cipherWithGCM{aes}, -+ } -+ case supportsCBC && supportsCTR && supportsGCM: -+ block = cipherWithCBC_CTR_GCM{aes, -+ cipherWithCBC{aes}, -+ cipherWithCTR{aes}, -+ cipherWithGCM{aes}, -+ } -+ default: -+ panic("unreachable") -+ } -+ return block -+} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE b/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE -new file mode 100644 -index 00000000000000..9e841e7a26e4eb ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE -@@ -0,0 +1,21 @@ -+ MIT License -+ -+ Copyright (c) Microsoft Corporation. -+ -+ Permission is hereby granted, free of charge, to any person obtaining a copy -+ of this software and associated documentation files (the "Software"), to deal -+ in the Software without restriction, including without limitation the rights -+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ copies of the Software, and to permit persons to whom the Software is -+ furnished to do so, subject to the following conditions: -+ -+ The above copyright notice and this permission notice shall be included in all -+ copies or substantial portions of the Software. -+ -+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -+ SOFTWARE -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go b/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go -new file mode 100644 -index 00000000000000..73891afeab93d7 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go -@@ -0,0 +1,31 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+package bbig -+ -+import ( -+ "math/big" -+ -+ "github.com/microsoft/go-crypto-darwin/xcrypto" -+) -+ -+func Enc(b *big.Int) xcrypto.BigInt { -+ if b == nil { -+ return nil -+ } -+ x := b.Bytes() -+ if len(x) == 0 { -+ return xcrypto.BigInt{} -+ } -+ return x -+} -+ -+func Dec(b xcrypto.BigInt) *big.Int { -+ if b == nil { -+ return nil -+ } -+ if len(b) == 0 { -+ return new(big.Int) -+ } -+ return new(big.Int).SetBytes(b) -+} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/commoncrypto.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/commoncrypto.go -new file mode 100644 -index 00000000000000..e1b9ee1d005406 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/commoncrypto.go -@@ -0,0 +1,9 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+// Package commoncrypto provides a Go interface to the CommonCrypto API -+package commoncrypto -+ -+//go:generate go run ../../cmd/checkheader shims.h -+//go:generate go run ../../cmd/mkcgo -out zcommoncrypto.go -package commoncrypto --noerrors shims.h -+//go:generate go run ../../cmd/mkcgo -out zcommoncrypto.go -nocgo -package commoncrypto --noerrors shims.h -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/shims.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/shims.h -new file mode 100644 -index 00000000000000..de1f9bc059aa43 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/shims.h -@@ -0,0 +1,72 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+// This header file is used by the mkcgo tool to generate cgo and Go bindings -+// for the CommonCrypto C API. Run "go generate ." to regenerate the bindings. -+// Do not include this file, import "zcommoncrypto.h" instead. -+ -+#ifndef _GO_COMMONCRYPTO_SHIMS_H // only include this header once -+#define _GO_COMMONCRYPTO_SHIMS_H -+ -+#include // uint64_t -+#include // size_t -+ -+// The following includes are used by the checkheader tool. -+// #include -+ -+typedef void *CCCryptorRef; -+typedef uint32_t CCModeOptions; -+ -+typedef enum { -+ kCCEncrypt = 0, -+ kCCDecrypt = 1, -+} CCOperation; -+ -+typedef enum { -+ kCCModeCBC = 2, -+} CCMode; -+ -+typedef enum { -+ KCCOptionECBMode = 2, -+} CCOptions; -+ -+typedef enum { -+ kCCSuccess = 0, -+} CCCryptorStatus; -+ -+typedef enum { -+ kCCPBKDF2 = 2, -+} CCPBKDFAlgorithm; -+ -+typedef enum { -+ kCCPRFHmacAlgSHA1 = 1, -+ kCCPRFHmacAlgSHA256 = 3, -+ kCCPRFHmacAlgSHA384 = 4, -+ kCCPRFHmacAlgSHA512 = 5, -+} CCPseudoRandomAlgorithm; -+ -+enum { -+ kCCBlockSizeAES128 = 16, -+ kCCBlockSizeDES = 8, -+}; -+ -+typedef enum { -+ ccNoPadding = 0, -+} CCPadding; -+ -+typedef enum { -+ kCCAlgorithmAES = 0, -+ kCCAlgorithmDES = 1, -+ kCCAlgorithm3DES = 2, -+ kCCAlgorithmRC4 = 4, -+} CCAlgorithm; -+ -+CCCryptorStatus CCCryptorCreate(CCOperation op, CCAlgorithm alg, CCOptions options, const void *key, size_t keyLength, const void *iv, CCCryptorRef *cryptorRef) __attribute__((framework(System, B), slice(key, keyLength), slice(iv))); -+CCCryptorStatus CCCryptorRelease(CCCryptorRef cryptorRef) __attribute__((framework(System, B))); -+CCCryptorStatus CCCryptorUpdate(CCCryptorRef cryptorRef, const void *dataIn, size_t dataInLength, void *dataOut, size_t dataOutAvailable, size_t *dataOutMoved) __attribute__((noescape, nocallback, framework(System, B), slice(dataIn, dataInLength), slice(dataOut, dataOutAvailable))); -+CCCryptorStatus CCKeyDerivationPBKDF(CCPBKDFAlgorithm algorithm, const char *password, size_t passwordLen, const uint8_t *salt, size_t saltLen, CCPseudoRandomAlgorithm prf, unsigned rounds, uint8_t *derivedKey, size_t derivedKeyLen) __attribute__((framework(System, B), slice(password, passwordLen), slice(salt, saltLen), slice(derivedKey, derivedKeyLen))); -+CCCryptorStatus CCCrypt(CCOperation op, CCAlgorithm alg, CCOptions options, const void *key, size_t keyLength, const void *iv, const void *dataIn, size_t dataInLength, void *dataOut, size_t dataOutAvailable, size_t *dataOutMoved) __attribute__((noescape, nocallback, framework(System, B), slice(key, keyLength), slice(iv), slice(dataIn, dataInLength), slice(dataOut, dataOutAvailable))); -+CCCryptorStatus CCCryptorCreateWithMode(CCOperation op, CCMode mode, CCAlgorithm alg, CCPadding padding, const void *iv, const void *key, size_t keyLength, const void *tweak, size_t tweakLength, int numRounds, CCModeOptions options, CCCryptorRef *cryptorRef) __attribute__((framework(System, B), slice(iv), slice(key, keyLength), slice(tweak, tweakLength))); -+CCCryptorStatus CCCryptorReset(CCCryptorRef cryptorRef, const void *iv) __attribute__((framework(System, B), slice(iv))); -+ -+#endif // _GO_COMMONCRYPTO_SHIMS_H -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/syscall_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/syscall_nocgo.go -new file mode 100644 -index 00000000000000..fd322bcd1b885c ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/syscall_nocgo.go -@@ -0,0 +1,15 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build !cgo -+ -+package commoncrypto -+ -+import ( -+ "github.com/microsoft/go-crypto-darwin/internal/xsyscall" -+) -+ -+//go:nosplit -+func syscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { -+ return xsyscall.SyscallN(errType, fn, args...) -+} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.c b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.c -new file mode 100644 -index 00000000000000..24f6e3d3f50dc1 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.c -@@ -0,0 +1,47 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+#include -+#include -+#include -+#include -+#include "zcommoncrypto.h" -+ -+CCCryptorStatus CCCrypt(CCOperation, CCAlgorithm, CCOptions, const unsigned char*, size_t, const unsigned char*, const unsigned char*, size_t, unsigned char*, size_t, size_t*); -+CCCryptorStatus CCCryptorCreate(CCOperation, CCAlgorithm, CCOptions, const unsigned char*, size_t, const unsigned char*, CCCryptorRef*); -+CCCryptorStatus CCCryptorCreateWithMode(CCOperation, CCMode, CCAlgorithm, CCPadding, const unsigned char*, const unsigned char*, size_t, const unsigned char*, size_t, int, CCModeOptions, CCCryptorRef*); -+CCCryptorStatus CCCryptorRelease(CCCryptorRef); -+CCCryptorStatus CCCryptorReset(CCCryptorRef, const unsigned char*); -+CCCryptorStatus CCCryptorUpdate(CCCryptorRef, const unsigned char*, size_t, unsigned char*, size_t, size_t*); -+CCCryptorStatus CCKeyDerivationPBKDF(CCPBKDFAlgorithm, const char*, size_t, const uint8_t*, size_t, CCPseudoRandomAlgorithm, unsigned, uint8_t*, size_t); -+ -+CCCryptorStatus _mkcgo_CCCrypt(CCOperation _arg0, CCAlgorithm _arg1, CCOptions _arg2, const unsigned char* _arg3, size_t _arg4, const unsigned char* _arg5, const unsigned char* _arg6, size_t _arg7, unsigned char* _arg8, size_t _arg9, size_t* _arg10) { -+ return CCCrypt(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10); -+} -+ -+CCCryptorStatus _mkcgo_CCCryptorCreate(CCOperation _arg0, CCAlgorithm _arg1, CCOptions _arg2, const unsigned char* _arg3, size_t _arg4, const unsigned char* _arg5, CCCryptorRef* _arg6) { -+ return CCCryptorCreate(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); -+} -+ -+CCCryptorStatus _mkcgo_CCCryptorCreateWithMode(CCOperation _arg0, CCMode _arg1, CCAlgorithm _arg2, CCPadding _arg3, const unsigned char* _arg4, const unsigned char* _arg5, size_t _arg6, const unsigned char* _arg7, size_t _arg8, int _arg9, CCModeOptions _arg10, CCCryptorRef* _arg11) { -+ return CCCryptorCreateWithMode(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10, _arg11); -+} -+ -+CCCryptorStatus _mkcgo_CCCryptorRelease(CCCryptorRef _arg0) { -+ return CCCryptorRelease(_arg0); -+} -+ -+CCCryptorStatus _mkcgo_CCCryptorReset(CCCryptorRef _arg0, const unsigned char* _arg1) { -+ return CCCryptorReset(_arg0, _arg1); -+} -+ -+CCCryptorStatus _mkcgo_CCCryptorUpdate(CCCryptorRef _arg0, const unsigned char* _arg1, size_t _arg2, unsigned char* _arg3, size_t _arg4, size_t* _arg5) { -+ return CCCryptorUpdate(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); -+} -+ -+CCCryptorStatus _mkcgo_CCKeyDerivationPBKDF(CCPBKDFAlgorithm _arg0, const char* _arg1, size_t _arg2, const uint8_t* _arg3, size_t _arg4, CCPseudoRandomAlgorithm _arg5, unsigned _arg6, uint8_t* _arg7, size_t _arg8) { -+ return CCKeyDerivationPBKDF(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8); -+} -+ -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.go -new file mode 100644 -index 00000000000000..0a25e0621df627 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.go -@@ -0,0 +1,50 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+package commoncrypto -+ -+const ( -+ KCCEncrypt CCOperation = 0 -+ KCCDecrypt CCOperation = 1 -+) -+ -+const ( -+ KCCModeCBC CCMode = 2 -+) -+ -+const ( -+ KCCOptionECBMode CCOptions = 2 -+) -+ -+const ( -+ KCCSuccess CCCryptorStatus = 0 -+) -+ -+const ( -+ KCCPBKDF2 CCPBKDFAlgorithm = 2 -+) -+ -+const ( -+ KCCPRFHmacAlgSHA1 CCPseudoRandomAlgorithm = 1 -+ KCCPRFHmacAlgSHA256 CCPseudoRandomAlgorithm = 3 -+ KCCPRFHmacAlgSHA384 CCPseudoRandomAlgorithm = 4 -+ KCCPRFHmacAlgSHA512 CCPseudoRandomAlgorithm = 5 -+) -+ -+const ( -+ KCCBlockSizeAES128 = 16 -+ KCCBlockSizeDES = 8 -+) -+ -+const ( -+ CcNoPadding CCPadding = 0 -+) -+ -+const ( -+ KCCAlgorithmAES CCAlgorithm = 0 -+ KCCAlgorithmDES CCAlgorithm = 1 -+ KCCAlgorithm3DES CCAlgorithm = 2 -+ KCCAlgorithmRC4 CCAlgorithm = 4 -+) -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.h -new file mode 100644 -index 00000000000000..016e73758ac4e0 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.h -@@ -0,0 +1,69 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+#ifndef MKCGO_H // only include this header once -+#define MKCGO_H -+ -+#include -+#include -+ -+typedef void* CCCryptorRef; -+typedef uint32_t CCModeOptions; -+ -+typedef enum { -+ kCCEncrypt = 0, -+ kCCDecrypt = 1, -+} CCOperation; -+ -+typedef enum { -+ kCCModeCBC = 2, -+} CCMode; -+ -+typedef enum { -+ KCCOptionECBMode = 2, -+} CCOptions; -+ -+typedef enum { -+ kCCSuccess = 0, -+} CCCryptorStatus; -+ -+typedef enum { -+ kCCPBKDF2 = 2, -+} CCPBKDFAlgorithm; -+ -+typedef enum { -+ kCCPRFHmacAlgSHA1 = 1, -+ kCCPRFHmacAlgSHA256 = 3, -+ kCCPRFHmacAlgSHA384 = 4, -+ kCCPRFHmacAlgSHA512 = 5, -+} CCPseudoRandomAlgorithm; -+ -+enum { -+ kCCBlockSizeAES128 = 16, -+ kCCBlockSizeDES = 8, -+}; -+ -+typedef enum { -+ ccNoPadding = 0, -+} CCPadding; -+ -+typedef enum { -+ kCCAlgorithmAES = 0, -+ kCCAlgorithmDES = 1, -+ kCCAlgorithm3DES = 2, -+ kCCAlgorithmRC4 = 4, -+} CCAlgorithm; -+ -+uintptr_t mkcgo_err_retrieve(); -+ -+CCCryptorStatus _mkcgo_CCCrypt(CCOperation, CCAlgorithm, CCOptions, const unsigned char*, size_t, const unsigned char*, const unsigned char*, size_t, unsigned char*, size_t, size_t*); -+CCCryptorStatus _mkcgo_CCCryptorCreate(CCOperation, CCAlgorithm, CCOptions, const unsigned char*, size_t, const unsigned char*, CCCryptorRef*); -+CCCryptorStatus _mkcgo_CCCryptorCreateWithMode(CCOperation, CCMode, CCAlgorithm, CCPadding, const unsigned char*, const unsigned char*, size_t, const unsigned char*, size_t, int, CCModeOptions, CCCryptorRef*); -+CCCryptorStatus _mkcgo_CCCryptorRelease(CCCryptorRef); -+CCCryptorStatus _mkcgo_CCCryptorReset(CCCryptorRef, const unsigned char*); -+CCCryptorStatus _mkcgo_CCCryptorUpdate(CCCryptorRef, const unsigned char*, size_t, unsigned char*, size_t, size_t*); -+CCCryptorStatus _mkcgo_CCKeyDerivationPBKDF(CCPBKDFAlgorithm, const char*, size_t, const uint8_t*, size_t, CCPseudoRandomAlgorithm, unsigned, uint8_t*, size_t); -+ -+#endif // MKCGO_H -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.s -new file mode 100644 -index 00000000000000..a722bc56d9dab4 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto.s -@@ -0,0 +1,76 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+//go:build !cgo -+ -+#include "textflag.h" -+ -+#ifndef GOARCH_amd64 -+#ifndef GOARCH_arm64 -+#ifndef GOARCH_riscv64 -+#ifndef GOARCH_loong64 -+#ifndef GOARCH_mips64 -+#ifndef GOARCH_mips64le -+#ifndef GOARCH_ppc64 -+#ifndef GOARCH_ppc64le -+#ifndef GOARCH_s390x -+#ifndef GOARCH_sparc64 -+#define _GOPTRSIZE 4 -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+ -+#ifndef _GOPTRSIZE -+#define _GOPTRSIZE 8 -+#endif -+TEXT _mkcgo_CCCrypt_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CCCrypt(SB) -+ -+GLOBL ·_mkcgo_CCCrypt_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CCCrypt_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CCCrypt_trampoline<>(SB) -+ -+TEXT _mkcgo_CCCryptorCreate_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CCCryptorCreate(SB) -+ -+GLOBL ·_mkcgo_CCCryptorCreate_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CCCryptorCreate_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CCCryptorCreate_trampoline<>(SB) -+ -+TEXT _mkcgo_CCCryptorCreateWithMode_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CCCryptorCreateWithMode(SB) -+ -+GLOBL ·_mkcgo_CCCryptorCreateWithMode_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CCCryptorCreateWithMode_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CCCryptorCreateWithMode_trampoline<>(SB) -+ -+TEXT _mkcgo_CCCryptorRelease_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CCCryptorRelease(SB) -+ -+GLOBL ·_mkcgo_CCCryptorRelease_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CCCryptorRelease_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CCCryptorRelease_trampoline<>(SB) -+ -+TEXT _mkcgo_CCCryptorReset_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CCCryptorReset(SB) -+ -+GLOBL ·_mkcgo_CCCryptorReset_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CCCryptorReset_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CCCryptorReset_trampoline<>(SB) -+ -+TEXT _mkcgo_CCCryptorUpdate_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CCCryptorUpdate(SB) -+ -+GLOBL ·_mkcgo_CCCryptorUpdate_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CCCryptorUpdate_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CCCryptorUpdate_trampoline<>(SB) -+ -+TEXT _mkcgo_CCKeyDerivationPBKDF_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CCKeyDerivationPBKDF(SB) -+ -+GLOBL ·_mkcgo_CCKeyDerivationPBKDF_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CCKeyDerivationPBKDF_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CCKeyDerivationPBKDF_trampoline<>(SB) -+ -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto_cgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto_cgo.go -new file mode 100644 -index 00000000000000..a774ad9a32ae86 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto_cgo.go -@@ -0,0 +1,64 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+package commoncrypto -+ -+/* -+#cgo CFLAGS: -Wno-attributes -+#cgo darwin LDFLAGS: -framework System -+ -+#include "zcommoncrypto.h" -+#cgo noescape _mkcgo_CCCrypt -+#cgo nocallback _mkcgo_CCCrypt -+#cgo noescape _mkcgo_CCCryptorUpdate -+#cgo nocallback _mkcgo_CCCryptorUpdate -+*/ -+import "C" -+import "unsafe" -+ -+type CCAlgorithm = C.CCAlgorithm -+type CCCryptorRef = C.CCCryptorRef -+type CCCryptorStatus = C.CCCryptorStatus -+type CCMode = C.CCMode -+type CCModeOptions = C.CCModeOptions -+type CCOperation = C.CCOperation -+type CCOptions = C.CCOptions -+type CCPBKDFAlgorithm = C.CCPBKDFAlgorithm -+type CCPadding = C.CCPadding -+type CCPseudoRandomAlgorithm = C.CCPseudoRandomAlgorithm -+ -+//go:nosplit -+func mkcgoNoEscape(p *C.uintptr_t) *C.uintptr_t { -+ x := uintptr(unsafe.Pointer(p)) -+ return (*C.uintptr_t)(unsafe.Pointer(x ^ 0)) -+} -+ -+func CCCrypt(op CCOperation, alg CCAlgorithm, options CCOptions, key []byte, iv []byte, dataIn []byte, dataOut []byte, dataOutMoved *int) CCCryptorStatus { -+ return C._mkcgo_CCCrypt(op, alg, options, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(iv))), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(dataIn))), C.size_t(len(dataIn)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(dataOut))), C.size_t(len(dataOut)), (*C.size_t)(unsafe.Pointer(dataOutMoved))) -+} -+ -+func CCCryptorCreate(op CCOperation, alg CCAlgorithm, options CCOptions, key []byte, iv []byte, cryptorRef *CCCryptorRef) CCCryptorStatus { -+ return C._mkcgo_CCCryptorCreate(op, alg, options, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(iv))), cryptorRef) -+} -+ -+func CCCryptorCreateWithMode(op CCOperation, mode CCMode, alg CCAlgorithm, padding CCPadding, iv []byte, key []byte, tweak []byte, numRounds int32, options CCModeOptions, cryptorRef *CCCryptorRef) CCCryptorStatus { -+ return C._mkcgo_CCCryptorCreateWithMode(op, mode, alg, padding, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(iv))), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(tweak))), C.size_t(len(tweak)), C.int(numRounds), options, cryptorRef) -+} -+ -+func CCCryptorRelease(cryptorRef CCCryptorRef) CCCryptorStatus { -+ return C._mkcgo_CCCryptorRelease(cryptorRef) -+} -+ -+func CCCryptorReset(cryptorRef CCCryptorRef, iv []byte) CCCryptorStatus { -+ return C._mkcgo_CCCryptorReset(cryptorRef, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(iv)))) -+} -+ -+func CCCryptorUpdate(cryptorRef CCCryptorRef, dataIn []byte, dataOut []byte, dataOutMoved *int) CCCryptorStatus { -+ return C._mkcgo_CCCryptorUpdate(cryptorRef, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(dataIn))), C.size_t(len(dataIn)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(dataOut))), C.size_t(len(dataOut)), (*C.size_t)(unsafe.Pointer(dataOutMoved))) -+} -+ -+func CCKeyDerivationPBKDF(algorithm CCPBKDFAlgorithm, password []byte, salt []uint8, prf CCPseudoRandomAlgorithm, rounds uint32, derivedKey []uint8) CCCryptorStatus { -+ return C._mkcgo_CCKeyDerivationPBKDF(algorithm, (*C.char)(unsafe.Pointer(unsafe.SliceData(password))), C.size_t(len(password)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(salt))), C.size_t(len(salt)), prf, C.uint(rounds), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(derivedKey))), C.size_t(len(derivedKey))) -+} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto_nocgo.go -new file mode 100644 -index 00000000000000..b17312278da948 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto/zcommoncrypto_nocgo.go -@@ -0,0 +1,102 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+//go:build !cgo -+ -+package commoncrypto -+ -+import ( -+ "runtime" -+ "unsafe" -+) -+ -+var _ = runtime.GOOS -+ -+var _mkcgoAlwaysFalseCommoncrypto bool -+var _mkcgoEscapeSinkCommoncrypto unsafe.Pointer -+ -+// mkcgoEscapePtrCommoncrypto forces p to escape to the heap. -+// This implementation is also used in the standard library: -+// https://github.com/golang/go/blob/f71432d223eeb2139b460957817400750fd13655/src/internal/abi/escape.go#L24-L33 -+func mkcgoEscapePtrCommoncrypto(p unsafe.Pointer) unsafe.Pointer { -+ if _mkcgoAlwaysFalseCommoncrypto { -+ _mkcgoEscapeSinkCommoncrypto = p -+ } -+ return p -+} -+ -+type CCCryptorRef unsafe.Pointer -+type CCModeOptions = uint32 -+ -+type CCOperation int32 -+type CCMode int32 -+type CCOptions int32 -+type CCCryptorStatus int32 -+type CCPBKDFAlgorithm int32 -+type CCPseudoRandomAlgorithm int32 -+type CCPadding int32 -+type CCAlgorithm int32 -+ -+//go:cgo_import_dynamic _mkcgo_CCCrypt CCCrypt "/System/Library/Frameworks/System.framework/Versions/B/System" -+//go:cgo_import_dynamic _mkcgo_CCCryptorCreate CCCryptorCreate "/System/Library/Frameworks/System.framework/Versions/B/System" -+//go:cgo_import_dynamic _mkcgo_CCCryptorCreateWithMode CCCryptorCreateWithMode "/System/Library/Frameworks/System.framework/Versions/B/System" -+//go:cgo_import_dynamic _mkcgo_CCCryptorRelease CCCryptorRelease "/System/Library/Frameworks/System.framework/Versions/B/System" -+//go:cgo_import_dynamic _mkcgo_CCCryptorReset CCCryptorReset "/System/Library/Frameworks/System.framework/Versions/B/System" -+//go:cgo_import_dynamic _mkcgo_CCCryptorUpdate CCCryptorUpdate "/System/Library/Frameworks/System.framework/Versions/B/System" -+//go:cgo_import_dynamic _mkcgo_CCKeyDerivationPBKDF CCKeyDerivationPBKDF "/System/Library/Frameworks/System.framework/Versions/B/System" -+ -+var _mkcgo_CCCrypt_trampoline_addr uintptr -+ -+func CCCrypt(op CCOperation, alg CCAlgorithm, options CCOptions, key []byte, iv []byte, dataIn []byte, dataOut []byte, dataOutMoved *int) CCCryptorStatus { -+ r0, _ := syscallN(0, _mkcgo_CCCrypt_trampoline_addr, uintptr(op), uintptr(alg), uintptr(options), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key)), uintptr(unsafe.Pointer(unsafe.SliceData(iv))), uintptr(unsafe.Pointer(unsafe.SliceData(dataIn))), uintptr(len(dataIn)), uintptr(unsafe.Pointer(unsafe.SliceData(dataOut))), uintptr(len(dataOut)), uintptr(unsafe.Pointer(dataOutMoved))) -+ return CCCryptorStatus(r0) -+} -+ -+var _mkcgo_CCCryptorCreate_trampoline_addr uintptr -+ -+func CCCryptorCreate(op CCOperation, alg CCAlgorithm, options CCOptions, key []byte, iv []byte, cryptorRef *CCCryptorRef) CCCryptorStatus { -+ r0, _ := syscallN(0, _mkcgo_CCCryptorCreate_trampoline_addr, uintptr(op), uintptr(alg), uintptr(options), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(key)))), uintptr(len(key)), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(iv)))), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(cryptorRef)))) -+ return CCCryptorStatus(r0) -+} -+ -+var _mkcgo_CCCryptorCreateWithMode_trampoline_addr uintptr -+ -+func CCCryptorCreateWithMode(op CCOperation, mode CCMode, alg CCAlgorithm, padding CCPadding, iv []byte, key []byte, tweak []byte, numRounds int32, options CCModeOptions, cryptorRef *CCCryptorRef) CCCryptorStatus { -+ var r0 uintptr -+ if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" { -+ r0, _ = syscallN(0, _mkcgo_CCCryptorCreateWithMode_trampoline_addr, uintptr(op), uintptr(mode), uintptr(alg), uintptr(padding), uintptr(unsafe.Pointer(unsafe.SliceData(iv))), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key)), uintptr(unsafe.Pointer(unsafe.SliceData(tweak))), uintptr(len(tweak)), uintptr(numRounds)<<32|uintptr(options), uintptr(unsafe.Pointer(cryptorRef))) -+ } else { -+ r0, _ = syscallN(0, _mkcgo_CCCryptorCreateWithMode_trampoline_addr, uintptr(op), uintptr(mode), uintptr(alg), uintptr(padding), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(iv)))), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(key)))), uintptr(len(key)), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(tweak)))), uintptr(len(tweak)), uintptr(numRounds), uintptr(options), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(cryptorRef)))) -+ } -+ return CCCryptorStatus(r0) -+} -+ -+var _mkcgo_CCCryptorRelease_trampoline_addr uintptr -+ -+func CCCryptorRelease(cryptorRef CCCryptorRef) CCCryptorStatus { -+ r0, _ := syscallN(0, _mkcgo_CCCryptorRelease_trampoline_addr, uintptr(cryptorRef)) -+ return CCCryptorStatus(r0) -+} -+ -+var _mkcgo_CCCryptorReset_trampoline_addr uintptr -+ -+func CCCryptorReset(cryptorRef CCCryptorRef, iv []byte) CCCryptorStatus { -+ r0, _ := syscallN(0, _mkcgo_CCCryptorReset_trampoline_addr, uintptr(cryptorRef), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(iv))))) -+ return CCCryptorStatus(r0) -+} -+ -+var _mkcgo_CCCryptorUpdate_trampoline_addr uintptr -+ -+func CCCryptorUpdate(cryptorRef CCCryptorRef, dataIn []byte, dataOut []byte, dataOutMoved *int) CCCryptorStatus { -+ r0, _ := syscallN(0, _mkcgo_CCCryptorUpdate_trampoline_addr, uintptr(cryptorRef), uintptr(unsafe.Pointer(unsafe.SliceData(dataIn))), uintptr(len(dataIn)), uintptr(unsafe.Pointer(unsafe.SliceData(dataOut))), uintptr(len(dataOut)), uintptr(unsafe.Pointer(dataOutMoved))) -+ return CCCryptorStatus(r0) -+} -+ -+var _mkcgo_CCKeyDerivationPBKDF_trampoline_addr uintptr -+ -+func CCKeyDerivationPBKDF(algorithm CCPBKDFAlgorithm, password []byte, salt []uint8, prf CCPseudoRandomAlgorithm, rounds uint32, derivedKey []uint8) CCCryptorStatus { -+ r0, _ := syscallN(0, _mkcgo_CCKeyDerivationPBKDF_trampoline_addr, uintptr(algorithm), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(password)))), uintptr(len(password)), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(salt)))), uintptr(len(salt)), uintptr(prf), uintptr(rounds), uintptr(mkcgoEscapePtrCommoncrypto(unsafe.Pointer(unsafe.SliceData(derivedKey)))), uintptr(len(derivedKey))) -+ return CCCryptorStatus(r0) -+} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit_amd64.syso b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit_amd64.syso +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit_amd64.syso b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit_amd64.syso new file mode 100644 index 0000000000000000000000000000000000000000..7d9406cdef877632dc046249d921ec782fe48d6b GIT binary patch @@ -25937,8593 +5110,29276 @@ HcmV?d00001 diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.go new file mode 100644 -index 00000000000000..b43df0b67d646b +index 00000000000000..b43df0b67d646b +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.go +@@ -0,0 +1,8 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++package cryptokit ++ ++//go:generate go run ../../cmd/mkcgo -out zcryptokit.go -package cryptokit --noerrors shims.h ++//go:generate go run ../../cmd/mkcgo -out zcryptokit.go -nocgo -package cryptokit --noerrors shims.h ++//go:generate go run ../../cmd/genswiftimports +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit_cgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit_cgo.go +new file mode 100644 +index 00000000000000..e134697ed96de7 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit_cgo.go +@@ -0,0 +1,10 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build cgo && darwin ++ ++package cryptokit ++ ++// #cgo CFLAGS: -Wno-deprecated-declarations ++// #cgo LDFLAGS: -framework Security -framework CoreFoundation -Wl,-undefined,dynamic_lookup ++import "C" +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/shims.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/shims.h +new file mode 100644 +index 00000000000000..dc98c702b3d50f +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/shims.h +@@ -0,0 +1,127 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// This header declares the C API for the CryptoKit Swift bindings. ++// ++// It serves two purposes: ++// 1. The mkcgo tool parses it to generate cgo and Go bindings. ++// Run "go generate ." to regenerate them. ++// 2. Swift's @implementation @c validates that Swift function signatures ++// match these declarations at compile time (via cryptokit.h wrapper). ++// ++// Type conventions: ++// - Return types and length parameters use `long` (not int64_t) because ++// Swift imports `long` as `Int` and `int64_t` as `Int64`. The Swift ++// implementations use `Int`, so the header must use `long` to match. ++// On macOS (LP64), both are 64-bit. ++// - Buffer size parameters use `size_t` where the mkcgo `slice()` attribute ++// pairs them with a pointer for Go slice generation. ++// - Pointer nullability is declared via `#pragma clang assume_nonnull` ++// (guarded by __clang__) so Swift sees non-optional pointer types. ++// mkcgo parses this file as text and ignores the pragma. ++// - Custom __attribute__ annotations (noescape, nocallback, static, slice) ++// are mkcgo extensions. The cryptokit.h wrapper strips them for clang. ++// ++// Do not include this file directly; import "zcryptokit.h" instead. ++ ++// mkcgo:static_imports ++ ++#ifndef _GO_CRYPTOKIT_SHIMS_H // only include this header once ++#define _GO_CRYPTOKIT_SHIMS_H ++ ++#include ++#include ++ ++// When compiled by clang (e.g. via Swift bridging header), assume all ++// pointers are nonnull. mkcgo parses this file as text, not via clang, ++// so the #ifdef ensures mkcgo never sees these pragmas. ++#ifdef __clang__ ++#pragma clang assume_nonnull begin ++#endif ++ ++// AES GCM encryption and decryption ++long go_encryptAESGCM(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, uint8_t *cipherText, size_t cipherTextLength, uint8_t *tag) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(cipherText, cipherTextLength), slice(tag))); ++long go_decryptAESGCM(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, const uint8_t *tag, size_t tagLength, uint8_t *out, size_t *outLength) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(tag, tagLength), slice(out))); ++ ++// ChaChaPoly encryption and decryption ++long go_encryptChaChaPoly(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, uint8_t *cipherText, size_t cipherTextLength, uint8_t *tag) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(cipherText, cipherTextLength), slice(tag))); ++long go_decryptChaChaPoly(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, const uint8_t *tag, size_t tagLength, uint8_t *out, size_t *outLength) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(tag, tagLength), slice(out))); ++ ++// Generates an Ed25519 keypair. ++// The private key is 64 bytes (first 32 bytes are the seed, next 32 bytes are the public key). The public key is 32 bytes. ++void go_generateKeyEd25519(uint8_t *key) __attribute__((noescape, nocallback, static, slice(key))); ++long go_newPrivateKeyEd25519FromSeed(uint8_t *key, const uint8_t *seed) __attribute__((noescape, nocallback, static, slice(key), slice(seed))); ++long go_newPublicKeyEd25519(uint8_t *key, const uint8_t *pub) __attribute__((noescape, nocallback, static, slice(key), slice(pub))); ++long go_signEd25519(const uint8_t *privateKey, const uint8_t *message, size_t messageLength, uint8_t *sigBuffer) __attribute__((noescape, nocallback, static, slice(privateKey), slice(message, messageLength), slice(sigBuffer))); ++long go_verifyEd25519(const uint8_t *publicKey, const uint8_t *message, size_t messageLength, const uint8_t *sig) __attribute__((noescape, nocallback, static, slice(publicKey), slice(message, messageLength), slice(sig))); ++ ++// HKDF key derivation ++long go_extractHKDF(int32_t hashFunction, const uint8_t *secret, size_t secretLength, const uint8_t *salt, size_t saltLength, uint8_t *prk, size_t prkLength) __attribute__((noescape, nocallback, static, slice(secret, secretLength), slice(salt, saltLength), slice(prk, prkLength))); ++long go_expandHKDF(int32_t hashFunction, const uint8_t *prk, size_t prkLength, const uint8_t *info, size_t infoLength, uint8_t *okm, size_t okmLength) __attribute__((noescape, nocallback, static, slice(prk, prkLength), slice(info, infoLength), slice(okm, okmLength))); ++ ++void *go_initHMAC(int32_t hashFunction, const uint8_t *key, long keyLength) __attribute__((noescape, nocallback, static, slice(key, keyLength))); ++void go_freeHMAC(int32_t hashFunction, void *ptr) __attribute__((noescape, nocallback, static)); ++void go_updateHMAC(int32_t hashFunction, void *ptr, const uint8_t *data, long length) __attribute__((noescape, nocallback, static, slice(data, length))); ++void go_finalizeHMAC(int32_t hashFunction, void *ptr, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(outputPointer))); ++void *go_copyHMAC(int32_t hashAlgorithm, void *ptr) __attribute__((noescape, nocallback, static)); ++ ++void go_MD5(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++void go_SHA1(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++void go_SHA256(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++void go_SHA384(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++void go_SHA512(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++long go_supportsSHA3() __attribute__((noescape, nocallback, static)); ++void go_SHA3_256(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++void go_SHA3_384(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++void go_SHA3_512(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++ ++void *go_hashNew(int32_t hashAlgorithm) __attribute__((noescape, nocallback, static)); ++void go_hashWrite(int32_t hashAlgorithm, void *ptr, const uint8_t *data, long length) __attribute__((noescape, nocallback, static, slice(data, length))); ++void go_hashSum(int32_t hashAlgorithm, void *ptr, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(outputPointer))); ++void go_hashReset(int32_t hashAlgorithm, void *ptr) __attribute__((noescape, nocallback, static)); ++long go_hashSize(int32_t hashAlgorithm) __attribute__((noescape, nocallback, static)); ++long go_hashBlockSize(int32_t hashAlgorithm) __attribute__((noescape, nocallback, static)); ++void *go_hashCopy(int32_t hashAlgorithm, void *ptr) __attribute__((noescape, nocallback, static)); ++void go_hashFree(int32_t hashAlgorithm, void *ptr) __attribute__((noescape, nocallback, static)); ++ ++// ML-KEM (Post-quantum key encapsulation mechanism) ++long go_supportsMLKEM() __attribute__((noescape, nocallback, static)); ++long go_generateKeyMLKEM768(uint8_t *seed, long seedLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen))); ++long go_generateKeyMLKEM1024(uint8_t *seed, long seedLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen))); ++long go_deriveEncapsulationKeyMLKEM768(const uint8_t *seed, long seedLen, uint8_t *encapKey, long encapKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(encapKey, encapKeyLen))); ++long go_deriveEncapsulationKeyMLKEM1024(const uint8_t *seed, long seedLen, uint8_t *encapKey, long encapKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(encapKey, encapKeyLen))); ++long go_encapsulateMLKEM768(const uint8_t *encapKey, long encapKeyLen, uint8_t *sharedKey, long sharedKeyLen, uint8_t *ciphertext, long ciphertextLen) __attribute__((noescape, nocallback, static, slice(encapKey, encapKeyLen), slice(sharedKey, sharedKeyLen), slice(ciphertext, ciphertextLen))); ++long go_encapsulateMLKEM1024(const uint8_t *encapKey, long encapKeyLen, uint8_t *sharedKey, long sharedKeyLen, uint8_t *ciphertext, long ciphertextLen) __attribute__((noescape, nocallback, static, slice(encapKey, encapKeyLen), slice(sharedKey, sharedKeyLen), slice(ciphertext, ciphertextLen))); ++long go_decapsulateMLKEM768(const uint8_t *seed, long seedLen, const uint8_t *ciphertext, long ciphertextLen, uint8_t *sharedKey, long sharedKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(ciphertext, ciphertextLen), slice(sharedKey, sharedKeyLen))); ++long go_decapsulateMLKEM1024(const uint8_t *seed, long seedLen, const uint8_t *ciphertext, long ciphertextLen, uint8_t *sharedKey, long sharedKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(ciphertext, ciphertextLen), slice(sharedKey, sharedKeyLen))); ++ ++// ML-DSA (Post-quantum digital signature algorithm) ++long go_supportsMLDSA() __attribute__((noescape, nocallback, static)); ++long go_generateKeyMLDSA65(uint8_t *seed, long seedLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen))); ++long go_generateKeyMLDSA87(uint8_t *seed, long seedLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen))); ++long go_derivePublicKeyMLDSA65(const uint8_t *seed, long seedLen, uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(publicKey, publicKeyLen))); ++long go_derivePublicKeyMLDSA87(const uint8_t *seed, long seedLen, uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(publicKey, publicKeyLen))); ++long go_signMLDSA65(const uint8_t *seed, long seedLen, const uint8_t *message, long messageLen, const uint8_t *context, long contextLen, uint8_t *signature, long *signatureLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(message, messageLen), slice(context, contextLen), slice(signature))); ++long go_signMLDSA87(const uint8_t *seed, long seedLen, const uint8_t *message, long messageLen, const uint8_t *context, long contextLen, uint8_t *signature, long *signatureLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(message, messageLen), slice(context, contextLen), slice(signature))); ++long go_verifyMLDSA65(const uint8_t *publicKey, long publicKeyLen, const uint8_t *message, long messageLen, const uint8_t *context, long contextLen, const uint8_t *signature, long signatureLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen), slice(message, messageLen), slice(context, contextLen), slice(signature, signatureLen))); ++long go_verifyMLDSA87(const uint8_t *publicKey, long publicKeyLen, const uint8_t *message, long messageLen, const uint8_t *context, long contextLen, const uint8_t *signature, long signatureLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen), slice(message, messageLen), slice(context, contextLen), slice(signature, signatureLen))); ++long go_validatePublicKeyMLDSA65(const uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen))); ++long go_validatePublicKeyMLDSA87(const uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen))); ++ ++// ECDH ++long go_generateKeyECDH(int32_t curveID, uint8_t *privateKey, long privateKeyLen, uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen), slice(publicKey, publicKeyLen))); ++long go_publicKeyFromPrivateECDH(int32_t curveID, const uint8_t *privateKey, long privateKeyLen, uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen), slice(publicKey, publicKeyLen))); ++long go_ecdhSharedSecret(int32_t curveID, const uint8_t *privateKey, long privateKeyLen, const uint8_t *publicKey, long publicKeyLen, uint8_t *sharedSecret, long sharedSecretLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen), slice(publicKey, publicKeyLen), slice(sharedSecret, sharedSecretLen))); ++long go_validatePrivateKeyECDH(int32_t curveID, const uint8_t *privateKey, long privateKeyLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen))); ++long go_validatePublicKeyECDH(int32_t curveID, const uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen))); ++ ++// ECDSA ++long go_generateKeyECDSA(int32_t curveID, uint8_t *x, long xLen, uint8_t *y, long yLen, uint8_t *d, long dLen) __attribute__((noescape, nocallback, static, slice(x, xLen), slice(y, yLen), slice(d, dLen))); ++long go_ecdsaSign(int32_t curveID, const uint8_t *d, long dLen, const uint8_t *message, long messageLen, uint8_t *signature, long *signatureLen) __attribute__((noescape, nocallback, static, slice(d, dLen), slice(message, messageLen), slice(signature))); ++long go_ecdsaVerify(int32_t curveID, const uint8_t *x, long xLen, const uint8_t *y, long yLen, const uint8_t *message, long messageLen, const uint8_t *signature, long signatureLen) __attribute__((noescape, nocallback, static, slice(x, xLen), slice(y, yLen), slice(message, messageLen), slice(signature, signatureLen))); ++ ++#ifdef __clang__ ++#pragma clang assume_nonnull end ++#endif ++ ++#endif // _GO_CRYPTOKIT_SHIMS_H +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/syscall_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/syscall_nocgo.go +new file mode 100644 +index 00000000000000..c83bb8660303f6 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/syscall_nocgo.go +@@ -0,0 +1,15 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build !cgo ++ ++package cryptokit ++ ++import ( ++ "github.com/microsoft/go-crypto-darwin/internal/xsyscall" ++) ++ ++//go:nosplit ++func syscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { ++ return xsyscall.SyscallN(errType, fn, args...) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/xcodebuild_version.txt b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/xcodebuild_version.txt +new file mode 100644 +index 00000000000000..e96680e304c47d +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/xcodebuild_version.txt +@@ -0,0 +1,2 @@ ++Xcode 26.4.1 ++Build version 17E202 +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.c b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.c +new file mode 100644 +index 00000000000000..d0d2a5bbd3475d +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.c +@@ -0,0 +1,317 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++#include ++#include ++#include ++#include ++#include "zcryptokit.h" ++ ++void go_MD5(const uint8_t*, size_t, uint8_t*); ++void go_SHA1(const uint8_t*, size_t, uint8_t*); ++void go_SHA256(const uint8_t*, size_t, uint8_t*); ++void go_SHA384(const uint8_t*, size_t, uint8_t*); ++void go_SHA3_256(const uint8_t*, size_t, uint8_t*); ++void go_SHA3_384(const uint8_t*, size_t, uint8_t*); ++void go_SHA3_512(const uint8_t*, size_t, uint8_t*); ++void go_SHA512(const uint8_t*, size_t, uint8_t*); ++void* go_copyHMAC(int32_t, void*); ++long go_decapsulateMLKEM1024(const uint8_t*, long, const uint8_t*, long, uint8_t*, long); ++long go_decapsulateMLKEM768(const uint8_t*, long, const uint8_t*, long, uint8_t*, long); ++long go_decryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); ++long go_decryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); ++long go_deriveEncapsulationKeyMLKEM1024(const uint8_t*, long, uint8_t*, long); ++long go_deriveEncapsulationKeyMLKEM768(const uint8_t*, long, uint8_t*, long); ++long go_derivePublicKeyMLDSA65(const uint8_t*, long, uint8_t*, long); ++long go_derivePublicKeyMLDSA87(const uint8_t*, long, uint8_t*, long); ++long go_ecdhSharedSecret(int32_t, const uint8_t*, long, const uint8_t*, long, uint8_t*, long); ++long go_ecdsaSign(int32_t, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); ++long go_ecdsaVerify(int32_t, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); ++long go_encapsulateMLKEM1024(const uint8_t*, long, uint8_t*, long, uint8_t*, long); ++long go_encapsulateMLKEM768(const uint8_t*, long, uint8_t*, long, uint8_t*, long); ++long go_encryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); ++long go_encryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); ++long go_expandHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); ++long go_extractHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); ++void go_finalizeHMAC(int32_t, void*, uint8_t*); ++void go_freeHMAC(int32_t, void*); ++long go_generateKeyECDH(int32_t, uint8_t*, long, uint8_t*, long); ++long go_generateKeyECDSA(int32_t, uint8_t*, long, uint8_t*, long, uint8_t*, long); ++void go_generateKeyEd25519(uint8_t*); ++long go_generateKeyMLDSA65(uint8_t*, long); ++long go_generateKeyMLDSA87(uint8_t*, long); ++long go_generateKeyMLKEM1024(uint8_t*, long); ++long go_generateKeyMLKEM768(uint8_t*, long); ++long go_hashBlockSize(int32_t); ++void* go_hashCopy(int32_t, void*); ++void go_hashFree(int32_t, void*); ++void* go_hashNew(int32_t); ++void go_hashReset(int32_t, void*); ++long go_hashSize(int32_t); ++void go_hashSum(int32_t, void*, uint8_t*); ++void go_hashWrite(int32_t, void*, const uint8_t*, long); ++void* go_initHMAC(int32_t, const uint8_t*, long); ++long go_newPrivateKeyEd25519FromSeed(uint8_t*, const uint8_t*); ++long go_newPublicKeyEd25519(uint8_t*, const uint8_t*); ++long go_publicKeyFromPrivateECDH(int32_t, const uint8_t*, long, uint8_t*, long); ++long go_signEd25519(const uint8_t*, const uint8_t*, size_t, uint8_t*); ++long go_signMLDSA65(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); ++long go_signMLDSA87(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); ++long go_supportsMLDSA(void); ++long go_supportsMLKEM(void); ++long go_supportsSHA3(void); ++void go_updateHMAC(int32_t, void*, const uint8_t*, long); ++long go_validatePrivateKeyECDH(int32_t, const uint8_t*, long); ++long go_validatePublicKeyECDH(int32_t, const uint8_t*, long); ++long go_validatePublicKeyMLDSA65(const uint8_t*, long); ++long go_validatePublicKeyMLDSA87(const uint8_t*, long); ++long go_verifyEd25519(const uint8_t*, const uint8_t*, size_t, const uint8_t*); ++long go_verifyMLDSA65(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); ++long go_verifyMLDSA87(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); ++ ++void _mkcgo_go_MD5(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { ++ go_MD5(_arg0, _arg1, _arg2); ++} ++ ++void _mkcgo_go_SHA1(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { ++ go_SHA1(_arg0, _arg1, _arg2); ++} ++ ++void _mkcgo_go_SHA256(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { ++ go_SHA256(_arg0, _arg1, _arg2); ++} ++ ++void _mkcgo_go_SHA384(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { ++ go_SHA384(_arg0, _arg1, _arg2); ++} ++ ++void _mkcgo_go_SHA3_256(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { ++ go_SHA3_256(_arg0, _arg1, _arg2); ++} ++ ++void _mkcgo_go_SHA3_384(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { ++ go_SHA3_384(_arg0, _arg1, _arg2); ++} ++ ++void _mkcgo_go_SHA3_512(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { ++ go_SHA3_512(_arg0, _arg1, _arg2); ++} ++ ++void _mkcgo_go_SHA512(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { ++ go_SHA512(_arg0, _arg1, _arg2); ++} ++ ++void* _mkcgo_go_copyHMAC(int32_t _arg0, void* _arg1) { ++ return go_copyHMAC(_arg0, _arg1); ++} ++ ++long _mkcgo_go_decapsulateMLKEM1024(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, uint8_t* _arg4, long _arg5) { ++ return go_decapsulateMLKEM1024(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++} ++ ++long _mkcgo_go_decapsulateMLKEM768(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, uint8_t* _arg4, long _arg5) { ++ return go_decapsulateMLKEM768(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++} ++ ++long _mkcgo_go_decryptAESGCM(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, const uint8_t* _arg8, size_t _arg9, uint8_t* _arg10, size_t* _arg11) { ++ return go_decryptAESGCM(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10, _arg11); ++} ++ ++long _mkcgo_go_decryptChaChaPoly(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, const uint8_t* _arg8, size_t _arg9, uint8_t* _arg10, size_t* _arg11) { ++ return go_decryptChaChaPoly(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10, _arg11); ++} ++ ++long _mkcgo_go_deriveEncapsulationKeyMLKEM1024(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3) { ++ return go_deriveEncapsulationKeyMLKEM1024(_arg0, _arg1, _arg2, _arg3); ++} ++ ++long _mkcgo_go_deriveEncapsulationKeyMLKEM768(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3) { ++ return go_deriveEncapsulationKeyMLKEM768(_arg0, _arg1, _arg2, _arg3); ++} ++ ++long _mkcgo_go_derivePublicKeyMLDSA65(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3) { ++ return go_derivePublicKeyMLDSA65(_arg0, _arg1, _arg2, _arg3); ++} ++ ++long _mkcgo_go_derivePublicKeyMLDSA87(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3) { ++ return go_derivePublicKeyMLDSA87(_arg0, _arg1, _arg2, _arg3); ++} ++ ++long _mkcgo_go_ecdhSharedSecret(int32_t _arg0, const uint8_t* _arg1, long _arg2, const uint8_t* _arg3, long _arg4, uint8_t* _arg5, long _arg6) { ++ return go_ecdhSharedSecret(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); ++} ++ ++long _mkcgo_go_ecdsaSign(int32_t _arg0, const uint8_t* _arg1, long _arg2, const uint8_t* _arg3, long _arg4, uint8_t* _arg5, long* _arg6) { ++ return go_ecdsaSign(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); ++} ++ ++long _mkcgo_go_ecdsaVerify(int32_t _arg0, const uint8_t* _arg1, long _arg2, const uint8_t* _arg3, long _arg4, const uint8_t* _arg5, long _arg6, const uint8_t* _arg7, long _arg8) { ++ return go_ecdsaVerify(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8); ++} ++ ++long _mkcgo_go_encapsulateMLKEM1024(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3, uint8_t* _arg4, long _arg5) { ++ return go_encapsulateMLKEM1024(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++} ++ ++long _mkcgo_go_encapsulateMLKEM768(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3, uint8_t* _arg4, long _arg5) { ++ return go_encapsulateMLKEM768(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++} ++ ++long _mkcgo_go_encryptAESGCM(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, uint8_t* _arg8, size_t _arg9, uint8_t* _arg10) { ++ return go_encryptAESGCM(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10); ++} ++ ++long _mkcgo_go_encryptChaChaPoly(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, uint8_t* _arg8, size_t _arg9, uint8_t* _arg10) { ++ return go_encryptChaChaPoly(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10); ++} ++ ++long _mkcgo_go_expandHKDF(int32_t _arg0, const uint8_t* _arg1, size_t _arg2, const uint8_t* _arg3, size_t _arg4, uint8_t* _arg5, size_t _arg6) { ++ return go_expandHKDF(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); ++} ++ ++long _mkcgo_go_extractHKDF(int32_t _arg0, const uint8_t* _arg1, size_t _arg2, const uint8_t* _arg3, size_t _arg4, uint8_t* _arg5, size_t _arg6) { ++ return go_extractHKDF(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); ++} ++ ++void _mkcgo_go_finalizeHMAC(int32_t _arg0, void* _arg1, uint8_t* _arg2) { ++ go_finalizeHMAC(_arg0, _arg1, _arg2); ++} ++ ++void _mkcgo_go_freeHMAC(int32_t _arg0, void* _arg1) { ++ go_freeHMAC(_arg0, _arg1); ++} ++ ++long _mkcgo_go_generateKeyECDH(int32_t _arg0, uint8_t* _arg1, long _arg2, uint8_t* _arg3, long _arg4) { ++ return go_generateKeyECDH(_arg0, _arg1, _arg2, _arg3, _arg4); ++} ++ ++long _mkcgo_go_generateKeyECDSA(int32_t _arg0, uint8_t* _arg1, long _arg2, uint8_t* _arg3, long _arg4, uint8_t* _arg5, long _arg6) { ++ return go_generateKeyECDSA(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); ++} ++ ++void _mkcgo_go_generateKeyEd25519(uint8_t* _arg0) { ++ go_generateKeyEd25519(_arg0); ++} ++ ++long _mkcgo_go_generateKeyMLDSA65(uint8_t* _arg0, long _arg1) { ++ return go_generateKeyMLDSA65(_arg0, _arg1); ++} ++ ++long _mkcgo_go_generateKeyMLDSA87(uint8_t* _arg0, long _arg1) { ++ return go_generateKeyMLDSA87(_arg0, _arg1); ++} ++ ++long _mkcgo_go_generateKeyMLKEM1024(uint8_t* _arg0, long _arg1) { ++ return go_generateKeyMLKEM1024(_arg0, _arg1); ++} ++ ++long _mkcgo_go_generateKeyMLKEM768(uint8_t* _arg0, long _arg1) { ++ return go_generateKeyMLKEM768(_arg0, _arg1); ++} ++ ++long _mkcgo_go_hashBlockSize(int32_t _arg0) { ++ return go_hashBlockSize(_arg0); ++} ++ ++void* _mkcgo_go_hashCopy(int32_t _arg0, void* _arg1) { ++ return go_hashCopy(_arg0, _arg1); ++} ++ ++void _mkcgo_go_hashFree(int32_t _arg0, void* _arg1) { ++ go_hashFree(_arg0, _arg1); ++} ++ ++void* _mkcgo_go_hashNew(int32_t _arg0) { ++ return go_hashNew(_arg0); ++} ++ ++void _mkcgo_go_hashReset(int32_t _arg0, void* _arg1) { ++ go_hashReset(_arg0, _arg1); ++} ++ ++long _mkcgo_go_hashSize(int32_t _arg0) { ++ return go_hashSize(_arg0); ++} ++ ++void _mkcgo_go_hashSum(int32_t _arg0, void* _arg1, uint8_t* _arg2) { ++ go_hashSum(_arg0, _arg1, _arg2); ++} ++ ++void _mkcgo_go_hashWrite(int32_t _arg0, void* _arg1, const uint8_t* _arg2, long _arg3) { ++ go_hashWrite(_arg0, _arg1, _arg2, _arg3); ++} ++ ++void* _mkcgo_go_initHMAC(int32_t _arg0, const uint8_t* _arg1, long _arg2) { ++ return go_initHMAC(_arg0, _arg1, _arg2); ++} ++ ++long _mkcgo_go_newPrivateKeyEd25519FromSeed(uint8_t* _arg0, const uint8_t* _arg1) { ++ return go_newPrivateKeyEd25519FromSeed(_arg0, _arg1); ++} ++ ++long _mkcgo_go_newPublicKeyEd25519(uint8_t* _arg0, const uint8_t* _arg1) { ++ return go_newPublicKeyEd25519(_arg0, _arg1); ++} ++ ++long _mkcgo_go_publicKeyFromPrivateECDH(int32_t _arg0, const uint8_t* _arg1, long _arg2, uint8_t* _arg3, long _arg4) { ++ return go_publicKeyFromPrivateECDH(_arg0, _arg1, _arg2, _arg3, _arg4); ++} ++ ++long _mkcgo_go_signEd25519(const uint8_t* _arg0, const uint8_t* _arg1, size_t _arg2, uint8_t* _arg3) { ++ return go_signEd25519(_arg0, _arg1, _arg2, _arg3); ++} ++ ++long _mkcgo_go_signMLDSA65(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, const uint8_t* _arg4, long _arg5, uint8_t* _arg6, long* _arg7) { ++ return go_signMLDSA65(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); ++} ++ ++long _mkcgo_go_signMLDSA87(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, const uint8_t* _arg4, long _arg5, uint8_t* _arg6, long* _arg7) { ++ return go_signMLDSA87(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); ++} ++ ++long _mkcgo_go_supportsMLDSA(void) { ++ return go_supportsMLDSA(); ++} ++ ++long _mkcgo_go_supportsMLKEM(void) { ++ return go_supportsMLKEM(); ++} ++ ++long _mkcgo_go_supportsSHA3(void) { ++ return go_supportsSHA3(); ++} ++ ++void _mkcgo_go_updateHMAC(int32_t _arg0, void* _arg1, const uint8_t* _arg2, long _arg3) { ++ go_updateHMAC(_arg0, _arg1, _arg2, _arg3); ++} ++ ++long _mkcgo_go_validatePrivateKeyECDH(int32_t _arg0, const uint8_t* _arg1, long _arg2) { ++ return go_validatePrivateKeyECDH(_arg0, _arg1, _arg2); ++} ++ ++long _mkcgo_go_validatePublicKeyECDH(int32_t _arg0, const uint8_t* _arg1, long _arg2) { ++ return go_validatePublicKeyECDH(_arg0, _arg1, _arg2); ++} ++ ++long _mkcgo_go_validatePublicKeyMLDSA65(const uint8_t* _arg0, long _arg1) { ++ return go_validatePublicKeyMLDSA65(_arg0, _arg1); ++} ++ ++long _mkcgo_go_validatePublicKeyMLDSA87(const uint8_t* _arg0, long _arg1) { ++ return go_validatePublicKeyMLDSA87(_arg0, _arg1); ++} ++ ++long _mkcgo_go_verifyEd25519(const uint8_t* _arg0, const uint8_t* _arg1, size_t _arg2, const uint8_t* _arg3) { ++ return go_verifyEd25519(_arg0, _arg1, _arg2, _arg3); ++} ++ ++long _mkcgo_go_verifyMLDSA65(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, const uint8_t* _arg4, long _arg5, const uint8_t* _arg6, long _arg7) { ++ return go_verifyMLDSA65(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); ++} ++ ++long _mkcgo_go_verifyMLDSA87(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, const uint8_t* _arg4, long _arg5, const uint8_t* _arg6, long _arg7) { ++ return go_verifyMLDSA87(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); ++} ++ +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.h +new file mode 100644 +index 00000000000000..f933f59c3013da +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.h +@@ -0,0 +1,77 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++#ifndef MKCGO_H // only include this header once ++#define MKCGO_H ++ ++#include ++#include ++ ++ ++uintptr_t mkcgo_err_retrieve(); ++ ++void _mkcgo_go_MD5(const uint8_t*, size_t, uint8_t*); ++void _mkcgo_go_SHA1(const uint8_t*, size_t, uint8_t*); ++void _mkcgo_go_SHA256(const uint8_t*, size_t, uint8_t*); ++void _mkcgo_go_SHA384(const uint8_t*, size_t, uint8_t*); ++void _mkcgo_go_SHA3_256(const uint8_t*, size_t, uint8_t*); ++void _mkcgo_go_SHA3_384(const uint8_t*, size_t, uint8_t*); ++void _mkcgo_go_SHA3_512(const uint8_t*, size_t, uint8_t*); ++void _mkcgo_go_SHA512(const uint8_t*, size_t, uint8_t*); ++void* _mkcgo_go_copyHMAC(int32_t, void*); ++long _mkcgo_go_decapsulateMLKEM1024(const uint8_t*, long, const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_decapsulateMLKEM768(const uint8_t*, long, const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_decryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); ++long _mkcgo_go_decryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); ++long _mkcgo_go_deriveEncapsulationKeyMLKEM1024(const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_deriveEncapsulationKeyMLKEM768(const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_derivePublicKeyMLDSA65(const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_derivePublicKeyMLDSA87(const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_ecdhSharedSecret(int32_t, const uint8_t*, long, const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_ecdsaSign(int32_t, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); ++long _mkcgo_go_ecdsaVerify(int32_t, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); ++long _mkcgo_go_encapsulateMLKEM1024(const uint8_t*, long, uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_encapsulateMLKEM768(const uint8_t*, long, uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_encryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); ++long _mkcgo_go_encryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); ++long _mkcgo_go_expandHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); ++long _mkcgo_go_extractHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); ++void _mkcgo_go_finalizeHMAC(int32_t, void*, uint8_t*); ++void _mkcgo_go_freeHMAC(int32_t, void*); ++long _mkcgo_go_generateKeyECDH(int32_t, uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_generateKeyECDSA(int32_t, uint8_t*, long, uint8_t*, long, uint8_t*, long); ++void _mkcgo_go_generateKeyEd25519(uint8_t*); ++long _mkcgo_go_generateKeyMLDSA65(uint8_t*, long); ++long _mkcgo_go_generateKeyMLDSA87(uint8_t*, long); ++long _mkcgo_go_generateKeyMLKEM1024(uint8_t*, long); ++long _mkcgo_go_generateKeyMLKEM768(uint8_t*, long); ++long _mkcgo_go_hashBlockSize(int32_t); ++void* _mkcgo_go_hashCopy(int32_t, void*); ++void _mkcgo_go_hashFree(int32_t, void*); ++void* _mkcgo_go_hashNew(int32_t); ++void _mkcgo_go_hashReset(int32_t, void*); ++long _mkcgo_go_hashSize(int32_t); ++void _mkcgo_go_hashSum(int32_t, void*, uint8_t*); ++void _mkcgo_go_hashWrite(int32_t, void*, const uint8_t*, long); ++void* _mkcgo_go_initHMAC(int32_t, const uint8_t*, long); ++long _mkcgo_go_newPrivateKeyEd25519FromSeed(uint8_t*, const uint8_t*); ++long _mkcgo_go_newPublicKeyEd25519(uint8_t*, const uint8_t*); ++long _mkcgo_go_publicKeyFromPrivateECDH(int32_t, const uint8_t*, long, uint8_t*, long); ++long _mkcgo_go_signEd25519(const uint8_t*, const uint8_t*, size_t, uint8_t*); ++long _mkcgo_go_signMLDSA65(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); ++long _mkcgo_go_signMLDSA87(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); ++long _mkcgo_go_supportsMLDSA(void); ++long _mkcgo_go_supportsMLKEM(void); ++long _mkcgo_go_supportsSHA3(void); ++void _mkcgo_go_updateHMAC(int32_t, void*, const uint8_t*, long); ++long _mkcgo_go_validatePrivateKeyECDH(int32_t, const uint8_t*, long); ++long _mkcgo_go_validatePublicKeyECDH(int32_t, const uint8_t*, long); ++long _mkcgo_go_validatePublicKeyMLDSA65(const uint8_t*, long); ++long _mkcgo_go_validatePublicKeyMLDSA87(const uint8_t*, long); ++long _mkcgo_go_verifyEd25519(const uint8_t*, const uint8_t*, size_t, const uint8_t*); ++long _mkcgo_go_verifyMLDSA65(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); ++long _mkcgo_go_verifyMLDSA87(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); ++ ++#endif // MKCGO_H +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.s +new file mode 100644 +index 00000000000000..5be36f4b35dedb +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.s +@@ -0,0 +1,400 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++//go:build !cgo ++ ++#include "textflag.h" ++ ++#ifndef GOARCH_amd64 ++#ifndef GOARCH_arm64 ++#ifndef GOARCH_riscv64 ++#ifndef GOARCH_loong64 ++#ifndef GOARCH_mips64 ++#ifndef GOARCH_mips64le ++#ifndef GOARCH_ppc64 ++#ifndef GOARCH_ppc64le ++#ifndef GOARCH_s390x ++#ifndef GOARCH_sparc64 ++#define _GOPTRSIZE 4 ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++ ++#ifndef _GOPTRSIZE ++#define _GOPTRSIZE 8 ++#endif ++TEXT _mkcgo_go_MD5_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_MD5(SB) ++ ++GLOBL ·_mkcgo_go_MD5_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_MD5_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_MD5_trampoline<>(SB) ++ ++TEXT _mkcgo_go_SHA1_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_SHA1(SB) ++ ++GLOBL ·_mkcgo_go_SHA1_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_SHA1_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_SHA1_trampoline<>(SB) ++ ++TEXT _mkcgo_go_SHA256_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_SHA256(SB) ++ ++GLOBL ·_mkcgo_go_SHA256_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_SHA256_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_SHA256_trampoline<>(SB) ++ ++TEXT _mkcgo_go_SHA384_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_SHA384(SB) ++ ++GLOBL ·_mkcgo_go_SHA384_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_SHA384_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_SHA384_trampoline<>(SB) ++ ++TEXT _mkcgo_go_SHA3_256_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_SHA3_256(SB) ++ ++GLOBL ·_mkcgo_go_SHA3_256_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_SHA3_256_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_SHA3_256_trampoline<>(SB) ++ ++TEXT _mkcgo_go_SHA3_384_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_SHA3_384(SB) ++ ++GLOBL ·_mkcgo_go_SHA3_384_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_SHA3_384_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_SHA3_384_trampoline<>(SB) ++ ++TEXT _mkcgo_go_SHA3_512_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_SHA3_512(SB) ++ ++GLOBL ·_mkcgo_go_SHA3_512_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_SHA3_512_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_SHA3_512_trampoline<>(SB) ++ ++TEXT _mkcgo_go_SHA512_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_SHA512(SB) ++ ++GLOBL ·_mkcgo_go_SHA512_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_SHA512_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_SHA512_trampoline<>(SB) ++ ++TEXT _mkcgo_go_copyHMAC_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_copyHMAC(SB) ++ ++GLOBL ·_mkcgo_go_copyHMAC_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_copyHMAC_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_copyHMAC_trampoline<>(SB) ++ ++TEXT _mkcgo_go_decapsulateMLKEM1024_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_decapsulateMLKEM1024(SB) ++ ++GLOBL ·_mkcgo_go_decapsulateMLKEM1024_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_decapsulateMLKEM1024_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_decapsulateMLKEM1024_trampoline<>(SB) ++ ++TEXT _mkcgo_go_decapsulateMLKEM768_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_decapsulateMLKEM768(SB) ++ ++GLOBL ·_mkcgo_go_decapsulateMLKEM768_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_decapsulateMLKEM768_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_decapsulateMLKEM768_trampoline<>(SB) ++ ++TEXT _mkcgo_go_decryptAESGCM_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_decryptAESGCM(SB) ++ ++GLOBL ·_mkcgo_go_decryptAESGCM_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_decryptAESGCM_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_decryptAESGCM_trampoline<>(SB) ++ ++TEXT _mkcgo_go_decryptChaChaPoly_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_decryptChaChaPoly(SB) ++ ++GLOBL ·_mkcgo_go_decryptChaChaPoly_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_decryptChaChaPoly_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_decryptChaChaPoly_trampoline<>(SB) ++ ++TEXT _mkcgo_go_deriveEncapsulationKeyMLKEM1024_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_deriveEncapsulationKeyMLKEM1024(SB) ++ ++GLOBL ·_mkcgo_go_deriveEncapsulationKeyMLKEM1024_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_deriveEncapsulationKeyMLKEM1024_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_deriveEncapsulationKeyMLKEM1024_trampoline<>(SB) ++ ++TEXT _mkcgo_go_deriveEncapsulationKeyMLKEM768_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_deriveEncapsulationKeyMLKEM768(SB) ++ ++GLOBL ·_mkcgo_go_deriveEncapsulationKeyMLKEM768_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_deriveEncapsulationKeyMLKEM768_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_deriveEncapsulationKeyMLKEM768_trampoline<>(SB) ++ ++TEXT _mkcgo_go_derivePublicKeyMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_derivePublicKeyMLDSA65(SB) ++ ++GLOBL ·_mkcgo_go_derivePublicKeyMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_derivePublicKeyMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_derivePublicKeyMLDSA65_trampoline<>(SB) ++ ++TEXT _mkcgo_go_derivePublicKeyMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_derivePublicKeyMLDSA87(SB) ++ ++GLOBL ·_mkcgo_go_derivePublicKeyMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_derivePublicKeyMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_derivePublicKeyMLDSA87_trampoline<>(SB) ++ ++TEXT _mkcgo_go_ecdhSharedSecret_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_ecdhSharedSecret(SB) ++ ++GLOBL ·_mkcgo_go_ecdhSharedSecret_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_ecdhSharedSecret_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_ecdhSharedSecret_trampoline<>(SB) ++ ++TEXT _mkcgo_go_ecdsaSign_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_ecdsaSign(SB) ++ ++GLOBL ·_mkcgo_go_ecdsaSign_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_ecdsaSign_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_ecdsaSign_trampoline<>(SB) ++ ++TEXT _mkcgo_go_ecdsaVerify_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_ecdsaVerify(SB) ++ ++GLOBL ·_mkcgo_go_ecdsaVerify_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_ecdsaVerify_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_ecdsaVerify_trampoline<>(SB) ++ ++TEXT _mkcgo_go_encapsulateMLKEM1024_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_encapsulateMLKEM1024(SB) ++ ++GLOBL ·_mkcgo_go_encapsulateMLKEM1024_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_encapsulateMLKEM1024_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_encapsulateMLKEM1024_trampoline<>(SB) ++ ++TEXT _mkcgo_go_encapsulateMLKEM768_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_encapsulateMLKEM768(SB) ++ ++GLOBL ·_mkcgo_go_encapsulateMLKEM768_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_encapsulateMLKEM768_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_encapsulateMLKEM768_trampoline<>(SB) ++ ++TEXT _mkcgo_go_encryptAESGCM_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_encryptAESGCM(SB) ++ ++GLOBL ·_mkcgo_go_encryptAESGCM_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_encryptAESGCM_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_encryptAESGCM_trampoline<>(SB) ++ ++TEXT _mkcgo_go_encryptChaChaPoly_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_encryptChaChaPoly(SB) ++ ++GLOBL ·_mkcgo_go_encryptChaChaPoly_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_encryptChaChaPoly_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_encryptChaChaPoly_trampoline<>(SB) ++ ++TEXT _mkcgo_go_expandHKDF_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_expandHKDF(SB) ++ ++GLOBL ·_mkcgo_go_expandHKDF_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_expandHKDF_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_expandHKDF_trampoline<>(SB) ++ ++TEXT _mkcgo_go_extractHKDF_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_extractHKDF(SB) ++ ++GLOBL ·_mkcgo_go_extractHKDF_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_extractHKDF_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_extractHKDF_trampoline<>(SB) ++ ++TEXT _mkcgo_go_finalizeHMAC_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_finalizeHMAC(SB) ++ ++GLOBL ·_mkcgo_go_finalizeHMAC_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_finalizeHMAC_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_finalizeHMAC_trampoline<>(SB) ++ ++TEXT _mkcgo_go_freeHMAC_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_freeHMAC(SB) ++ ++GLOBL ·_mkcgo_go_freeHMAC_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_freeHMAC_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_freeHMAC_trampoline<>(SB) ++ ++TEXT _mkcgo_go_generateKeyECDH_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_generateKeyECDH(SB) ++ ++GLOBL ·_mkcgo_go_generateKeyECDH_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_generateKeyECDH_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyECDH_trampoline<>(SB) ++ ++TEXT _mkcgo_go_generateKeyECDSA_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_generateKeyECDSA(SB) ++ ++GLOBL ·_mkcgo_go_generateKeyECDSA_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_generateKeyECDSA_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyECDSA_trampoline<>(SB) ++ ++TEXT _mkcgo_go_generateKeyEd25519_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_generateKeyEd25519(SB) ++ ++GLOBL ·_mkcgo_go_generateKeyEd25519_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_generateKeyEd25519_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyEd25519_trampoline<>(SB) ++ ++TEXT _mkcgo_go_generateKeyMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_generateKeyMLDSA65(SB) ++ ++GLOBL ·_mkcgo_go_generateKeyMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_generateKeyMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyMLDSA65_trampoline<>(SB) ++ ++TEXT _mkcgo_go_generateKeyMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_generateKeyMLDSA87(SB) ++ ++GLOBL ·_mkcgo_go_generateKeyMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_generateKeyMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyMLDSA87_trampoline<>(SB) ++ ++TEXT _mkcgo_go_generateKeyMLKEM1024_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_generateKeyMLKEM1024(SB) ++ ++GLOBL ·_mkcgo_go_generateKeyMLKEM1024_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_generateKeyMLKEM1024_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyMLKEM1024_trampoline<>(SB) ++ ++TEXT _mkcgo_go_generateKeyMLKEM768_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_generateKeyMLKEM768(SB) ++ ++GLOBL ·_mkcgo_go_generateKeyMLKEM768_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_generateKeyMLKEM768_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyMLKEM768_trampoline<>(SB) ++ ++TEXT _mkcgo_go_hashBlockSize_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_hashBlockSize(SB) ++ ++GLOBL ·_mkcgo_go_hashBlockSize_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_hashBlockSize_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashBlockSize_trampoline<>(SB) ++ ++TEXT _mkcgo_go_hashCopy_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_hashCopy(SB) ++ ++GLOBL ·_mkcgo_go_hashCopy_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_hashCopy_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashCopy_trampoline<>(SB) ++ ++TEXT _mkcgo_go_hashFree_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_hashFree(SB) ++ ++GLOBL ·_mkcgo_go_hashFree_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_hashFree_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashFree_trampoline<>(SB) ++ ++TEXT _mkcgo_go_hashNew_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_hashNew(SB) ++ ++GLOBL ·_mkcgo_go_hashNew_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_hashNew_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashNew_trampoline<>(SB) ++ ++TEXT _mkcgo_go_hashReset_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_hashReset(SB) ++ ++GLOBL ·_mkcgo_go_hashReset_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_hashReset_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashReset_trampoline<>(SB) ++ ++TEXT _mkcgo_go_hashSize_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_hashSize(SB) ++ ++GLOBL ·_mkcgo_go_hashSize_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_hashSize_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashSize_trampoline<>(SB) ++ ++TEXT _mkcgo_go_hashSum_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_hashSum(SB) ++ ++GLOBL ·_mkcgo_go_hashSum_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_hashSum_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashSum_trampoline<>(SB) ++ ++TEXT _mkcgo_go_hashWrite_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_hashWrite(SB) ++ ++GLOBL ·_mkcgo_go_hashWrite_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_hashWrite_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashWrite_trampoline<>(SB) ++ ++TEXT _mkcgo_go_initHMAC_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_initHMAC(SB) ++ ++GLOBL ·_mkcgo_go_initHMAC_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_initHMAC_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_initHMAC_trampoline<>(SB) ++ ++TEXT _mkcgo_go_newPrivateKeyEd25519FromSeed_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_newPrivateKeyEd25519FromSeed(SB) ++ ++GLOBL ·_mkcgo_go_newPrivateKeyEd25519FromSeed_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_newPrivateKeyEd25519FromSeed_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_newPrivateKeyEd25519FromSeed_trampoline<>(SB) ++ ++TEXT _mkcgo_go_newPublicKeyEd25519_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_newPublicKeyEd25519(SB) ++ ++GLOBL ·_mkcgo_go_newPublicKeyEd25519_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_newPublicKeyEd25519_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_newPublicKeyEd25519_trampoline<>(SB) ++ ++TEXT _mkcgo_go_publicKeyFromPrivateECDH_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_publicKeyFromPrivateECDH(SB) ++ ++GLOBL ·_mkcgo_go_publicKeyFromPrivateECDH_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_publicKeyFromPrivateECDH_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_publicKeyFromPrivateECDH_trampoline<>(SB) ++ ++TEXT _mkcgo_go_signEd25519_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_signEd25519(SB) ++ ++GLOBL ·_mkcgo_go_signEd25519_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_signEd25519_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_signEd25519_trampoline<>(SB) ++ ++TEXT _mkcgo_go_signMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_signMLDSA65(SB) ++ ++GLOBL ·_mkcgo_go_signMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_signMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_signMLDSA65_trampoline<>(SB) ++ ++TEXT _mkcgo_go_signMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_signMLDSA87(SB) ++ ++GLOBL ·_mkcgo_go_signMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_signMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_signMLDSA87_trampoline<>(SB) ++ ++TEXT _mkcgo_go_supportsMLDSA_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_supportsMLDSA(SB) ++ ++GLOBL ·_mkcgo_go_supportsMLDSA_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_supportsMLDSA_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_supportsMLDSA_trampoline<>(SB) ++ ++TEXT _mkcgo_go_supportsMLKEM_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_supportsMLKEM(SB) ++ ++GLOBL ·_mkcgo_go_supportsMLKEM_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_supportsMLKEM_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_supportsMLKEM_trampoline<>(SB) ++ ++TEXT _mkcgo_go_supportsSHA3_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_supportsSHA3(SB) ++ ++GLOBL ·_mkcgo_go_supportsSHA3_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_supportsSHA3_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_supportsSHA3_trampoline<>(SB) ++ ++TEXT _mkcgo_go_updateHMAC_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_updateHMAC(SB) ++ ++GLOBL ·_mkcgo_go_updateHMAC_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_updateHMAC_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_updateHMAC_trampoline<>(SB) ++ ++TEXT _mkcgo_go_validatePrivateKeyECDH_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_validatePrivateKeyECDH(SB) ++ ++GLOBL ·_mkcgo_go_validatePrivateKeyECDH_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_validatePrivateKeyECDH_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_validatePrivateKeyECDH_trampoline<>(SB) ++ ++TEXT _mkcgo_go_validatePublicKeyECDH_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_validatePublicKeyECDH(SB) ++ ++GLOBL ·_mkcgo_go_validatePublicKeyECDH_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_validatePublicKeyECDH_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_validatePublicKeyECDH_trampoline<>(SB) ++ ++TEXT _mkcgo_go_validatePublicKeyMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_validatePublicKeyMLDSA65(SB) ++ ++GLOBL ·_mkcgo_go_validatePublicKeyMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_validatePublicKeyMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_validatePublicKeyMLDSA65_trampoline<>(SB) ++ ++TEXT _mkcgo_go_validatePublicKeyMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_validatePublicKeyMLDSA87(SB) ++ ++GLOBL ·_mkcgo_go_validatePublicKeyMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_validatePublicKeyMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_validatePublicKeyMLDSA87_trampoline<>(SB) ++ ++TEXT _mkcgo_go_verifyEd25519_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_verifyEd25519(SB) ++ ++GLOBL ·_mkcgo_go_verifyEd25519_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_verifyEd25519_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_verifyEd25519_trampoline<>(SB) ++ ++TEXT _mkcgo_go_verifyMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_verifyMLDSA65(SB) ++ ++GLOBL ·_mkcgo_go_verifyMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_verifyMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_verifyMLDSA65_trampoline<>(SB) ++ ++TEXT _mkcgo_go_verifyMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_go_verifyMLDSA87(SB) ++ ++GLOBL ·_mkcgo_go_verifyMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_go_verifyMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_verifyMLDSA87_trampoline<>(SB) ++ +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_cgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_cgo.go +new file mode 100644 +index 00000000000000..c05dd1acf80954 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_cgo.go +@@ -0,0 +1,386 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++package cryptokit ++ ++/* ++#cgo CFLAGS: -Wno-attributes ++ ++#include "zcryptokit.h" ++#cgo noescape _mkcgo_go_MD5 ++#cgo nocallback _mkcgo_go_MD5 ++#cgo noescape _mkcgo_go_SHA1 ++#cgo nocallback _mkcgo_go_SHA1 ++#cgo noescape _mkcgo_go_SHA256 ++#cgo nocallback _mkcgo_go_SHA256 ++#cgo noescape _mkcgo_go_SHA384 ++#cgo nocallback _mkcgo_go_SHA384 ++#cgo noescape _mkcgo_go_SHA3_256 ++#cgo nocallback _mkcgo_go_SHA3_256 ++#cgo noescape _mkcgo_go_SHA3_384 ++#cgo nocallback _mkcgo_go_SHA3_384 ++#cgo noescape _mkcgo_go_SHA3_512 ++#cgo nocallback _mkcgo_go_SHA3_512 ++#cgo noescape _mkcgo_go_SHA512 ++#cgo nocallback _mkcgo_go_SHA512 ++#cgo noescape _mkcgo_go_copyHMAC ++#cgo nocallback _mkcgo_go_copyHMAC ++#cgo noescape _mkcgo_go_decapsulateMLKEM1024 ++#cgo nocallback _mkcgo_go_decapsulateMLKEM1024 ++#cgo noescape _mkcgo_go_decapsulateMLKEM768 ++#cgo nocallback _mkcgo_go_decapsulateMLKEM768 ++#cgo noescape _mkcgo_go_decryptAESGCM ++#cgo nocallback _mkcgo_go_decryptAESGCM ++#cgo noescape _mkcgo_go_decryptChaChaPoly ++#cgo nocallback _mkcgo_go_decryptChaChaPoly ++#cgo noescape _mkcgo_go_deriveEncapsulationKeyMLKEM1024 ++#cgo nocallback _mkcgo_go_deriveEncapsulationKeyMLKEM1024 ++#cgo noescape _mkcgo_go_deriveEncapsulationKeyMLKEM768 ++#cgo nocallback _mkcgo_go_deriveEncapsulationKeyMLKEM768 ++#cgo noescape _mkcgo_go_derivePublicKeyMLDSA65 ++#cgo nocallback _mkcgo_go_derivePublicKeyMLDSA65 ++#cgo noescape _mkcgo_go_derivePublicKeyMLDSA87 ++#cgo nocallback _mkcgo_go_derivePublicKeyMLDSA87 ++#cgo noescape _mkcgo_go_ecdhSharedSecret ++#cgo nocallback _mkcgo_go_ecdhSharedSecret ++#cgo noescape _mkcgo_go_ecdsaSign ++#cgo nocallback _mkcgo_go_ecdsaSign ++#cgo noescape _mkcgo_go_ecdsaVerify ++#cgo nocallback _mkcgo_go_ecdsaVerify ++#cgo noescape _mkcgo_go_encapsulateMLKEM1024 ++#cgo nocallback _mkcgo_go_encapsulateMLKEM1024 ++#cgo noescape _mkcgo_go_encapsulateMLKEM768 ++#cgo nocallback _mkcgo_go_encapsulateMLKEM768 ++#cgo noescape _mkcgo_go_encryptAESGCM ++#cgo nocallback _mkcgo_go_encryptAESGCM ++#cgo noescape _mkcgo_go_encryptChaChaPoly ++#cgo nocallback _mkcgo_go_encryptChaChaPoly ++#cgo noescape _mkcgo_go_expandHKDF ++#cgo nocallback _mkcgo_go_expandHKDF ++#cgo noescape _mkcgo_go_extractHKDF ++#cgo nocallback _mkcgo_go_extractHKDF ++#cgo noescape _mkcgo_go_finalizeHMAC ++#cgo nocallback _mkcgo_go_finalizeHMAC ++#cgo noescape _mkcgo_go_freeHMAC ++#cgo nocallback _mkcgo_go_freeHMAC ++#cgo noescape _mkcgo_go_generateKeyECDH ++#cgo nocallback _mkcgo_go_generateKeyECDH ++#cgo noescape _mkcgo_go_generateKeyECDSA ++#cgo nocallback _mkcgo_go_generateKeyECDSA ++#cgo noescape _mkcgo_go_generateKeyEd25519 ++#cgo nocallback _mkcgo_go_generateKeyEd25519 ++#cgo noescape _mkcgo_go_generateKeyMLDSA65 ++#cgo nocallback _mkcgo_go_generateKeyMLDSA65 ++#cgo noescape _mkcgo_go_generateKeyMLDSA87 ++#cgo nocallback _mkcgo_go_generateKeyMLDSA87 ++#cgo noescape _mkcgo_go_generateKeyMLKEM1024 ++#cgo nocallback _mkcgo_go_generateKeyMLKEM1024 ++#cgo noescape _mkcgo_go_generateKeyMLKEM768 ++#cgo nocallback _mkcgo_go_generateKeyMLKEM768 ++#cgo noescape _mkcgo_go_hashBlockSize ++#cgo nocallback _mkcgo_go_hashBlockSize ++#cgo noescape _mkcgo_go_hashCopy ++#cgo nocallback _mkcgo_go_hashCopy ++#cgo noescape _mkcgo_go_hashFree ++#cgo nocallback _mkcgo_go_hashFree ++#cgo noescape _mkcgo_go_hashNew ++#cgo nocallback _mkcgo_go_hashNew ++#cgo noescape _mkcgo_go_hashReset ++#cgo nocallback _mkcgo_go_hashReset ++#cgo noescape _mkcgo_go_hashSize ++#cgo nocallback _mkcgo_go_hashSize ++#cgo noescape _mkcgo_go_hashSum ++#cgo nocallback _mkcgo_go_hashSum ++#cgo noescape _mkcgo_go_hashWrite ++#cgo nocallback _mkcgo_go_hashWrite ++#cgo noescape _mkcgo_go_initHMAC ++#cgo nocallback _mkcgo_go_initHMAC ++#cgo noescape _mkcgo_go_newPrivateKeyEd25519FromSeed ++#cgo nocallback _mkcgo_go_newPrivateKeyEd25519FromSeed ++#cgo noescape _mkcgo_go_newPublicKeyEd25519 ++#cgo nocallback _mkcgo_go_newPublicKeyEd25519 ++#cgo noescape _mkcgo_go_publicKeyFromPrivateECDH ++#cgo nocallback _mkcgo_go_publicKeyFromPrivateECDH ++#cgo noescape _mkcgo_go_signEd25519 ++#cgo nocallback _mkcgo_go_signEd25519 ++#cgo noescape _mkcgo_go_signMLDSA65 ++#cgo nocallback _mkcgo_go_signMLDSA65 ++#cgo noescape _mkcgo_go_signMLDSA87 ++#cgo nocallback _mkcgo_go_signMLDSA87 ++#cgo noescape _mkcgo_go_supportsMLDSA ++#cgo nocallback _mkcgo_go_supportsMLDSA ++#cgo noescape _mkcgo_go_supportsMLKEM ++#cgo nocallback _mkcgo_go_supportsMLKEM ++#cgo noescape _mkcgo_go_supportsSHA3 ++#cgo nocallback _mkcgo_go_supportsSHA3 ++#cgo noescape _mkcgo_go_updateHMAC ++#cgo nocallback _mkcgo_go_updateHMAC ++#cgo noescape _mkcgo_go_validatePrivateKeyECDH ++#cgo nocallback _mkcgo_go_validatePrivateKeyECDH ++#cgo noescape _mkcgo_go_validatePublicKeyECDH ++#cgo nocallback _mkcgo_go_validatePublicKeyECDH ++#cgo noescape _mkcgo_go_validatePublicKeyMLDSA65 ++#cgo nocallback _mkcgo_go_validatePublicKeyMLDSA65 ++#cgo noescape _mkcgo_go_validatePublicKeyMLDSA87 ++#cgo nocallback _mkcgo_go_validatePublicKeyMLDSA87 ++#cgo noescape _mkcgo_go_verifyEd25519 ++#cgo nocallback _mkcgo_go_verifyEd25519 ++#cgo noescape _mkcgo_go_verifyMLDSA65 ++#cgo nocallback _mkcgo_go_verifyMLDSA65 ++#cgo noescape _mkcgo_go_verifyMLDSA87 ++#cgo nocallback _mkcgo_go_verifyMLDSA87 ++*/ ++import "C" ++import "unsafe" ++ ++//go:nosplit ++func mkcgoNoEscape(p *C.uintptr_t) *C.uintptr_t { ++ x := uintptr(unsafe.Pointer(p)) ++ return (*C.uintptr_t)(unsafe.Pointer(x ^ 0)) ++} ++ ++func MD5(inputPointer []uint8, outputPointer []uint8) { ++ C._mkcgo_go_MD5((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func SHA1(inputPointer []uint8, outputPointer []uint8) { ++ C._mkcgo_go_SHA1((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func SHA256(inputPointer []uint8, outputPointer []uint8) { ++ C._mkcgo_go_SHA256((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func SHA384(inputPointer []uint8, outputPointer []uint8) { ++ C._mkcgo_go_SHA384((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func SHA3_256(inputPointer []uint8, outputPointer []uint8) { ++ C._mkcgo_go_SHA3_256((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func SHA3_384(inputPointer []uint8, outputPointer []uint8) { ++ C._mkcgo_go_SHA3_384((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func SHA3_512(inputPointer []uint8, outputPointer []uint8) { ++ C._mkcgo_go_SHA3_512((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func SHA512(inputPointer []uint8, outputPointer []uint8) { ++ C._mkcgo_go_SHA512((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func CopyHMAC(hashAlgorithm int32, ptr unsafe.Pointer) unsafe.Pointer { ++ return C._mkcgo_go_copyHMAC(C.int32_t(hashAlgorithm), ptr) ++} ++ ++func DecapsulateMLKEM1024(seed []uint8, ciphertext []uint8, sharedKey []uint8) int64 { ++ return int64(C._mkcgo_go_decapsulateMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.long(len(ciphertext)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.long(len(sharedKey)))) ++} ++ ++func DecapsulateMLKEM768(seed []uint8, ciphertext []uint8, sharedKey []uint8) int64 { ++ return int64(C._mkcgo_go_decapsulateMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.long(len(ciphertext)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.long(len(sharedKey)))) ++} ++ ++func DecryptAESGCM(key []uint8, data []uint8, nonce []uint8, aad []uint8, tag []uint8, out []uint8, outLength *int) int64 { ++ return int64(C._mkcgo_go_decryptAESGCM((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.size_t(len(data)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(nonce))), C.size_t(len(nonce)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(aad))), C.size_t(len(aad)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(tag))), C.size_t(len(tag)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(out))), (*C.size_t)(unsafe.Pointer(outLength)))) ++} ++ ++func DecryptChaChaPoly(key []uint8, data []uint8, nonce []uint8, aad []uint8, tag []uint8, out []uint8, outLength *int) int64 { ++ return int64(C._mkcgo_go_decryptChaChaPoly((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.size_t(len(data)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(nonce))), C.size_t(len(nonce)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(aad))), C.size_t(len(aad)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(tag))), C.size_t(len(tag)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(out))), (*C.size_t)(unsafe.Pointer(outLength)))) ++} ++ ++func DeriveEncapsulationKeyMLKEM1024(seed []uint8, encapKey []uint8) int64 { ++ return int64(C._mkcgo_go_deriveEncapsulationKeyMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.long(len(encapKey)))) ++} ++ ++func DeriveEncapsulationKeyMLKEM768(seed []uint8, encapKey []uint8) int64 { ++ return int64(C._mkcgo_go_deriveEncapsulationKeyMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.long(len(encapKey)))) ++} ++ ++func DerivePublicKeyMLDSA65(seed []uint8, publicKey []uint8) int64 { ++ return int64(C._mkcgo_go_derivePublicKeyMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++} ++ ++func DerivePublicKeyMLDSA87(seed []uint8, publicKey []uint8) int64 { ++ return int64(C._mkcgo_go_derivePublicKeyMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++} ++ ++func EcdhSharedSecret(curveID int32, privateKey []uint8, publicKey []uint8, sharedSecret []uint8) int64 { ++ return int64(C._mkcgo_go_ecdhSharedSecret(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.long(len(privateKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedSecret))), C.long(len(sharedSecret)))) ++} ++ ++func EcdsaSign(curveID int32, d []uint8, message []uint8, signature []uint8, signatureLen *int64) int64 { ++ return int64(C._mkcgo_go_ecdsaSign(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(d))), C.long(len(d)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), (*C.long)(unsafe.Pointer(signatureLen)))) ++} ++ ++func EcdsaVerify(curveID int32, x []uint8, y []uint8, message []uint8, signature []uint8) int64 { ++ return int64(C._mkcgo_go_ecdsaVerify(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(x))), C.long(len(x)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(y))), C.long(len(y)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), C.long(len(signature)))) ++} ++ ++func EncapsulateMLKEM1024(encapKey []uint8, sharedKey []uint8, ciphertext []uint8) int64 { ++ return int64(C._mkcgo_go_encapsulateMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.long(len(encapKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.long(len(sharedKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.long(len(ciphertext)))) ++} ++ ++func EncapsulateMLKEM768(encapKey []uint8, sharedKey []uint8, ciphertext []uint8) int64 { ++ return int64(C._mkcgo_go_encapsulateMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.long(len(encapKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.long(len(sharedKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.long(len(ciphertext)))) ++} ++ ++func EncryptAESGCM(key []uint8, data []uint8, nonce []uint8, aad []uint8, cipherText []uint8, tag []uint8) int64 { ++ return int64(C._mkcgo_go_encryptAESGCM((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.size_t(len(data)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(nonce))), C.size_t(len(nonce)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(aad))), C.size_t(len(aad)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(cipherText))), C.size_t(len(cipherText)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(tag))))) ++} ++ ++func EncryptChaChaPoly(key []uint8, data []uint8, nonce []uint8, aad []uint8, cipherText []uint8, tag []uint8) int64 { ++ return int64(C._mkcgo_go_encryptChaChaPoly((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.size_t(len(data)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(nonce))), C.size_t(len(nonce)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(aad))), C.size_t(len(aad)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(cipherText))), C.size_t(len(cipherText)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(tag))))) ++} ++ ++func ExpandHKDF(hashFunction int32, prk []uint8, info []uint8, okm []uint8) int64 { ++ return int64(C._mkcgo_go_expandHKDF(C.int32_t(hashFunction), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(prk))), C.size_t(len(prk)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(info))), C.size_t(len(info)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(okm))), C.size_t(len(okm)))) ++} ++ ++func ExtractHKDF(hashFunction int32, secret []uint8, salt []uint8, prk []uint8) int64 { ++ return int64(C._mkcgo_go_extractHKDF(C.int32_t(hashFunction), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(secret))), C.size_t(len(secret)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(salt))), C.size_t(len(salt)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(prk))), C.size_t(len(prk)))) ++} ++ ++func FinalizeHMAC(hashFunction int32, ptr unsafe.Pointer, outputPointer []uint8) { ++ C._mkcgo_go_finalizeHMAC(C.int32_t(hashFunction), ptr, (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func FreeHMAC(hashFunction int32, ptr unsafe.Pointer) { ++ C._mkcgo_go_freeHMAC(C.int32_t(hashFunction), ptr) ++} ++ ++func GenerateKeyECDH(curveID int32, privateKey []uint8, publicKey []uint8) int64 { ++ return int64(C._mkcgo_go_generateKeyECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.long(len(privateKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++} ++ ++func GenerateKeyECDSA(curveID int32, x []uint8, y []uint8, d []uint8) int64 { ++ return int64(C._mkcgo_go_generateKeyECDSA(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(x))), C.long(len(x)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(y))), C.long(len(y)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(d))), C.long(len(d)))) ++} ++ ++func GenerateKeyEd25519(key []uint8) { ++ C._mkcgo_go_generateKeyEd25519((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key)))) ++} ++ ++func GenerateKeyMLDSA65(seed []uint8) int64 { ++ return int64(C._mkcgo_go_generateKeyMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)))) ++} ++ ++func GenerateKeyMLDSA87(seed []uint8) int64 { ++ return int64(C._mkcgo_go_generateKeyMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)))) ++} ++ ++func GenerateKeyMLKEM1024(seed []uint8) int64 { ++ return int64(C._mkcgo_go_generateKeyMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)))) ++} ++ ++func GenerateKeyMLKEM768(seed []uint8) int64 { ++ return int64(C._mkcgo_go_generateKeyMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)))) ++} ++ ++func HashBlockSize(hashAlgorithm int32) int64 { ++ return int64(C._mkcgo_go_hashBlockSize(C.int32_t(hashAlgorithm))) ++} ++ ++func HashCopy(hashAlgorithm int32, ptr unsafe.Pointer) unsafe.Pointer { ++ return C._mkcgo_go_hashCopy(C.int32_t(hashAlgorithm), ptr) ++} ++ ++func HashFree(hashAlgorithm int32, ptr unsafe.Pointer) { ++ C._mkcgo_go_hashFree(C.int32_t(hashAlgorithm), ptr) ++} ++ ++func HashNew(hashAlgorithm int32) unsafe.Pointer { ++ return C._mkcgo_go_hashNew(C.int32_t(hashAlgorithm)) ++} ++ ++func HashReset(hashAlgorithm int32, ptr unsafe.Pointer) { ++ C._mkcgo_go_hashReset(C.int32_t(hashAlgorithm), ptr) ++} ++ ++func HashSize(hashAlgorithm int32) int64 { ++ return int64(C._mkcgo_go_hashSize(C.int32_t(hashAlgorithm))) ++} ++ ++func HashSum(hashAlgorithm int32, ptr unsafe.Pointer, outputPointer []uint8) { ++ C._mkcgo_go_hashSum(C.int32_t(hashAlgorithm), ptr, (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func HashWrite(hashAlgorithm int32, ptr unsafe.Pointer, data []uint8) { ++ C._mkcgo_go_hashWrite(C.int32_t(hashAlgorithm), ptr, (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.long(len(data))) ++} ++ ++func InitHMAC(hashFunction int32, key []uint8) unsafe.Pointer { ++ return C._mkcgo_go_initHMAC(C.int32_t(hashFunction), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), C.long(len(key))) ++} ++ ++func NewPrivateKeyEd25519FromSeed(key []uint8, seed []uint8) int64 { ++ return int64(C._mkcgo_go_newPrivateKeyEd25519FromSeed((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))))) ++} ++ ++func NewPublicKeyEd25519(key []uint8, pub []uint8) int64 { ++ return int64(C._mkcgo_go_newPublicKeyEd25519((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(pub))))) ++} ++ ++func PublicKeyFromPrivateECDH(curveID int32, privateKey []uint8, publicKey []uint8) int64 { ++ return int64(C._mkcgo_go_publicKeyFromPrivateECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.long(len(privateKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++} ++ ++func SignEd25519(privateKey []uint8, message []uint8, sigBuffer []uint8) int64 { ++ return int64(C._mkcgo_go_signEd25519((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.size_t(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sigBuffer))))) ++} ++ ++func SignMLDSA65(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 { ++ return int64(C._mkcgo_go_signMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(context))), C.long(len(context)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), (*C.long)(unsafe.Pointer(signatureLen)))) ++} ++ ++func SignMLDSA87(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 { ++ return int64(C._mkcgo_go_signMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(context))), C.long(len(context)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), (*C.long)(unsafe.Pointer(signatureLen)))) ++} ++ ++func SupportsMLDSA() int64 { ++ return int64(C._mkcgo_go_supportsMLDSA()) ++} ++ ++func SupportsMLKEM() int64 { ++ return int64(C._mkcgo_go_supportsMLKEM()) ++} ++ ++func SupportsSHA3() int64 { ++ return int64(C._mkcgo_go_supportsSHA3()) ++} ++ ++func UpdateHMAC(hashFunction int32, ptr unsafe.Pointer, data []uint8) { ++ C._mkcgo_go_updateHMAC(C.int32_t(hashFunction), ptr, (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.long(len(data))) ++} ++ ++func ValidatePrivateKeyECDH(curveID int32, privateKey []uint8) int64 { ++ return int64(C._mkcgo_go_validatePrivateKeyECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.long(len(privateKey)))) ++} ++ ++func ValidatePublicKeyECDH(curveID int32, publicKey []uint8) int64 { ++ return int64(C._mkcgo_go_validatePublicKeyECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++} ++ ++func ValidatePublicKeyMLDSA65(publicKey []uint8) int64 { ++ return int64(C._mkcgo_go_validatePublicKeyMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++} ++ ++func ValidatePublicKeyMLDSA87(publicKey []uint8) int64 { ++ return int64(C._mkcgo_go_validatePublicKeyMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++} ++ ++func VerifyEd25519(publicKey []uint8, message []uint8, sig []uint8) int64 { ++ return int64(C._mkcgo_go_verifyEd25519((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.size_t(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sig))))) ++} ++ ++func VerifyMLDSA65(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 { ++ return int64(C._mkcgo_go_verifyMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(context))), C.long(len(context)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), C.long(len(signature)))) ++} ++ ++func VerifyMLDSA87(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 { ++ return int64(C._mkcgo_go_verifyMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(context))), C.long(len(context)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), C.long(len(signature)))) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_nocgo.go +new file mode 100644 +index 00000000000000..222ece4bb14349 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_nocgo.go +@@ -0,0 +1,441 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++//go:build !cgo ++ ++package cryptokit ++ ++import ( ++ "runtime" ++ "unsafe" ++) ++ ++var _ = runtime.GOOS ++ ++var _mkcgoAlwaysFalseCryptokit bool ++var _mkcgoEscapeSinkCryptokit unsafe.Pointer ++ ++// mkcgoEscapePtrCryptokit forces p to escape to the heap. ++// This implementation is also used in the standard library: ++// https://github.com/golang/go/blob/f71432d223eeb2139b460957817400750fd13655/src/internal/abi/escape.go#L24-L33 ++func mkcgoEscapePtrCryptokit(p unsafe.Pointer) unsafe.Pointer { ++ if _mkcgoAlwaysFalseCryptokit { ++ _mkcgoEscapeSinkCryptokit = p ++ } ++ return p ++} ++ ++//go:linkname go_MD5 go_MD5 ++//go:linkname go_SHA1 go_SHA1 ++//go:linkname go_SHA256 go_SHA256 ++//go:linkname go_SHA384 go_SHA384 ++//go:linkname go_SHA3_256 go_SHA3_256 ++//go:linkname go_SHA3_384 go_SHA3_384 ++//go:linkname go_SHA3_512 go_SHA3_512 ++//go:linkname go_SHA512 go_SHA512 ++//go:linkname go_copyHMAC go_copyHMAC ++//go:linkname go_decapsulateMLKEM1024 go_decapsulateMLKEM1024 ++//go:linkname go_decapsulateMLKEM768 go_decapsulateMLKEM768 ++//go:linkname go_decryptAESGCM go_decryptAESGCM ++//go:linkname go_decryptChaChaPoly go_decryptChaChaPoly ++//go:linkname go_deriveEncapsulationKeyMLKEM1024 go_deriveEncapsulationKeyMLKEM1024 ++//go:linkname go_deriveEncapsulationKeyMLKEM768 go_deriveEncapsulationKeyMLKEM768 ++//go:linkname go_derivePublicKeyMLDSA65 go_derivePublicKeyMLDSA65 ++//go:linkname go_derivePublicKeyMLDSA87 go_derivePublicKeyMLDSA87 ++//go:linkname go_ecdhSharedSecret go_ecdhSharedSecret ++//go:linkname go_ecdsaSign go_ecdsaSign ++//go:linkname go_ecdsaVerify go_ecdsaVerify ++//go:linkname go_encapsulateMLKEM1024 go_encapsulateMLKEM1024 ++//go:linkname go_encapsulateMLKEM768 go_encapsulateMLKEM768 ++//go:linkname go_encryptAESGCM go_encryptAESGCM ++//go:linkname go_encryptChaChaPoly go_encryptChaChaPoly ++//go:linkname go_expandHKDF go_expandHKDF ++//go:linkname go_extractHKDF go_extractHKDF ++//go:linkname go_finalizeHMAC go_finalizeHMAC ++//go:linkname go_freeHMAC go_freeHMAC ++//go:linkname go_generateKeyECDH go_generateKeyECDH ++//go:linkname go_generateKeyECDSA go_generateKeyECDSA ++//go:linkname go_generateKeyEd25519 go_generateKeyEd25519 ++//go:linkname go_generateKeyMLDSA65 go_generateKeyMLDSA65 ++//go:linkname go_generateKeyMLDSA87 go_generateKeyMLDSA87 ++//go:linkname go_generateKeyMLKEM1024 go_generateKeyMLKEM1024 ++//go:linkname go_generateKeyMLKEM768 go_generateKeyMLKEM768 ++//go:linkname go_hashBlockSize go_hashBlockSize ++//go:linkname go_hashCopy go_hashCopy ++//go:linkname go_hashFree go_hashFree ++//go:linkname go_hashNew go_hashNew ++//go:linkname go_hashReset go_hashReset ++//go:linkname go_hashSize go_hashSize ++//go:linkname go_hashSum go_hashSum ++//go:linkname go_hashWrite go_hashWrite ++//go:linkname go_initHMAC go_initHMAC ++//go:linkname go_newPrivateKeyEd25519FromSeed go_newPrivateKeyEd25519FromSeed ++//go:linkname go_newPublicKeyEd25519 go_newPublicKeyEd25519 ++//go:linkname go_publicKeyFromPrivateECDH go_publicKeyFromPrivateECDH ++//go:linkname go_signEd25519 go_signEd25519 ++//go:linkname go_signMLDSA65 go_signMLDSA65 ++//go:linkname go_signMLDSA87 go_signMLDSA87 ++//go:linkname go_supportsMLDSA go_supportsMLDSA ++//go:linkname go_supportsMLKEM go_supportsMLKEM ++//go:linkname go_supportsSHA3 go_supportsSHA3 ++//go:linkname go_updateHMAC go_updateHMAC ++//go:linkname go_validatePrivateKeyECDH go_validatePrivateKeyECDH ++//go:linkname go_validatePublicKeyECDH go_validatePublicKeyECDH ++//go:linkname go_validatePublicKeyMLDSA65 go_validatePublicKeyMLDSA65 ++//go:linkname go_validatePublicKeyMLDSA87 go_validatePublicKeyMLDSA87 ++//go:linkname go_verifyEd25519 go_verifyEd25519 ++//go:linkname go_verifyMLDSA65 go_verifyMLDSA65 ++//go:linkname go_verifyMLDSA87 go_verifyMLDSA87 ++ ++var go_MD5 byte ++var go_SHA1 byte ++var go_SHA256 byte ++var go_SHA384 byte ++var go_SHA3_256 byte ++var go_SHA3_384 byte ++var go_SHA3_512 byte ++var go_SHA512 byte ++var go_copyHMAC byte ++var go_decapsulateMLKEM1024 byte ++var go_decapsulateMLKEM768 byte ++var go_decryptAESGCM byte ++var go_decryptChaChaPoly byte ++var go_deriveEncapsulationKeyMLKEM1024 byte ++var go_deriveEncapsulationKeyMLKEM768 byte ++var go_derivePublicKeyMLDSA65 byte ++var go_derivePublicKeyMLDSA87 byte ++var go_ecdhSharedSecret byte ++var go_ecdsaSign byte ++var go_ecdsaVerify byte ++var go_encapsulateMLKEM1024 byte ++var go_encapsulateMLKEM768 byte ++var go_encryptAESGCM byte ++var go_encryptChaChaPoly byte ++var go_expandHKDF byte ++var go_extractHKDF byte ++var go_finalizeHMAC byte ++var go_freeHMAC byte ++var go_generateKeyECDH byte ++var go_generateKeyECDSA byte ++var go_generateKeyEd25519 byte ++var go_generateKeyMLDSA65 byte ++var go_generateKeyMLDSA87 byte ++var go_generateKeyMLKEM1024 byte ++var go_generateKeyMLKEM768 byte ++var go_hashBlockSize byte ++var go_hashCopy byte ++var go_hashFree byte ++var go_hashNew byte ++var go_hashReset byte ++var go_hashSize byte ++var go_hashSum byte ++var go_hashWrite byte ++var go_initHMAC byte ++var go_newPrivateKeyEd25519FromSeed byte ++var go_newPublicKeyEd25519 byte ++var go_publicKeyFromPrivateECDH byte ++var go_signEd25519 byte ++var go_signMLDSA65 byte ++var go_signMLDSA87 byte ++var go_supportsMLDSA byte ++var go_supportsMLKEM byte ++var go_supportsSHA3 byte ++var go_updateHMAC byte ++var go_validatePrivateKeyECDH byte ++var go_validatePublicKeyECDH byte ++var go_validatePublicKeyMLDSA65 byte ++var go_validatePublicKeyMLDSA87 byte ++var go_verifyEd25519 byte ++var go_verifyMLDSA65 byte ++var go_verifyMLDSA87 byte ++ ++func MD5(inputPointer []uint8, outputPointer []uint8) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_MD5)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func SHA1(inputPointer []uint8, outputPointer []uint8) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_SHA1)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func SHA256(inputPointer []uint8, outputPointer []uint8) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_SHA256)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func SHA384(inputPointer []uint8, outputPointer []uint8) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_SHA384)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func SHA3_256(inputPointer []uint8, outputPointer []uint8) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_SHA3_256)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func SHA3_384(inputPointer []uint8, outputPointer []uint8) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_SHA3_384)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func SHA3_512(inputPointer []uint8, outputPointer []uint8) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_SHA3_512)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func SHA512(inputPointer []uint8, outputPointer []uint8) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_SHA512)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func CopyHMAC(hashAlgorithm int32, ptr unsafe.Pointer) unsafe.Pointer { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_copyHMAC)), uintptr(hashAlgorithm), uintptr(ptr)) ++ return unsafe.Pointer(r0) ++} ++ ++func DecapsulateMLKEM1024(seed []uint8, ciphertext []uint8, sharedKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_decapsulateMLKEM1024)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(ciphertext))), uintptr(len(ciphertext)), uintptr(unsafe.Pointer(unsafe.SliceData(sharedKey))), uintptr(len(sharedKey))) ++ return int64(r0) ++} ++ ++func DecapsulateMLKEM768(seed []uint8, ciphertext []uint8, sharedKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_decapsulateMLKEM768)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(ciphertext))), uintptr(len(ciphertext)), uintptr(unsafe.Pointer(unsafe.SliceData(sharedKey))), uintptr(len(sharedKey))) ++ return int64(r0) ++} ++ ++func DecryptAESGCM(key []uint8, data []uint8, nonce []uint8, aad []uint8, tag []uint8, out []uint8, outLength *int) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_decryptAESGCM)), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key)), uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data)), uintptr(unsafe.Pointer(unsafe.SliceData(nonce))), uintptr(len(nonce)), uintptr(unsafe.Pointer(unsafe.SliceData(aad))), uintptr(len(aad)), uintptr(unsafe.Pointer(unsafe.SliceData(tag))), uintptr(len(tag)), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(unsafe.Pointer(outLength))) ++ return int64(r0) ++} ++ ++func DecryptChaChaPoly(key []uint8, data []uint8, nonce []uint8, aad []uint8, tag []uint8, out []uint8, outLength *int) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_decryptChaChaPoly)), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key)), uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data)), uintptr(unsafe.Pointer(unsafe.SliceData(nonce))), uintptr(len(nonce)), uintptr(unsafe.Pointer(unsafe.SliceData(aad))), uintptr(len(aad)), uintptr(unsafe.Pointer(unsafe.SliceData(tag))), uintptr(len(tag)), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(unsafe.Pointer(outLength))) ++ return int64(r0) ++} ++ ++func DeriveEncapsulationKeyMLKEM1024(seed []uint8, encapKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_deriveEncapsulationKeyMLKEM1024)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(encapKey))), uintptr(len(encapKey))) ++ return int64(r0) ++} ++ ++func DeriveEncapsulationKeyMLKEM768(seed []uint8, encapKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_deriveEncapsulationKeyMLKEM768)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(encapKey))), uintptr(len(encapKey))) ++ return int64(r0) ++} ++ ++func DerivePublicKeyMLDSA65(seed []uint8, publicKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_derivePublicKeyMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) ++ return int64(r0) ++} ++ ++func DerivePublicKeyMLDSA87(seed []uint8, publicKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_derivePublicKeyMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) ++ return int64(r0) ++} ++ ++func EcdhSharedSecret(curveID int32, privateKey []uint8, publicKey []uint8, sharedSecret []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_ecdhSharedSecret)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(privateKey))), uintptr(len(privateKey)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey)), uintptr(unsafe.Pointer(unsafe.SliceData(sharedSecret))), uintptr(len(sharedSecret))) ++ return int64(r0) ++} ++ ++func EcdsaSign(curveID int32, d []uint8, message []uint8, signature []uint8, signatureLen *int64) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_ecdsaSign)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(d))), uintptr(len(d)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(unsafe.Pointer(signatureLen))) ++ return int64(r0) ++} ++ ++func EcdsaVerify(curveID int32, x []uint8, y []uint8, message []uint8, signature []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_ecdsaVerify)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(x))), uintptr(len(x)), uintptr(unsafe.Pointer(unsafe.SliceData(y))), uintptr(len(y)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(len(signature))) ++ return int64(r0) ++} ++ ++func EncapsulateMLKEM1024(encapKey []uint8, sharedKey []uint8, ciphertext []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_encapsulateMLKEM1024)), uintptr(unsafe.Pointer(unsafe.SliceData(encapKey))), uintptr(len(encapKey)), uintptr(unsafe.Pointer(unsafe.SliceData(sharedKey))), uintptr(len(sharedKey)), uintptr(unsafe.Pointer(unsafe.SliceData(ciphertext))), uintptr(len(ciphertext))) ++ return int64(r0) ++} ++ ++func EncapsulateMLKEM768(encapKey []uint8, sharedKey []uint8, ciphertext []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_encapsulateMLKEM768)), uintptr(unsafe.Pointer(unsafe.SliceData(encapKey))), uintptr(len(encapKey)), uintptr(unsafe.Pointer(unsafe.SliceData(sharedKey))), uintptr(len(sharedKey)), uintptr(unsafe.Pointer(unsafe.SliceData(ciphertext))), uintptr(len(ciphertext))) ++ return int64(r0) ++} ++ ++func EncryptAESGCM(key []uint8, data []uint8, nonce []uint8, aad []uint8, cipherText []uint8, tag []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_encryptAESGCM)), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key)), uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data)), uintptr(unsafe.Pointer(unsafe.SliceData(nonce))), uintptr(len(nonce)), uintptr(unsafe.Pointer(unsafe.SliceData(aad))), uintptr(len(aad)), uintptr(unsafe.Pointer(unsafe.SliceData(cipherText))), uintptr(len(cipherText)), uintptr(unsafe.Pointer(unsafe.SliceData(tag)))) ++ return int64(r0) ++} ++ ++func EncryptChaChaPoly(key []uint8, data []uint8, nonce []uint8, aad []uint8, cipherText []uint8, tag []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_encryptChaChaPoly)), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key)), uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data)), uintptr(unsafe.Pointer(unsafe.SliceData(nonce))), uintptr(len(nonce)), uintptr(unsafe.Pointer(unsafe.SliceData(aad))), uintptr(len(aad)), uintptr(unsafe.Pointer(unsafe.SliceData(cipherText))), uintptr(len(cipherText)), uintptr(unsafe.Pointer(unsafe.SliceData(tag)))) ++ return int64(r0) ++} ++ ++func ExpandHKDF(hashFunction int32, prk []uint8, info []uint8, okm []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_expandHKDF)), uintptr(hashFunction), uintptr(unsafe.Pointer(unsafe.SliceData(prk))), uintptr(len(prk)), uintptr(unsafe.Pointer(unsafe.SliceData(info))), uintptr(len(info)), uintptr(unsafe.Pointer(unsafe.SliceData(okm))), uintptr(len(okm))) ++ return int64(r0) ++} ++ ++func ExtractHKDF(hashFunction int32, secret []uint8, salt []uint8, prk []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_extractHKDF)), uintptr(hashFunction), uintptr(unsafe.Pointer(unsafe.SliceData(secret))), uintptr(len(secret)), uintptr(unsafe.Pointer(unsafe.SliceData(salt))), uintptr(len(salt)), uintptr(unsafe.Pointer(unsafe.SliceData(prk))), uintptr(len(prk))) ++ return int64(r0) ++} ++ ++func FinalizeHMAC(hashFunction int32, ptr unsafe.Pointer, outputPointer []uint8) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_finalizeHMAC)), uintptr(hashFunction), uintptr(ptr), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func FreeHMAC(hashFunction int32, ptr unsafe.Pointer) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_freeHMAC)), uintptr(hashFunction), uintptr(ptr)) ++} ++ ++func GenerateKeyECDH(curveID int32, privateKey []uint8, publicKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyECDH)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(privateKey))), uintptr(len(privateKey)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) ++ return int64(r0) ++} ++ ++func GenerateKeyECDSA(curveID int32, x []uint8, y []uint8, d []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyECDSA)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(x))), uintptr(len(x)), uintptr(unsafe.Pointer(unsafe.SliceData(y))), uintptr(len(y)), uintptr(unsafe.Pointer(unsafe.SliceData(d))), uintptr(len(d))) ++ return int64(r0) ++} ++ ++func GenerateKeyEd25519(key []uint8) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyEd25519)), uintptr(unsafe.Pointer(unsafe.SliceData(key)))) ++} ++ ++func GenerateKeyMLDSA65(seed []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed))) ++ return int64(r0) ++} ++ ++func GenerateKeyMLDSA87(seed []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed))) ++ return int64(r0) ++} ++ ++func GenerateKeyMLKEM1024(seed []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyMLKEM1024)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed))) ++ return int64(r0) ++} ++ ++func GenerateKeyMLKEM768(seed []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyMLKEM768)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed))) ++ return int64(r0) ++} ++ ++func HashBlockSize(hashAlgorithm int32) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_hashBlockSize)), uintptr(hashAlgorithm)) ++ return int64(r0) ++} ++ ++func HashCopy(hashAlgorithm int32, ptr unsafe.Pointer) unsafe.Pointer { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_hashCopy)), uintptr(hashAlgorithm), uintptr(ptr)) ++ return unsafe.Pointer(r0) ++} ++ ++func HashFree(hashAlgorithm int32, ptr unsafe.Pointer) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_hashFree)), uintptr(hashAlgorithm), uintptr(ptr)) ++} ++ ++func HashNew(hashAlgorithm int32) unsafe.Pointer { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_hashNew)), uintptr(hashAlgorithm)) ++ return unsafe.Pointer(r0) ++} ++ ++func HashReset(hashAlgorithm int32, ptr unsafe.Pointer) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_hashReset)), uintptr(hashAlgorithm), uintptr(ptr)) ++} ++ ++func HashSize(hashAlgorithm int32) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_hashSize)), uintptr(hashAlgorithm)) ++ return int64(r0) ++} ++ ++func HashSum(hashAlgorithm int32, ptr unsafe.Pointer, outputPointer []uint8) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_hashSum)), uintptr(hashAlgorithm), uintptr(ptr), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++} ++ ++func HashWrite(hashAlgorithm int32, ptr unsafe.Pointer, data []uint8) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_hashWrite)), uintptr(hashAlgorithm), uintptr(ptr), uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data))) ++} ++ ++func InitHMAC(hashFunction int32, key []uint8) unsafe.Pointer { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_initHMAC)), uintptr(hashFunction), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key))) ++ return unsafe.Pointer(r0) ++} ++ ++func NewPrivateKeyEd25519FromSeed(key []uint8, seed []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_newPrivateKeyEd25519FromSeed)), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(unsafe.Pointer(unsafe.SliceData(seed)))) ++ return int64(r0) ++} ++ ++func NewPublicKeyEd25519(key []uint8, pub []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_newPublicKeyEd25519)), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(unsafe.Pointer(unsafe.SliceData(pub)))) ++ return int64(r0) ++} ++ ++func PublicKeyFromPrivateECDH(curveID int32, privateKey []uint8, publicKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_publicKeyFromPrivateECDH)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(privateKey))), uintptr(len(privateKey)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) ++ return int64(r0) ++} ++ ++func SignEd25519(privateKey []uint8, message []uint8, sigBuffer []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_signEd25519)), uintptr(unsafe.Pointer(unsafe.SliceData(privateKey))), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(sigBuffer)))) ++ return int64(r0) ++} ++ ++func SignMLDSA65(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_signMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(context))), uintptr(len(context)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(unsafe.Pointer(signatureLen))) ++ return int64(r0) ++} ++ ++func SignMLDSA87(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_signMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(context))), uintptr(len(context)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(unsafe.Pointer(signatureLen))) ++ return int64(r0) ++} ++ ++func SupportsMLDSA() int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_supportsMLDSA))) ++ return int64(r0) ++} ++ ++func SupportsMLKEM() int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_supportsMLKEM))) ++ return int64(r0) ++} ++ ++func SupportsSHA3() int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_supportsSHA3))) ++ return int64(r0) ++} ++ ++func UpdateHMAC(hashFunction int32, ptr unsafe.Pointer, data []uint8) { ++ syscallN(0, uintptr(unsafe.Pointer(&go_updateHMAC)), uintptr(hashFunction), uintptr(ptr), uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data))) ++} ++ ++func ValidatePrivateKeyECDH(curveID int32, privateKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_validatePrivateKeyECDH)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(privateKey))), uintptr(len(privateKey))) ++ return int64(r0) ++} ++ ++func ValidatePublicKeyECDH(curveID int32, publicKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_validatePublicKeyECDH)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) ++ return int64(r0) ++} ++ ++func ValidatePublicKeyMLDSA65(publicKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_validatePublicKeyMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) ++ return int64(r0) ++} ++ ++func ValidatePublicKeyMLDSA87(publicKey []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_validatePublicKeyMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) ++ return int64(r0) ++} ++ ++func VerifyEd25519(publicKey []uint8, message []uint8, sig []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_verifyEd25519)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(sig)))) ++ return int64(r0) ++} ++ ++func VerifyMLDSA65(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_verifyMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(context))), uintptr(len(context)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(len(signature))) ++ return int64(r0) ++} ++ ++func VerifyMLDSA87(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 { ++ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_verifyMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(context))), uintptr(len(context)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(len(signature))) ++ return int64(r0) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_amd64.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_amd64.go +new file mode 100644 +index 00000000000000..2b9858f5e5ce80 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_amd64.go +@@ -0,0 +1,307 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++// Code generated by genswiftimports. DO NOT EDIT. ++ ++//go:build !cgo && darwin && amd64 ++ ++package cryptokit ++ ++//go:cgo_import_dynamic $s10Foundation12DataProtocolPAAE9copyBytes2toSiSw_tF $s10Foundation12DataProtocolPAAE9copyBytes2toSiSw_tF "" ++//go:cgo_import_dynamic $s10Foundation15ContiguousBytesP010withUnsafeC0yqd__qd__SWKXEKlFTj $s10Foundation15ContiguousBytesP010withUnsafeC0yqd__qd__SWKXEKlFTj "" ++//go:cgo_import_dynamic $s10Foundation4DataV15withUnsafeBytesyxxSWKXEKlF $s10Foundation4DataV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s10Foundation4DataV5bytes5countACSV_SitcfC $s10Foundation4DataV5bytes5countACSV_SitcfC "" ++//go:cgo_import_dynamic $s10Foundation4DataV5countSivg $s10Foundation4DataV5countSivg "" ++//go:cgo_import_dynamic $s10Foundation4DataV9copyBytes2to5countySpys5UInt8VG_SitF $s10Foundation4DataV9copyBytes2to5countySpys5UInt8VG_SitF "" ++//go:cgo_import_dynamic $s10Foundation4DataV9repeating5countACs5UInt8V_SitcfC $s10Foundation4DataV9repeating5countACs5UInt8V_SitcfC "" ++//go:cgo_import_dynamic $s10Foundation4DataVAA0B8ProtocolAAMc $s10Foundation4DataVAA0B8ProtocolAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $s10Foundation4DataVAA15ContiguousBytesAAWP $s10Foundation4DataVAA15ContiguousBytesAAWP "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $s10Foundation4DataVACycfC $s10Foundation4DataVACycfC "" ++//go:cgo_import_dynamic $s10Foundation4DataVN $s10Foundation4DataVN "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $s10Foundation4DataVSKAAMc $s10Foundation4DataVSKAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $s10Foundation4DataVSTAAMc $s10Foundation4DataVSTAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $s10Foundation4DataVSlAAMc $s10Foundation4DataVSlAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $s10Foundation4DataVSmAAMc $s10Foundation4DataVSmAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $s10Foundation4DataVyACxcSTRzs5UInt8V7ElementRtzlufC $s10Foundation4DataVyACxcSTRzs5UInt8V7ElementRtzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO4open_5using14authenticating10Foundation4DataVAC9SealedBoxV_AA12SymmetricKeyVxtKAG0I8ProtocolRzlFZ $s9CryptoKit03ChaC4PolyO4open_5using14authenticating10Foundation4DataVAC9SealedBoxV_AA12SymmetricKeyVxtKAG0I8ProtocolRzlFZ "" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO4seal_5using5nonce14authenticatingAC9SealedBoxVx_AA12SymmetricKeyVAC5NonceVSgq_tK10Foundation12DataProtocolRzAoPR_r0_lFZ $s9CryptoKit03ChaC4PolyO4seal_5using5nonce14authenticatingAC9SealedBoxVx_AA12SymmetricKeyVAC5NonceVSgq_tK10Foundation12DataProtocolRzAoPR_r0_lFZ "" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO5NonceV4dataAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit03ChaC4PolyO5NonceV4dataAEx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO5NonceVMa $s9CryptoKit03ChaC4PolyO5NonceVMa "" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO5NonceVMn $s9CryptoKit03ChaC4PolyO5NonceVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO9SealedBoxV10ciphertext10Foundation4DataVvg $s9CryptoKit03ChaC4PolyO9SealedBoxV10ciphertext10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO9SealedBoxV3tag10Foundation4DataVvg $s9CryptoKit03ChaC4PolyO9SealedBoxV3tag10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO9SealedBoxV5nonce10ciphertext3tagAeC5NonceV_xq_tKc10Foundation12DataProtocolRzAkLR_r0_lufC $s9CryptoKit03ChaC4PolyO9SealedBoxV5nonce10ciphertext3tagAeC5NonceV_xq_tKc10Foundation12DataProtocolRzAkLR_r0_lufC "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0VMa $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VAGycfC $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VAGycfC "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VMa $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV9signature3for10Foundation4DataVx_tKAJ0J8ProtocolRzlF $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV9signature3for10Foundation4DataVx_tKAJ0J8ProtocolRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVAGycfC $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVAGycfC "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVMa $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAjKR_r0_lF $s9CryptoKit10Curve25519O7SigningO9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAjKR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMa $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMn $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit12HashFunctionPAAE4hash4data6DigestQzqd___t10Foundation12DataProtocolRd__lFZ $s9CryptoKit12HashFunctionPAAE4hash4data6DigestQzqd___t10Foundation12DataProtocolRd__lFZ "" ++//go:cgo_import_dynamic $s9CryptoKit12HashFunctionPAAE6update4datayqd___t10Foundation12DataProtocolRd__lF $s9CryptoKit12HashFunctionPAAE6update4datayqd___t10Foundation12DataProtocolRd__lF "" ++//go:cgo_import_dynamic $s9CryptoKit12SHA256DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SHA256DigestV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s9CryptoKit12SHA256DigestVAA0D0AAMc $s9CryptoKit12SHA256DigestVAA0D0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit12SHA256DigestVMa $s9CryptoKit12SHA256DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit12SHA384DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SHA384DigestV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s9CryptoKit12SHA384DigestVAA0D0AAMc $s9CryptoKit12SHA384DigestVAA0D0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit12SHA384DigestVMa $s9CryptoKit12SHA384DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit12SHA512DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SHA512DigestV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s9CryptoKit12SHA512DigestVAA0D0AAMc $s9CryptoKit12SHA512DigestVAA0D0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit12SHA512DigestVMa $s9CryptoKit12SHA512DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit12SharedSecretV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SharedSecretV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s9CryptoKit12SharedSecretVMa $s9CryptoKit12SharedSecretVMa "" ++//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyV10Foundation15ContiguousBytesAAMc $s9CryptoKit12SymmetricKeyV10Foundation15ContiguousBytesAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SymmetricKeyV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyV4dataACx_tc10Foundation15ContiguousBytesRzlufC $s9CryptoKit12SymmetricKeyV4dataACx_tc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyVMa $s9CryptoKit12SymmetricKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit14SHA3_256DigestVMa $s9CryptoKit14SHA3_256DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit14SHA3_256DigestVSTAAMc $s9CryptoKit14SHA3_256DigestVSTAAMc "" ++//go:cgo_import_dynamic $s9CryptoKit14SHA3_384DigestVMa $s9CryptoKit14SHA3_384DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit14SHA3_384DigestVSTAAMc $s9CryptoKit14SHA3_384DigestVSTAAMc "" ++//go:cgo_import_dynamic $s9CryptoKit14SHA3_512DigestVMa $s9CryptoKit14SHA3_512DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit14SHA3_512DigestVSTAAMc $s9CryptoKit14SHA3_512DigestVSTAAMc "" ++//go:cgo_import_dynamic $s9CryptoKit24HashedAuthenticationCodeVMn $s9CryptoKit24HashedAuthenticationCodeVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit24HashedAuthenticationCodeVyxGAA07MessagedE0AAMc $s9CryptoKit24HashedAuthenticationCodeVyxGAA07MessagedE0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit24HashedAuthenticationCodeVyxGSTAAMc $s9CryptoKit24HashedAuthenticationCodeVyxGSTAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO4open_5using14authenticating10Foundation4DataVAE9SealedBoxV_AA12SymmetricKeyVxtKAI0I8ProtocolRzlFZ $s9CryptoKit3AESO3GCMO4open_5using14authenticating10Foundation4DataVAE9SealedBoxV_AA12SymmetricKeyVxtKAI0I8ProtocolRzlFZ "" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO4seal_5using5nonce14authenticatingAE9SealedBoxVx_AA12SymmetricKeyVAE5NonceVSgq_tK10Foundation12DataProtocolRzAqRR_r0_lFZ $s9CryptoKit3AESO3GCMO4seal_5using5nonce14authenticatingAE9SealedBoxVx_AA12SymmetricKeyVAE5NonceVSgq_tK10Foundation12DataProtocolRzAqRR_r0_lFZ "" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO5NonceV4dataAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit3AESO3GCMO5NonceV4dataAGx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO5NonceVMa $s9CryptoKit3AESO3GCMO5NonceVMa "" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO5NonceVMn $s9CryptoKit3AESO3GCMO5NonceVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxV10ciphertext10Foundation4DataVvg $s9CryptoKit3AESO3GCMO9SealedBoxV10ciphertext10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxV3tag10Foundation4DataVvg $s9CryptoKit3AESO3GCMO9SealedBoxV3tag10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxV5nonce10ciphertext3tagAgE5NonceV_xq_tKc10Foundation12DataProtocolRzAmNR_r0_lufC $s9CryptoKit3AESO3GCMO9SealedBoxV5nonce10ciphertext3tagAgE5NonceV_xq_tKc10Foundation12DataProtocolRzAmNR_r0_lufC "" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxVMa $s9CryptoKit3AESO3GCMO9SealedBoxVMa "" ++//go:cgo_import_dynamic $s9CryptoKit3KEMO19EncapsulationResultV12encapsulated10Foundation4DataVvg $s9CryptoKit3KEMO19EncapsulationResultV12encapsulated10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit3KEMO19EncapsulationResultV12sharedSecretAA12SymmetricKeyVvg $s9CryptoKit3KEMO19EncapsulationResultV12sharedSecretAA12SymmetricKeyVvg "" ++//go:cgo_import_dynamic $s9CryptoKit3KEMO19EncapsulationResultVMa $s9CryptoKit3KEMO19EncapsulationResultVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4HKDFV6expand15pseudoRandomKey4info15outputByteCountAA09SymmetricG0Vqd___qd_0_SgSit10Foundation15ContiguousBytesRd__AK12DataProtocolRd_0_r0_lFZ $s9CryptoKit4HKDFV6expand15pseudoRandomKey4info15outputByteCountAA09SymmetricG0Vqd___qd_0_SgSit10Foundation15ContiguousBytesRd__AK12DataProtocolRd_0_r0_lFZ "" ++//go:cgo_import_dynamic $s9CryptoKit4HKDFV7extract16inputKeyMaterial4saltAA24HashedAuthenticationCodeVyxGAA09SymmetricF0V_qd__Sgt10Foundation12DataProtocolRd__lFZ $s9CryptoKit4HKDFV7extract16inputKeyMaterial4saltAA24HashedAuthenticationCodeVyxGAA09SymmetricF0V_qd__Sgt10Foundation12DataProtocolRd__lFZ "" ++//go:cgo_import_dynamic $s9CryptoKit4HMACV3keyACyxGAA12SymmetricKeyV_tcfC $s9CryptoKit4HMACV3keyACyxGAA12SymmetricKeyV_tcfC "" ++//go:cgo_import_dynamic $s9CryptoKit4HMACV6update4datayqd___t10Foundation12DataProtocolRd__lF $s9CryptoKit4HMACV6update4datayqd___t10Foundation12DataProtocolRd__lF "" ++//go:cgo_import_dynamic $s9CryptoKit4HMACV8finalizeAA24HashedAuthenticationCodeVyxGyF $s9CryptoKit4HMACV8finalizeAA24HashedAuthenticationCodeVyxGyF "" ++//go:cgo_import_dynamic $s9CryptoKit4HMACVMn $s9CryptoKit4HMACVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO06PublicD0VMa $s9CryptoKit4P256O12KeyAgreementO06PublicD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0VMa $s9CryptoKit4P256O12KeyAgreementO07PrivateD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit4P256O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC $s9CryptoKit4P256O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF $s9CryptoKit4P256O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyVMa $s9CryptoKit4P256O7SigningO10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO14ECDSASignatureVMa $s9CryptoKit4P256O7SigningO14ECDSASignatureVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF $s9CryptoKit4P256O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyVMa $s9CryptoKit4P256O7SigningO9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO06PublicD0VMa $s9CryptoKit4P384O12KeyAgreementO06PublicD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0VMa $s9CryptoKit4P384O12KeyAgreementO07PrivateD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit4P384O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC $s9CryptoKit4P384O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF $s9CryptoKit4P384O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyVMa $s9CryptoKit4P384O7SigningO10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO14ECDSASignatureVMa $s9CryptoKit4P384O7SigningO14ECDSASignatureVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF $s9CryptoKit4P384O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyVMa $s9CryptoKit4P384O7SigningO9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO06PublicD0VMa $s9CryptoKit4P521O12KeyAgreementO06PublicD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0VMa $s9CryptoKit4P521O12KeyAgreementO07PrivateD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit4P521O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC $s9CryptoKit4P521O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF $s9CryptoKit4P521O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyVMa $s9CryptoKit4P521O7SigningO10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO14ECDSASignatureVMa $s9CryptoKit4P521O7SigningO14ECDSASignatureVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF $s9CryptoKit4P521O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyVMa $s9CryptoKit4P521O7SigningO9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit6DigestP9byteCountSivgZTj $s9CryptoKit6DigestP9byteCountSivgZTj "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA256V14blockByteCountSivgZ $s9CryptoKit6SHA256V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA256V8finalizeAA0C6DigestVyF $s9CryptoKit6SHA256V8finalizeAA0C6DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA256V9byteCountSivgZ $s9CryptoKit6SHA256V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA256VAA12HashFunctionAAMc $s9CryptoKit6SHA256VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit6SHA256VACycfC $s9CryptoKit6SHA256VACycfC "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA256VMa $s9CryptoKit6SHA256VMa "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA256VMn $s9CryptoKit6SHA256VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit6SHA384V14blockByteCountSivgZ $s9CryptoKit6SHA384V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA384V8finalizeAA0C6DigestVyF $s9CryptoKit6SHA384V8finalizeAA0C6DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA384V9byteCountSivgZ $s9CryptoKit6SHA384V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA384VAA12HashFunctionAAMc $s9CryptoKit6SHA384VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit6SHA384VACycfC $s9CryptoKit6SHA384VACycfC "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA384VMa $s9CryptoKit6SHA384VMa "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA384VMn $s9CryptoKit6SHA384VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit6SHA512V14blockByteCountSivgZ $s9CryptoKit6SHA512V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA512V8finalizeAA0C6DigestVyF $s9CryptoKit6SHA512V8finalizeAA0C6DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA512V9byteCountSivgZ $s9CryptoKit6SHA512V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA512VAA12HashFunctionAAMc $s9CryptoKit6SHA512VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit6SHA512VACycfC $s9CryptoKit6SHA512VACycfC "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA512VMa $s9CryptoKit6SHA512VMa "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA512VMn $s9CryptoKit6SHA512VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit7MLDSA65O10PrivateKeyV06publicE0AC06PublicE0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyVAEyKcfC $s9CryptoKit7MLDSA65O10PrivateKeyVAEyKcfC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyVMa $s9CryptoKit7MLDSA65O10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyVMa $s9CryptoKit7MLDSA65O9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyVMn $s9CryptoKit7MLDSA65O9PublicKeyVMn "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit7MLDSA87O10PrivateKeyV06publicE0AC06PublicE0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyVAEyKcfC $s9CryptoKit7MLDSA87O10PrivateKeyVAEyKcfC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyVMa $s9CryptoKit7MLDSA87O10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyVMa $s9CryptoKit7MLDSA87O9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyVMn $s9CryptoKit7MLDSA87O9PublicKeyVMn "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO10SHA1DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit8InsecureO10SHA1DigestV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO10SHA1DigestVMa $s9CryptoKit8InsecureO10SHA1DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5V14blockByteCountSivgZ $s9CryptoKit8InsecureO3MD5V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5V8finalizeAC0D6DigestVyF $s9CryptoKit8InsecureO3MD5V8finalizeAC0D6DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5V9byteCountSivgZ $s9CryptoKit8InsecureO3MD5V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VAA12HashFunctionAAMc $s9CryptoKit8InsecureO3MD5VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VAEycfC $s9CryptoKit8InsecureO3MD5VAEycfC "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VMa $s9CryptoKit8InsecureO3MD5VMa "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VMn $s9CryptoKit8InsecureO3MD5VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1V14blockByteCountSivgZ $s9CryptoKit8InsecureO4SHA1V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1V8finalizeAC0D6DigestVyF $s9CryptoKit8InsecureO4SHA1V8finalizeAC0D6DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1V9byteCountSivgZ $s9CryptoKit8InsecureO4SHA1V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VAA12HashFunctionAAMc $s9CryptoKit8InsecureO4SHA1VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VAEycfC $s9CryptoKit8InsecureO4SHA1VAEycfC "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VMa $s9CryptoKit8InsecureO4SHA1VMa "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VMn $s9CryptoKit8InsecureO4SHA1VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO9MD5DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit8InsecureO9MD5DigestV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO9MD5DigestVMa $s9CryptoKit8InsecureO9MD5DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit8MLKEM768O10PrivateKeyV06publicE0AC06PublicE0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF $s9CryptoKit8MLKEM768O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyVAEyKcfC $s9CryptoKit8MLKEM768O10PrivateKeyVAEyKcfC "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyVMa $s9CryptoKit8MLKEM768O10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF $s9CryptoKit8MLKEM768O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyVMa $s9CryptoKit8MLKEM768O9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyVMn $s9CryptoKit8MLKEM768O9PublicKeyVMn "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_256V14blockByteCountSivgZ $s9CryptoKit8SHA3_256V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_256V8finalizeAA0C10_256DigestVyF $s9CryptoKit8SHA3_256V8finalizeAA0C10_256DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_256V9byteCountSivgZ $s9CryptoKit8SHA3_256V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_256VAA12HashFunctionAAMc $s9CryptoKit8SHA3_256VAA12HashFunctionAAMc "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_256VACycfC $s9CryptoKit8SHA3_256VACycfC "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_256VMa $s9CryptoKit8SHA3_256VMa "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_384V14blockByteCountSivgZ $s9CryptoKit8SHA3_384V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_384V8finalizeAA0C10_384DigestVyF $s9CryptoKit8SHA3_384V8finalizeAA0C10_384DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_384V9byteCountSivgZ $s9CryptoKit8SHA3_384V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_384VAA12HashFunctionAAMc $s9CryptoKit8SHA3_384VAA12HashFunctionAAMc "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_384VACycfC $s9CryptoKit8SHA3_384VACycfC "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_384VMa $s9CryptoKit8SHA3_384VMa "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_512V14blockByteCountSivgZ $s9CryptoKit8SHA3_512V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_512V8finalizeAA0C10_512DigestVyF $s9CryptoKit8SHA3_512V8finalizeAA0C10_512DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_512V9byteCountSivgZ $s9CryptoKit8SHA3_512V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_512VAA12HashFunctionAAMc $s9CryptoKit8SHA3_512VAA12HashFunctionAAMc "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_512VACycfC $s9CryptoKit8SHA3_512VACycfC "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_512VMa $s9CryptoKit8SHA3_512VMa "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit9MLKEM1024O10PrivateKeyV06publicE0AC06PublicE0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF $s9CryptoKit9MLKEM1024O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyVAEyKcfC $s9CryptoKit9MLKEM1024O10PrivateKeyVAEyKcfC "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyVMa $s9CryptoKit9MLKEM1024O10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF $s9CryptoKit9MLKEM1024O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyVMa $s9CryptoKit9MLKEM1024O9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyVMn $s9CryptoKit9MLKEM1024O9PublicKeyVMn "" ++//go:cgo_import_dynamic $sSKsE6suffixy11SubSequenceQzSiF $sSKsE6suffixy11SubSequenceQzSiF "" ++//go:cgo_import_dynamic $sSS19stringInterpolationSSs013DefaultStringB0V_tcfC $sSS19stringInterpolationSSs013DefaultStringB0V_tcfC "" ++//go:cgo_import_dynamic $sSS21_builtinStringLiteral17utf8CodeUnitCount7isASCIISSBp_BwBi1_tcfC $sSS21_builtinStringLiteral17utf8CodeUnitCount7isASCIISSBp_BwBi1_tcfC "" ++//go:cgo_import_dynamic $sSW10Foundation12DataProtocolAAMc $sSW10Foundation12DataProtocolAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $sSW4load14fromByteOffset2asxSi_xmtlF $sSW4load14fromByteOffset2asxSi_xmtlF "" ++//go:cgo_import_dynamic $sSW5countSivg $sSW5countSivg "" ++//go:cgo_import_dynamic $sSWN $sSWN "/usr/lib/swift/libswiftCore.dylib" ++//go:cgo_import_dynamic $sSWSTsWP $sSWSTsWP "/usr/lib/swift/libswiftCore.dylib" ++//go:cgo_import_dynamic $sSWSlsMc $sSWSlsMc "/usr/lib/swift/libswiftCore.dylib" ++//go:cgo_import_dynamic $sSiN $sSiN "/usr/lib/swift/libswiftCore.dylib" ++//go:cgo_import_dynamic $sSis23CustomStringConvertiblesWP $sSis23CustomStringConvertiblesWP "/usr/lib/swift/libswiftCore.dylib" ++//go:cgo_import_dynamic $sSlsE6prefixy11SubSequenceQzSiF $sSlsE6prefixy11SubSequenceQzSiF "" ++//go:cgo_import_dynamic $sSmsE1poiyxx_qd__tSmRd__7ElementQyd__ABRtzlFZ $sSmsE1poiyxx_qd__tSmRd__7ElementQyd__ABRtzlFZ "" ++//go:cgo_import_dynamic $sSp10deallocateyyF $sSp10deallocateyyF "" ++//go:cgo_import_dynamic $sSp8allocate8capacitySpyxGSi_tFZ $sSp8allocate8capacitySpyxGSi_tFZ "" ++//go:cgo_import_dynamic $sSw9copyBytes4fromyx_tSlRzs5UInt8V7ElementRtzlF $sSw9copyBytes4fromyx_tSlRzs5UInt8V7ElementRtzlF "" ++//go:cgo_import_dynamic $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF "" ++//go:cgo_import_dynamic $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_SSAHSus6UInt32VtF $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_SSAHSus6UInt32VtF "" ++//go:cgo_import_dynamic $ss18_fatalErrorMessage__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF $ss18_fatalErrorMessage__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF "" ++//go:cgo_import_dynamic $ss26DefaultStringInterpolationV06appendC0yyxs06CustomB11ConvertibleRzlF $ss26DefaultStringInterpolationV06appendC0yyxs06CustomB11ConvertibleRzlF "" ++//go:cgo_import_dynamic $ss26DefaultStringInterpolationV13appendLiteralyySSF $ss26DefaultStringInterpolationV13appendLiteralyySSF "" ++//go:cgo_import_dynamic $ss26DefaultStringInterpolationV15literalCapacity18interpolationCountABSi_SitcfC $ss26DefaultStringInterpolationV15literalCapacity18interpolationCountABSi_SitcfC "" ++//go:cgo_import_dynamic $ss26_stdlib_isOSVersionAtLeastyBi1_Bw_BwBwtF $ss26_stdlib_isOSVersionAtLeastyBi1_Bw_BwBwtF "" ++//go:cgo_import_dynamic $sytN $sytN "/usr/lib/swift/libswiftCore.dylib" ++//go:cgo_import_dynamic ___chkstk_darwin ___chkstk_darwin "" ++//go:cgo_import_dynamic memcpy memcpy "" ++//go:cgo_import_dynamic memset memset "" ++//go:cgo_import_dynamic swift_allocBox swift_allocBox "" ++//go:cgo_import_dynamic swift_beginAccess swift_beginAccess "" ++//go:cgo_import_dynamic swift_bridgeObjectRelease swift_bridgeObjectRelease "" ++//go:cgo_import_dynamic swift_bridgeObjectRetain swift_bridgeObjectRetain "" ++//go:cgo_import_dynamic swift_endAccess swift_endAccess "" ++//go:cgo_import_dynamic swift_errorRelease swift_errorRelease "" ++//go:cgo_import_dynamic swift_getTypeByMangledNameInContext swift_getTypeByMangledNameInContext "" ++//go:cgo_import_dynamic swift_getTypeByMangledNameInContextInMetadataState swift_getTypeByMangledNameInContextInMetadataState "" ++//go:cgo_import_dynamic swift_getWitnessTable swift_getWitnessTable "" ++//go:cgo_import_dynamic swift_release swift_release "" ++//go:cgo_import_dynamic swift_retain swift_retain "" ++//go:cgo_import_dynamic swift_unexpectedError swift_unexpectedError "" +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_arm64.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_arm64.go +new file mode 100644 +index 00000000000000..ce5806b1910da9 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_arm64.go +@@ -0,0 +1,306 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++// Code generated by genswiftimports. DO NOT EDIT. ++ ++//go:build !cgo && darwin && arm64 ++ ++package cryptokit ++ ++//go:cgo_import_dynamic $s10Foundation12DataProtocolPAAE9copyBytes2toSiSw_tF $s10Foundation12DataProtocolPAAE9copyBytes2toSiSw_tF "" ++//go:cgo_import_dynamic $s10Foundation15ContiguousBytesP010withUnsafeC0yqd__qd__SWKXEKlFTj $s10Foundation15ContiguousBytesP010withUnsafeC0yqd__qd__SWKXEKlFTj "" ++//go:cgo_import_dynamic $s10Foundation4DataV15withUnsafeBytesyxxSWKXEKlF $s10Foundation4DataV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s10Foundation4DataV5bytes5countACSV_SitcfC $s10Foundation4DataV5bytes5countACSV_SitcfC "" ++//go:cgo_import_dynamic $s10Foundation4DataV5countSivg $s10Foundation4DataV5countSivg "" ++//go:cgo_import_dynamic $s10Foundation4DataV9copyBytes2to5countySpys5UInt8VG_SitF $s10Foundation4DataV9copyBytes2to5countySpys5UInt8VG_SitF "" ++//go:cgo_import_dynamic $s10Foundation4DataV9repeating5countACs5UInt8V_SitcfC $s10Foundation4DataV9repeating5countACs5UInt8V_SitcfC "" ++//go:cgo_import_dynamic $s10Foundation4DataVAA0B8ProtocolAAMc $s10Foundation4DataVAA0B8ProtocolAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $s10Foundation4DataVAA15ContiguousBytesAAWP $s10Foundation4DataVAA15ContiguousBytesAAWP "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $s10Foundation4DataVACycfC $s10Foundation4DataVACycfC "" ++//go:cgo_import_dynamic $s10Foundation4DataVN $s10Foundation4DataVN "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $s10Foundation4DataVSKAAMc $s10Foundation4DataVSKAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $s10Foundation4DataVSTAAMc $s10Foundation4DataVSTAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $s10Foundation4DataVSlAAMc $s10Foundation4DataVSlAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $s10Foundation4DataVSmAAMc $s10Foundation4DataVSmAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $s10Foundation4DataVyACxcSTRzs5UInt8V7ElementRtzlufC $s10Foundation4DataVyACxcSTRzs5UInt8V7ElementRtzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO4open_5using14authenticating10Foundation4DataVAC9SealedBoxV_AA12SymmetricKeyVxtKAG0I8ProtocolRzlFZ $s9CryptoKit03ChaC4PolyO4open_5using14authenticating10Foundation4DataVAC9SealedBoxV_AA12SymmetricKeyVxtKAG0I8ProtocolRzlFZ "" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO4seal_5using5nonce14authenticatingAC9SealedBoxVx_AA12SymmetricKeyVAC5NonceVSgq_tK10Foundation12DataProtocolRzAoPR_r0_lFZ $s9CryptoKit03ChaC4PolyO4seal_5using5nonce14authenticatingAC9SealedBoxVx_AA12SymmetricKeyVAC5NonceVSgq_tK10Foundation12DataProtocolRzAoPR_r0_lFZ "" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO5NonceV4dataAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit03ChaC4PolyO5NonceV4dataAEx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO5NonceVMa $s9CryptoKit03ChaC4PolyO5NonceVMa "" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO5NonceVMn $s9CryptoKit03ChaC4PolyO5NonceVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO9SealedBoxV10ciphertext10Foundation4DataVvg $s9CryptoKit03ChaC4PolyO9SealedBoxV10ciphertext10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO9SealedBoxV3tag10Foundation4DataVvg $s9CryptoKit03ChaC4PolyO9SealedBoxV3tag10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO9SealedBoxV5nonce10ciphertext3tagAeC5NonceV_xq_tKc10Foundation12DataProtocolRzAkLR_r0_lufC $s9CryptoKit03ChaC4PolyO9SealedBoxV5nonce10ciphertext3tagAeC5NonceV_xq_tKc10Foundation12DataProtocolRzAkLR_r0_lufC "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0VMa $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VAGycfC $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VAGycfC "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VMa $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV9signature3for10Foundation4DataVx_tKAJ0J8ProtocolRzlF $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV9signature3for10Foundation4DataVx_tKAJ0J8ProtocolRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVAGycfC $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVAGycfC "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVMa $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAjKR_r0_lF $s9CryptoKit10Curve25519O7SigningO9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAjKR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMa $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMn $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit12HashFunctionPAAE4hash4data6DigestQzqd___t10Foundation12DataProtocolRd__lFZ $s9CryptoKit12HashFunctionPAAE4hash4data6DigestQzqd___t10Foundation12DataProtocolRd__lFZ "" ++//go:cgo_import_dynamic $s9CryptoKit12HashFunctionPAAE6update4datayqd___t10Foundation12DataProtocolRd__lF $s9CryptoKit12HashFunctionPAAE6update4datayqd___t10Foundation12DataProtocolRd__lF "" ++//go:cgo_import_dynamic $s9CryptoKit12SHA256DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SHA256DigestV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s9CryptoKit12SHA256DigestVAA0D0AAMc $s9CryptoKit12SHA256DigestVAA0D0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit12SHA256DigestVMa $s9CryptoKit12SHA256DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit12SHA384DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SHA384DigestV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s9CryptoKit12SHA384DigestVAA0D0AAMc $s9CryptoKit12SHA384DigestVAA0D0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit12SHA384DigestVMa $s9CryptoKit12SHA384DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit12SHA512DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SHA512DigestV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s9CryptoKit12SHA512DigestVAA0D0AAMc $s9CryptoKit12SHA512DigestVAA0D0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit12SHA512DigestVMa $s9CryptoKit12SHA512DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit12SharedSecretV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SharedSecretV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s9CryptoKit12SharedSecretVMa $s9CryptoKit12SharedSecretVMa "" ++//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyV10Foundation15ContiguousBytesAAMc $s9CryptoKit12SymmetricKeyV10Foundation15ContiguousBytesAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SymmetricKeyV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyV4dataACx_tc10Foundation15ContiguousBytesRzlufC $s9CryptoKit12SymmetricKeyV4dataACx_tc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyVMa $s9CryptoKit12SymmetricKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit14SHA3_256DigestVMa $s9CryptoKit14SHA3_256DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit14SHA3_256DigestVSTAAMc $s9CryptoKit14SHA3_256DigestVSTAAMc "" ++//go:cgo_import_dynamic $s9CryptoKit14SHA3_384DigestVMa $s9CryptoKit14SHA3_384DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit14SHA3_384DigestVSTAAMc $s9CryptoKit14SHA3_384DigestVSTAAMc "" ++//go:cgo_import_dynamic $s9CryptoKit14SHA3_512DigestVMa $s9CryptoKit14SHA3_512DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit14SHA3_512DigestVSTAAMc $s9CryptoKit14SHA3_512DigestVSTAAMc "" ++//go:cgo_import_dynamic $s9CryptoKit24HashedAuthenticationCodeVMn $s9CryptoKit24HashedAuthenticationCodeVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit24HashedAuthenticationCodeVyxGAA07MessagedE0AAMc $s9CryptoKit24HashedAuthenticationCodeVyxGAA07MessagedE0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit24HashedAuthenticationCodeVyxGSTAAMc $s9CryptoKit24HashedAuthenticationCodeVyxGSTAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO4open_5using14authenticating10Foundation4DataVAE9SealedBoxV_AA12SymmetricKeyVxtKAI0I8ProtocolRzlFZ $s9CryptoKit3AESO3GCMO4open_5using14authenticating10Foundation4DataVAE9SealedBoxV_AA12SymmetricKeyVxtKAI0I8ProtocolRzlFZ "" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO4seal_5using5nonce14authenticatingAE9SealedBoxVx_AA12SymmetricKeyVAE5NonceVSgq_tK10Foundation12DataProtocolRzAqRR_r0_lFZ $s9CryptoKit3AESO3GCMO4seal_5using5nonce14authenticatingAE9SealedBoxVx_AA12SymmetricKeyVAE5NonceVSgq_tK10Foundation12DataProtocolRzAqRR_r0_lFZ "" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO5NonceV4dataAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit3AESO3GCMO5NonceV4dataAGx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO5NonceVMa $s9CryptoKit3AESO3GCMO5NonceVMa "" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO5NonceVMn $s9CryptoKit3AESO3GCMO5NonceVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxV10ciphertext10Foundation4DataVvg $s9CryptoKit3AESO3GCMO9SealedBoxV10ciphertext10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxV3tag10Foundation4DataVvg $s9CryptoKit3AESO3GCMO9SealedBoxV3tag10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxV5nonce10ciphertext3tagAgE5NonceV_xq_tKc10Foundation12DataProtocolRzAmNR_r0_lufC $s9CryptoKit3AESO3GCMO9SealedBoxV5nonce10ciphertext3tagAgE5NonceV_xq_tKc10Foundation12DataProtocolRzAmNR_r0_lufC "" ++//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxVMa $s9CryptoKit3AESO3GCMO9SealedBoxVMa "" ++//go:cgo_import_dynamic $s9CryptoKit3KEMO19EncapsulationResultV12encapsulated10Foundation4DataVvg $s9CryptoKit3KEMO19EncapsulationResultV12encapsulated10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit3KEMO19EncapsulationResultV12sharedSecretAA12SymmetricKeyVvg $s9CryptoKit3KEMO19EncapsulationResultV12sharedSecretAA12SymmetricKeyVvg "" ++//go:cgo_import_dynamic $s9CryptoKit3KEMO19EncapsulationResultVMa $s9CryptoKit3KEMO19EncapsulationResultVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4HKDFV6expand15pseudoRandomKey4info15outputByteCountAA09SymmetricG0Vqd___qd_0_SgSit10Foundation15ContiguousBytesRd__AK12DataProtocolRd_0_r0_lFZ $s9CryptoKit4HKDFV6expand15pseudoRandomKey4info15outputByteCountAA09SymmetricG0Vqd___qd_0_SgSit10Foundation15ContiguousBytesRd__AK12DataProtocolRd_0_r0_lFZ "" ++//go:cgo_import_dynamic $s9CryptoKit4HKDFV7extract16inputKeyMaterial4saltAA24HashedAuthenticationCodeVyxGAA09SymmetricF0V_qd__Sgt10Foundation12DataProtocolRd__lFZ $s9CryptoKit4HKDFV7extract16inputKeyMaterial4saltAA24HashedAuthenticationCodeVyxGAA09SymmetricF0V_qd__Sgt10Foundation12DataProtocolRd__lFZ "" ++//go:cgo_import_dynamic $s9CryptoKit4HMACV3keyACyxGAA12SymmetricKeyV_tcfC $s9CryptoKit4HMACV3keyACyxGAA12SymmetricKeyV_tcfC "" ++//go:cgo_import_dynamic $s9CryptoKit4HMACV6update4datayqd___t10Foundation12DataProtocolRd__lF $s9CryptoKit4HMACV6update4datayqd___t10Foundation12DataProtocolRd__lF "" ++//go:cgo_import_dynamic $s9CryptoKit4HMACV8finalizeAA24HashedAuthenticationCodeVyxGyF $s9CryptoKit4HMACV8finalizeAA24HashedAuthenticationCodeVyxGyF "" ++//go:cgo_import_dynamic $s9CryptoKit4HMACVMn $s9CryptoKit4HMACVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO06PublicD0VMa $s9CryptoKit4P256O12KeyAgreementO06PublicD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0VMa $s9CryptoKit4P256O12KeyAgreementO07PrivateD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit4P256O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC $s9CryptoKit4P256O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF $s9CryptoKit4P256O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyVMa $s9CryptoKit4P256O7SigningO10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO14ECDSASignatureVMa $s9CryptoKit4P256O7SigningO14ECDSASignatureVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF $s9CryptoKit4P256O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyVMa $s9CryptoKit4P256O7SigningO9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO06PublicD0VMa $s9CryptoKit4P384O12KeyAgreementO06PublicD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0VMa $s9CryptoKit4P384O12KeyAgreementO07PrivateD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit4P384O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC $s9CryptoKit4P384O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF $s9CryptoKit4P384O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyVMa $s9CryptoKit4P384O7SigningO10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO14ECDSASignatureVMa $s9CryptoKit4P384O7SigningO14ECDSASignatureVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF $s9CryptoKit4P384O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyVMa $s9CryptoKit4P384O7SigningO9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO06PublicD0VMa $s9CryptoKit4P521O12KeyAgreementO06PublicD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0VMa $s9CryptoKit4P521O12KeyAgreementO07PrivateD0VMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit4P521O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC $s9CryptoKit4P521O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF $s9CryptoKit4P521O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyVMa $s9CryptoKit4P521O7SigningO10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO14ECDSASignatureVMa $s9CryptoKit4P521O7SigningO14ECDSASignatureVMa "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF $s9CryptoKit4P521O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyVMa $s9CryptoKit4P521O7SigningO9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit6DigestP9byteCountSivgZTj $s9CryptoKit6DigestP9byteCountSivgZTj "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA256V14blockByteCountSivgZ $s9CryptoKit6SHA256V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA256V8finalizeAA0C6DigestVyF $s9CryptoKit6SHA256V8finalizeAA0C6DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA256V9byteCountSivgZ $s9CryptoKit6SHA256V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA256VAA12HashFunctionAAMc $s9CryptoKit6SHA256VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit6SHA256VACycfC $s9CryptoKit6SHA256VACycfC "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA256VMa $s9CryptoKit6SHA256VMa "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA256VMn $s9CryptoKit6SHA256VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit6SHA384V14blockByteCountSivgZ $s9CryptoKit6SHA384V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA384V8finalizeAA0C6DigestVyF $s9CryptoKit6SHA384V8finalizeAA0C6DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA384V9byteCountSivgZ $s9CryptoKit6SHA384V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA384VAA12HashFunctionAAMc $s9CryptoKit6SHA384VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit6SHA384VACycfC $s9CryptoKit6SHA384VACycfC "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA384VMa $s9CryptoKit6SHA384VMa "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA384VMn $s9CryptoKit6SHA384VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit6SHA512V14blockByteCountSivgZ $s9CryptoKit6SHA512V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA512V8finalizeAA0C6DigestVyF $s9CryptoKit6SHA512V8finalizeAA0C6DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA512V9byteCountSivgZ $s9CryptoKit6SHA512V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA512VAA12HashFunctionAAMc $s9CryptoKit6SHA512VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit6SHA512VACycfC $s9CryptoKit6SHA512VACycfC "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA512VMa $s9CryptoKit6SHA512VMa "" ++//go:cgo_import_dynamic $s9CryptoKit6SHA512VMn $s9CryptoKit6SHA512VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit7MLDSA65O10PrivateKeyV06publicE0AC06PublicE0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyVAEyKcfC $s9CryptoKit7MLDSA65O10PrivateKeyVAEyKcfC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyVMa $s9CryptoKit7MLDSA65O10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyVMa $s9CryptoKit7MLDSA65O9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyVMn $s9CryptoKit7MLDSA65O9PublicKeyVMn "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit7MLDSA87O10PrivateKeyV06publicE0AC06PublicE0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyVAEyKcfC $s9CryptoKit7MLDSA87O10PrivateKeyVAEyKcfC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyVMa $s9CryptoKit7MLDSA87O10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyVMa $s9CryptoKit7MLDSA87O9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyVMn $s9CryptoKit7MLDSA87O9PublicKeyVMn "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO10SHA1DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit8InsecureO10SHA1DigestV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO10SHA1DigestVMa $s9CryptoKit8InsecureO10SHA1DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5V14blockByteCountSivgZ $s9CryptoKit8InsecureO3MD5V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5V8finalizeAC0D6DigestVyF $s9CryptoKit8InsecureO3MD5V8finalizeAC0D6DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5V9byteCountSivgZ $s9CryptoKit8InsecureO3MD5V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VAA12HashFunctionAAMc $s9CryptoKit8InsecureO3MD5VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VAEycfC $s9CryptoKit8InsecureO3MD5VAEycfC "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VMa $s9CryptoKit8InsecureO3MD5VMa "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VMn $s9CryptoKit8InsecureO3MD5VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1V14blockByteCountSivgZ $s9CryptoKit8InsecureO4SHA1V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1V8finalizeAC0D6DigestVyF $s9CryptoKit8InsecureO4SHA1V8finalizeAC0D6DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1V9byteCountSivgZ $s9CryptoKit8InsecureO4SHA1V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VAA12HashFunctionAAMc $s9CryptoKit8InsecureO4SHA1VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VAEycfC $s9CryptoKit8InsecureO4SHA1VAEycfC "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VMa $s9CryptoKit8InsecureO4SHA1VMa "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VMn $s9CryptoKit8InsecureO4SHA1VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO9MD5DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit8InsecureO9MD5DigestV15withUnsafeBytesyxxSWKXEKlF "" ++//go:cgo_import_dynamic $s9CryptoKit8InsecureO9MD5DigestVMa $s9CryptoKit8InsecureO9MD5DigestVMa "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit8MLKEM768O10PrivateKeyV06publicE0AC06PublicE0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF $s9CryptoKit8MLKEM768O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyVAEyKcfC $s9CryptoKit8MLKEM768O10PrivateKeyVAEyKcfC "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyVMa $s9CryptoKit8MLKEM768O10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF $s9CryptoKit8MLKEM768O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyVMa $s9CryptoKit8MLKEM768O9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyVMn $s9CryptoKit8MLKEM768O9PublicKeyVMn "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_256V14blockByteCountSivgZ $s9CryptoKit8SHA3_256V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_256V8finalizeAA0C10_256DigestVyF $s9CryptoKit8SHA3_256V8finalizeAA0C10_256DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_256V9byteCountSivgZ $s9CryptoKit8SHA3_256V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_256VAA12HashFunctionAAMc $s9CryptoKit8SHA3_256VAA12HashFunctionAAMc "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_256VACycfC $s9CryptoKit8SHA3_256VACycfC "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_256VMa $s9CryptoKit8SHA3_256VMa "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_384V14blockByteCountSivgZ $s9CryptoKit8SHA3_384V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_384V8finalizeAA0C10_384DigestVyF $s9CryptoKit8SHA3_384V8finalizeAA0C10_384DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_384V9byteCountSivgZ $s9CryptoKit8SHA3_384V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_384VAA12HashFunctionAAMc $s9CryptoKit8SHA3_384VAA12HashFunctionAAMc "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_384VACycfC $s9CryptoKit8SHA3_384VACycfC "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_384VMa $s9CryptoKit8SHA3_384VMa "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_512V14blockByteCountSivgZ $s9CryptoKit8SHA3_512V14blockByteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_512V8finalizeAA0C10_512DigestVyF $s9CryptoKit8SHA3_512V8finalizeAA0C10_512DigestVyF "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_512V9byteCountSivgZ $s9CryptoKit8SHA3_512V9byteCountSivgZ "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_512VAA12HashFunctionAAMc $s9CryptoKit8SHA3_512VAA12HashFunctionAAMc "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_512VACycfC $s9CryptoKit8SHA3_512VACycfC "" ++//go:cgo_import_dynamic $s9CryptoKit8SHA3_512VMa $s9CryptoKit8SHA3_512VMa "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit9MLKEM1024O10PrivateKeyV06publicE0AC06PublicE0Vvg "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF $s9CryptoKit9MLKEM1024O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyVAEyKcfC $s9CryptoKit9MLKEM1024O10PrivateKeyVAEyKcfC "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyVMa $s9CryptoKit9MLKEM1024O10PrivateKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF $s9CryptoKit9MLKEM1024O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyVMa $s9CryptoKit9MLKEM1024O9PublicKeyVMa "" ++//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyVMn $s9CryptoKit9MLKEM1024O9PublicKeyVMn "" ++//go:cgo_import_dynamic $sSKsE6suffixy11SubSequenceQzSiF $sSKsE6suffixy11SubSequenceQzSiF "" ++//go:cgo_import_dynamic $sSS19stringInterpolationSSs013DefaultStringB0V_tcfC $sSS19stringInterpolationSSs013DefaultStringB0V_tcfC "" ++//go:cgo_import_dynamic $sSS21_builtinStringLiteral17utf8CodeUnitCount7isASCIISSBp_BwBi1_tcfC $sSS21_builtinStringLiteral17utf8CodeUnitCount7isASCIISSBp_BwBi1_tcfC "" ++//go:cgo_import_dynamic $sSW10Foundation12DataProtocolAAMc $sSW10Foundation12DataProtocolAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" ++//go:cgo_import_dynamic $sSW4load14fromByteOffset2asxSi_xmtlF $sSW4load14fromByteOffset2asxSi_xmtlF "" ++//go:cgo_import_dynamic $sSW5countSivg $sSW5countSivg "" ++//go:cgo_import_dynamic $sSWN $sSWN "/usr/lib/swift/libswiftCore.dylib" ++//go:cgo_import_dynamic $sSWSTsWP $sSWSTsWP "/usr/lib/swift/libswiftCore.dylib" ++//go:cgo_import_dynamic $sSWSlsMc $sSWSlsMc "/usr/lib/swift/libswiftCore.dylib" ++//go:cgo_import_dynamic $sSiN $sSiN "/usr/lib/swift/libswiftCore.dylib" ++//go:cgo_import_dynamic $sSis23CustomStringConvertiblesWP $sSis23CustomStringConvertiblesWP "/usr/lib/swift/libswiftCore.dylib" ++//go:cgo_import_dynamic $sSlsE6prefixy11SubSequenceQzSiF $sSlsE6prefixy11SubSequenceQzSiF "" ++//go:cgo_import_dynamic $sSmsE1poiyxx_qd__tSmRd__7ElementQyd__ABRtzlFZ $sSmsE1poiyxx_qd__tSmRd__7ElementQyd__ABRtzlFZ "" ++//go:cgo_import_dynamic $sSp10deallocateyyF $sSp10deallocateyyF "" ++//go:cgo_import_dynamic $sSp8allocate8capacitySpyxGSi_tFZ $sSp8allocate8capacitySpyxGSi_tFZ "" ++//go:cgo_import_dynamic $sSw9copyBytes4fromyx_tSlRzs5UInt8V7ElementRtzlF $sSw9copyBytes4fromyx_tSlRzs5UInt8V7ElementRtzlF "" ++//go:cgo_import_dynamic $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF "" ++//go:cgo_import_dynamic $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_SSAHSus6UInt32VtF $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_SSAHSus6UInt32VtF "" ++//go:cgo_import_dynamic $ss18_fatalErrorMessage__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF $ss18_fatalErrorMessage__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF "" ++//go:cgo_import_dynamic $ss26DefaultStringInterpolationV06appendC0yyxs06CustomB11ConvertibleRzlF $ss26DefaultStringInterpolationV06appendC0yyxs06CustomB11ConvertibleRzlF "" ++//go:cgo_import_dynamic $ss26DefaultStringInterpolationV13appendLiteralyySSF $ss26DefaultStringInterpolationV13appendLiteralyySSF "" ++//go:cgo_import_dynamic $ss26DefaultStringInterpolationV15literalCapacity18interpolationCountABSi_SitcfC $ss26DefaultStringInterpolationV15literalCapacity18interpolationCountABSi_SitcfC "" ++//go:cgo_import_dynamic $ss26_stdlib_isOSVersionAtLeastyBi1_Bw_BwBwtF $ss26_stdlib_isOSVersionAtLeastyBi1_Bw_BwBwtF "" ++//go:cgo_import_dynamic $sytN $sytN "/usr/lib/swift/libswiftCore.dylib" ++//go:cgo_import_dynamic __chkstk_darwin __chkstk_darwin "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic memcpy memcpy "" ++//go:cgo_import_dynamic swift_allocBox swift_allocBox "" ++//go:cgo_import_dynamic swift_beginAccess swift_beginAccess "" ++//go:cgo_import_dynamic swift_bridgeObjectRelease swift_bridgeObjectRelease "" ++//go:cgo_import_dynamic swift_bridgeObjectRetain swift_bridgeObjectRetain "" ++//go:cgo_import_dynamic swift_endAccess swift_endAccess "" ++//go:cgo_import_dynamic swift_errorRelease swift_errorRelease "" ++//go:cgo_import_dynamic swift_getTypeByMangledNameInContext swift_getTypeByMangledNameInContext "" ++//go:cgo_import_dynamic swift_getTypeByMangledNameInContextInMetadataState swift_getTypeByMangledNameInContextInMetadataState "" ++//go:cgo_import_dynamic swift_getWitnessTable swift_getWitnessTable "" ++//go:cgo_import_dynamic swift_release swift_release "" ++//go:cgo_import_dynamic swift_retain swift_retain "" ++//go:cgo_import_dynamic swift_unexpectedError swift_unexpectedError "" +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/abi_amd64.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/abi_amd64.h +new file mode 100644 +index 00000000000000..9949435fe9e0ae +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/abi_amd64.h +@@ -0,0 +1,99 @@ ++// Copyright 2021 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// Macros for transitioning from the host ABI to Go ABI0. ++// ++// These save the frame pointer, so in general, functions that use ++// these should have zero frame size to suppress the automatic frame ++// pointer, though it's harmless to not do this. ++ ++#ifdef GOOS_windows ++ ++// REGS_HOST_TO_ABI0_STACK is the stack bytes used by ++// PUSH_REGS_HOST_TO_ABI0. ++#define REGS_HOST_TO_ABI0_STACK (28*8 + 8) ++ ++// PUSH_REGS_HOST_TO_ABI0 prepares for transitioning from ++// the host ABI to Go ABI0 code. It saves all registers that are ++// callee-save in the host ABI and caller-save in Go ABI0 and prepares ++// for entry to Go. ++// ++// Save DI SI BP BX R12 R13 R14 R15 X6-X15 registers and the DF flag. ++// Clear the DF flag for the Go ABI. ++// MXCSR matches the Go ABI, so we don't have to set that, ++// and Go doesn't modify it, so we don't have to save it. ++#define PUSH_REGS_HOST_TO_ABI0() \ ++ PUSHFQ \ ++ CLD \ ++ ADJSP $(REGS_HOST_TO_ABI0_STACK - 8) \ ++ MOVQ DI, (0*0)(SP) \ ++ MOVQ SI, (1*8)(SP) \ ++ MOVQ BP, (2*8)(SP) \ ++ MOVQ BX, (3*8)(SP) \ ++ MOVQ R12, (4*8)(SP) \ ++ MOVQ R13, (5*8)(SP) \ ++ MOVQ R14, (6*8)(SP) \ ++ MOVQ R15, (7*8)(SP) \ ++ MOVUPS X6, (8*8)(SP) \ ++ MOVUPS X7, (10*8)(SP) \ ++ MOVUPS X8, (12*8)(SP) \ ++ MOVUPS X9, (14*8)(SP) \ ++ MOVUPS X10, (16*8)(SP) \ ++ MOVUPS X11, (18*8)(SP) \ ++ MOVUPS X12, (20*8)(SP) \ ++ MOVUPS X13, (22*8)(SP) \ ++ MOVUPS X14, (24*8)(SP) \ ++ MOVUPS X15, (26*8)(SP) ++ ++#define POP_REGS_HOST_TO_ABI0() \ ++ MOVQ (0*0)(SP), DI \ ++ MOVQ (1*8)(SP), SI \ ++ MOVQ (2*8)(SP), BP \ ++ MOVQ (3*8)(SP), BX \ ++ MOVQ (4*8)(SP), R12 \ ++ MOVQ (5*8)(SP), R13 \ ++ MOVQ (6*8)(SP), R14 \ ++ MOVQ (7*8)(SP), R15 \ ++ MOVUPS (8*8)(SP), X6 \ ++ MOVUPS (10*8)(SP), X7 \ ++ MOVUPS (12*8)(SP), X8 \ ++ MOVUPS (14*8)(SP), X9 \ ++ MOVUPS (16*8)(SP), X10 \ ++ MOVUPS (18*8)(SP), X11 \ ++ MOVUPS (20*8)(SP), X12 \ ++ MOVUPS (22*8)(SP), X13 \ ++ MOVUPS (24*8)(SP), X14 \ ++ MOVUPS (26*8)(SP), X15 \ ++ ADJSP $-(REGS_HOST_TO_ABI0_STACK - 8) \ ++ POPFQ ++ ++#else ++// SysV ABI ++ ++#define REGS_HOST_TO_ABI0_STACK (6*8) ++ ++// SysV MXCSR matches the Go ABI, so we don't have to set that, ++// and Go doesn't modify it, so we don't have to save it. ++// Both SysV and Go require DF to be cleared, so that's already clear. ++// The SysV and Go frame pointer conventions are compatible. ++#define PUSH_REGS_HOST_TO_ABI0() \ ++ ADJSP $(REGS_HOST_TO_ABI0_STACK) \ ++ MOVQ BP, (5*8)(SP) \ ++ LEAQ (5*8)(SP), BP \ ++ MOVQ BX, (0*8)(SP) \ ++ MOVQ R12, (1*8)(SP) \ ++ MOVQ R13, (2*8)(SP) \ ++ MOVQ R14, (3*8)(SP) \ ++ MOVQ R15, (4*8)(SP) ++ ++#define POP_REGS_HOST_TO_ABI0() \ ++ MOVQ (0*8)(SP), BX \ ++ MOVQ (1*8)(SP), R12 \ ++ MOVQ (2*8)(SP), R13 \ ++ MOVQ (3*8)(SP), R14 \ ++ MOVQ (4*8)(SP), R15 \ ++ MOVQ (5*8)(SP), BP \ ++ ADJSP $-(REGS_HOST_TO_ABI0_STACK) ++ ++#endif +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/abi_arm64.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/abi_arm64.h +new file mode 100644 +index 00000000000000..5d5061ec1dbf8c +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/abi_arm64.h +@@ -0,0 +1,39 @@ ++// Copyright 2021 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// Macros for transitioning from the host ABI to Go ABI0. ++// ++// These macros save and restore the callee-saved registers ++// from the stack, but they don't adjust stack pointer, so ++// the user should prepare stack space in advance. ++// SAVE_R19_TO_R28(offset) saves R19 ~ R28 to the stack space ++// of ((offset)+0*8)(RSP) ~ ((offset)+9*8)(RSP). ++// ++// SAVE_F8_TO_F15(offset) saves F8 ~ F15 to the stack space ++// of ((offset)+0*8)(RSP) ~ ((offset)+7*8)(RSP). ++// ++// R29 is not saved because Go will save and restore it. ++ ++#define SAVE_R19_TO_R28(offset) \ ++ STP (R19, R20), ((offset)+0*8)(RSP) \ ++ STP (R21, R22), ((offset)+2*8)(RSP) \ ++ STP (R23, R24), ((offset)+4*8)(RSP) \ ++ STP (R25, R26), ((offset)+6*8)(RSP) \ ++ STP (R27, g), ((offset)+8*8)(RSP) ++#define RESTORE_R19_TO_R28(offset) \ ++ LDP ((offset)+0*8)(RSP), (R19, R20) \ ++ LDP ((offset)+2*8)(RSP), (R21, R22) \ ++ LDP ((offset)+4*8)(RSP), (R23, R24) \ ++ LDP ((offset)+6*8)(RSP), (R25, R26) \ ++ LDP ((offset)+8*8)(RSP), (R27, g) /* R28 */ ++#define SAVE_F8_TO_F15(offset) \ ++ FSTPD (F8, F9), ((offset)+0*8)(RSP) \ ++ FSTPD (F10, F11), ((offset)+2*8)(RSP) \ ++ FSTPD (F12, F13), ((offset)+4*8)(RSP) \ ++ FSTPD (F14, F15), ((offset)+6*8)(RSP) ++#define RESTORE_F8_TO_F15(offset) \ ++ FLDPD ((offset)+0*8)(RSP), (F8, F9) \ ++ FLDPD ((offset)+2*8)(RSP), (F10, F11) \ ++ FLDPD ((offset)+4*8)(RSP), (F12, F13) \ ++ FLDPD ((offset)+6*8)(RSP), (F14, F15) +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/asm_amd64.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/asm_amd64.s +new file mode 100644 +index 00000000000000..2b7eb57f8ae783 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/asm_amd64.s +@@ -0,0 +1,39 @@ ++// Copyright 2009 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++#include "textflag.h" ++#include "abi_amd64.h" ++ ++// Called by C code generated by cmd/cgo. ++// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) ++// Saves C callee-saved registers and calls cgocallback with three arguments. ++// fn is the PC of a func(a unsafe.Pointer) function. ++// This signature is known to SWIG, so we can't change it. ++TEXT crosscall2(SB), NOSPLIT, $0-0 ++ PUSH_REGS_HOST_TO_ABI0() ++ ++ // Make room for arguments to cgocallback. ++ ADJSP $0x18 ++ ++#ifndef GOOS_windows ++ MOVQ DI, 0x0(SP) // fn ++ MOVQ SI, 0x8(SP) // arg ++ ++ // Skip n in DX. ++ MOVQ CX, 0x10(SP) // ctxt ++ ++#else ++ MOVQ CX, 0x0(SP) // fn ++ MOVQ DX, 0x8(SP) // arg ++ ++ // Skip n in R8. ++ MOVQ R9, 0x10(SP) // ctxt ++ ++#endif ++ ++ CALL runtime·cgocallback(SB) ++ ++ ADJSP $-0x18 ++ POP_REGS_HOST_TO_ABI0() ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/asm_arm64.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/asm_arm64.s +new file mode 100644 +index 00000000000000..50e5261d922c56 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/asm_arm64.s +@@ -0,0 +1,36 @@ ++// Copyright 2015 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++#include "textflag.h" ++#include "abi_arm64.h" ++ ++// Called by C code generated by cmd/cgo. ++// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) ++// Saves C callee-saved registers and calls cgocallback with three arguments. ++// fn is the PC of a func(a unsafe.Pointer) function. ++TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0 ++/* ++ * We still need to save all callee save register as before, and then ++ * push 3 args for fn (R0, R1, R3), skipping R2. ++ * Also note that at procedure entry in gc world, 8(RSP) will be the ++ * first arg. ++ */ ++ SUB $(8*24), RSP ++ STP (R0, R1), (8*1)(RSP) ++ MOVD R3, (8*3)(RSP) ++ ++ SAVE_R19_TO_R28(8*4) ++ SAVE_F8_TO_F15(8*14) ++ STP (R29, R30), (8*22)(RSP) ++ ++ // Initialize Go ABI environment ++ BL runtime·load_g(SB) ++ BL runtime·cgocallback(SB) ++ ++ RESTORE_R19_TO_R28(8*4) ++ RESTORE_F8_TO_F15(8*14) ++ LDP (8*22)(RSP), (R29, R30) ++ ++ ADD $(8*24), RSP ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/callbacks.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/callbacks.go +new file mode 100644 +index 00000000000000..e48722128a09d7 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/callbacks.go +@@ -0,0 +1,93 @@ ++// Copyright 2011 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo && darwin ++ ++package fakecgo ++ ++import ( ++ _ "unsafe" ++) ++ ++// TODO: decide if we need _runtime_cgo_panic_internal ++ ++//go:linkname x_cgo_init_trampoline x_cgo_init_trampoline ++//go:linkname _cgo_init _cgo_init ++var x_cgo_init_trampoline byte ++var _cgo_init = &x_cgo_init_trampoline ++ ++// Creates a new system thread without updating any Go state. ++// ++// This method is invoked during shared library loading to create a new OS ++// thread to perform the runtime initialization. This method is similar to ++// _cgo_sys_thread_start except that it doesn't update any Go state. ++ ++//go:linkname x_cgo_thread_start_trampoline x_cgo_thread_start_trampoline ++//go:linkname _cgo_thread_start _cgo_thread_start ++var x_cgo_thread_start_trampoline byte ++var _cgo_thread_start = &x_cgo_thread_start_trampoline ++ ++// Notifies that the runtime has been initialized. ++// ++// We currently block at every CGO entry point (via _cgo_wait_runtime_init_done) ++// to ensure that the runtime has been initialized before the CGO call is ++// executed. This is necessary for shared libraries where we kickoff runtime ++// initialization in a separate thread and return without waiting for this ++// thread to complete the init. ++ ++//go:linkname x_cgo_notify_runtime_init_done_trampoline x_cgo_notify_runtime_init_done_trampoline ++//go:linkname _cgo_notify_runtime_init_done _cgo_notify_runtime_init_done ++var x_cgo_notify_runtime_init_done_trampoline byte ++var _cgo_notify_runtime_init_done = &x_cgo_notify_runtime_init_done_trampoline ++ ++// Indicates whether a dummy thread key has been created or not. ++// ++// When calling go exported function from C, we register a destructor ++// callback, for a dummy thread key, by using pthread_key_create. ++ ++//go:linkname _cgo_pthread_key_created _cgo_pthread_key_created ++var x_cgo_pthread_key_created uintptr ++var _cgo_pthread_key_created = &x_cgo_pthread_key_created ++ ++// Set the x_crosscall2_ptr C function pointer variable point to crosscall2. ++// It's for the runtime package to call at init time. ++func set_crosscall2() { ++ // nothing needs to be done here for fakecgo ++ // because it's possible to just call cgocallback directly ++} ++ ++//go:linkname _set_crosscall2 runtime.set_crosscall2 ++var _set_crosscall2 = set_crosscall2 ++ ++// Store the g into the thread-specific value. ++// So that pthread_key_destructor will dropm when the thread is exiting. ++ ++//go:linkname x_cgo_bindm_trampoline x_cgo_bindm_trampoline ++//go:linkname _cgo_bindm _cgo_bindm ++var x_cgo_bindm_trampoline byte ++var _cgo_bindm = &x_cgo_bindm_trampoline ++ ++// TODO: decide if we need x_cgo_set_context_function ++// TODO: decide if we need _cgo_yield ++ ++var ( ++ // In Go 1.20 the race detector was rewritten to pure Go ++ // on darwin. This means that when CGO_ENABLED=0 is set ++ // fakecgo is built with race detector code. This is not ++ // good since this code is pretending to be C. The go:norace ++ // pragma is not enough, since it only applies to the native ++ // ABIInternal function. The ABIO wrapper (which is necessary, ++ // since all references to text symbols from assembly will use it) ++ // does not inherit the go:norace pragma, so it will still be ++ // instrumented by the race detector. ++ // ++ // To circumvent this issue, using closure calls in the ++ // assembly, which forces the compiler to use the ABIInternal ++ // native implementation (which has go:norace) instead. ++ threadentry_call = threadentry ++ x_cgo_init_call = x_cgo_init ++ x_cgo_setenv_call = x_cgo_setenv ++ x_cgo_unsetenv_call = x_cgo_unsetenv ++ x_cgo_thread_start_call = x_cgo_thread_start ++) +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/fakecgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/fakecgo.go +new file mode 100644 +index 00000000000000..b631396bd2ffe7 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/fakecgo.go +@@ -0,0 +1,14 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2025 The Ebitengine Authors ++ ++//go:build !cgo && darwin ++ ++package fakecgo ++ ++import _ "unsafe" ++ ++// setg_trampoline calls setg with the G provided ++func setg_trampoline(setg uintptr, G uintptr) ++ ++// call5 takes fn the C function and 5 arguments and calls the function with those arguments ++func call5(fn, a1, a2, a3, a4, a5 uintptr) uintptr +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/fakecgo.lock b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/fakecgo.lock +new file mode 100644 +index 00000000000000..9b0650d53777bd +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/fakecgo.lock +@@ -0,0 +1,3 @@ ++{ ++ "commit_hash": "5110604b3385278be6887d0feead513a1bfe7a82" ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/generate.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/generate.go +new file mode 100644 +index 00000000000000..88c4cdf9ec04cc +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/generate.go +@@ -0,0 +1,6 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++package fakecgo ++ ++//go:generate go run update_tool.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_darwin.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_darwin.go +new file mode 100644 +index 00000000000000..d0868f0f790351 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_darwin.go +@@ -0,0 +1,88 @@ ++// Copyright 2011 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo ++ ++package fakecgo ++ ++import "unsafe" ++ ++//go:nosplit ++//go:norace ++func _cgo_sys_thread_start(ts *ThreadStart) { ++ var attr pthread_attr_t ++ var ign, oset sigset_t ++ var p pthread_t ++ var size size_t ++ var err int ++ ++ sigfillset(&ign) ++ pthread_sigmask(SIG_SETMASK, &ign, &oset) ++ ++ size = pthread_get_stacksize_np(pthread_self()) ++ pthread_attr_init(&attr) ++ pthread_attr_setstacksize(&attr, size) ++ // Leave stacklo=0 and set stackhi=size; mstart will do the rest. ++ ts.g.stackhi = uintptr(size) ++ ++ err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts) ++ ++ pthread_sigmask(SIG_SETMASK, &oset, nil) ++ ++ if err != 0 { ++ print("fakecgo: pthread_create failed: ") ++ println(err) ++ abort() ++ } ++} ++ ++// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function ++// ++//go:linkname x_threadentry_trampoline threadentry_trampoline ++var x_threadentry_trampoline byte ++var threadentry_trampolineABI0 = &x_threadentry_trampoline ++ ++//go:nosplit ++//go:norace ++func threadentry(v unsafe.Pointer) unsafe.Pointer { ++ ts := *(*ThreadStart)(v) ++ free(v) ++ ++ // TODO: support ios ++ //#if TARGET_OS_IPHONE ++ // darwin_arm_init_thread_exception_port(); ++ //#endif ++ setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g))) ++ ++ // faking funcs in go is a bit a... involved - but the following works :) ++ fn := uintptr(unsafe.Pointer(&ts.fn)) ++ (*(*func())(unsafe.Pointer(&fn)))() ++ ++ return nil ++} ++ ++// here we will store a pointer to the provided setg func ++var setg_func uintptr ++ ++// x_cgo_init(G *g, void (*setg)(void*)) (runtime/cgo/gcc_linux_amd64.c) ++// This get's called during startup, adjusts stacklo, and provides a pointer to setg_gcc for us ++// Additionally, if we set _cgo_init to non-null, go won't do it's own TLS setup ++// This function can't be go:systemstack since go is not in a state where the systemcheck would work. ++// ++//go:nosplit ++//go:norace ++func x_cgo_init(g *G, setg uintptr) { ++ var size size_t ++ ++ setg_func = setg ++ size = pthread_get_stacksize_np(pthread_self()) ++ g.stacklo = uintptr(unsafe.Add(unsafe.Pointer(&size), -size+4096)) ++ ++ //TODO: support ios ++ //#if TARGET_OS_IPHONE ++ // darwin_arm_init_mach_exception_handler(); ++ // darwin_arm_init_thread_exception_port(); ++ // init_working_dir(); ++ //#endif ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_libinit.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_libinit.go +new file mode 100644 +index 00000000000000..f6fa2328af41bc +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_libinit.go +@@ -0,0 +1,72 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && darwin ++ ++package fakecgo ++ ++import ( ++ "syscall" ++ "unsafe" ++) ++ ++var ( ++ pthread_g pthread_key_t ++ ++ runtime_init_cond = PTHREAD_COND_INITIALIZER ++ runtime_init_mu = PTHREAD_MUTEX_INITIALIZER ++ runtime_init_done int ++) ++ ++//go:nosplit ++//go:norace ++func x_cgo_notify_runtime_init_done() { ++ pthread_mutex_lock(&runtime_init_mu) ++ runtime_init_done = 1 ++ pthread_cond_broadcast(&runtime_init_cond) ++ pthread_mutex_unlock(&runtime_init_mu) ++} ++ ++// Store the g into a thread-specific value associated with the pthread key pthread_g. ++// And pthread_key_destructor will dropm when the thread is exiting. ++// ++//go:norace ++func x_cgo_bindm(g unsafe.Pointer) { ++ // We assume this will always succeed, otherwise, there might be extra M leaking, ++ // when a C thread exits after a cgo call. ++ // We only invoke this function once per thread in runtime.needAndBindM, ++ // and the next calls just reuse the bound m. ++ pthread_setspecific(pthread_g, g) ++} ++ ++// _cgo_try_pthread_create retries pthread_create if it fails with ++// EAGAIN. ++// ++//go:nosplit ++//go:norace ++func _cgo_try_pthread_create(thread *pthread_t, attr *pthread_attr_t, pfn unsafe.Pointer, arg *ThreadStart) int { ++ var ts syscall.Timespec ++ // tries needs to be the same type as syscall.Timespec.Nsec ++ // but the fields are int32 on 32bit and int64 on 64bit. ++ // tries is assigned to syscall.Timespec.Nsec in order to match its type. ++ tries := ts.Nsec ++ var err int ++ ++ for tries = 0; tries < 20; tries++ { ++ // inlined this call because it ran out of stack when inlining was disabled ++ err = int(call5(pthread_createABI0, uintptr(unsafe.Pointer(thread)), uintptr(unsafe.Pointer(attr)), uintptr(pfn), uintptr(unsafe.Pointer(arg)), 0)) ++ if err == 0 { ++ // inlined this call because it ran out of stack when inlining was disabled ++ call5(pthread_detachABI0, uintptr(*thread), 0, 0, 0, 0) ++ return 0 ++ } ++ if err != int(syscall.EAGAIN) { ++ return err ++ } ++ ts.Sec = 0 ++ ts.Nsec = (tries + 1) * 1000 * 1000 // Milliseconds. ++ // inlined this call because it ran out of stack when inlining was disabled ++ call5(nanosleepABI0, uintptr(unsafe.Pointer(&ts)), 0, 0, 0, 0) ++ } ++ return int(syscall.EAGAIN) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_setenv.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_setenv.go +new file mode 100644 +index 00000000000000..a79441edffbcb9 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_setenv.go +@@ -0,0 +1,18 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && darwin ++ ++package fakecgo ++ ++//go:nosplit ++//go:norace ++func x_cgo_setenv(arg *[2]*byte) { ++ setenv(arg[0], arg[1], 1) ++} ++ ++//go:nosplit ++//go:norace ++func x_cgo_unsetenv(arg *[1]*byte) { ++ unsetenv(arg[0]) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_util.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_util.go +new file mode 100644 +index 00000000000000..1d59e7f6b628d1 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_util.go +@@ -0,0 +1,38 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && darwin ++ ++package fakecgo ++ ++import "unsafe" ++ ++// _cgo_thread_start is split into three parts in cgo since only one part is system dependent (keep it here for easier handling) ++ ++// _cgo_thread_start(ThreadStart *arg) (runtime/cgo/gcc_util.c) ++// This get's called instead of the go code for creating new threads ++// -> pthread_* stuff is used, so threads are setup correctly for C ++// If this is missing, TLS is only setup correctly on thread 1! ++// This function should be go:systemstack instead of go:nosplit (but that requires runtime) ++// ++//go:nosplit ++//go:norace ++func x_cgo_thread_start(arg *ThreadStart) { ++ var ts *ThreadStart ++ // Make our own copy that can persist after we return. ++ // _cgo_tsan_acquire(); ++ ts = (*ThreadStart)(malloc(unsafe.Sizeof(*ts))) ++ // _cgo_tsan_release(); ++ if ts == nil { ++ println("fakecgo: out of memory in thread_start") ++ abort() ++ } ++ // *ts = *arg would cause a writebarrier so copy using slices ++ const ptrSize = unsafe.Sizeof(uintptr(0)) ++ s1 := unsafe.Slice((*uintptr)(unsafe.Pointer(ts)), unsafe.Sizeof(*ts)/ptrSize) ++ s2 := unsafe.Slice((*uintptr)(unsafe.Pointer(arg)), unsafe.Sizeof(*arg)/ptrSize) ++ for i := range s2 { ++ s1[i] = s2[i] ++ } ++ _cgo_sys_thread_start(ts) // OS-dependent half ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/iscgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/iscgo.go +new file mode 100644 +index 00000000000000..76f7ef6dc58c7c +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/iscgo.go +@@ -0,0 +1,19 @@ ++// Copyright 2010 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo && darwin ++ ++// The runtime package contains an uninitialized definition ++// for runtime·iscgo. Override it to tell the runtime we're here. ++// There are various function pointers that should be set too, ++// but those depend on dynamic linker magic to get initialized ++// correctly, and sometimes they break. This variable is a ++// backup: it depends only on old C style static linking rules. ++ ++package fakecgo ++ ++import _ "unsafe" // for go:linkname ++ ++//go:linkname _iscgo runtime.iscgo ++var _iscgo bool = true +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/libcgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/libcgo.go +new file mode 100644 +index 00000000000000..001b698842a36c +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/libcgo.go +@@ -0,0 +1,39 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && darwin ++ ++package fakecgo ++ ++type ( ++ size_t uintptr ++ // Sources: ++ // Darwin (32 bytes) - https://github.com/apple/darwin-xnu/blob/2ff845c2e033bd0ff64b5b6aa6063a1f8f65aa32/bsd/sys/_types.h#L74 ++ // FreeBSD (32 bytes) - https://github.com/DoctorWkt/xv6-freebsd/blob/d2a294c2a984baed27676068b15ed9a29b06ab6f/include/signal.h#L98C9-L98C21 ++ // Linux (128 bytes) - https://github.com/torvalds/linux/blob/ab75170520d4964f3acf8bb1f91d34cbc650688e/arch/x86/include/asm/signal.h#L25 ++ sigset_t [128]byte ++ pthread_attr_t [64]byte ++ pthread_t int ++ pthread_key_t uint64 ++) ++ ++// for pthread_sigmask: ++ ++type sighow int32 ++ ++const ( ++ SIG_BLOCK sighow = 0 ++ SIG_UNBLOCK sighow = 1 ++ SIG_SETMASK sighow = 2 ++) ++ ++type G struct { ++ stacklo uintptr ++ stackhi uintptr ++} ++ ++type ThreadStart struct { ++ g *G ++ tls *uintptr ++ fn uintptr ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/libcgo_darwin.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/libcgo_darwin.go +new file mode 100644 +index 00000000000000..ecdcb2e7852560 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/libcgo_darwin.go +@@ -0,0 +1,26 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo ++ ++package fakecgo ++ ++type ( ++ pthread_mutex_t struct { ++ sig int64 ++ opaque [56]byte ++ } ++ pthread_cond_t struct { ++ sig int64 ++ opaque [40]byte ++ } ++) ++ ++var ( ++ PTHREAD_COND_INITIALIZER = pthread_cond_t{sig: 0x3CB0B1BB} ++ PTHREAD_MUTEX_INITIALIZER = pthread_mutex_t{sig: 0x32AAABA7} ++) ++ ++type stack_t struct { ++ /* not implemented */ ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/setenv.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/setenv.go +new file mode 100644 +index 00000000000000..e761fecfb89280 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/setenv.go +@@ -0,0 +1,19 @@ ++// Copyright 2011 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo && darwin ++ ++package fakecgo ++ ++import _ "unsafe" // for go:linkname ++ ++//go:linkname x_cgo_setenv_trampoline x_cgo_setenv_trampoline ++//go:linkname _cgo_setenv runtime._cgo_setenv ++var x_cgo_setenv_trampoline byte ++var _cgo_setenv = &x_cgo_setenv_trampoline ++ ++//go:linkname x_cgo_unsetenv_trampoline x_cgo_unsetenv_trampoline ++//go:linkname _cgo_unsetenv runtime._cgo_unsetenv ++var x_cgo_unsetenv_trampoline byte ++var _cgo_unsetenv = &x_cgo_unsetenv_trampoline +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/trampolines_amd64.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/trampolines_amd64.s +new file mode 100644 +index 00000000000000..098f56ce5e6b77 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/trampolines_amd64.s +@@ -0,0 +1,107 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && darwin ++ ++/* ++trampoline for emulating required C functions for cgo in go (see cgo.go) ++(we convert cdecl calling convention to go and vice-versa) ++ ++C Calling convention cdecl used here (we only need integer args): ++1. arg: DI ++2. arg: SI ++3. arg: DX ++4. arg: CX ++5. arg: R8 ++6. arg: R9 ++We don't need floats with these functions -> AX=0 ++return value will be in AX ++temporary register is R11 ++*/ ++#include "textflag.h" ++#include "go_asm.h" ++#include "abi_amd64.h" ++ ++// these trampolines map the gcc ABI to Go ABI and then calls into the Go equivalent functions. ++ ++TEXT x_cgo_init_trampoline(SB), NOSPLIT, $16 ++ MOVQ DI, AX ++ MOVQ SI, BX ++ MOVQ ·x_cgo_init_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_thread_start_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_setenv_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_unsetenv_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0 ++ JMP ·x_cgo_notify_runtime_init_done(SB) ++ ++TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 ++ JMP ·x_cgo_bindm(SB) ++ ++// func setg_trampoline(setg uintptr, g uintptr) ++TEXT ·setg_trampoline(SB), NOSPLIT, $0-16 ++ MOVQ G+8(FP), DI ++ MOVQ setg+0(FP), R11 ++ XORL AX, AX ++ CALL R11 ++ RET ++ ++TEXT threadentry_trampoline(SB), NOSPLIT, $0 ++ // See crosscall2. ++ PUSH_REGS_HOST_TO_ABI0() ++ ++ // X15 is designated by Go as a fixed zero register. ++ // Calling directly into ABIInternal, ensure it is zero. ++ PXOR X15, X15 ++ ++ MOVQ DI, AX ++ MOVQ ·threadentry_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ ++ POP_REGS_HOST_TO_ABI0() ++ RET ++ ++TEXT ·call5(SB), NOSPLIT, $0-56 ++ MOVQ fn+0(FP), R11 ++ MOVQ a1+8(FP), DI ++ MOVQ a2+16(FP), SI ++ MOVQ a3+24(FP), DX ++ MOVQ a4+32(FP), CX ++ MOVQ a5+40(FP), R8 ++ ++ XORL AX, AX // no floats ++ ++ PUSHQ BP // save BP ++ MOVQ SP, BP // save SP inside BP bc BP is callee-saved ++ SUBQ $16, SP // allocate space for alignment ++ ANDQ $-16, SP // align on 16 bytes for SSE ++ ++ CALL R11 ++ ++ MOVQ BP, SP // get SP back ++ POPQ BP // restore BP ++ ++ MOVQ AX, ret+48(FP) ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/trampolines_arm64.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/trampolines_arm64.s +new file mode 100644 +index 00000000000000..970f3fd9a1ef0d +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/trampolines_arm64.s +@@ -0,0 +1,81 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && darwin ++ ++#include "textflag.h" ++#include "go_asm.h" ++#include "abi_arm64.h" ++ ++// These trampolines map the gcc ABI to Go ABIInternal and then calls into the Go equivalent functions. ++// Note that C arguments are passed in R0-R7, which matches Go ABIInternal for the first eight arguments. ++// R9 is used as a temporary register. ++ ++TEXT x_cgo_init_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_init_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_thread_start_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_setenv_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_unsetenv_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0-0 ++ CALL ·x_cgo_notify_runtime_init_done(SB) ++ RET ++ ++TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 ++ CALL ·x_cgo_bindm(SB) ++ RET ++ ++// func setg_trampoline(setg uintptr, g uintptr) ++TEXT ·setg_trampoline(SB), NOSPLIT, $0-16 ++ MOVD G+8(FP), R0 ++ MOVD setg+0(FP), R9 ++ CALL R9 ++ RET ++ ++TEXT threadentry_trampoline(SB), NOSPLIT, $0-0 ++ // See crosscall2. ++ SUB $(8*24), RSP ++ STP (R0, R1), (8*1)(RSP) ++ MOVD R3, (8*3)(RSP) ++ ++ SAVE_R19_TO_R28(8*4) ++ SAVE_F8_TO_F15(8*14) ++ ++ MOVD ·threadentry_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ MOVD $0, R0 // TODO: get the return value from threadentry ++ ++ RESTORE_R19_TO_R28(8*4) ++ RESTORE_F8_TO_F15(8*14) ++ ADD $(8*24), RSP ++ RET ++ ++TEXT ·call5(SB), NOSPLIT, $0-0 ++ MOVD fn+0(FP), R9 ++ MOVD a1+8(FP), R0 ++ MOVD a2+16(FP), R1 ++ MOVD a3+24(FP), R2 ++ MOVD a4+32(FP), R3 ++ MOVD a5+40(FP), R4 ++ CALL R9 ++ MOVD R0, ret+48(FP) ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/zsymbols.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/zsymbols.go +new file mode 100644 +index 00000000000000..3f720df236e392 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/zsymbols.go +@@ -0,0 +1,165 @@ ++// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && darwin ++ ++package fakecgo ++ ++import ( ++ "syscall" ++ "unsafe" ++) ++ ++//go:nosplit ++//go:norace ++func malloc(size uintptr) unsafe.Pointer { ++ ret := call5(mallocABI0, uintptr(size), 0, 0, 0, 0) ++ // this indirection is to avoid go vet complaining about possible misuse of unsafe.Pointer ++ return *(*unsafe.Pointer)(unsafe.Pointer(&ret)) ++} ++ ++//go:nosplit ++//go:norace ++func free(ptr unsafe.Pointer) { ++ call5(freeABI0, uintptr(ptr), 0, 0, 0, 0) ++} ++ ++//go:nosplit ++//go:norace ++func setenv(name *byte, value *byte, overwrite int32) int32 { ++ return int32(call5(setenvABI0, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(value)), uintptr(overwrite), 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func unsetenv(name *byte) int32 { ++ return int32(call5(unsetenvABI0, uintptr(unsafe.Pointer(name)), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func sigfillset(set *sigset_t) int32 { ++ return int32(call5(sigfillsetABI0, uintptr(unsafe.Pointer(set)), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func nanosleep(ts *syscall.Timespec, rem *syscall.Timespec) int32 { ++ return int32(call5(nanosleepABI0, uintptr(unsafe.Pointer(ts)), uintptr(unsafe.Pointer(rem)), 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func abort() { ++ call5(abortABI0, 0, 0, 0, 0, 0) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_attr_init(attr *pthread_attr_t) int32 { ++ return int32(call5(pthread_attr_initABI0, uintptr(unsafe.Pointer(attr)), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_create(thread *pthread_t, attr *pthread_attr_t, start unsafe.Pointer, arg unsafe.Pointer) int32 { ++ return int32(call5(pthread_createABI0, uintptr(unsafe.Pointer(thread)), uintptr(unsafe.Pointer(attr)), uintptr(start), uintptr(arg), 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_detach(thread pthread_t) int32 { ++ return int32(call5(pthread_detachABI0, uintptr(thread), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_sigmask(how sighow, ign *sigset_t, oset *sigset_t) int32 { ++ return int32(call5(pthread_sigmaskABI0, uintptr(how), uintptr(unsafe.Pointer(ign)), uintptr(unsafe.Pointer(oset)), 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_mutex_lock(mutex *pthread_mutex_t) int32 { ++ return int32(call5(pthread_mutex_lockABI0, uintptr(unsafe.Pointer(mutex)), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_mutex_unlock(mutex *pthread_mutex_t) int32 { ++ return int32(call5(pthread_mutex_unlockABI0, uintptr(unsafe.Pointer(mutex)), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_cond_broadcast(cond *pthread_cond_t) int32 { ++ return int32(call5(pthread_cond_broadcastABI0, uintptr(unsafe.Pointer(cond)), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_setspecific(key pthread_key_t, value unsafe.Pointer) int32 { ++ return int32(call5(pthread_setspecificABI0, uintptr(key), uintptr(value), 0, 0, 0)) ++} ++ ++//go:linkname _malloc _malloc ++var _malloc uint8 ++var mallocABI0 = uintptr(unsafe.Pointer(&_malloc)) ++ ++//go:linkname _free _free ++var _free uint8 ++var freeABI0 = uintptr(unsafe.Pointer(&_free)) ++ ++//go:linkname _setenv _setenv ++var _setenv uint8 ++var setenvABI0 = uintptr(unsafe.Pointer(&_setenv)) ++ ++//go:linkname _unsetenv _unsetenv ++var _unsetenv uint8 ++var unsetenvABI0 = uintptr(unsafe.Pointer(&_unsetenv)) ++ ++//go:linkname _sigfillset _sigfillset ++var _sigfillset uint8 ++var sigfillsetABI0 = uintptr(unsafe.Pointer(&_sigfillset)) ++ ++//go:linkname _nanosleep _nanosleep ++var _nanosleep uint8 ++var nanosleepABI0 = uintptr(unsafe.Pointer(&_nanosleep)) ++ ++//go:linkname _abort _abort ++var _abort uint8 ++var abortABI0 = uintptr(unsafe.Pointer(&_abort)) ++ ++//go:linkname _pthread_attr_init _pthread_attr_init ++var _pthread_attr_init uint8 ++var pthread_attr_initABI0 = uintptr(unsafe.Pointer(&_pthread_attr_init)) ++ ++//go:linkname _pthread_create _pthread_create ++var _pthread_create uint8 ++var pthread_createABI0 = uintptr(unsafe.Pointer(&_pthread_create)) ++ ++//go:linkname _pthread_detach _pthread_detach ++var _pthread_detach uint8 ++var pthread_detachABI0 = uintptr(unsafe.Pointer(&_pthread_detach)) ++ ++//go:linkname _pthread_sigmask _pthread_sigmask ++var _pthread_sigmask uint8 ++var pthread_sigmaskABI0 = uintptr(unsafe.Pointer(&_pthread_sigmask)) ++ ++//go:linkname _pthread_mutex_lock _pthread_mutex_lock ++var _pthread_mutex_lock uint8 ++var pthread_mutex_lockABI0 = uintptr(unsafe.Pointer(&_pthread_mutex_lock)) ++ ++//go:linkname _pthread_mutex_unlock _pthread_mutex_unlock ++var _pthread_mutex_unlock uint8 ++var pthread_mutex_unlockABI0 = uintptr(unsafe.Pointer(&_pthread_mutex_unlock)) ++ ++//go:linkname _pthread_cond_broadcast _pthread_cond_broadcast ++var _pthread_cond_broadcast uint8 ++var pthread_cond_broadcastABI0 = uintptr(unsafe.Pointer(&_pthread_cond_broadcast)) ++ ++//go:linkname _pthread_setspecific _pthread_setspecific ++var _pthread_setspecific uint8 ++var pthread_setspecificABI0 = uintptr(unsafe.Pointer(&_pthread_setspecific)) +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/zsymbols_darwin.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/zsymbols_darwin.go +new file mode 100644 +index 00000000000000..960f8168eb88d7 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/zsymbols_darwin.go +@@ -0,0 +1,59 @@ ++// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo ++ ++package fakecgo ++ ++import "unsafe" ++ ++//go:cgo_import_dynamic purego_malloc malloc "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_free free "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_setenv setenv "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_unsetenv unsetenv "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_sigfillset sigfillset "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_nanosleep nanosleep "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_abort abort "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_create pthread_create "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_detach pthread_detach "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_mutex_lock pthread_mutex_lock "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_mutex_unlock pthread_mutex_unlock "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_cond_broadcast pthread_cond_broadcast "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_setspecific pthread_setspecific "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_self pthread_self "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_get_stacksize_np pthread_get_stacksize_np "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_attr_setstacksize pthread_attr_setstacksize "/usr/lib/libSystem.B.dylib" ++ ++//go:nosplit ++//go:norace ++func pthread_self() pthread_t { ++ return pthread_t(call5(pthread_selfABI0, 0, 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_get_stacksize_np(thread pthread_t) size_t { ++ return size_t(call5(pthread_get_stacksize_npABI0, uintptr(thread), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_attr_setstacksize(attr *pthread_attr_t, size size_t) int32 { ++ return int32(call5(pthread_attr_setstacksizeABI0, uintptr(unsafe.Pointer(attr)), uintptr(size), 0, 0, 0)) ++} ++ ++//go:linkname _pthread_self _pthread_self ++var _pthread_self uint8 ++var pthread_selfABI0 = uintptr(unsafe.Pointer(&_pthread_self)) ++ ++//go:linkname _pthread_get_stacksize_np _pthread_get_stacksize_np ++var _pthread_get_stacksize_np uint8 ++var pthread_get_stacksize_npABI0 = uintptr(unsafe.Pointer(&_pthread_get_stacksize_np)) ++ ++//go:linkname _pthread_attr_setstacksize _pthread_attr_setstacksize ++var _pthread_attr_setstacksize uint8 ++var pthread_attr_setstacksizeABI0 = uintptr(unsafe.Pointer(&_pthread_attr_setstacksize)) +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/ztrampolines_darwin.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/ztrampolines_darwin.s +new file mode 100644 +index 00000000000000..35ef7ac11cb955 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/ztrampolines_darwin.s +@@ -0,0 +1,19 @@ ++// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo ++ ++#include "textflag.h" ++ ++// these stubs are here because it is not possible to go:linkname directly the C functions ++ ++TEXT _pthread_self(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_self(SB) ++ ++TEXT _pthread_get_stacksize_np(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_get_stacksize_np(SB) ++ ++TEXT _pthread_attr_setstacksize(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_attr_setstacksize(SB) +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/ztrampolines_stubs.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/ztrampolines_stubs.s +new file mode 100644 +index 00000000000000..c59e0dce68c449 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/ztrampolines_stubs.s +@@ -0,0 +1,55 @@ ++// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && darwin ++ ++#include "textflag.h" ++ ++// these stubs are here because it is not possible to go:linkname directly the C functions ++ ++TEXT _malloc(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_malloc(SB) ++ ++TEXT _free(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_free(SB) ++ ++TEXT _setenv(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_setenv(SB) ++ ++TEXT _unsetenv(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_unsetenv(SB) ++ ++TEXT _sigfillset(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_sigfillset(SB) ++ ++TEXT _nanosleep(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_nanosleep(SB) ++ ++TEXT _abort(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_abort(SB) ++ ++TEXT _pthread_attr_init(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_attr_init(SB) ++ ++TEXT _pthread_create(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_create(SB) ++ ++TEXT _pthread_detach(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_detach(SB) ++ ++TEXT _pthread_sigmask(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_sigmask(SB) ++ ++TEXT _pthread_mutex_lock(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_mutex_lock(SB) ++ ++TEXT _pthread_mutex_unlock(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_mutex_unlock(SB) ++ ++TEXT _pthread_cond_broadcast(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_cond_broadcast(SB) ++ ++TEXT _pthread_setspecific(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_setspecific(SB) +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/security.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/security.go +new file mode 100644 +index 00000000000000..74ee18d383784e +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/security.go +@@ -0,0 +1,9 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Package security provides a Go interface to the Security framework ++package security ++ ++//go:generate go run ../../cmd/checkheader shims.h ++//go:generate go run ../../cmd/mkcgo -out zsecurity.go -package security --noerrors shims.h ++//go:generate go run ../../cmd/mkcgo -out zsecurity.go -nocgo -package security --noerrors shims.h +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/shims.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/shims.h +new file mode 100644 +index 00000000000000..d37be58038a718 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/shims.h +@@ -0,0 +1,107 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// This header file is used by the mkcgo tool to generate cgo and Go bindings for the ++// Security framework C API. Run "go generate ." to regenerate the bindings. ++// Do not include this file, import "zsecurity.h" instead. ++ ++#ifndef _GO_SECURITY_SHIMS_H // only include this header once ++#define _GO_SECURITY_SHIMS_H ++ ++#include // bool ++#include // uint64_t ++#include // size_t ++ ++// The following includes are used by the checkheader tool. ++// #include ++ ++typedef unsigned char Boolean; ++typedef void *SecRandomRef; ++typedef void *SecKeyRef; ++typedef void *CFDataRef; ++typedef void *CFTypeRef; ++typedef void *CFStringRef; ++typedef void *CFDictionaryRef; ++typedef void *CFMutableDictionaryRef; ++typedef void *CFNumberRef; ++typedef void *CFErrorRef; ++typedef void *CFAllocatorRef; ++typedef void *CFDictionaryKeyCallBacks; ++typedef void *CFDictionaryValueCallBacks; ++typedef long CFIndex; ++typedef CFStringRef SecKeyAlgorithm; ++ ++typedef enum { ++ kSecKeyOperationTypeSign = 0, ++ kSecKeyOperationTypeVerify = 1, ++ kSecKeyOperationTypeEncrypt = 2, ++ kSecKeyOperationTypeDecrypt = 3, ++} SecKeyOperationType; ++ ++typedef enum { ++ kCFStringEncodingUTF8 = 0x08000100 ++} CFStringEncoding; ++ ++typedef enum { ++ kCFNumberLongType = 10 ++} CFNumberType; ++ ++extern const CFAllocatorRef kCFAllocatorDefault __attribute__((framework(CoreFoundation, A))); ++extern const SecRandomRef kSecRandomDefault __attribute__((framework(Security, A))); ++extern const CFStringRef kSecAttrKeyTypeRSA __attribute__((framework(Security, A))); ++extern const CFStringRef kSecAttrKeyClassPublic __attribute__((framework(Security, A))); ++extern const CFStringRef kSecAttrKeyClassPrivate __attribute__((framework(Security, A))); ++extern const CFStringRef kSecAttrKeyType __attribute__((framework(Security, A))); ++extern const CFStringRef kSecAttrKeySizeInBits __attribute__((framework(Security, A))); ++extern const CFStringRef kSecAttrKeyClass __attribute__((framework(Security, A))); ++// PSS ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA1 __attribute__((framework(Security, A))); ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA224 __attribute__((framework(Security, A))); ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA256 __attribute__((framework(Security, A))); ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA384 __attribute__((framework(Security, A))); ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA512 __attribute__((framework(Security, A))); ++// RAW ++extern const CFStringRef kSecKeyAlgorithmRSAEncryptionRaw __attribute__((framework(Security, A))); ++// PKCS1v15 ++extern const CFStringRef kSecKeyAlgorithmRSAEncryptionPKCS1 __attribute__((framework(Security, A))); ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 __attribute__((framework(Security, A))); ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 __attribute__((framework(Security, A))); ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 __attribute__((framework(Security, A))); ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 __attribute__((framework(Security, A))); ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 __attribute__((framework(Security, A))); ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw __attribute__((framework(Security, A))); ++// OAEP ++extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA1 __attribute__((framework(Security, A))); ++extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA224 __attribute__((framework(Security, A))); ++extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA256 __attribute__((framework(Security, A))); ++extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA384 __attribute__((framework(Security, A))); ++extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA512 __attribute__((framework(Security, A))); ++// ECDSA ++extern const CFStringRef kSecKeyAlgorithmECDSASignatureDigestX962 __attribute__((framework(Security, A))); ++ ++int SecRandomCopyBytes(SecRandomRef rnd, size_t count, void *bytes) __attribute__((framework(Security, A), noescape, nocallback, slice(bytes, count))); ++SecKeyRef SecKeyCopyPublicKey(SecKeyRef key) __attribute__((framework(Security, A))); ++SecKeyRef SecKeyCreateWithData(CFDataRef keyData, CFDictionaryRef attributes, CFErrorRef *error) __attribute__((noescape, nocallback, framework(Security, A))); ++SecKeyRef SecKeyCreateRandomKey(CFDictionaryRef parameters, CFErrorRef *error) __attribute__((noescape, nocallback, framework(Security, A))); ++CFDataRef SecKeyCopyExternalRepresentation(SecKeyRef key, CFErrorRef *error) __attribute__((noescape, nocallback, framework(Security, A))); ++CFDataRef SecKeyCreateDecryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef ciphertext, CFErrorRef *error) __attribute__((noescape, nocallback, framework(Security, A))); ++CFDataRef SecKeyCreateEncryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef plaintext, CFErrorRef *error) __attribute__((noescape, nocallback, framework(Security, A))); ++CFDataRef SecKeyCreateSignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef data, CFErrorRef *error) __attribute__((noescape, nocallback, framework(Security, A))); ++Boolean SecKeyVerifySignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef signedData, CFDataRef signature, CFErrorRef *error) __attribute__((noescape, nocallback, framework(Security, A))); ++Boolean SecKeyIsAlgorithmSupported(SecKeyRef key, SecKeyOperationType operation, SecKeyAlgorithm algorithm) __attribute__((framework(Security, A))); ++size_t SecKeyGetBlockSize(SecKeyRef key) __attribute__((framework(Security, A))); ++ ++CFDataRef CFDataCreate(CFAllocatorRef allocator, const uint8_t *bytes, CFIndex length) __attribute__((noescape, nocallback, framework(CoreFoundation, A), slice(bytes, length))); ++CFDictionaryRef CFDictionaryCreate(CFAllocatorRef allocator, const void **keys, const void **values, CFIndex numValues, const CFDictionaryKeyCallBacks *keyCallBacks, const CFDictionaryValueCallBacks *valueCallBacks) __attribute__((framework(CoreFoundation, A))); ++CFMutableDictionaryRef CFDictionaryCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFDictionaryKeyCallBacks *keyCallBacks, const CFDictionaryValueCallBacks *valueCallBacks) __attribute__((framework(CoreFoundation, A))); ++CFNumberRef CFNumberCreate(CFAllocatorRef allocator, CFNumberType theType, const void *valuePtr) __attribute__((noescape, nocallback, framework(CoreFoundation, A))); ++CFIndex CFDataGetLength(CFDataRef data) __attribute__((framework(CoreFoundation, A))); ++const uint8_t *CFDataGetBytePtr(CFDataRef data) __attribute__((framework(CoreFoundation, A))); ++void CFRelease(CFTypeRef cf) __attribute__((framework(CoreFoundation, A))); ++void CFDictionarySetValue(CFMutableDictionaryRef theDict, const void *key, const void *value) __attribute__((framework(CoreFoundation, A))); ++CFStringRef CFErrorCopyDescription(CFErrorRef error) __attribute__((framework(CoreFoundation, A))); ++const char *CFStringGetCStringPtr(CFStringRef str, CFStringEncoding encoding) __attribute__((framework(CoreFoundation, A))); ++CFIndex CFStringGetLength(CFStringRef str) __attribute__((framework(CoreFoundation, A))); ++CFIndex CFErrorGetCode(CFErrorRef error) __attribute__((framework(CoreFoundation, A))); ++ ++#endif // _GO_SECURITY_SHIMS_H +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/syscall_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/syscall_nocgo.go +new file mode 100644 +index 00000000000000..3a03e583346c1c +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/syscall_nocgo.go +@@ -0,0 +1,15 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build !cgo ++ ++package security ++ ++import ( ++ "github.com/microsoft/go-crypto-darwin/internal/xsyscall" ++) ++ ++//go:nosplit ++func syscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { ++ return xsyscall.SyscallN(errType, fn, args...) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.c b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.c +new file mode 100644 +index 00000000000000..a74278d02fd6ef +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.c +@@ -0,0 +1,127 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++#include ++#include ++#include ++#include ++#include "zsecurity.h" ++ ++CFDataRef CFDataCreate(CFAllocatorRef, const uint8_t*, CFIndex); ++const uint8_t* CFDataGetBytePtr(CFDataRef); ++CFIndex CFDataGetLength(CFDataRef); ++CFDictionaryRef CFDictionaryCreate(CFAllocatorRef, const void**, const void**, CFIndex, const CFDictionaryKeyCallBacks*, const CFDictionaryValueCallBacks*); ++CFMutableDictionaryRef CFDictionaryCreateMutable(CFAllocatorRef, CFIndex, const CFDictionaryKeyCallBacks*, const CFDictionaryValueCallBacks*); ++void CFDictionarySetValue(CFMutableDictionaryRef, const void*, const void*); ++CFStringRef CFErrorCopyDescription(CFErrorRef); ++CFIndex CFErrorGetCode(CFErrorRef); ++CFNumberRef CFNumberCreate(CFAllocatorRef, CFNumberType, const void*); ++void CFRelease(CFTypeRef); ++const char* CFStringGetCStringPtr(CFStringRef, CFStringEncoding); ++CFIndex CFStringGetLength(CFStringRef); ++CFDataRef SecKeyCopyExternalRepresentation(SecKeyRef, CFErrorRef*); ++SecKeyRef SecKeyCopyPublicKey(SecKeyRef); ++CFDataRef SecKeyCreateDecryptedData(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFErrorRef*); ++CFDataRef SecKeyCreateEncryptedData(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFErrorRef*); ++SecKeyRef SecKeyCreateRandomKey(CFDictionaryRef, CFErrorRef*); ++CFDataRef SecKeyCreateSignature(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFErrorRef*); ++SecKeyRef SecKeyCreateWithData(CFDataRef, CFDictionaryRef, CFErrorRef*); ++size_t SecKeyGetBlockSize(SecKeyRef); ++Boolean SecKeyIsAlgorithmSupported(SecKeyRef, SecKeyOperationType, SecKeyAlgorithm); ++Boolean SecKeyVerifySignature(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFDataRef, CFErrorRef*); ++int SecRandomCopyBytes(SecRandomRef, size_t, unsigned char*); ++ ++CFDataRef _mkcgo_CFDataCreate(CFAllocatorRef _arg0, const uint8_t* _arg1, CFIndex _arg2) { ++ return CFDataCreate(_arg0, _arg1, _arg2); ++} ++ ++const uint8_t* _mkcgo_CFDataGetBytePtr(CFDataRef _arg0) { ++ return CFDataGetBytePtr(_arg0); ++} ++ ++CFIndex _mkcgo_CFDataGetLength(CFDataRef _arg0) { ++ return CFDataGetLength(_arg0); ++} ++ ++CFDictionaryRef _mkcgo_CFDictionaryCreate(CFAllocatorRef _arg0, const void** _arg1, const void** _arg2, CFIndex _arg3, const CFDictionaryKeyCallBacks* _arg4, const CFDictionaryValueCallBacks* _arg5) { ++ return CFDictionaryCreate(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++} ++ ++CFMutableDictionaryRef _mkcgo_CFDictionaryCreateMutable(CFAllocatorRef _arg0, CFIndex _arg1, const CFDictionaryKeyCallBacks* _arg2, const CFDictionaryValueCallBacks* _arg3) { ++ return CFDictionaryCreateMutable(_arg0, _arg1, _arg2, _arg3); ++} ++ ++void _mkcgo_CFDictionarySetValue(CFMutableDictionaryRef _arg0, const void* _arg1, const void* _arg2) { ++ CFDictionarySetValue(_arg0, _arg1, _arg2); ++} ++ ++CFStringRef _mkcgo_CFErrorCopyDescription(CFErrorRef _arg0) { ++ return CFErrorCopyDescription(_arg0); ++} ++ ++CFIndex _mkcgo_CFErrorGetCode(CFErrorRef _arg0) { ++ return CFErrorGetCode(_arg0); ++} ++ ++CFNumberRef _mkcgo_CFNumberCreate(CFAllocatorRef _arg0, CFNumberType _arg1, const void* _arg2) { ++ return CFNumberCreate(_arg0, _arg1, _arg2); ++} ++ ++void _mkcgo_CFRelease(CFTypeRef _arg0) { ++ CFRelease(_arg0); ++} ++ ++const char* _mkcgo_CFStringGetCStringPtr(CFStringRef _arg0, CFStringEncoding _arg1) { ++ return CFStringGetCStringPtr(_arg0, _arg1); ++} ++ ++CFIndex _mkcgo_CFStringGetLength(CFStringRef _arg0) { ++ return CFStringGetLength(_arg0); ++} ++ ++CFDataRef _mkcgo_SecKeyCopyExternalRepresentation(SecKeyRef _arg0, CFErrorRef* _arg1) { ++ return SecKeyCopyExternalRepresentation(_arg0, _arg1); ++} ++ ++SecKeyRef _mkcgo_SecKeyCopyPublicKey(SecKeyRef _arg0) { ++ return SecKeyCopyPublicKey(_arg0); ++} ++ ++CFDataRef _mkcgo_SecKeyCreateDecryptedData(SecKeyRef _arg0, SecKeyAlgorithm _arg1, CFDataRef _arg2, CFErrorRef* _arg3) { ++ return SecKeyCreateDecryptedData(_arg0, _arg1, _arg2, _arg3); ++} ++ ++CFDataRef _mkcgo_SecKeyCreateEncryptedData(SecKeyRef _arg0, SecKeyAlgorithm _arg1, CFDataRef _arg2, CFErrorRef* _arg3) { ++ return SecKeyCreateEncryptedData(_arg0, _arg1, _arg2, _arg3); ++} ++ ++SecKeyRef _mkcgo_SecKeyCreateRandomKey(CFDictionaryRef _arg0, CFErrorRef* _arg1) { ++ return SecKeyCreateRandomKey(_arg0, _arg1); ++} ++ ++CFDataRef _mkcgo_SecKeyCreateSignature(SecKeyRef _arg0, SecKeyAlgorithm _arg1, CFDataRef _arg2, CFErrorRef* _arg3) { ++ return SecKeyCreateSignature(_arg0, _arg1, _arg2, _arg3); ++} ++ ++SecKeyRef _mkcgo_SecKeyCreateWithData(CFDataRef _arg0, CFDictionaryRef _arg1, CFErrorRef* _arg2) { ++ return SecKeyCreateWithData(_arg0, _arg1, _arg2); ++} ++ ++size_t _mkcgo_SecKeyGetBlockSize(SecKeyRef _arg0) { ++ return SecKeyGetBlockSize(_arg0); ++} ++ ++Boolean _mkcgo_SecKeyIsAlgorithmSupported(SecKeyRef _arg0, SecKeyOperationType _arg1, SecKeyAlgorithm _arg2) { ++ return SecKeyIsAlgorithmSupported(_arg0, _arg1, _arg2); ++} ++ ++Boolean _mkcgo_SecKeyVerifySignature(SecKeyRef _arg0, SecKeyAlgorithm _arg1, CFDataRef _arg2, CFDataRef _arg3, CFErrorRef* _arg4) { ++ return SecKeyVerifySignature(_arg0, _arg1, _arg2, _arg3, _arg4); ++} ++ ++int _mkcgo_SecRandomCopyBytes(SecRandomRef _arg0, size_t _arg1, unsigned char* _arg2) { ++ return SecRandomCopyBytes(_arg0, _arg1, _arg2); ++} ++ +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.go +new file mode 100644 +index 00000000000000..41aa0341b8a2b2 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.go +@@ -0,0 +1,21 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++package security ++ ++const ( ++ KSecKeyOperationTypeSign SecKeyOperationType = 0 ++ KSecKeyOperationTypeVerify SecKeyOperationType = 1 ++ KSecKeyOperationTypeEncrypt SecKeyOperationType = 2 ++ KSecKeyOperationTypeDecrypt SecKeyOperationType = 3 ++) ++ ++const ( ++ KCFStringEncodingUTF8 CFStringEncoding = 0x08000100 ++) ++ ++const ( ++ KCFNumberLongType CFNumberType = 10 ++) +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.h +new file mode 100644 +index 00000000000000..8a2524b3cd0fe6 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.h +@@ -0,0 +1,98 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++#ifndef MKCGO_H // only include this header once ++#define MKCGO_H ++ ++#include ++#include ++#include ++ ++typedef unsigned char Boolean; ++typedef void* SecRandomRef; ++typedef void* SecKeyRef; ++typedef void* CFDataRef; ++typedef void* CFTypeRef; ++typedef void* CFStringRef; ++typedef void* CFDictionaryRef; ++typedef void* CFMutableDictionaryRef; ++typedef void* CFNumberRef; ++typedef void* CFErrorRef; ++typedef void* CFAllocatorRef; ++typedef void* CFDictionaryKeyCallBacks; ++typedef void* CFDictionaryValueCallBacks; ++typedef long CFIndex; ++typedef CFStringRef SecKeyAlgorithm; ++ ++extern const CFAllocatorRef kCFAllocatorDefault; ++extern const SecRandomRef kSecRandomDefault; ++extern const CFStringRef kSecAttrKeyTypeRSA; ++extern const CFStringRef kSecAttrKeyClassPublic; ++extern const CFStringRef kSecAttrKeyClassPrivate; ++extern const CFStringRef kSecAttrKeyType; ++extern const CFStringRef kSecAttrKeySizeInBits; ++extern const CFStringRef kSecAttrKeyClass; ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA1; ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA224; ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA256; ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA384; ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA512; ++extern const CFStringRef kSecKeyAlgorithmRSAEncryptionRaw; ++extern const CFStringRef kSecKeyAlgorithmRSAEncryptionPKCS1; ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1; ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224; ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256; ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384; ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512; ++extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw; ++extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA1; ++extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA224; ++extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA256; ++extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA384; ++extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA512; ++extern const CFStringRef kSecKeyAlgorithmECDSASignatureDigestX962; ++ ++typedef enum { ++ kSecKeyOperationTypeSign = 0, ++ kSecKeyOperationTypeVerify = 1, ++ kSecKeyOperationTypeEncrypt = 2, ++ kSecKeyOperationTypeDecrypt = 3, ++} SecKeyOperationType; ++ ++typedef enum { ++ kCFStringEncodingUTF8 = 0x08000100, ++} CFStringEncoding; ++ ++typedef enum { ++ kCFNumberLongType = 10, ++} CFNumberType; ++ ++uintptr_t mkcgo_err_retrieve(); ++ ++CFDataRef _mkcgo_CFDataCreate(CFAllocatorRef, const uint8_t*, CFIndex); ++const uint8_t* _mkcgo_CFDataGetBytePtr(CFDataRef); ++CFIndex _mkcgo_CFDataGetLength(CFDataRef); ++CFDictionaryRef _mkcgo_CFDictionaryCreate(CFAllocatorRef, const void**, const void**, CFIndex, const CFDictionaryKeyCallBacks*, const CFDictionaryValueCallBacks*); ++CFMutableDictionaryRef _mkcgo_CFDictionaryCreateMutable(CFAllocatorRef, CFIndex, const CFDictionaryKeyCallBacks*, const CFDictionaryValueCallBacks*); ++void _mkcgo_CFDictionarySetValue(CFMutableDictionaryRef, const void*, const void*); ++CFStringRef _mkcgo_CFErrorCopyDescription(CFErrorRef); ++CFIndex _mkcgo_CFErrorGetCode(CFErrorRef); ++CFNumberRef _mkcgo_CFNumberCreate(CFAllocatorRef, CFNumberType, const void*); ++void _mkcgo_CFRelease(CFTypeRef); ++const char* _mkcgo_CFStringGetCStringPtr(CFStringRef, CFStringEncoding); ++CFIndex _mkcgo_CFStringGetLength(CFStringRef); ++CFDataRef _mkcgo_SecKeyCopyExternalRepresentation(SecKeyRef, CFErrorRef*); ++SecKeyRef _mkcgo_SecKeyCopyPublicKey(SecKeyRef); ++CFDataRef _mkcgo_SecKeyCreateDecryptedData(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFErrorRef*); ++CFDataRef _mkcgo_SecKeyCreateEncryptedData(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFErrorRef*); ++SecKeyRef _mkcgo_SecKeyCreateRandomKey(CFDictionaryRef, CFErrorRef*); ++CFDataRef _mkcgo_SecKeyCreateSignature(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFErrorRef*); ++SecKeyRef _mkcgo_SecKeyCreateWithData(CFDataRef, CFDictionaryRef, CFErrorRef*); ++size_t _mkcgo_SecKeyGetBlockSize(SecKeyRef); ++Boolean _mkcgo_SecKeyIsAlgorithmSupported(SecKeyRef, SecKeyOperationType, SecKeyAlgorithm); ++Boolean _mkcgo_SecKeyVerifySignature(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFDataRef, CFErrorRef*); ++int _mkcgo_SecRandomCopyBytes(SecRandomRef, size_t, unsigned char*); ++ ++#endif // MKCGO_H +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.s +new file mode 100644 +index 00000000000000..5b021a6afed14b +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.s +@@ -0,0 +1,172 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++//go:build !cgo ++ ++#include "textflag.h" ++ ++#ifndef GOARCH_amd64 ++#ifndef GOARCH_arm64 ++#ifndef GOARCH_riscv64 ++#ifndef GOARCH_loong64 ++#ifndef GOARCH_mips64 ++#ifndef GOARCH_mips64le ++#ifndef GOARCH_ppc64 ++#ifndef GOARCH_ppc64le ++#ifndef GOARCH_s390x ++#ifndef GOARCH_sparc64 ++#define _GOPTRSIZE 4 ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++ ++#ifndef _GOPTRSIZE ++#define _GOPTRSIZE 8 ++#endif ++TEXT _mkcgo_CFDataCreate_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CFDataCreate(SB) ++ ++GLOBL ·_mkcgo_CFDataCreate_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CFDataCreate_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFDataCreate_trampoline<>(SB) ++ ++TEXT _mkcgo_CFDataGetBytePtr_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CFDataGetBytePtr(SB) ++ ++GLOBL ·_mkcgo_CFDataGetBytePtr_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CFDataGetBytePtr_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFDataGetBytePtr_trampoline<>(SB) ++ ++TEXT _mkcgo_CFDataGetLength_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CFDataGetLength(SB) ++ ++GLOBL ·_mkcgo_CFDataGetLength_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CFDataGetLength_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFDataGetLength_trampoline<>(SB) ++ ++TEXT _mkcgo_CFDictionaryCreate_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CFDictionaryCreate(SB) ++ ++GLOBL ·_mkcgo_CFDictionaryCreate_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CFDictionaryCreate_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFDictionaryCreate_trampoline<>(SB) ++ ++TEXT _mkcgo_CFDictionaryCreateMutable_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CFDictionaryCreateMutable(SB) ++ ++GLOBL ·_mkcgo_CFDictionaryCreateMutable_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CFDictionaryCreateMutable_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFDictionaryCreateMutable_trampoline<>(SB) ++ ++TEXT _mkcgo_CFDictionarySetValue_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CFDictionarySetValue(SB) ++ ++GLOBL ·_mkcgo_CFDictionarySetValue_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CFDictionarySetValue_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFDictionarySetValue_trampoline<>(SB) ++ ++TEXT _mkcgo_CFErrorCopyDescription_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CFErrorCopyDescription(SB) ++ ++GLOBL ·_mkcgo_CFErrorCopyDescription_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CFErrorCopyDescription_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFErrorCopyDescription_trampoline<>(SB) ++ ++TEXT _mkcgo_CFErrorGetCode_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CFErrorGetCode(SB) ++ ++GLOBL ·_mkcgo_CFErrorGetCode_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CFErrorGetCode_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFErrorGetCode_trampoline<>(SB) ++ ++TEXT _mkcgo_CFNumberCreate_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CFNumberCreate(SB) ++ ++GLOBL ·_mkcgo_CFNumberCreate_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CFNumberCreate_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFNumberCreate_trampoline<>(SB) ++ ++TEXT _mkcgo_CFRelease_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CFRelease(SB) ++ ++GLOBL ·_mkcgo_CFRelease_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CFRelease_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFRelease_trampoline<>(SB) ++ ++TEXT _mkcgo_CFStringGetCStringPtr_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CFStringGetCStringPtr(SB) ++ ++GLOBL ·_mkcgo_CFStringGetCStringPtr_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CFStringGetCStringPtr_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFStringGetCStringPtr_trampoline<>(SB) ++ ++TEXT _mkcgo_CFStringGetLength_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_CFStringGetLength(SB) ++ ++GLOBL ·_mkcgo_CFStringGetLength_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_CFStringGetLength_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFStringGetLength_trampoline<>(SB) ++ ++TEXT _mkcgo_SecKeyCopyExternalRepresentation_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_SecKeyCopyExternalRepresentation(SB) ++ ++GLOBL ·_mkcgo_SecKeyCopyExternalRepresentation_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_SecKeyCopyExternalRepresentation_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyCopyExternalRepresentation_trampoline<>(SB) ++ ++TEXT _mkcgo_SecKeyCopyPublicKey_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_SecKeyCopyPublicKey(SB) ++ ++GLOBL ·_mkcgo_SecKeyCopyPublicKey_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_SecKeyCopyPublicKey_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyCopyPublicKey_trampoline<>(SB) ++ ++TEXT _mkcgo_SecKeyCreateDecryptedData_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_SecKeyCreateDecryptedData(SB) ++ ++GLOBL ·_mkcgo_SecKeyCreateDecryptedData_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_SecKeyCreateDecryptedData_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyCreateDecryptedData_trampoline<>(SB) ++ ++TEXT _mkcgo_SecKeyCreateEncryptedData_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_SecKeyCreateEncryptedData(SB) ++ ++GLOBL ·_mkcgo_SecKeyCreateEncryptedData_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_SecKeyCreateEncryptedData_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyCreateEncryptedData_trampoline<>(SB) ++ ++TEXT _mkcgo_SecKeyCreateRandomKey_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_SecKeyCreateRandomKey(SB) ++ ++GLOBL ·_mkcgo_SecKeyCreateRandomKey_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_SecKeyCreateRandomKey_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyCreateRandomKey_trampoline<>(SB) ++ ++TEXT _mkcgo_SecKeyCreateSignature_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_SecKeyCreateSignature(SB) ++ ++GLOBL ·_mkcgo_SecKeyCreateSignature_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_SecKeyCreateSignature_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyCreateSignature_trampoline<>(SB) ++ ++TEXT _mkcgo_SecKeyCreateWithData_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_SecKeyCreateWithData(SB) ++ ++GLOBL ·_mkcgo_SecKeyCreateWithData_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_SecKeyCreateWithData_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyCreateWithData_trampoline<>(SB) ++ ++TEXT _mkcgo_SecKeyGetBlockSize_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_SecKeyGetBlockSize(SB) ++ ++GLOBL ·_mkcgo_SecKeyGetBlockSize_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_SecKeyGetBlockSize_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyGetBlockSize_trampoline<>(SB) ++ ++TEXT _mkcgo_SecKeyIsAlgorithmSupported_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_SecKeyIsAlgorithmSupported(SB) ++ ++GLOBL ·_mkcgo_SecKeyIsAlgorithmSupported_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_SecKeyIsAlgorithmSupported_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyIsAlgorithmSupported_trampoline<>(SB) ++ ++TEXT _mkcgo_SecKeyVerifySignature_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_SecKeyVerifySignature(SB) ++ ++GLOBL ·_mkcgo_SecKeyVerifySignature_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_SecKeyVerifySignature_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyVerifySignature_trampoline<>(SB) ++ ++TEXT _mkcgo_SecRandomCopyBytes_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_SecRandomCopyBytes(SB) ++ ++GLOBL ·_mkcgo_SecRandomCopyBytes_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_SecRandomCopyBytes_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecRandomCopyBytes_trampoline<>(SB) ++ +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_cgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_cgo.go +new file mode 100644 +index 00000000000000..c17b764ee90662 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_cgo.go +@@ -0,0 +1,388 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++package security ++ ++/* ++#cgo CFLAGS: -Wno-attributes ++#cgo darwin LDFLAGS: -framework CoreFoundation ++#cgo darwin LDFLAGS: -framework Security ++ ++#include "zsecurity.h" ++#cgo noescape _mkcgo_CFDataCreate ++#cgo nocallback _mkcgo_CFDataCreate ++#cgo noescape _mkcgo_CFNumberCreate ++#cgo nocallback _mkcgo_CFNumberCreate ++#cgo noescape _mkcgo_SecKeyCopyExternalRepresentation ++#cgo nocallback _mkcgo_SecKeyCopyExternalRepresentation ++#cgo noescape _mkcgo_SecKeyCreateDecryptedData ++#cgo nocallback _mkcgo_SecKeyCreateDecryptedData ++#cgo noescape _mkcgo_SecKeyCreateEncryptedData ++#cgo nocallback _mkcgo_SecKeyCreateEncryptedData ++#cgo noescape _mkcgo_SecKeyCreateRandomKey ++#cgo nocallback _mkcgo_SecKeyCreateRandomKey ++#cgo noescape _mkcgo_SecKeyCreateSignature ++#cgo nocallback _mkcgo_SecKeyCreateSignature ++#cgo noescape _mkcgo_SecKeyCreateWithData ++#cgo nocallback _mkcgo_SecKeyCreateWithData ++#cgo noescape _mkcgo_SecKeyVerifySignature ++#cgo nocallback _mkcgo_SecKeyVerifySignature ++#cgo noescape _mkcgo_SecRandomCopyBytes ++#cgo nocallback _mkcgo_SecRandomCopyBytes ++*/ ++import "C" ++import "unsafe" ++ ++//go:cgo_import_dynamic _mkcgo_kCFAllocatorDefault kCFAllocatorDefault "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" ++//go:cgo_import_dynamic _mkcgo_kSecRandomDefault kSecRandomDefault "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecAttrKeyTypeRSA kSecAttrKeyTypeRSA "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecAttrKeyClassPublic kSecAttrKeyClassPublic "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecAttrKeyClassPrivate kSecAttrKeyClassPrivate "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecAttrKeyType kSecAttrKeyType "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecAttrKeySizeInBits kSecAttrKeySizeInBits "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecAttrKeyClass kSecAttrKeyClass "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 kSecKeyAlgorithmRSASignatureDigestPSSSHA1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 kSecKeyAlgorithmRSASignatureDigestPSSSHA224 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 kSecKeyAlgorithmRSASignatureDigestPSSSHA256 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 kSecKeyAlgorithmRSASignatureDigestPSSSHA384 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 kSecKeyAlgorithmRSASignatureDigestPSSSHA512 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw kSecKeyAlgorithmRSAEncryptionRaw "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 kSecKeyAlgorithmRSAEncryptionPKCS1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 kSecKeyAlgorithmRSAEncryptionOAEPSHA1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 kSecKeyAlgorithmRSAEncryptionOAEPSHA224 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 kSecKeyAlgorithmRSAEncryptionOAEPSHA256 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 kSecKeyAlgorithmRSAEncryptionOAEPSHA384 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 kSecKeyAlgorithmRSAEncryptionOAEPSHA512 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 kSecKeyAlgorithmECDSASignatureDigestX962 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++ ++//go:linkname _mkcgo_kCFAllocatorDefault _mkcgo_kCFAllocatorDefault ++//go:linkname _mkcgo_kSecRandomDefault _mkcgo_kSecRandomDefault ++//go:linkname _mkcgo_kSecAttrKeyTypeRSA _mkcgo_kSecAttrKeyTypeRSA ++//go:linkname _mkcgo_kSecAttrKeyClassPublic _mkcgo_kSecAttrKeyClassPublic ++//go:linkname _mkcgo_kSecAttrKeyClassPrivate _mkcgo_kSecAttrKeyClassPrivate ++//go:linkname _mkcgo_kSecAttrKeyType _mkcgo_kSecAttrKeyType ++//go:linkname _mkcgo_kSecAttrKeySizeInBits _mkcgo_kSecAttrKeySizeInBits ++//go:linkname _mkcgo_kSecAttrKeyClass _mkcgo_kSecAttrKeyClass ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw ++//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw ++//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 ++//go:linkname _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 ++ ++var ( ++ _mkcgo_kCFAllocatorDefault CFAllocatorRef ++ _mkcgo_kSecRandomDefault SecRandomRef ++ _mkcgo_kSecAttrKeyTypeRSA CFStringRef ++ _mkcgo_kSecAttrKeyClassPublic CFStringRef ++ _mkcgo_kSecAttrKeyClassPrivate CFStringRef ++ _mkcgo_kSecAttrKeyType CFStringRef ++ _mkcgo_kSecAttrKeySizeInBits CFStringRef ++ _mkcgo_kSecAttrKeyClass CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 CFStringRef ++ _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 CFStringRef ++) ++ ++//go:noinline ++func _mkcgo_addr_kCFAllocatorDefault() *CFAllocatorRef { return &_mkcgo_kCFAllocatorDefault } ++ ++//go:noinline ++func _mkcgo_addr_kSecRandomDefault() *SecRandomRef { return &_mkcgo_kSecRandomDefault } ++ ++//go:noinline ++func _mkcgo_addr_kSecAttrKeyTypeRSA() *CFStringRef { return &_mkcgo_kSecAttrKeyTypeRSA } ++ ++//go:noinline ++func _mkcgo_addr_kSecAttrKeyClassPublic() *CFStringRef { return &_mkcgo_kSecAttrKeyClassPublic } ++ ++//go:noinline ++func _mkcgo_addr_kSecAttrKeyClassPrivate() *CFStringRef { return &_mkcgo_kSecAttrKeyClassPrivate } ++ ++//go:noinline ++func _mkcgo_addr_kSecAttrKeyType() *CFStringRef { return &_mkcgo_kSecAttrKeyType } ++ ++//go:noinline ++func _mkcgo_addr_kSecAttrKeySizeInBits() *CFStringRef { return &_mkcgo_kSecAttrKeySizeInBits } ++ ++//go:noinline ++func _mkcgo_addr_kSecAttrKeyClass() *CFStringRef { return &_mkcgo_kSecAttrKeyClass } ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA1() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA224() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA256() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA384() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA512() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionRaw() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionRaw ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionPKCS1() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA1() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA224() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA256() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA384() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA512() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmECDSASignatureDigestX962() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 ++} ++ ++var ( ++ KCFAllocatorDefault CFAllocatorRef = *_mkcgo_addr_kCFAllocatorDefault() ++ KSecRandomDefault SecRandomRef = *_mkcgo_addr_kSecRandomDefault() ++ KSecAttrKeyTypeRSA CFStringRef = *_mkcgo_addr_kSecAttrKeyTypeRSA() ++ KSecAttrKeyClassPublic CFStringRef = *_mkcgo_addr_kSecAttrKeyClassPublic() ++ KSecAttrKeyClassPrivate CFStringRef = *_mkcgo_addr_kSecAttrKeyClassPrivate() ++ KSecAttrKeyType CFStringRef = *_mkcgo_addr_kSecAttrKeyType() ++ KSecAttrKeySizeInBits CFStringRef = *_mkcgo_addr_kSecAttrKeySizeInBits() ++ KSecAttrKeyClass CFStringRef = *_mkcgo_addr_kSecAttrKeyClass() ++ KSecKeyAlgorithmRSASignatureDigestPSSSHA1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA1() ++ KSecKeyAlgorithmRSASignatureDigestPSSSHA224 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA224() ++ KSecKeyAlgorithmRSASignatureDigestPSSSHA256 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA256() ++ KSecKeyAlgorithmRSASignatureDigestPSSSHA384 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA384() ++ KSecKeyAlgorithmRSASignatureDigestPSSSHA512 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA512() ++ KSecKeyAlgorithmRSAEncryptionRaw CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionRaw() ++ KSecKeyAlgorithmRSAEncryptionPKCS1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionPKCS1() ++ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1() ++ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224() ++ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256() ++ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384() ++ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512() ++ KSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw() ++ KSecKeyAlgorithmRSAEncryptionOAEPSHA1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA1() ++ KSecKeyAlgorithmRSAEncryptionOAEPSHA224 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA224() ++ KSecKeyAlgorithmRSAEncryptionOAEPSHA256 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA256() ++ KSecKeyAlgorithmRSAEncryptionOAEPSHA384 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA384() ++ KSecKeyAlgorithmRSAEncryptionOAEPSHA512 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA512() ++ KSecKeyAlgorithmECDSASignatureDigestX962 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmECDSASignatureDigestX962() ++) ++ ++type Boolean = C.Boolean ++type CFAllocatorRef = C.CFAllocatorRef ++type CFDataRef = C.CFDataRef ++type CFDictionaryKeyCallBacks = C.CFDictionaryKeyCallBacks ++type CFDictionaryRef = C.CFDictionaryRef ++type CFDictionaryValueCallBacks = C.CFDictionaryValueCallBacks ++type CFErrorRef = C.CFErrorRef ++type CFIndex = C.CFIndex ++type CFMutableDictionaryRef = C.CFMutableDictionaryRef ++type CFNumberRef = C.CFNumberRef ++type CFNumberType = C.CFNumberType ++type CFStringEncoding = C.CFStringEncoding ++type CFStringRef = C.CFStringRef ++type CFTypeRef = C.CFTypeRef ++type SecKeyAlgorithm = C.SecKeyAlgorithm ++type SecKeyOperationType = C.SecKeyOperationType ++type SecKeyRef = C.SecKeyRef ++type SecRandomRef = C.SecRandomRef ++ ++//go:nosplit ++func mkcgoNoEscape(p *C.uintptr_t) *C.uintptr_t { ++ x := uintptr(unsafe.Pointer(p)) ++ return (*C.uintptr_t)(unsafe.Pointer(x ^ 0)) ++} ++ ++func CFDataCreate(allocator CFAllocatorRef, bytes []uint8) CFDataRef { ++ return C._mkcgo_CFDataCreate(allocator, (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(bytes))), CFIndex(len(bytes))) ++} ++ ++func CFDataGetBytePtr(data CFDataRef) *uint8 { ++ return (*uint8)(unsafe.Pointer(C._mkcgo_CFDataGetBytePtr(data))) ++} ++ ++func CFDataGetLength(data CFDataRef) CFIndex { ++ return C._mkcgo_CFDataGetLength(data) ++} ++ ++func CFDictionaryCreate(allocator CFAllocatorRef, keys *unsafe.Pointer, values *unsafe.Pointer, numValues CFIndex, keyCallBacks *CFDictionaryKeyCallBacks, valueCallBacks *CFDictionaryValueCallBacks) CFDictionaryRef { ++ return C._mkcgo_CFDictionaryCreate(allocator, keys, values, numValues, keyCallBacks, valueCallBacks) ++} ++ ++func CFDictionaryCreateMutable(allocator CFAllocatorRef, capacity CFIndex, keyCallBacks *CFDictionaryKeyCallBacks, valueCallBacks *CFDictionaryValueCallBacks) CFMutableDictionaryRef { ++ return C._mkcgo_CFDictionaryCreateMutable(allocator, capacity, keyCallBacks, valueCallBacks) ++} ++ ++func CFDictionarySetValue(theDict CFMutableDictionaryRef, key unsafe.Pointer, value unsafe.Pointer) { ++ C._mkcgo_CFDictionarySetValue(theDict, key, value) ++} ++ ++func CFErrorCopyDescription(__error CFErrorRef) CFStringRef { ++ return C._mkcgo_CFErrorCopyDescription(__error) ++} ++ ++func CFErrorGetCode(__error CFErrorRef) CFIndex { ++ return C._mkcgo_CFErrorGetCode(__error) ++} ++ ++func CFNumberCreate(allocator CFAllocatorRef, theType CFNumberType, valuePtr unsafe.Pointer) CFNumberRef { ++ return C._mkcgo_CFNumberCreate(allocator, theType, valuePtr) ++} ++ ++func CFRelease(cf CFTypeRef) { ++ C._mkcgo_CFRelease(cf) ++} ++ ++func CFStringGetCStringPtr(str CFStringRef, encoding CFStringEncoding) *byte { ++ return (*byte)(unsafe.Pointer(C._mkcgo_CFStringGetCStringPtr(str, encoding))) ++} ++ ++func CFStringGetLength(str CFStringRef) CFIndex { ++ return C._mkcgo_CFStringGetLength(str) ++} ++ ++func SecKeyCopyExternalRepresentation(key SecKeyRef, __error *CFErrorRef) CFDataRef { ++ return C._mkcgo_SecKeyCopyExternalRepresentation(key, __error) ++} ++ ++func SecKeyCopyPublicKey(key SecKeyRef) SecKeyRef { ++ return C._mkcgo_SecKeyCopyPublicKey(key) ++} ++ ++func SecKeyCreateDecryptedData(key SecKeyRef, algorithm SecKeyAlgorithm, ciphertext CFDataRef, __error *CFErrorRef) CFDataRef { ++ return C._mkcgo_SecKeyCreateDecryptedData(key, algorithm, ciphertext, __error) ++} ++ ++func SecKeyCreateEncryptedData(key SecKeyRef, algorithm SecKeyAlgorithm, plaintext CFDataRef, __error *CFErrorRef) CFDataRef { ++ return C._mkcgo_SecKeyCreateEncryptedData(key, algorithm, plaintext, __error) ++} ++ ++func SecKeyCreateRandomKey(parameters CFDictionaryRef, __error *CFErrorRef) SecKeyRef { ++ return C._mkcgo_SecKeyCreateRandomKey(parameters, __error) ++} ++ ++func SecKeyCreateSignature(key SecKeyRef, algorithm SecKeyAlgorithm, data CFDataRef, __error *CFErrorRef) CFDataRef { ++ return C._mkcgo_SecKeyCreateSignature(key, algorithm, data, __error) ++} ++ ++func SecKeyCreateWithData(keyData CFDataRef, attributes CFDictionaryRef, __error *CFErrorRef) SecKeyRef { ++ return C._mkcgo_SecKeyCreateWithData(keyData, attributes, __error) ++} ++ ++func SecKeyGetBlockSize(key SecKeyRef) int { ++ return int(C._mkcgo_SecKeyGetBlockSize(key)) ++} ++ ++func SecKeyIsAlgorithmSupported(key SecKeyRef, operation SecKeyOperationType, algorithm SecKeyAlgorithm) Boolean { ++ return C._mkcgo_SecKeyIsAlgorithmSupported(key, operation, algorithm) ++} ++ ++func SecKeyVerifySignature(key SecKeyRef, algorithm SecKeyAlgorithm, signedData CFDataRef, signature CFDataRef, __error *CFErrorRef) Boolean { ++ return C._mkcgo_SecKeyVerifySignature(key, algorithm, signedData, signature, __error) ++} ++ ++func SecRandomCopyBytes(rnd SecRandomRef, bytes []byte) int32 { ++ return int32(C._mkcgo_SecRandomCopyBytes(rnd, C.size_t(len(bytes)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(bytes))))) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_nocgo.go +new file mode 100644 +index 00000000000000..7e5d52ef2d3c63 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_nocgo.go +@@ -0,0 +1,466 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++//go:build !cgo ++ ++package security ++ ++import ( ++ "runtime" ++ "unsafe" ++) ++ ++var _ = runtime.GOOS ++ ++var _mkcgoAlwaysFalseSecurity bool ++var _mkcgoEscapeSinkSecurity unsafe.Pointer ++ ++// mkcgoEscapePtrSecurity forces p to escape to the heap. ++// This implementation is also used in the standard library: ++// https://github.com/golang/go/blob/f71432d223eeb2139b460957817400750fd13655/src/internal/abi/escape.go#L24-L33 ++func mkcgoEscapePtrSecurity(p unsafe.Pointer) unsafe.Pointer { ++ if _mkcgoAlwaysFalseSecurity { ++ _mkcgoEscapeSinkSecurity = p ++ } ++ return p ++} ++ ++type Boolean = byte ++type SecRandomRef unsafe.Pointer ++type SecKeyRef unsafe.Pointer ++type CFDataRef unsafe.Pointer ++type CFTypeRef unsafe.Pointer ++type CFStringRef unsafe.Pointer ++type CFDictionaryRef unsafe.Pointer ++type CFMutableDictionaryRef unsafe.Pointer ++type CFNumberRef unsafe.Pointer ++type CFErrorRef unsafe.Pointer ++type CFAllocatorRef unsafe.Pointer ++type CFDictionaryKeyCallBacks unsafe.Pointer ++type CFDictionaryValueCallBacks unsafe.Pointer ++type CFIndex = int64 ++type SecKeyAlgorithm = CFStringRef ++ ++type SecKeyOperationType int32 ++type CFStringEncoding int32 ++type CFNumberType int32 ++ ++//go:cgo_import_dynamic _mkcgo_kCFAllocatorDefault kCFAllocatorDefault "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" ++//go:cgo_import_dynamic _mkcgo_kSecRandomDefault kSecRandomDefault "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecAttrKeyTypeRSA kSecAttrKeyTypeRSA "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecAttrKeyClassPublic kSecAttrKeyClassPublic "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecAttrKeyClassPrivate kSecAttrKeyClassPrivate "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecAttrKeyType kSecAttrKeyType "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecAttrKeySizeInBits kSecAttrKeySizeInBits "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecAttrKeyClass kSecAttrKeyClass "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 kSecKeyAlgorithmRSASignatureDigestPSSSHA1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 kSecKeyAlgorithmRSASignatureDigestPSSSHA224 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 kSecKeyAlgorithmRSASignatureDigestPSSSHA256 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 kSecKeyAlgorithmRSASignatureDigestPSSSHA384 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 kSecKeyAlgorithmRSASignatureDigestPSSSHA512 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw kSecKeyAlgorithmRSAEncryptionRaw "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 kSecKeyAlgorithmRSAEncryptionPKCS1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 kSecKeyAlgorithmRSAEncryptionOAEPSHA1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 kSecKeyAlgorithmRSAEncryptionOAEPSHA224 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 kSecKeyAlgorithmRSAEncryptionOAEPSHA256 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 kSecKeyAlgorithmRSAEncryptionOAEPSHA384 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 kSecKeyAlgorithmRSAEncryptionOAEPSHA512 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 kSecKeyAlgorithmECDSASignatureDigestX962 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++ ++//go:linkname _mkcgo_kCFAllocatorDefault _mkcgo_kCFAllocatorDefault ++//go:linkname _mkcgo_kSecRandomDefault _mkcgo_kSecRandomDefault ++//go:linkname _mkcgo_kSecAttrKeyTypeRSA _mkcgo_kSecAttrKeyTypeRSA ++//go:linkname _mkcgo_kSecAttrKeyClassPublic _mkcgo_kSecAttrKeyClassPublic ++//go:linkname _mkcgo_kSecAttrKeyClassPrivate _mkcgo_kSecAttrKeyClassPrivate ++//go:linkname _mkcgo_kSecAttrKeyType _mkcgo_kSecAttrKeyType ++//go:linkname _mkcgo_kSecAttrKeySizeInBits _mkcgo_kSecAttrKeySizeInBits ++//go:linkname _mkcgo_kSecAttrKeyClass _mkcgo_kSecAttrKeyClass ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw ++//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw ++//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 ++//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 ++//go:linkname _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 ++ ++var ( ++ _mkcgo_kCFAllocatorDefault CFAllocatorRef ++ _mkcgo_kSecRandomDefault SecRandomRef ++ _mkcgo_kSecAttrKeyTypeRSA CFStringRef ++ _mkcgo_kSecAttrKeyClassPublic CFStringRef ++ _mkcgo_kSecAttrKeyClassPrivate CFStringRef ++ _mkcgo_kSecAttrKeyType CFStringRef ++ _mkcgo_kSecAttrKeySizeInBits CFStringRef ++ _mkcgo_kSecAttrKeyClass CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 CFStringRef ++ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 CFStringRef ++ _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 CFStringRef ++) ++ ++//go:noinline ++func _mkcgo_addr_kCFAllocatorDefault() *CFAllocatorRef { return &_mkcgo_kCFAllocatorDefault } ++ ++//go:noinline ++func _mkcgo_addr_kSecRandomDefault() *SecRandomRef { return &_mkcgo_kSecRandomDefault } ++ ++//go:noinline ++func _mkcgo_addr_kSecAttrKeyTypeRSA() *CFStringRef { return &_mkcgo_kSecAttrKeyTypeRSA } ++ ++//go:noinline ++func _mkcgo_addr_kSecAttrKeyClassPublic() *CFStringRef { return &_mkcgo_kSecAttrKeyClassPublic } ++ ++//go:noinline ++func _mkcgo_addr_kSecAttrKeyClassPrivate() *CFStringRef { return &_mkcgo_kSecAttrKeyClassPrivate } ++ ++//go:noinline ++func _mkcgo_addr_kSecAttrKeyType() *CFStringRef { return &_mkcgo_kSecAttrKeyType } ++ ++//go:noinline ++func _mkcgo_addr_kSecAttrKeySizeInBits() *CFStringRef { return &_mkcgo_kSecAttrKeySizeInBits } ++ ++//go:noinline ++func _mkcgo_addr_kSecAttrKeyClass() *CFStringRef { return &_mkcgo_kSecAttrKeyClass } ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA1() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA224() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA256() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA384() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA512() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionRaw() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionRaw ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionPKCS1() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA1() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA224() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA256() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA384() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA512() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 ++} ++ ++//go:noinline ++func _mkcgo_addr_kSecKeyAlgorithmECDSASignatureDigestX962() *CFStringRef { ++ return &_mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 ++} ++ ++var ( ++ KCFAllocatorDefault CFAllocatorRef = *_mkcgo_addr_kCFAllocatorDefault() ++ KSecRandomDefault SecRandomRef = *_mkcgo_addr_kSecRandomDefault() ++ KSecAttrKeyTypeRSA CFStringRef = *_mkcgo_addr_kSecAttrKeyTypeRSA() ++ KSecAttrKeyClassPublic CFStringRef = *_mkcgo_addr_kSecAttrKeyClassPublic() ++ KSecAttrKeyClassPrivate CFStringRef = *_mkcgo_addr_kSecAttrKeyClassPrivate() ++ KSecAttrKeyType CFStringRef = *_mkcgo_addr_kSecAttrKeyType() ++ KSecAttrKeySizeInBits CFStringRef = *_mkcgo_addr_kSecAttrKeySizeInBits() ++ KSecAttrKeyClass CFStringRef = *_mkcgo_addr_kSecAttrKeyClass() ++ KSecKeyAlgorithmRSASignatureDigestPSSSHA1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA1() ++ KSecKeyAlgorithmRSASignatureDigestPSSSHA224 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA224() ++ KSecKeyAlgorithmRSASignatureDigestPSSSHA256 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA256() ++ KSecKeyAlgorithmRSASignatureDigestPSSSHA384 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA384() ++ KSecKeyAlgorithmRSASignatureDigestPSSSHA512 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA512() ++ KSecKeyAlgorithmRSAEncryptionRaw CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionRaw() ++ KSecKeyAlgorithmRSAEncryptionPKCS1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionPKCS1() ++ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1() ++ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224() ++ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256() ++ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384() ++ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512() ++ KSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw() ++ KSecKeyAlgorithmRSAEncryptionOAEPSHA1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA1() ++ KSecKeyAlgorithmRSAEncryptionOAEPSHA224 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA224() ++ KSecKeyAlgorithmRSAEncryptionOAEPSHA256 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA256() ++ KSecKeyAlgorithmRSAEncryptionOAEPSHA384 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA384() ++ KSecKeyAlgorithmRSAEncryptionOAEPSHA512 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA512() ++ KSecKeyAlgorithmECDSASignatureDigestX962 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmECDSASignatureDigestX962() ++) ++ ++//go:cgo_import_dynamic _mkcgo_CFDataCreate CFDataCreate "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" ++//go:cgo_import_dynamic _mkcgo_CFDataGetBytePtr CFDataGetBytePtr "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" ++//go:cgo_import_dynamic _mkcgo_CFDataGetLength CFDataGetLength "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" ++//go:cgo_import_dynamic _mkcgo_CFDictionaryCreate CFDictionaryCreate "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" ++//go:cgo_import_dynamic _mkcgo_CFDictionaryCreateMutable CFDictionaryCreateMutable "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" ++//go:cgo_import_dynamic _mkcgo_CFDictionarySetValue CFDictionarySetValue "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" ++//go:cgo_import_dynamic _mkcgo_CFErrorCopyDescription CFErrorCopyDescription "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" ++//go:cgo_import_dynamic _mkcgo_CFErrorGetCode CFErrorGetCode "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" ++//go:cgo_import_dynamic _mkcgo_CFNumberCreate CFNumberCreate "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" ++//go:cgo_import_dynamic _mkcgo_CFRelease CFRelease "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" ++//go:cgo_import_dynamic _mkcgo_CFStringGetCStringPtr CFStringGetCStringPtr "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" ++//go:cgo_import_dynamic _mkcgo_CFStringGetLength CFStringGetLength "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" ++//go:cgo_import_dynamic _mkcgo_SecKeyCopyExternalRepresentation SecKeyCopyExternalRepresentation "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_SecKeyCopyPublicKey SecKeyCopyPublicKey "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_SecKeyCreateDecryptedData SecKeyCreateDecryptedData "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_SecKeyCreateEncryptedData SecKeyCreateEncryptedData "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_SecKeyCreateRandomKey SecKeyCreateRandomKey "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_SecKeyCreateSignature SecKeyCreateSignature "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_SecKeyCreateWithData SecKeyCreateWithData "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_SecKeyGetBlockSize SecKeyGetBlockSize "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_SecKeyIsAlgorithmSupported SecKeyIsAlgorithmSupported "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_SecKeyVerifySignature SecKeyVerifySignature "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++//go:cgo_import_dynamic _mkcgo_SecRandomCopyBytes SecRandomCopyBytes "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++ ++var _mkcgo_CFDataCreate_trampoline_addr uintptr ++ ++func CFDataCreate(allocator CFAllocatorRef, bytes []uint8) CFDataRef { ++ r0, _ := syscallN(0, _mkcgo_CFDataCreate_trampoline_addr, uintptr(allocator), uintptr(unsafe.Pointer(unsafe.SliceData(bytes))), uintptr(len(bytes))) ++ return CFDataRef(r0) ++} ++ ++var _mkcgo_CFDataGetBytePtr_trampoline_addr uintptr ++ ++func CFDataGetBytePtr(data CFDataRef) *uint8 { ++ r0, _ := syscallN(0, _mkcgo_CFDataGetBytePtr_trampoline_addr, uintptr(data)) ++ return (*uint8)(unsafe.Pointer(r0)) ++} ++ ++var _mkcgo_CFDataGetLength_trampoline_addr uintptr ++ ++func CFDataGetLength(data CFDataRef) CFIndex { ++ r0, _ := syscallN(0, _mkcgo_CFDataGetLength_trampoline_addr, uintptr(data)) ++ return CFIndex(r0) ++} ++ ++var _mkcgo_CFDictionaryCreate_trampoline_addr uintptr ++ ++func CFDictionaryCreate(allocator CFAllocatorRef, keys *unsafe.Pointer, values *unsafe.Pointer, numValues CFIndex, keyCallBacks *CFDictionaryKeyCallBacks, valueCallBacks *CFDictionaryValueCallBacks) CFDictionaryRef { ++ r0, _ := syscallN(0, _mkcgo_CFDictionaryCreate_trampoline_addr, uintptr(allocator), uintptr(mkcgoEscapePtrSecurity(unsafe.Pointer(keys))), uintptr(mkcgoEscapePtrSecurity(unsafe.Pointer(values))), uintptr(numValues), uintptr(mkcgoEscapePtrSecurity(unsafe.Pointer(keyCallBacks))), uintptr(mkcgoEscapePtrSecurity(unsafe.Pointer(valueCallBacks)))) ++ return CFDictionaryRef(r0) ++} ++ ++var _mkcgo_CFDictionaryCreateMutable_trampoline_addr uintptr ++ ++func CFDictionaryCreateMutable(allocator CFAllocatorRef, capacity CFIndex, keyCallBacks *CFDictionaryKeyCallBacks, valueCallBacks *CFDictionaryValueCallBacks) CFMutableDictionaryRef { ++ r0, _ := syscallN(0, _mkcgo_CFDictionaryCreateMutable_trampoline_addr, uintptr(allocator), uintptr(capacity), uintptr(mkcgoEscapePtrSecurity(unsafe.Pointer(keyCallBacks))), uintptr(mkcgoEscapePtrSecurity(unsafe.Pointer(valueCallBacks)))) ++ return CFMutableDictionaryRef(r0) ++} ++ ++var _mkcgo_CFDictionarySetValue_trampoline_addr uintptr ++ ++func CFDictionarySetValue(theDict CFMutableDictionaryRef, key unsafe.Pointer, value unsafe.Pointer) { ++ syscallN(0, _mkcgo_CFDictionarySetValue_trampoline_addr, uintptr(theDict), uintptr(key), uintptr(value)) ++} ++ ++var _mkcgo_CFErrorCopyDescription_trampoline_addr uintptr ++ ++func CFErrorCopyDescription(__error CFErrorRef) CFStringRef { ++ r0, _ := syscallN(0, _mkcgo_CFErrorCopyDescription_trampoline_addr, uintptr(__error)) ++ return CFStringRef(r0) ++} ++ ++var _mkcgo_CFErrorGetCode_trampoline_addr uintptr ++ ++func CFErrorGetCode(__error CFErrorRef) CFIndex { ++ r0, _ := syscallN(0, _mkcgo_CFErrorGetCode_trampoline_addr, uintptr(__error)) ++ return CFIndex(r0) ++} ++ ++var _mkcgo_CFNumberCreate_trampoline_addr uintptr ++ ++func CFNumberCreate(allocator CFAllocatorRef, theType CFNumberType, valuePtr unsafe.Pointer) CFNumberRef { ++ r0, _ := syscallN(0, _mkcgo_CFNumberCreate_trampoline_addr, uintptr(allocator), uintptr(theType), uintptr(valuePtr)) ++ return CFNumberRef(r0) ++} ++ ++var _mkcgo_CFRelease_trampoline_addr uintptr ++ ++func CFRelease(cf CFTypeRef) { ++ syscallN(0, _mkcgo_CFRelease_trampoline_addr, uintptr(cf)) ++} ++ ++var _mkcgo_CFStringGetCStringPtr_trampoline_addr uintptr ++ ++func CFStringGetCStringPtr(str CFStringRef, encoding CFStringEncoding) *byte { ++ r0, _ := syscallN(0, _mkcgo_CFStringGetCStringPtr_trampoline_addr, uintptr(str), uintptr(encoding)) ++ return (*byte)(unsafe.Pointer(r0)) ++} ++ ++var _mkcgo_CFStringGetLength_trampoline_addr uintptr ++ ++func CFStringGetLength(str CFStringRef) CFIndex { ++ r0, _ := syscallN(0, _mkcgo_CFStringGetLength_trampoline_addr, uintptr(str)) ++ return CFIndex(r0) ++} ++ ++var _mkcgo_SecKeyCopyExternalRepresentation_trampoline_addr uintptr ++ ++func SecKeyCopyExternalRepresentation(key SecKeyRef, __error *CFErrorRef) CFDataRef { ++ r0, _ := syscallN(0, _mkcgo_SecKeyCopyExternalRepresentation_trampoline_addr, uintptr(key), uintptr(unsafe.Pointer(__error))) ++ return CFDataRef(r0) ++} ++ ++var _mkcgo_SecKeyCopyPublicKey_trampoline_addr uintptr ++ ++func SecKeyCopyPublicKey(key SecKeyRef) SecKeyRef { ++ r0, _ := syscallN(0, _mkcgo_SecKeyCopyPublicKey_trampoline_addr, uintptr(key)) ++ return SecKeyRef(r0) ++} ++ ++var _mkcgo_SecKeyCreateDecryptedData_trampoline_addr uintptr ++ ++func SecKeyCreateDecryptedData(key SecKeyRef, algorithm SecKeyAlgorithm, ciphertext CFDataRef, __error *CFErrorRef) CFDataRef { ++ r0, _ := syscallN(0, _mkcgo_SecKeyCreateDecryptedData_trampoline_addr, uintptr(key), uintptr(algorithm), uintptr(ciphertext), uintptr(unsafe.Pointer(__error))) ++ return CFDataRef(r0) ++} ++ ++var _mkcgo_SecKeyCreateEncryptedData_trampoline_addr uintptr ++ ++func SecKeyCreateEncryptedData(key SecKeyRef, algorithm SecKeyAlgorithm, plaintext CFDataRef, __error *CFErrorRef) CFDataRef { ++ r0, _ := syscallN(0, _mkcgo_SecKeyCreateEncryptedData_trampoline_addr, uintptr(key), uintptr(algorithm), uintptr(plaintext), uintptr(unsafe.Pointer(__error))) ++ return CFDataRef(r0) ++} ++ ++var _mkcgo_SecKeyCreateRandomKey_trampoline_addr uintptr ++ ++func SecKeyCreateRandomKey(parameters CFDictionaryRef, __error *CFErrorRef) SecKeyRef { ++ r0, _ := syscallN(0, _mkcgo_SecKeyCreateRandomKey_trampoline_addr, uintptr(parameters), uintptr(unsafe.Pointer(__error))) ++ return SecKeyRef(r0) ++} ++ ++var _mkcgo_SecKeyCreateSignature_trampoline_addr uintptr ++ ++func SecKeyCreateSignature(key SecKeyRef, algorithm SecKeyAlgorithm, data CFDataRef, __error *CFErrorRef) CFDataRef { ++ r0, _ := syscallN(0, _mkcgo_SecKeyCreateSignature_trampoline_addr, uintptr(key), uintptr(algorithm), uintptr(data), uintptr(unsafe.Pointer(__error))) ++ return CFDataRef(r0) ++} ++ ++var _mkcgo_SecKeyCreateWithData_trampoline_addr uintptr ++ ++func SecKeyCreateWithData(keyData CFDataRef, attributes CFDictionaryRef, __error *CFErrorRef) SecKeyRef { ++ r0, _ := syscallN(0, _mkcgo_SecKeyCreateWithData_trampoline_addr, uintptr(keyData), uintptr(attributes), uintptr(unsafe.Pointer(__error))) ++ return SecKeyRef(r0) ++} ++ ++var _mkcgo_SecKeyGetBlockSize_trampoline_addr uintptr ++ ++func SecKeyGetBlockSize(key SecKeyRef) int { ++ r0, _ := syscallN(0, _mkcgo_SecKeyGetBlockSize_trampoline_addr, uintptr(key)) ++ return int(r0) ++} ++ ++var _mkcgo_SecKeyIsAlgorithmSupported_trampoline_addr uintptr ++ ++func SecKeyIsAlgorithmSupported(key SecKeyRef, operation SecKeyOperationType, algorithm SecKeyAlgorithm) Boolean { ++ r0, _ := syscallN(0, _mkcgo_SecKeyIsAlgorithmSupported_trampoline_addr, uintptr(key), uintptr(operation), uintptr(algorithm)) ++ return Boolean(r0) ++} ++ ++var _mkcgo_SecKeyVerifySignature_trampoline_addr uintptr ++ ++func SecKeyVerifySignature(key SecKeyRef, algorithm SecKeyAlgorithm, signedData CFDataRef, signature CFDataRef, __error *CFErrorRef) Boolean { ++ r0, _ := syscallN(0, _mkcgo_SecKeyVerifySignature_trampoline_addr, uintptr(key), uintptr(algorithm), uintptr(signedData), uintptr(signature), uintptr(unsafe.Pointer(__error))) ++ return Boolean(r0) ++} ++ ++var _mkcgo_SecRandomCopyBytes_trampoline_addr uintptr ++ ++func SecRandomCopyBytes(rnd SecRandomRef, bytes []byte) int32 { ++ r0, _ := syscallN(0, _mkcgo_SecRandomCopyBytes_trampoline_addr, uintptr(rnd), uintptr(len(bytes)), uintptr(unsafe.Pointer(unsafe.SliceData(bytes)))) ++ return int32(r0) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/asm_amd64.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/asm_amd64.s +new file mode 100644 +index 00000000000000..512d8087daf527 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/asm_amd64.s +@@ -0,0 +1,120 @@ ++// Copyright 2009 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo ++ ++#include "go_asm.h" ++#include "textflag.h" ++ ++TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $16 ++#ifdef GOOS_windows ++ MOVQ CX, 0(SP) ++ ++#else ++ MOVQ DI, 0(SP) ++ ++#endif ++ CALL ·syscallNSystemStack(SB) ++ RET ++ ++#ifdef GOOS_windows ++#define RegArgsN 4 ++#else ++#define RegArgsN 6 ++#endif ++ ++TEXT ·syscallNAsm(SB), NOSPLIT, $16-8 ++ // Load pointer from stack (ABI0 calling convention) ++ // Store argument and original SP in a callee-saved register ++ MOVQ libcArgs+0(FP), R13 ++ MOVQ SP, R14 ++ ++ // Align stack to 16 bytes ++ ANDQ $~15, SP ++ ++ MOVQ libcCallInfo_fn(R13), R11 ++ MOVQ libcCallInfo_n(R13), CX ++ MOVQ libcCallInfo_args(R13), R10 ++ ++ // Fast version, do not store args on the stack. ++ CMPL CX, $0; JE _0args ++ CMPL CX, $1; JE _1args ++ CMPL CX, $2; JE _2args ++ CMPL CX, $3; JE _3args ++ CMPL CX, $4; JE _4args ++ ++#ifndef GOOS_windows // Windows does not pass more than 4 args in registers ++ CMPL CX, $5; JE _5args ++ CMPL CX, $6; JE _6args ++ ++#endif ++ ++ // Reserve stack space for remaining args ++ MOVQ CX, R12 ++ SUBQ $RegArgsN, R12 ++ ADDQ $1, R12 // make even number of words for stack alignment ++ ANDQ $~1, R12 ++ SHLQ $3, R12 ++ SUBQ R12, SP ++ ++ // Copy args to the stack. ++ // CX: count of stack arguments (n-RegArgsN) ++ // SI: &args[RegArgsN] ++ // DI: copy of RSP ++ SUBQ $RegArgsN, CX ++ MOVQ R10, SI ++ ADDQ $(8*RegArgsN), SI ++ MOVQ SP, DI ++ CLD ++ REP; MOVSQ ++ ++#ifndef GOOS_windows ++_6args: ++ MOVQ (5*8)(R10), R9 ++ ++_5args: ++ MOVQ (4*8)(R10), R8 ++ ++#endif ++_4args: ++ MOVQ (3*8)(R10), CX ++ ++_3args: ++ MOVQ (2*8)(R10), DX ++ ++_2args: ++ MOVQ (1*8)(R10), SI ++ ++_1args: ++ MOVQ (0*8)(R10), DI ++ ++_0args: ++ ++ XORL AX, AX // vararg: say "no float args" ++ ++#ifdef GOOS_windows ++ // Windows x64 syscall ABI: first four integer args in CX, DX, R8, R9 ++ // and 32 bytes of shadow space on the stack. ++ ADJSP $32 ++ MOVQ CX, R9 ++ MOVQ DX, R8 ++ MOVQ SI, DX ++ MOVQ DI, CX ++ ++#endif ++ ++ CALL R11 ++ ++#ifdef GOOS_windows ++ ADJSP $-32 ++ ++#endif ++ ++ MOVQ R14, SP // free stack space ++ ++ // Return result. ++ MOVQ AX, libcCallInfo_r1(R13) ++ MOVQ DX, libcCallInfo_r2(R13) ++ ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/asm_arm64.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/asm_arm64.s +new file mode 100644 +index 00000000000000..261a7e4cb90d56 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/asm_arm64.s +@@ -0,0 +1,97 @@ ++// Copyright 2015 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo ++ ++#include "go_asm.h" ++#include "textflag.h" ++ ++TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $16 ++ MOVD R0, 8(RSP) ++ CALL ·syscallNSystemStack(SB) ++ RET ++ ++TEXT ·syscallNAsm(SB), NOSPLIT, $0-16 ++ // Save original stack pointer ++ MOVD RSP, R20 ++ ++ // Load pointer from stack (ABI0 calling convention) ++ MOVD libcArgs+0(FP), R3 ++ ++ MOVD libcCallInfo_args(R3), R12 ++ MOVD libcCallInfo_fn(R3), R13 ++ ++ // Do we have more than 8 arguments? ++ MOVD libcCallInfo_n(R3), R0 ++ CMP $0, R0; BEQ _0args ++ CMP $1, R0; BEQ _1args ++ CMP $2, R0; BEQ _2args ++ CMP $3, R0; BEQ _3args ++ CMP $4, R0; BEQ _4args ++ CMP $5, R0; BEQ _5args ++ CMP $6, R0; BEQ _6args ++ CMP $7, R0; BEQ _7args ++ CMP $8, R0; BEQ _8args ++ ++ // Reserve stack space for remaining args ++ SUB $8, R0, R2 ++ ADD $1, R2, R3 // make even number of words for stack alignment ++ AND $~1, R3 ++ LSL $3, R3 ++ SUB R3, RSP ++ ++ // R4: size of stack arguments (n-8)*8 ++ // R5: &args[8] ++ // R6: loop counter, from 0 to (n-8)*8 ++ // R7: scratch ++ // R8: copy of RSP - (R2)(RSP) assembles as (R2)(ZR) ++ SUB $8, R0, R4 ++ LSL $3, R4 ++ ADD $(8*8), R12, R5 ++ MOVD $0, R6 ++ MOVD RSP, R8 ++ ++stackargs: ++ MOVD (R6)(R5), R7 ++ MOVD R7, (R6)(R8) ++ ADD $8, R6 ++ CMP R6, R4 ++ BNE stackargs ++ ++_8args: ++ MOVD (7*8)(R12), R7 ++ ++_7args: ++ MOVD (6*8)(R12), R6 ++ ++_6args: ++ MOVD (5*8)(R12), R5 ++ ++_5args: ++ MOVD (4*8)(R12), R4 ++ ++_4args: ++ MOVD (3*8)(R12), R3 ++ ++_3args: ++ MOVD (2*8)(R12), R2 ++ ++_2args: ++ MOVD (1*8)(R12), R1 ++ ++_1args: ++ MOVD (0*8)(R12), R0 ++ ++_0args: ++ ++ BL (R13) ++ ++ // Restore original stack pointer ++ MOVD R20, RSP ++ ++ MOVD libcArgs+0(FP), R3 ++ MOVD R0, libcCallInfo_r1(R3) // save r1 ++ MOVD R1, libcCallInfo_r2(R3) // save r2 ++ ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo.go +new file mode 100644 +index 00000000000000..a9ad56e22fa2ac +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo.go +@@ -0,0 +1,72 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build !cgo && (amd64 || arm64) ++ ++package xsyscall ++ ++import ( ++ "unsafe" ++) ++ ++//go:linkname runtime_cgocall runtime.cgocall ++ ++//go:noescape ++func runtime_cgocall(fn uintptr, arg unsafe.Pointer) int32 // from runtime/sys_libc.go ++ ++//go:linkname noescape ++//go:nosplit ++func noescape(p unsafe.Pointer) unsafe.Pointer { ++ x := uintptr(p) ++ return unsafe.Pointer(x ^ 0) ++} ++ ++type libcCallInfo struct { ++ fn uintptr ++ n uintptr // number of parameters ++ args uintptr // parameters ++ r1, r2 uintptr // return values ++ errType uintptr ++} ++ ++//go:noescape ++func syscallNAsm(libcArgs *libcCallInfo) ++ ++// syscallNSystemStack performs a syscall on the system stack. ++// It can't allocate Go memory nor grow the stack over the nosplit limit. ++// ++//go:nosplit ++func syscallNSystemStack(libcArgs *libcCallInfo) { ++ syscallNAsm(libcArgs) ++} ++ ++var syscallNSystemStack_trampoline byte ++var syscallNSystemStackABIInternal = uintptr(unsafe.Pointer(&syscallNSystemStack_trampoline)) ++ ++// SyscallN performs a syscall with the given function and arguments. ++// ++// All its parameters and return values must be uintptr in order ++// for the Go compiler to automatically set the //go:uintptrkeepalive ++// directive (which we can't set manually here). ++// See https://github.com/golang/go/blob/9a5a1202f4c4d5a7048b149b65c3e5b82a2de9aa/src/cmd/compile/internal/escape/call.go#L275. ++// ++//go:nosplit ++func SyscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { ++ libcArgs := libcCallInfo{ ++ fn: fn, ++ n: uintptr(len(args)), ++ errType: errType, ++ } ++ if libcArgs.n != 0 { ++ libcArgs.args = uintptr(noescape(unsafe.Pointer(&args[0]))) ++ } ++ runtime_cgocall(syscallNSystemStackABIInternal, unsafe.Pointer(&libcArgs)) ++ return libcArgs.r1, libcArgs.r2 ++} ++ ++// Shim syscallN calls SyscallN. ++// ++//go:nosplit ++func syscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { ++ return SyscallN(errType, fn, args...) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo_darwin.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo_darwin.go +new file mode 100644 +index 00000000000000..2d4d32fca87fdb +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo_darwin.go +@@ -0,0 +1,10 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build !cgo ++ ++package xsyscall ++ ++import ( ++ _ "github.com/microsoft/go-crypto-darwin/internal/fakecgo" ++) +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo_others.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo_others.go +new file mode 100644 +index 00000000000000..28dba16a23340e +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo_others.go +@@ -0,0 +1,14 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build !cgo && !(amd64 || arm64) ++ ++package xsyscall ++ ++// Implement a mock version of SyscallN for unsupported architectures. ++// This will simply panic to indicate that the syscall is not supported. ++ ++//go:nosplit ++func SyscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { ++ panic("SyscallN is not supported on this architecture") ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go +new file mode 100644 +index 00000000000000..5f005eda956f2c +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go +@@ -0,0 +1,152 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "crypto/cipher" ++ "errors" ++ "slices" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/commoncrypto" ++) ++ ++//go:generate go run github.com/microsoft/go-crypto-darwin/cmd/gentestvectors -out vectors_test.go ++ ++type cipherGCMTLS uint8 ++ ++const ( ++ cipherGCMTLSNone cipherGCMTLS = iota ++ cipherGCMTLS12 ++ cipherGCMTLS13 ++) ++ ++const ( ++ // AES block size is the same for all key sizes ++ aesBlockSize = commoncrypto.KCCBlockSizeAES128 ++ gcmTagSize = 16 ++ gcmStandardNonceSize = 12 ++ // TLS 1.2 additional data is constructed as: ++ // ++ // additional_data = seq_num(8) + TLSCompressed.type(1) + TLSCompressed.version(2) + TLSCompressed.length(2); ++ gcmTls12AddSize = 13 ++ // TLS 1.3 additional data is constructed as: ++ // ++ // additional_data = TLSCiphertext.opaque_type(1) || TLSCiphertext.legacy_record_version(2) || TLSCiphertext.length(2) ++ gcmTls13AddSize = 5 ++ gcmTlsFixedNonceSize = 4 ++) ++ ++type aesCipher struct { ++ key []byte ++ kind commoncrypto.CCAlgorithm ++} ++ ++func NewAESCipher(key []byte) (cipher.Block, error) { ++ var alg commoncrypto.CCAlgorithm ++ switch len(key) { ++ case 16, 24, 32: ++ alg = commoncrypto.KCCAlgorithmAES ++ default: ++ return nil, errors.New("crypto/aes: invalid key size") ++ } ++ c := &aesCipher{ ++ key: slices.Clone(key), ++ kind: alg, ++ } ++ return c, nil ++} ++ ++func (c *aesCipher) BlockSize() int { return aesBlockSize } ++ ++func (c *aesCipher) Encrypt(dst, src []byte) { ++ blockSize := c.BlockSize() ++ if len(src) < blockSize || len(dst) < blockSize { ++ panic("crypto/aes: input or output block is too small") ++ } ++ ++ src, dst = src[:blockSize], dst[:blockSize] ++ ++ if inexactOverlap(dst, src) { ++ panic("crypto/aes: invalid buffer overlap") ++ } ++ ++ status := commoncrypto.CCCrypt( ++ commoncrypto.KCCEncrypt, // Operation ++ commoncrypto.CCAlgorithm(c.kind), // Algorithm ++ 0, // Options ++ c.key, // Key ++ nil, // IV ++ src, // Input ++ dst, // Output ++ nil, // Output length ++ ) ++ if status != commoncrypto.KCCSuccess { ++ panic("crypto/aes: encryption failed") ++ } ++} ++ ++func (c *aesCipher) Decrypt(dst, src []byte) { ++ blockSize := c.BlockSize() ++ if len(src) < blockSize || len(dst) < blockSize { ++ panic("crypto/aes: input or output block is too small") ++ } ++ ++ src, dst = src[:blockSize], dst[:blockSize] ++ ++ if inexactOverlap(dst, src) { ++ panic("crypto/aes: invalid buffer overlap") ++ } ++ ++ status := commoncrypto.CCCrypt( ++ commoncrypto.KCCDecrypt, // Operation ++ commoncrypto.CCAlgorithm(c.kind), // Algorithm ++ 0, // Options ++ c.key, // Key ++ nil, // IV ++ src, // Input ++ dst, // Output ++ nil, // Output length ++ ) ++ if status != commoncrypto.KCCSuccess { ++ panic("crypto/aes: decryption failed") ++ } ++} ++ ++var errOpen = errors.New("cipher: message authentication failed") ++ ++func (c *aesCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { ++ return newCBC(commoncrypto.KCCEncrypt, c.kind, c.key, iv) ++} ++ ++func (c *aesCipher) NewFIPSCBCEncrypter(iv []byte) cipher.BlockMode { ++ return newCBC(commoncrypto.KCCEncrypt, c.kind, c.key, iv) ++} ++ ++func (c *aesCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { ++ return newCBC(commoncrypto.KCCDecrypt, c.kind, c.key, iv) ++} ++ ++func (c *aesCipher) NewFIPSCBCDecrypter(iv []byte) cipher.BlockMode { ++ return newCBC(commoncrypto.KCCDecrypt, c.kind, c.key, iv) ++} ++ ++// sliceForAppend is a mirror of crypto/cipher.sliceForAppend. ++func sliceForAppend(in []byte, n int) (head, tail []byte) { ++ if total := len(in) + n; cap(in) >= total { ++ head = in[:total] ++ } else { ++ head = make([]byte, total) ++ copy(head, in) ++ } ++ tail = head[len(in):] ++ return ++} ++ ++func bigUint64(b []byte) uint64 { ++ _ = b[7] // bounds check hint to compiler; see go.dev/issue/14808 ++ return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | ++ uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go +new file mode 100644 +index 00000000000000..865e22ab6a3dda +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go +@@ -0,0 +1,16 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++package xcrypto ++ ++// This file does not have build constraints to ++// facilitate using BigInt in Go crypto. ++// Go crypto references BigInt unconditionally, ++// even if it is not finally used. ++ ++// A BigInt is the big-endian bytes from a math/big BigInt, ++// which are normalized to remove any leading 0 byte. ++// Windows BCrypt accepts this specific data format. ++// This definition allows us to avoid importing math/big. ++// Conversion between BigInt and *big.Int is in xcrypto/bbig. ++type BigInt []byte +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/chacha20poly1305.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/chacha20poly1305.go +new file mode 100644 +index 00000000000000..b0ad6c0aeaff09 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/chacha20poly1305.go +@@ -0,0 +1,88 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "crypto/cipher" ++ "errors" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++const ( ++ chacha20Poly1305KeySize = 32 ++ chacha20Poly1305NonceSize = 12 ++ chacha20Poly1305Overhead = 16 ++) ++ ++type chacha20poly1305 struct { ++ key [chacha20Poly1305KeySize]byte ++} ++ ++// NewChaCha20Poly1305 returns a ChaCha20-Poly1305 AEAD that uses the given 256-bit key. ++func NewChaCha20Poly1305(key []byte) (cipher.AEAD, error) { ++ if len(key) != chacha20Poly1305KeySize { ++ return nil, errors.New("chacha20poly1305: bad key length") ++ } ++ ret := new(chacha20poly1305) ++ copy(ret.key[:], key) ++ return ret, nil ++} ++ ++func (c *chacha20poly1305) NonceSize() int { ++ return chacha20Poly1305NonceSize ++} ++ ++func (c *chacha20poly1305) Overhead() int { ++ return chacha20Poly1305Overhead ++} ++ ++func (c *chacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte { ++ if len(nonce) != chacha20Poly1305NonceSize { ++ panic("chacha20poly1305: bad nonce length passed to Seal") ++ } ++ if uint64(len(plaintext)) > (1<<38)-64 { ++ panic("chacha20poly1305: plaintext too large") ++ } ++ ret, out := sliceForAppend(dst, len(plaintext)+chacha20Poly1305Overhead) ++ if inexactOverlap(out, plaintext) { ++ panic("chacha20poly1305: invalid buffer overlap of output and input") ++ } ++ if anyOverlap(out, additionalData) { ++ panic("chacha20poly1305: invalid buffer overlap of output and additional data") ++ } ++ tag := out[len(out)-chacha20Poly1305Overhead:] ++ if cryptokit.EncryptChaChaPoly(c.key[:], plaintext, nonce, additionalData, out[:len(plaintext)], tag) != 0 { ++ panic("chacha20poly1305: encryption failed") ++ } ++ return ret ++} ++ ++func (c *chacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { ++ if len(nonce) != chacha20Poly1305NonceSize { ++ panic("chacha20poly1305: bad nonce length passed to Open") ++ } ++ if len(ciphertext) < 16 { ++ return nil, errOpen ++ } ++ if uint64(len(ciphertext)) > (1<<38)-48 { ++ panic("chacha20poly1305: ciphertext too large") ++ } ++ tag := ciphertext[len(ciphertext)-chacha20Poly1305Overhead:] ++ ciphertext = ciphertext[:len(ciphertext)-chacha20Poly1305Overhead] ++ ret, out := sliceForAppend(dst, len(ciphertext)) ++ if inexactOverlap(out, ciphertext) { ++ panic("chacha20poly1305: invalid buffer overlap of output and input") ++ } ++ if anyOverlap(out, additionalData) { ++ panic("chacha20poly1305: invalid buffer overlap of output and additional data") ++ } ++ var outLen int ++ if cryptokit.DecryptChaChaPoly(c.key[:], ciphertext, nonce, additionalData, tag, out, &outLen) != 0 { ++ return nil, errOpen ++ } ++ return ret[:len(dst)+outLen], nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go +new file mode 100644 +index 00000000000000..d4c550b90fafae +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go +@@ -0,0 +1,114 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "runtime" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/commoncrypto" ++) ++ ++type cbcCipher struct { ++ blockSize int ++ cryptor commoncrypto.CCCryptorRef ++} ++ ++func newCBC(operation commoncrypto.CCOperation, kind commoncrypto.CCAlgorithm, key, iv []byte) *cbcCipher { ++ var blockSize int ++ switch kind { ++ case commoncrypto.KCCAlgorithmAES: ++ blockSize = aesBlockSize ++ case commoncrypto.KCCAlgorithmDES, commoncrypto.KCCAlgorithm3DES: ++ blockSize = desBlockSize ++ default: ++ panic("invalid algorithm") ++ } ++ ++ // Create and initialize the cbcMode struct with CCCryptorCreateWithMode here ++ x := &cbcCipher{blockSize: blockSize} ++ status := commoncrypto.CCCryptorCreateWithMode( ++ operation, // Specifies whether encryption or decryption is performed (kCCEncrypt or kCCDecrypt). ++ commoncrypto.KCCModeCBC, // Mode of operation, here explicitly set to CBC (Cipher Block Chaining). ++ commoncrypto.CCAlgorithm(kind), // The encryption algorithm (e.g., kCCAlgorithmAES128, kCCAlgorithmDES). ++ commoncrypto.CcNoPadding, // Padding option, set to no padding; padding can be handled at a higher level if necessary. ++ iv, // Initialization Vector (IV) for the cipher, required for CBC mode. Should be nil for ECB mode. ++ key, // PEncryption key. ++ nil, // Tweak key, used only for XTS mode; here set to nil as it’s not required for CBC. ++ 0, // Number of rounds, mainly for RC2 and Blowfish; not used here, so set to 0. ++ 0, // Mode options for CTR and F8 modes; not used for CBC, so set to 0. ++ &x.cryptor, // Pointer to the CCCryptorRef output, which will hold the state for encryption or decryption. ++ ) ++ ++ if status != commoncrypto.KCCSuccess { ++ panic("crypto/des: CCCryptorCreateWithMode failed") ++ } ++ ++ runtime.SetFinalizer(x, (*cbcCipher).finalize) ++ return x ++ ++} ++ ++func (x *cbcCipher) finalize() { ++ if x.cryptor != nil { ++ commoncrypto.CCCryptorRelease(x.cryptor) ++ x.cryptor = nil ++ } ++} ++ ++func (x *cbcCipher) BlockSize() int { return x.blockSize } ++ ++func (x *cbcCipher) CryptBlocks(dst, src []byte) { ++ if inexactOverlap(dst, src) { ++ panic("crypto/cipher: invalid buffer overlap") ++ } ++ if len(src)%x.blockSize != 0 { ++ panic("crypto/cipher: input not full blocks") ++ } ++ if len(dst) < len(src) { ++ panic("crypto/cipher: output smaller than input") ++ } ++ if len(src) == 0 { ++ return ++ } ++ var outLength int ++ status := commoncrypto.CCCryptorUpdate( ++ x.cryptor, // CCCryptorRef created by CCCryptorCreateWithMode; holds the encryption/decryption state. ++ src, // Input data (source buffer) to be encrypted or decrypted. ++ dst, // Output buffer (destination buffer) where the result will be stored. ++ &outLength, // Pointer to a variable that will contain the number of bytes written to the output buffer. ++ ) ++ if status != commoncrypto.KCCSuccess { ++ panic("crypto/cipher: CCCryptorUpdate failed") ++ } ++ runtime.KeepAlive(x) ++} ++ ++func (x *cbcCipher) SetIV(iv []byte) { ++ if len(iv) != x.blockSize { ++ panic("crypto/cipher: incorrect IV length") ++ } ++ status := commoncrypto.CCCryptorReset(x.cryptor, iv) ++ if status != commoncrypto.KCCSuccess { ++ panic("crypto/cipher: CCCryptorReset failed") ++ } ++ runtime.KeepAlive(x) ++} ++ ++// The following two functions are a mirror of golang.org/x/crypto/internal/subtle. ++ ++func anyOverlap(x, y []byte) bool { ++ return len(x) > 0 && len(y) > 0 && ++ uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) && ++ uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1])) ++} ++ ++func inexactOverlap(x, y []byte) bool { ++ if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] { ++ return false ++ } ++ return anyOverlap(x, y) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go +new file mode 100644 +index 00000000000000..c27d6db4fe472a +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go +@@ -0,0 +1,111 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "crypto/cipher" ++ "errors" ++ "slices" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/commoncrypto" ++) ++ ++const desBlockSize = commoncrypto.KCCBlockSizeDES ++ ++type desCipher struct { ++ key []byte ++ kind commoncrypto.CCAlgorithm ++} ++ ++// NewDESCipher creates a new DES cipher block using the specified key (8 bytes). ++func NewDESCipher(key []byte) (cipher.Block, error) { ++ if len(key) != 8 { ++ return nil, errors.New("crypto/des: invalid key size for DES") ++ } ++ ++ c := &desCipher{ ++ key: slices.Clone(key), ++ kind: commoncrypto.KCCAlgorithmDES, ++ } ++ return c, nil ++} ++ ++// NewTripleDESCipher creates a new 3DES cipher block using the specified key (24 bytes). ++func NewTripleDESCipher(key []byte) (cipher.Block, error) { ++ if len(key) != 24 { ++ return nil, errors.New("crypto/des: invalid key size for 3DES") ++ } ++ ++ c := &desCipher{ ++ key: slices.Clone(key), ++ kind: commoncrypto.KCCAlgorithm3DES, ++ } ++ return c, nil ++} ++ ++func (c *desCipher) BlockSize() int { return desBlockSize } ++ ++func (c *desCipher) Encrypt(dst, src []byte) { ++ blockSize := c.BlockSize() ++ if len(src) < blockSize || len(dst) < blockSize { ++ panic("crypto/des: input or output block is too small") ++ } ++ ++ if inexactOverlap(dst[:blockSize], src[:blockSize]) { ++ panic("crypto/des: invalid buffer overlap") ++ } ++ ++ var outLength int ++ status := commoncrypto.CCCrypt( ++ commoncrypto.KCCEncrypt, ++ commoncrypto.CCAlgorithm(c.kind), ++ commoncrypto.KCCOptionECBMode, ++ c.key, ++ nil, ++ src[:blockSize], ++ dst[:blockSize], ++ &outLength, ++ ) ++ if status != commoncrypto.KCCSuccess { ++ panic("crypto/des: encryption failed") ++ } ++} ++ ++func (c *desCipher) Decrypt(dst, src []byte) { ++ blockSize := c.BlockSize() ++ if len(src) < blockSize || len(dst) < blockSize { ++ panic("crypto/des: input or output block is too small") ++ } ++ ++ if inexactOverlap(dst[:blockSize], src[:blockSize]) { ++ panic("crypto/des: invalid buffer overlap") ++ } ++ ++ var outLength int ++ status := commoncrypto.CCCrypt( ++ commoncrypto.KCCDecrypt, ++ commoncrypto.CCAlgorithm(c.kind), ++ commoncrypto.KCCOptionECBMode, ++ c.key, ++ nil, ++ src[:blockSize], ++ dst[:blockSize], ++ &outLength, ++ ) ++ if status != commoncrypto.KCCSuccess { ++ panic("crypto/des: decryption failed") ++ } ++} ++ ++// CBC mode encrypter ++func (c *desCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { ++ return newCBC(commoncrypto.KCCEncrypt, c.kind, c.key, iv) ++} ++ ++// CBC mode decrypter ++func (c *desCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { ++ return newCBC(commoncrypto.KCCDecrypt, c.kind, c.key, iv) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go +new file mode 100644 +index 00000000000000..b14fc4ddb1c235 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go +@@ -0,0 +1,39 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import "errors" ++ ++// curveToID maps a curve name to its corresponding CryptoKit curve ID. ++func curveToID(curve string) (int32, error) { ++ switch curve { ++ case "P-256": ++ return 1, nil ++ case "P-384": ++ return 2, nil ++ case "P-521": ++ return 3, nil ++ case "X25519": ++ return 0, nil ++ default: ++ return -1, errors.New("unsupported curve") ++ } ++} ++ ++func curveToKeySizeInBytes(curve string) int { ++ switch curve { ++ case "P-256": ++ return (256 + 7) / 8 ++ case "P-384": ++ return (384 + 7) / 8 ++ case "P-521": ++ return (521 + 7) / 8 ++ case "X25519": ++ return 32 ++ default: ++ return 0 ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go +new file mode 100644 +index 00000000000000..d59db1be807ac5 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go +@@ -0,0 +1,146 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "errors" ++ "slices" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++type PublicKeyECDH struct { ++ bytes []byte ++} ++ ++type PrivateKeyECDH struct { ++ pub []byte ++ priv []byte // For X25519: the actual private key bytes ++ curve string // Track the curve type ++} ++ ++func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) { ++ if len(bytes) < 1 { ++ return nil, errors.New("NewPublicKeyECDH: missing key") ++ } ++ ++ curveID, err := curveToID(curve) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Validate the public key ++ ret := cryptokit.ValidatePublicKeyECDH(curveID, bytes) ++ if ret != 0 { ++ return nil, errors.New("invalid public key") ++ } ++ ++ // For all curves (including EC curves), we just store the bytes ++ // X25519 uses raw 32-byte format ++ // EC curves use uncompressed X9.63 format (0x04 || x || y) ++ return &PublicKeyECDH{bytes: slices.Clone(bytes)}, nil ++} ++ ++func (k *PublicKeyECDH) Bytes() []byte { return k.bytes } ++ ++// bytes expects the public key to be in uncompressed ANSI X9.63 format ++func NewPrivateKeyECDH(curve string, priv []byte) (*PrivateKeyECDH, error) { ++ curveID, err := curveToID(curve) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Validate the private key ++ ret := cryptokit.ValidatePrivateKeyECDH(curveID, priv) ++ if ret != 0 { ++ return nil, errors.New("invalid private key") ++ } ++ ++ // Derive the public key ++ keySize := curveToKeySizeInBytes(curve) ++ var pubKeySize int ++ if curve == "X25519" { ++ pubKeySize = 32 ++ } else { ++ pubKeySize = 1 + keySize*2 ++ } ++ ++ publicKey := make([]byte, pubKeySize) ++ ret = cryptokit.PublicKeyFromPrivateECDH(curveID, priv, publicKey) ++ if ret != 0 { ++ return nil, errors.New("failed to derive public key") ++ } ++ ++ privKey := &PrivateKeyECDH{ ++ pub: publicKey, ++ priv: slices.Clone(priv), ++ curve: curve, ++ } ++ return privKey, nil ++} ++ ++func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { ++ // For all curves, just return the stored public key bytes ++ return &PublicKeyECDH{ ++ bytes: slices.Clone(k.pub), ++ }, nil ++} ++ ++func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) { ++ if priv == nil || pub == nil { ++ return nil, errors.New("invalid keys") ++ } ++ ++ curveID, err := curveToID(priv.curve) ++ if err != nil { ++ return nil, err ++ } ++ ++ keySize := curveToKeySizeInBytes(priv.curve) ++ sharedSecret := make([]byte, keySize) ++ ++ ret := cryptokit.EcdhSharedSecret(curveID, priv.priv, pub.bytes, sharedSecret) ++ if ret != 0 { ++ return nil, errors.New("ECDH: key exchange failed") ++ } ++ ++ return sharedSecret, nil ++} ++ ++func GenerateKeyECDH(curve string) (*PrivateKeyECDH, []byte, error) { ++ keySize := curveToKeySizeInBytes(curve) ++ if keySize == 0 { ++ return nil, nil, errors.New("unsupported curve") ++ } ++ ++ curveID, err := curveToID(curve) ++ if err != nil { ++ return nil, nil, err ++ } ++ ++ var pubKeySize int ++ if curve == "X25519" { ++ pubKeySize = 32 ++ } else { ++ pubKeySize = 1 + keySize*2 ++ } ++ ++ privateKey := make([]byte, keySize) ++ publicKey := make([]byte, pubKeySize) ++ ++ ret := cryptokit.GenerateKeyECDH(curveID, privateKey, publicKey) ++ if ret != 0 { ++ return nil, nil, errors.New("EC key generation failed") ++ } ++ ++ // Store the public key in X9.63 format and the private key ++ k := &PrivateKeyECDH{ ++ pub: slices.Clone(publicKey), ++ priv: slices.Clone(privateKey), ++ curve: curve, ++ } ++ return k, slices.Clone(privateKey), nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go +new file mode 100644 +index 00000000000000..82d68bfabe9c62 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go +@@ -0,0 +1,154 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "errors" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++type PrivateKeyECDSA struct { ++ x BigInt // public key x coordinate ++ y BigInt // public key y coordinate ++ d BigInt // private key ++ curve string // curve name ++} ++ ++type PublicKeyECDSA struct { ++ x BigInt // public key x coordinate ++ y BigInt // public key y coordinate ++ curve string // curve name ++} ++ ++func NewPublicKeyECDSA(curve string, x, y BigInt) (*PublicKeyECDSA, error) { ++ keySize := curveToKeySizeInBytes(curve) ++ if keySize == 0 { ++ return nil, errors.New("unsupported curve") ++ } ++ // Validate that x and y are of appropriate length ++ if len(x) > keySize || len(y) > keySize { ++ return nil, errors.New("public key coordinates are too large") ++ } ++ pubKey := &PublicKeyECDSA{ ++ x: x, ++ y: y, ++ curve: curve, ++ } ++ return pubKey, nil ++} ++ ++// NewPrivateKeyECDSA creates a new ECDSA private key using the provided curve name and parameters (x, y, d). ++func NewPrivateKeyECDSA(curve string, x, y, d BigInt) (*PrivateKeyECDSA, error) { ++ keySize := curveToKeySizeInBytes(curve) ++ if keySize == 0 { ++ return nil, errors.New("unsupported curve") ++ } ++ // Validate that x, y, and d are of appropriate length ++ if len(x) > keySize || len(y) > keySize || len(d) > keySize { ++ return nil, errors.New("key parameters are too large") ++ } ++ privKey := &PrivateKeyECDSA{ ++ x: x, ++ y: y, ++ d: d, ++ curve: curve, ++ } ++ return privKey, nil ++} ++ ++func GenerateKeyECDSA(curve string) (x, y, d BigInt, err error) { ++ keySize := curveToKeySizeInBytes(curve) ++ if keySize == 0 { ++ return nil, nil, nil, errors.New("unsupported curve") ++ } ++ ++ curveID, err := curveToID(curve) ++ if err != nil { ++ return nil, nil, nil, err ++ } ++ ++ // Generate key using CryptoKit ++ xBytes := make([]byte, keySize) ++ yBytes := make([]byte, keySize) ++ dBytes := make([]byte, keySize) ++ ++ ret := cryptokit.GenerateKeyECDSA(curveID, xBytes, yBytes, dBytes) ++ if ret != 0 { ++ return nil, nil, nil, errors.New("ECDSA key generation failed") ++ } ++ ++ return normalizeBigInt(xBytes), normalizeBigInt(yBytes), normalizeBigInt(dBytes), nil ++} ++ ++func SignMarshalECDSA(priv *PrivateKeyECDSA, hashed []byte) ([]byte, error) { ++ if priv == nil || len(hashed) == 0 { ++ return nil, errors.New("invalid parameters") ++ } ++ ++ curveID, err := curveToID(priv.curve) ++ if err != nil { ++ return nil, err ++ } ++ ++ keySize := curveToKeySizeInBytes(priv.curve) ++ ++ // Normalize private key to proper size ++ dBytes := make([]byte, keySize) ++ copy(dBytes[len(dBytes)-len(priv.d):], priv.d) ++ ++ // Allocate signature buffer (max size for DER-encoded signature) ++ maxSigLen := 256 ++ signature := make([]byte, maxSigLen) ++ sigLen := int64(0) ++ ++ ret := cryptokit.EcdsaSign(curveID, dBytes, hashed, signature, &sigLen) ++ if ret != 0 { ++ return nil, errors.New("ECDSA signing failed") ++ } ++ ++ if sigLen <= 0 || sigLen > int64(len(signature)) { ++ return nil, errors.New("invalid signature length") ++ } ++ ++ return signature[:sigLen], nil ++} ++ ++func VerifyECDSA(pub *PublicKeyECDSA, hashed []byte, sig []byte) bool { ++ if pub == nil || len(hashed) == 0 || len(sig) == 0 { ++ return false ++ } ++ ++ curveID, err := curveToID(pub.curve) ++ if err != nil { ++ return false ++ } ++ ++ keySize := curveToKeySizeInBytes(pub.curve) ++ ++ // Normalize public key coordinates to proper size ++ xBytes := make([]byte, keySize) ++ yBytes := make([]byte, keySize) ++ ++ // Safety check: ensure BigInts are not longer than keySize ++ if len(pub.x) > keySize || len(pub.y) > keySize { ++ return false ++ } ++ ++ copy(xBytes[len(xBytes)-len(pub.x):], pub.x) ++ copy(yBytes[len(yBytes)-len(pub.y):], pub.y) ++ ++ ret := cryptokit.EcdsaVerify(curveID, xBytes, yBytes, hashed, sig) ++ return ret == 1 ++} ++ ++func normalizeBigInt(b []byte) BigInt { ++ // Remove leading zero bytes ++ for len(b) > 0 && b[0] == 0 { ++ b = b[1:] ++ } ++ return b ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go +new file mode 100644 +index 00000000000000..316ecba6792d47 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go +@@ -0,0 +1,124 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "errors" ++ "strconv" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++const ( ++ // publicKeySizeEd25519 is the size, in bytes, of public keys as used in crypto/ed25519. ++ publicKeySizeEd25519 = 32 ++ // privateKeySizeEd25519 is the size, in bytes, of private keys as used in crypto/ed25519. ++ privateKeySizeEd25519 = 64 ++ // signatureSizeEd25519 is the size, in bytes, of signatures generated and verified by crypto/ed25519. ++ signatureSizeEd25519 = 64 ++ // seedSizeEd25519 is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032. ++ seedSizeEd25519 = 32 ++) ++ ++// PublicKeyEd25519 represents an Ed25519 public key. ++type PublicKeyEd25519 []byte ++ ++// PrivateKeyEd25519 represents an Ed25519 private key. ++type PrivateKeyEd25519 []byte ++ ++func (k PrivateKeyEd25519) Public() PublicKeyEd25519 { ++ publicKey := make([]byte, publicKeySizeEd25519) ++ copy(publicKey, k[seedSizeEd25519:]) ++ return PublicKeyEd25519(publicKey) ++} ++ ++// GenerateKeyEd25519 generates a new Ed25519 private key. ++func GenerateKeyEd25519() PrivateKeyEd25519 { ++ pkeyPriv := make([]byte, privateKeySizeEd25519) ++ cryptokit.GenerateKeyEd25519(pkeyPriv) ++ return pkeyPriv ++} ++ ++func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { ++ if len(priv) != privateKeySizeEd25519 { ++ panic("ed25519: bad private key length: " + strconv.Itoa(len(priv))) ++ } ++ return NewPrivateKeyEd25519FromSeed(priv[:seedSizeEd25519]) ++} ++ ++func (k PrivateKeyEd25519) Bytes() ([]byte, error) { ++ return k, nil ++} ++ ++func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { ++ if len(pub) != publicKeySizeEd25519 { ++ panic("ed25519: bad public key length: " + strconv.Itoa(len(pub))) ++ } ++ pkey := make([]byte, publicKeySizeEd25519) ++ result := cryptokit.NewPublicKeyEd25519(pkey, pub) ++ if result != 0 { ++ return nil, errors.New("failed to create Ed25519 public key") ++ } ++ return pkey, nil ++} ++ ++func (k PublicKeyEd25519) Bytes() ([]byte, error) { ++ return k, nil ++} ++ ++// NewPrivateKeyEd25519FromSeed calculates a private key from a seed. It will panic if ++// len(seed) is not [SeedSize]. RFC 8032's private keys correspond to seeds in this ++// package. ++// NewPrivateKeyEd25519FromSeed creates an Ed25519 private key from a seed. ++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { ++ if len(seed) != seedSizeEd25519 { ++ panic("ed25519: bad seed length: " + strconv.Itoa(len(seed))) ++ } ++ pkey := make([]byte, privateKeySizeEd25519) ++ result := cryptokit.NewPrivateKeyEd25519FromSeed(pkey, seed) ++ if result != 0 { ++ return nil, errors.New("failed to generate Ed25519 key from seed") ++ } ++ return pkey, nil ++} ++ ++// SignEd25519 signs the message with priv and returns a signature. ++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { ++ sig := make([]byte, signatureSizeEd25519) ++ result := cryptokit.SignEd25519(priv, message, sig) ++ if result < 0 { ++ switch result { ++ case -1: ++ return nil, errors.New("invalid inputs to SignEd25519") ++ case -2: ++ return nil, errors.New("failed to reconstruct private key") ++ case -3: ++ return nil, errors.New("failed to sign the message") ++ case -4: ++ return nil, errors.New("signature buffer too small") ++ default: ++ return nil, errors.New("unknown error in SignEd25519") ++ } ++ } ++ return sig, nil ++} ++ ++// VerifyEd25519 reports whether sig is a valid signature of message by pub. ++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { ++ result := cryptokit.VerifyEd25519(pub, message, sig) ++ switch result { ++ case 1: ++ return nil // Valid signature ++ case 0: ++ return errors.New("ed25519: invalid signature") ++ case -1: ++ return errors.New("invalid inputs to VerifyEd25519") ++ case -2: ++ return errors.New("failed to reconstruct public key") ++ default: ++ return errors.New("unknown error in VerifyEd25519") ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go +new file mode 100644 +index 00000000000000..a085303b10ac00 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go +@@ -0,0 +1,339 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ "slices" ++ "strconv" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/security" ++) ++ ++type algorithmType int ++ ++const ( ++ algorithmTypePSS algorithmType = iota ++ algorithmTypeRAW ++ algorithmTypePKCS1v15Enc ++ algorithmTypePKCS1v15Sig ++ algorithmTypeOAEP ++ algorithmTypeECDSA ++) ++ ++type withKeyFunc func(func(security.SecKeyRef) error) error ++ ++// Encrypt encrypts a plaintext message using a given key and algorithm. ++func evpEncrypt(withKey withKeyFunc, algorithmType algorithmType, plaintext []byte, hash hash.Hash) ([]byte, error) { ++ var cryptoHash crypto.Hash ++ if hash != nil { ++ var err error ++ cryptoHash, err = hashToCryptoHash(hash) ++ if err != nil { ++ return nil, err ++ } ++ } ++ algorithm, err := selectAlgorithm(cryptoHash, algorithmType) ++ if err != nil { ++ return nil, err ++ } ++ ++ dataRef := bytesToCFData(plaintext) ++ defer cfRelease(unsafe.Pointer(dataRef)) ++ ++ var encryptedDataRef security.CFDataRef ++ err = withKey(func(key security.SecKeyRef) error { ++ if security.SecKeyIsAlgorithmSupported(key, security.KSecKeyOperationTypeEncrypt, algorithm) != 1 { ++ return errors.New("algorithm not supported by the key") ++ } ++ encryptedDataRef = security.SecKeyCreateEncryptedData(key, algorithm, dataRef, nil) ++ if encryptedDataRef == nil { ++ return errors.New("encryption failed") ++ } ++ return nil ++ }) ++ if err != nil { ++ return nil, err ++ } ++ defer cfRelease(unsafe.Pointer(encryptedDataRef)) ++ ++ return cfDataToBytes(encryptedDataRef), nil ++} ++ ++// Decrypt decrypts a ciphertext using a given key and algorithm. ++func evpDecrypt(withKey withKeyFunc, algorithmType algorithmType, ciphertext []byte, hash hash.Hash) ([]byte, error) { ++ var cryptoHash crypto.Hash ++ if hash != nil { ++ var err error ++ cryptoHash, err = hashToCryptoHash(hash) ++ if err != nil { ++ return nil, err ++ } ++ } ++ algorithm, err := selectAlgorithm(cryptoHash, algorithmType) ++ if err != nil { ++ return nil, err ++ } ++ ++ msg := bytesToCFData(ciphertext) ++ ++ var decryptedDataRef security.CFDataRef ++ var cfErr security.CFErrorRef ++ err = withKey(func(key security.SecKeyRef) error { ++ if security.SecKeyIsAlgorithmSupported(key, security.KSecKeyOperationTypeDecrypt, algorithm) != 1 { ++ return errors.New("algorithm not supported by the key") ++ } ++ decryptedDataRef = security.SecKeyCreateDecryptedData(key, algorithm, msg, &cfErr) ++ if decryptedDataRef == nil { ++ return errors.New("decryption failed") ++ } ++ return nil ++ }) ++ ++ if err := goCFErrorRef(cfErr); err != nil { ++ return nil, err ++ } ++ ++ if err != nil { ++ return nil, err ++ } ++ defer cfRelease(unsafe.Pointer(decryptedDataRef)) ++ ++ return cfDataToBytes(decryptedDataRef), nil ++} ++ ++func evpSign(withKey withKeyFunc, algorithmType algorithmType, hash crypto.Hash, hashed []byte) ([]byte, error) { ++ algorithm, err := selectAlgorithm(hash, algorithmType) ++ if err != nil { ++ return nil, err ++ } ++ ++ var signedDataRef security.CFDataRef ++ var cfErr security.CFErrorRef ++ err = withKey(func(key security.SecKeyRef) error { ++ if security.SecKeyIsAlgorithmSupported(key, security.KSecKeyOperationTypeSign, algorithm) != 1 { ++ return errors.New("algorithm not supported by the key") ++ } ++ signedDataRef = security.SecKeyCreateSignature(key, algorithm, bytesToCFData(hashed), &cfErr) ++ if signedDataRef == nil { ++ return errors.New("signing failed") ++ } ++ return nil ++ }) ++ ++ if err := goCFErrorRef(cfErr); err != nil { ++ return nil, err ++ } ++ ++ if err != nil { ++ return nil, err ++ } ++ defer cfRelease(unsafe.Pointer(signedDataRef)) ++ ++ return cfDataToBytes(signedDataRef), nil ++} ++ ++func evpVerify(withKey withKeyFunc, algorithmType algorithmType, hash crypto.Hash, hashed, signature []byte) error { ++ algorithm, err := selectAlgorithm(hash, algorithmType) ++ if err != nil { ++ return err ++ } ++ ++ var cfErr security.CFErrorRef ++ err = withKey(func(key security.SecKeyRef) error { ++ if security.SecKeyIsAlgorithmSupported(key, security.KSecKeyOperationTypeVerify, algorithm) != 1 { ++ return errors.New("algorithm not supported by the key") ++ } ++ if security.SecKeyVerifySignature(key, algorithm, bytesToCFData(hashed), bytesToCFData(signature), &cfErr) != 1 { ++ return errors.New("verification failed") ++ } ++ return nil ++ }) ++ ++ if err := goCFErrorRef(cfErr); err != nil { ++ return err ++ } ++ ++ return err ++} ++ ++// hashToCryptoHash converts a hash.Hash to a crypto.Hash. ++func hashToCryptoHash(hash hash.Hash) (crypto.Hash, error) { ++ switch h := hash.(type) { ++ case *Hash: ++ return h.alg.ch, nil ++ default: ++ return 0, errors.New("unsupported hash function") ++ } ++} ++ ++// selectAlgorithm selects the appropriate SecKeyAlgorithm based on hash and algorithm type. ++func selectAlgorithm(hash crypto.Hash, algorithmType algorithmType) (security.CFStringRef, error) { ++ var algo security.CFStringRef ++ switch algorithmType { ++ case algorithmTypePSS: ++ switch hash { ++ case crypto.SHA1: ++ algo = security.KSecKeyAlgorithmRSASignatureDigestPSSSHA1 ++ case crypto.SHA224: ++ algo = security.KSecKeyAlgorithmRSASignatureDigestPSSSHA224 ++ case crypto.SHA256: ++ algo = security.KSecKeyAlgorithmRSASignatureDigestPSSSHA256 ++ case crypto.SHA384: ++ algo = security.KSecKeyAlgorithmRSASignatureDigestPSSSHA384 ++ case crypto.SHA512: ++ algo = security.KSecKeyAlgorithmRSASignatureDigestPSSSHA512 ++ default: ++ return nil, errors.New("unsupported PSS hash: " + hash.String()) ++ } ++ case algorithmTypeRAW: ++ algo = security.KSecKeyAlgorithmRSAEncryptionRaw ++ case algorithmTypePKCS1v15Enc: ++ return security.KSecKeyAlgorithmRSAEncryptionPKCS1, nil ++ case algorithmTypePKCS1v15Sig: ++ switch hash { ++ case crypto.SHA1: ++ algo = security.KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 ++ case crypto.SHA224: ++ algo = security.KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 ++ case crypto.SHA256: ++ algo = security.KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 ++ case crypto.SHA384: ++ algo = security.KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 ++ case crypto.SHA512: ++ algo = security.KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 ++ case 0: ++ algo = security.KSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw ++ default: ++ return nil, errors.New("unsupported PKCS1v15 hash: " + hash.String()) ++ } ++ case algorithmTypeOAEP: ++ switch hash { ++ case crypto.SHA1: ++ algo = security.KSecKeyAlgorithmRSAEncryptionOAEPSHA1 ++ case crypto.SHA224: ++ algo = security.KSecKeyAlgorithmRSAEncryptionOAEPSHA224 ++ case crypto.SHA256: ++ algo = security.KSecKeyAlgorithmRSAEncryptionOAEPSHA256 ++ case crypto.SHA384: ++ algo = security.KSecKeyAlgorithmRSAEncryptionOAEPSHA384 ++ case crypto.SHA512: ++ algo = security.KSecKeyAlgorithmRSAEncryptionOAEPSHA512 ++ default: ++ return nil, errors.New("unsupported OAEP hash: " + hash.String()) ++ } ++ case algorithmTypeECDSA: ++ return security.KSecKeyAlgorithmECDSASignatureDigestX962, nil ++ default: ++ return nil, errors.New("unsupported algorithm type: " + strconv.Itoa(int(algorithmType))) ++ } ++ return algo, nil ++} ++ ++// bytesToCFData turns a byte slice into a CFDataRef. Caller then "owns" the ++// CFDataRef and must CFRelease the CFDataRef when done. ++func bytesToCFData(buf []byte) security.CFDataRef { ++ return security.CFDataCreate(security.KCFAllocatorDefault, buf) ++} ++ ++// cfDataToBytes turns a CFDataRef into a byte slice. ++func cfDataToBytes(cfData security.CFDataRef) []byte { ++ // TODO: remove this allocation ++ return slices.Clone(unsafe.Slice(security.CFDataGetBytePtr(cfData), security.CFDataGetLength(cfData))) ++} ++ ++// cfRelease releases a CoreFoundation object. ++func cfRelease(ref unsafe.Pointer) { ++ security.CFRelease(security.CFTypeRef(ref)) ++} ++ ++// createSecKeyWithData creates a SecKey from the provided encoded key and attributes dictionary. ++func createSecKeyWithData(encodedKey []byte, keyType, keyClass security.CFStringRef) (security.SecKeyRef, error) { ++ encodedKeyCF := security.CFDataCreate(security.KCFAllocatorDefault, encodedKey) ++ if encodedKeyCF == nil { ++ return nil, errors.New("xcrypto: failed to create CFData for private key") ++ } ++ defer security.CFRelease(security.CFTypeRef(encodedKeyCF)) ++ ++ attrKeys := []security.CFTypeRef{ ++ security.CFTypeRef(security.KSecAttrKeyType), ++ security.CFTypeRef(security.KSecAttrKeyClass), ++ } ++ ++ attrValues := []security.CFTypeRef{ ++ security.CFTypeRef(keyType), ++ security.CFTypeRef(keyClass), ++ } ++ ++ // Create attributes dictionary for the key ++ attrDict := security.CFDictionaryCreate( ++ security.KCFAllocatorDefault, ++ (*unsafe.Pointer)(unsafe.Pointer(&attrKeys[0])), ++ (*unsafe.Pointer)(unsafe.Pointer(&attrValues[0])), ++ security.CFIndex(len(attrKeys)), ++ nil, ++ nil, ++ ) ++ if attrDict == nil { ++ return nil, errors.New("xcrypto: failed to create attributes dictionary") ++ } ++ defer security.CFRelease(security.CFTypeRef(attrDict)) ++ ++ // Generate the SecKey ++ var errorRef security.CFErrorRef ++ key := security.SecKeyCreateWithData(encodedKeyCF, attrDict, &errorRef) ++ if err := goCFErrorRef(errorRef); err != nil { ++ return nil, err ++ } ++ return key, nil ++} ++ ++// createSecKeyRandom creates a new SecKey with the provided attributes dictionary. ++func createSecKeyRandom(keyType security.CFStringRef, keySize int) ([]byte, security.SecKeyRef, error) { ++ keyAttrs := security.CFDictionaryCreateMutable(security.KCFAllocatorDefault, 0, nil, nil) ++ if keyAttrs == nil { ++ return nil, nil, errors.New("failed to create key attributes dictionary") ++ } ++ defer security.CFRelease(security.CFTypeRef(keyAttrs)) ++ ++ security.CFDictionarySetValue( ++ keyAttrs, ++ unsafe.Pointer(security.KSecAttrKeyType), ++ unsafe.Pointer(keyType), ++ ) ++ ++ cfNum := security.CFNumberCreate(security.KCFAllocatorDefault, security.KCFNumberLongType, unsafe.Pointer(&keySize)) ++ defer security.CFRelease(security.CFTypeRef(cfNum)) ++ ++ security.CFDictionarySetValue( ++ keyAttrs, ++ unsafe.Pointer(security.KSecAttrKeySizeInBits), ++ unsafe.Pointer(cfNum), ++ ) ++ ++ // Generate the private key ++ var errorRef security.CFErrorRef ++ privKeyRef := security.SecKeyCreateRandomKey(security.CFDictionaryRef(keyAttrs), &errorRef) ++ if err := goCFErrorRef(errorRef); err != nil { ++ return nil, nil, err ++ } ++ ++ // Export the private key as DER ++ privData := security.SecKeyCopyExternalRepresentation(privKeyRef, &errorRef) ++ if err := goCFErrorRef(errorRef); err != nil { ++ return nil, nil, err ++ } ++ defer security.CFRelease(security.CFTypeRef(privData)) ++ ++ privKeyDER := cfDataToBytes(privData) ++ if privKeyDER == nil { ++ return nil, nil, errors.New("failed to convert CFData to bytes") ++ } ++ return privKeyDER, privKeyRef, nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/gcm.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/gcm.go +new file mode 100644 +index 00000000000000..82a961d974f129 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/gcm.go +@@ -0,0 +1,218 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "crypto/cipher" ++ "errors" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++type aesGCM struct { ++ key []byte ++ tls cipherGCMTLS ++ // minNextNonce is the minimum value that the next nonce can be, enforced by ++ // all TLS modes. ++ minNextNonce uint64 ++ // mask is the nonce mask used in TLS 1.3 mode. ++ mask uint64 ++ // maskInitialized is true if mask has been initialized. This happens during ++ // the first Seal. The initialized mask may be 0. Used by TLS 1.3 mode. ++ maskInitialized bool ++} ++ ++type noGCM struct { ++ cipher.Block ++} ++ ++// NewGCM constructs a GCM block mode for AES using the cryptokit package ++func (c *aesCipher) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) { ++ if nonceSize != gcmStandardNonceSize && tagSize != gcmTagSize { ++ return nil, errors.New("crypto/aes: GCM tag and nonce sizes can't be non-standard at the same time") ++ } ++ // Fall back to standard library for GCM with non-standard nonce or tag size. ++ if nonceSize != gcmStandardNonceSize { ++ return cipher.NewGCMWithNonceSize(&noGCM{c}, nonceSize) ++ } ++ if tagSize != gcmTagSize { ++ return cipher.NewGCMWithTagSize(&noGCM{c}, tagSize) ++ } ++ return &aesGCM{key: c.key, tls: cipherGCMTLSNone}, nil ++} ++ ++func (g *aesGCM) NonceSize() int { return gcmStandardNonceSize } ++ ++func (g *aesGCM) Overhead() int { return gcmTagSize } ++ ++func (g *aesGCM) Seal(dst, nonce, plaintext, additionalData []byte) []byte { ++ if len(nonce) != gcmStandardNonceSize { ++ panic("cipher: incorrect nonce length given to GCM") ++ } ++ if uint64(len(plaintext)) > ((1<<32)-2)*aesBlockSize || len(plaintext)+gcmTagSize < len(plaintext) { ++ panic("cipher: message too large for GCM") ++ } ++ if len(dst)+len(plaintext)+gcmTagSize < len(dst) { ++ panic("cipher: message too large for buffer") ++ } ++ ++ if g.tls != cipherGCMTLSNone { ++ if g.tls == cipherGCMTLS12 && len(additionalData) != gcmTls12AddSize { ++ panic("cipher: incorrect additional data length given to GCM TLS 1.2") ++ } else if g.tls == cipherGCMTLS13 && len(additionalData) != gcmTls13AddSize { ++ panic("cipher: incorrect additional data length given to GCM TLS 1.3") ++ } ++ counter := bigUint64(nonce[gcmTlsFixedNonceSize:]) ++ ++ // TLS 1.3 Masking ++ if g.tls == cipherGCMTLS13 { ++ if !g.maskInitialized { ++ g.mask = counter ++ g.maskInitialized = true ++ } ++ // Apply mask to the counter ++ counter ^= g.mask ++ } ++ ++ // Enforce monotonicity and max limit ++ const maxUint64 = 1<<64 - 1 ++ if counter == maxUint64 { ++ panic("cipher: nonce counter must be less than 2^64 - 1") ++ } ++ if counter < g.minNextNonce { ++ panic("cipher: nonce counter must be strictly monotonically increasing") ++ } ++ ++ defer func() { ++ g.minNextNonce = counter + 1 ++ }() ++ } ++ ++ // Make room in dst to append plaintext+overhead. ++ ret, out := sliceForAppend(dst, len(plaintext)+gcmTagSize) ++ ++ // Check delayed until now to make sure len(dst) is accurate. ++ if inexactOverlap(out, plaintext) { ++ panic("cipher: invalid buffer overlap") ++ } ++ ++ err := cryptokit.EncryptAESGCM( ++ g.key, ++ plaintext, ++ nonce, ++ additionalData, ++ out[:len(out)-gcmTagSize], ++ out[len(out)-gcmTagSize:], ++ ) ++ if err != 0 { ++ panic("cipher: encryption failed") ++ } ++ return ret ++} ++ ++func (g *aesGCM) SealWithRandomNonce(out, nonce, plaintext, additionalData []byte) { ++ if uint64(len(plaintext)) > uint64((1<<32)-2)*aesBlockSize { ++ panic("crypto/cipher: message too large for GCM") ++ } ++ if len(nonce) != gcmStandardNonceSize { ++ panic("crypto/cipher: incorrect nonce length given to GCMWithRandomNonce") ++ } ++ if len(out) != len(plaintext)+gcmTagSize { ++ panic("crypto/cipher: incorrect output length given to GCMWithRandomNonce") ++ } ++ if inexactOverlap(out, plaintext) { ++ panic("crypto/cipher: invalid buffer overlap of output and input") ++ } ++ if anyOverlap(out, additionalData) { ++ panic("crypto/cipher: invalid buffer overlap of output and additional data") ++ } ++ ++ if g.tls != cipherGCMTLSNone { ++ panic("cipher: TLS 1.2 and 1.3 modes do not support random nonce") ++ } ++ ++ // Generate a random nonce ++ RandReader.Read(nonce) ++ err := cryptokit.EncryptAESGCM( ++ g.key, ++ plaintext, ++ nonce, ++ additionalData, ++ out[:len(out)-gcmTagSize], ++ out[len(out)-gcmTagSize:], ++ ) ++ if err != 0 { ++ panic("cipher: encryption failed") ++ } ++} ++ ++func (g *aesGCM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { ++ if len(nonce) != gcmStandardNonceSize { ++ panic("cipher: incorrect nonce length given to GCM") ++ } ++ if len(ciphertext) < gcmTagSize { ++ return nil, errOpen ++ } ++ if uint64(len(ciphertext)) > ((1<<32)-2)*aesBlockSize+gcmTagSize { ++ return nil, errOpen ++ } ++ // BoringCrypto does not do any TLS check when decrypting, neither do we. ++ ++ // Ensure we don't process if ciphertext lacks both ciphertext and tag ++ if len(ciphertext) < gcmTagSize { ++ return nil, errors.New("decryption failed: ciphertext too short for tag") ++ } ++ ++ tag := ciphertext[len(ciphertext)-gcmTagSize:] ++ ciphertext = ciphertext[:len(ciphertext)-gcmTagSize] ++ ++ // Make room in dst to append ciphertext without tag. ++ ret, out := sliceForAppend(dst, len(ciphertext)) ++ ++ // Check delayed until now to make sure len(dst) is accurate. ++ if inexactOverlap(out, ciphertext) { ++ panic("cipher: invalid buffer overlap") ++ } ++ ++ var decSize int ++ err := cryptokit.DecryptAESGCM( ++ g.key, ++ ciphertext, ++ nonce, ++ additionalData, ++ tag, ++ out, ++ &decSize, ++ ) ++ if err != 0 || int(decSize) != len(ciphertext) { ++ // If the decrypted data size does not match, zero out `out` and return `errOpen` ++ for i := range out { ++ out[i] = 0 ++ } ++ return nil, errOpen ++ } ++ return ret, nil ++} ++ ++// NewGCMTLS returns a GCM cipher specific to TLS ++// and should not be used for non-TLS purposes. ++func NewGCMTLS(block cipher.Block) (cipher.AEAD, error) { ++ cipher, ok := block.(*aesCipher) ++ if !ok { ++ return nil, errors.New("crypto/aes: invalid block cipher") ++ } ++ return &aesGCM{key: cipher.key, tls: cipherGCMTLS12}, nil ++} ++ ++// NewGCMTLS13 returns a GCM cipher specific to TLS 1.3 and should not be used ++// for non-TLS purposes. ++func NewGCMTLS13(block cipher.Block) (cipher.AEAD, error) { ++ cipher, ok := block.(*aesCipher) ++ if !ok { ++ return nil, errors.New("crypto/aes: invalid block cipher") ++ } ++ return &aesGCM{key: cipher.key, tls: cipherGCMTLS13}, nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go +new file mode 100644 +index 00000000000000..016827afea2eee +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go +@@ -0,0 +1,337 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ "runtime" ++ "sync" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++const ( ++ md5 = 1 ++ sha1 = 2 ++ sha256 = 3 ++ sha384 = 4 ++ sha512 = 5 ++ sha3256 = 6 ++ sha3384 = 7 ++ sha3512 = 8 ++) ++ ++type hashAlgorithm struct { ++ id int32 ++ ch crypto.Hash ++ size int ++ blockSize int ++} ++ ++type HashCloner = hash.Cloner ++ ++var cacheHash sync.Map // map[crypto.Hash]*hashAlgorithm ++ ++// supportsSHA3 returns true if SHA-3 is available on this macOS version. ++func supportsSHA3() bool { ++ return cryptokit.SupportsSHA3() == 1 ++} ++ ++// loadHash converts a crypto.Hash to a hashAlgorithm. ++func loadHash(ch crypto.Hash, required bool) *hashAlgorithm { ++ if v, ok := cacheHash.Load(ch); ok { ++ if v == nil && required { ++ panic("cryptokit: " + ch.String() + " not available") ++ } ++ return v.(*hashAlgorithm) ++ } ++ ++ var hash hashAlgorithm ++ hash.ch = ch ++ supported := true ++ ++ switch ch { ++ case crypto.MD5: ++ hash.id = md5 ++ hash.size = int(cryptokit.HashSize(md5)) ++ hash.blockSize = int(cryptokit.HashBlockSize(md5)) ++ case crypto.SHA1: ++ hash.id = sha1 ++ hash.size = int(cryptokit.HashSize(sha1)) ++ hash.blockSize = int(cryptokit.HashBlockSize(sha1)) ++ case crypto.SHA256: ++ hash.id = sha256 ++ hash.size = int(cryptokit.HashSize(sha256)) ++ hash.blockSize = int(cryptokit.HashBlockSize(sha256)) ++ case crypto.SHA384: ++ hash.id = sha384 ++ hash.size = int(cryptokit.HashSize(sha384)) ++ hash.blockSize = int(cryptokit.HashBlockSize(sha384)) ++ case crypto.SHA512: ++ hash.id = sha512 ++ hash.size = int(cryptokit.HashSize(sha512)) ++ hash.blockSize = int(cryptokit.HashBlockSize(sha512)) ++ case crypto.SHA3_256: ++ if !supportsSHA3() { ++ supported = false ++ break ++ } ++ hash.id = sha3256 ++ hash.size = int(cryptokit.HashSize(sha3256)) ++ hash.blockSize = int(cryptokit.HashBlockSize(sha3256)) ++ case crypto.SHA3_384: ++ if !supportsSHA3() { ++ supported = false ++ break ++ } ++ hash.id = sha3384 ++ hash.size = int(cryptokit.HashSize(sha3384)) ++ hash.blockSize = int(cryptokit.HashBlockSize(sha3384)) ++ case crypto.SHA3_512: ++ if !supportsSHA3() { ++ supported = false ++ break ++ } ++ hash.id = sha3512 ++ hash.size = int(cryptokit.HashSize(sha3512)) ++ hash.blockSize = int(cryptokit.HashBlockSize(sha3512)) ++ default: ++ supported = false ++ } ++ ++ if !supported { ++ if required { ++ panic("cryptokit: " + ch.String() + " not available") ++ } ++ cacheHash.Store(ch, (*hashAlgorithm)(nil)) ++ return nil ++ } ++ ++ cacheHash.Store(ch, &hash) ++ return &hash ++} ++ ++// Hash implements generic hash methods. ++type Hash struct { ++ ptr unsafe.Pointer ++ alg *hashAlgorithm ++} ++ ++// SupportsHash returns true if a hash.Hash implementation is supported for h. ++func SupportsHash(h crypto.Hash) bool { ++ return loadHash(h, false) != nil ++} ++ ++func newHash(ch crypto.Hash) *Hash { ++ alg := loadHash(ch, true) ++ ++ h := &Hash{ ++ ptr: cryptokit.HashNew(alg.id), ++ alg: alg, ++ } ++ ++ runtime.SetFinalizer(h, (*Hash).finalize) ++ ++ return h ++} ++ ++func (h *Hash) finalize() { ++ if h.ptr != nil { ++ cryptokit.HashFree(h.alg.id, h.ptr) ++ h.ptr = nil ++ } ++} ++ ++func (h *Hash) Clone() (HashCloner, error) { ++ if h.ptr == nil { ++ panic("cryptokit: hash already finalized") ++ } ++ ++ newHash := &Hash{ ++ ptr: cryptokit.HashCopy(h.alg.id, h.ptr), ++ alg: h.alg, ++ } ++ ++ runtime.SetFinalizer(newHash, (*Hash).finalize) ++ ++ runtime.KeepAlive(h) ++ ++ return newHash, nil ++} ++ ++func (h *Hash) Write(p []byte) (int, error) { ++ if len(p) == 0 { ++ return 0, nil ++ } ++ cryptokit.HashWrite(h.alg.id, h.ptr, p) ++ ++ runtime.KeepAlive(h) ++ ++ return len(p), nil ++} ++ ++func (h *Hash) WriteString(s string) (int, error) { ++ if len(s) == 0 { ++ return 0, nil ++ } ++ cryptokit.HashWrite(h.alg.id, h.ptr, unsafe.Slice(unsafe.StringData(s), len(s))) ++ ++ runtime.KeepAlive(h) ++ ++ return len(s), nil ++} ++ ++func (h *Hash) WriteByte(c byte) error { ++ cryptokit.HashWrite(h.alg.id, h.ptr, unsafe.Slice(&c, 1)) ++ ++ runtime.KeepAlive(h) ++ ++ return nil ++} ++ ++func (h *Hash) Sum(b []byte) []byte { ++ hashSlice := make([]byte, h.alg.size, 64) // explicit cap to allow stack allocation ++ cryptokit.HashSum(h.alg.id, h.ptr, hashSlice) ++ runtime.KeepAlive(h) ++ b = append(b, hashSlice...) ++ return b ++} ++ ++type errMarshallUnsupported struct{} ++ ++func (e errMarshallUnsupported) Error() string { ++ return "cryptokit: hash state is not marshallable" ++} ++ ++func (e errMarshallUnsupported) Unwrap() error { ++ return errors.ErrUnsupported ++} ++ ++func (h *Hash) MarshalBinary() ([]byte, error) { ++ return nil, errMarshallUnsupported{} ++} ++ ++func (h *Hash) AppendBinary(b []byte) ([]byte, error) { ++ return nil, errMarshallUnsupported{} ++} ++ ++func (h *Hash) UnmarshalBinary(data []byte) error { ++ return errMarshallUnsupported{} ++} ++ ++func (h *Hash) Reset() { ++ cryptokit.HashReset(h.alg.id, h.ptr) ++} ++ ++func (h *Hash) BlockSize() int { ++ return h.alg.blockSize ++} ++ ++func (h *Hash) Size() int { ++ return h.alg.size ++} ++ ++// FIPSApprovedHash reports whether this hash algorithm is FIPS 140-3 approved. ++func FIPSApprovedHash(h hash.Hash) bool { ++ xh, ok := h.(*Hash) ++ if !ok { ++ return false ++ } ++ switch xh.alg.ch { ++ case crypto.SHA256, crypto.SHA384, crypto.SHA512, ++ crypto.SHA3_256, crypto.SHA3_384, crypto.SHA3_512: ++ return true ++ default: ++ return false ++ } ++} ++ ++var _ hash.Hash = (*Hash)(nil) ++var _ HashCloner = (*Hash)(nil) ++ ++func MD5(p []byte) (sum [16]byte) { ++ cryptokit.MD5(p, sum[:]) ++ return ++} ++ ++func SHA1(p []byte) (sum [20]byte) { ++ cryptokit.SHA1(p, sum[:]) ++ return ++} ++ ++func SHA256(p []byte) (sum [32]byte) { ++ cryptokit.SHA256(p, sum[:]) ++ return ++} ++ ++func SHA384(p []byte) (sum [48]byte) { ++ cryptokit.SHA384(p, sum[:]) ++ return ++} ++ ++func SHA512(p []byte) (sum [64]byte) { ++ cryptokit.SHA512(p, sum[:]) ++ return ++} ++ ++func SumSHA3_256(p []byte) (sum [32]byte) { ++ cryptokit.SHA3_256(p, sum[:]) ++ return ++} ++ ++func SumSHA3_384(p []byte) (sum [48]byte) { ++ cryptokit.SHA3_384(p, sum[:]) ++ return ++} ++ ++func SumSHA3_512(p []byte) (sum [64]byte) { ++ cryptokit.SHA3_512(p, sum[:]) ++ return ++} ++ ++// NewMD5 initializes a new MD5 hasher. ++func NewMD5() hash.Hash { ++ return newHash(crypto.MD5) ++ ++} ++ ++// NewSHA1 initializes a new SHA1 hasher. ++func NewSHA1() hash.Hash { ++ return newHash(crypto.SHA1) ++} ++ ++// NewSHA256 initializes a new SHA256 hasher. ++func NewSHA256() hash.Hash { ++ return newHash(crypto.SHA256) ++} ++ ++// NewSHA384 initializes a new SHA384 hasher. ++func NewSHA384() hash.Hash { ++ return newHash(crypto.SHA384) ++} ++ ++// NewSHA512 initializes a new SHA512 hasher. ++func NewSHA512() hash.Hash { ++ return newHash(crypto.SHA512) ++} ++ ++// NewSHA3_256 creates a new SHA3-256 hash. ++func NewSHA3_256() *Hash { ++ return newHash(crypto.SHA3_256) ++} ++ ++// NewSHA3_384 creates a new SHA3-384 hash. ++func NewSHA3_384() *Hash { ++ return newHash(crypto.SHA3_384) ++} ++ ++// NewSHA3_512 creates a new SHA3-512 hash. ++func NewSHA3_512() *Hash { ++ return newHash(crypto.SHA3_512) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go +new file mode 100644 +index 00000000000000..f6183de583d9ac +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go +@@ -0,0 +1,103 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++// ExtractHKDF performs the extract step of HKDF using the specified hash function. ++func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { ++ // Handle empty secret ++ if len(secret) == 0 { ++ return nil, errors.New("secret cannot be empty") ++ } ++ ++ hash, err := hashToCryptoHash(h()) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Default salt to a zero-filled array if not provided ++ if len(salt) == 0 { ++ salt = make([]byte, hash.Size()) ++ } ++ ++ swiftHash, err := cryptoHashToSwift(hash) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Allocate buffer for derived key ++ prk := make([]byte, hash.Size()) ++ ++ result := cryptokit.ExtractHKDF(swiftHash, secret, salt, prk) ++ if result != 0 { ++ return nil, errors.New("HKDF derivation failed") ++ } ++ ++ return prk, nil ++} ++ ++// ExpandHKDF performs the expand step of HKDF using the specified hash function. ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ // Handle empty secret ++ if len(pseudorandomKey) == 0 { ++ return nil, errors.New("pseudorandom key cannot be empty") ++ } ++ ++ hash, err := hashToCryptoHash(h()) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Determine the maximum expandable key length based on the hash function ++ maxAllowedLength := hash.Size() * 255 ++ ++ // Validate requested key length ++ if keyLength > maxAllowedLength { ++ return nil, errors.New("requested key length exceeds maximum allowable size") ++ } ++ ++ swiftHash, err := cryptoHashToSwift(hash) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Allocate buffer for derived key ++ expandedKey := make([]byte, keyLength) ++ if len(expandedKey) == 0 { ++ // Nothing to do, and CryptoKit may error on zero-length output. ++ // We do need to validate the inputs for consistency, though. ++ return expandedKey, nil ++ } ++ ++ result := cryptokit.ExpandHKDF(swiftHash, pseudorandomKey, info, expandedKey) ++ if result != 0 { ++ return nil, errors.New("HKDF derivation failed") ++ } ++ ++ return expandedKey, nil ++} ++ ++func cryptoHashToSwift(hash crypto.Hash) (int32, error) { ++ switch hash { ++ case crypto.SHA1: ++ return 1, nil ++ case crypto.SHA256: ++ return 2, nil ++ case crypto.SHA384: ++ return 3, nil ++ case crypto.SHA512: ++ return 4, nil ++ default: ++ return 0, errors.New("unsupported hash function") ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go +new file mode 100644 +index 00000000000000..80a951f8ea1a2a +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go +@@ -0,0 +1,119 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "hash" ++ "runtime" ++ "slices" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++var _ hash.Hash = (*cryptoKitHMAC)(nil) ++var _ HashCloner = (*cryptoKitHMAC)(nil) ++ ++type cryptoKitHMAC struct { ++ ptr unsafe.Pointer ++ ++ kind int32 ++ key []byte ++ ++ blockSize int ++ size int ++} ++ ++// NewHMAC returns a new HMAC using xcrypto. ++// The function h must return a hash implemented by ++// CommonCrypto (for example, h could be xcrypto.NewSHA256). ++// If h is not recognized, NewHMAC returns nil. ++func NewHMAC(fh func() hash.Hash, key []byte) hash.Hash { ++ h := fh() ++ if h == nil { ++ return nil ++ } ++ ++ // copying the key here to ensure that it is not modified ++ // while this algorithm is using it. ++ key = slices.Clone(key) ++ kind := hashToHMACEnum(h) ++ if kind == 0 { ++ // The hash function is not supported by the HMAC implementation. ++ return nil ++ } ++ ++ hmac := &cryptoKitHMAC{ ++ ptr: cryptokit.InitHMAC(kind, key), ++ kind: kind, ++ key: key, ++ blockSize: h.BlockSize(), ++ size: h.Size(), ++ } ++ ++ runtime.SetFinalizer(hmac, func(h *cryptoKitHMAC) { ++ cryptokit.FreeHMAC(h.kind, h.ptr) ++ }) ++ ++ return hmac ++} ++ ++func (h *cryptoKitHMAC) Write(p []byte) (n int, err error) { ++ cryptokit.UpdateHMAC(h.kind, h.ptr, p) ++ runtime.KeepAlive(h) ++ ++ return len(p), nil ++} ++ ++func (h *cryptoKitHMAC) Sum(b []byte) []byte { ++ hashSlice := make([]byte, h.size, 64) // explicit cap to allow stack allocation ++ cryptokit.FinalizeHMAC(h.kind, h.ptr, hashSlice) ++ runtime.KeepAlive(h) ++ ++ b = append(b, hashSlice...) ++ ++ return b ++} ++ ++func (h *cryptoKitHMAC) Clone() (HashCloner, error) { ++ if h.ptr == nil { ++ panic("cryptokit: hash already finalized") ++ } ++ ++ hmac := &cryptoKitHMAC{ptr: cryptokit.CopyHMAC(h.kind, h.ptr), kind: h.kind, key: slices.Clone(h.key), blockSize: h.blockSize, size: h.size} ++ ++ runtime.KeepAlive(h) ++ ++ runtime.SetFinalizer(hmac, func(h *cryptoKitHMAC) { ++ cryptokit.FreeHMAC(h.kind, h.ptr) ++ }) ++ ++ return hmac, nil ++} ++ ++func (h *cryptoKitHMAC) Reset() { ++ cryptokit.FreeHMAC(h.kind, h.ptr) ++ ++ h.ptr = cryptokit.InitHMAC(h.kind, h.key) ++ runtime.KeepAlive(h) ++} ++ ++func (h *cryptoKitHMAC) Size() int { ++ return h.size ++} ++ ++func (h *cryptoKitHMAC) BlockSize() int { ++ return h.blockSize ++} ++ ++func hashToHMACEnum(h hash.Hash) int32 { ++ switch h := h.(type) { ++ case *Hash: ++ return h.alg.id ++ default: ++ return 0 ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mldsa.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mldsa.go +new file mode 100644 +index 00000000000000..136d81fe3c152e +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mldsa.go +@@ -0,0 +1,222 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "errors" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++const ( ++ // privateKeySizeMLDSA is the size of an ML-DSA private key seed. ++ privateKeySizeMLDSA = 32 ++ ++ // publicKeySizeMLDSA65 is the size of an ML-DSA-65 public key encoding. ++ publicKeySizeMLDSA65 = 1952 ++ ++ // publicKeySizeMLDSA87 is the size of an ML-DSA-87 public key encoding. ++ publicKeySizeMLDSA87 = 2592 ++ ++ // signatureSizeMLDSA65 is the size of an ML-DSA-65 signature. ++ signatureSizeMLDSA65 = 3309 ++ ++ // signatureSizeMLDSA87 is the size of an ML-DSA-87 signature. ++ signatureSizeMLDSA87 = 4627 ++) ++ ++// SupportsMLDSA returns true if the given ML-DSA parameter set is supported ++// on this platform. ++func SupportsMLDSA(params MLDSAParameters) bool { ++ switch params.publicKeySize { ++ case publicKeySizeMLDSA65, publicKeySizeMLDSA87: ++ return cryptokit.SupportsMLDSA() == 1 ++ default: ++ return false ++ } ++} ++ ++// MLDSAParameters represents one of the fixed ML-DSA parameter sets. ++type MLDSAParameters struct { ++ name string ++ publicKeySize int ++ signatureSize int ++ generateKey func(seed []uint8) int64 ++ derivePublic func(seed []uint8, publicKey []uint8) int64 ++ sign func(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 ++ verify func(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 ++ validatePub func(publicKey []uint8) int64 ++} ++ ++var ( ++ mldsa65 = MLDSAParameters{ ++ name: "ML-DSA-65", ++ publicKeySize: publicKeySizeMLDSA65, ++ signatureSize: signatureSizeMLDSA65, ++ generateKey: cryptokit.GenerateKeyMLDSA65, ++ derivePublic: cryptokit.DerivePublicKeyMLDSA65, ++ sign: cryptokit.SignMLDSA65, ++ verify: cryptokit.VerifyMLDSA65, ++ validatePub: cryptokit.ValidatePublicKeyMLDSA65, ++ } ++ mldsa87 = MLDSAParameters{ ++ name: "ML-DSA-87", ++ publicKeySize: publicKeySizeMLDSA87, ++ signatureSize: signatureSizeMLDSA87, ++ generateKey: cryptokit.GenerateKeyMLDSA87, ++ derivePublic: cryptokit.DerivePublicKeyMLDSA87, ++ sign: cryptokit.SignMLDSA87, ++ verify: cryptokit.VerifyMLDSA87, ++ validatePub: cryptokit.ValidatePublicKeyMLDSA87, ++ } ++) ++ ++// MLDSA65 returns the ML-DSA-65 parameter set. ++func MLDSA65() MLDSAParameters { return mldsa65 } ++ ++// MLDSA87 returns the ML-DSA-87 parameter set. ++func MLDSA87() MLDSAParameters { return mldsa87 } ++ ++func (params MLDSAParameters) valid() bool { ++ return params.generateKey != nil ++} ++ ++// PublicKeySize returns the size of public keys for this parameter set, in bytes. ++func (params MLDSAParameters) PublicKeySize() int { return params.publicKeySize } ++ ++// SignatureSize returns the size of signatures for this parameter set, in bytes. ++func (params MLDSAParameters) SignatureSize() int { return params.signatureSize } ++ ++// String returns the name of the parameter set. ++func (params MLDSAParameters) String() string { return params.name } ++ ++var errInvalidMLDSAParameters = errors.New("mldsa: invalid parameters") ++ ++// PrivateKeyMLDSA is an ML-DSA private key seed. ++type PrivateKeyMLDSA struct { ++ params MLDSAParameters ++ seed [privateKeySizeMLDSA]byte ++} ++ ++// GenerateKeyMLDSA generates a new ML-DSA private key. ++func GenerateKeyMLDSA(params MLDSAParameters) (*PrivateKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters ++ } ++ key := &PrivateKeyMLDSA{params: params} ++ if ret := params.generateKey(key.seed[:]); ret != 0 { ++ return nil, errors.New("mldsa: key generation failed") ++ } ++ return key, nil ++} ++ ++// NewPrivateKeyMLDSA constructs an ML-DSA private key from its seed. ++func NewPrivateKeyMLDSA(params MLDSAParameters, seed []byte) (*PrivateKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters ++ } ++ if len(seed) != privateKeySizeMLDSA { ++ return nil, errors.New("mldsa: invalid private key size") ++ } ++ key := &PrivateKeyMLDSA{params: params} ++ copy(key.seed[:], seed) ++ return key, nil ++} ++ ++// Bytes returns the private key seed. ++func (key *PrivateKeyMLDSA) Bytes() []byte { ++ return key.seed[:] ++} ++ ++// Parameters returns the parameters associated with this private key. ++func (key *PrivateKeyMLDSA) Parameters() MLDSAParameters { return key.params } ++ ++// PublicKey returns the corresponding public key. ++func (key *PrivateKeyMLDSA) PublicKey() *PublicKeyMLDSA { ++ publicKey := &PublicKeyMLDSA{params: key.params} ++ if ret := key.params.derivePublic(key.seed[:], publicKey.bytes[:key.params.publicKeySize]); ret != 0 { ++ panic("mldsa: failed to derive public key") ++ } ++ return publicKey ++} ++ ++// Sign signs message with context using ML-DSA. ++func (key *PrivateKeyMLDSA) Sign(message []byte, context string) ([]byte, error) { ++ if len(context) > 255 { ++ return nil, errors.New("mldsa: context too long") ++ } ++ signature := make([]byte, key.params.signatureSize) ++ sigLen := int64(key.params.signatureSize) ++ contextBytes := []byte(context) ++ if ret := key.params.sign(key.seed[:], message, contextBytes, signature, &sigLen); ret != 0 { ++ return nil, errors.New("mldsa: signing failed") ++ } ++ return signature[:sigLen], nil ++} ++ ++// SignExternalMu signs a pre-hashed mu message representative using ML-DSA. ++func (key *PrivateKeyMLDSA) SignExternalMu(mu []byte) ([]byte, error) { ++ if len(mu) != 64 { ++ return nil, errors.New("mldsa: invalid message hash length") ++ } ++ return nil, errors.New("mldsa: external mu not supported") ++} ++ ++// PublicKeyMLDSA is an ML-DSA public key. ++type PublicKeyMLDSA struct { ++ params MLDSAParameters ++ bytes [publicKeySizeMLDSA87]byte ++} ++ ++// NewPublicKeyMLDSA constructs an ML-DSA public key from its encoding. ++func NewPublicKeyMLDSA(params MLDSAParameters, publicKey []byte) (*PublicKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters ++ } ++ if len(publicKey) != params.publicKeySize { ++ return nil, errors.New("mldsa: invalid public key size") ++ } ++ if ret := params.validatePub(publicKey); ret != 0 { ++ return nil, errors.New("mldsa: invalid public key") ++ } ++ key := &PublicKeyMLDSA{params: params} ++ copy(key.bytes[:], publicKey) ++ return key, nil ++} ++ ++// Bytes returns the public key encoding. ++func (key *PublicKeyMLDSA) Bytes() []byte { ++ return key.bytes[:key.params.publicKeySize] ++} ++ ++// Parameters returns the parameters associated with this public key. ++func (key *PublicKeyMLDSA) Parameters() MLDSAParameters { return key.params } ++ ++// Verify verifies an ML-DSA signature. ++func (key *PublicKeyMLDSA) Verify(message, signature []byte, context string) error { ++ if len(signature) != key.params.signatureSize { ++ return errors.New("mldsa: invalid signature length") ++ } ++ if len(context) > 255 { ++ return errors.New("mldsa: context too long") ++ } ++ contextBytes := []byte(context) ++ if ret := key.params.verify(key.bytes[:key.params.publicKeySize], message, contextBytes, signature); ret != 0 { ++ return errors.New("mldsa: verification failed") ++ } ++ return nil ++} ++ ++// VerifyExternalMu verifies an ML-DSA signature over a pre-hashed mu message representative. ++func (key *PublicKeyMLDSA) VerifyExternalMu(mu, signature []byte) error { ++ if len(mu) != 64 { ++ return errors.New("mldsa: invalid message hash length") ++ } ++ if len(signature) != key.params.signatureSize { ++ return errors.New("mldsa: invalid signature length") ++ } ++ return errors.New("mldsa: external mu not supported") ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mlkem.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mlkem.go +new file mode 100644 +index 00000000000000..b5131703afdbcc +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mlkem.go +@@ -0,0 +1,261 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "errors" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++const ( ++ // sharedKeySizeMLKEM is the size of a shared key produced by ML-KEM. ++ sharedKeySizeMLKEM = 32 ++ ++ // seedSizeMLKEM is the size of a seed used to generate a decapsulation key. ++ seedSizeMLKEM = 64 ++ ++ // ciphertextSizeMLKEM768 is the size of a ciphertext produced by ML-KEM-768. ++ ciphertextSizeMLKEM768 = 1088 ++ ++ // encapsulationKeySizeMLKEM768 is the size of an ML-KEM-768 encapsulation key. ++ encapsulationKeySizeMLKEM768 = 1184 ++ ++ // ciphertextSizeMLKEM1024 is the size of a ciphertext produced by ML-KEM-1024. ++ ciphertextSizeMLKEM1024 = 1568 ++ ++ // encapsulationKeySizeMLKEM1024 is the size of an ML-KEM-1024 encapsulation key. ++ encapsulationKeySizeMLKEM1024 = 1568 ++) ++ ++// SupportsMLKEM returns true if ML-KEM is supported on this platform. ++func SupportsMLKEM() bool { ++ return cryptokit.SupportsMLKEM() == 1 ++} ++ ++// DecapsulationKeyMLKEM768 is the secret key used to decapsulate a shared key ++// from a ciphertext. It includes various precomputed values. ++type DecapsulationKeyMLKEM768 [seedSizeMLKEM]byte ++ ++// GenerateKeyMLKEM768 generates a new decapsulation key, drawing random bytes from ++// the default crypto/rand source. The decapsulation key must be kept secret. ++func GenerateKeyMLKEM768() (DecapsulationKeyMLKEM768, error) { ++ var dk DecapsulationKeyMLKEM768 ++ ret := cryptokit.GenerateKeyMLKEM768(dk[:]) ++ if ret != 0 { ++ return DecapsulationKeyMLKEM768{}, errors.New("mlkem: key generation failed") ++ } ++ return dk, nil ++} ++ ++// NewDecapsulationKeyMLKEM768 expands a decapsulation key from a 64-byte seed in the ++// "d || z" form. The seed must be uniformly random. ++func NewDecapsulationKeyMLKEM768(seed []byte) (DecapsulationKeyMLKEM768, error) { ++ if len(seed) != seedSizeMLKEM { ++ return DecapsulationKeyMLKEM768{}, errors.New("mlkem: invalid seed size") ++ } ++ ++ var dk DecapsulationKeyMLKEM768 ++ copy(dk[:], seed) ++ return dk, nil ++} ++ ++// Bytes returns the decapsulation key as a 64-byte seed in the "d || z" form. ++// ++// The decapsulation key must be kept secret. ++func (dk DecapsulationKeyMLKEM768) Bytes() []byte { ++ return dk[:] ++} ++ ++// Decapsulate generates a shared key from a ciphertext and a decapsulation ++// key. If the ciphertext is not valid, Decapsulate returns an error. ++// ++// The shared key must be kept secret. ++func (dk DecapsulationKeyMLKEM768) Decapsulate(ciphertext []byte) (sharedKey []byte, err error) { ++ if len(ciphertext) != ciphertextSizeMLKEM768 { ++ return nil, errors.New("mlkem: invalid ciphertext size") ++ } ++ ++ sharedKey = make([]byte, sharedKeySizeMLKEM) ++ ret := cryptokit.DecapsulateMLKEM768( ++ dk[:], ++ ciphertext, ++ sharedKey, ++ ) ++ ++ if ret != 0 { ++ return nil, errors.New("mlkem: decapsulation failed") ++ } ++ return sharedKey, nil ++} ++ ++// EncapsulationKey returns the public encapsulation key necessary to produce ++// ciphertexts. ++func (dk DecapsulationKeyMLKEM768) EncapsulationKey() EncapsulationKeyMLKEM768 { ++ var ek EncapsulationKeyMLKEM768 ++ ret := cryptokit.DeriveEncapsulationKeyMLKEM768( ++ dk[:], ++ ek[:], ++ ) ++ ++ if ret != 0 { ++ return EncapsulationKeyMLKEM768{} ++ } ++ return ek ++} ++ ++// An EncapsulationKeyMLKEM768 is the public key used to produce ciphertexts to be ++// decapsulated by the corresponding DecapsulationKeyMLKEM768. ++type EncapsulationKeyMLKEM768 [encapsulationKeySizeMLKEM768]byte ++ ++// NewEncapsulationKeyMLKEM768 parses an encapsulation key from its encoded form. If ++// the encapsulation key is not valid, NewEncapsulationKeyMLKEM768 returns an error. ++func NewEncapsulationKeyMLKEM768(encapsulationKey []byte) (EncapsulationKeyMLKEM768, error) { ++ if len(encapsulationKey) != encapsulationKeySizeMLKEM768 { ++ return EncapsulationKeyMLKEM768{}, errors.New("mlkem: invalid encapsulation key size") ++ } ++ ++ var ek EncapsulationKeyMLKEM768 ++ copy(ek[:], encapsulationKey) ++ return ek, nil ++} ++ ++// Bytes returns the encapsulation key as a byte slice. ++func (ek EncapsulationKeyMLKEM768) Bytes() []byte { ++ return ek[:] ++} ++ ++// Encapsulate generates a shared key and an associated ciphertext from an ++// encapsulation key, drawing random bytes from the default crypto/rand source. ++// ++// The shared key must be kept secret. ++func (ek EncapsulationKeyMLKEM768) Encapsulate() (sharedKey, ciphertext []byte) { ++ sharedKey = make([]byte, sharedKeySizeMLKEM) ++ ciphertext = make([]byte, ciphertextSizeMLKEM768) ++ ++ ret := cryptokit.EncapsulateMLKEM768( ++ ek[:], ++ sharedKey, ++ ciphertext, ++ ) ++ ++ if ret != 0 { ++ return nil, nil ++ } ++ return sharedKey, ciphertext ++} ++ ++// DecapsulationKeyMLKEM1024 is the secret key used to decapsulate a shared key ++// from a ciphertext. It includes various precomputed values. ++type DecapsulationKeyMLKEM1024 [seedSizeMLKEM]byte ++ ++// GenerateKeyMLKEM1024 generates a new decapsulation key, drawing random bytes from ++// the default crypto/rand source. The decapsulation key must be kept secret. ++func GenerateKeyMLKEM1024() (DecapsulationKeyMLKEM1024, error) { ++ var dk DecapsulationKeyMLKEM1024 ++ ret := cryptokit.GenerateKeyMLKEM1024(dk[:]) ++ if ret != 0 { ++ return DecapsulationKeyMLKEM1024{}, errors.New("mlkem: key generation failed") ++ } ++ return dk, nil ++} ++ ++// NewDecapsulationKeyMLKEM1024 expands a decapsulation key from a 64-byte seed in the ++// "d || z" form. The seed must be uniformly random. ++func NewDecapsulationKeyMLKEM1024(seed []byte) (DecapsulationKeyMLKEM1024, error) { ++ if len(seed) != seedSizeMLKEM { ++ return DecapsulationKeyMLKEM1024{}, errors.New("mlkem: invalid seed size") ++ } ++ ++ var dk DecapsulationKeyMLKEM1024 ++ copy(dk[:], seed) ++ return dk, nil ++} ++ ++// Bytes returns the decapsulation key as a 64-byte seed in the "d || z" form. ++// ++// The decapsulation key must be kept secret. ++func (dk DecapsulationKeyMLKEM1024) Bytes() []byte { ++ return dk[:] ++} ++ ++// Decapsulate generates a shared key from a ciphertext and a decapsulation ++// key. If the ciphertext is not valid, Decapsulate returns an error. ++// ++// The shared key must be kept secret. ++func (dk DecapsulationKeyMLKEM1024) Decapsulate(ciphertext []byte) (sharedKey []byte, err error) { ++ if len(ciphertext) != ciphertextSizeMLKEM1024 { ++ return nil, errors.New("mlkem: invalid ciphertext size") ++ } ++ ++ sharedKey = make([]byte, sharedKeySizeMLKEM) ++ ret := cryptokit.DecapsulateMLKEM1024( ++ dk[:], ++ ciphertext, ++ sharedKey, ++ ) ++ ++ if ret != 0 { ++ return nil, errors.New("mlkem: decapsulation failed") ++ } ++ return sharedKey, nil ++} ++ ++// EncapsulationKey returns the public encapsulation key necessary to produce ++// ciphertexts. ++func (dk DecapsulationKeyMLKEM1024) EncapsulationKey() EncapsulationKeyMLKEM1024 { ++ var ek EncapsulationKeyMLKEM1024 ++ ret := cryptokit.DeriveEncapsulationKeyMLKEM1024( ++ dk[:], ++ ek[:], ++ ) ++ ++ if ret != 0 { ++ return EncapsulationKeyMLKEM1024{} ++ } ++ return ek ++} ++ ++// An EncapsulationKeyMLKEM1024 is the public key used to produce ciphertexts to be ++// decapsulated by the corresponding DecapsulationKeyMLKEM1024. ++type EncapsulationKeyMLKEM1024 [encapsulationKeySizeMLKEM1024]byte ++ ++// NewEncapsulationKeyMLKEM1024 parses an encapsulation key from its encoded form. If ++// the encapsulation key is not valid, NewEncapsulationKeyMLKEM1024 returns an error. ++func NewEncapsulationKeyMLKEM1024(encapsulationKey []byte) (EncapsulationKeyMLKEM1024, error) { ++ if len(encapsulationKey) != encapsulationKeySizeMLKEM1024 { ++ return EncapsulationKeyMLKEM1024{}, errors.New("mlkem: invalid encapsulation key size") ++ } ++ ++ var ek EncapsulationKeyMLKEM1024 ++ copy(ek[:], encapsulationKey) ++ return ek, nil ++} ++ ++// Bytes returns the encapsulation key as a byte slice. ++func (ek EncapsulationKeyMLKEM1024) Bytes() []byte { ++ return ek[:] ++} ++ ++// Encapsulate generates a shared key and an associated ciphertext from an ++// encapsulation key, drawing random bytes from the default crypto/rand source. ++// ++// The shared key must be kept secret. ++func (ek EncapsulationKeyMLKEM1024) Encapsulate() (sharedKey, ciphertext []byte) { ++ sharedKey = make([]byte, sharedKeySizeMLKEM) ++ ciphertext = make([]byte, ciphertextSizeMLKEM1024) ++ ++ ret := cryptokit.EncapsulateMLKEM1024( ++ ek[:], ++ sharedKey, ++ ciphertext, ++ ) ++ ++ if ret != 0 { ++ return nil, nil ++ } ++ return sharedKey, ciphertext ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go +new file mode 100644 +index 00000000000000..b50fc17d0f8d66 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go +@@ -0,0 +1,76 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ "math" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/commoncrypto" ++) ++ ++func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { ++ // CommonCrypto's CCKeyDerivationPBKDF takes an unsigned 32-bit iteration ++ // count, so reject values that would overflow or wrap. In practice the ++ // recommended iteration count is around 300,000. ++ if iter <= 0 || iter > math.MaxUint32 { ++ return nil, errors.New("PBKDF2: invalid iteration count") ++ } ++ ++ // Map Go hash function to CommonCrypto hash constant ++ ccDigest, err := hashToCCDigestPBKDF2(fh()) ++ if err != nil { ++ return nil, err ++ } ++ ++ if len(password) == 0 { ++ // CommonCrypto requires a non-empty password ++ // Substitute empty password with placeholder ++ password = make([]byte, 1) ++ } ++ ++ // Allocate output buffer for the derived key ++ derivedKey := make([]byte, keyLen) ++ ++ // Call CommonCrypto's PBKDF2 implementation ++ status := commoncrypto.CCKeyDerivationPBKDF( ++ commoncrypto.KCCPBKDF2, // PBKDF2 algorithm ++ password, // Password ++ salt, // Salt ++ ccDigest, // Digest algorithm ++ uint32(iter), // Iteration count ++ derivedKey, // Output buffer for derived key ++ ) ++ ++ if status != commoncrypto.KCCSuccess { ++ return nil, errors.New("PBKDF2 key derivation failed") ++ } ++ ++ return derivedKey, nil ++} ++ ++// Mapping Go hash functions to CommonCrypto hash constants ++func hashToCCDigestPBKDF2(hash hash.Hash) (commoncrypto.CCPseudoRandomAlgorithm, error) { ++ switch h := hash.(type) { ++ case *Hash: ++ switch h.alg.ch { ++ case crypto.SHA1: ++ return commoncrypto.KCCPRFHmacAlgSHA1, nil ++ case crypto.SHA256: ++ return commoncrypto.KCCPRFHmacAlgSHA256, nil ++ case crypto.SHA384: ++ return commoncrypto.KCCPRFHmacAlgSHA384, nil ++ case crypto.SHA512: ++ return commoncrypto.KCCPRFHmacAlgSHA512, nil ++ default: ++ return 0, errors.New("unsupported hash function") ++ } ++ default: ++ return 0, errors.New("unsupported hash function") ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go +new file mode 100644 +index 00000000000000..f8fc6ab81a3eb8 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go +@@ -0,0 +1,28 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "errors" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/security" ++) ++ ++type randReader int ++ ++func (randReader) Read(b []byte) (int, error) { ++ // Note: RAND_bytes should never fail; the return value exists only for historical reasons. ++ // We check it even so. ++ if len(b) == 0 { ++ return 0, nil ++ } ++ if security.SecRandomCopyBytes(security.KSecRandomDefault, b) != 0 { ++ return 0, errors.New("crypto/rand: unable to read from source") ++ } ++ return len(b), nil ++} ++ ++const RandReader = randReader(0) +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go +new file mode 100644 +index 00000000000000..01258b7f65a263 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go +@@ -0,0 +1,81 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "errors" ++ "runtime" ++ "slices" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/commoncrypto" ++) ++ ++// RC4Cipher is an instance of RC4 using a particular key. ++type RC4Cipher struct { ++ ctx commoncrypto.CCCryptorRef ++} ++ ++// NewRC4Cipher creates and returns a new RC4 cipher with the given key. ++func NewRC4Cipher(key []byte) (*RC4Cipher, error) { ++ // Clone the key to prevent modification. ++ key = slices.Clone(key) ++ var ctx commoncrypto.CCCryptorRef ++ status := commoncrypto.CCCryptorCreate( ++ commoncrypto.KCCEncrypt, // Operation (RC4 stream) ++ commoncrypto.KCCAlgorithmRC4, // Algorithm ++ 0, // No padding or other options ++ key, // Key ++ nil, // No IV needed for RC4 ++ &ctx, // Output: CCCryptorRef ++ ) ++ if status != commoncrypto.KCCSuccess { ++ return nil, errors.New("failed to create RC4 cipher") ++ } ++ c := &RC4Cipher{ctx: ctx} ++ runtime.SetFinalizer(c, (*RC4Cipher).finalize) ++ return c, nil ++} ++ ++// finalize releases the RC4 cipher context when no longer needed. ++func (c *RC4Cipher) finalize() { ++ if c.ctx != nil { ++ commoncrypto.CCCryptorRelease(c.ctx) ++ } ++} ++ ++// Reset zeros the key data and makes the cipher unusable. ++func (c *RC4Cipher) Reset() { ++ if c.ctx != nil { ++ commoncrypto.CCCryptorRelease(c.ctx) ++ c.ctx = nil ++ } ++} ++ ++// XORKeyStream sets dst to the result of XORing src with the key stream. ++func (c *RC4Cipher) XORKeyStream(dst, src []byte) { ++ if c.ctx == nil || len(src) == 0 { ++ return ++ } ++ if inexactOverlap(dst[:len(src)], src) { ++ panic("crypto/rc4: invalid buffer overlap") ++ } ++ // Ensures `dst` has sufficient space. ++ _ = dst[len(src)-1] ++ var outLen int ++ status := commoncrypto.CCCryptorUpdate( ++ c.ctx, ++ src, // Input ++ dst, // Output ++ &outLen, ++ ) ++ if status != commoncrypto.KCCSuccess { ++ panic("crypto/cipher: CCCryptorUpdate failed") ++ } ++ if int(outLen) != len(src) { ++ panic("crypto/rc4: src not fully XORed") ++ } ++ runtime.KeepAlive(c) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go +new file mode 100644 +index 00000000000000..8e25affa681753 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go +@@ -0,0 +1,208 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ "runtime" ++ "strconv" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/security" ++) ++ ++// GenerateKeyRSA generates an RSA key pair on macOS. ++// asn1Data is encoded as PKCS#1 ASN1 DER. ++func GenerateKeyRSA(bits int) (asn1Data []byte, err error) { ++ privKeyDER, privKeyRef, err := createSecKeyRandom(security.KSecAttrKeyTypeRSA, bits) ++ if err != nil { ++ return nil, err ++ } ++ security.CFRelease(security.CFTypeRef(privKeyRef)) ++ return privKeyDER, nil ++} ++ ++type PublicKeyRSA struct { ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey security.SecKeyRef ++} ++ ++func (k *PublicKeyRSA) finalize() { ++ if k._pkey != nil { ++ security.CFRelease(security.CFTypeRef(k._pkey)) ++ } ++} ++ ++// NewPublicKeyRSA creates a new RSA public key from ASN1 DER encoded data. ++func NewPublicKeyRSA(asn1Data []byte) (*PublicKeyRSA, error) { ++ pubKeyRef, err := createSecKeyWithData(asn1Data, security.KSecAttrKeyTypeRSA, security.KSecAttrKeyClassPublic) ++ if err != nil { ++ return nil, err ++ } ++ ++ key := &PublicKeyRSA{_pkey: pubKeyRef} ++ runtime.SetFinalizer(key, (*PublicKeyRSA).finalize) ++ return key, nil ++} ++ ++func (k *PublicKeyRSA) withKey(f func(security.SecKeyRef) error) error { ++ // Because of the finalizer, any time key is passed to cgo, that call must ++ // be followed by a call to runtime.KeepAlive, to make sure k is not ++ // collected (and finalized) before the cgo call returns. ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++type PrivateKeyRSA struct { ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey security.SecKeyRef ++} ++ ++func (k *PrivateKeyRSA) finalize() { ++ if k._pkey != nil { ++ security.CFRelease(security.CFTypeRef(k._pkey)) ++ } ++} ++ ++// NewPrivateKeyRSA creates a new RSA private key from ASN1 DER encoded data. ++func NewPrivateKeyRSA(asn1Data []byte) (*PrivateKeyRSA, error) { ++ privKeyRef, err := createSecKeyWithData(asn1Data, security.KSecAttrKeyTypeRSA, security.KSecAttrKeyClassPrivate) ++ if err != nil { ++ return nil, err ++ } ++ ++ key := &PrivateKeyRSA{_pkey: privKeyRef} ++ runtime.SetFinalizer(key, (*PrivateKeyRSA).finalize) ++ return key, nil ++} ++ ++func (k *PrivateKeyRSA) PublicKey() *PublicKeyRSA { ++ var pubKeyRef security.SecKeyRef ++ k.withKey(func(key security.SecKeyRef) error { ++ pubKeyRef = security.SecKeyCopyPublicKey(k._pkey) ++ return nil ++ }) ++ pubKey := &PublicKeyRSA{_pkey: pubKeyRef} ++ runtime.SetFinalizer(pubKey, (*PublicKeyRSA).finalize) ++ return pubKey ++} ++ ++func (k *PrivateKeyRSA) withKey(f func(security.SecKeyRef) error) error { ++ // Because of the finalizer, any time _pkey is passed to cgo, that call must ++ // be followed by a call to runtime.KeepAlive, to make sure k is not ++ // collected (and finalized) before the cgo call returns. ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++// DecryptRSAOAEP decrypts data using RSA-OAEP. ++func DecryptRSAOAEP(h hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { ++ if len(label) > 0 { ++ // https://github.com/microsoft/go-crypto-darwin/issues/22 ++ panic("crypto/rsa: label is not supported on macOS") ++ } ++ return evpDecrypt(priv.withKey, algorithmTypeOAEP, ciphertext, h) ++} ++ ++// EncryptRSAOAEP encrypts data using RSA-OAEP. ++func EncryptRSAOAEP(h hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) { ++ if len(label) > 0 { ++ // https://github.com/microsoft/go-crypto-darwin/issues/22 ++ panic("crypto/rsa: label is not supported on macOS") ++ } ++ return evpEncrypt(pub.withKey, algorithmTypeOAEP, msg, h) ++} ++ ++// SignRSAPSS signs data with RSA-PSS. ++func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { ++ return evpSign(priv.withKey, algorithmTypePSS, h, hashed) ++} ++ ++// VerifyRSAPSS verifies data with RSA-PSS. ++func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { ++ return evpVerify(pub.withKey, algorithmTypePSS, h, hashed, sig) ++} ++ ++func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { ++ return evpSign(priv.withKey, algorithmTypePKCS1v15Sig, h, hashed) ++} ++ ++func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { ++ if pub.withKey(func(key security.SecKeyRef) error { ++ size := security.SecKeyGetBlockSize(key) ++ if len(sig) < int(size) { ++ return errors.New("crypto/rsa: signature too short") ++ } ++ return nil ++ }) != nil { ++ return errors.New("crypto/rsa: verification error") ++ } ++ return evpVerify(pub.withKey, algorithmTypePKCS1v15Sig, h, hashed, sig) ++} ++ ++// DecryptRSAPKCS1 decrypts data using RSA PKCS#1 v1.5 padding. ++func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return evpDecrypt(priv.withKey, algorithmTypePKCS1v15Enc, ciphertext, nil) ++} ++ ++// EncryptRSAPKCS1 encrypts data using RSA PKCS#1 v1.5 padding. ++func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) { ++ return evpEncrypt(pub.withKey, algorithmTypePKCS1v15Enc, msg, nil) ++} ++ ++func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return evpDecrypt(priv.withKey, algorithmTypeRAW, ciphertext, nil) ++} ++ ++func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) { ++ return evpEncrypt(pub.withKey, algorithmTypeRAW, msg, nil) ++} ++ ++// Helper functions ++ ++type cfError struct { ++ code int ++ message string ++} ++ ++func (e *cfError) Error() string { ++ if e.message == "" { ++ return "CFError(" + strconv.Itoa(e.code) + "): unknown error" ++ } ++ return "CFError(" + strconv.Itoa(e.code) + "): " + e.message ++} ++ ++func goCFErrorRef(ref security.CFErrorRef) error { ++ if ref == nil { ++ return nil ++ } ++ var message string ++ if desc := security.CFErrorCopyDescription(ref); desc != nil { ++ defer security.CFRelease(security.CFTypeRef(desc)) ++ if cstr := security.CFStringGetCStringPtr(desc, security.KCFStringEncodingUTF8); cstr != nil { ++ message = string(cstrBytes(cstr)) ++ } ++ } ++ return &cfError{ ++ code: int(security.CFErrorGetCode(ref)), ++ message: message, ++ } ++} ++ ++// cstrBytes returns a byte slice containing the contents of the C string ++// pointed to by p. The slice does not include the terminating null byte. ++func cstrBytes(p *byte) []byte { ++ if p == nil { ++ return nil ++ } ++ end := unsafe.Pointer(p) ++ for *(*byte)(end) != 0 { ++ end = unsafe.Add(end, 1) ++ } ++ return unsafe.Slice((*byte)(unsafe.Pointer(p)), uintptr(end)-uintptr(unsafe.Pointer(p))) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/LICENSE b/src/vendor/github.com/microsoft/go-crypto-openssl/LICENSE +new file mode 100644 +index 00000000000000..48ea6616b5b858 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/LICENSE +@@ -0,0 +1,21 @@ ++MIT License ++ ++Copyright (c) Microsoft Corporation. ++ ++Permission is hereby granted, free of charge, to any person obtaining a copy ++of this software and associated documentation files (the "Software"), to deal ++in the Software without restriction, including without limitation the rights ++to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++copies of the Software, and to permit persons to whom the Software is ++furnished to do so, subject to the following conditions: ++ ++The above copyright notice and this permission notice shall be included in all ++copies or substantial portions of the Software. ++ ++THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++SOFTWARE +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/bbig/big.go b/src/vendor/github.com/microsoft/go-crypto-openssl/bbig/big.go +new file mode 100644 +index 00000000000000..32ce383bd966c2 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/bbig/big.go +@@ -0,0 +1,40 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Copyright 2022 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This is a mirror of ++// https://github.com/golang/go/blob/36b87f273cc43e21685179dc1664ebb5493d26ae/src/crypto/internal/boring/bbig/big.go. ++ ++package bbig ++ ++import ( ++ "math/big" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/openssl" ++) ++ ++func Enc(b *big.Int) openssl.BigInt { ++ if b == nil { ++ return nil ++ } ++ x := b.Bits() ++ if len(x) == 0 { ++ return openssl.BigInt{} ++ } ++ return unsafe.Slice((*uint)(&x[0]), len(x)) ++} ++ ++func Dec(b openssl.BigInt) *big.Int { ++ if b == nil { ++ return nil ++ } ++ if len(b) == 0 { ++ return new(big.Int) ++ } ++ x := unsafe.Slice((*big.Word)(&b[0]), len(b)) ++ return new(big.Int).SetBits(x) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_amd64.h b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_amd64.h +new file mode 100644 +index 00000000000000..9949435fe9e0ae +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_amd64.h +@@ -0,0 +1,99 @@ ++// Copyright 2021 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// Macros for transitioning from the host ABI to Go ABI0. ++// ++// These save the frame pointer, so in general, functions that use ++// these should have zero frame size to suppress the automatic frame ++// pointer, though it's harmless to not do this. ++ ++#ifdef GOOS_windows ++ ++// REGS_HOST_TO_ABI0_STACK is the stack bytes used by ++// PUSH_REGS_HOST_TO_ABI0. ++#define REGS_HOST_TO_ABI0_STACK (28*8 + 8) ++ ++// PUSH_REGS_HOST_TO_ABI0 prepares for transitioning from ++// the host ABI to Go ABI0 code. It saves all registers that are ++// callee-save in the host ABI and caller-save in Go ABI0 and prepares ++// for entry to Go. ++// ++// Save DI SI BP BX R12 R13 R14 R15 X6-X15 registers and the DF flag. ++// Clear the DF flag for the Go ABI. ++// MXCSR matches the Go ABI, so we don't have to set that, ++// and Go doesn't modify it, so we don't have to save it. ++#define PUSH_REGS_HOST_TO_ABI0() \ ++ PUSHFQ \ ++ CLD \ ++ ADJSP $(REGS_HOST_TO_ABI0_STACK - 8) \ ++ MOVQ DI, (0*0)(SP) \ ++ MOVQ SI, (1*8)(SP) \ ++ MOVQ BP, (2*8)(SP) \ ++ MOVQ BX, (3*8)(SP) \ ++ MOVQ R12, (4*8)(SP) \ ++ MOVQ R13, (5*8)(SP) \ ++ MOVQ R14, (6*8)(SP) \ ++ MOVQ R15, (7*8)(SP) \ ++ MOVUPS X6, (8*8)(SP) \ ++ MOVUPS X7, (10*8)(SP) \ ++ MOVUPS X8, (12*8)(SP) \ ++ MOVUPS X9, (14*8)(SP) \ ++ MOVUPS X10, (16*8)(SP) \ ++ MOVUPS X11, (18*8)(SP) \ ++ MOVUPS X12, (20*8)(SP) \ ++ MOVUPS X13, (22*8)(SP) \ ++ MOVUPS X14, (24*8)(SP) \ ++ MOVUPS X15, (26*8)(SP) ++ ++#define POP_REGS_HOST_TO_ABI0() \ ++ MOVQ (0*0)(SP), DI \ ++ MOVQ (1*8)(SP), SI \ ++ MOVQ (2*8)(SP), BP \ ++ MOVQ (3*8)(SP), BX \ ++ MOVQ (4*8)(SP), R12 \ ++ MOVQ (5*8)(SP), R13 \ ++ MOVQ (6*8)(SP), R14 \ ++ MOVQ (7*8)(SP), R15 \ ++ MOVUPS (8*8)(SP), X6 \ ++ MOVUPS (10*8)(SP), X7 \ ++ MOVUPS (12*8)(SP), X8 \ ++ MOVUPS (14*8)(SP), X9 \ ++ MOVUPS (16*8)(SP), X10 \ ++ MOVUPS (18*8)(SP), X11 \ ++ MOVUPS (20*8)(SP), X12 \ ++ MOVUPS (22*8)(SP), X13 \ ++ MOVUPS (24*8)(SP), X14 \ ++ MOVUPS (26*8)(SP), X15 \ ++ ADJSP $-(REGS_HOST_TO_ABI0_STACK - 8) \ ++ POPFQ ++ ++#else ++// SysV ABI ++ ++#define REGS_HOST_TO_ABI0_STACK (6*8) ++ ++// SysV MXCSR matches the Go ABI, so we don't have to set that, ++// and Go doesn't modify it, so we don't have to save it. ++// Both SysV and Go require DF to be cleared, so that's already clear. ++// The SysV and Go frame pointer conventions are compatible. ++#define PUSH_REGS_HOST_TO_ABI0() \ ++ ADJSP $(REGS_HOST_TO_ABI0_STACK) \ ++ MOVQ BP, (5*8)(SP) \ ++ LEAQ (5*8)(SP), BP \ ++ MOVQ BX, (0*8)(SP) \ ++ MOVQ R12, (1*8)(SP) \ ++ MOVQ R13, (2*8)(SP) \ ++ MOVQ R14, (3*8)(SP) \ ++ MOVQ R15, (4*8)(SP) ++ ++#define POP_REGS_HOST_TO_ABI0() \ ++ MOVQ (0*8)(SP), BX \ ++ MOVQ (1*8)(SP), R12 \ ++ MOVQ (2*8)(SP), R13 \ ++ MOVQ (3*8)(SP), R14 \ ++ MOVQ (4*8)(SP), R15 \ ++ MOVQ (5*8)(SP), BP \ ++ ADJSP $-(REGS_HOST_TO_ABI0_STACK) ++ ++#endif +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_arm64.h b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_arm64.h +new file mode 100644 +index 00000000000000..5d5061ec1dbf8c +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_arm64.h +@@ -0,0 +1,39 @@ ++// Copyright 2021 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// Macros for transitioning from the host ABI to Go ABI0. ++// ++// These macros save and restore the callee-saved registers ++// from the stack, but they don't adjust stack pointer, so ++// the user should prepare stack space in advance. ++// SAVE_R19_TO_R28(offset) saves R19 ~ R28 to the stack space ++// of ((offset)+0*8)(RSP) ~ ((offset)+9*8)(RSP). ++// ++// SAVE_F8_TO_F15(offset) saves F8 ~ F15 to the stack space ++// of ((offset)+0*8)(RSP) ~ ((offset)+7*8)(RSP). ++// ++// R29 is not saved because Go will save and restore it. ++ ++#define SAVE_R19_TO_R28(offset) \ ++ STP (R19, R20), ((offset)+0*8)(RSP) \ ++ STP (R21, R22), ((offset)+2*8)(RSP) \ ++ STP (R23, R24), ((offset)+4*8)(RSP) \ ++ STP (R25, R26), ((offset)+6*8)(RSP) \ ++ STP (R27, g), ((offset)+8*8)(RSP) ++#define RESTORE_R19_TO_R28(offset) \ ++ LDP ((offset)+0*8)(RSP), (R19, R20) \ ++ LDP ((offset)+2*8)(RSP), (R21, R22) \ ++ LDP ((offset)+4*8)(RSP), (R23, R24) \ ++ LDP ((offset)+6*8)(RSP), (R25, R26) \ ++ LDP ((offset)+8*8)(RSP), (R27, g) /* R28 */ ++#define SAVE_F8_TO_F15(offset) \ ++ FSTPD (F8, F9), ((offset)+0*8)(RSP) \ ++ FSTPD (F10, F11), ((offset)+2*8)(RSP) \ ++ FSTPD (F12, F13), ((offset)+4*8)(RSP) \ ++ FSTPD (F14, F15), ((offset)+6*8)(RSP) ++#define RESTORE_F8_TO_F15(offset) \ ++ FLDPD ((offset)+0*8)(RSP), (F8, F9) \ ++ FLDPD ((offset)+2*8)(RSP), (F10, F11) \ ++ FLDPD ((offset)+4*8)(RSP), (F12, F13) \ ++ FLDPD ((offset)+6*8)(RSP), (F14, F15) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_loong64.h b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_loong64.h +new file mode 100644 +index 00000000000000..b10d83732f1c6e +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_loong64.h +@@ -0,0 +1,60 @@ ++// Copyright 2022 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// Macros for transitioning from the host ABI to Go ABI0. ++// ++// These macros save and restore the callee-saved registers ++// from the stack, but they don't adjust stack pointer, so ++// the user should prepare stack space in advance. ++// SAVE_R22_TO_R31(offset) saves R22 ~ R31 to the stack space ++// of ((offset)+0*8)(R3) ~ ((offset)+9*8)(R3). ++// ++// SAVE_F24_TO_F31(offset) saves F24 ~ F31 to the stack space ++// of ((offset)+0*8)(R3) ~ ((offset)+7*8)(R3). ++// ++// Note: g is R22 ++ ++#define SAVE_R22_TO_R31(offset) \ ++ MOVV g, ((offset)+(0*8))(R3) \ ++ MOVV R23, ((offset)+(1*8))(R3) \ ++ MOVV R24, ((offset)+(2*8))(R3) \ ++ MOVV R25, ((offset)+(3*8))(R3) \ ++ MOVV R26, ((offset)+(4*8))(R3) \ ++ MOVV R27, ((offset)+(5*8))(R3) \ ++ MOVV R28, ((offset)+(6*8))(R3) \ ++ MOVV R29, ((offset)+(7*8))(R3) \ ++ MOVV R30, ((offset)+(8*8))(R3) \ ++ MOVV R31, ((offset)+(9*8))(R3) ++ ++#define SAVE_F24_TO_F31(offset) \ ++ MOVD F24, ((offset)+(0*8))(R3) \ ++ MOVD F25, ((offset)+(1*8))(R3) \ ++ MOVD F26, ((offset)+(2*8))(R3) \ ++ MOVD F27, ((offset)+(3*8))(R3) \ ++ MOVD F28, ((offset)+(4*8))(R3) \ ++ MOVD F29, ((offset)+(5*8))(R3) \ ++ MOVD F30, ((offset)+(6*8))(R3) \ ++ MOVD F31, ((offset)+(7*8))(R3) ++ ++#define RESTORE_R22_TO_R31(offset) \ ++ MOVV ((offset)+(0*8))(R3), g \ ++ MOVV ((offset)+(1*8))(R3), R23 \ ++ MOVV ((offset)+(2*8))(R3), R24 \ ++ MOVV ((offset)+(3*8))(R3), R25 \ ++ MOVV ((offset)+(4*8))(R3), R26 \ ++ MOVV ((offset)+(5*8))(R3), R27 \ ++ MOVV ((offset)+(6*8))(R3), R28 \ ++ MOVV ((offset)+(7*8))(R3), R29 \ ++ MOVV ((offset)+(8*8))(R3), R30 \ ++ MOVV ((offset)+(9*8))(R3), R31 ++ ++#define RESTORE_F24_TO_F31(offset) \ ++ MOVD ((offset)+(0*8))(R3), F24 \ ++ MOVD ((offset)+(1*8))(R3), F25 \ ++ MOVD ((offset)+(2*8))(R3), F26 \ ++ MOVD ((offset)+(3*8))(R3), F27 \ ++ MOVD ((offset)+(4*8))(R3), F28 \ ++ MOVD ((offset)+(5*8))(R3), F29 \ ++ MOVD ((offset)+(6*8))(R3), F30 \ ++ MOVD ((offset)+(7*8))(R3), F31 +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_ppc64x.h b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_ppc64x.h +new file mode 100644 +index 00000000000000..245a5266f6e9fa +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_ppc64x.h +@@ -0,0 +1,195 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// Macros for transitioning from the host ABI to Go ABI ++// ++// On PPC64/ELFv2 targets, the following registers are callee ++// saved when called from C. They must be preserved before ++// calling into Go which does not preserve any of them. ++// ++// R14-R31 ++// CR2-4 ++// VR20-31 ++// F14-F31 ++// ++// xcoff(aix) and ELFv1 are similar, but may only require a ++// subset of these. ++// ++// These macros assume a 16 byte aligned stack pointer. This ++// is required by ELFv1, ELFv2, and AIX PPC64. ++ ++#define SAVE_GPR_SIZE (18*8) ++#define SAVE_GPR(offset) \ ++ MOVD R14, (offset+8*0)(R1) \ ++ MOVD R15, (offset+8*1)(R1) \ ++ MOVD R16, (offset+8*2)(R1) \ ++ MOVD R17, (offset+8*3)(R1) \ ++ MOVD R18, (offset+8*4)(R1) \ ++ MOVD R19, (offset+8*5)(R1) \ ++ MOVD R20, (offset+8*6)(R1) \ ++ MOVD R21, (offset+8*7)(R1) \ ++ MOVD R22, (offset+8*8)(R1) \ ++ MOVD R23, (offset+8*9)(R1) \ ++ MOVD R24, (offset+8*10)(R1) \ ++ MOVD R25, (offset+8*11)(R1) \ ++ MOVD R26, (offset+8*12)(R1) \ ++ MOVD R27, (offset+8*13)(R1) \ ++ MOVD R28, (offset+8*14)(R1) \ ++ MOVD R29, (offset+8*15)(R1) \ ++ MOVD g, (offset+8*16)(R1) \ ++ MOVD R31, (offset+8*17)(R1) ++ ++#define RESTORE_GPR(offset) \ ++ MOVD (offset+8*0)(R1), R14 \ ++ MOVD (offset+8*1)(R1), R15 \ ++ MOVD (offset+8*2)(R1), R16 \ ++ MOVD (offset+8*3)(R1), R17 \ ++ MOVD (offset+8*4)(R1), R18 \ ++ MOVD (offset+8*5)(R1), R19 \ ++ MOVD (offset+8*6)(R1), R20 \ ++ MOVD (offset+8*7)(R1), R21 \ ++ MOVD (offset+8*8)(R1), R22 \ ++ MOVD (offset+8*9)(R1), R23 \ ++ MOVD (offset+8*10)(R1), R24 \ ++ MOVD (offset+8*11)(R1), R25 \ ++ MOVD (offset+8*12)(R1), R26 \ ++ MOVD (offset+8*13)(R1), R27 \ ++ MOVD (offset+8*14)(R1), R28 \ ++ MOVD (offset+8*15)(R1), R29 \ ++ MOVD (offset+8*16)(R1), g \ ++ MOVD (offset+8*17)(R1), R31 ++ ++#define SAVE_FPR_SIZE (18*8) ++#define SAVE_FPR(offset) \ ++ FMOVD F14, (offset+8*0)(R1) \ ++ FMOVD F15, (offset+8*1)(R1) \ ++ FMOVD F16, (offset+8*2)(R1) \ ++ FMOVD F17, (offset+8*3)(R1) \ ++ FMOVD F18, (offset+8*4)(R1) \ ++ FMOVD F19, (offset+8*5)(R1) \ ++ FMOVD F20, (offset+8*6)(R1) \ ++ FMOVD F21, (offset+8*7)(R1) \ ++ FMOVD F22, (offset+8*8)(R1) \ ++ FMOVD F23, (offset+8*9)(R1) \ ++ FMOVD F24, (offset+8*10)(R1) \ ++ FMOVD F25, (offset+8*11)(R1) \ ++ FMOVD F26, (offset+8*12)(R1) \ ++ FMOVD F27, (offset+8*13)(R1) \ ++ FMOVD F28, (offset+8*14)(R1) \ ++ FMOVD F29, (offset+8*15)(R1) \ ++ FMOVD F30, (offset+8*16)(R1) \ ++ FMOVD F31, (offset+8*17)(R1) ++ ++#define RESTORE_FPR(offset) \ ++ FMOVD (offset+8*0)(R1), F14 \ ++ FMOVD (offset+8*1)(R1), F15 \ ++ FMOVD (offset+8*2)(R1), F16 \ ++ FMOVD (offset+8*3)(R1), F17 \ ++ FMOVD (offset+8*4)(R1), F18 \ ++ FMOVD (offset+8*5)(R1), F19 \ ++ FMOVD (offset+8*6)(R1), F20 \ ++ FMOVD (offset+8*7)(R1), F21 \ ++ FMOVD (offset+8*8)(R1), F22 \ ++ FMOVD (offset+8*9)(R1), F23 \ ++ FMOVD (offset+8*10)(R1), F24 \ ++ FMOVD (offset+8*11)(R1), F25 \ ++ FMOVD (offset+8*12)(R1), F26 \ ++ FMOVD (offset+8*13)(R1), F27 \ ++ FMOVD (offset+8*14)(R1), F28 \ ++ FMOVD (offset+8*15)(R1), F29 \ ++ FMOVD (offset+8*16)(R1), F30 \ ++ FMOVD (offset+8*17)(R1), F31 ++ ++// Save and restore VR20-31 (aka VSR56-63). These ++// macros must point to a 16B aligned offset. ++#define SAVE_VR_SIZE (12*16) ++#define SAVE_VR(offset, rtmp) \ ++ MOVD $(offset+16*0), rtmp \ ++ STVX V20, (rtmp)(R1) \ ++ MOVD $(offset+16*1), rtmp \ ++ STVX V21, (rtmp)(R1) \ ++ MOVD $(offset+16*2), rtmp \ ++ STVX V22, (rtmp)(R1) \ ++ MOVD $(offset+16*3), rtmp \ ++ STVX V23, (rtmp)(R1) \ ++ MOVD $(offset+16*4), rtmp \ ++ STVX V24, (rtmp)(R1) \ ++ MOVD $(offset+16*5), rtmp \ ++ STVX V25, (rtmp)(R1) \ ++ MOVD $(offset+16*6), rtmp \ ++ STVX V26, (rtmp)(R1) \ ++ MOVD $(offset+16*7), rtmp \ ++ STVX V27, (rtmp)(R1) \ ++ MOVD $(offset+16*8), rtmp \ ++ STVX V28, (rtmp)(R1) \ ++ MOVD $(offset+16*9), rtmp \ ++ STVX V29, (rtmp)(R1) \ ++ MOVD $(offset+16*10), rtmp \ ++ STVX V30, (rtmp)(R1) \ ++ MOVD $(offset+16*11), rtmp \ ++ STVX V31, (rtmp)(R1) ++ ++#define RESTORE_VR(offset, rtmp) \ ++ MOVD $(offset+16*0), rtmp \ ++ LVX (rtmp)(R1), V20 \ ++ MOVD $(offset+16*1), rtmp \ ++ LVX (rtmp)(R1), V21 \ ++ MOVD $(offset+16*2), rtmp \ ++ LVX (rtmp)(R1), V22 \ ++ MOVD $(offset+16*3), rtmp \ ++ LVX (rtmp)(R1), V23 \ ++ MOVD $(offset+16*4), rtmp \ ++ LVX (rtmp)(R1), V24 \ ++ MOVD $(offset+16*5), rtmp \ ++ LVX (rtmp)(R1), V25 \ ++ MOVD $(offset+16*6), rtmp \ ++ LVX (rtmp)(R1), V26 \ ++ MOVD $(offset+16*7), rtmp \ ++ LVX (rtmp)(R1), V27 \ ++ MOVD $(offset+16*8), rtmp \ ++ LVX (rtmp)(R1), V28 \ ++ MOVD $(offset+16*9), rtmp \ ++ LVX (rtmp)(R1), V29 \ ++ MOVD $(offset+16*10), rtmp \ ++ LVX (rtmp)(R1), V30 \ ++ MOVD $(offset+16*11), rtmp \ ++ LVX (rtmp)(R1), V31 ++ ++// LR and CR are saved in the caller's frame. The callee must ++// make space for all other callee-save registers. ++#define SAVE_ALL_REG_SIZE (SAVE_GPR_SIZE+SAVE_FPR_SIZE+SAVE_VR_SIZE) ++ ++// Stack a frame and save all callee-save registers following the ++// host OS's ABI. Fortunately, this is identical for AIX, ELFv1, and ++// ELFv2. All host ABIs require the stack pointer to maintain 16 byte ++// alignment, and save the callee-save registers in the same places. ++// ++// To restate, R1 is assumed to be aligned when this macro is used. ++// This assumes the caller's frame is compliant with the host ABI. ++// CR and LR are saved into the caller's frame per the host ABI. ++// R0 is initialized to $0 as expected by Go. ++#define STACK_AND_SAVE_HOST_TO_GO_ABI(extra) \ ++ MOVD LR, R0 \ ++ MOVD R0, 16(R1) \ ++ MOVW CR, R0 \ ++ MOVD R0, 8(R1) \ ++ MOVDU R1, -(extra)-FIXED_FRAME-SAVE_ALL_REG_SIZE(R1) \ ++ SAVE_GPR(extra+FIXED_FRAME) \ ++ SAVE_FPR(extra+FIXED_FRAME+SAVE_GPR_SIZE) \ ++ SAVE_VR(extra+FIXED_FRAME+SAVE_GPR_SIZE+SAVE_FPR_SIZE, R0) \ ++ MOVD $0, R0 ++ ++// This unstacks the frame, restoring all callee-save registers ++// as saved by STACK_AND_SAVE_HOST_TO_GO_ABI. ++// ++// R0 is not guaranteed to contain $0 after this macro. ++#define UNSTACK_AND_RESTORE_GO_TO_HOST_ABI(extra) \ ++ RESTORE_GPR(extra+FIXED_FRAME) \ ++ RESTORE_FPR(extra+FIXED_FRAME+SAVE_GPR_SIZE) \ ++ RESTORE_VR(extra+FIXED_FRAME+SAVE_GPR_SIZE+SAVE_FPR_SIZE, R0) \ ++ ADD $(extra+FIXED_FRAME+SAVE_ALL_REG_SIZE), R1 \ ++ MOVD 16(R1), R0 \ ++ MOVD R0, LR \ ++ MOVD 8(R1), R0 \ ++ MOVW R0, CR +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_riscv64.h b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_riscv64.h +new file mode 100644 +index 00000000000000..b9322e0c53e2ac +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/abi_riscv64.h +@@ -0,0 +1,72 @@ ++// Copyright 2026 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// Macros for transitioning from the host ABI to Go ABI0. ++// ++// These macros save and restore the callee-saved registers ++// from the stack, but they don't adjust stack pointer, so ++// the user should prepare stack space in advance. ++// SAVE_GPR(offset) saves X8, X9, X18-X27 to the stack space ++// of ((offset)+0*8)(X2) ~ ((offset)+11*8)(X2). ++// ++// SAVE_FPR(offset) saves F8, F9, F18-F27 to the stack space ++// of ((offset)+0*8)(X2) ~ ((offset)+11*8)(X2). ++// ++// Note: g is X27 ++ ++#define SAVE_GPR(offset) \ ++ MOV X8, ((offset)+0*8)(X2) \ ++ MOV X9, ((offset)+1*8)(X2) \ ++ MOV X18, ((offset)+2*8)(X2) \ ++ MOV X19, ((offset)+3*8)(X2) \ ++ MOV X20, ((offset)+4*8)(X2) \ ++ MOV X21, ((offset)+5*8)(X2) \ ++ MOV X22, ((offset)+6*8)(X2) \ ++ MOV X23, ((offset)+7*8)(X2) \ ++ MOV X24, ((offset)+8*8)(X2) \ ++ MOV X25, ((offset)+9*8)(X2) \ ++ MOV X26, ((offset)+10*8)(X2) \ ++ MOV g, ((offset)+11*8)(X2) ++ ++#define RESTORE_GPR(offset) \ ++ MOV ((offset)+0*8)(X2), X8 \ ++ MOV ((offset)+1*8)(X2), X9 \ ++ MOV ((offset)+2*8)(X2), X18 \ ++ MOV ((offset)+3*8)(X2), X19 \ ++ MOV ((offset)+4*8)(X2), X20 \ ++ MOV ((offset)+5*8)(X2), X21 \ ++ MOV ((offset)+6*8)(X2), X22 \ ++ MOV ((offset)+7*8)(X2), X23 \ ++ MOV ((offset)+8*8)(X2), X24 \ ++ MOV ((offset)+9*8)(X2), X25 \ ++ MOV ((offset)+10*8)(X2), X26 \ ++ MOV ((offset)+11*8)(X2), g ++ ++#define SAVE_FPR(offset) \ ++ MOVD F8, ((offset)+0*8)(X2) \ ++ MOVD F9, ((offset)+1*8)(X2) \ ++ MOVD F18, ((offset)+2*8)(X2) \ ++ MOVD F19, ((offset)+3*8)(X2) \ ++ MOVD F20, ((offset)+4*8)(X2) \ ++ MOVD F21, ((offset)+5*8)(X2) \ ++ MOVD F22, ((offset)+6*8)(X2) \ ++ MOVD F23, ((offset)+7*8)(X2) \ ++ MOVD F24, ((offset)+8*8)(X2) \ ++ MOVD F25, ((offset)+9*8)(X2) \ ++ MOVD F26, ((offset)+10*8)(X2) \ ++ MOVD F27, ((offset)+11*8)(X2) ++ ++#define RESTORE_FPR(offset) \ ++ MOVD ((offset)+0*8)(X2), F8 \ ++ MOVD ((offset)+1*8)(X2), F9 \ ++ MOVD ((offset)+2*8)(X2), F18 \ ++ MOVD ((offset)+3*8)(X2), F19 \ ++ MOVD ((offset)+4*8)(X2), F20 \ ++ MOVD ((offset)+5*8)(X2), F21 \ ++ MOVD ((offset)+6*8)(X2), F22 \ ++ MOVD ((offset)+7*8)(X2), F23 \ ++ MOVD ((offset)+8*8)(X2), F24 \ ++ MOVD ((offset)+9*8)(X2), F25 \ ++ MOVD ((offset)+10*8)(X2), F26 \ ++ MOVD ((offset)+11*8)(X2), F27 +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_386.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_386.s +new file mode 100644 +index 00000000000000..7475ec8a0b21fc +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_386.s +@@ -0,0 +1,29 @@ ++// Copyright 2009 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++#include "textflag.h" ++ ++// Called by C code generated by cmd/cgo. ++// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) ++// Saves C callee-saved registers and calls cgocallback with three arguments. ++// fn is the PC of a func(a unsafe.Pointer) function. ++TEXT crosscall2(SB), NOSPLIT, $28-16 ++ MOVL BP, 24(SP) ++ MOVL BX, 20(SP) ++ MOVL SI, 16(SP) ++ MOVL DI, 12(SP) ++ ++ MOVL ctxt+12(FP), AX ++ MOVL AX, 8(SP) ++ MOVL a+4(FP), AX ++ MOVL AX, 4(SP) ++ MOVL fn+0(FP), AX ++ MOVL AX, 0(SP) ++ CALL runtime·cgocallback(SB) ++ ++ MOVL 12(SP), DI ++ MOVL 16(SP), SI ++ MOVL 20(SP), BX ++ MOVL 24(SP), BP ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_amd64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_amd64.s +new file mode 100644 +index 00000000000000..2b7eb57f8ae783 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_amd64.s +@@ -0,0 +1,39 @@ ++// Copyright 2009 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++#include "textflag.h" ++#include "abi_amd64.h" ++ ++// Called by C code generated by cmd/cgo. ++// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) ++// Saves C callee-saved registers and calls cgocallback with three arguments. ++// fn is the PC of a func(a unsafe.Pointer) function. ++// This signature is known to SWIG, so we can't change it. ++TEXT crosscall2(SB), NOSPLIT, $0-0 ++ PUSH_REGS_HOST_TO_ABI0() ++ ++ // Make room for arguments to cgocallback. ++ ADJSP $0x18 ++ ++#ifndef GOOS_windows ++ MOVQ DI, 0x0(SP) // fn ++ MOVQ SI, 0x8(SP) // arg ++ ++ // Skip n in DX. ++ MOVQ CX, 0x10(SP) // ctxt ++ ++#else ++ MOVQ CX, 0x0(SP) // fn ++ MOVQ DX, 0x8(SP) // arg ++ ++ // Skip n in R8. ++ MOVQ R9, 0x10(SP) // ctxt ++ ++#endif ++ ++ CALL runtime·cgocallback(SB) ++ ++ ADJSP $-0x18 ++ POP_REGS_HOST_TO_ABI0() ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_arm.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_arm.s +new file mode 100644 +index 00000000000000..68034e6035aa44 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_arm.s +@@ -0,0 +1,52 @@ ++// Copyright 2012 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++#include "textflag.h" ++ ++// Called by C code generated by cmd/cgo. ++// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) ++// Saves C callee-saved registers and calls cgocallback with three arguments. ++// fn is the PC of a func(a unsafe.Pointer) function. ++TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0 ++ SUB $(8*9), R13 // Reserve space for the floating point registers. ++ ++ // The C arguments arrive in R0, R1, R2, and R3. We want to ++ // pass R0, R1, and R3 to Go, so we push those on the stack. ++ // Also, save C callee-save registers R4-R12. ++ MOVM.WP [R0, R1, R3, R4, R5, R6, R7, R8, R9, g, R11, R12], (R13) ++ ++ // Finally, save the link register R14. This also puts the ++ // arguments we pushed for cgocallback where they need to be, ++ // starting at 4(R13). ++ MOVW.W R14, -4(R13) ++ ++ // Save VFP callee-saved registers D8-D15 (same as S16-S31). ++ // Note: We always save these since we target hard-float ABI. ++ MOVD F8, (13*4+8*1)(R13) ++ MOVD F9, (13*4+8*2)(R13) ++ MOVD F10, (13*4+8*3)(R13) ++ MOVD F11, (13*4+8*4)(R13) ++ MOVD F12, (13*4+8*5)(R13) ++ MOVD F13, (13*4+8*6)(R13) ++ MOVD F14, (13*4+8*7)(R13) ++ MOVD F15, (13*4+8*8)(R13) ++ ++ BL runtime·load_g(SB) ++ ++ // We set up the arguments to cgocallback when saving registers above. ++ BL runtime·cgocallback(SB) ++ ++ MOVD (13*4+8*1)(R13), F8 ++ MOVD (13*4+8*2)(R13), F9 ++ MOVD (13*4+8*3)(R13), F10 ++ MOVD (13*4+8*4)(R13), F11 ++ MOVD (13*4+8*5)(R13), F12 ++ MOVD (13*4+8*6)(R13), F13 ++ MOVD (13*4+8*7)(R13), F14 ++ MOVD (13*4+8*8)(R13), F15 ++ ++ MOVW.P 4(R13), R14 ++ MOVM.IAW (R13), [R0, R1, R3, R4, R5, R6, R7, R8, R9, g, R11, R12] ++ ADD $(8*9), R13 ++ MOVW R14, R15 +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_arm64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_arm64.s +new file mode 100644 +index 00000000000000..50e5261d922c56 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_arm64.s +@@ -0,0 +1,36 @@ ++// Copyright 2015 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++#include "textflag.h" ++#include "abi_arm64.h" ++ ++// Called by C code generated by cmd/cgo. ++// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) ++// Saves C callee-saved registers and calls cgocallback with three arguments. ++// fn is the PC of a func(a unsafe.Pointer) function. ++TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0 ++/* ++ * We still need to save all callee save register as before, and then ++ * push 3 args for fn (R0, R1, R3), skipping R2. ++ * Also note that at procedure entry in gc world, 8(RSP) will be the ++ * first arg. ++ */ ++ SUB $(8*24), RSP ++ STP (R0, R1), (8*1)(RSP) ++ MOVD R3, (8*3)(RSP) ++ ++ SAVE_R19_TO_R28(8*4) ++ SAVE_F8_TO_F15(8*14) ++ STP (R29, R30), (8*22)(RSP) ++ ++ // Initialize Go ABI environment ++ BL runtime·load_g(SB) ++ BL runtime·cgocallback(SB) ++ ++ RESTORE_R19_TO_R28(8*4) ++ RESTORE_F8_TO_F15(8*14) ++ LDP (8*22)(RSP), (R29, R30) ++ ++ ADD $(8*24), RSP ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_loong64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_loong64.s +new file mode 100644 +index 00000000000000..e81df86a56e4ad +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_loong64.s +@@ -0,0 +1,40 @@ ++// Copyright 2022 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++#include "textflag.h" ++#include "abi_loong64.h" ++ ++// Called by C code generated by cmd/cgo. ++// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) ++// Saves C callee-saved registers and calls cgocallback with three arguments. ++// fn is the PC of a func(a unsafe.Pointer) function. ++TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0 ++/* ++ * We still need to save all callee save register as before, and then ++ * push 3 args for fn (R4, R5, R7), skipping R6. ++ * Also note that at procedure entry in gc world, 8(R29) will be the ++ * first arg. ++ */ ++ ++ ADDV $(-23*8), R3 ++ MOVV R4, (1*8)(R3) // fn unsafe.Pointer ++ MOVV R5, (2*8)(R3) // a unsafe.Pointer ++ MOVV R7, (3*8)(R3) // ctxt uintptr ++ ++ SAVE_R22_TO_R31((4*8)) ++ SAVE_F24_TO_F31((14*8)) ++ MOVV R1, (22*8)(R3) ++ ++ // Initialize Go ABI environment ++ JAL runtime·load_g(SB) ++ ++ JAL runtime·cgocallback(SB) ++ ++ RESTORE_R22_TO_R31((4*8)) ++ RESTORE_F24_TO_F31((14*8)) ++ MOVV (22*8)(R3), R1 ++ ++ ADDV $(23*8), R3 ++ ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_ppc64le.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_ppc64le.s +new file mode 100644 +index 00000000000000..6d1938cd8d8bcd +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_ppc64le.s +@@ -0,0 +1,82 @@ ++// Copyright 2014 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++#include "textflag.h" ++#include "abi_ppc64x.h" ++ ++// Called by C code generated by cmd/cgo. ++// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) ++// Saves C callee-saved registers and calls cgocallback with three arguments. ++// fn is the PC of a func(a unsafe.Pointer) function. ++// ++// This is a simplified version that only saves GPR and FPR registers, ++// not vector registers. This keeps the stack frame smaller to avoid ++// exceeding the nosplit stack limit. ++// ++// On PPC64LE ELFv2, callee-save registers are: ++// R14-R31 (18 GPRs = 144 bytes) ++// F14-F31 (18 FPRs = 144 bytes) ++// CR2-CR4 (saved in CR field) ++// ++// Stack layout (must be 16-byte aligned): ++// 32 (FIXED_FRAME) + 24 (args) + 144 (GPR) + 144 (FPR) = 344 ++// Rounded to 352 for 16-byte alignment. ++ ++#define FIXED_FRAME 32 ++#define SAVE_SIZE 352 ++#define GPR_OFFSET (FIXED_FRAME+24) ++#define FPR_OFFSET (GPR_OFFSET+SAVE_GPR_SIZE) ++ ++TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0 ++ // Save LR and CR in caller's frame per ELFv2 ABI ++ MOVD LR, R0 ++ MOVD R0, 16(R1) ++ MOVW CR, R0 ++ MOVD R0, 8(R1) ++ ++ // Allocate our stack frame ++ MOVDU R1, -SAVE_SIZE(R1) ++ ++ // Save TOC (R2) in case needed ++ MOVD R2, 24(R1) ++ ++ // Save callee-save GPRs ++ SAVE_GPR(GPR_OFFSET) ++ ++ // Save callee-save FPRs ++ SAVE_FPR(FPR_OFFSET) ++ ++ // Initialize R0 to 0 as expected by Go ++ MOVD $0, R0 ++ ++ // Load the current g. ++ BL runtime·load_g(SB) ++ ++ // Set up arguments for cgocallback ++ MOVD R3, FIXED_FRAME+0(R1) // fn unsafe.Pointer ++ MOVD R4, FIXED_FRAME+8(R1) // a unsafe.Pointer ++ ++ // Skip R5 = n uint32 ++ MOVD R6, FIXED_FRAME+16(R1) // ctxt uintptr ++ BL runtime·cgocallback(SB) ++ ++ // Restore callee-save FPRs ++ RESTORE_FPR(FPR_OFFSET) ++ ++ // Restore callee-save GPRs ++ RESTORE_GPR(GPR_OFFSET) ++ ++ // Restore TOC ++ MOVD 24(R1), R2 ++ ++ // Deallocate stack frame ++ ADD $SAVE_SIZE, R1 ++ ++ // Restore LR and CR from caller's frame ++ MOVD 16(R1), R0 ++ MOVD R0, LR ++ MOVD 8(R1), R0 ++ MOVW R0, CR ++ ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_riscv64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_riscv64.s +new file mode 100644 +index 00000000000000..d34699e5a84d2a +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_riscv64.s +@@ -0,0 +1,37 @@ ++// Copyright 2020 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++#include "textflag.h" ++#include "abi_riscv64.h" ++ ++// Called by C code generated by cmd/cgo. ++// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) ++// Saves C callee-saved registers and calls cgocallback with three arguments. ++// fn is the PC of a func(a unsafe.Pointer) function. ++TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0 ++/* ++ * Push arguments for fn (X10, X11, X13), along with all callee-save ++ * registers. Note that at procedure entry the first argument is at ++ * 8(X2). ++ */ ++ ADD $(-8*29), X2 ++ MOV X10, (8*1)(X2) // fn unsafe.Pointer ++ MOV X11, (8*2)(X2) // a unsafe.Pointer ++ MOV X13, (8*3)(X2) // ctxt uintptr ++ ++ SAVE_GPR((8*4)) ++ MOV X1, (8*16)(X2) ++ SAVE_FPR((8*17)) ++ ++ // Initialize Go ABI environment ++ CALL runtime·load_g(SB) ++ CALL runtime·cgocallback(SB) ++ ++ RESTORE_GPR((8*4)) ++ MOV (8*16)(X2), X1 ++ RESTORE_FPR((8*17)) ++ ++ ADD $(8*29), X2 ++ ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_s390x.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_s390x.s +new file mode 100644 +index 00000000000000..b64466501dee38 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/asm_s390x.s +@@ -0,0 +1,55 @@ ++// Copyright 2016 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++#include "textflag.h" ++ ++// Called by C code generated by cmd/cgo. ++// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) ++// Saves C callee-saved registers and calls cgocallback with three arguments. ++// fn is the PC of a func(a unsafe.Pointer) function. ++TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0 ++ // Start with standard C stack frame layout and linkage. ++ ++ // Save R6-R15 in the register save area of the calling function. ++ STMG R6, R15, 48(R15) ++ ++ // Allocate 96 bytes on the stack. ++ MOVD $-96(R15), R15 ++ ++ // Save F8-F15 in our stack frame. ++ FMOVD F8, 32(R15) ++ FMOVD F9, 40(R15) ++ FMOVD F10, 48(R15) ++ FMOVD F11, 56(R15) ++ FMOVD F12, 64(R15) ++ FMOVD F13, 72(R15) ++ FMOVD F14, 80(R15) ++ FMOVD F15, 88(R15) ++ ++ // Initialize Go ABI environment. ++ BL runtime·load_g(SB) ++ ++ MOVD R2, 8(R15) // fn unsafe.Pointer ++ MOVD R3, 16(R15) // a unsafe.Pointer ++ ++ // Skip R4 = n uint32 ++ MOVD R5, 24(R15) // ctxt uintptr ++ BL runtime·cgocallback(SB) ++ ++ FMOVD 32(R15), F8 ++ FMOVD 40(R15), F9 ++ FMOVD 48(R15), F10 ++ FMOVD 56(R15), F11 ++ FMOVD 64(R15), F12 ++ FMOVD 72(R15), F13 ++ FMOVD 80(R15), F14 ++ FMOVD 88(R15), F15 ++ ++ // De-allocate stack frame. ++ MOVD $96(R15), R15 ++ ++ // Restore R6-R15. ++ LMG 48(R15), R6, R15 ++ ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/callbacks.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/callbacks.go +new file mode 100644 +index 00000000000000..f29e690cc15b3a +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/callbacks.go +@@ -0,0 +1,93 @@ ++// Copyright 2011 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++package fakecgo ++ ++import ( ++ _ "unsafe" ++) ++ ++// TODO: decide if we need _runtime_cgo_panic_internal ++ ++//go:linkname x_cgo_init_trampoline x_cgo_init_trampoline ++//go:linkname _cgo_init _cgo_init ++var x_cgo_init_trampoline byte ++var _cgo_init = &x_cgo_init_trampoline ++ ++// Creates a new system thread without updating any Go state. ++// ++// This method is invoked during shared library loading to create a new OS ++// thread to perform the runtime initialization. This method is similar to ++// _cgo_sys_thread_start except that it doesn't update any Go state. ++ ++//go:linkname x_cgo_thread_start_trampoline x_cgo_thread_start_trampoline ++//go:linkname _cgo_thread_start _cgo_thread_start ++var x_cgo_thread_start_trampoline byte ++var _cgo_thread_start = &x_cgo_thread_start_trampoline ++ ++// Notifies that the runtime has been initialized. ++// ++// We currently block at every CGO entry point (via _cgo_wait_runtime_init_done) ++// to ensure that the runtime has been initialized before the CGO call is ++// executed. This is necessary for shared libraries where we kickoff runtime ++// initialization in a separate thread and return without waiting for this ++// thread to complete the init. ++ ++//go:linkname x_cgo_notify_runtime_init_done_trampoline x_cgo_notify_runtime_init_done_trampoline ++//go:linkname _cgo_notify_runtime_init_done _cgo_notify_runtime_init_done ++var x_cgo_notify_runtime_init_done_trampoline byte ++var _cgo_notify_runtime_init_done = &x_cgo_notify_runtime_init_done_trampoline ++ ++// Indicates whether a dummy thread key has been created or not. ++// ++// When calling go exported function from C, we register a destructor ++// callback, for a dummy thread key, by using pthread_key_create. ++ ++//go:linkname _cgo_pthread_key_created _cgo_pthread_key_created ++var x_cgo_pthread_key_created uintptr ++var _cgo_pthread_key_created = &x_cgo_pthread_key_created ++ ++// Set the x_crosscall2_ptr C function pointer variable point to crosscall2. ++// It's for the runtime package to call at init time. ++func set_crosscall2() { ++ // nothing needs to be done here for fakecgo ++ // because it's possible to just call cgocallback directly ++} ++ ++//go:linkname _set_crosscall2 runtime.set_crosscall2 ++var _set_crosscall2 = set_crosscall2 ++ ++// Store the g into the thread-specific value. ++// So that pthread_key_destructor will dropm when the thread is exiting. ++ ++//go:linkname x_cgo_bindm_trampoline x_cgo_bindm_trampoline ++//go:linkname _cgo_bindm _cgo_bindm ++var x_cgo_bindm_trampoline byte ++var _cgo_bindm = &x_cgo_bindm_trampoline ++ ++// TODO: decide if we need x_cgo_set_context_function ++// TODO: decide if we need _cgo_yield ++ ++var ( ++ // In Go 1.20 the race detector was rewritten to pure Go ++ // on darwin. This means that when CGO_ENABLED=0 is set ++ // fakecgo is built with race detector code. This is not ++ // good since this code is pretending to be C. The go:norace ++ // pragma is not enough, since it only applies to the native ++ // ABIInternal function. The ABIO wrapper (which is necessary, ++ // since all references to text symbols from assembly will use it) ++ // does not inherit the go:norace pragma, so it will still be ++ // instrumented by the race detector. ++ // ++ // To circumvent this issue, using closure calls in the ++ // assembly, which forces the compiler to use the ABIInternal ++ // native implementation (which has go:norace) instead. ++ threadentry_call = threadentry ++ x_cgo_init_call = x_cgo_init ++ x_cgo_setenv_call = x_cgo_setenv ++ x_cgo_unsetenv_call = x_cgo_unsetenv ++ x_cgo_thread_start_call = x_cgo_thread_start ++) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/fakecgo.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/fakecgo.go +new file mode 100644 +index 00000000000000..58b95e1f4157f2 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/fakecgo.go +@@ -0,0 +1,14 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2025 The Ebitengine Authors ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++package fakecgo ++ ++import _ "unsafe" ++ ++// setg_trampoline calls setg with the G provided ++func setg_trampoline(setg uintptr, G uintptr) ++ ++// call5 takes fn the C function and 5 arguments and calls the function with those arguments ++func call5(fn, a1, a2, a3, a4, a5 uintptr) uintptr +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/fakecgo.lock b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/fakecgo.lock +new file mode 100644 +index 00000000000000..9b0650d53777bd +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/fakecgo.lock +@@ -0,0 +1,3 @@ ++{ ++ "commit_hash": "5110604b3385278be6887d0feead513a1bfe7a82" ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/freebsd.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/freebsd.go +new file mode 100644 +index 00000000000000..bb73a709e69188 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/freebsd.go +@@ -0,0 +1,27 @@ ++// Copyright 2010 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build freebsd && !cgo ++ ++package fakecgo ++ ++import _ "unsafe" // for go:linkname ++ ++// Supply environ and __progname, because we don't ++// link against the standard FreeBSD crt0.o and the ++// libc dynamic library needs them. ++ ++// Note: when building with cross-compiling or CGO_ENABLED=0, add ++// the following argument to `go` so that these symbols are defined by ++// making fakecgo the Cgo. ++// -gcflags="github.com/ebitengine/purego/internal/fakecgo=-std" ++ ++//go:linkname _environ environ ++//go:linkname _progname __progname ++ ++//go:cgo_export_dynamic environ ++//go:cgo_export_dynamic __progname ++ ++var _environ uintptr ++var _progname uintptr +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/generate.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/generate.go +new file mode 100644 +index 00000000000000..88c4cdf9ec04cc +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/generate.go +@@ -0,0 +1,6 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++package fakecgo ++ ++//go:generate go run update_tool.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_darwin.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_darwin.go +new file mode 100644 +index 00000000000000..d0868f0f790351 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_darwin.go +@@ -0,0 +1,88 @@ ++// Copyright 2011 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo ++ ++package fakecgo ++ ++import "unsafe" ++ ++//go:nosplit ++//go:norace ++func _cgo_sys_thread_start(ts *ThreadStart) { ++ var attr pthread_attr_t ++ var ign, oset sigset_t ++ var p pthread_t ++ var size size_t ++ var err int ++ ++ sigfillset(&ign) ++ pthread_sigmask(SIG_SETMASK, &ign, &oset) ++ ++ size = pthread_get_stacksize_np(pthread_self()) ++ pthread_attr_init(&attr) ++ pthread_attr_setstacksize(&attr, size) ++ // Leave stacklo=0 and set stackhi=size; mstart will do the rest. ++ ts.g.stackhi = uintptr(size) ++ ++ err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts) ++ ++ pthread_sigmask(SIG_SETMASK, &oset, nil) ++ ++ if err != 0 { ++ print("fakecgo: pthread_create failed: ") ++ println(err) ++ abort() ++ } ++} ++ ++// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function ++// ++//go:linkname x_threadentry_trampoline threadentry_trampoline ++var x_threadentry_trampoline byte ++var threadentry_trampolineABI0 = &x_threadentry_trampoline ++ ++//go:nosplit ++//go:norace ++func threadentry(v unsafe.Pointer) unsafe.Pointer { ++ ts := *(*ThreadStart)(v) ++ free(v) ++ ++ // TODO: support ios ++ //#if TARGET_OS_IPHONE ++ // darwin_arm_init_thread_exception_port(); ++ //#endif ++ setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g))) ++ ++ // faking funcs in go is a bit a... involved - but the following works :) ++ fn := uintptr(unsafe.Pointer(&ts.fn)) ++ (*(*func())(unsafe.Pointer(&fn)))() ++ ++ return nil ++} ++ ++// here we will store a pointer to the provided setg func ++var setg_func uintptr ++ ++// x_cgo_init(G *g, void (*setg)(void*)) (runtime/cgo/gcc_linux_amd64.c) ++// This get's called during startup, adjusts stacklo, and provides a pointer to setg_gcc for us ++// Additionally, if we set _cgo_init to non-null, go won't do it's own TLS setup ++// This function can't be go:systemstack since go is not in a state where the systemcheck would work. ++// ++//go:nosplit ++//go:norace ++func x_cgo_init(g *G, setg uintptr) { ++ var size size_t ++ ++ setg_func = setg ++ size = pthread_get_stacksize_np(pthread_self()) ++ g.stacklo = uintptr(unsafe.Add(unsafe.Pointer(&size), -size+4096)) ++ ++ //TODO: support ios ++ //#if TARGET_OS_IPHONE ++ // darwin_arm_init_mach_exception_handler(); ++ // darwin_arm_init_thread_exception_port(); ++ // init_working_dir(); ++ //#endif ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_freebsd.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_freebsd.go +new file mode 100644 +index 00000000000000..55ff71e2672086 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_freebsd.go +@@ -0,0 +1,79 @@ ++// Copyright 2011 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo ++ ++package fakecgo ++ ++import "unsafe" ++ ++//go:nosplit ++func _cgo_sys_thread_start(ts *ThreadStart) { ++ var attr pthread_attr_t ++ var ign, oset sigset_t ++ var p pthread_t ++ var size size_t ++ var err int ++ ++ // fprintf(stderr, "runtime/cgo: _cgo_sys_thread_start: fn=%p, g=%p\n", ts->fn, ts->g); // debug ++ sigfillset(&ign) ++ pthread_sigmask(SIG_SETMASK, &ign, &oset) ++ ++ pthread_attr_init(&attr) ++ pthread_attr_getstacksize(&attr, &size) ++ // Leave stacklo=0 and set stackhi=size; mstart will do the rest. ++ ts.g.stackhi = uintptr(size) ++ ++ err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts) ++ ++ pthread_sigmask(SIG_SETMASK, &oset, nil) ++ ++ if err != 0 { ++ print("fakecgo: pthread_create failed: ") ++ println(err) ++ abort() ++ } ++} ++ ++// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function ++// ++//go:linkname x_threadentry_trampoline threadentry_trampoline ++var x_threadentry_trampoline byte ++var threadentry_trampolineABI0 = &x_threadentry_trampoline ++ ++//go:nosplit ++func threadentry(v unsafe.Pointer) unsafe.Pointer { ++ ts := *(*ThreadStart)(v) ++ free(v) ++ ++ setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g))) ++ ++ // faking funcs in go is a bit a... involved - but the following works :) ++ fn := uintptr(unsafe.Pointer(&ts.fn)) ++ (*(*func())(unsafe.Pointer(&fn)))() ++ ++ return nil ++} ++ ++// here we will store a pointer to the provided setg func ++var setg_func uintptr ++ ++// x_cgo_init(G *g, void (*setg)(void*)) (runtime/cgo/gcc_linux_amd64.c) ++// This get's called during startup, adjusts stacklo, and provides a pointer to setg_gcc for us ++// Additionally, if we set _cgo_init to non-null, go won't do it's own TLS setup ++// This function can't be go:systemstack since go is not in a state where the systemcheck would work. ++// ++//go:nosplit ++func x_cgo_init(g *G, setg uintptr) { ++ var size size_t ++ var attr pthread_attr_t ++ ++ setg_func = setg ++ pthread_attr_init(&attr) ++ pthread_attr_getstacksize(&attr, &size) ++ // runtime/cgo uses __builtin_frame_address(0) instead of `uintptr(unsafe.Pointer(&size))` ++ // but this should be OK since we are taking the address of the first variable in this function. ++ g.stacklo = uintptr(unsafe.Pointer(&size)) - uintptr(size) + 4096 ++ pthread_attr_destroy(&attr) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_libinit.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_libinit.go +new file mode 100644 +index 00000000000000..e5a66f39d4f3f5 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_libinit.go +@@ -0,0 +1,72 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++package fakecgo ++ ++import ( ++ "syscall" ++ "unsafe" ++) ++ ++var ( ++ pthread_g pthread_key_t ++ ++ runtime_init_cond = PTHREAD_COND_INITIALIZER ++ runtime_init_mu = PTHREAD_MUTEX_INITIALIZER ++ runtime_init_done int ++) ++ ++//go:nosplit ++//go:norace ++func x_cgo_notify_runtime_init_done() { ++ pthread_mutex_lock(&runtime_init_mu) ++ runtime_init_done = 1 ++ pthread_cond_broadcast(&runtime_init_cond) ++ pthread_mutex_unlock(&runtime_init_mu) ++} ++ ++// Store the g into a thread-specific value associated with the pthread key pthread_g. ++// And pthread_key_destructor will dropm when the thread is exiting. ++// ++//go:norace ++func x_cgo_bindm(g unsafe.Pointer) { ++ // We assume this will always succeed, otherwise, there might be extra M leaking, ++ // when a C thread exits after a cgo call. ++ // We only invoke this function once per thread in runtime.needAndBindM, ++ // and the next calls just reuse the bound m. ++ pthread_setspecific(pthread_g, g) ++} ++ ++// _cgo_try_pthread_create retries pthread_create if it fails with ++// EAGAIN. ++// ++//go:nosplit ++//go:norace ++func _cgo_try_pthread_create(thread *pthread_t, attr *pthread_attr_t, pfn unsafe.Pointer, arg *ThreadStart) int { ++ var ts syscall.Timespec ++ // tries needs to be the same type as syscall.Timespec.Nsec ++ // but the fields are int32 on 32bit and int64 on 64bit. ++ // tries is assigned to syscall.Timespec.Nsec in order to match its type. ++ tries := ts.Nsec ++ var err int ++ ++ for tries = 0; tries < 20; tries++ { ++ // inlined this call because it ran out of stack when inlining was disabled ++ err = int(call5(pthread_createABI0, uintptr(unsafe.Pointer(thread)), uintptr(unsafe.Pointer(attr)), uintptr(pfn), uintptr(unsafe.Pointer(arg)), 0)) ++ if err == 0 { ++ // inlined this call because it ran out of stack when inlining was disabled ++ call5(pthread_detachABI0, uintptr(*thread), 0, 0, 0, 0) ++ return 0 ++ } ++ if err != int(syscall.EAGAIN) { ++ return err ++ } ++ ts.Sec = 0 ++ ts.Nsec = (tries + 1) * 1000 * 1000 // Milliseconds. ++ // inlined this call because it ran out of stack when inlining was disabled ++ call5(nanosleepABI0, uintptr(unsafe.Pointer(&ts)), 0, 0, 0, 0) ++ } ++ return int(syscall.EAGAIN) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_linux.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_linux.go +new file mode 100644 +index 00000000000000..089d9fe489407b +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_linux.go +@@ -0,0 +1,79 @@ ++// Copyright 2011 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo ++ ++package fakecgo ++ ++import "unsafe" ++ ++//go:nosplit ++func _cgo_sys_thread_start(ts *ThreadStart) { ++ var attr pthread_attr_t ++ var ign, oset sigset_t ++ var p pthread_t ++ var size size_t ++ var err int ++ ++ //fprintf(stderr, "runtime/cgo: _cgo_sys_thread_start: fn=%p, g=%p\n", ts->fn, ts->g); // debug ++ sigfillset(&ign) ++ pthread_sigmask(SIG_SETMASK, &ign, &oset) ++ ++ pthread_attr_init(&attr) ++ pthread_attr_getstacksize(&attr, &size) ++ // Leave stacklo=0 and set stackhi=size; mstart will do the rest. ++ ts.g.stackhi = uintptr(size) ++ ++ err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts) ++ ++ pthread_sigmask(SIG_SETMASK, &oset, nil) ++ ++ if err != 0 { ++ print("fakecgo: pthread_create failed: ") ++ println(err) ++ abort() ++ } ++} ++ ++// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function ++// ++//go:linkname x_threadentry_trampoline threadentry_trampoline ++var x_threadentry_trampoline byte ++var threadentry_trampolineABI0 = &x_threadentry_trampoline ++ ++//go:nosplit ++func threadentry(v unsafe.Pointer) unsafe.Pointer { ++ ts := *(*ThreadStart)(v) ++ free(v) ++ ++ setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g))) ++ ++ // faking funcs in go is a bit a... involved - but the following works :) ++ fn := uintptr(unsafe.Pointer(&ts.fn)) ++ (*(*func())(unsafe.Pointer(&fn)))() ++ ++ return nil ++} ++ ++// here we will store a pointer to the provided setg func ++var setg_func uintptr ++ ++// x_cgo_init(G *g, void (*setg)(void*)) (runtime/cgo/gcc_linux_amd64.c) ++// This get's called during startup, adjusts stacklo, and provides a pointer to setg_gcc for us ++// Additionally, if we set _cgo_init to non-null, go won't do it's own TLS setup ++// This function can't be go:systemstack since go is not in a state where the systemcheck would work. ++// ++//go:nosplit ++func x_cgo_init(g *G, setg uintptr) { ++ var size size_t ++ var attr pthread_attr_t ++ ++ setg_func = setg ++ pthread_attr_init(&attr) ++ pthread_attr_getstacksize(&attr, &size) ++ // runtime/cgo uses __builtin_frame_address(0) instead of `uintptr(unsafe.Pointer(&size))` ++ // but this should be OK since we are taking the address of the first variable in this function. ++ g.stacklo = uintptr(unsafe.Pointer(&size)) - uintptr(size) + 4096 ++ pthread_attr_destroy(&attr) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_setenv.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_setenv.go +new file mode 100644 +index 00000000000000..e42d84f0b75ea6 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_setenv.go +@@ -0,0 +1,18 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++package fakecgo ++ ++//go:nosplit ++//go:norace ++func x_cgo_setenv(arg *[2]*byte) { ++ setenv(arg[0], arg[1], 1) ++} ++ ++//go:nosplit ++//go:norace ++func x_cgo_unsetenv(arg *[1]*byte) { ++ unsetenv(arg[0]) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_util.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_util.go +new file mode 100644 +index 00000000000000..ff190007e8b6c0 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/go_util.go +@@ -0,0 +1,38 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++package fakecgo ++ ++import "unsafe" ++ ++// _cgo_thread_start is split into three parts in cgo since only one part is system dependent (keep it here for easier handling) ++ ++// _cgo_thread_start(ThreadStart *arg) (runtime/cgo/gcc_util.c) ++// This get's called instead of the go code for creating new threads ++// -> pthread_* stuff is used, so threads are setup correctly for C ++// If this is missing, TLS is only setup correctly on thread 1! ++// This function should be go:systemstack instead of go:nosplit (but that requires runtime) ++// ++//go:nosplit ++//go:norace ++func x_cgo_thread_start(arg *ThreadStart) { ++ var ts *ThreadStart ++ // Make our own copy that can persist after we return. ++ // _cgo_tsan_acquire(); ++ ts = (*ThreadStart)(malloc(unsafe.Sizeof(*ts))) ++ // _cgo_tsan_release(); ++ if ts == nil { ++ println("fakecgo: out of memory in thread_start") ++ abort() ++ } ++ // *ts = *arg would cause a writebarrier so copy using slices ++ const ptrSize = unsafe.Sizeof(uintptr(0)) ++ s1 := unsafe.Slice((*uintptr)(unsafe.Pointer(ts)), unsafe.Sizeof(*ts)/ptrSize) ++ s2 := unsafe.Slice((*uintptr)(unsafe.Pointer(arg)), unsafe.Sizeof(*arg)/ptrSize) ++ for i := range s2 { ++ s1[i] = s2[i] ++ } ++ _cgo_sys_thread_start(ts) // OS-dependent half ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/iscgo.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/iscgo.go +new file mode 100644 +index 00000000000000..28af41cc640724 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/iscgo.go +@@ -0,0 +1,19 @@ ++// Copyright 2010 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++// The runtime package contains an uninitialized definition ++// for runtime·iscgo. Override it to tell the runtime we're here. ++// There are various function pointers that should be set too, ++// but those depend on dynamic linker magic to get initialized ++// correctly, and sometimes they break. This variable is a ++// backup: it depends only on old C style static linking rules. ++ ++package fakecgo ++ ++import _ "unsafe" // for go:linkname ++ ++//go:linkname _iscgo runtime.iscgo ++var _iscgo bool = true +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo.go +new file mode 100644 +index 00000000000000..38f94419397d8d +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo.go +@@ -0,0 +1,39 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++package fakecgo ++ ++type ( ++ size_t uintptr ++ // Sources: ++ // Darwin (32 bytes) - https://github.com/apple/darwin-xnu/blob/2ff845c2e033bd0ff64b5b6aa6063a1f8f65aa32/bsd/sys/_types.h#L74 ++ // FreeBSD (32 bytes) - https://github.com/DoctorWkt/xv6-freebsd/blob/d2a294c2a984baed27676068b15ed9a29b06ab6f/include/signal.h#L98C9-L98C21 ++ // Linux (128 bytes) - https://github.com/torvalds/linux/blob/ab75170520d4964f3acf8bb1f91d34cbc650688e/arch/x86/include/asm/signal.h#L25 ++ sigset_t [128]byte ++ pthread_attr_t [64]byte ++ pthread_t int ++ pthread_key_t uint64 ++) ++ ++// for pthread_sigmask: ++ ++type sighow int32 ++ ++const ( ++ SIG_BLOCK sighow = 0 ++ SIG_UNBLOCK sighow = 1 ++ SIG_SETMASK sighow = 2 ++) ++ ++type G struct { ++ stacklo uintptr ++ stackhi uintptr ++} ++ ++type ThreadStart struct { ++ g *G ++ tls *uintptr ++ fn uintptr ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo_darwin.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo_darwin.go +new file mode 100644 +index 00000000000000..ecdcb2e7852560 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo_darwin.go +@@ -0,0 +1,26 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo ++ ++package fakecgo ++ ++type ( ++ pthread_mutex_t struct { ++ sig int64 ++ opaque [56]byte ++ } ++ pthread_cond_t struct { ++ sig int64 ++ opaque [40]byte ++ } ++) ++ ++var ( ++ PTHREAD_COND_INITIALIZER = pthread_cond_t{sig: 0x3CB0B1BB} ++ PTHREAD_MUTEX_INITIALIZER = pthread_mutex_t{sig: 0x32AAABA7} ++) ++ ++type stack_t struct { ++ /* not implemented */ ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo_freebsd.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo_freebsd.go +new file mode 100644 +index 00000000000000..4bfb70c3d5ee9a +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo_freebsd.go +@@ -0,0 +1,20 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo ++ ++package fakecgo ++ ++type ( ++ pthread_cond_t uintptr ++ pthread_mutex_t uintptr ++) ++ ++var ( ++ PTHREAD_COND_INITIALIZER = pthread_cond_t(0) ++ PTHREAD_MUTEX_INITIALIZER = pthread_mutex_t(0) ++) ++ ++type stack_t struct { ++ /* not implemented */ ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo_linux.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo_linux.go +new file mode 100644 +index 00000000000000..b08a44a1001bc0 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/libcgo_linux.go +@@ -0,0 +1,20 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo ++ ++package fakecgo ++ ++type ( ++ pthread_cond_t [48]byte ++ pthread_mutex_t [48]byte ++) ++ ++var ( ++ PTHREAD_COND_INITIALIZER = pthread_cond_t{} ++ PTHREAD_MUTEX_INITIALIZER = pthread_mutex_t{} ++) ++ ++type stack_t struct { ++ /* not implemented */ ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/linux.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/linux.go +new file mode 100644 +index 00000000000000..f98e272e42720e +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/linux.go +@@ -0,0 +1,184 @@ ++// Copyright 2016 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo && linux ++ ++package fakecgo ++ ++import "unsafe" ++ ++// argset matches runtime/cgocall.go:argset. ++type argset struct { ++ args *uintptr ++ retval uintptr ++} ++ ++//go:nosplit ++//go:norace ++func (a *argset) arg(i int) unsafe.Pointer { ++ return *(*unsafe.Pointer)(unsafe.Add(unsafe.Pointer(a.args), uintptr(i)*unsafe.Sizeof(uintptr(0)))) ++} ++ ++//go:linkname _cgo_libc_setegid syscall.cgo_libc_setegid ++//go:linkname _cgo_libc_seteuid syscall.cgo_libc_seteuid ++//go:linkname _cgo_libc_setgid syscall.cgo_libc_setgid ++//go:linkname _cgo_libc_setregid syscall.cgo_libc_setregid ++//go:linkname _cgo_libc_setresgid syscall.cgo_libc_setresgid ++//go:linkname _cgo_libc_setresuid syscall.cgo_libc_setresuid ++//go:linkname _cgo_libc_setreuid syscall.cgo_libc_setreuid ++//go:linkname _cgo_libc_setuid syscall.cgo_libc_setuid ++//go:linkname _cgo_libc_setgroups syscall.cgo_libc_setgroups ++ ++var _cgo_libc_setegid = &_cgo_purego_setegid_trampoline ++var _cgo_libc_seteuid = &_cgo_purego_seteuid_trampoline ++var _cgo_libc_setgid = &_cgo_purego_setgid_trampoline ++var _cgo_libc_setregid = &_cgo_purego_setregid_trampoline ++var _cgo_libc_setresgid = &_cgo_purego_setresgid_trampoline ++var _cgo_libc_setresuid = &_cgo_purego_setresuid_trampoline ++var _cgo_libc_setreuid = &_cgo_purego_setreuid_trampoline ++var _cgo_libc_setuid = &_cgo_purego_setuid_trampoline ++var _cgo_libc_setgroups = &_cgo_purego_setgroups_trampoline ++ ++//go:nosplit ++//go:norace ++func errno() int32 { ++ // this indirection is to avoid go vet complaining about possible misuse of unsafe.Pointer ++ loc := __errno_location() ++ return **(**int32)(unsafe.Pointer(&loc)) ++} ++ ++//go:linkname _cgo_purego_setegid_trampoline _cgo_purego_setegid_trampoline ++var _cgo_purego_setegid_trampoline byte ++var x_cgo_purego_setegid_call = x_cgo_purego_setegid ++ ++//go:nosplit ++//go:norace ++func x_cgo_purego_setegid(c *argset) { ++ ret := setegid(uint32(uintptr(c.arg(0)))) ++ if ret == -1 { ++ c.retval = uintptr(errno()) ++ } else { ++ c.retval = uintptr(ret) ++ } ++} ++ ++//go:linkname _cgo_purego_seteuid_trampoline _cgo_purego_seteuid_trampoline ++var _cgo_purego_seteuid_trampoline byte ++var x_cgo_purego_seteuid_call = x_cgo_purego_seteuid ++ ++//go:nosplit ++//go:norace ++func x_cgo_purego_seteuid(c *argset) { ++ ret := seteuid(uint32(uintptr(c.arg(0)))) ++ if ret == -1 { ++ c.retval = uintptr(errno()) ++ } else { ++ c.retval = uintptr(ret) ++ } ++} ++ ++//go:linkname _cgo_purego_setgid_trampoline _cgo_purego_setgid_trampoline ++var _cgo_purego_setgid_trampoline byte ++var x_cgo_purego_setgid_call = x_cgo_purego_setgid ++ ++//go:nosplit ++//go:norace ++func x_cgo_purego_setgid(c *argset) { ++ ret := setgid(uint32(uintptr(c.arg(0)))) ++ if ret == -1 { ++ c.retval = uintptr(errno()) ++ } else { ++ c.retval = uintptr(ret) ++ } ++} ++ ++//go:linkname _cgo_purego_setregid_trampoline _cgo_purego_setregid_trampoline ++var _cgo_purego_setregid_trampoline byte ++var x_cgo_purego_setregid_call = x_cgo_purego_setregid ++ ++//go:nosplit ++//go:norace ++func x_cgo_purego_setregid(c *argset) { ++ ret := setregid(uint32(uintptr(c.arg(0))), uint32(uintptr(c.arg(1)))) ++ if ret == -1 { ++ c.retval = uintptr(errno()) ++ } else { ++ c.retval = uintptr(ret) ++ } ++} ++ ++//go:linkname _cgo_purego_setresgid_trampoline _cgo_purego_setresgid_trampoline ++var _cgo_purego_setresgid_trampoline byte ++var x_cgo_purego_setresgid_call = x_cgo_purego_setresgid ++ ++//go:nosplit ++//go:norace ++func x_cgo_purego_setresgid(c *argset) { ++ ret := setresgid(uint32(uintptr(c.arg(0))), uint32(uintptr(c.arg(1))), uint32(uintptr(c.arg(2)))) ++ if ret == -1 { ++ c.retval = uintptr(errno()) ++ } else { ++ c.retval = uintptr(ret) ++ } ++} ++ ++//go:linkname _cgo_purego_setresuid_trampoline _cgo_purego_setresuid_trampoline ++var _cgo_purego_setresuid_trampoline byte ++var x_cgo_purego_setresuid_call = x_cgo_purego_setresuid ++ ++//go:nosplit ++//go:norace ++func x_cgo_purego_setresuid(c *argset) { ++ ret := setresuid(uint32(uintptr(c.arg(0))), uint32(uintptr(c.arg(1))), uint32(uintptr(c.arg(2)))) ++ if ret == -1 { ++ c.retval = uintptr(errno()) ++ } else { ++ c.retval = uintptr(ret) ++ } ++} ++ ++//go:linkname _cgo_purego_setreuid_trampoline _cgo_purego_setreuid_trampoline ++var _cgo_purego_setreuid_trampoline byte ++var x_cgo_purego_setreuid_call = x_cgo_purego_setreuid ++ ++//go:nosplit ++//go:norace ++func x_cgo_purego_setreuid(c *argset) { ++ ret := setreuid(uint32(uintptr(c.arg(0))), uint32(uintptr(c.arg(1)))) ++ if ret == -1 { ++ c.retval = uintptr(errno()) ++ } else { ++ c.retval = uintptr(ret) ++ } ++} ++ ++//go:linkname _cgo_purego_setuid_trampoline _cgo_purego_setuid_trampoline ++var _cgo_purego_setuid_trampoline byte ++var x_cgo_purego_setuid_call = x_cgo_purego_setuid ++ ++//go:nosplit ++//go:norace ++func x_cgo_purego_setuid(c *argset) { ++ ret := setuid(uint32(uintptr(c.arg(0)))) ++ if ret == -1 { ++ c.retval = uintptr(errno()) ++ } else { ++ c.retval = uintptr(ret) ++ } ++} ++ ++//go:linkname _cgo_purego_setgroups_trampoline _cgo_purego_setgroups_trampoline ++var _cgo_purego_setgroups_trampoline byte ++var x_cgo_purego_setgroups_call = x_cgo_purego_setgroups ++ ++//go:nosplit ++//go:norace ++func x_cgo_purego_setgroups(c *argset) { ++ ret := setgroups(uint32(uintptr(c.arg(0))), (*uint32)(c.arg(1))) ++ if ret == -1 { ++ c.retval = uintptr(errno()) ++ } else { ++ c.retval = uintptr(ret) ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/setenv.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/setenv.go +new file mode 100644 +index 00000000000000..f30af0e1515699 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/setenv.go +@@ -0,0 +1,19 @@ ++// Copyright 2011 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++package fakecgo ++ ++import _ "unsafe" // for go:linkname ++ ++//go:linkname x_cgo_setenv_trampoline x_cgo_setenv_trampoline ++//go:linkname _cgo_setenv runtime._cgo_setenv ++var x_cgo_setenv_trampoline byte ++var _cgo_setenv = &x_cgo_setenv_trampoline ++ ++//go:linkname x_cgo_unsetenv_trampoline x_cgo_unsetenv_trampoline ++//go:linkname _cgo_unsetenv runtime._cgo_unsetenv ++var x_cgo_unsetenv_trampoline byte ++var _cgo_unsetenv = &x_cgo_unsetenv_trampoline +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_386.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_386.s +new file mode 100644 +index 00000000000000..cf56a6c71575eb +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_386.s +@@ -0,0 +1,121 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2026 The Ebitengine Authors ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++#include "textflag.h" ++#include "go_asm.h" ++ ++// These trampolines map the gcc ABI to Go ABI0 and then call into the Go equivalent functions. ++// On i386, both GCC and Go use stack-based calling conventions. ++// ++// When C calls a function, the stack looks like: ++// 0(SP) = return address ++// 4(SP) = arg1 ++// 8(SP) = arg2 ++// ... ++// ++// When we declare a Go function with frame size $N-0, Go's prologue ++// effectively does SUB $N, SP, so the C arguments shift up by N bytes: ++// N+0(SP) = return address ++// N+4(SP) = arg1 ++// N+8(SP) = arg2 ++// ++// Go ABI0 on 386 expects arguments starting at 0(FP) which equals N+4(SP) ++// after the prologue (where N is the local frame size). ++ ++TEXT x_cgo_init_trampoline(SB), NOSPLIT, $8-0 ++ // C args at 12(SP) and 16(SP) after frame setup (8 bytes local + 4 bytes ret addr) ++ // Go function expects args at 0(SP) and 4(SP) in local frame ++ MOVL 12(SP), AX // first C arg ++ MOVL 16(SP), BX // second C arg ++ MOVL AX, 0(SP) // Go arg 1 ++ MOVL BX, 4(SP) // Go arg 2 ++ MOVL ·x_cgo_init_call(SB), CX ++ MOVL (CX), CX ++ CALL CX ++ RET ++ ++TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $4-0 ++ // C args at 8(SP) after frame setup (4 bytes local + 4 bytes ret addr) ++ MOVL 8(SP), AX // first C arg ++ MOVL AX, 0(SP) // Go arg 1 ++ MOVL ·x_cgo_thread_start_call(SB), CX ++ MOVL (CX), CX ++ CALL CX ++ RET ++ ++TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $4-0 ++ MOVL 8(SP), AX // first C arg ++ MOVL AX, 0(SP) // Go arg 1 ++ MOVL ·x_cgo_setenv_call(SB), CX ++ MOVL (CX), CX ++ CALL CX ++ RET ++ ++TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $4-0 ++ MOVL 8(SP), AX // first C arg ++ MOVL AX, 0(SP) // Go arg 1 ++ MOVL ·x_cgo_unsetenv_call(SB), CX ++ MOVL (CX), CX ++ CALL CX ++ RET ++ ++TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0-0 ++ CALL ·x_cgo_notify_runtime_init_done(SB) ++ RET ++ ++TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 ++ CALL ·x_cgo_bindm(SB) ++ RET ++ ++// func setg_trampoline(setg uintptr, g uintptr) ++// This is called from Go, so args are at normal FP positions ++TEXT ·setg_trampoline(SB), NOSPLIT, $4-8 ++ MOVL g+4(FP), AX ++ MOVL setg+0(FP), BX ++ ++ // setg expects g in 0(SP) ++ MOVL AX, 0(SP) ++ CALL BX ++ RET ++ ++TEXT threadentry_trampoline(SB), NOSPLIT, $24-4 ++ // Save callee-saved registers ++ MOVL BP, 20(SP) ++ MOVL BX, 16(SP) ++ MOVL SI, 12(SP) ++ MOVL DI, 8(SP) ++ ++ // Move C argument (arg) to stack for Go function ++ MOVL arg+0(FP), AX ++ MOVL AX, 0(SP) ++ ++ MOVL ·threadentry_call(SB), CX ++ MOVL (CX), CX ++ CALL CX ++ ++ // Restore callee-saved registers ++ MOVL 8(SP), DI ++ MOVL 12(SP), SI ++ MOVL 16(SP), BX ++ MOVL 20(SP), BP ++ RET ++ ++TEXT ·call5(SB), NOSPLIT, $24-28 ++ MOVL fn+0(FP), AX ++ MOVL a1+4(FP), BX ++ MOVL a2+8(FP), CX ++ MOVL a3+12(FP), DX ++ MOVL a4+16(FP), SI ++ MOVL a5+20(FP), DI ++ ++ // Place arguments on local stack frame for C calling convention ++ MOVL BX, 0(SP) // a1 ++ MOVL CX, 4(SP) // a2 ++ MOVL DX, 8(SP) // a3 ++ MOVL SI, 12(SP) // a4 ++ MOVL DI, 16(SP) // a5 ++ CALL AX ++ MOVL AX, r1+24(FP) ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_amd64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_amd64.s +new file mode 100644 +index 00000000000000..a4ca5ea98214fd +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_amd64.s +@@ -0,0 +1,107 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++/* ++trampoline for emulating required C functions for cgo in go (see cgo.go) ++(we convert cdecl calling convention to go and vice-versa) ++ ++C Calling convention cdecl used here (we only need integer args): ++1. arg: DI ++2. arg: SI ++3. arg: DX ++4. arg: CX ++5. arg: R8 ++6. arg: R9 ++We don't need floats with these functions -> AX=0 ++return value will be in AX ++temporary register is R11 ++*/ ++#include "textflag.h" ++#include "go_asm.h" ++#include "abi_amd64.h" ++ ++// these trampolines map the gcc ABI to Go ABI and then calls into the Go equivalent functions. ++ ++TEXT x_cgo_init_trampoline(SB), NOSPLIT, $16 ++ MOVQ DI, AX ++ MOVQ SI, BX ++ MOVQ ·x_cgo_init_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_thread_start_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_setenv_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_unsetenv_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0 ++ JMP ·x_cgo_notify_runtime_init_done(SB) ++ ++TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 ++ JMP ·x_cgo_bindm(SB) ++ ++// func setg_trampoline(setg uintptr, g uintptr) ++TEXT ·setg_trampoline(SB), NOSPLIT, $0-16 ++ MOVQ G+8(FP), DI ++ MOVQ setg+0(FP), R11 ++ XORL AX, AX ++ CALL R11 ++ RET ++ ++TEXT threadentry_trampoline(SB), NOSPLIT, $0 ++ // See crosscall2. ++ PUSH_REGS_HOST_TO_ABI0() ++ ++ // X15 is designated by Go as a fixed zero register. ++ // Calling directly into ABIInternal, ensure it is zero. ++ PXOR X15, X15 ++ ++ MOVQ DI, AX ++ MOVQ ·threadentry_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ ++ POP_REGS_HOST_TO_ABI0() ++ RET ++ ++TEXT ·call5(SB), NOSPLIT, $0-56 ++ MOVQ fn+0(FP), R11 ++ MOVQ a1+8(FP), DI ++ MOVQ a2+16(FP), SI ++ MOVQ a3+24(FP), DX ++ MOVQ a4+32(FP), CX ++ MOVQ a5+40(FP), R8 ++ ++ XORL AX, AX // no floats ++ ++ PUSHQ BP // save BP ++ MOVQ SP, BP // save SP inside BP bc BP is callee-saved ++ SUBQ $16, SP // allocate space for alignment ++ ANDQ $-16, SP // align on 16 bytes for SSE ++ ++ CALL R11 ++ ++ MOVQ BP, SP // get SP back ++ POPQ BP // restore BP ++ ++ MOVQ AX, ret+48(FP) ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_arm.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_arm.s +new file mode 100644 +index 00000000000000..c17925d60d6787 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_arm.s +@@ -0,0 +1,122 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2026 The Ebitengine Authors ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++#include "textflag.h" ++#include "go_asm.h" ++ ++// These trampolines map the gcc ABI to Go ABI0 and then call into the Go equivalent functions. ++// On ARM32, Go ABI0 uses stack-based calling convention. ++// Arguments are placed on the stack starting at 4(SP) after the prologue. ++ ++TEXT x_cgo_init_trampoline(SB), NOSPLIT, $8-0 ++ MOVW R0, 4(R13) ++ MOVW R1, 8(R13) ++ MOVW ·x_cgo_init_call(SB), R12 ++ MOVW (R12), R12 ++ CALL (R12) ++ RET ++ ++TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $8-0 ++ MOVW R0, 4(R13) ++ MOVW ·x_cgo_thread_start_call(SB), R12 ++ MOVW (R12), R12 ++ CALL (R12) ++ RET ++ ++TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $8-0 ++ MOVW R0, 4(R13) ++ MOVW ·x_cgo_setenv_call(SB), R12 ++ MOVW (R12), R12 ++ CALL (R12) ++ RET ++ ++TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $8-0 ++ MOVW R0, 4(R13) ++ MOVW ·x_cgo_unsetenv_call(SB), R12 ++ MOVW (R12), R12 ++ CALL (R12) ++ RET ++ ++TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0-0 ++ CALL ·x_cgo_notify_runtime_init_done(SB) ++ RET ++ ++TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 ++ CALL ·x_cgo_bindm(SB) ++ RET ++ ++// func setg_trampoline(setg uintptr, g uintptr) ++TEXT ·setg_trampoline(SB), NOSPLIT, $0-8 ++ MOVW G+4(FP), R0 ++ MOVW setg+0(FP), R12 ++ BL (R12) ++ RET ++ ++TEXT threadentry_trampoline(SB), NOSPLIT, $104-0 ++ // Save C callee-saved registers at C-to-Go boundary. ++ // See crosscall2 in asm_arm.s. ++ // ARM AAPCS callee-saved: R4-R11 (includes g=R10), D8-D15. ++ // LR is saved/restored by the Go-managed frame prologue/epilogue. ++ MOVW R0, 4(R13) // arg for threadentry_call ++ ++ MOVW R4, 8(R13) ++ MOVW R5, 12(R13) ++ MOVW R6, 16(R13) ++ MOVW R7, 20(R13) ++ MOVW R8, 24(R13) ++ MOVW R9, 28(R13) ++ MOVW g, 32(R13) // R10 ++ MOVW R11, 36(R13) ++ ++ MOVD F8, 40(R13) ++ MOVD F9, 48(R13) ++ MOVD F10, 56(R13) ++ MOVD F11, 64(R13) ++ MOVD F12, 72(R13) ++ MOVD F13, 80(R13) ++ MOVD F14, 88(R13) ++ MOVD F15, 96(R13) ++ ++ MOVW ·threadentry_call(SB), R12 ++ MOVW (R12), R12 ++ CALL (R12) ++ ++ MOVD 40(R13), F8 ++ MOVD 48(R13), F9 ++ MOVD 56(R13), F10 ++ MOVD 64(R13), F11 ++ MOVD 72(R13), F12 ++ MOVD 80(R13), F13 ++ MOVD 88(R13), F14 ++ MOVD 96(R13), F15 ++ ++ MOVW 8(R13), R4 ++ MOVW 12(R13), R5 ++ MOVW 16(R13), R6 ++ MOVW 20(R13), R7 ++ MOVW 24(R13), R8 ++ MOVW 28(R13), R9 ++ MOVW 32(R13), g ++ MOVW 36(R13), R11 ++ ++ RET ++ ++TEXT ·call5(SB), NOSPLIT, $8-28 ++ MOVW fn+0(FP), R12 ++ MOVW a1+4(FP), R0 ++ MOVW a2+8(FP), R1 ++ MOVW a3+12(FP), R2 ++ MOVW a4+16(FP), R3 ++ MOVW a5+20(FP), R4 ++ ++ // Store 5th arg below SP (in local frame area) ++ MOVW R4, arg5-8(SP) ++ ++ // Align SP to 8 bytes for call (required by ARM AAPCS) ++ SUB $8, R13 ++ CALL (R12) ++ ADD $8, R13 ++ MOVW R0, r1+24(FP) ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_arm64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_arm64.s +new file mode 100644 +index 00000000000000..1deb2747ad3245 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_arm64.s +@@ -0,0 +1,81 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++#include "textflag.h" ++#include "go_asm.h" ++#include "abi_arm64.h" ++ ++// These trampolines map the gcc ABI to Go ABIInternal and then calls into the Go equivalent functions. ++// Note that C arguments are passed in R0-R7, which matches Go ABIInternal for the first eight arguments. ++// R9 is used as a temporary register. ++ ++TEXT x_cgo_init_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_init_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_thread_start_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_setenv_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_unsetenv_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0-0 ++ CALL ·x_cgo_notify_runtime_init_done(SB) ++ RET ++ ++TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 ++ CALL ·x_cgo_bindm(SB) ++ RET ++ ++// func setg_trampoline(setg uintptr, g uintptr) ++TEXT ·setg_trampoline(SB), NOSPLIT, $0-16 ++ MOVD G+8(FP), R0 ++ MOVD setg+0(FP), R9 ++ CALL R9 ++ RET ++ ++TEXT threadentry_trampoline(SB), NOSPLIT, $0-0 ++ // See crosscall2. ++ SUB $(8*24), RSP ++ STP (R0, R1), (8*1)(RSP) ++ MOVD R3, (8*3)(RSP) ++ ++ SAVE_R19_TO_R28(8*4) ++ SAVE_F8_TO_F15(8*14) ++ ++ MOVD ·threadentry_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ MOVD $0, R0 // TODO: get the return value from threadentry ++ ++ RESTORE_R19_TO_R28(8*4) ++ RESTORE_F8_TO_F15(8*14) ++ ADD $(8*24), RSP ++ RET ++ ++TEXT ·call5(SB), NOSPLIT, $0-0 ++ MOVD fn+0(FP), R9 ++ MOVD a1+8(FP), R0 ++ MOVD a2+16(FP), R1 ++ MOVD a3+24(FP), R2 ++ MOVD a4+32(FP), R3 ++ MOVD a5+40(FP), R4 ++ CALL R9 ++ MOVD R0, ret+48(FP) ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_386.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_386.s +new file mode 100644 +index 00000000000000..eea96638fa9a9b +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_386.s +@@ -0,0 +1,78 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2026 The Ebitengine Authors ++ ++//go:build !cgo && linux ++ ++#include "textflag.h" ++ ++TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT, $4-0 ++ MOVL 8(SP), AX ++ MOVL AX, 0(SP) ++ MOVL ·x_cgo_purego_setegid_call(SB), CX ++ MOVL (CX), CX ++ CALL CX ++ RET ++ ++TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT, $4-0 ++ MOVL 8(SP), AX ++ MOVL AX, 0(SP) ++ MOVL ·x_cgo_purego_seteuid_call(SB), CX ++ MOVL (CX), CX ++ CALL CX ++ RET ++ ++TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT, $4-0 ++ MOVL 8(SP), AX ++ MOVL AX, 0(SP) ++ MOVL ·x_cgo_purego_setgid_call(SB), CX ++ MOVL (CX), CX ++ CALL CX ++ RET ++ ++TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT, $4-0 ++ MOVL 8(SP), AX ++ MOVL AX, 0(SP) ++ MOVL ·x_cgo_purego_setregid_call(SB), CX ++ MOVL (CX), CX ++ CALL CX ++ RET ++ ++TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT, $4-0 ++ MOVL 8(SP), AX ++ MOVL AX, 0(SP) ++ MOVL ·x_cgo_purego_setresgid_call(SB), CX ++ MOVL (CX), CX ++ CALL CX ++ RET ++ ++TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT, $4-0 ++ MOVL 8(SP), AX ++ MOVL AX, 0(SP) ++ MOVL ·x_cgo_purego_setresuid_call(SB), CX ++ MOVL (CX), CX ++ CALL CX ++ RET ++ ++TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT, $4-0 ++ MOVL 8(SP), AX ++ MOVL AX, 0(SP) ++ MOVL ·x_cgo_purego_setreuid_call(SB), CX ++ MOVL (CX), CX ++ CALL CX ++ RET ++ ++TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT, $4-0 ++ MOVL 8(SP), AX ++ MOVL AX, 0(SP) ++ MOVL ·x_cgo_purego_setuid_call(SB), CX ++ MOVL (CX), CX ++ CALL CX ++ RET ++ ++TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT, $4-0 ++ MOVL 8(SP), AX ++ MOVL AX, 0(SP) ++ MOVL ·x_cgo_purego_setgroups_call(SB), CX ++ MOVL (CX), CX ++ CALL CX ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_amd64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_amd64.s +new file mode 100644 +index 00000000000000..424ebc1e7cbb42 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_amd64.s +@@ -0,0 +1,69 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2026 The Ebitengine Authors ++ ++//go:build !cgo && linux ++ ++#include "textflag.h" ++ ++TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_purego_setegid_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_purego_seteuid_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_purego_setgid_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_purego_setregid_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_purego_setresgid_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_purego_setresuid_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_purego_setreuid_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_purego_setuid_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET ++ ++TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT, $8 ++ MOVQ DI, AX ++ MOVQ ·x_cgo_purego_setgroups_call(SB), R11 ++ MOVQ (R11), R11 ++ CALL R11 ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_arm.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_arm.s +new file mode 100644 +index 00000000000000..284fe5d0e3a87a +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_arm.s +@@ -0,0 +1,69 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2026 The Ebitengine Authors ++ ++//go:build !cgo && linux ++ ++#include "textflag.h" ++ ++TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT, $8-0 ++ MOVW R0, 4(R13) ++ MOVW ·x_cgo_purego_setegid_call(SB), R12 ++ MOVW (R12), R12 ++ CALL (R12) ++ RET ++ ++TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT, $8-0 ++ MOVW R0, 4(R13) ++ MOVW ·x_cgo_purego_seteuid_call(SB), R12 ++ MOVW (R12), R12 ++ CALL (R12) ++ RET ++ ++TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT, $8-0 ++ MOVW R0, 4(R13) ++ MOVW ·x_cgo_purego_setgid_call(SB), R12 ++ MOVW (R12), R12 ++ CALL (R12) ++ RET ++ ++TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT, $8-0 ++ MOVW R0, 4(R13) ++ MOVW ·x_cgo_purego_setregid_call(SB), R12 ++ MOVW (R12), R12 ++ CALL (R12) ++ RET ++ ++TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT, $8-0 ++ MOVW R0, 4(R13) ++ MOVW ·x_cgo_purego_setresgid_call(SB), R12 ++ MOVW (R12), R12 ++ CALL (R12) ++ RET ++ ++TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT, $8-0 ++ MOVW R0, 4(R13) ++ MOVW ·x_cgo_purego_setresuid_call(SB), R12 ++ MOVW (R12), R12 ++ CALL (R12) ++ RET ++ ++TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT, $8-0 ++ MOVW R0, 4(R13) ++ MOVW ·x_cgo_purego_setreuid_call(SB), R12 ++ MOVW (R12), R12 ++ CALL (R12) ++ RET ++ ++TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT, $8-0 ++ MOVW R0, 4(R13) ++ MOVW ·x_cgo_purego_setuid_call(SB), R12 ++ MOVW (R12), R12 ++ CALL (R12) ++ RET ++ ++TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT, $8-0 ++ MOVW R0, 4(R13) ++ MOVW ·x_cgo_purego_setgroups_call(SB), R12 ++ MOVW (R12), R12 ++ CALL (R12) ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_arm64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_arm64.s +new file mode 100644 +index 00000000000000..771910817b7686 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_arm64.s +@@ -0,0 +1,60 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2026 The Ebitengine Authors ++ ++//go:build !cgo && linux ++ ++#include "textflag.h" ++ ++TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_purego_setegid_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_purego_seteuid_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_purego_setgid_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_purego_setregid_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_purego_setresgid_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_purego_setresuid_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_purego_setreuid_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_purego_setuid_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET ++ ++TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_purego_setgroups_call(SB), R9 ++ MOVD (R9), R9 ++ CALL R9 ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_loong64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_loong64.s +new file mode 100644 +index 00000000000000..ebcc1176c0a0a6 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_loong64.s +@@ -0,0 +1,60 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2026 The Ebitengine Authors ++ ++//go:build !cgo && linux ++ ++#include "textflag.h" ++ ++TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT, $8 ++ MOVV ·x_cgo_purego_setegid_call(SB), R23 ++ MOVV (R23), R23 ++ CALL (R23) ++ RET ++ ++TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT, $8 ++ MOVV ·x_cgo_purego_seteuid_call(SB), R23 ++ MOVV (R23), R23 ++ CALL (R23) ++ RET ++ ++TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT, $8 ++ MOVV ·x_cgo_purego_setgid_call(SB), R23 ++ MOVV (R23), R23 ++ CALL (R23) ++ RET ++ ++TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT, $8 ++ MOVV ·x_cgo_purego_setregid_call(SB), R23 ++ MOVV (R23), R23 ++ CALL (R23) ++ RET ++ ++TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT, $8 ++ MOVV ·x_cgo_purego_setresgid_call(SB), R23 ++ MOVV (R23), R23 ++ CALL (R23) ++ RET ++ ++TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT, $8 ++ MOVV ·x_cgo_purego_setresuid_call(SB), R23 ++ MOVV (R23), R23 ++ CALL (R23) ++ RET ++ ++TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT, $8 ++ MOVV ·x_cgo_purego_setreuid_call(SB), R23 ++ MOVV (R23), R23 ++ CALL (R23) ++ RET ++ ++TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT, $8 ++ MOVV ·x_cgo_purego_setuid_call(SB), R23 ++ MOVV (R23), R23 ++ CALL (R23) ++ RET ++ ++TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT, $8 ++ MOVV ·x_cgo_purego_setgroups_call(SB), R23 ++ MOVV (R23), R23 ++ CALL (R23) ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_ppc64le.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_ppc64le.s +new file mode 100644 +index 00000000000000..59a95a929fb5c2 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_ppc64le.s +@@ -0,0 +1,69 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2026 The Ebitengine Authors ++ ++//go:build !cgo && linux ++ ++#include "textflag.h" ++ ++TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT, $8-0 ++ MOVD ·x_cgo_purego_setegid_call(SB), R12 ++ MOVD (R12), R12 ++ MOVD R12, CTR ++ CALL CTR ++ RET ++ ++TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT, $8-0 ++ MOVD ·x_cgo_purego_seteuid_call(SB), R12 ++ MOVD (R12), R12 ++ MOVD R12, CTR ++ CALL CTR ++ RET ++ ++TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT, $8-0 ++ MOVD ·x_cgo_purego_setgid_call(SB), R12 ++ MOVD (R12), R12 ++ MOVD R12, CTR ++ CALL CTR ++ RET ++ ++TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT, $8-0 ++ MOVD ·x_cgo_purego_setregid_call(SB), R12 ++ MOVD (R12), R12 ++ MOVD R12, CTR ++ CALL CTR ++ RET ++ ++TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT, $8-0 ++ MOVD ·x_cgo_purego_setresgid_call(SB), R12 ++ MOVD (R12), R12 ++ MOVD R12, CTR ++ CALL CTR ++ RET ++ ++TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT, $8-0 ++ MOVD ·x_cgo_purego_setresuid_call(SB), R12 ++ MOVD (R12), R12 ++ MOVD R12, CTR ++ CALL CTR ++ RET ++ ++TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT, $8-0 ++ MOVD ·x_cgo_purego_setreuid_call(SB), R12 ++ MOVD (R12), R12 ++ MOVD R12, CTR ++ CALL CTR ++ RET ++ ++TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT, $8-0 ++ MOVD ·x_cgo_purego_setuid_call(SB), R12 ++ MOVD (R12), R12 ++ MOVD R12, CTR ++ CALL CTR ++ RET ++ ++TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT, $8-0 ++ MOVD ·x_cgo_purego_setgroups_call(SB), R12 ++ MOVD (R12), R12 ++ MOVD R12, CTR ++ CALL CTR ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_riscv64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_riscv64.s +new file mode 100644 +index 00000000000000..9e892dbd2daf71 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_riscv64.s +@@ -0,0 +1,60 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2026 The Ebitengine Authors ++ ++//go:build !cgo && linux ++ ++#include "textflag.h" ++ ++TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT, $8 ++ MOV ·x_cgo_purego_setegid_call(SB), X5 ++ MOV (X5), X5 ++ CALL X5 ++ RET ++ ++TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT, $8 ++ MOV ·x_cgo_purego_seteuid_call(SB), X5 ++ MOV (X5), X5 ++ CALL X5 ++ RET ++ ++TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT, $8 ++ MOV ·x_cgo_purego_setgid_call(SB), X5 ++ MOV (X5), X5 ++ CALL X5 ++ RET ++ ++TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT, $8 ++ MOV ·x_cgo_purego_setregid_call(SB), X5 ++ MOV (X5), X5 ++ CALL X5 ++ RET ++ ++TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT, $8 ++ MOV ·x_cgo_purego_setresgid_call(SB), X5 ++ MOV (X5), X5 ++ CALL X5 ++ RET ++ ++TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT, $8 ++ MOV ·x_cgo_purego_setresuid_call(SB), X5 ++ MOV (X5), X5 ++ CALL X5 ++ RET ++ ++TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT, $8 ++ MOV ·x_cgo_purego_setreuid_call(SB), X5 ++ MOV (X5), X5 ++ CALL X5 ++ RET ++ ++TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT, $8 ++ MOV ·x_cgo_purego_setuid_call(SB), X5 ++ MOV (X5), X5 ++ CALL X5 ++ RET ++ ++TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT, $8 ++ MOV ·x_cgo_purego_setgroups_call(SB), X5 ++ MOV (X5), X5 ++ CALL X5 ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_s390x.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_s390x.s +new file mode 100644 +index 00000000000000..ce4247c989f4c1 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_linux_s390x.s +@@ -0,0 +1,53 @@ ++// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build go1.27 && !cgo ++ ++#include "textflag.h" ++ ++TEXT _cgo_purego_setegid_trampoline(SB), NOSPLIT|NOFRAME, $0 ++ MOVD ·x_cgo_purego_setegid_call(SB), R1 ++ MOVD (R1), R1 ++ BR R1 ++ ++TEXT _cgo_purego_seteuid_trampoline(SB), NOSPLIT|NOFRAME, $0 ++ MOVD ·x_cgo_purego_seteuid_call(SB), R1 ++ MOVD (R1), R1 ++ BR R1 ++ ++TEXT _cgo_purego_setgid_trampoline(SB), NOSPLIT|NOFRAME, $0 ++ MOVD ·x_cgo_purego_setgid_call(SB), R1 ++ MOVD (R1), R1 ++ BR R1 ++ ++TEXT _cgo_purego_setregid_trampoline(SB), NOSPLIT|NOFRAME, $0 ++ MOVD ·x_cgo_purego_setregid_call(SB), R1 ++ MOVD (R1), R1 ++ BR R1 ++ ++TEXT _cgo_purego_setresgid_trampoline(SB), NOSPLIT|NOFRAME, $0 ++ MOVD ·x_cgo_purego_setresgid_call(SB), R1 ++ MOVD (R1), R1 ++ BR R1 ++ ++TEXT _cgo_purego_setresuid_trampoline(SB), NOSPLIT|NOFRAME, $0 ++ MOVD ·x_cgo_purego_setresuid_call(SB), R1 ++ MOVD (R1), R1 ++ BR R1 ++ ++TEXT _cgo_purego_setreuid_trampoline(SB), NOSPLIT|NOFRAME, $0 ++ MOVD ·x_cgo_purego_setreuid_call(SB), R1 ++ MOVD (R1), R1 ++ BR R1 ++ ++TEXT _cgo_purego_setuid_trampoline(SB), NOSPLIT|NOFRAME, $0 ++ MOVD ·x_cgo_purego_setuid_call(SB), R1 ++ MOVD (R1), R1 ++ BR R1 ++ ++TEXT _cgo_purego_setgroups_trampoline(SB), NOSPLIT|NOFRAME, $0 ++ MOVD ·x_cgo_purego_setgroups_call(SB), R1 ++ MOVD (R1), R1 ++ BR R1 +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_loong64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_loong64.s +new file mode 100644 +index 00000000000000..b93b5da90a8333 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_loong64.s +@@ -0,0 +1,78 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2025 The Ebitengine Authors ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++#include "textflag.h" ++#include "go_asm.h" ++#include "abi_loong64.h" ++ ++// these trampolines map the gcc ABI to Go ABI and then calls into the Go equivalent functions. ++// R23 is used as temporary register. ++ ++TEXT x_cgo_init_trampoline(SB), NOSPLIT, $16 ++ MOVV ·x_cgo_init_call(SB), R23 ++ MOVV (R23), R23 ++ CALL (R23) ++ RET ++ ++TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $8 ++ MOVV ·x_cgo_thread_start_call(SB), R23 ++ MOVV (R23), R23 ++ CALL (R23) ++ RET ++ ++TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $8 ++ MOVV ·x_cgo_setenv_call(SB), R23 ++ MOVV (R23), R23 ++ CALL (R23) ++ RET ++ ++TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $8 ++ MOVV ·x_cgo_unsetenv_call(SB), R23 ++ MOVV (R23), R23 ++ CALL (R23) ++ RET ++ ++TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0 ++ CALL ·x_cgo_notify_runtime_init_done(SB) ++ RET ++ ++TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 ++ CALL ·x_cgo_bindm(SB) ++ RET ++ ++// func setg_trampoline(setg uintptr, g uintptr) ++TEXT ·setg_trampoline(SB), NOSPLIT, $0 ++ MOVV G+8(FP), R4 ++ MOVV setg+0(FP), R23 ++ CALL (R23) ++ RET ++ ++TEXT threadentry_trampoline(SB), NOSPLIT, $176 ++ // See crosscall2. ++ MOVV R4, (1*8)(R3) // fn unsafe.Pointer ++ MOVV R5, (2*8)(R3) // a unsafe.Pointer ++ MOVV R7, (3*8)(R3) // ctxt uintptr ++ ++ SAVE_R22_TO_R31((4*8)) ++ SAVE_F24_TO_F31((14*8)) ++ ++ MOVV ·threadentry_call(SB), R23 ++ MOVV (R23), R23 ++ CALL (R23) ++ ++ RESTORE_R22_TO_R31((4*8)) ++ RESTORE_F24_TO_F31((14*8)) ++ RET ++ ++TEXT ·call5(SB), NOSPLIT, $0-0 ++ MOVV fn+0(FP), R23 ++ MOVV a1+8(FP), R4 ++ MOVV a2+16(FP), R5 ++ MOVV a3+24(FP), R6 ++ MOVV a4+32(FP), R7 ++ MOVV a5+40(FP), R8 ++ CALL (R23) ++ MOVV R4, ret+48(FP) ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_ppc64le.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_ppc64le.s +new file mode 100644 +index 00000000000000..444529d8ae820b +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_ppc64le.s +@@ -0,0 +1,128 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2026 The Ebitengine Authors ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++#include "textflag.h" ++#include "go_asm.h" ++#include "abi_ppc64x.h" ++ ++// These trampolines map the C ABI to Go ABI and call into the Go equivalent functions. ++ ++TEXT x_cgo_init_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_init_call(SB), R12 ++ MOVD (R12), R12 ++ MOVD R12, CTR ++ CALL CTR ++ RET ++ ++TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_thread_start_call(SB), R12 ++ MOVD (R12), R12 ++ MOVD R12, CTR ++ CALL CTR ++ RET ++ ++TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_setenv_call(SB), R12 ++ MOVD (R12), R12 ++ MOVD R12, CTR ++ CALL CTR ++ RET ++ ++TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $0-0 ++ MOVD ·x_cgo_unsetenv_call(SB), R12 ++ MOVD (R12), R12 ++ MOVD R12, CTR ++ CALL CTR ++ RET ++ ++TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0-0 ++ CALL ·x_cgo_notify_runtime_init_done(SB) ++ RET ++ ++TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0-0 ++ CALL ·x_cgo_bindm(SB) ++ RET ++ ++// func setg_trampoline(setg uintptr, g uintptr) ++TEXT ·setg_trampoline(SB), NOSPLIT, $16-16 ++ MOVD R31, 8(R1) // save R31 (load_g clobbers it) ++ ++ MOVD setg+0(FP), R12 ++ MOVD newg+8(FP), R3 ++ ++ MOVD R12, CTR ++ CALL CTR ++ ++ CALL runtime·load_g(SB) ++ ++ MOVD 8(R1), R31 ++ XOR R0, R0, R0 ++ RET ++ ++TEXT threadentry_trampoline(SB), NOSPLIT|NOFRAME, $0-0 ++ // Called from C (pthread_create). Must save all C callee-saved registers. ++ // Uses NOFRAME for proper ELFv2 backchain via MOVDU. ++ MOVD LR, R0 ++ MOVD R0, 16(R1) ++ MOVW CR, R0 ++ MOVD R0, 8(R1) ++ ++ MOVDU R1, -320(R1) ++ ++ SAVE_GPR(32) ++ SAVE_FPR(32+SAVE_GPR_SIZE) ++ ++ MOVD $0, R0 ++ ++ MOVD ·threadentry_call(SB), R12 ++ MOVD (R12), R12 ++ MOVD R12, CTR ++ CALL CTR ++ ++ RESTORE_FPR(32+SAVE_GPR_SIZE) ++ RESTORE_GPR(32) ++ ++ ADD $320, R1 ++ ++ MOVD 16(R1), R0 ++ MOVD R0, LR ++ MOVD 8(R1), R0 ++ MOVW R0, CR ++ RET ++ ++TEXT ·call5(SB), NOSPLIT|NOFRAME, $0-56 ++ MOVD LR, R20 ++ MOVW CR, R21 ++ ++ // Load arguments from Go stack into C argument registers ++ // Go placed args at 32(R1), 40(R1), etc. ++ MOVD 32(R1), R12 // fn ++ MOVD 40(R1), R3 // a1 → first C arg ++ MOVD 48(R1), R4 // a2 → second C arg ++ MOVD 56(R1), R5 // a3 → third C arg ++ MOVD 64(R1), R6 // a4 → fourth C arg ++ MOVD 72(R1), R7 // a5 → fifth C arg ++ ++ MOVDU R1, -32(R1) ++ ++ MOVD R12, CTR ++ CALL CTR ++ ++ // Store return value ++ // After MOVDU -32, original 80(R1) is now at 80+32=112(R1) ++ MOVD R3, (80+32)(R1) ++ ++ // Deallocate frame ++ ADD $32, R1 ++ ++ // Clear R0 before returning to Go code. ++ // Go uses R0 as a constant 0 register for things like "std r0,X(r1)" ++ // to zero stack locations. C functions may leave garbage in R0. ++ XOR R0, R0, R0 ++ ++ // Restore LR/CR from non-volatile registers ++ MOVD R20, LR ++ MOVW R21, CR ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_riscv64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_riscv64.s +new file mode 100644 +index 00000000000000..b162fdde234629 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_riscv64.s +@@ -0,0 +1,76 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2026 The Ebitengine Authors ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++#include "textflag.h" ++#include "go_asm.h" ++#include "abi_riscv64.h" ++ ++// these trampolines map the gcc ABI to Go ABI and then calls into the Go equivalent functions. ++// X5 is used as temporary register. ++ ++TEXT x_cgo_init_trampoline(SB), NOSPLIT, $16 ++ MOV ·x_cgo_init_call(SB), X5 ++ MOV (X5), X5 ++ CALL X5 ++ RET ++ ++TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $8 ++ MOV ·x_cgo_thread_start_call(SB), X5 ++ MOV (X5), X5 ++ CALL X5 ++ RET ++ ++TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $8 ++ MOV ·x_cgo_setenv_call(SB), X5 ++ MOV (X5), X5 ++ CALL X5 ++ RET ++ ++TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $8 ++ MOV ·x_cgo_unsetenv_call(SB), X5 ++ MOV (X5), X5 ++ CALL X5 ++ RET ++ ++TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0 ++ CALL ·x_cgo_notify_runtime_init_done(SB) ++ RET ++ ++TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 ++ CALL ·x_cgo_bindm(SB) ++ RET ++ ++// func setg_trampoline(setg uintptr, g uintptr) ++TEXT ·setg_trampoline(SB), NOSPLIT, $0 ++ MOV gp+8(FP), X10 ++ MOV setg+0(FP), X5 ++ CALL X5 ++ RET ++ ++TEXT threadentry_trampoline(SB), NOSPLIT, $200 ++ MOV X10, 8(SP) ++ ++ SAVE_GPR(8*2) ++ SAVE_FPR(8*14) ++ ++ MOV ·threadentry_call(SB), X5 ++ MOV (X5), X5 ++ CALL X5 ++ ++ RESTORE_GPR(8*2) ++ RESTORE_FPR(8*14) ++ ++ RET ++ ++TEXT ·call5(SB), NOSPLIT, $0-48 ++ MOV fn+0(FP), X5 ++ MOV a1+8(FP), X10 ++ MOV a2+16(FP), X11 ++ MOV a3+24(FP), X12 ++ MOV a4+32(FP), X13 ++ MOV a5+40(FP), X14 ++ CALL X5 ++ MOV X10, ret+48(FP) ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_s390x.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_s390x.s +new file mode 100644 +index 00000000000000..2b68d438e4ec1d +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/trampolines_s390x.s +@@ -0,0 +1,154 @@ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2026 The Ebitengine Authors ++ ++//go:build go1.27 && !cgo && linux ++ ++#include "textflag.h" ++#include "go_asm.h" ++ ++// these trampolines map the gcc ABI to Go ABI and then calls into the Go equivalent functions. ++// Note that C arguments are passed in R2-R6, which matches Go ABIInternal for the first five arguments. ++// R1 is used as a temporary register. ++ ++TEXT x_cgo_init_trampoline(SB), NOSPLIT|NOFRAME, $0-0 ++ MOVD R15, R1 ++ SUB $192, R15 ++ MOVD R1, 0(R15) // backchain ++ MOVD R14, 160(R15) // save R14 ++ MOVD R9, 168(R15) // save R9 (Go runtime needs this preserved) ++ ++ MOVD ·x_cgo_init_call(SB), R1 ++ MOVD (R1), R1 ++ BL R1 ++ ++ MOVD 168(R15), R9 ++ MOVD 160(R15), R14 ++ ADD $192, R15 ++ BR R14 ++ ++TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT|NOFRAME, $0-0 ++ MOVD R15, R1 ++ SUB $176, R15 ++ MOVD R1, 0(R15) // backchain ++ MOVD R14, 152(R15) // save R14 ++ ++ MOVD ·x_cgo_thread_start_call(SB), R1 ++ MOVD (R1), R1 ++ BL R1 ++ ++ MOVD 152(R15), R14 ++ ADD $176, R15 ++ BR R14 ++ ++TEXT x_cgo_setenv_trampoline(SB), NOSPLIT|NOFRAME, $0-0 ++ MOVD R15, R1 ++ SUB $176, R15 ++ MOVD R1, 0(R15) // backchain ++ MOVD R14, 152(R15) // save R14 ++ ++ MOVD ·x_cgo_setenv_call(SB), R1 ++ MOVD (R1), R1 ++ BL R1 ++ ++ MOVD 152(R15), R14 ++ ADD $176, R15 ++ BR R14 ++ ++TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT|NOFRAME, $0-0 ++ MOVD R15, R1 ++ SUB $176, R15 ++ MOVD R1, 0(R15) // backchain ++ MOVD R14, 152(R15) // save R14 ++ ++ MOVD ·x_cgo_unsetenv_call(SB), R1 ++ MOVD (R1), R1 ++ BL R1 ++ ++ MOVD 152(R15), R14 ++ ADD $176, R15 ++ BR R14 ++ ++// These just tail-call into Go functions ++TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT|NOFRAME, $0-0 ++ BR ·x_cgo_notify_runtime_init_done(SB) ++ ++TEXT x_cgo_bindm_trampoline(SB), NOSPLIT|NOFRAME, $0-0 ++ BR ·x_cgo_bindm(SB) ++ ++// setg_trampoline(setg uintptr, g uintptr) - called from Go ++TEXT ·setg_trampoline(SB), NOSPLIT|NOFRAME, $0-16 ++ MOVD 8(R15), R1 // setg function pointer ++ MOVD 16(R15), R2 // g pointer -> C arg ++ ++ MOVD R14, R0 ++ MOVD R15, R3 ++ SUB $160, R15 ++ MOVD R3, 0(R15) ++ MOVD R0, 112(R15) ++ ++ BL R1 // call setg_gcc ++ BL runtime·load_g(SB) ++ ++ MOVD 112(R15), R14 ++ ADD $160, R15 ++ BR R14 ++ ++TEXT threadentry_trampoline(SB), NOSPLIT|NOFRAME, $0-0 ++ STMG R6, R15, 48(R15) // C save area ++ MOVD R15, R1 ++ SUB $176, R15 ++ MOVD R1, 0(R15) // backchain ++ ++ MOVD ·threadentry_call(SB), R1 ++ MOVD (R1), R1 ++ BL R1 ++ ++ ADD $176, R15 ++ LMG 48(R15), R6, R15 ++ RET ++ ++TEXT ·call5(SB), NOSPLIT|NOFRAME, $0-56 ++ // Load Go args before modifying R15 ++ MOVD 8(R15), R1 // fn ++ MOVD 16(R15), R7 // a1 ++ MOVD 24(R15), R8 // a2 ++ MOVD 32(R15), R9 // a3 ++ MOVD 40(R15), R10 // a4 ++ MOVD 48(R15), R11 // a5 ++ ++ // Save state ++ MOVD R15, R0 // original R15 ++ MOVD R12, R6 // Go's R12 ++ ADD $-128, R15 ++ ++ // Set up C frame with backchain ++ MOVD R0, 0(R15) // backchain -> original R15 ++ MOVD R0, R3 // R3 = original R15 (can't use R0 as base!) ++ MOVD 0(R3), R7 // save 0(original R15) ++ MOVD $0, 0(R3) // terminate backchain ++ ++ // Save context ++ MOVD R14, 8(R15) ++ MOVD R6, 16(R15) // R12 ++ MOVD R0, 24(R15) // original R15 ++ MOVD R7, 32(R15) // saved backchain ++ ++ // Set up C args (reload a1 since R7 was clobbered) ++ MOVD 16(R3), R2 // a1 (use R3 as base, not R0!) ++ MOVD R8, R3 // a2 ++ MOVD R9, R4 // a3 ++ MOVD R10, R5 // a4 ++ MOVD R11, R6 // a5 ++ ++ BL R1 ++ ++ // Store result and restore ++ MOVD 24(R15), R3 // original R15 ++ MOVD R2, 56(R3) // return value ++ MOVD 32(R15), R7 ++ MOVD R7, 0(R3) // restore backchain ++ ++ MOVD 8(R15), R14 ++ MOVD 16(R15), R12 ++ MOVD 24(R15), R15 ++ BR R14 +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols.go +new file mode 100644 +index 00000000000000..e1339193b9764d +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols.go +@@ -0,0 +1,165 @@ ++// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++package fakecgo ++ ++import ( ++ "syscall" ++ "unsafe" ++) ++ ++//go:nosplit ++//go:norace ++func malloc(size uintptr) unsafe.Pointer { ++ ret := call5(mallocABI0, uintptr(size), 0, 0, 0, 0) ++ // this indirection is to avoid go vet complaining about possible misuse of unsafe.Pointer ++ return *(*unsafe.Pointer)(unsafe.Pointer(&ret)) ++} ++ ++//go:nosplit ++//go:norace ++func free(ptr unsafe.Pointer) { ++ call5(freeABI0, uintptr(ptr), 0, 0, 0, 0) ++} ++ ++//go:nosplit ++//go:norace ++func setenv(name *byte, value *byte, overwrite int32) int32 { ++ return int32(call5(setenvABI0, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(value)), uintptr(overwrite), 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func unsetenv(name *byte) int32 { ++ return int32(call5(unsetenvABI0, uintptr(unsafe.Pointer(name)), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func sigfillset(set *sigset_t) int32 { ++ return int32(call5(sigfillsetABI0, uintptr(unsafe.Pointer(set)), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func nanosleep(ts *syscall.Timespec, rem *syscall.Timespec) int32 { ++ return int32(call5(nanosleepABI0, uintptr(unsafe.Pointer(ts)), uintptr(unsafe.Pointer(rem)), 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func abort() { ++ call5(abortABI0, 0, 0, 0, 0, 0) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_attr_init(attr *pthread_attr_t) int32 { ++ return int32(call5(pthread_attr_initABI0, uintptr(unsafe.Pointer(attr)), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_create(thread *pthread_t, attr *pthread_attr_t, start unsafe.Pointer, arg unsafe.Pointer) int32 { ++ return int32(call5(pthread_createABI0, uintptr(unsafe.Pointer(thread)), uintptr(unsafe.Pointer(attr)), uintptr(start), uintptr(arg), 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_detach(thread pthread_t) int32 { ++ return int32(call5(pthread_detachABI0, uintptr(thread), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_sigmask(how sighow, ign *sigset_t, oset *sigset_t) int32 { ++ return int32(call5(pthread_sigmaskABI0, uintptr(how), uintptr(unsafe.Pointer(ign)), uintptr(unsafe.Pointer(oset)), 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_mutex_lock(mutex *pthread_mutex_t) int32 { ++ return int32(call5(pthread_mutex_lockABI0, uintptr(unsafe.Pointer(mutex)), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_mutex_unlock(mutex *pthread_mutex_t) int32 { ++ return int32(call5(pthread_mutex_unlockABI0, uintptr(unsafe.Pointer(mutex)), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_cond_broadcast(cond *pthread_cond_t) int32 { ++ return int32(call5(pthread_cond_broadcastABI0, uintptr(unsafe.Pointer(cond)), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_setspecific(key pthread_key_t, value unsafe.Pointer) int32 { ++ return int32(call5(pthread_setspecificABI0, uintptr(key), uintptr(value), 0, 0, 0)) ++} ++ ++//go:linkname _malloc _malloc ++var _malloc uint8 ++var mallocABI0 = uintptr(unsafe.Pointer(&_malloc)) ++ ++//go:linkname _free _free ++var _free uint8 ++var freeABI0 = uintptr(unsafe.Pointer(&_free)) ++ ++//go:linkname _setenv _setenv ++var _setenv uint8 ++var setenvABI0 = uintptr(unsafe.Pointer(&_setenv)) ++ ++//go:linkname _unsetenv _unsetenv ++var _unsetenv uint8 ++var unsetenvABI0 = uintptr(unsafe.Pointer(&_unsetenv)) ++ ++//go:linkname _sigfillset _sigfillset ++var _sigfillset uint8 ++var sigfillsetABI0 = uintptr(unsafe.Pointer(&_sigfillset)) ++ ++//go:linkname _nanosleep _nanosleep ++var _nanosleep uint8 ++var nanosleepABI0 = uintptr(unsafe.Pointer(&_nanosleep)) ++ ++//go:linkname _abort _abort ++var _abort uint8 ++var abortABI0 = uintptr(unsafe.Pointer(&_abort)) ++ ++//go:linkname _pthread_attr_init _pthread_attr_init ++var _pthread_attr_init uint8 ++var pthread_attr_initABI0 = uintptr(unsafe.Pointer(&_pthread_attr_init)) ++ ++//go:linkname _pthread_create _pthread_create ++var _pthread_create uint8 ++var pthread_createABI0 = uintptr(unsafe.Pointer(&_pthread_create)) ++ ++//go:linkname _pthread_detach _pthread_detach ++var _pthread_detach uint8 ++var pthread_detachABI0 = uintptr(unsafe.Pointer(&_pthread_detach)) ++ ++//go:linkname _pthread_sigmask _pthread_sigmask ++var _pthread_sigmask uint8 ++var pthread_sigmaskABI0 = uintptr(unsafe.Pointer(&_pthread_sigmask)) ++ ++//go:linkname _pthread_mutex_lock _pthread_mutex_lock ++var _pthread_mutex_lock uint8 ++var pthread_mutex_lockABI0 = uintptr(unsafe.Pointer(&_pthread_mutex_lock)) ++ ++//go:linkname _pthread_mutex_unlock _pthread_mutex_unlock ++var _pthread_mutex_unlock uint8 ++var pthread_mutex_unlockABI0 = uintptr(unsafe.Pointer(&_pthread_mutex_unlock)) ++ ++//go:linkname _pthread_cond_broadcast _pthread_cond_broadcast ++var _pthread_cond_broadcast uint8 ++var pthread_cond_broadcastABI0 = uintptr(unsafe.Pointer(&_pthread_cond_broadcast)) ++ ++//go:linkname _pthread_setspecific _pthread_setspecific ++var _pthread_setspecific uint8 ++var pthread_setspecificABI0 = uintptr(unsafe.Pointer(&_pthread_setspecific)) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols_darwin.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols_darwin.go +new file mode 100644 +index 00000000000000..960f8168eb88d7 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols_darwin.go +@@ -0,0 +1,59 @@ ++// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo ++ ++package fakecgo ++ ++import "unsafe" ++ ++//go:cgo_import_dynamic purego_malloc malloc "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_free free "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_setenv setenv "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_unsetenv unsetenv "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_sigfillset sigfillset "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_nanosleep nanosleep "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_abort abort "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_create pthread_create "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_detach pthread_detach "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_mutex_lock pthread_mutex_lock "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_mutex_unlock pthread_mutex_unlock "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_cond_broadcast pthread_cond_broadcast "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_setspecific pthread_setspecific "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_self pthread_self "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_get_stacksize_np pthread_get_stacksize_np "/usr/lib/libSystem.B.dylib" ++//go:cgo_import_dynamic purego_pthread_attr_setstacksize pthread_attr_setstacksize "/usr/lib/libSystem.B.dylib" ++ ++//go:nosplit ++//go:norace ++func pthread_self() pthread_t { ++ return pthread_t(call5(pthread_selfABI0, 0, 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_get_stacksize_np(thread pthread_t) size_t { ++ return size_t(call5(pthread_get_stacksize_npABI0, uintptr(thread), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_attr_setstacksize(attr *pthread_attr_t, size size_t) int32 { ++ return int32(call5(pthread_attr_setstacksizeABI0, uintptr(unsafe.Pointer(attr)), uintptr(size), 0, 0, 0)) ++} ++ ++//go:linkname _pthread_self _pthread_self ++var _pthread_self uint8 ++var pthread_selfABI0 = uintptr(unsafe.Pointer(&_pthread_self)) ++ ++//go:linkname _pthread_get_stacksize_np _pthread_get_stacksize_np ++var _pthread_get_stacksize_np uint8 ++var pthread_get_stacksize_npABI0 = uintptr(unsafe.Pointer(&_pthread_get_stacksize_np)) ++ ++//go:linkname _pthread_attr_setstacksize _pthread_attr_setstacksize ++var _pthread_attr_setstacksize uint8 ++var pthread_attr_setstacksizeABI0 = uintptr(unsafe.Pointer(&_pthread_attr_setstacksize)) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols_freebsd.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols_freebsd.go +new file mode 100644 +index 00000000000000..d69775596fddf3 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols_freebsd.go +@@ -0,0 +1,48 @@ ++// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo ++ ++package fakecgo ++ ++import "unsafe" ++ ++//go:cgo_import_dynamic purego_malloc malloc "libc.so.7" ++//go:cgo_import_dynamic purego_free free "libc.so.7" ++//go:cgo_import_dynamic purego_setenv setenv "libc.so.7" ++//go:cgo_import_dynamic purego_unsetenv unsetenv "libc.so.7" ++//go:cgo_import_dynamic purego_sigfillset sigfillset "libc.so.7" ++//go:cgo_import_dynamic purego_nanosleep nanosleep "libc.so.7" ++//go:cgo_import_dynamic purego_abort abort "libc.so.7" ++//go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "libpthread.so" ++//go:cgo_import_dynamic purego_pthread_create pthread_create "libpthread.so" ++//go:cgo_import_dynamic purego_pthread_detach pthread_detach "libpthread.so" ++//go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "libpthread.so" ++//go:cgo_import_dynamic purego_pthread_mutex_lock pthread_mutex_lock "libpthread.so" ++//go:cgo_import_dynamic purego_pthread_mutex_unlock pthread_mutex_unlock "libpthread.so" ++//go:cgo_import_dynamic purego_pthread_cond_broadcast pthread_cond_broadcast "libpthread.so" ++//go:cgo_import_dynamic purego_pthread_setspecific pthread_setspecific "libpthread.so" ++//go:cgo_import_dynamic purego_pthread_attr_getstacksize pthread_attr_getstacksize "libpthread.so" ++//go:cgo_import_dynamic purego_pthread_attr_destroy pthread_attr_destroy "libpthread.so" ++ ++//go:nosplit ++//go:norace ++func pthread_attr_getstacksize(attr *pthread_attr_t, stacksize *size_t) int32 { ++ return int32(call5(pthread_attr_getstacksizeABI0, uintptr(unsafe.Pointer(attr)), uintptr(unsafe.Pointer(stacksize)), 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_attr_destroy(attr *pthread_attr_t) int32 { ++ return int32(call5(pthread_attr_destroyABI0, uintptr(unsafe.Pointer(attr)), 0, 0, 0, 0)) ++} ++ ++//go:linkname _pthread_attr_getstacksize _pthread_attr_getstacksize ++var _pthread_attr_getstacksize uint8 ++var pthread_attr_getstacksizeABI0 = uintptr(unsafe.Pointer(&_pthread_attr_getstacksize)) ++ ++//go:linkname _pthread_attr_destroy _pthread_attr_destroy ++var _pthread_attr_destroy uint8 ++var pthread_attr_destroyABI0 = uintptr(unsafe.Pointer(&_pthread_attr_destroy)) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols_linux.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols_linux.go +new file mode 100644 +index 00000000000000..cbb120431ab6bb +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/zsymbols_linux.go +@@ -0,0 +1,158 @@ ++// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo ++ ++package fakecgo ++ ++import "unsafe" ++ ++//go:cgo_import_dynamic purego_malloc malloc "libc.so.6" ++//go:cgo_import_dynamic purego_free free "libc.so.6" ++//go:cgo_import_dynamic purego_setenv setenv "libc.so.6" ++//go:cgo_import_dynamic purego_unsetenv unsetenv "libc.so.6" ++//go:cgo_import_dynamic purego_sigfillset sigfillset "libc.so.6" ++//go:cgo_import_dynamic purego_nanosleep nanosleep "libc.so.6" ++//go:cgo_import_dynamic purego_abort abort "libc.so.6" ++//go:cgo_import_dynamic purego___errno_location __errno_location "libc.so.6" ++//go:cgo_import_dynamic purego_setegid setegid "libc.so.6" ++//go:cgo_import_dynamic purego_seteuid seteuid "libc.so.6" ++//go:cgo_import_dynamic purego_setgid setgid "libc.so.6" ++//go:cgo_import_dynamic purego_setregid setregid "libc.so.6" ++//go:cgo_import_dynamic purego_setresgid setresgid "libc.so.6" ++//go:cgo_import_dynamic purego_setresuid setresuid "libc.so.6" ++//go:cgo_import_dynamic purego_setreuid setreuid "libc.so.6" ++//go:cgo_import_dynamic purego_setuid setuid "libc.so.6" ++//go:cgo_import_dynamic purego_setgroups setgroups "libc.so.6" ++//go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "libpthread.so.0" ++//go:cgo_import_dynamic purego_pthread_create pthread_create "libpthread.so.0" ++//go:cgo_import_dynamic purego_pthread_detach pthread_detach "libpthread.so.0" ++//go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "libpthread.so.0" ++//go:cgo_import_dynamic purego_pthread_mutex_lock pthread_mutex_lock "libpthread.so.0" ++//go:cgo_import_dynamic purego_pthread_mutex_unlock pthread_mutex_unlock "libpthread.so.0" ++//go:cgo_import_dynamic purego_pthread_cond_broadcast pthread_cond_broadcast "libpthread.so.0" ++//go:cgo_import_dynamic purego_pthread_setspecific pthread_setspecific "libpthread.so.0" ++//go:cgo_import_dynamic purego_pthread_attr_getstacksize pthread_attr_getstacksize "libpthread.so.0" ++//go:cgo_import_dynamic purego_pthread_attr_destroy pthread_attr_destroy "libpthread.so.0" ++ ++//go:nosplit ++//go:norace ++func __errno_location() uintptr { ++ return uintptr(call5(__errno_locationABI0, 0, 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func setegid(egid uint32) int32 { ++ return int32(call5(setegidABI0, uintptr(egid), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func seteuid(euid uint32) int32 { ++ return int32(call5(seteuidABI0, uintptr(euid), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func setgid(gid uint32) int32 { ++ return int32(call5(setgidABI0, uintptr(gid), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func setregid(rgid uint32, egid uint32) int32 { ++ return int32(call5(setregidABI0, uintptr(rgid), uintptr(egid), 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func setresgid(rgid uint32, egid uint32, sgid uint32) int32 { ++ return int32(call5(setresgidABI0, uintptr(rgid), uintptr(egid), uintptr(sgid), 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func setresuid(ruid uint32, euid uint32, suid uint32) int32 { ++ return int32(call5(setresuidABI0, uintptr(ruid), uintptr(euid), uintptr(suid), 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func setreuid(ruid uint32, euid uint32) int32 { ++ return int32(call5(setreuidABI0, uintptr(ruid), uintptr(euid), 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func setuid(uid uint32) int32 { ++ return int32(call5(setuidABI0, uintptr(uid), 0, 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func setgroups(ngid uint32, gidset *uint32) int32 { ++ return int32(call5(setgroupsABI0, uintptr(ngid), uintptr(unsafe.Pointer(gidset)), 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_attr_getstacksize(attr *pthread_attr_t, stacksize *size_t) int32 { ++ return int32(call5(pthread_attr_getstacksizeABI0, uintptr(unsafe.Pointer(attr)), uintptr(unsafe.Pointer(stacksize)), 0, 0, 0)) ++} ++ ++//go:nosplit ++//go:norace ++func pthread_attr_destroy(attr *pthread_attr_t) int32 { ++ return int32(call5(pthread_attr_destroyABI0, uintptr(unsafe.Pointer(attr)), 0, 0, 0, 0)) ++} ++ ++//go:linkname ___errno_location ___errno_location ++var ___errno_location uint8 ++var __errno_locationABI0 = uintptr(unsafe.Pointer(&___errno_location)) ++ ++//go:linkname _setegid _setegid ++var _setegid uint8 ++var setegidABI0 = uintptr(unsafe.Pointer(&_setegid)) ++ ++//go:linkname _seteuid _seteuid ++var _seteuid uint8 ++var seteuidABI0 = uintptr(unsafe.Pointer(&_seteuid)) ++ ++//go:linkname _setgid _setgid ++var _setgid uint8 ++var setgidABI0 = uintptr(unsafe.Pointer(&_setgid)) ++ ++//go:linkname _setregid _setregid ++var _setregid uint8 ++var setregidABI0 = uintptr(unsafe.Pointer(&_setregid)) ++ ++//go:linkname _setresgid _setresgid ++var _setresgid uint8 ++var setresgidABI0 = uintptr(unsafe.Pointer(&_setresgid)) ++ ++//go:linkname _setresuid _setresuid ++var _setresuid uint8 ++var setresuidABI0 = uintptr(unsafe.Pointer(&_setresuid)) ++ ++//go:linkname _setreuid _setreuid ++var _setreuid uint8 ++var setreuidABI0 = uintptr(unsafe.Pointer(&_setreuid)) ++ ++//go:linkname _setuid _setuid ++var _setuid uint8 ++var setuidABI0 = uintptr(unsafe.Pointer(&_setuid)) ++ ++//go:linkname _setgroups _setgroups ++var _setgroups uint8 ++var setgroupsABI0 = uintptr(unsafe.Pointer(&_setgroups)) ++ ++//go:linkname _pthread_attr_getstacksize _pthread_attr_getstacksize ++var _pthread_attr_getstacksize uint8 ++var pthread_attr_getstacksizeABI0 = uintptr(unsafe.Pointer(&_pthread_attr_getstacksize)) ++ ++//go:linkname _pthread_attr_destroy _pthread_attr_destroy ++var _pthread_attr_destroy uint8 ++var pthread_attr_destroyABI0 = uintptr(unsafe.Pointer(&_pthread_attr_destroy)) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_darwin.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_darwin.s +new file mode 100644 +index 00000000000000..35ef7ac11cb955 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_darwin.s +@@ -0,0 +1,19 @@ ++// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo ++ ++#include "textflag.h" ++ ++// these stubs are here because it is not possible to go:linkname directly the C functions ++ ++TEXT _pthread_self(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_self(SB) ++ ++TEXT _pthread_get_stacksize_np(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_get_stacksize_np(SB) ++ ++TEXT _pthread_attr_setstacksize(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_attr_setstacksize(SB) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_freebsd.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_freebsd.s +new file mode 100644 +index 00000000000000..da07005c0bc988 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_freebsd.s +@@ -0,0 +1,16 @@ ++// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo ++ ++#include "textflag.h" ++ ++// these stubs are here because it is not possible to go:linkname directly the C functions ++ ++TEXT _pthread_attr_getstacksize(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_attr_getstacksize(SB) ++ ++TEXT _pthread_attr_destroy(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_attr_destroy(SB) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_linux.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_linux.s +new file mode 100644 +index 00000000000000..ba2cb38918d538 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_linux.s +@@ -0,0 +1,46 @@ ++// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo ++ ++#include "textflag.h" ++ ++// these stubs are here because it is not possible to go:linkname directly the C functions ++ ++TEXT ___errno_location(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego___errno_location(SB) ++ ++TEXT _setegid(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_setegid(SB) ++ ++TEXT _seteuid(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_seteuid(SB) ++ ++TEXT _setgid(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_setgid(SB) ++ ++TEXT _setregid(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_setregid(SB) ++ ++TEXT _setresgid(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_setresgid(SB) ++ ++TEXT _setresuid(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_setresuid(SB) ++ ++TEXT _setreuid(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_setreuid(SB) ++ ++TEXT _setuid(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_setuid(SB) ++ ++TEXT _setgroups(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_setgroups(SB) ++ ++TEXT _pthread_attr_getstacksize(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_attr_getstacksize(SB) ++ ++TEXT _pthread_attr_destroy(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_attr_destroy(SB) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_stubs.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_stubs.s +new file mode 100644 +index 00000000000000..067583d68517a9 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/fakecgo/ztrampolines_stubs.s +@@ -0,0 +1,55 @@ ++// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++ ++// SPDX-License-Identifier: Apache-2.0 ++// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++ ++//go:build !cgo && (darwin || freebsd || linux) ++ ++#include "textflag.h" ++ ++// these stubs are here because it is not possible to go:linkname directly the C functions ++ ++TEXT _malloc(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_malloc(SB) ++ ++TEXT _free(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_free(SB) ++ ++TEXT _setenv(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_setenv(SB) ++ ++TEXT _unsetenv(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_unsetenv(SB) ++ ++TEXT _sigfillset(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_sigfillset(SB) ++ ++TEXT _nanosleep(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_nanosleep(SB) ++ ++TEXT _abort(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_abort(SB) ++ ++TEXT _pthread_attr_init(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_attr_init(SB) ++ ++TEXT _pthread_create(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_create(SB) ++ ++TEXT _pthread_detach(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_detach(SB) ++ ++TEXT _pthread_sigmask(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_sigmask(SB) ++ ++TEXT _pthread_mutex_lock(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_mutex_lock(SB) ++ ++TEXT _pthread_mutex_unlock(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_mutex_unlock(SB) ++ ++TEXT _pthread_cond_broadcast(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_cond_broadcast(SB) ++ ++TEXT _pthread_setspecific(SB), NOSPLIT|NOFRAME, $0-0 ++ JMP purego_pthread_setspecific(SB) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_386.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_386.s +new file mode 100644 +index 00000000000000..4442c19e74564e +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_386.s +@@ -0,0 +1,101 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Copyright 2026 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo ++ ++#include "go_asm.h" ++#include "textflag.h" ++ ++TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $16-0 ++ MOVL 20(SP), AX // libcArgs from C caller (frame_size + ret_addr = 16 + 4) ++ MOVL AX, 0(SP) // pass to Go function ++ CALL ·syscallNSystemStack(SB) ++ RET ++ ++TEXT ·syscallNAsm(SB), NOSPLIT, $16-4 ++ // Frame layout: 16 bytes local storage ++ // 0(SP) - saved BP (original SP) ++ // 4(SP) - saved libcArgs pointer ++ // 8(SP) - saved fn pointer ++ // 12(SP) - scratch ++ ++ // Load args pointer FIRST before any stack modifications ++ MOVL libcArgs+0(FP), SI ++ ++ // Save original SP and libcArgs in local frame ++ MOVL SP, BP ++ ADDL $16, BP // BP = original SP (before frame allocation) ++ MOVL BP, 0(SP) // save original SP ++ MOVL SI, 4(SP) // save libcArgs pointer ++ ++ // Load struct fields ++ MOVL libcCallInfo_fn(SI), AX ++ MOVL AX, 8(SP) // save fn pointer ++ MOVL libcCallInfo_n(SI), CX ++ MOVL libcCallInfo_args(SI), BX ++ ++ // Allocate 16 bytes for fast path (0-3 args) ++ MOVL SP, BP ++ SUBL $16, SP ++ ++ // Fast path for 0-3 args, otherwise fall through to manyargs ++ CMPL CX, $0; JE _0args ++ CMPL CX, $1; JE _1args ++ CMPL CX, $2; JE _2args ++ CMPL CX, $3; JE _3args ++ ++ // manyargs: 4+ args, restore SP and reallocate ++ MOVL BP, SP ++ ++ // Calculate stack space needed: n*4 bytes, aligned to 16 ++ MOVL CX, AX ++ SHLL $2, AX // AX = n * 4 ++ ADDL $15, AX ++ ANDL $~15, AX // 16-byte align ++ SUBL AX, SP ++ ++ // Copy all args to stack ++ // BX = args pointer, CX = count, DI = dest ++ MOVL SP, DI ++ ++copy_loop: ++ DECL CX ++ MOVL (BX)(CX*4), AX ++ MOVL AX, (DI)(CX*4) ++ CMPL CX, $0 ++ JNE copy_loop ++ JMP _0args ++ ++// Fast path: fall through to copy args ++_3args: ++ MOVL 8(BX), AX ++ MOVL AX, 8(SP) ++ ++_2args: ++ MOVL 4(BX), AX ++ MOVL AX, 4(SP) ++ ++_1args: ++ MOVL 0(BX), AX ++ MOVL AX, 0(SP) ++ ++_0args: ++ MOVL 8(BP), DX // fn pointer from saved location ++ CALL DX ++ MOVL BP, SP ++ ++ret: ++ // Reload libcArgs pointer from saved location ++ MOVL 4(SP), SI ++ ++ // Save return values (AX already has r1, need to save DX before it's clobbered) ++ MOVL DX, 12(SP) // temporarily save r2 ++ MOVL AX, libcCallInfo_r1(SI) ++ MOVL 12(SP), AX ++ MOVL AX, libcCallInfo_r2(SI) ++ ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_amd64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_amd64.s +new file mode 100644 +index 00000000000000..8be7dba90de142 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_amd64.s +@@ -0,0 +1,123 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Copyright 2009 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo ++ ++#include "go_asm.h" ++#include "textflag.h" ++ ++TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $16 ++#ifdef GOOS_windows ++ MOVQ CX, 0(SP) ++ ++#else ++ MOVQ DI, 0(SP) ++ ++#endif ++ CALL ·syscallNSystemStack(SB) ++ RET ++ ++#ifdef GOOS_windows ++#define RegArgsN 4 ++#else ++#define RegArgsN 6 ++#endif ++ ++TEXT ·syscallNAsm(SB), NOSPLIT, $16-8 ++ // Load pointer from stack (ABI0 calling convention) ++ // Store argument and original SP in a callee-saved register ++ MOVQ libcArgs+0(FP), R13 ++ MOVQ SP, R14 ++ ++ // Align stack to 16 bytes ++ ANDQ $~15, SP ++ ++ MOVQ libcCallInfo_fn(R13), R11 ++ MOVQ libcCallInfo_n(R13), CX ++ MOVQ libcCallInfo_args(R13), R10 ++ ++ // Fast version, do not store args on the stack. ++ CMPL CX, $0; JE _0args ++ CMPL CX, $1; JE _1args ++ CMPL CX, $2; JE _2args ++ CMPL CX, $3; JE _3args ++ CMPL CX, $4; JE _4args ++ ++#ifndef GOOS_windows // Windows does not pass more than 4 args in registers ++ CMPL CX, $5; JE _5args ++ CMPL CX, $6; JE _6args ++ ++#endif ++ ++ // Reserve stack space for remaining args ++ MOVQ CX, R12 ++ SUBQ $RegArgsN, R12 ++ ADDQ $1, R12 // make even number of words for stack alignment ++ ANDQ $~1, R12 ++ SHLQ $3, R12 ++ SUBQ R12, SP ++ ++ // Copy args to the stack. ++ // CX: count of stack arguments (n-RegArgsN) ++ // SI: &args[RegArgsN] ++ // DI: copy of RSP ++ SUBQ $RegArgsN, CX ++ MOVQ R10, SI ++ ADDQ $(8*RegArgsN), SI ++ MOVQ SP, DI ++ CLD ++ REP; MOVSQ ++ ++#ifndef GOOS_windows ++_6args: ++ MOVQ (5*8)(R10), R9 ++ ++_5args: ++ MOVQ (4*8)(R10), R8 ++ ++#endif ++_4args: ++ MOVQ (3*8)(R10), CX ++ ++_3args: ++ MOVQ (2*8)(R10), DX ++ ++_2args: ++ MOVQ (1*8)(R10), SI ++ ++_1args: ++ MOVQ (0*8)(R10), DI ++ ++_0args: ++ ++ XORL AX, AX // vararg: say "no float args" ++ ++#ifdef GOOS_windows ++ // Windows x64 syscall ABI: first four integer args in CX, DX, R8, R9 ++ // and 32 bytes of shadow space on the stack. ++ ADJSP $32 ++ MOVQ CX, R9 ++ MOVQ DX, R8 ++ MOVQ SI, DX ++ MOVQ DI, CX ++ ++#endif ++ ++ CALL R11 ++ ++#ifdef GOOS_windows ++ ADJSP $-32 ++ ++#endif ++ ++ MOVQ R14, SP // free stack space ++ ++ // Return result. ++ MOVQ AX, libcCallInfo_r1(R13) ++ MOVQ DX, libcCallInfo_r2(R13) ++ ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_arm.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_arm.s +new file mode 100644 +index 00000000000000..948ff9cf4a84e1 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_arm.s +@@ -0,0 +1,107 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Copyright 2026 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo ++ ++#include "go_asm.h" ++#include "textflag.h" ++ ++TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $8 ++ MOVW R0, 4(R13) ++ CALL ·syscallNSystemStack(SB) ++ RET ++ ++TEXT ·syscallNAsm(SB), NOSPLIT, $0-4 ++ // Load args pointer first, before modifying SP ++ MOVW libcArgs+0(FP), R0 ++ ++ // Save callee-saved registers R4-R7 and LR. ++ // We use R4 for libcArgs pointer. ++ // We use R5 for args pointer. ++ // We use R6 for n, then reused for saving SP. ++ // We use R7 for scratch. ++ MOVM.DB.W [R4-R7, R14], (R13) ++ ++ MOVW R0, R4 // Move libcArgs to R4 ++ ++ MOVW libcCallInfo_n(R4), R6 ++ MOVW libcCallInfo_args(R4), R5 ++ MOVW libcCallInfo_fn(R4), R12 ++ ++ CMP $4, R6 ++ BGT args_stack ++ ++ CMP $0, R6 ++ BEQ call ++ CMP $1, R6 ++ BEQ args_1 ++ CMP $2, R6 ++ BEQ args_2 ++ CMP $3, R6 ++ BEQ args_3 ++ ++args_4: ++ MOVM.IA (R5), [R0, R1, R2, R3] ++ B call ++ ++args_3: ++ MOVM.IA (R5), [R0, R1, R2] ++ B call ++ ++args_2: ++ MOVM.IA (R5), [R0, R1] ++ B call ++ ++args_1: ++ MOVW (R5), R0 ++ B call ++ ++args_stack: ++ // Calculate stack space needed: (n-4)*4 ++ SUB $4, R6, R7 ++ MOVW R7, R2 ++ SLL $2, R2 // bytes ++ ++ // Save SP (R6 is free now, n no longer needed) ++ MOVW R13, R6 ++ ++ // Allocate stack ++ SUB R2, R13 ++ BIC $7, R13 // Align to 8 bytes ++ ++ // Copy args ++ ADD $16, R5, R14 // Src = args + 16 ++ MOVW R13, R3 // Dst = SP ++ ++copy_loop: ++ MOVW.P 4(R14), R1 // read ++ MOVW.P R1, 4(R3) // write ++ SUB $1, R7 ++ CMP $0, R7 ++ BNE copy_loop ++ ++ // Load first 4 args ++ MOVM.IA (R5), [R0, R1, R2, R3] ++ ++ // Reload fn ++ MOVW libcCallInfo_fn(R4), R12 ++ ++ BL (R12) ++ ++ // Restore SP ++ MOVW R6, R13 ++ B ret ++ ++call: ++ BL (R12) ++ ++ret: ++ MOVW R0, libcCallInfo_r1(R4) ++ MOVW R1, libcCallInfo_r2(R4) ++ ++ MOVM.IA.W (R13), [R4-R7, R14] ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_arm64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_arm64.s +new file mode 100644 +index 00000000000000..ea2a33662a89f0 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_arm64.s +@@ -0,0 +1,100 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Copyright 2015 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo ++ ++#include "go_asm.h" ++#include "textflag.h" ++ ++TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $16 ++ MOVD R0, 8(RSP) ++ CALL ·syscallNSystemStack(SB) ++ RET ++ ++TEXT ·syscallNAsm(SB), NOSPLIT, $0-16 ++ // Save original stack pointer ++ MOVD RSP, R20 ++ ++ // Load pointer from stack (ABI0 calling convention) ++ MOVD libcArgs+0(FP), R3 ++ ++ MOVD libcCallInfo_args(R3), R12 ++ MOVD libcCallInfo_fn(R3), R13 ++ ++ // Do we have more than 8 arguments? ++ MOVD libcCallInfo_n(R3), R0 ++ CMP $0, R0; BEQ _0args ++ CMP $1, R0; BEQ _1args ++ CMP $2, R0; BEQ _2args ++ CMP $3, R0; BEQ _3args ++ CMP $4, R0; BEQ _4args ++ CMP $5, R0; BEQ _5args ++ CMP $6, R0; BEQ _6args ++ CMP $7, R0; BEQ _7args ++ CMP $8, R0; BEQ _8args ++ ++ // Reserve stack space for remaining args ++ SUB $8, R0, R2 ++ ADD $1, R2, R3 // make even number of words for stack alignment ++ AND $~1, R3 ++ LSL $3, R3 ++ SUB R3, RSP ++ ++ // R4: size of stack arguments (n-8)*8 ++ // R5: &args[8] ++ // R6: loop counter, from 0 to (n-8)*8 ++ // R7: scratch ++ // R8: copy of RSP - (R2)(RSP) assembles as (R2)(ZR) ++ SUB $8, R0, R4 ++ LSL $3, R4 ++ ADD $(8*8), R12, R5 ++ MOVD $0, R6 ++ MOVD RSP, R8 ++ ++stackargs: ++ MOVD (R6)(R5), R7 ++ MOVD R7, (R6)(R8) ++ ADD $8, R6 ++ CMP R6, R4 ++ BNE stackargs ++ ++_8args: ++ MOVD (7*8)(R12), R7 ++ ++_7args: ++ MOVD (6*8)(R12), R6 ++ ++_6args: ++ MOVD (5*8)(R12), R5 ++ ++_5args: ++ MOVD (4*8)(R12), R4 ++ ++_4args: ++ MOVD (3*8)(R12), R3 ++ ++_3args: ++ MOVD (2*8)(R12), R2 ++ ++_2args: ++ MOVD (1*8)(R12), R1 ++ ++_1args: ++ MOVD (0*8)(R12), R0 ++ ++_0args: ++ ++ BL (R13) ++ ++ // Restore original stack pointer ++ MOVD R20, RSP ++ ++ MOVD libcArgs+0(FP), R3 ++ MOVD R0, libcCallInfo_r1(R3) // save r1 ++ MOVD R1, libcCallInfo_r2(R3) // save r2 ++ ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_loong64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_loong64.s +new file mode 100644 +index 00000000000000..0036346faededf +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_loong64.s +@@ -0,0 +1,119 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Copyright 2015 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo ++ ++#include "go_asm.h" ++#include "textflag.h" ++ ++TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $16 ++ MOVV R4, 8(R3) ++ CALL ·syscallNSystemStack(SB) ++ RET ++ ++TEXT ·syscallNAsm(SB), NOSPLIT, $0-8 ++ // Load pointer from stack (ABI0 calling convention) ++ MOVV libcArgs+0(FP), R12 ++ ++ // Save original stack pointer ++ MOVV R3, R23 ++ ++ // Align stack to 16 bytes for C calling convention ++ MOVV $-16, R15 ++ AND R15, R3 ++ ++ MOVV libcCallInfo_args(R12), R13 ++ MOVV libcCallInfo_fn(R12), R14 ++ ++ // Do we have more than 8 arguments? ++ MOVV libcCallInfo_n(R12), R4 ++ BEQ R4, R0, _0args ++ MOVV $1, R15 ++ BEQ R4, R15, _1args ++ MOVV $2, R15 ++ BEQ R4, R15, _2args ++ MOVV $3, R15 ++ BEQ R4, R15, _3args ++ MOVV $4, R15 ++ BEQ R4, R15, _4args ++ MOVV $5, R15 ++ BEQ R4, R15, _5args ++ MOVV $6, R15 ++ BEQ R4, R15, _6args ++ MOVV $7, R15 ++ BEQ R4, R15, _7args ++ MOVV $8, R15 ++ BEQ R4, R15, _8args ++ ++ // Reserve stack space for remaining args ++ MOVV R4, R16 ++ ADDV $-8, R16 // R16 = n-8 ++ MOVV R16, R12 // R12 = n-8 (reuse R12, no longer need libcArgs) ++ ADDV $1, R12 // R12 = (n-8)+1 ++ MOVV $-2, R15 ++ AND R15, R12 // make even number of words for stack alignment ++ SLLV $3, R12 // R12 = bytes to reserve ++ SUBV R12, R3 // SP -= bytes ++ ++ // R16: size of stack arguments (n-8)*8 ++ // R15: &args[8] ++ // R17: loop counter, from 0 to (n-8)*8 ++ // R18: scratch ++ // R19: copy of R3 (SP) ++ // R20: scratch ++ SLLV $3, R16 // R16 = (n-8)*8 ++ MOVV R13, R15 ++ ADDV $(8*8), R15 // R15 = args + 64 = &args[8] ++ MOVV R0, R17 // R17 = 0 (loop counter) ++ MOVV R3, R19 // R19 = SP copy ++ ++stackargs: ++ MOVV R15, R18 ++ ADDV R17, R18 // R18 = &args[8] + counter ++ MOVV (R18), R18 // R18 = args[8 + counter/8] ++ MOVV R19, R20 ++ ADDV R17, R20 // R20 = SP_copy + counter ++ MOVV R18, (R20) // stack[counter/8] = R18 ++ ADDV $8, R17 // counter += 8 ++ BNE R17, R16, stackargs // while counter != (n-8)*8 ++ ++_8args: ++ MOVV (7*8)(R13), R11 ++ ++_7args: ++ MOVV (6*8)(R13), R10 ++ ++_6args: ++ MOVV (5*8)(R13), R9 ++ ++_5args: ++ MOVV (4*8)(R13), R8 ++ ++_4args: ++ MOVV (3*8)(R13), R7 ++ ++_3args: ++ MOVV (2*8)(R13), R6 ++ ++_2args: ++ MOVV (1*8)(R13), R5 ++ ++_1args: ++ MOVV (0*8)(R13), R4 ++ ++_0args: ++ ++ CALL (R14) ++ ++ // Restore original stack pointer ++ MOVV R23, R3 ++ ++ MOVV libcArgs+0(FP), R12 ++ MOVV R4, libcCallInfo_r1(R12) // save r1 ++ MOVV R5, libcCallInfo_r2(R12) // save r2 ++ ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_others.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_others.s +new file mode 100644 +index 00000000000000..05b68fa204a71b +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_others.s +@@ -0,0 +1,10 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Copyright 2009 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo && !arm && !arm64 && !386 && !amd64 && !loong64 && !ppc64le && !riscv64 && (!s390x || !go1.27) ++ ++// This file silences errors about body-less functions. +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_ppc64le.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_ppc64le.s +new file mode 100644 +index 00000000000000..1eacc7832ab330 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_ppc64le.s +@@ -0,0 +1,144 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Copyright 2009 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo ++ ++#include "go_asm.h" ++#include "textflag.h" ++ ++TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT|NOFRAME, $0-0 ++ // R3 already contains the libcArgs pointer from cgocall ++ MOVD LR, R0 ++ MOVD R0, 16(R1) ++ MOVDU R1, -32(R1) ++ MOVD R3, 32(R1) ++ CALL ·syscallNSystemStack(SB) ++ ADD $32, R1 ++ MOVD 16(R1), R0 ++ MOVD R0, LR ++ RET ++ ++// PPC64LE ELFv2 ABI: R3-R10 args, R3-R4 return, R14-R31 callee-saved ++// Go ABI: R3-R10, R14-R17 args, R20-R21 scratch, R30=g, R31=scratch ++// We use R24-R28 which are callee-saved in both ABIs. ++// Go frame: 48 locals + 32 linkage = 80 bytes. Locals start at 32(R1). ++ ++TEXT ·syscallNAsm(SB), NOSPLIT, $48-8 ++ // Save callee-saved registers we'll use ++ MOVD R24, 32(R1) ++ MOVD R25, 40(R1) ++ MOVD R26, 48(R1) ++ MOVD R27, 56(R1) ++ MOVD R28, 64(R1) ++ ++ // Load libcArgs pointer from stack (ABI0 calling convention) ++ MOVD libcArgs+0(FP), R11 ++ ++ // Store values we need across the C call in callee-saved registers ++ MOVD R1, R24 // R24 = original SP ++ MOVD R11, R25 // R25 = libcArgs ++ MOVD libcCallInfo_args(R11), R26 // R26 = args ++ MOVD libcCallInfo_fn(R11), R27 // R27 = fn ++ MOVD libcCallInfo_n(R11), R28 // R28 = n ++ ++ // Do we have more than 8 arguments? ++ CMP R28, $8 ++ BLE _allocsmall ++ ++ // >8 args: allocate large frame ((n-8+1) & ~1) * 8 + 96 ++ SUB $8, R28, R3 ++ ADD $1, R3 ++ MOVD $~1, R4 ++ AND R4, R3 ++ SLD $3, R3 ++ ADD $96, R3 ++ NEG R3, R4 ++ ADD R4, R24, R1 ++ MOVD $~15, R3 ++ AND R3, R1 // 16-byte align ++ MOVD R24, 0(R1) // back chain ++ MOVD R2, 24(R1) // save TOC ++ ++ // Copy args[8..n-1] to stack at offset 96 ++ MOVD $8, R3 ++ ++_stackargs: ++ SLD $3, R3, R5 ++ MOVD (R26)(R5), R6 ++ SUB $8, R3, R7 ++ SLD $3, R7 ++ ADD $96, R7 ++ MOVD R6, (R1)(R7) ++ ADD $1, R3 ++ CMP R3, R28 ++ BLT _stackargs ++ BR _8args ++ ++_allocsmall: ++ // <=8 args: allocate minimum 96-byte C frame ++ ADD $-96, R24, R1 ++ MOVD $~15, R3 ++ AND R3, R1 ++ MOVD R24, 0(R1) // back chain ++ MOVD R2, 24(R1) // save TOC ++ ++ // Branch to appropriate label based on arg count ++ CMP R28, $0; BEQ _0args ++ CMP R28, $1; BEQ _1args ++ CMP R28, $2; BEQ _2args ++ CMP R28, $3; BEQ _3args ++ CMP R28, $4; BEQ _4args ++ CMP R28, $5; BEQ _5args ++ CMP R28, $6; BEQ _6args ++ CMP R28, $7; BEQ _7args ++ ++_8args: ++ MOVD (7*8)(R26), R10 ++ ++_7args: ++ MOVD (6*8)(R26), R9 ++ ++_6args: ++ MOVD (5*8)(R26), R8 ++ ++_5args: ++ MOVD (4*8)(R26), R7 ++ ++_4args: ++ MOVD (3*8)(R26), R6 ++ ++_3args: ++ MOVD (2*8)(R26), R5 ++ ++_2args: ++ MOVD (1*8)(R26), R4 ++ ++_1args: ++ MOVD (0*8)(R26), R3 ++ ++_0args: ++ // ELFv2: function address in R12 and CTR ++ MOVD R27, R12 ++ MOVD R12, CTR ++ BL (CTR) ++ ++ // Restore TOC and stack pointer ++ MOVD 24(R1), R2 ++ MOVD R24, R1 ++ ++ // Save return values ++ MOVD R3, libcCallInfo_r1(R25) ++ MOVD R4, libcCallInfo_r2(R25) ++ ++ // Restore callee-saved registers ++ MOVD 32(R1), R24 ++ MOVD 40(R1), R25 ++ MOVD 48(R1), R26 ++ MOVD 56(R1), R27 ++ MOVD 64(R1), R28 ++ ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_riscv64.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_riscv64.s +new file mode 100644 +index 00000000000000..e7676e6aa8c2ef +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_riscv64.s +@@ -0,0 +1,112 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Copyright 2015 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !cgo ++ ++#include "go_asm.h" ++#include "textflag.h" ++ ++TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $16 ++ MOV A0, 8(X2) ++ CALL ·syscallNSystemStack(SB) ++ RET ++ ++TEXT ·syscallNAsm(SB), NOSPLIT, $0-8 ++ // Load pointer from stack (ABI0 calling convention) ++ MOV libcArgs+0(FP), X5 ++ ++ // Save original stack pointer ++ MOV X2, X20 ++ ++ // Align stack to 16 bytes for C calling convention ++ ANDI $-16, X2, X2 ++ ++ MOV libcCallInfo_args(X5), X30 ++ MOV libcCallInfo_fn(X5), X29 ++ ++ // Do we have more than 8 arguments? ++ MOV libcCallInfo_n(X5), X10 ++ BEQ X10, ZERO, _0args ++ MOV $1, X6 ++ BEQ X10, X6, _1args ++ MOV $2, X6 ++ BEQ X10, X6, _2args ++ MOV $3, X6 ++ BEQ X10, X6, _3args ++ MOV $4, X6 ++ BEQ X10, X6, _4args ++ MOV $5, X6 ++ BEQ X10, X6, _5args ++ MOV $6, X6 ++ BEQ X10, X6, _6args ++ MOV $7, X6 ++ BEQ X10, X6, _7args ++ MOV $8, X6 ++ BEQ X10, X6, _8args ++ ++ // Reserve stack space for remaining args ++ ADDI $-8, X10, X7 ++ ADDI $1, X7, X5 // make even number of words for stack alignment ++ ANDI $-2, X5, X5 ++ SLLI $3, X5, X5 ++ SUB X5, X2, X2 ++ ++ // X6: size of stack arguments (n-8)*8 ++ // X7: &args[8] ++ // X8: loop counter, from 0 to (n-8)*8 ++ // X9: scratch ++ // X28: copy of X2 (SP) ++ ADDI $-8, X10, X6 ++ SLLI $3, X6, X6 ++ ADDI $(8*8), X7, X7 ++ MOV ZERO, X8 ++ MOV X2, X28 ++ ++stackargs: ++ ADD X8, X7, X9 ++ MOV (X9), X9 ++ ADD X8, X28, X31 ++ MOV X9, (X31) ++ ADDI $8, X8, X8 ++ BNE X8, X6, stackargs ++ ++_8args: ++ MOV (7*8)(X30), X17 ++ ++_7args: ++ MOV (6*8)(X30), X16 ++ ++_6args: ++ MOV (5*8)(X30), X15 ++ ++_5args: ++ MOV (4*8)(X30), X14 ++ ++_4args: ++ MOV (3*8)(X30), X13 ++ ++_3args: ++ MOV (2*8)(X30), X12 ++ ++_2args: ++ MOV (1*8)(X30), X11 ++ ++_1args: ++ MOV (0*8)(X30), X10 ++ ++_0args: ++ ++ CALL X29 ++ ++ // Restore original stack pointer ++ MOV X20, X2 ++ ++ MOV libcArgs+0(FP), X5 ++ MOV X10, libcCallInfo_r1(X5) // save r1 ++ MOV X11, libcCallInfo_r2(X5) // save r2 ++ ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_s390x.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_s390x.s +new file mode 100644 +index 00000000000000..6a8c18c0f111c6 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/asm_s390x.s +@@ -0,0 +1,120 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Copyright 2009 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build go1.27 && !cgo ++ ++#include "go_asm.h" ++#include "textflag.h" ++ ++// S390X ELF ABI: ++// - Args in R2-R6, float args in F0, F2, F4, F6 ++// - Return values in R2, R3 (and F0 for floats) ++// - Callee-saved: R6-R13, R15, F8-F15 ++// - R14 is link register (return address) ++// - R15 is stack pointer ++// - Standard frame: 160 bytes minimum with register save area at 48(R15) ++ ++TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT|NOFRAME, $0-0 ++ // R2 already contains the libcArgs pointer from cgocall ++ // Save callee-saved registers to caller's save area ++ STMG R6, R15, 48(R15) ++ MOVD R15, R1 ++ SUB $32, R15 ++ MOVD R1, 0(R15) ++ MOVD R2, 8(R15) ++ BL ·syscallNSystemStack(SB) ++ ADD $32, R15 ++ LMG 48(R15), R6, R15 ++ RET ++ ++TEXT ·syscallNAsm(SB), NOSPLIT, $64-8 ++ // Save callee-saved registers we'll use (R6-R11) ++ STMG R6, R11, 8(R15) ++ ++ // Load libcArgs pointer from stack (ABI0 calling convention) ++ MOVD libcArgs+0(FP), R11 ++ ++ // Store values we need across the C call in callee-saved registers ++ MOVD R15, R7 // R7 = original SP ++ MOVD R11, R8 // R8 = libcArgs ++ MOVD libcCallInfo_args(R11), R9 // R9 = args ++ MOVD libcCallInfo_fn(R11), R10 // R10 = fn ++ MOVD libcCallInfo_n(R11), R6 // R6 = n ++ ++ // Do we have more than 5 arguments? ++ CMPBLE R6, $5, _allocsmall ++ ++ // >5 args: allocate frame for stack args ((n-5+1) & ~1) * 8 + 160 ++ MOVD R6, R1 ++ SUB $5, R1 ++ ADD $1, R1 ++ MOVD $~1, R0 ++ AND R0, R1 ++ SLD $3, R1 ++ ADD $160, R1 ++ SUB R1, R7, R15 ++ MOVD $~15, R0 ++ AND R0, R15 // 16-byte align ++ MOVD R7, 0(R15) // back chain ++ ++ // Copy args[5..n-1] to stack at offset 160 ++ MOVD $5, R1 ++ ++_stackargs: ++ SLD $3, R1, R3 ++ MOVD (R9)(R3*1), R0 ++ SUB $5, R1, R4 ++ SLD $3, R4 ++ ADD $160, R4 ++ MOVD R0, (R15)(R4*1) ++ ADD $1, R1 ++ CMP R1, R6 ++ BLT _stackargs ++ BR _5args ++ ++_allocsmall: ++ // <=5 args: allocate minimum 160-byte C frame ++ SUB $160, R7, R15 ++ MOVD $~15, R0 ++ AND R0, R15 ++ MOVD R7, 0(R15) // back chain ++ ++ // Branch to appropriate label based on arg count ++ CMPBEQ R6, $0, _0args ++ CMPBEQ R6, $1, _1args ++ CMPBEQ R6, $2, _2args ++ CMPBEQ R6, $3, _3args ++ CMPBEQ R6, $4, _4args ++ ++_5args: ++ MOVD (4*8)(R9), R6 ++ ++_4args: ++ MOVD (3*8)(R9), R5 ++ ++_3args: ++ MOVD (2*8)(R9), R4 ++ ++_2args: ++ MOVD (1*8)(R9), R3 ++ ++_1args: ++ MOVD (0*8)(R9), R2 ++ ++_0args: ++ BL R10 ++ ++ // Restore stack pointer ++ MOVD R7, R15 ++ ++ // Save return values ++ MOVD R2, libcCallInfo_r1(R8) ++ MOVD R3, libcCallInfo_r2(R8) ++ ++ // Restore callee-saved registers (R6-R11) ++ LMG 8(R15), R6, R11 ++ RET +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/dl.h b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/dl.h +new file mode 100644 +index 00000000000000..4ff00b18668375 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/dl.h +@@ -0,0 +1,15 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// This header file is used by the mkcgo tool to generate cgo and Go bindings for the ++// OpenSSL C API. Run "go generate ." to regenerate the bindings. ++ ++#ifndef _GO_DL_SHIMS_H // only include this header once ++#define _GO_DL_SHIMS_H ++ ++void *dlopen(const char *path, int flags); ++int dlclose(void *handle); ++void *dlsym(void *handle, const char *symbol); ++char *dlerror(void); ++ ++#endif // _GO_DL_SHIMS_H +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors.go +new file mode 100644 +index 00000000000000..5f589254830a4d +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors.go +@@ -0,0 +1,37 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++package ossl ++ ++import ( ++ "errors" ++ "unsafe" ++) ++ ++// newMkcgoErr constructs an error from the given message and OpenSSL error state. ++func newMkcgoErr(msg string, state uintptr) error { ++ if state == 0 { ++ // No error ++ return nil ++ } ++ bio := BIO_PTR(state) ++ defer BIO_free(bio) ++ // Retrieve pointer to data, which is owned by bio. ++ var data *byte ++ n := BIO_ctrl(bio, BIO_CTRL_INFO, 0, unsafe.Pointer(&data)) ++ if n == 0 { ++ // If no errors in queue, return simple message ++ return errors.New(msg + " failed") ++ } ++ const extra = "\nopenssl error(s):\n" ++ buf := make([]byte, len(msg)+len(extra)+int(n)) ++ copy(buf, msg) ++ copy(buf[len(msg):], extra) ++ copy(buf[len(msg)+len(extra):], unsafe.Slice(data, n)) ++ // Remove trailing line jump if present. ++ if buf[len(buf)-1] == '\n' { ++ buf = buf[:len(buf)-1] ++ } ++ // Avoid an allocation by constructing the string directly from the byte slice. ++ return errors.New(unsafe.String(unsafe.SliceData(buf), len(buf))) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors_cgo.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors_cgo.go +new file mode 100644 +index 00000000000000..86b001762fba83 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors_cgo.go +@@ -0,0 +1,33 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++package ossl ++ ++/* ++#include "zossl.h" ++ ++// Force mkcgo_err_retrieve to be stack-guarded, ++// even when it doesn't actually need it. ++// This is necessary to ensure Go binaries built ++// with -fstack-protector-strong comply with BinSkim BA3003, ++// so that at least one function in the binary uses __stack_chk_guard. ++// See https://github.com/microsoft/go/issues/2240. ++ ++#define MKCGO_STACK_PROTECT ++ ++#if defined(__has_attribute) ++#if __has_attribute(stack_protect) ++#undef MKCGO_STACK_PROTECT ++#define MKCGO_STACK_PROTECT __attribute__((stack_protect)) ++#endif ++#endif ++ ++// mkcgo_err_retrieve retrieves the error state from OpenSSL. ++uintptr_t MKCGO_STACK_PROTECT mkcgo_err_retrieve() { ++ // BIO operations using BIO_s_mem should not fail. ++ _BIO_PTR bio = _mkcgo_BIO_new(_mkcgo_BIO_s_mem(), NULL); ++ _mkcgo_ERR_print_errors(bio); ++ return (uintptr_t)bio; ++} ++*/ ++import "C" +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors_nocgo.go +new file mode 100644 +index 00000000000000..ec42d4f6f9c26c +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/errors_nocgo.go +@@ -0,0 +1,19 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build !cgo ++ ++package ossl ++ ++// retrieveErrorState retrieves errors from the OpenSSL error queue. ++// It might run on the system stack, so it can't allocate Go memory ++// nor grow the stack over the nosplit limit. ++// ++//go:nosplit ++func retrieveErrorState() uintptr { ++ // BIO operations using BIO_s_mem should not fail. ++ smem := syscallNRaw(_mkcgo_BIO_s_mem) ++ bio := syscallNRaw(_mkcgo_BIO_new, smem) ++ syscallNRaw(_mkcgo_ERR_print_errors, bio) ++ return bio ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/ossl.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/ossl.go +new file mode 100644 +index 00000000000000..9acac55865dc17 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/ossl.go +@@ -0,0 +1,62 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Package ossl provides a Go interface to OpenSSL. ++package ossl ++ ++//go:generate go run ../../cmd/mkcgo -out zossl.go -mode dynload -package ossl shims.h ++//go:generate go run ../../cmd/mkcgo -out zossl.go -nocgo -mode dynload -package ossl shims.h ++//go:generate go run ../../cmd/mkcgo -out zdl.go -nocgo -mode dynamic -noerrors -package ossl -tags unix dl.h ++ ++import "unsafe" ++ ++const _OSSL_PARAM_UNMODIFIED uint = uint(^uintptr(0)) ++ ++// OSSL_PARAM is a structure to pass or request object parameters. ++// https://docs.openssl.org/3.0/man3/OSSL_PARAM/. ++type OSSL_PARAM struct { ++ Key *byte ++ DataType uint32 ++ Data unsafe.Pointer ++ DataSize uint ++ ReturnSize uint ++} ++ ++func ossl_param_construct(key *byte, dataType uint32, data unsafe.Pointer, dataSize int) OSSL_PARAM { ++ return OSSL_PARAM{ ++ Key: key, ++ DataType: dataType, ++ Data: data, ++ DataSize: uint(dataSize), ++ ReturnSize: _OSSL_PARAM_UNMODIFIED, ++ } ++} ++ ++func OSSL_PARAM_construct_octet_string(key *byte, data unsafe.Pointer, dataSize int) OSSL_PARAM { ++ return ossl_param_construct(key, OSSL_PARAM_OCTET_STRING, data, dataSize) ++} ++ ++func OSSL_PARAM_construct_int32(key *byte, data *int32) OSSL_PARAM { ++ return ossl_param_construct(key, OSSL_PARAM_INTEGER, unsafe.Pointer(data), 4) ++} ++ ++func OSSL_PARAM_construct_end() OSSL_PARAM { ++ return OSSL_PARAM{} ++} ++ ++func OSSL_PARAM_modified(param *OSSL_PARAM) bool { ++ // If ReturnSize is not set, the parameter has not been modified. ++ return param != nil && param.ReturnSize != _OSSL_PARAM_UNMODIFIED ++} ++ ++// goString converts a C string (byte pointer) to a Go string ++func goString(p *byte) string { ++ if p == nil { ++ return "" ++ } ++ end := unsafe.Pointer(p) ++ for *(*byte)(end) != 0 { ++ end = unsafe.Add(end, 1) ++ } ++ return string(unsafe.Slice(p, uintptr(end)-uintptr(unsafe.Pointer(p)))) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/shims.h b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/shims.h +new file mode 100644 +index 00000000000000..9a47c5bf820472 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/shims.h +@@ -0,0 +1,446 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// This header file is used by the mkcgo tool to generate cgo and Go bindings for the ++// OpenSSL C API. Run "go generate ." to regenerate the bindings. ++// Do not include this file, import "zossl.h" instead. ++ ++#ifndef _GO_OSSL_SHIMS_H // only include this header once ++#define _GO_OSSL_SHIMS_H ++ ++#include // size_t ++#include // uint64_t ++ ++// The following includes are used by the checkheader tool. ++// #include ++// #include ++// #include ++// #include ++// #include ++// #include ++// #include ++// #include ++// #include ++// #include ++// #include ++// #if OPENSSL_VERSION_NUMBER >= 0x30000000L ++// #include ++// #include ++// #include ++// #include ++// #endif ++// #if OPENSSL_VERSION_NUMBER < 0x10100000L ++// #include ++// #endif ++ ++enum { ++ _POINT_CONVERSION_UNCOMPRESSED = 4, ++ ++ _OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002, ++ _OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004, ++ _OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008, ++ _OPENSSL_INIT_LOAD_CONFIG = 0x00000040, ++ ++ _EVP_CTRL_GCM_GET_TAG = 0x10, ++ _EVP_CTRL_GCM_SET_TAG = 0x11, ++ _EVP_CTRL_AEAD_SET_IVLEN = 0x9, ++ _EVP_CTRL_AEAD_GET_TAG = 0x10, ++ _EVP_CTRL_AEAD_SET_TAG = 0x11, ++ _EVP_PKEY_CTRL_MD = 1, ++ _EVP_PKEY_RSA = 6, ++ _EVP_PKEY_EC = 408, ++ _EVP_PKEY_TLS1_PRF = 1021, ++ _EVP_PKEY_X25519 = 1034, ++ _EVP_PKEY_HKDF = 1036, ++ _EVP_PKEY_ED25519 = 1087, ++ _EVP_PKEY_DSA = 116, ++ _EVP_PKEY_MLKEM_768 = 1455, ++ _EVP_PKEY_MLKEM_1024 = 1456, ++ _EVP_PKEY_ML_DSA_44 = 1457, ++ _EVP_PKEY_ML_DSA_65 = 1458, ++ _EVP_PKEY_ML_DSA_87 = 1459, ++ _EVP_PKEY_OP_DERIVE = (1 << 10), // this value differs between OpenSSL 1 and 3, but we only use it in 1 ++ _EVP_MAX_MD_SIZE = 64, ++ ++ _EVP_PKEY_PUBLIC_KEY = 0x86, ++ _EVP_PKEY_KEYPAIR = 0x87, ++ ++ _EVP_MD_CTRL_XOF_LEN = 0x3, ++ ++ _EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001, ++ ++ _EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1, ++ _EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2, ++ ++ _EVP_PKEY_CTRL_TLS_MD = 0x1000, ++ _EVP_PKEY_CTRL_TLS_SECRET = 0x1001, ++ _EVP_PKEY_CTRL_TLS_SEED = 0x1002, ++ _EVP_PKEY_CTRL_HKDF_MD = 0x1003, ++ _EVP_PKEY_CTRL_HKDF_SALT = 0x1004, ++ _EVP_PKEY_CTRL_HKDF_KEY = 0x1005, ++ _EVP_PKEY_CTRL_HKDF_INFO = 0x1006, ++ _EVP_PKEY_CTRL_HKDF_MODE = 0x1007, ++ ++ _NID_X9_62_prime256v1 = 415, ++ _NID_secp224r1 = 713, ++ _NID_secp384r1 = 715, ++ _NID_secp521r1 = 716, ++ ++ _NID_ML_KEM_768 = 1455, ++ _NID_ML_KEM_1024 = 1456, ++ _NID_ML_DSA_44 = 1457, ++ _NID_ML_DSA_65 = 1458, ++ _NID_ML_DSA_87 = 1459, ++ ++ _RSA_PKCS1_PADDING = 1, ++ _RSA_NO_PADDING = 3, ++ _RSA_PKCS1_OAEP_PADDING = 4, ++ _RSA_PKCS1_PSS_PADDING = 6, ++ _RSA_PSS_SALTLEN_DIGEST = -1, ++ _RSA_PSS_SALTLEN_AUTO = -2, ++ _RSA_PSS_SALTLEN_MAX_SIGN = -2, ++ _RSA_PSS_SALTLEN_MAX = -3, ++ _EVP_PKEY_CTRL_RSA_PADDING = 0x1001, ++ _EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002, ++ _EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003, ++ _EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005, ++ _EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009, ++ _EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A, ++ _EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001, ++ _EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002, ++ ++ _OSSL_PARAM_INTEGER = 1, ++ _OSSL_PARAM_OCTET_STRING = 5, ++ ++ BIO_CTRL_INFO = 3, ++}; ++ ++typedef void* _OPENSSL_INIT_SETTINGS_PTR; ++typedef void* _OSSL_LIB_CTX_PTR; ++typedef void* _OSSL_PROVIDER_PTR; ++typedef void* _ENGINE_PTR; ++typedef void* _EVP_PKEY_PTR; ++typedef void* _EVP_PKEY_CTX_PTR; ++typedef void* _EVP_MD_PTR; ++typedef void* _EVP_MD_CTX_PTR; ++typedef void* _HMAC_CTX_PTR; ++typedef void* _EVP_CIPHER_PTR; ++typedef void* _EVP_CIPHER_CTX_PTR; ++typedef void* _EC_KEY_PTR; ++typedef void* _EC_POINT_PTR; ++typedef void* _EC_GROUP_PTR; ++typedef void* _RSA_PTR; ++typedef void* _BIGNUM_PTR; ++typedef void* _BN_CTX_PTR; ++typedef void* _EVP_MAC_PTR; ++typedef void* _EVP_MAC_CTX_PTR; ++typedef void* _OSSL_PARAM_BLD_PTR; ++typedef void* _OSSL_PARAM_PTR; ++typedef void* _EVP_SIGNATURE_PTR; ++typedef void* _EVP_KEYMGMT_PTR; ++typedef void* _DSA_PTR; ++typedef void* _EVP_KDF_PTR; ++typedef void* _EVP_KDF_CTX_PTR; ++typedef void* _BIO_METHOD_PTR; ++typedef void* _BIO_PTR; ++typedef int point_conversion_form_t; ++ ++// Tags used by mkcgo to determine which OpenSSL version each function is available in: ++// - no tag: available in all supported versions (OpenSSL 1.1.1+) ++// - legacy_1: Only OpenSSL 1 ++// - 3: OpenSSL 3.0 or later ++// - 33: OpenSSL 3.3 or later ++ ++// The noescape/nocallback attributes are performance optimizations. ++// Only add functions that have been observed to benefit from these ++// directives, not every function that is merely expected to meet ++// the noescape/nocallback criteria. ++ ++// BIO API ++const _BIO_METHOD_PTR BIO_s_mem(void) __attribute__((tag(""),tag("init_3"),noerror)); ++_BIO_PTR BIO_new(const _BIO_METHOD_PTR type) __attribute__((tag(""),tag("init_3"))); ++int BIO_free(_BIO_PTR a) __attribute__((tag(""),tag("init_3"),noerror,noescape,nocallback)); ++long BIO_ctrl(_BIO_PTR bp, int cmd, long larg, void *parg) __attribute__((tag(""),tag("init_3"),noerror,noescape,nocallback)); ++ ++// ERR API ++unsigned long ERR_peek_error(void) __attribute__((noerror)); ++void ERR_print_errors(_BIO_PTR bp) __attribute__((tag(""),tag("init_3"),noescape,nocallback)); ++ ++// OPENSSL API ++const char *OpenSSL_version(int type) __attribute__((noerror)); ++void OPENSSL_init(void); ++int OPENSSL_init_crypto(uint64_t ops, const _OPENSSL_INIT_SETTINGS_PTR settings); ++unsigned long OpenSSL_version_num(void) __attribute__((tag("version"),optional,noerror)); ++unsigned int OPENSSL_version_major(void) __attribute__((tag("version"),optional,noerror)); ++unsigned int OPENSSL_version_minor(void) __attribute__((tag("version"),optional,noerror)); ++unsigned int OPENSSL_version_patch(void) __attribute__((tag("version"),optional,noerror)); ++ ++// CRYPTO API ++void *CRYPTO_malloc(size_t num, const char *file, int line); ++void CRYPTO_free(void *str, const char *file, int line); ++ ++// FIPS API ++int FIPS_mode(void) __attribute__((tag("legacy_1"),tag("init_1"),noerror)); ++int FIPS_mode_set(int r) __attribute__((tag("legacy_1"),tag("init_1"))); ++ ++// EVP Config API ++int EVP_default_properties_is_fips_enabled(_OSSL_LIB_CTX_PTR libctx) __attribute__((tag("3"),tag("init_3"),noerror)); ++int EVP_default_properties_enable_fips(_OSSL_LIB_CTX_PTR libctx, int enable) __attribute__((tag("3"))); ++ ++// OSSL_PROVIDER API ++int OSSL_PROVIDER_available(_OSSL_LIB_CTX_PTR libctx, const char *name) __attribute__((tag("3"),noerror)); ++_OSSL_PROVIDER_PTR OSSL_PROVIDER_try_load(_OSSL_LIB_CTX_PTR libctx, const char *name, int retain_fallbacks) __attribute__((tag("3"))); ++const char *OSSL_PROVIDER_get0_name(const _OSSL_PROVIDER_PTR prov) __attribute__((tag("3"),noerror)); ++ ++// RAND API ++int RAND_bytes(unsigned char *buf, int num) __attribute__((tag("legacy_1"),noescape,nocallback,slice("buf","num"))); ++int RAND_bytes_ex(_OSSL_LIB_CTX_PTR ctx, unsigned char *buf, size_t num, unsigned int strength) __attribute__((tag("3"),noescape,nocallback,slice("buf","num"))); ++ ++// EVP_MD API ++_EVP_MD_PTR EVP_MD_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"),tag("init_3"))); ++void EVP_MD_free(_EVP_MD_PTR md) __attribute__((tag("3"),tag("init_3"))); ++const char *EVP_MD_get0_name(const _EVP_MD_PTR md) __attribute__((tag("3"),noerror)); ++int EVP_MD_get_type(const _EVP_MD_PTR md) __attribute__((tag("3"),noerror)); ++const _OSSL_PROVIDER_PTR EVP_MD_get0_provider(const _EVP_MD_PTR md) __attribute__((tag("3"),tag("init_3"),noerror)); ++int EVP_MD_get_size(const _EVP_MD_PTR md) __attribute__((tag("3"),tag("legacy_1","EVP_MD_size"),noerror)); ++int EVP_MD_get_block_size(const _EVP_MD_PTR md) __attribute__((tag("3"),tag("legacy_1","EVP_MD_block_size"),noerror)); ++const _EVP_MD_PTR EVP_md5_sha1(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_ripemd160(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_md4(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_md5(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha1(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha224(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha256(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha384(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha512(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha512_224(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha512_256(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha3_224(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha3_256(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha3_384(void) __attribute__((noerror)); ++const _EVP_MD_PTR EVP_sha3_512(void) __attribute__((noerror)); ++ ++_EVP_MD_CTX_PTR EVP_MD_CTX_new(void); ++void EVP_MD_CTX_free(_EVP_MD_CTX_PTR ctx); ++int EVP_MD_CTX_ctrl(_EVP_MD_CTX_PTR ctx, int cmd, int p1, void *p2); ++int EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR out, const _EVP_MD_CTX_PTR in); ++const _OSSL_PARAM_PTR EVP_MD_CTX_gettable_params(_EVP_MD_CTX_PTR ctx) __attribute__((tag("3"))); ++const _OSSL_PARAM_PTR EVP_MD_CTX_settable_params(_EVP_MD_CTX_PTR ctx) __attribute__((tag("3"))); ++int EVP_MD_CTX_get_params(_EVP_MD_CTX_PTR ctx, _OSSL_PARAM_PTR params) __attribute__((tag("3"),noescape,nocallback)); ++int EVP_MD_CTX_set_params(_EVP_MD_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"),noescape,nocallback)); ++int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const _EVP_MD_PTR type, _ENGINE_PTR impl) __attribute__((noescape,nocallback,slice("data","count"),slice("md","size"))); ++int EVP_DigestInit_ex(_EVP_MD_CTX_PTR ctx, const _EVP_MD_PTR type, _ENGINE_PTR impl); ++int EVP_DigestInit(_EVP_MD_CTX_PTR ctx, const _EVP_MD_PTR type); ++int EVP_DigestUpdate(_EVP_MD_CTX_PTR ctx, const void *d, size_t cnt) __attribute__((noescape,nocallback,slice("d","cnt"))); ++int EVP_DigestFinal_ex(_EVP_MD_CTX_PTR ctx, unsigned char *md, unsigned int *s) __attribute__((noescape,nocallback,slice("md","s"))); ++int EVP_DigestFinalXOF(_EVP_MD_CTX_PTR ctx, unsigned char *md, size_t mdlen) __attribute__((tag("33"),noescape,nocallback,slice("md","mdlen"))); ++int EVP_DigestSqueeze(_EVP_MD_CTX_PTR ctx, unsigned char *out, size_t outlen) __attribute__((tag("33"),optional,noescape,nocallback,slice("out","outlen"))); ++int EVP_DigestSign(_EVP_MD_CTX_PTR ctx, unsigned char *sigret, size_t *siglen, const unsigned char *tbs, size_t tbslen) __attribute__((noescape,nocallback,slice("sigret","siglen"),slice("tbs","tbslen"))); ++int EVP_DigestSignInit(_EVP_MD_CTX_PTR ctx, _EVP_PKEY_CTX_PTR *pctx, const _EVP_MD_PTR type, _ENGINE_PTR e, _EVP_PKEY_PTR pkey); ++int EVP_DigestSignFinal(_EVP_MD_CTX_PTR ctx, unsigned char *sig, size_t *siglen) __attribute__((slice("sig","siglen"))); ++int EVP_DigestVerifyInit(_EVP_MD_CTX_PTR ctx, _EVP_PKEY_CTX_PTR *pctx, const _EVP_MD_PTR type, _ENGINE_PTR e, _EVP_PKEY_PTR pkey); ++int EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR ctx, const unsigned char *sig, size_t siglen) __attribute__((slice("sig","siglen"))); ++int EVP_DigestVerify(_EVP_MD_CTX_PTR ctx, const unsigned char *sigret, size_t siglen, const unsigned char *tbs, size_t tbslen) __attribute__((slice("sigret","siglen"),slice("tbs","tbslen"))); ++ ++// HMAC API ++int HMAC_Init_ex(_HMAC_CTX_PTR arg0, const void *arg1, int arg2, const _EVP_MD_PTR arg3, _ENGINE_PTR arg4) __attribute__((tag("legacy_1"),noescape,nocallback,slice("arg1","arg2"))); ++int HMAC_Update(_HMAC_CTX_PTR arg0, const unsigned char *arg1, size_t arg2) __attribute__((tag("legacy_1"),noescape,nocallback,slice("arg1","arg2"))); ++int HMAC_Final(_HMAC_CTX_PTR arg0, unsigned char *arg1, unsigned int *arg2) __attribute__((tag("legacy_1"),noescape,nocallback,slice("arg1","arg2"))); ++ ++_HMAC_CTX_PTR HMAC_CTX_new(void) __attribute__((tag("legacy_1"))); ++int HMAC_CTX_copy(_HMAC_CTX_PTR dest, _HMAC_CTX_PTR src) __attribute__((tag("legacy_1"),noescape,nocallback)); ++void HMAC_CTX_free(_HMAC_CTX_PTR arg0) __attribute__((tag("legacy_1"),noescape,nocallback)); ++ ++// EVP_CIPHER API ++_EVP_CIPHER_PTR EVP_CIPHER_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); ++const char *EVP_CIPHER_get0_name(const _EVP_CIPHER_PTR cipher) __attribute__((tag("3"),noerror)); ++const _EVP_CIPHER_PTR EVP_aes_128_gcm(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_128_cbc(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_128_ctr(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_128_ecb(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_192_gcm(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_192_cbc(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_192_ctr(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_192_ecb(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_256_cbc(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_256_ctr(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_256_ecb(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_aes_256_gcm(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_des_ecb(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_des_cbc(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_des_ede3_ecb(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_des_ede3_cbc(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_rc4(void) __attribute__((noerror)); ++const _EVP_CIPHER_PTR EVP_chacha20_poly1305(void) __attribute__((optional,noerror)); ++int EVP_CIPHER_get_block_size(const _EVP_CIPHER_PTR cipher) __attribute__((tag("3"),tag("legacy_1","EVP_CIPHER_block_size"),noerror)); ++ ++_EVP_CIPHER_CTX_PTR EVP_CIPHER_CTX_new(void); ++int EVP_CIPHER_CTX_set_padding(_EVP_CIPHER_CTX_PTR x, int padding); ++int EVP_CIPHER_CTX_set_key_length(_EVP_CIPHER_CTX_PTR x, int keylen); ++void EVP_CIPHER_CTX_free(_EVP_CIPHER_CTX_PTR arg0); ++int EVP_CIPHER_CTX_ctrl(_EVP_CIPHER_CTX_PTR ctx, int type, int arg, void *ptr); ++int EVP_CipherInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv, int enc); ++int EVP_CipherUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) __attribute__((noescape,nocallback,slice("out","outl"),slice("in","inl"))); ++int EVP_EncryptInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv); ++int EVP_EncryptUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) __attribute__((noescape,nocallback,slice("out","outl"),slice("in","inl"))); ++int EVP_EncryptFinal_ex(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl) __attribute__((noescape,nocallback,slice("out","outl"))); ++int EVP_DecryptInit_ex(_EVP_CIPHER_CTX_PTR ctx, const _EVP_CIPHER_PTR type, _ENGINE_PTR impl, const unsigned char *key, const unsigned char *iv); ++int EVP_DecryptUpdate(_EVP_CIPHER_CTX_PTR ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) __attribute__((noescape,nocallback,slice("out","outl"),slice("in","inl"))); ++int EVP_DecryptFinal_ex(_EVP_CIPHER_CTX_PTR ctx, unsigned char *outm, int *outl) __attribute__((noescape,nocallback,slice("outm","outl"))); ++ ++// EVP_PKEY API ++_EVP_PKEY_PTR EVP_PKEY_new(void); ++_EVP_PKEY_PTR EVP_PKEY_new_raw_private_key(int type, _ENGINE_PTR e, const unsigned char *key, size_t keylen) __attribute__((slice("key","keylen"))); ++_EVP_PKEY_PTR EVP_PKEY_new_raw_public_key(int type, _ENGINE_PTR e, const unsigned char *key, size_t keylen) __attribute__((slice("key","keylen"))); ++int EVP_PKEY_get_size(const _EVP_PKEY_PTR pkey) __attribute__((tag("3"),tag("legacy_1","EVP_PKEY_size"))); ++int EVP_PKEY_get_bits(const _EVP_PKEY_PTR pkey) __attribute__((tag("3"),tag("legacy_1","EVP_PKEY_bits"))); ++void EVP_PKEY_free(_EVP_PKEY_PTR arg0); ++_RSA_PTR EVP_PKEY_get1_RSA(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); ++int EVP_PKEY_assign(_EVP_PKEY_PTR pkey, int type, void *key) __attribute__((tag("legacy_1"))); ++_EC_KEY_PTR EVP_PKEY_get0_EC_KEY(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); ++_DSA_PTR EVP_PKEY_get0_DSA(_EVP_PKEY_PTR pkey) __attribute__((tag("legacy_1"))); ++int EVP_PKEY_set1_encoded_public_key(_EVP_PKEY_PTR pkey, const unsigned char *pub, size_t publen) __attribute__((tag("3"),slice("pub","publen"))); ++size_t EVP_PKEY_get1_encoded_public_key(_EVP_PKEY_PTR pkey, unsigned char **ppub) __attribute__((tag("3"))); ++int EVP_PKEY_get_bn_param(const _EVP_PKEY_PTR pkey, const char *key_name, _BIGNUM_PTR *bn) __attribute__((tag("3"),noescape,nocallback)); ++int EVP_PKEY_get_octet_string_param(const _EVP_PKEY_PTR pkey, const char *key_name, unsigned char *buf, size_t buf_len, size_t *out_len) __attribute__((tag("3"),slice("buf","buf_len"))); ++int EVP_PKEY_up_ref(_EVP_PKEY_PTR key); ++int EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR pkey, _EC_KEY_PTR key) __attribute__((tag("legacy_1"))); ++int EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR ctx, void *label, int labellen) __attribute__((tag("3"),slice("label","labellen"))); ++int EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR pkey, unsigned char *pub, size_t *publen) __attribute__((noescape,nocallback,slice("pub","publen"))); ++int EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR pkey, unsigned char *priv, size_t *privlen) __attribute__((noescape,nocallback,slice("priv","privlen"))); ++int EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); ++int EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *pkey, int selection, _OSSL_PARAM_PTR params) __attribute__((tag("3"))); ++int EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR ctx); ++int EVP_PKEY_paramgen(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *ppkey); ++int EVP_PKEY_keygen_init(_EVP_PKEY_CTX_PTR ctx); ++int EVP_PKEY_keygen(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR *ppkey) __attribute__((noescape,nocallback)); ++int EVP_PKEY_decrypt(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4) __attribute__((slice("arg1","arg2"),slice("arg3","arg4"))); ++int EVP_PKEY_encrypt(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4) __attribute__((slice("arg1","arg2"),slice("arg3","arg4"))); ++int EVP_PKEY_decrypt_init(_EVP_PKEY_CTX_PTR arg0); ++int EVP_PKEY_encrypt_init(_EVP_PKEY_CTX_PTR arg0); ++int EVP_PKEY_sign_init(_EVP_PKEY_CTX_PTR arg0); ++int EVP_PKEY_verify_init(_EVP_PKEY_CTX_PTR arg0); ++int EVP_PKEY_sign(_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4) __attribute__((slice("arg1","arg2"),slice("arg3","arg4"))); ++int EVP_PKEY_verify(_EVP_PKEY_CTX_PTR ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen) __attribute__((slice("sig","siglen"),slice("tbs","tbslen"))); ++int EVP_PKEY_derive_init(_EVP_PKEY_CTX_PTR ctx); ++int EVP_PKEY_derive_set_peer(_EVP_PKEY_CTX_PTR ctx, _EVP_PKEY_PTR peer); ++int EVP_PKEY_derive(_EVP_PKEY_CTX_PTR ctx, unsigned char *key, size_t *keylen) __attribute__((noescape,nocallback,slice("key","keylen"))); ++int EVP_PKEY_public_check_quick(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); ++int EVP_PKEY_private_check(_EVP_PKEY_CTX_PTR ctx) __attribute__((tag("3"))); ++_EVP_PKEY_PTR EVP_PKEY_Q_keygen(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, ...) __attribute__((tag("3"))); ++_EVP_PKEY_PTR EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, size_t arg1) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); ++_EVP_PKEY_PTR EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, const char *arg1) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); ++_EVP_PKEY_PTR EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); ++_EVP_PKEY_PTR EVP_PKEY_Q_keygen_X25519(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); ++_EVP_PKEY_PTR EVP_PKEY_Q_keygen_MLKEM(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); ++_EVP_PKEY_PTR EVP_PKEY_Q_keygen_MLDSA(_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type) __attribute__((tag("3"),variadic("EVP_PKEY_Q_keygen"),noescape,nocallback)); ++ ++_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new(_EVP_PKEY_PTR arg0, _ENGINE_PTR arg1); ++_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new_id(int id, _ENGINE_PTR e); ++_EVP_PKEY_CTX_PTR EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR libctx, _EVP_PKEY_PTR pkey, const char *propquery) __attribute__((tag("3"))); ++void EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR arg0); ++int EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR ctx, int keytype, int optype, int cmd, int p1, void *p2); ++int EVP_PKEY_CTX_set_params(_EVP_PKEY_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"),noescape,nocallback)); ++int EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR arg0, int arg1) __attribute__((tag("3"))); ++int EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR arg0, const _EVP_MD_PTR arg1) __attribute__((tag("3"))); ++int EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"),slice("arg1","arg2"))); ++int EVP_PKEY_CTX_set1_hkdf_key(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"),slice("arg1","arg2"))); ++int EVP_PKEY_CTX_add1_hkdf_info(_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2) __attribute__((tag("3"),slice("arg1","arg2"))); ++ ++// RSA API ++_RSA_PTR RSA_new(void) __attribute__((tag("legacy_1"))); ++void RSA_free(_RSA_PTR arg0) __attribute__((tag("legacy_1"))); ++void RSA_get0_factors(const _RSA_PTR rsa, const _BIGNUM_PTR *p, const _BIGNUM_PTR *q) __attribute__((tag("legacy_1"),noerror)); ++int RSA_set0_factors(_RSA_PTR rsa, _BIGNUM_PTR p, _BIGNUM_PTR q) __attribute__((tag("legacy_1"))); ++void RSA_get0_crt_params(const _RSA_PTR r, const _BIGNUM_PTR *dmp1, const _BIGNUM_PTR *dmq1, const _BIGNUM_PTR *iqmp) __attribute__((tag("legacy_1"),noerror)); ++int RSA_set0_crt_params(_RSA_PTR rsa, _BIGNUM_PTR dmp1, _BIGNUM_PTR dmp2, _BIGNUM_PTR iqmp) __attribute__((tag("legacy_1"))); ++void RSA_get0_key(const _RSA_PTR rsa, const _BIGNUM_PTR *n, const _BIGNUM_PTR *e, const _BIGNUM_PTR *d) __attribute__((tag("legacy_1"),noerror)); ++int RSA_set0_key(_RSA_PTR r, _BIGNUM_PTR n, _BIGNUM_PTR e, _BIGNUM_PTR d) __attribute__((tag("legacy_1"))); ++ ++// BIGNUM API ++_BIGNUM_PTR BN_new(void); ++void BN_free(_BIGNUM_PTR arg0); ++void BN_clear(_BIGNUM_PTR arg0); ++void BN_clear_free(_BIGNUM_PTR arg0); ++int BN_num_bits(const _BIGNUM_PTR arg0) __attribute__((noerror)); ++_BIGNUM_PTR BN_bin2bn(const unsigned char *arg0, int arg1, _BIGNUM_PTR arg2) __attribute__((slice("arg0","arg1"))); ++_BIGNUM_PTR BN_lebin2bn(const unsigned char *s, int slen, _BIGNUM_PTR ret) __attribute__((slice("s","slen"))); ++int BN_bn2lebinpad(const _BIGNUM_PTR a, unsigned char *to, int tolen) __attribute__((errcond("== -1"),slice("to","tolen"))); ++int BN_bn2binpad(const _BIGNUM_PTR a, unsigned char *to, int tolen) __attribute__((errcond("== -1"),slice("to","tolen"))); ++ ++// EC API ++int EC_KEY_set_public_key_affine_coordinates(_EC_KEY_PTR key, _BIGNUM_PTR x, _BIGNUM_PTR y) __attribute__((tag("legacy_1"))); ++int EC_KEY_set_public_key(_EC_KEY_PTR key, const _EC_POINT_PTR pub) __attribute__((tag("legacy_1"))); ++void EC_KEY_free(_EC_KEY_PTR arg0) __attribute__((tag("legacy_1"))); ++const _EC_GROUP_PTR EC_KEY_get0_group(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"),noerror)); ++const _BIGNUM_PTR EC_KEY_get0_private_key(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"),noerror)); ++const _EC_POINT_PTR EC_KEY_get0_public_key(const _EC_KEY_PTR arg0) __attribute__((tag("legacy_1"),noerror)); ++_EC_KEY_PTR EC_KEY_new_by_curve_name(int arg0) __attribute__((tag("legacy_1"))); ++int EC_KEY_set_private_key(_EC_KEY_PTR arg0, const _BIGNUM_PTR arg1) __attribute__((tag("legacy_1"))); ++int EC_KEY_check_key(const _EC_KEY_PTR key) __attribute__((tag("legacy_1"))); ++_EC_POINT_PTR EC_POINT_new(const _EC_GROUP_PTR arg0); ++void EC_POINT_free(_EC_POINT_PTR arg0); ++int EC_POINT_mul(const _EC_GROUP_PTR group, _EC_POINT_PTR r, const _BIGNUM_PTR n, const _EC_POINT_PTR q, const _BIGNUM_PTR m, _BN_CTX_PTR ctx); ++int EC_POINT_get_affine_coordinates_GFp(const _EC_GROUP_PTR arg0, const _EC_POINT_PTR arg1, _BIGNUM_PTR arg2, _BIGNUM_PTR arg3, _BN_CTX_PTR arg4) __attribute__((tag("legacy_1"))); ++int EC_POINT_set_affine_coordinates(const _EC_GROUP_PTR arg0, _EC_POINT_PTR arg1, const _BIGNUM_PTR arg2, const _BIGNUM_PTR arg3, _BN_CTX_PTR arg4) __attribute__((tag("3"))); ++size_t EC_POINT_point2oct(const _EC_GROUP_PTR group, const _EC_POINT_PTR p, point_conversion_form_t form, unsigned char *buf, size_t buflen, _BN_CTX_PTR ctx) __attribute__((slice("buf","buflen"))); ++int EC_POINT_oct2point(const _EC_GROUP_PTR group, _EC_POINT_PTR p, const unsigned char *buf, size_t buflen, _BN_CTX_PTR ctx) __attribute__((slice("buf","buflen"))); ++_EC_GROUP_PTR EC_GROUP_new_by_curve_name(int nid); ++void EC_GROUP_free(_EC_GROUP_PTR group); ++ ++// EVP_MAC API ++_EVP_MAC_PTR EVP_MAC_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); ++_EVP_MAC_CTX_PTR EVP_MAC_CTX_new(_EVP_MAC_PTR arg0) __attribute__((tag("3"))); ++int EVP_MAC_CTX_set_params(_EVP_MAC_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); ++void EVP_MAC_CTX_free(_EVP_MAC_CTX_PTR arg0) __attribute__((tag("3"),noescape,nocallback)); ++_EVP_MAC_CTX_PTR EVP_MAC_CTX_dup(const _EVP_MAC_CTX_PTR arg0) __attribute__((tag("3"))); ++int EVP_MAC_init(_EVP_MAC_CTX_PTR ctx, const unsigned char *key, size_t keylen, const _OSSL_PARAM_PTR params) __attribute__((tag("3"),noescape,nocallback,slice("key","keylen"))); ++int EVP_MAC_update(_EVP_MAC_CTX_PTR ctx, const unsigned char *data, size_t datalen) __attribute__((tag("3"),noescape,nocallback,slice("data","datalen"))); ++int EVP_MAC_final(_EVP_MAC_CTX_PTR ctx, unsigned char *out, size_t *outl, size_t outsize) __attribute__((tag("3"),noescape,nocallback,slice("out","outsize"))); ++ ++// OSSL_PARAM API ++void OSSL_PARAM_free(_OSSL_PARAM_PTR p) __attribute__((tag("3"))); ++const _OSSL_PARAM_PTR OSSL_PARAM_locate_const(const _OSSL_PARAM_PTR p, const char *key) __attribute__((tag("3"))); ++_OSSL_PARAM_BLD_PTR OSSL_PARAM_BLD_new(void) __attribute__((tag("3"),noerror)); ++void OSSL_PARAM_BLD_free(_OSSL_PARAM_BLD_PTR bld) __attribute__((tag("3"))); ++_OSSL_PARAM_PTR OSSL_PARAM_BLD_to_param(_OSSL_PARAM_BLD_PTR bld) __attribute__((tag("3"))); ++int OSSL_PARAM_BLD_push_utf8_string(_OSSL_PARAM_BLD_PTR bld, const char *key, const char *buf, size_t bsize) __attribute__((tag("3"),slice("buf","bsize"))); ++int OSSL_PARAM_BLD_push_octet_string(_OSSL_PARAM_BLD_PTR bld, const char *key, const void *buf, size_t bsize) __attribute__((tag("3"),slice("buf","bsize"))); ++int OSSL_PARAM_BLD_push_BN(_OSSL_PARAM_BLD_PTR bld, const char *key, const _BIGNUM_PTR bn) __attribute__((tag("3"))); ++int OSSL_PARAM_BLD_push_int32(_OSSL_PARAM_BLD_PTR bld, const char *key, int32_t num) __attribute__((tag("3"))); ++ ++// EVP_SIGNATURE API ++_EVP_SIGNATURE_PTR EVP_SIGNATURE_fetch(_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); ++void EVP_SIGNATURE_free(_EVP_SIGNATURE_PTR signature) __attribute__((tag("3"))); ++ ++// DSA API ++_DSA_PTR DSA_new(void) __attribute__((tag("legacy_1"))); ++void DSA_free(_DSA_PTR r) __attribute__((tag("legacy_1"))); ++int DSA_generate_key(_DSA_PTR a) __attribute__((tag("legacy_1"))); ++void DSA_get0_pqg(const _DSA_PTR d, const _BIGNUM_PTR *p, const _BIGNUM_PTR *q, const _BIGNUM_PTR *g) __attribute__((tag("legacy_1"))); ++int DSA_set0_pqg(_DSA_PTR d, _BIGNUM_PTR p, _BIGNUM_PTR q, _BIGNUM_PTR g) __attribute__((tag("legacy_1"))); ++void DSA_get0_key(const _DSA_PTR d, const _BIGNUM_PTR *pub_key, const _BIGNUM_PTR *priv_key) __attribute__((tag("legacy_1"))); ++int DSA_set0_key(_DSA_PTR d, _BIGNUM_PTR pub_key, _BIGNUM_PTR priv_key) __attribute__((tag("legacy_1"))); ++ ++// EVP_KDF API ++_EVP_KDF_PTR EVP_KDF_fetch(_OSSL_LIB_CTX_PTR libctx, const char *algorithm, const char *properties) __attribute__((tag("3"))); ++void EVP_KDF_free(_EVP_KDF_PTR kdf) __attribute__((tag("3"))); ++_EVP_KDF_CTX_PTR EVP_KDF_CTX_new(_EVP_KDF_PTR kdf) __attribute__((tag("3"))); ++int EVP_KDF_CTX_set_params(_EVP_KDF_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); ++void EVP_KDF_CTX_free(_EVP_KDF_CTX_PTR ctx) __attribute__((tag("3"))); ++size_t EVP_KDF_CTX_get_kdf_size(_EVP_KDF_CTX_PTR ctx) __attribute__((tag("3"))); ++int EVP_KDF_derive(_EVP_KDF_CTX_PTR ctx, unsigned char *key, size_t keylen, const _OSSL_PARAM_PTR params) __attribute__((tag("3"),slice("key","keylen"))); ++int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, const _EVP_MD_PTR digest, int keylen, unsigned char *out) __attribute__((tag("legacy_1"),slice("pass","passlen"),slice("salt","saltlen"),slice("out","keylen"))); ++ ++// OBJ API ++const char *OBJ_nid2sn(int n) __attribute__((noerror)); ++ ++// EVP KEM API for ML-KEM (OpenSSL 3.x) ++_EVP_KEYMGMT_PTR EVP_KEYMGMT_fetch(_OSSL_LIB_CTX_PTR libctx, const char *algorithm, const char *properties) __attribute__((tag("3"),optional)); ++void EVP_KEYMGMT_free(_EVP_KEYMGMT_PTR keymgmt) __attribute__((tag("3"))); ++int EVP_PKEY_encapsulate_init(_EVP_PKEY_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); ++int EVP_PKEY_encapsulate(_EVP_PKEY_CTX_PTR ctx, unsigned char *wrappedkey, size_t *wrappedkeylen, unsigned char *genkey, size_t *genkeylen) __attribute__((tag("3"))); ++int EVP_PKEY_decapsulate_init(_EVP_PKEY_CTX_PTR ctx, const _OSSL_PARAM_PTR params) __attribute__((tag("3"))); ++int EVP_PKEY_decapsulate(_EVP_PKEY_CTX_PTR ctx, unsigned char *genkey, size_t *genkeylen, const unsigned char *wrappedkey, size_t wrappedkeylen) __attribute__((tag("3"))); ++ ++#endif // _GO_OSSL_SHIMS_H +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo.go +new file mode 100644 +index 00000000000000..45c9ce7215a2bd +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo.go +@@ -0,0 +1,87 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build !cgo ++ ++package ossl ++ ++import ( ++ "unsafe" ++) ++ ++//go:linkname runtime_cgocall runtime.cgocall ++ ++//go:noescape ++func runtime_cgocall(fn uintptr, arg unsafe.Pointer) int32 // from runtime/sys_libc.go ++ ++//go:linkname noescape ++//go:nosplit ++func noescape(p unsafe.Pointer) unsafe.Pointer { ++ x := uintptr(p) ++ return unsafe.Pointer(x ^ 0) ++} ++ ++type libcCallInfo struct { ++ fn uintptr ++ n uintptr // number of parameters ++ args uintptr // parameters ++ r1, r2 uintptr // return values ++ errType uintptr ++} ++ ++//go:noescape ++func syscallNAsm(libcArgs *libcCallInfo) ++ ++// syscallNSystemStack performs a syscall on the system stack. ++// It can't allocate Go memory nor grow the stack over the nosplit limit. ++// ++//go:nosplit ++func syscallNSystemStack(libcArgs *libcCallInfo) { ++ if libcArgs.errType != 0 { ++ libcArgs.n-- ++ } ++ syscallNAsm(libcArgs) ++ if libcArgs.errType != 0 { ++ _mkcgo_error_check(libcArgs.errType, libcArgs.r1, libcArgs.args, libcArgs.n) ++ } ++} ++ ++var syscallNSystemStack_trampoline byte ++var syscallNSystemStackABIInternal = uintptr(unsafe.Pointer(&syscallNSystemStack_trampoline)) ++ ++// syscallN performs a syscall with the given function and arguments. ++// ++// All its parameters and return values must be uintptr in order ++// for the Go compiler to automatically set the //go:uintptrkeepalive ++// directive (which we can't set manually here). ++// See https://github.com/golang/go/blob/9a5a1202f4c4d5a7048b149b65c3e5b82a2de9aa/src/cmd/compile/internal/escape/call.go#L275. ++// ++//go:nosplit ++func syscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { ++ libcArgs := libcCallInfo{ ++ fn: fn, ++ n: uintptr(len(args)), ++ errType: errType, ++ } ++ if libcArgs.n != 0 { ++ libcArgs.args = uintptr(noescape(unsafe.Pointer(&args[0]))) ++ } ++ runtime_cgocall(syscallNSystemStackABIInternal, unsafe.Pointer(&libcArgs)) ++ return libcArgs.r1, libcArgs.r2 ++} ++ ++// syscallNRaw performs a syscall with the given function and arguments, ++// without any error checking nor switching to the system stack. ++// ++//go:nosplit ++func syscallNRaw(fn uintptr, args ...uintptr) uintptr { ++ libcArgs := libcCallInfo{ ++ fn: fn, ++ n: uintptr(len(args)), ++ } ++ if libcArgs.n != 0 { ++ libcArgs.args = uintptr(noescape(unsafe.Pointer(&args[0]))) ++ } ++ syscallNAsm(&libcArgs) ++ return libcArgs.r1 ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_darwin.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_darwin.go +new file mode 100644 +index 00000000000000..70dbcb15a9142d +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_darwin.go +@@ -0,0 +1,8 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build !cgo ++ ++package ossl ++ ++//go:cgo_import_dynamic _ _ "/usr/lib/libSystem.B.dylib" +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_freebsd.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_freebsd.go +new file mode 100644 +index 00000000000000..4a8747b4d6b2a9 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_freebsd.go +@@ -0,0 +1,8 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build !cgo ++ ++package ossl ++ ++//go:cgo_import_dynamic _ _ "libc.so.7" +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_linux.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_linux.go +new file mode 100644 +index 00000000000000..236f6361eb0935 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_linux.go +@@ -0,0 +1,8 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build !cgo ++ ++package ossl ++ ++//go:cgo_import_dynamic _ _ "libdl.so.2" +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_unix.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_unix.go +new file mode 100644 +index 00000000000000..24c7b8aaa3e5bd +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_unix.go +@@ -0,0 +1,23 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build !cgo && unix && (go1.27 || !s390x) ++ ++package ossl ++ ++import ( ++ "unsafe" ++ ++ _ "github.com/microsoft/go-crypto-openssl/internal/fakecgo" ++) ++ ++func dlsym(handle unsafe.Pointer, symbol string, optional bool) uintptr { ++ r0 := Dlsym(handle, unsafe.StringData(symbol)) ++ if r0 == nil { ++ if !optional { ++ panic("cannot get required symbol " + symbol) ++ } ++ return 0 ++ } ++ return uintptr(r0) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_windows.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_windows.go +new file mode 100644 +index 00000000000000..38fb4882eb487d +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/syscall_nocgo_windows.go +@@ -0,0 +1,25 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build !cgo && windows ++ ++package ossl ++ ++import ( ++ "syscall" ++ "unsafe" ++) ++ ++var modkernel32 = syscall.NewLazyDLL("kernel32.dll") ++var procGetProcAddress = modkernel32.NewProc("GetProcAddress") ++ ++func dlsym(handle unsafe.Pointer, symbol string, optional bool) uintptr { ++ r0, _, err := syscall.SyscallN(procGetProcAddress.Addr(), uintptr(handle), uintptr(unsafe.Pointer(unsafe.StringData(symbol)))) ++ if err != 0 { ++ if !optional { ++ panic("cannot get required symbol " + symbol + ": " + err.Error()) ++ } ++ return 0 ++ } ++ return r0 ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zdl.s b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zdl.s +new file mode 100644 +index 00000000000000..51fd1af1cf33fd +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zdl.s +@@ -0,0 +1,58 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++//go:build !cgo && unix ++ ++#include "textflag.h" ++ ++#ifndef GOARCH_amd64 ++#ifndef GOARCH_arm64 ++#ifndef GOARCH_riscv64 ++#ifndef GOARCH_loong64 ++#ifndef GOARCH_mips64 ++#ifndef GOARCH_mips64le ++#ifndef GOARCH_ppc64 ++#ifndef GOARCH_ppc64le ++#ifndef GOARCH_s390x ++#ifndef GOARCH_sparc64 ++#define _GOPTRSIZE 4 ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++#endif ++ ++#ifndef _GOPTRSIZE ++#define _GOPTRSIZE 8 ++#endif ++TEXT _mkcgo_dlclose_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_dlclose(SB) ++ ++GLOBL ·_mkcgo_dlclose_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_dlclose_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_dlclose_trampoline<>(SB) ++ ++TEXT _mkcgo_dlerror_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_dlerror(SB) ++ ++GLOBL ·_mkcgo_dlerror_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_dlerror_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_dlerror_trampoline<>(SB) ++ ++TEXT _mkcgo_dlopen_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_dlopen(SB) ++ ++GLOBL ·_mkcgo_dlopen_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_dlopen_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_dlopen_trampoline<>(SB) ++ ++TEXT _mkcgo_dlsym_trampoline<>(SB), NOSPLIT, $0-0 ++ JMP _mkcgo_dlsym(SB) ++ ++GLOBL ·_mkcgo_dlsym_trampoline_addr(SB), RODATA, $_GOPTRSIZE ++DATA ·_mkcgo_dlsym_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_dlsym_trampoline<>(SB) ++ +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zdl_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zdl_nocgo.go +new file mode 100644 +index 00000000000000..7d382b9a5c288c +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zdl_nocgo.go +@@ -0,0 +1,61 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++//go:build !cgo && unix ++ ++package ossl ++ ++import ( ++ "runtime" ++ "unsafe" ++) ++ ++var _ = runtime.GOOS ++ ++var _mkcgoAlwaysFalseDl bool ++var _mkcgoEscapeSinkDl unsafe.Pointer ++ ++// mkcgoEscapePtrDl forces p to escape to the heap. ++// This implementation is also used in the standard library: ++// https://github.com/golang/go/blob/f71432d223eeb2139b460957817400750fd13655/src/internal/abi/escape.go#L24-L33 ++func mkcgoEscapePtrDl(p unsafe.Pointer) unsafe.Pointer { ++ if _mkcgoAlwaysFalseDl { ++ _mkcgoEscapeSinkDl = p ++ } ++ return p ++} ++ ++//go:cgo_import_dynamic _mkcgo_dlclose dlclose "" ++//go:cgo_import_dynamic _mkcgo_dlerror dlerror "" ++//go:cgo_import_dynamic _mkcgo_dlopen dlopen "" ++//go:cgo_import_dynamic _mkcgo_dlsym dlsym "" ++ ++var _mkcgo_dlclose_trampoline_addr uintptr ++ ++func Dlclose(handle unsafe.Pointer) int32 { ++ r0, _ := syscallN(0, _mkcgo_dlclose_trampoline_addr, uintptr(handle)) ++ return int32(r0) ++} ++ ++var _mkcgo_dlerror_trampoline_addr uintptr ++ ++func Dlerror() *byte { ++ r0, _ := syscallN(0, _mkcgo_dlerror_trampoline_addr) ++ return (*byte)(unsafe.Pointer(r0)) ++} ++ ++var _mkcgo_dlopen_trampoline_addr uintptr ++ ++func Dlopen(path *byte, flags int32) unsafe.Pointer { ++ r0, _ := syscallN(0, _mkcgo_dlopen_trampoline_addr, uintptr(mkcgoEscapePtrDl(unsafe.Pointer(path))), uintptr(flags)) ++ return unsafe.Pointer(r0) ++} ++ ++var _mkcgo_dlsym_trampoline_addr uintptr ++ ++func Dlsym(handle unsafe.Pointer, symbol *byte) unsafe.Pointer { ++ r0, _ := syscallN(0, _mkcgo_dlsym_trampoline_addr, uintptr(handle), uintptr(mkcgoEscapePtrDl(unsafe.Pointer(symbol)))) ++ return unsafe.Pointer(r0) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.c b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.c +new file mode 100644 +index 00000000000000..8abb6430c2a6e7 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.c +@@ -0,0 +1,2083 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++#include ++#include ++#include ++#include ++#include "zossl.h" ++ ++#ifdef _WIN32 ++#include ++#define dlsym GetProcAddress ++#else ++#include ++#endif ++ ++long (*_g_BIO_ctrl)(_BIO_PTR, int, long, void*); ++int (*_g_BIO_free)(_BIO_PTR); ++_BIO_PTR (*_g_BIO_new)(const _BIO_METHOD_PTR); ++const _BIO_METHOD_PTR (*_g_BIO_s_mem)(void); ++_BIGNUM_PTR (*_g_BN_bin2bn)(const unsigned char*, int, _BIGNUM_PTR); ++int (*_g_BN_bn2binpad)(const _BIGNUM_PTR, unsigned char*, int); ++int (*_g_BN_bn2lebinpad)(const _BIGNUM_PTR, unsigned char*, int); ++void (*_g_BN_clear)(_BIGNUM_PTR); ++void (*_g_BN_clear_free)(_BIGNUM_PTR); ++void (*_g_BN_free)(_BIGNUM_PTR); ++_BIGNUM_PTR (*_g_BN_lebin2bn)(const unsigned char*, int, _BIGNUM_PTR); ++_BIGNUM_PTR (*_g_BN_new)(void); ++int (*_g_BN_num_bits)(const _BIGNUM_PTR); ++void (*_g_CRYPTO_free)(void*, const char*, int); ++void* (*_g_CRYPTO_malloc)(size_t, const char*, int); ++void (*_g_DSA_free)(_DSA_PTR); ++int (*_g_DSA_generate_key)(_DSA_PTR); ++void (*_g_DSA_get0_key)(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++void (*_g_DSA_get0_pqg)(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++_DSA_PTR (*_g_DSA_new)(void); ++int (*_g_DSA_set0_key)(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR); ++int (*_g_DSA_set0_pqg)(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR); ++void (*_g_EC_GROUP_free)(_EC_GROUP_PTR); ++_EC_GROUP_PTR (*_g_EC_GROUP_new_by_curve_name)(int); ++int (*_g_EC_KEY_check_key)(const _EC_KEY_PTR); ++void (*_g_EC_KEY_free)(_EC_KEY_PTR); ++const _EC_GROUP_PTR (*_g_EC_KEY_get0_group)(const _EC_KEY_PTR); ++const _BIGNUM_PTR (*_g_EC_KEY_get0_private_key)(const _EC_KEY_PTR); ++const _EC_POINT_PTR (*_g_EC_KEY_get0_public_key)(const _EC_KEY_PTR); ++_EC_KEY_PTR (*_g_EC_KEY_new_by_curve_name)(int); ++int (*_g_EC_KEY_set_private_key)(_EC_KEY_PTR, const _BIGNUM_PTR); ++int (*_g_EC_KEY_set_public_key)(_EC_KEY_PTR, const _EC_POINT_PTR); ++int (*_g_EC_KEY_set_public_key_affine_coordinates)(_EC_KEY_PTR, _BIGNUM_PTR, _BIGNUM_PTR); ++void (*_g_EC_POINT_free)(_EC_POINT_PTR); ++int (*_g_EC_POINT_get_affine_coordinates_GFp)(const _EC_GROUP_PTR, const _EC_POINT_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BN_CTX_PTR); ++int (*_g_EC_POINT_mul)(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _EC_POINT_PTR, const _BIGNUM_PTR, _BN_CTX_PTR); ++_EC_POINT_PTR (*_g_EC_POINT_new)(const _EC_GROUP_PTR); ++int (*_g_EC_POINT_oct2point)(const _EC_GROUP_PTR, _EC_POINT_PTR, const unsigned char*, size_t, _BN_CTX_PTR); ++size_t (*_g_EC_POINT_point2oct)(const _EC_GROUP_PTR, const _EC_POINT_PTR, point_conversion_form_t, unsigned char*, size_t, _BN_CTX_PTR); ++int (*_g_EC_POINT_set_affine_coordinates)(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _BIGNUM_PTR, _BN_CTX_PTR); ++unsigned long (*_g_ERR_peek_error)(void); ++void (*_g_ERR_print_errors)(_BIO_PTR); ++int (*_g_EVP_CIPHER_CTX_ctrl)(_EVP_CIPHER_CTX_PTR, int, int, void*); ++void (*_g_EVP_CIPHER_CTX_free)(_EVP_CIPHER_CTX_PTR); ++_EVP_CIPHER_CTX_PTR (*_g_EVP_CIPHER_CTX_new)(void); ++int (*_g_EVP_CIPHER_CTX_set_key_length)(_EVP_CIPHER_CTX_PTR, int); ++int (*_g_EVP_CIPHER_CTX_set_padding)(_EVP_CIPHER_CTX_PTR, int); ++_EVP_CIPHER_PTR (*_g_EVP_CIPHER_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); ++const char* (*_g_EVP_CIPHER_get0_name)(const _EVP_CIPHER_PTR); ++int (*_g_EVP_CIPHER_get_block_size)(const _EVP_CIPHER_PTR); ++int (*_g_EVP_CipherInit_ex)(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, int); ++int (*_g_EVP_CipherUpdate)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int); ++int (*_g_EVP_DecryptFinal_ex)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*); ++int (*_g_EVP_DecryptInit_ex)(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*); ++int (*_g_EVP_DecryptUpdate)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int); ++int (*_g_EVP_Digest)(const unsigned char*, size_t, unsigned char*, unsigned int*, const _EVP_MD_PTR, _ENGINE_PTR); ++int (*_g_EVP_DigestFinalXOF)(_EVP_MD_CTX_PTR, unsigned char*, size_t); ++int (*_g_EVP_DigestFinal_ex)(_EVP_MD_CTX_PTR, unsigned char*, unsigned int*); ++int (*_g_EVP_DigestInit)(_EVP_MD_CTX_PTR, const _EVP_MD_PTR); ++int (*_g_EVP_DigestInit_ex)(_EVP_MD_CTX_PTR, const _EVP_MD_PTR, _ENGINE_PTR); ++int (*_g_EVP_DigestSign)(_EVP_MD_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); ++int (*_g_EVP_DigestSignFinal)(_EVP_MD_CTX_PTR, unsigned char*, size_t*); ++int (*_g_EVP_DigestSignInit)(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR); ++int (*_g_EVP_DigestSqueeze)(_EVP_MD_CTX_PTR, unsigned char*, size_t); ++int (*_g_EVP_DigestUpdate)(_EVP_MD_CTX_PTR, const unsigned char*, size_t); ++int (*_g_EVP_DigestVerify)(_EVP_MD_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t); ++int (*_g_EVP_DigestVerifyFinal)(_EVP_MD_CTX_PTR, const unsigned char*, size_t); ++int (*_g_EVP_DigestVerifyInit)(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR); ++int (*_g_EVP_EncryptFinal_ex)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*); ++int (*_g_EVP_EncryptInit_ex)(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*); ++int (*_g_EVP_EncryptUpdate)(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int); ++void (*_g_EVP_KDF_CTX_free)(_EVP_KDF_CTX_PTR); ++size_t (*_g_EVP_KDF_CTX_get_kdf_size)(_EVP_KDF_CTX_PTR); ++_EVP_KDF_CTX_PTR (*_g_EVP_KDF_CTX_new)(_EVP_KDF_PTR); ++int (*_g_EVP_KDF_CTX_set_params)(_EVP_KDF_CTX_PTR, const _OSSL_PARAM_PTR); ++int (*_g_EVP_KDF_derive)(_EVP_KDF_CTX_PTR, unsigned char*, size_t, const _OSSL_PARAM_PTR); ++_EVP_KDF_PTR (*_g_EVP_KDF_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); ++void (*_g_EVP_KDF_free)(_EVP_KDF_PTR); ++_EVP_KEYMGMT_PTR (*_g_EVP_KEYMGMT_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); ++void (*_g_EVP_KEYMGMT_free)(_EVP_KEYMGMT_PTR); ++_EVP_MAC_CTX_PTR (*_g_EVP_MAC_CTX_dup)(const _EVP_MAC_CTX_PTR); ++void (*_g_EVP_MAC_CTX_free)(_EVP_MAC_CTX_PTR); ++_EVP_MAC_CTX_PTR (*_g_EVP_MAC_CTX_new)(_EVP_MAC_PTR); ++int (*_g_EVP_MAC_CTX_set_params)(_EVP_MAC_CTX_PTR, const _OSSL_PARAM_PTR); ++_EVP_MAC_PTR (*_g_EVP_MAC_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); ++int (*_g_EVP_MAC_final)(_EVP_MAC_CTX_PTR, unsigned char*, size_t*, size_t); ++int (*_g_EVP_MAC_init)(_EVP_MAC_CTX_PTR, const unsigned char*, size_t, const _OSSL_PARAM_PTR); ++int (*_g_EVP_MAC_update)(_EVP_MAC_CTX_PTR, const unsigned char*, size_t); ++int (*_g_EVP_MD_CTX_copy_ex)(_EVP_MD_CTX_PTR, const _EVP_MD_CTX_PTR); ++int (*_g_EVP_MD_CTX_ctrl)(_EVP_MD_CTX_PTR, int, int, void*); ++void (*_g_EVP_MD_CTX_free)(_EVP_MD_CTX_PTR); ++int (*_g_EVP_MD_CTX_get_params)(_EVP_MD_CTX_PTR, _OSSL_PARAM_PTR); ++const _OSSL_PARAM_PTR (*_g_EVP_MD_CTX_gettable_params)(_EVP_MD_CTX_PTR); ++_EVP_MD_CTX_PTR (*_g_EVP_MD_CTX_new)(void); ++int (*_g_EVP_MD_CTX_set_params)(_EVP_MD_CTX_PTR, const _OSSL_PARAM_PTR); ++const _OSSL_PARAM_PTR (*_g_EVP_MD_CTX_settable_params)(_EVP_MD_CTX_PTR); ++_EVP_MD_PTR (*_g_EVP_MD_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); ++void (*_g_EVP_MD_free)(_EVP_MD_PTR); ++const char* (*_g_EVP_MD_get0_name)(const _EVP_MD_PTR); ++const _OSSL_PROVIDER_PTR (*_g_EVP_MD_get0_provider)(const _EVP_MD_PTR); ++int (*_g_EVP_MD_get_block_size)(const _EVP_MD_PTR); ++int (*_g_EVP_MD_get_size)(const _EVP_MD_PTR); ++int (*_g_EVP_MD_get_type)(const _EVP_MD_PTR); ++int (*_g_EVP_PKEY_CTX_add1_hkdf_info)(_EVP_PKEY_CTX_PTR, const unsigned char*, int); ++int (*_g_EVP_PKEY_CTX_ctrl)(_EVP_PKEY_CTX_PTR, int, int, int, int, void*); ++void (*_g_EVP_PKEY_CTX_free)(_EVP_PKEY_CTX_PTR); ++_EVP_PKEY_CTX_PTR (*_g_EVP_PKEY_CTX_new)(_EVP_PKEY_PTR, _ENGINE_PTR); ++_EVP_PKEY_CTX_PTR (*_g_EVP_PKEY_CTX_new_from_pkey)(_OSSL_LIB_CTX_PTR, _EVP_PKEY_PTR, const char*); ++_EVP_PKEY_CTX_PTR (*_g_EVP_PKEY_CTX_new_id)(int, _ENGINE_PTR); ++int (*_g_EVP_PKEY_CTX_set0_rsa_oaep_label)(_EVP_PKEY_CTX_PTR, unsigned char*, int); ++int (*_g_EVP_PKEY_CTX_set1_hkdf_key)(_EVP_PKEY_CTX_PTR, const unsigned char*, int); ++int (*_g_EVP_PKEY_CTX_set1_hkdf_salt)(_EVP_PKEY_CTX_PTR, const unsigned char*, int); ++int (*_g_EVP_PKEY_CTX_set_hkdf_md)(_EVP_PKEY_CTX_PTR, const _EVP_MD_PTR); ++int (*_g_EVP_PKEY_CTX_set_hkdf_mode)(_EVP_PKEY_CTX_PTR, int); ++int (*_g_EVP_PKEY_CTX_set_params)(_EVP_PKEY_CTX_PTR, const _OSSL_PARAM_PTR); ++_EVP_PKEY_PTR (*_g_EVP_PKEY_Q_keygen)(_OSSL_LIB_CTX_PTR, const char*, const char*, ...); ++int (*_g_EVP_PKEY_assign)(_EVP_PKEY_PTR, int, void*); ++int (*_g_EVP_PKEY_decapsulate)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); ++int (*_g_EVP_PKEY_decapsulate_init)(_EVP_PKEY_CTX_PTR, const _OSSL_PARAM_PTR); ++int (*_g_EVP_PKEY_decrypt)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); ++int (*_g_EVP_PKEY_decrypt_init)(_EVP_PKEY_CTX_PTR); ++int (*_g_EVP_PKEY_derive)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*); ++int (*_g_EVP_PKEY_derive_init)(_EVP_PKEY_CTX_PTR); ++int (*_g_EVP_PKEY_derive_set_peer)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR); ++int (*_g_EVP_PKEY_encapsulate)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, unsigned char*, size_t*); ++int (*_g_EVP_PKEY_encapsulate_init)(_EVP_PKEY_CTX_PTR, const _OSSL_PARAM_PTR); ++int (*_g_EVP_PKEY_encrypt)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); ++int (*_g_EVP_PKEY_encrypt_init)(_EVP_PKEY_CTX_PTR); ++void (*_g_EVP_PKEY_free)(_EVP_PKEY_PTR); ++int (*_g_EVP_PKEY_fromdata)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, int, _OSSL_PARAM_PTR); ++int (*_g_EVP_PKEY_fromdata_init)(_EVP_PKEY_CTX_PTR); ++_DSA_PTR (*_g_EVP_PKEY_get0_DSA)(_EVP_PKEY_PTR); ++_EC_KEY_PTR (*_g_EVP_PKEY_get0_EC_KEY)(_EVP_PKEY_PTR); ++_RSA_PTR (*_g_EVP_PKEY_get1_RSA)(_EVP_PKEY_PTR); ++size_t (*_g_EVP_PKEY_get1_encoded_public_key)(_EVP_PKEY_PTR, unsigned char**); ++int (*_g_EVP_PKEY_get_bits)(const _EVP_PKEY_PTR); ++int (*_g_EVP_PKEY_get_bn_param)(const _EVP_PKEY_PTR, const char*, _BIGNUM_PTR*); ++int (*_g_EVP_PKEY_get_octet_string_param)(const _EVP_PKEY_PTR, const char*, unsigned char*, size_t, size_t*); ++int (*_g_EVP_PKEY_get_raw_private_key)(const _EVP_PKEY_PTR, unsigned char*, size_t*); ++int (*_g_EVP_PKEY_get_raw_public_key)(const _EVP_PKEY_PTR, unsigned char*, size_t*); ++int (*_g_EVP_PKEY_get_size)(const _EVP_PKEY_PTR); ++int (*_g_EVP_PKEY_keygen)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*); ++int (*_g_EVP_PKEY_keygen_init)(_EVP_PKEY_CTX_PTR); ++_EVP_PKEY_PTR (*_g_EVP_PKEY_new)(void); ++_EVP_PKEY_PTR (*_g_EVP_PKEY_new_raw_private_key)(int, _ENGINE_PTR, const unsigned char*, size_t); ++_EVP_PKEY_PTR (*_g_EVP_PKEY_new_raw_public_key)(int, _ENGINE_PTR, const unsigned char*, size_t); ++int (*_g_EVP_PKEY_paramgen)(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*); ++int (*_g_EVP_PKEY_paramgen_init)(_EVP_PKEY_CTX_PTR); ++int (*_g_EVP_PKEY_private_check)(_EVP_PKEY_CTX_PTR); ++int (*_g_EVP_PKEY_public_check_quick)(_EVP_PKEY_CTX_PTR); ++int (*_g_EVP_PKEY_set1_EC_KEY)(_EVP_PKEY_PTR, _EC_KEY_PTR); ++int (*_g_EVP_PKEY_set1_encoded_public_key)(_EVP_PKEY_PTR, const unsigned char*, size_t); ++int (*_g_EVP_PKEY_sign)(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t); ++int (*_g_EVP_PKEY_sign_init)(_EVP_PKEY_CTX_PTR); ++int (*_g_EVP_PKEY_up_ref)(_EVP_PKEY_PTR); ++int (*_g_EVP_PKEY_verify)(_EVP_PKEY_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t); ++int (*_g_EVP_PKEY_verify_init)(_EVP_PKEY_CTX_PTR); ++_EVP_SIGNATURE_PTR (*_g_EVP_SIGNATURE_fetch)(_OSSL_LIB_CTX_PTR, const char*, const char*); ++void (*_g_EVP_SIGNATURE_free)(_EVP_SIGNATURE_PTR); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_128_cbc)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_128_ctr)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_128_ecb)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_128_gcm)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_192_cbc)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_192_ctr)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_192_ecb)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_192_gcm)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_256_cbc)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_256_ctr)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_256_ecb)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_aes_256_gcm)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_chacha20_poly1305)(void); ++int (*_g_EVP_default_properties_enable_fips)(_OSSL_LIB_CTX_PTR, int); ++int (*_g_EVP_default_properties_is_fips_enabled)(_OSSL_LIB_CTX_PTR); ++const _EVP_CIPHER_PTR (*_g_EVP_des_cbc)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_des_ecb)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_des_ede3_cbc)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_des_ede3_ecb)(void); ++const _EVP_MD_PTR (*_g_EVP_md4)(void); ++const _EVP_MD_PTR (*_g_EVP_md5)(void); ++const _EVP_MD_PTR (*_g_EVP_md5_sha1)(void); ++const _EVP_CIPHER_PTR (*_g_EVP_rc4)(void); ++const _EVP_MD_PTR (*_g_EVP_ripemd160)(void); ++const _EVP_MD_PTR (*_g_EVP_sha1)(void); ++const _EVP_MD_PTR (*_g_EVP_sha224)(void); ++const _EVP_MD_PTR (*_g_EVP_sha256)(void); ++const _EVP_MD_PTR (*_g_EVP_sha384)(void); ++const _EVP_MD_PTR (*_g_EVP_sha3_224)(void); ++const _EVP_MD_PTR (*_g_EVP_sha3_256)(void); ++const _EVP_MD_PTR (*_g_EVP_sha3_384)(void); ++const _EVP_MD_PTR (*_g_EVP_sha3_512)(void); ++const _EVP_MD_PTR (*_g_EVP_sha512)(void); ++const _EVP_MD_PTR (*_g_EVP_sha512_224)(void); ++const _EVP_MD_PTR (*_g_EVP_sha512_256)(void); ++int (*_g_FIPS_mode)(void); ++int (*_g_FIPS_mode_set)(int); ++int (*_g_HMAC_CTX_copy)(_HMAC_CTX_PTR, _HMAC_CTX_PTR); ++void (*_g_HMAC_CTX_free)(_HMAC_CTX_PTR); ++_HMAC_CTX_PTR (*_g_HMAC_CTX_new)(void); ++int (*_g_HMAC_Final)(_HMAC_CTX_PTR, unsigned char*, unsigned int*); ++int (*_g_HMAC_Init_ex)(_HMAC_CTX_PTR, const unsigned char*, int, const _EVP_MD_PTR, _ENGINE_PTR); ++int (*_g_HMAC_Update)(_HMAC_CTX_PTR, const unsigned char*, size_t); ++const char* (*_g_OBJ_nid2sn)(int); ++void (*_g_OPENSSL_init)(void); ++int (*_g_OPENSSL_init_crypto)(uint64_t, const _OPENSSL_INIT_SETTINGS_PTR); ++unsigned int (*_g_OPENSSL_version_major)(void); ++unsigned int (*_g_OPENSSL_version_minor)(void); ++unsigned int (*_g_OPENSSL_version_patch)(void); ++void (*_g_OSSL_PARAM_BLD_free)(_OSSL_PARAM_BLD_PTR); ++_OSSL_PARAM_BLD_PTR (*_g_OSSL_PARAM_BLD_new)(void); ++int (*_g_OSSL_PARAM_BLD_push_BN)(_OSSL_PARAM_BLD_PTR, const char*, const _BIGNUM_PTR); ++int (*_g_OSSL_PARAM_BLD_push_int32)(_OSSL_PARAM_BLD_PTR, const char*, int32_t); ++int (*_g_OSSL_PARAM_BLD_push_octet_string)(_OSSL_PARAM_BLD_PTR, const char*, const unsigned char*, size_t); ++int (*_g_OSSL_PARAM_BLD_push_utf8_string)(_OSSL_PARAM_BLD_PTR, const char*, const char*, size_t); ++_OSSL_PARAM_PTR (*_g_OSSL_PARAM_BLD_to_param)(_OSSL_PARAM_BLD_PTR); ++void (*_g_OSSL_PARAM_free)(_OSSL_PARAM_PTR); ++const _OSSL_PARAM_PTR (*_g_OSSL_PARAM_locate_const)(const _OSSL_PARAM_PTR, const char*); ++int (*_g_OSSL_PROVIDER_available)(_OSSL_LIB_CTX_PTR, const char*); ++const char* (*_g_OSSL_PROVIDER_get0_name)(const _OSSL_PROVIDER_PTR); ++_OSSL_PROVIDER_PTR (*_g_OSSL_PROVIDER_try_load)(_OSSL_LIB_CTX_PTR, const char*, int); ++const char* (*_g_OpenSSL_version)(int); ++unsigned long (*_g_OpenSSL_version_num)(void); ++int (*_g_PKCS5_PBKDF2_HMAC)(const char*, int, const unsigned char*, int, int, const _EVP_MD_PTR, int, unsigned char*); ++int (*_g_RAND_bytes)(unsigned char*, int); ++int (*_g_RAND_bytes_ex)(_OSSL_LIB_CTX_PTR, unsigned char*, size_t, unsigned int); ++void (*_g_RSA_free)(_RSA_PTR); ++void (*_g_RSA_get0_crt_params)(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++void (*_g_RSA_get0_factors)(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++void (*_g_RSA_get0_key)(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++_RSA_PTR (*_g_RSA_new)(void); ++int (*_g_RSA_set0_crt_params)(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR); ++int (*_g_RSA_set0_factors)(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR); ++int (*_g_RSA_set0_key)(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR); ++ ++#define __mkcgo__dlsym_nocheck(varname, funcname) _g_##varname = (typeof(_g_##varname))dlsym(handle, #funcname); ++ ++#define __mkcgo__dlsym(name) __mkcgo__dlsym2(name, name) ++ ++#define __mkcgo__dlsym2(varname, funcname) \ ++ __mkcgo__dlsym_nocheck(varname, funcname) \ ++ if (_g_##varname == NULL) { \ ++ fprintf(stderr, "Cannot get required symbol " #funcname "\n"); \ ++ abort(); \ ++ } ++ ++void __mkcgo_load_(void* handle) { ++ __mkcgo__dlsym(BIO_ctrl) ++ __mkcgo__dlsym(BIO_free) ++ __mkcgo__dlsym(BIO_new) ++ __mkcgo__dlsym(BIO_s_mem) ++ __mkcgo__dlsym(BN_bin2bn) ++ __mkcgo__dlsym(BN_bn2binpad) ++ __mkcgo__dlsym(BN_bn2lebinpad) ++ __mkcgo__dlsym(BN_clear) ++ __mkcgo__dlsym(BN_clear_free) ++ __mkcgo__dlsym(BN_free) ++ __mkcgo__dlsym(BN_lebin2bn) ++ __mkcgo__dlsym(BN_new) ++ __mkcgo__dlsym(BN_num_bits) ++ __mkcgo__dlsym(CRYPTO_free) ++ __mkcgo__dlsym(CRYPTO_malloc) ++ __mkcgo__dlsym(EC_GROUP_free) ++ __mkcgo__dlsym(EC_GROUP_new_by_curve_name) ++ __mkcgo__dlsym(EC_POINT_free) ++ __mkcgo__dlsym(EC_POINT_mul) ++ __mkcgo__dlsym(EC_POINT_new) ++ __mkcgo__dlsym(EC_POINT_oct2point) ++ __mkcgo__dlsym(EC_POINT_point2oct) ++ __mkcgo__dlsym(ERR_peek_error) ++ __mkcgo__dlsym(ERR_print_errors) ++ __mkcgo__dlsym(EVP_CIPHER_CTX_ctrl) ++ __mkcgo__dlsym(EVP_CIPHER_CTX_free) ++ __mkcgo__dlsym(EVP_CIPHER_CTX_new) ++ __mkcgo__dlsym(EVP_CIPHER_CTX_set_key_length) ++ __mkcgo__dlsym(EVP_CIPHER_CTX_set_padding) ++ __mkcgo__dlsym(EVP_CipherInit_ex) ++ __mkcgo__dlsym(EVP_CipherUpdate) ++ __mkcgo__dlsym(EVP_DecryptFinal_ex) ++ __mkcgo__dlsym(EVP_DecryptInit_ex) ++ __mkcgo__dlsym(EVP_DecryptUpdate) ++ __mkcgo__dlsym(EVP_Digest) ++ __mkcgo__dlsym(EVP_DigestFinal_ex) ++ __mkcgo__dlsym(EVP_DigestInit) ++ __mkcgo__dlsym(EVP_DigestInit_ex) ++ __mkcgo__dlsym(EVP_DigestSign) ++ __mkcgo__dlsym(EVP_DigestSignFinal) ++ __mkcgo__dlsym(EVP_DigestSignInit) ++ __mkcgo__dlsym(EVP_DigestUpdate) ++ __mkcgo__dlsym(EVP_DigestVerify) ++ __mkcgo__dlsym(EVP_DigestVerifyFinal) ++ __mkcgo__dlsym(EVP_DigestVerifyInit) ++ __mkcgo__dlsym(EVP_EncryptFinal_ex) ++ __mkcgo__dlsym(EVP_EncryptInit_ex) ++ __mkcgo__dlsym(EVP_EncryptUpdate) ++ __mkcgo__dlsym(EVP_MD_CTX_copy_ex) ++ __mkcgo__dlsym(EVP_MD_CTX_ctrl) ++ __mkcgo__dlsym(EVP_MD_CTX_free) ++ __mkcgo__dlsym(EVP_MD_CTX_new) ++ __mkcgo__dlsym(EVP_PKEY_CTX_ctrl) ++ __mkcgo__dlsym(EVP_PKEY_CTX_free) ++ __mkcgo__dlsym(EVP_PKEY_CTX_new) ++ __mkcgo__dlsym(EVP_PKEY_CTX_new_id) ++ __mkcgo__dlsym(EVP_PKEY_decrypt) ++ __mkcgo__dlsym(EVP_PKEY_decrypt_init) ++ __mkcgo__dlsym(EVP_PKEY_derive) ++ __mkcgo__dlsym(EVP_PKEY_derive_init) ++ __mkcgo__dlsym(EVP_PKEY_derive_set_peer) ++ __mkcgo__dlsym(EVP_PKEY_encrypt) ++ __mkcgo__dlsym(EVP_PKEY_encrypt_init) ++ __mkcgo__dlsym(EVP_PKEY_free) ++ __mkcgo__dlsym(EVP_PKEY_get_raw_private_key) ++ __mkcgo__dlsym(EVP_PKEY_get_raw_public_key) ++ __mkcgo__dlsym(EVP_PKEY_keygen) ++ __mkcgo__dlsym(EVP_PKEY_keygen_init) ++ __mkcgo__dlsym(EVP_PKEY_new) ++ __mkcgo__dlsym(EVP_PKEY_new_raw_private_key) ++ __mkcgo__dlsym(EVP_PKEY_new_raw_public_key) ++ __mkcgo__dlsym(EVP_PKEY_paramgen) ++ __mkcgo__dlsym(EVP_PKEY_paramgen_init) ++ __mkcgo__dlsym(EVP_PKEY_sign) ++ __mkcgo__dlsym(EVP_PKEY_sign_init) ++ __mkcgo__dlsym(EVP_PKEY_up_ref) ++ __mkcgo__dlsym(EVP_PKEY_verify) ++ __mkcgo__dlsym(EVP_PKEY_verify_init) ++ __mkcgo__dlsym(EVP_aes_128_cbc) ++ __mkcgo__dlsym(EVP_aes_128_ctr) ++ __mkcgo__dlsym(EVP_aes_128_ecb) ++ __mkcgo__dlsym(EVP_aes_128_gcm) ++ __mkcgo__dlsym(EVP_aes_192_cbc) ++ __mkcgo__dlsym(EVP_aes_192_ctr) ++ __mkcgo__dlsym(EVP_aes_192_ecb) ++ __mkcgo__dlsym(EVP_aes_192_gcm) ++ __mkcgo__dlsym(EVP_aes_256_cbc) ++ __mkcgo__dlsym(EVP_aes_256_ctr) ++ __mkcgo__dlsym(EVP_aes_256_ecb) ++ __mkcgo__dlsym(EVP_aes_256_gcm) ++ __mkcgo__dlsym_nocheck(EVP_chacha20_poly1305, EVP_chacha20_poly1305) ++ __mkcgo__dlsym(EVP_des_cbc) ++ __mkcgo__dlsym(EVP_des_ecb) ++ __mkcgo__dlsym(EVP_des_ede3_cbc) ++ __mkcgo__dlsym(EVP_des_ede3_ecb) ++ __mkcgo__dlsym(EVP_md4) ++ __mkcgo__dlsym(EVP_md5) ++ __mkcgo__dlsym(EVP_md5_sha1) ++ __mkcgo__dlsym(EVP_rc4) ++ __mkcgo__dlsym(EVP_ripemd160) ++ __mkcgo__dlsym(EVP_sha1) ++ __mkcgo__dlsym(EVP_sha224) ++ __mkcgo__dlsym(EVP_sha256) ++ __mkcgo__dlsym(EVP_sha384) ++ __mkcgo__dlsym(EVP_sha3_224) ++ __mkcgo__dlsym(EVP_sha3_256) ++ __mkcgo__dlsym(EVP_sha3_384) ++ __mkcgo__dlsym(EVP_sha3_512) ++ __mkcgo__dlsym(EVP_sha512) ++ __mkcgo__dlsym(EVP_sha512_224) ++ __mkcgo__dlsym(EVP_sha512_256) ++ __mkcgo__dlsym(OBJ_nid2sn) ++ __mkcgo__dlsym(OPENSSL_init) ++ __mkcgo__dlsym(OPENSSL_init_crypto) ++ __mkcgo__dlsym(OpenSSL_version) ++} ++ ++void __mkcgo_unload_() { ++ _g_BIO_ctrl = NULL; ++ _g_BIO_free = NULL; ++ _g_BIO_new = NULL; ++ _g_BIO_s_mem = NULL; ++ _g_BN_bin2bn = NULL; ++ _g_BN_bn2binpad = NULL; ++ _g_BN_bn2lebinpad = NULL; ++ _g_BN_clear = NULL; ++ _g_BN_clear_free = NULL; ++ _g_BN_free = NULL; ++ _g_BN_lebin2bn = NULL; ++ _g_BN_new = NULL; ++ _g_BN_num_bits = NULL; ++ _g_CRYPTO_free = NULL; ++ _g_CRYPTO_malloc = NULL; ++ _g_EC_GROUP_free = NULL; ++ _g_EC_GROUP_new_by_curve_name = NULL; ++ _g_EC_POINT_free = NULL; ++ _g_EC_POINT_mul = NULL; ++ _g_EC_POINT_new = NULL; ++ _g_EC_POINT_oct2point = NULL; ++ _g_EC_POINT_point2oct = NULL; ++ _g_ERR_peek_error = NULL; ++ _g_ERR_print_errors = NULL; ++ _g_EVP_CIPHER_CTX_ctrl = NULL; ++ _g_EVP_CIPHER_CTX_free = NULL; ++ _g_EVP_CIPHER_CTX_new = NULL; ++ _g_EVP_CIPHER_CTX_set_key_length = NULL; ++ _g_EVP_CIPHER_CTX_set_padding = NULL; ++ _g_EVP_CipherInit_ex = NULL; ++ _g_EVP_CipherUpdate = NULL; ++ _g_EVP_DecryptFinal_ex = NULL; ++ _g_EVP_DecryptInit_ex = NULL; ++ _g_EVP_DecryptUpdate = NULL; ++ _g_EVP_Digest = NULL; ++ _g_EVP_DigestFinal_ex = NULL; ++ _g_EVP_DigestInit = NULL; ++ _g_EVP_DigestInit_ex = NULL; ++ _g_EVP_DigestSign = NULL; ++ _g_EVP_DigestSignFinal = NULL; ++ _g_EVP_DigestSignInit = NULL; ++ _g_EVP_DigestUpdate = NULL; ++ _g_EVP_DigestVerify = NULL; ++ _g_EVP_DigestVerifyFinal = NULL; ++ _g_EVP_DigestVerifyInit = NULL; ++ _g_EVP_EncryptFinal_ex = NULL; ++ _g_EVP_EncryptInit_ex = NULL; ++ _g_EVP_EncryptUpdate = NULL; ++ _g_EVP_MD_CTX_copy_ex = NULL; ++ _g_EVP_MD_CTX_ctrl = NULL; ++ _g_EVP_MD_CTX_free = NULL; ++ _g_EVP_MD_CTX_new = NULL; ++ _g_EVP_PKEY_CTX_ctrl = NULL; ++ _g_EVP_PKEY_CTX_free = NULL; ++ _g_EVP_PKEY_CTX_new = NULL; ++ _g_EVP_PKEY_CTX_new_id = NULL; ++ _g_EVP_PKEY_decrypt = NULL; ++ _g_EVP_PKEY_decrypt_init = NULL; ++ _g_EVP_PKEY_derive = NULL; ++ _g_EVP_PKEY_derive_init = NULL; ++ _g_EVP_PKEY_derive_set_peer = NULL; ++ _g_EVP_PKEY_encrypt = NULL; ++ _g_EVP_PKEY_encrypt_init = NULL; ++ _g_EVP_PKEY_free = NULL; ++ _g_EVP_PKEY_get_raw_private_key = NULL; ++ _g_EVP_PKEY_get_raw_public_key = NULL; ++ _g_EVP_PKEY_keygen = NULL; ++ _g_EVP_PKEY_keygen_init = NULL; ++ _g_EVP_PKEY_new = NULL; ++ _g_EVP_PKEY_new_raw_private_key = NULL; ++ _g_EVP_PKEY_new_raw_public_key = NULL; ++ _g_EVP_PKEY_paramgen = NULL; ++ _g_EVP_PKEY_paramgen_init = NULL; ++ _g_EVP_PKEY_sign = NULL; ++ _g_EVP_PKEY_sign_init = NULL; ++ _g_EVP_PKEY_up_ref = NULL; ++ _g_EVP_PKEY_verify = NULL; ++ _g_EVP_PKEY_verify_init = NULL; ++ _g_EVP_aes_128_cbc = NULL; ++ _g_EVP_aes_128_ctr = NULL; ++ _g_EVP_aes_128_ecb = NULL; ++ _g_EVP_aes_128_gcm = NULL; ++ _g_EVP_aes_192_cbc = NULL; ++ _g_EVP_aes_192_ctr = NULL; ++ _g_EVP_aes_192_ecb = NULL; ++ _g_EVP_aes_192_gcm = NULL; ++ _g_EVP_aes_256_cbc = NULL; ++ _g_EVP_aes_256_ctr = NULL; ++ _g_EVP_aes_256_ecb = NULL; ++ _g_EVP_aes_256_gcm = NULL; ++ _g_EVP_chacha20_poly1305 = NULL; ++ _g_EVP_des_cbc = NULL; ++ _g_EVP_des_ecb = NULL; ++ _g_EVP_des_ede3_cbc = NULL; ++ _g_EVP_des_ede3_ecb = NULL; ++ _g_EVP_md4 = NULL; ++ _g_EVP_md5 = NULL; ++ _g_EVP_md5_sha1 = NULL; ++ _g_EVP_rc4 = NULL; ++ _g_EVP_ripemd160 = NULL; ++ _g_EVP_sha1 = NULL; ++ _g_EVP_sha224 = NULL; ++ _g_EVP_sha256 = NULL; ++ _g_EVP_sha384 = NULL; ++ _g_EVP_sha3_224 = NULL; ++ _g_EVP_sha3_256 = NULL; ++ _g_EVP_sha3_384 = NULL; ++ _g_EVP_sha3_512 = NULL; ++ _g_EVP_sha512 = NULL; ++ _g_EVP_sha512_224 = NULL; ++ _g_EVP_sha512_256 = NULL; ++ _g_OBJ_nid2sn = NULL; ++ _g_OPENSSL_init = NULL; ++ _g_OPENSSL_init_crypto = NULL; ++ _g_OpenSSL_version = NULL; ++} ++ ++void __mkcgo_load_3(void* handle) { ++ __mkcgo__dlsym(EC_POINT_set_affine_coordinates) ++ __mkcgo__dlsym(EVP_CIPHER_fetch) ++ __mkcgo__dlsym(EVP_CIPHER_get0_name) ++ __mkcgo__dlsym(EVP_CIPHER_get_block_size) ++ __mkcgo__dlsym(EVP_KDF_CTX_free) ++ __mkcgo__dlsym(EVP_KDF_CTX_get_kdf_size) ++ __mkcgo__dlsym(EVP_KDF_CTX_new) ++ __mkcgo__dlsym(EVP_KDF_CTX_set_params) ++ __mkcgo__dlsym(EVP_KDF_derive) ++ __mkcgo__dlsym(EVP_KDF_fetch) ++ __mkcgo__dlsym(EVP_KDF_free) ++ __mkcgo__dlsym_nocheck(EVP_KEYMGMT_fetch, EVP_KEYMGMT_fetch) ++ __mkcgo__dlsym(EVP_KEYMGMT_free) ++ __mkcgo__dlsym(EVP_MAC_CTX_dup) ++ __mkcgo__dlsym(EVP_MAC_CTX_free) ++ __mkcgo__dlsym(EVP_MAC_CTX_new) ++ __mkcgo__dlsym(EVP_MAC_CTX_set_params) ++ __mkcgo__dlsym(EVP_MAC_fetch) ++ __mkcgo__dlsym(EVP_MAC_final) ++ __mkcgo__dlsym(EVP_MAC_init) ++ __mkcgo__dlsym(EVP_MAC_update) ++ __mkcgo__dlsym(EVP_MD_CTX_get_params) ++ __mkcgo__dlsym(EVP_MD_CTX_gettable_params) ++ __mkcgo__dlsym(EVP_MD_CTX_set_params) ++ __mkcgo__dlsym(EVP_MD_CTX_settable_params) ++ __mkcgo__dlsym(EVP_MD_fetch) ++ __mkcgo__dlsym(EVP_MD_free) ++ __mkcgo__dlsym(EVP_MD_get0_name) ++ __mkcgo__dlsym(EVP_MD_get0_provider) ++ __mkcgo__dlsym(EVP_MD_get_block_size) ++ __mkcgo__dlsym(EVP_MD_get_size) ++ __mkcgo__dlsym(EVP_MD_get_type) ++ __mkcgo__dlsym(EVP_PKEY_CTX_add1_hkdf_info) ++ __mkcgo__dlsym(EVP_PKEY_CTX_new_from_pkey) ++ __mkcgo__dlsym(EVP_PKEY_CTX_set0_rsa_oaep_label) ++ __mkcgo__dlsym(EVP_PKEY_CTX_set1_hkdf_key) ++ __mkcgo__dlsym(EVP_PKEY_CTX_set1_hkdf_salt) ++ __mkcgo__dlsym(EVP_PKEY_CTX_set_hkdf_md) ++ __mkcgo__dlsym(EVP_PKEY_CTX_set_hkdf_mode) ++ __mkcgo__dlsym(EVP_PKEY_CTX_set_params) ++ __mkcgo__dlsym(EVP_PKEY_Q_keygen) ++ __mkcgo__dlsym(EVP_PKEY_decapsulate) ++ __mkcgo__dlsym(EVP_PKEY_decapsulate_init) ++ __mkcgo__dlsym(EVP_PKEY_encapsulate) ++ __mkcgo__dlsym(EVP_PKEY_encapsulate_init) ++ __mkcgo__dlsym(EVP_PKEY_fromdata) ++ __mkcgo__dlsym(EVP_PKEY_fromdata_init) ++ __mkcgo__dlsym(EVP_PKEY_get1_encoded_public_key) ++ __mkcgo__dlsym(EVP_PKEY_get_bits) ++ __mkcgo__dlsym(EVP_PKEY_get_bn_param) ++ __mkcgo__dlsym(EVP_PKEY_get_octet_string_param) ++ __mkcgo__dlsym(EVP_PKEY_get_size) ++ __mkcgo__dlsym(EVP_PKEY_private_check) ++ __mkcgo__dlsym(EVP_PKEY_public_check_quick) ++ __mkcgo__dlsym(EVP_PKEY_set1_encoded_public_key) ++ __mkcgo__dlsym(EVP_SIGNATURE_fetch) ++ __mkcgo__dlsym(EVP_SIGNATURE_free) ++ __mkcgo__dlsym(EVP_default_properties_enable_fips) ++ __mkcgo__dlsym(EVP_default_properties_is_fips_enabled) ++ __mkcgo__dlsym(OSSL_PARAM_BLD_free) ++ __mkcgo__dlsym(OSSL_PARAM_BLD_new) ++ __mkcgo__dlsym(OSSL_PARAM_BLD_push_BN) ++ __mkcgo__dlsym(OSSL_PARAM_BLD_push_int32) ++ __mkcgo__dlsym(OSSL_PARAM_BLD_push_octet_string) ++ __mkcgo__dlsym(OSSL_PARAM_BLD_push_utf8_string) ++ __mkcgo__dlsym(OSSL_PARAM_BLD_to_param) ++ __mkcgo__dlsym(OSSL_PARAM_free) ++ __mkcgo__dlsym(OSSL_PARAM_locate_const) ++ __mkcgo__dlsym(OSSL_PROVIDER_available) ++ __mkcgo__dlsym(OSSL_PROVIDER_get0_name) ++ __mkcgo__dlsym(OSSL_PROVIDER_try_load) ++ __mkcgo__dlsym(RAND_bytes_ex) ++} ++ ++void __mkcgo_unload_3() { ++ _g_EC_POINT_set_affine_coordinates = NULL; ++ _g_EVP_CIPHER_fetch = NULL; ++ _g_EVP_CIPHER_get0_name = NULL; ++ _g_EVP_CIPHER_get_block_size = NULL; ++ _g_EVP_KDF_CTX_free = NULL; ++ _g_EVP_KDF_CTX_get_kdf_size = NULL; ++ _g_EVP_KDF_CTX_new = NULL; ++ _g_EVP_KDF_CTX_set_params = NULL; ++ _g_EVP_KDF_derive = NULL; ++ _g_EVP_KDF_fetch = NULL; ++ _g_EVP_KDF_free = NULL; ++ _g_EVP_KEYMGMT_fetch = NULL; ++ _g_EVP_KEYMGMT_free = NULL; ++ _g_EVP_MAC_CTX_dup = NULL; ++ _g_EVP_MAC_CTX_free = NULL; ++ _g_EVP_MAC_CTX_new = NULL; ++ _g_EVP_MAC_CTX_set_params = NULL; ++ _g_EVP_MAC_fetch = NULL; ++ _g_EVP_MAC_final = NULL; ++ _g_EVP_MAC_init = NULL; ++ _g_EVP_MAC_update = NULL; ++ _g_EVP_MD_CTX_get_params = NULL; ++ _g_EVP_MD_CTX_gettable_params = NULL; ++ _g_EVP_MD_CTX_set_params = NULL; ++ _g_EVP_MD_CTX_settable_params = NULL; ++ _g_EVP_MD_fetch = NULL; ++ _g_EVP_MD_free = NULL; ++ _g_EVP_MD_get0_name = NULL; ++ _g_EVP_MD_get0_provider = NULL; ++ _g_EVP_MD_get_block_size = NULL; ++ _g_EVP_MD_get_size = NULL; ++ _g_EVP_MD_get_type = NULL; ++ _g_EVP_PKEY_CTX_add1_hkdf_info = NULL; ++ _g_EVP_PKEY_CTX_new_from_pkey = NULL; ++ _g_EVP_PKEY_CTX_set0_rsa_oaep_label = NULL; ++ _g_EVP_PKEY_CTX_set1_hkdf_key = NULL; ++ _g_EVP_PKEY_CTX_set1_hkdf_salt = NULL; ++ _g_EVP_PKEY_CTX_set_hkdf_md = NULL; ++ _g_EVP_PKEY_CTX_set_hkdf_mode = NULL; ++ _g_EVP_PKEY_CTX_set_params = NULL; ++ _g_EVP_PKEY_Q_keygen = NULL; ++ _g_EVP_PKEY_decapsulate = NULL; ++ _g_EVP_PKEY_decapsulate_init = NULL; ++ _g_EVP_PKEY_encapsulate = NULL; ++ _g_EVP_PKEY_encapsulate_init = NULL; ++ _g_EVP_PKEY_fromdata = NULL; ++ _g_EVP_PKEY_fromdata_init = NULL; ++ _g_EVP_PKEY_get1_encoded_public_key = NULL; ++ _g_EVP_PKEY_get_bits = NULL; ++ _g_EVP_PKEY_get_bn_param = NULL; ++ _g_EVP_PKEY_get_octet_string_param = NULL; ++ _g_EVP_PKEY_get_size = NULL; ++ _g_EVP_PKEY_private_check = NULL; ++ _g_EVP_PKEY_public_check_quick = NULL; ++ _g_EVP_PKEY_set1_encoded_public_key = NULL; ++ _g_EVP_SIGNATURE_fetch = NULL; ++ _g_EVP_SIGNATURE_free = NULL; ++ _g_EVP_default_properties_enable_fips = NULL; ++ _g_EVP_default_properties_is_fips_enabled = NULL; ++ _g_OSSL_PARAM_BLD_free = NULL; ++ _g_OSSL_PARAM_BLD_new = NULL; ++ _g_OSSL_PARAM_BLD_push_BN = NULL; ++ _g_OSSL_PARAM_BLD_push_int32 = NULL; ++ _g_OSSL_PARAM_BLD_push_octet_string = NULL; ++ _g_OSSL_PARAM_BLD_push_utf8_string = NULL; ++ _g_OSSL_PARAM_BLD_to_param = NULL; ++ _g_OSSL_PARAM_free = NULL; ++ _g_OSSL_PARAM_locate_const = NULL; ++ _g_OSSL_PROVIDER_available = NULL; ++ _g_OSSL_PROVIDER_get0_name = NULL; ++ _g_OSSL_PROVIDER_try_load = NULL; ++ _g_RAND_bytes_ex = NULL; ++} ++ ++void __mkcgo_load_33(void* handle) { ++ __mkcgo__dlsym(EVP_DigestFinalXOF) ++ __mkcgo__dlsym_nocheck(EVP_DigestSqueeze, EVP_DigestSqueeze) ++} ++ ++void __mkcgo_unload_33() { ++ _g_EVP_DigestFinalXOF = NULL; ++ _g_EVP_DigestSqueeze = NULL; ++} ++ ++void __mkcgo_load_init_1(void* handle) { ++ __mkcgo__dlsym(FIPS_mode) ++ __mkcgo__dlsym(FIPS_mode_set) ++} ++ ++void __mkcgo_unload_init_1() { ++ _g_FIPS_mode = NULL; ++ _g_FIPS_mode_set = NULL; ++} ++ ++void __mkcgo_load_init_3(void* handle) { ++ __mkcgo__dlsym(BIO_ctrl) ++ __mkcgo__dlsym(BIO_free) ++ __mkcgo__dlsym(BIO_new) ++ __mkcgo__dlsym(BIO_s_mem) ++ __mkcgo__dlsym(ERR_print_errors) ++ __mkcgo__dlsym(EVP_MD_fetch) ++ __mkcgo__dlsym(EVP_MD_free) ++ __mkcgo__dlsym(EVP_MD_get0_provider) ++ __mkcgo__dlsym(EVP_default_properties_is_fips_enabled) ++} ++ ++void __mkcgo_unload_init_3() { ++ _g_BIO_ctrl = NULL; ++ _g_BIO_free = NULL; ++ _g_BIO_new = NULL; ++ _g_BIO_s_mem = NULL; ++ _g_ERR_print_errors = NULL; ++ _g_EVP_MD_fetch = NULL; ++ _g_EVP_MD_free = NULL; ++ _g_EVP_MD_get0_provider = NULL; ++ _g_EVP_default_properties_is_fips_enabled = NULL; ++} ++ ++void __mkcgo_load_legacy_1(void* handle) { ++ __mkcgo__dlsym(DSA_free) ++ __mkcgo__dlsym(DSA_generate_key) ++ __mkcgo__dlsym(DSA_get0_key) ++ __mkcgo__dlsym(DSA_get0_pqg) ++ __mkcgo__dlsym(DSA_new) ++ __mkcgo__dlsym(DSA_set0_key) ++ __mkcgo__dlsym(DSA_set0_pqg) ++ __mkcgo__dlsym(EC_KEY_check_key) ++ __mkcgo__dlsym(EC_KEY_free) ++ __mkcgo__dlsym(EC_KEY_get0_group) ++ __mkcgo__dlsym(EC_KEY_get0_private_key) ++ __mkcgo__dlsym(EC_KEY_get0_public_key) ++ __mkcgo__dlsym(EC_KEY_new_by_curve_name) ++ __mkcgo__dlsym(EC_KEY_set_private_key) ++ __mkcgo__dlsym(EC_KEY_set_public_key) ++ __mkcgo__dlsym(EC_KEY_set_public_key_affine_coordinates) ++ __mkcgo__dlsym(EC_POINT_get_affine_coordinates_GFp) ++ __mkcgo__dlsym2(EVP_CIPHER_get_block_size, EVP_CIPHER_block_size) ++ __mkcgo__dlsym2(EVP_MD_get_block_size, EVP_MD_block_size) ++ __mkcgo__dlsym2(EVP_MD_get_size, EVP_MD_size) ++ __mkcgo__dlsym(EVP_PKEY_assign) ++ __mkcgo__dlsym(EVP_PKEY_get0_DSA) ++ __mkcgo__dlsym(EVP_PKEY_get0_EC_KEY) ++ __mkcgo__dlsym(EVP_PKEY_get1_RSA) ++ __mkcgo__dlsym2(EVP_PKEY_get_bits, EVP_PKEY_bits) ++ __mkcgo__dlsym2(EVP_PKEY_get_size, EVP_PKEY_size) ++ __mkcgo__dlsym(EVP_PKEY_set1_EC_KEY) ++ __mkcgo__dlsym(FIPS_mode) ++ __mkcgo__dlsym(FIPS_mode_set) ++ __mkcgo__dlsym(HMAC_CTX_copy) ++ __mkcgo__dlsym(HMAC_CTX_free) ++ __mkcgo__dlsym(HMAC_CTX_new) ++ __mkcgo__dlsym(HMAC_Final) ++ __mkcgo__dlsym(HMAC_Init_ex) ++ __mkcgo__dlsym(HMAC_Update) ++ __mkcgo__dlsym(PKCS5_PBKDF2_HMAC) ++ __mkcgo__dlsym(RAND_bytes) ++ __mkcgo__dlsym(RSA_free) ++ __mkcgo__dlsym(RSA_get0_crt_params) ++ __mkcgo__dlsym(RSA_get0_factors) ++ __mkcgo__dlsym(RSA_get0_key) ++ __mkcgo__dlsym(RSA_new) ++ __mkcgo__dlsym(RSA_set0_crt_params) ++ __mkcgo__dlsym(RSA_set0_factors) ++ __mkcgo__dlsym(RSA_set0_key) ++} ++ ++void __mkcgo_unload_legacy_1() { ++ _g_DSA_free = NULL; ++ _g_DSA_generate_key = NULL; ++ _g_DSA_get0_key = NULL; ++ _g_DSA_get0_pqg = NULL; ++ _g_DSA_new = NULL; ++ _g_DSA_set0_key = NULL; ++ _g_DSA_set0_pqg = NULL; ++ _g_EC_KEY_check_key = NULL; ++ _g_EC_KEY_free = NULL; ++ _g_EC_KEY_get0_group = NULL; ++ _g_EC_KEY_get0_private_key = NULL; ++ _g_EC_KEY_get0_public_key = NULL; ++ _g_EC_KEY_new_by_curve_name = NULL; ++ _g_EC_KEY_set_private_key = NULL; ++ _g_EC_KEY_set_public_key = NULL; ++ _g_EC_KEY_set_public_key_affine_coordinates = NULL; ++ _g_EC_POINT_get_affine_coordinates_GFp = NULL; ++ _g_EVP_CIPHER_get_block_size = NULL; ++ _g_EVP_MD_get_block_size = NULL; ++ _g_EVP_MD_get_size = NULL; ++ _g_EVP_PKEY_assign = NULL; ++ _g_EVP_PKEY_get0_DSA = NULL; ++ _g_EVP_PKEY_get0_EC_KEY = NULL; ++ _g_EVP_PKEY_get1_RSA = NULL; ++ _g_EVP_PKEY_get_bits = NULL; ++ _g_EVP_PKEY_get_size = NULL; ++ _g_EVP_PKEY_set1_EC_KEY = NULL; ++ _g_FIPS_mode = NULL; ++ _g_FIPS_mode_set = NULL; ++ _g_HMAC_CTX_copy = NULL; ++ _g_HMAC_CTX_free = NULL; ++ _g_HMAC_CTX_new = NULL; ++ _g_HMAC_Final = NULL; ++ _g_HMAC_Init_ex = NULL; ++ _g_HMAC_Update = NULL; ++ _g_PKCS5_PBKDF2_HMAC = NULL; ++ _g_RAND_bytes = NULL; ++ _g_RSA_free = NULL; ++ _g_RSA_get0_crt_params = NULL; ++ _g_RSA_get0_factors = NULL; ++ _g_RSA_get0_key = NULL; ++ _g_RSA_new = NULL; ++ _g_RSA_set0_crt_params = NULL; ++ _g_RSA_set0_factors = NULL; ++ _g_RSA_set0_key = NULL; ++} ++ ++void __mkcgo_load_version(void* handle) { ++ __mkcgo__dlsym_nocheck(OPENSSL_version_major, OPENSSL_version_major) ++ __mkcgo__dlsym_nocheck(OPENSSL_version_minor, OPENSSL_version_minor) ++ __mkcgo__dlsym_nocheck(OPENSSL_version_patch, OPENSSL_version_patch) ++ __mkcgo__dlsym_nocheck(OpenSSL_version_num, OpenSSL_version_num) ++} ++ ++void __mkcgo_unload_version() { ++ _g_OPENSSL_version_major = NULL; ++ _g_OPENSSL_version_minor = NULL; ++ _g_OPENSSL_version_patch = NULL; ++ _g_OpenSSL_version_num = NULL; ++} ++ ++long _mkcgo_BIO_ctrl(_BIO_PTR _arg0, int _arg1, long _arg2, void* _arg3) { ++ return _g_BIO_ctrl(_arg0, _arg1, _arg2, _arg3); ++} ++ ++int _mkcgo_BIO_free(_BIO_PTR _arg0) { ++ return _g_BIO_free(_arg0); ++} ++ ++_BIO_PTR _mkcgo_BIO_new(const _BIO_METHOD_PTR _arg0, uintptr_t *_err_state) { ++ _BIO_PTR _ret = _g_BIO_new(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++const _BIO_METHOD_PTR _mkcgo_BIO_s_mem(void) { ++ return _g_BIO_s_mem(); ++} ++ ++_BIGNUM_PTR _mkcgo_BN_bin2bn(const unsigned char* _arg0, int _arg1, _BIGNUM_PTR _arg2, uintptr_t *_err_state) { ++ _BIGNUM_PTR _ret = _g_BN_bin2bn(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_BN_bn2binpad(const _BIGNUM_PTR _arg0, unsigned char* _arg1, int _arg2, uintptr_t *_err_state) { ++ int _ret = _g_BN_bn2binpad(_arg0, _arg1, _arg2); ++ if (_ret == -1) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_BN_bn2lebinpad(const _BIGNUM_PTR _arg0, unsigned char* _arg1, int _arg2, uintptr_t *_err_state) { ++ int _ret = _g_BN_bn2lebinpad(_arg0, _arg1, _arg2); ++ if (_ret == -1) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_BN_clear(_BIGNUM_PTR _arg0) { ++ _g_BN_clear(_arg0); ++} ++ ++void _mkcgo_BN_clear_free(_BIGNUM_PTR _arg0) { ++ _g_BN_clear_free(_arg0); ++} ++ ++void _mkcgo_BN_free(_BIGNUM_PTR _arg0) { ++ _g_BN_free(_arg0); ++} ++ ++_BIGNUM_PTR _mkcgo_BN_lebin2bn(const unsigned char* _arg0, int _arg1, _BIGNUM_PTR _arg2, uintptr_t *_err_state) { ++ _BIGNUM_PTR _ret = _g_BN_lebin2bn(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_BIGNUM_PTR _mkcgo_BN_new(uintptr_t *_err_state) { ++ _BIGNUM_PTR _ret = _g_BN_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_BN_num_bits(const _BIGNUM_PTR _arg0) { ++ return _g_BN_num_bits(_arg0); ++} ++ ++void _mkcgo_CRYPTO_free(void* _arg0, const char* _arg1, int _arg2) { ++ _g_CRYPTO_free(_arg0, _arg1, _arg2); ++} ++ ++void* _mkcgo_CRYPTO_malloc(size_t _arg0, const char* _arg1, int _arg2, uintptr_t *_err_state) { ++ void* _ret = _g_CRYPTO_malloc(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_DSA_free(_DSA_PTR _arg0) { ++ _g_DSA_free(_arg0); ++} ++ ++int _mkcgo_DSA_generate_key(_DSA_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_DSA_generate_key(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_DSA_get0_key(const _DSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2) { ++ _g_DSA_get0_key(_arg0, _arg1, _arg2); ++} ++ ++void _mkcgo_DSA_get0_pqg(const _DSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { ++ _g_DSA_get0_pqg(_arg0, _arg1, _arg2, _arg3); ++} ++ ++_DSA_PTR _mkcgo_DSA_new(uintptr_t *_err_state) { ++ _DSA_PTR _ret = _g_DSA_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_DSA_set0_key(_DSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, uintptr_t *_err_state) { ++ int _ret = _g_DSA_set0_key(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_DSA_set0_pqg(_DSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, uintptr_t *_err_state) { ++ int _ret = _g_DSA_set0_pqg(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EC_GROUP_free(_EC_GROUP_PTR _arg0) { ++ _g_EC_GROUP_free(_arg0); ++} ++ ++_EC_GROUP_PTR _mkcgo_EC_GROUP_new_by_curve_name(int _arg0, uintptr_t *_err_state) { ++ _EC_GROUP_PTR _ret = _g_EC_GROUP_new_by_curve_name(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EC_KEY_check_key(const _EC_KEY_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_EC_KEY_check_key(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EC_KEY_free(_EC_KEY_PTR _arg0) { ++ _g_EC_KEY_free(_arg0); ++} ++ ++const _EC_GROUP_PTR _mkcgo_EC_KEY_get0_group(const _EC_KEY_PTR _arg0) { ++ return _g_EC_KEY_get0_group(_arg0); ++} ++ ++const _BIGNUM_PTR _mkcgo_EC_KEY_get0_private_key(const _EC_KEY_PTR _arg0) { ++ return _g_EC_KEY_get0_private_key(_arg0); ++} ++ ++const _EC_POINT_PTR _mkcgo_EC_KEY_get0_public_key(const _EC_KEY_PTR _arg0) { ++ return _g_EC_KEY_get0_public_key(_arg0); ++} ++ ++_EC_KEY_PTR _mkcgo_EC_KEY_new_by_curve_name(int _arg0, uintptr_t *_err_state) { ++ _EC_KEY_PTR _ret = _g_EC_KEY_new_by_curve_name(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EC_KEY_set_private_key(_EC_KEY_PTR _arg0, const _BIGNUM_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EC_KEY_set_private_key(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EC_KEY_set_public_key(_EC_KEY_PTR _arg0, const _EC_POINT_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EC_KEY_set_public_key(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EC_KEY_set_public_key_affine_coordinates(_EC_KEY_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EC_KEY_set_public_key_affine_coordinates(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EC_POINT_free(_EC_POINT_PTR _arg0) { ++ _g_EC_POINT_free(_arg0); ++} ++ ++int _mkcgo_EC_POINT_get_affine_coordinates_GFp(const _EC_GROUP_PTR _arg0, const _EC_POINT_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, _BN_CTX_PTR _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EC_POINT_get_affine_coordinates_GFp(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EC_POINT_mul(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const _BIGNUM_PTR _arg2, const _EC_POINT_PTR _arg3, const _BIGNUM_PTR _arg4, _BN_CTX_PTR _arg5, uintptr_t *_err_state) { ++ int _ret = _g_EC_POINT_mul(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EC_POINT_PTR _mkcgo_EC_POINT_new(const _EC_GROUP_PTR _arg0, uintptr_t *_err_state) { ++ _EC_POINT_PTR _ret = _g_EC_POINT_new(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EC_POINT_oct2point(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const unsigned char* _arg2, size_t _arg3, _BN_CTX_PTR _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EC_POINT_oct2point(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++size_t _mkcgo_EC_POINT_point2oct(const _EC_GROUP_PTR _arg0, const _EC_POINT_PTR _arg1, point_conversion_form_t _arg2, unsigned char* _arg3, size_t _arg4, _BN_CTX_PTR _arg5, uintptr_t *_err_state) { ++ size_t _ret = _g_EC_POINT_point2oct(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EC_POINT_set_affine_coordinates(const _EC_GROUP_PTR _arg0, _EC_POINT_PTR _arg1, const _BIGNUM_PTR _arg2, const _BIGNUM_PTR _arg3, _BN_CTX_PTR _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EC_POINT_set_affine_coordinates(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++unsigned long _mkcgo_ERR_peek_error(void) { ++ return _g_ERR_peek_error(); ++} ++ ++void _mkcgo_ERR_print_errors(_BIO_PTR _arg0) { ++ _g_ERR_print_errors(_arg0); ++} ++ ++int _mkcgo_EVP_CIPHER_CTX_ctrl(_EVP_CIPHER_CTX_PTR _arg0, int _arg1, int _arg2, void* _arg3, uintptr_t *_err_state) { ++ int _ret = _g_EVP_CIPHER_CTX_ctrl(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_CIPHER_CTX_free(_EVP_CIPHER_CTX_PTR _arg0) { ++ _g_EVP_CIPHER_CTX_free(_arg0); ++} ++ ++_EVP_CIPHER_CTX_PTR _mkcgo_EVP_CIPHER_CTX_new(uintptr_t *_err_state) { ++ _EVP_CIPHER_CTX_PTR _ret = _g_EVP_CIPHER_CTX_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_CIPHER_CTX_set_key_length(_EVP_CIPHER_CTX_PTR _arg0, int _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_CIPHER_CTX_set_key_length(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_CIPHER_CTX_set_padding(_EVP_CIPHER_CTX_PTR _arg0, int _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_CIPHER_CTX_set_padding(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_CIPHER_PTR _mkcgo_EVP_CIPHER_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { ++ _EVP_CIPHER_PTR _ret = _g_EVP_CIPHER_fetch(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++const char* _mkcgo_EVP_CIPHER_get0_name(const _EVP_CIPHER_PTR _arg0) { ++ return _g_EVP_CIPHER_get0_name(_arg0); ++} ++ ++int _mkcgo_EVP_CIPHER_get_block_size(const _EVP_CIPHER_PTR _arg0) { ++ return _g_EVP_CIPHER_get_block_size(_arg0); ++} ++ ++int _mkcgo_EVP_CipherInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4, int _arg5, uintptr_t *_err_state) { ++ int _ret = _g_EVP_CipherInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_CipherUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_CipherUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DecryptFinal_ex(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DecryptFinal_ex(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DecryptInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DecryptInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DecryptUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DecryptUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_Digest(const unsigned char* _arg0, size_t _arg1, unsigned char* _arg2, unsigned int* _arg3, const _EVP_MD_PTR _arg4, _ENGINE_PTR _arg5, uintptr_t *_err_state) { ++ int _ret = _g_EVP_Digest(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestFinalXOF(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DigestFinalXOF(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestFinal_ex(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, unsigned int* _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DigestFinal_ex(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestInit(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DigestInit(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestInit_ex(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_PTR _arg1, _ENGINE_PTR _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DigestInit_ex(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestSign(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DigestSign(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestSignFinal(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DigestSignFinal(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestSignInit(_EVP_MD_CTX_PTR _arg0, _EVP_PKEY_CTX_PTR* _arg1, const _EVP_MD_PTR _arg2, _ENGINE_PTR _arg3, _EVP_PKEY_PTR _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DigestSignInit(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_available_EVP_DigestSqueeze() { ++ return _g_EVP_DigestSqueeze != NULL; ++} ++ ++int _mkcgo_EVP_DigestSqueeze(_EVP_MD_CTX_PTR _arg0, unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DigestSqueeze(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestUpdate(_EVP_MD_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DigestUpdate(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestVerify(_EVP_MD_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const unsigned char* _arg3, size_t _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DigestVerify(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DigestVerifyFinal(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_DigestVerifyInit(_EVP_MD_CTX_PTR _arg0, _EVP_PKEY_CTX_PTR* _arg1, const _EVP_MD_PTR _arg2, _ENGINE_PTR _arg3, _EVP_PKEY_PTR _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_DigestVerifyInit(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_EncryptFinal_ex(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_EncryptFinal_ex(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_EncryptInit_ex(_EVP_CIPHER_CTX_PTR _arg0, const _EVP_CIPHER_PTR _arg1, _ENGINE_PTR _arg2, const unsigned char* _arg3, const unsigned char* _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_EncryptInit_ex(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_EncryptUpdate(_EVP_CIPHER_CTX_PTR _arg0, unsigned char* _arg1, int* _arg2, const unsigned char* _arg3, int _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_EncryptUpdate(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_KDF_CTX_free(_EVP_KDF_CTX_PTR _arg0) { ++ _g_EVP_KDF_CTX_free(_arg0); ++} ++ ++size_t _mkcgo_EVP_KDF_CTX_get_kdf_size(_EVP_KDF_CTX_PTR _arg0, uintptr_t *_err_state) { ++ size_t _ret = _g_EVP_KDF_CTX_get_kdf_size(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_KDF_CTX_PTR _mkcgo_EVP_KDF_CTX_new(_EVP_KDF_PTR _arg0, uintptr_t *_err_state) { ++ _EVP_KDF_CTX_PTR _ret = _g_EVP_KDF_CTX_new(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_KDF_CTX_set_params(_EVP_KDF_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_KDF_CTX_set_params(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_KDF_derive(_EVP_KDF_CTX_PTR _arg0, unsigned char* _arg1, size_t _arg2, const _OSSL_PARAM_PTR _arg3, uintptr_t *_err_state) { ++ int _ret = _g_EVP_KDF_derive(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_KDF_PTR _mkcgo_EVP_KDF_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { ++ _EVP_KDF_PTR _ret = _g_EVP_KDF_fetch(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_KDF_free(_EVP_KDF_PTR _arg0) { ++ _g_EVP_KDF_free(_arg0); ++} ++ ++int _mkcgo_available_EVP_KEYMGMT_fetch() { ++ return _g_EVP_KEYMGMT_fetch != NULL; ++} ++ ++_EVP_KEYMGMT_PTR _mkcgo_EVP_KEYMGMT_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { ++ _EVP_KEYMGMT_PTR _ret = _g_EVP_KEYMGMT_fetch(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_KEYMGMT_free(_EVP_KEYMGMT_PTR _arg0) { ++ _g_EVP_KEYMGMT_free(_arg0); ++} ++ ++_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_dup(const _EVP_MAC_CTX_PTR _arg0, uintptr_t *_err_state) { ++ _EVP_MAC_CTX_PTR _ret = _g_EVP_MAC_CTX_dup(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_MAC_CTX_free(_EVP_MAC_CTX_PTR _arg0) { ++ _g_EVP_MAC_CTX_free(_arg0); ++} ++ ++_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_new(_EVP_MAC_PTR _arg0, uintptr_t *_err_state) { ++ _EVP_MAC_CTX_PTR _ret = _g_EVP_MAC_CTX_new(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_MAC_CTX_set_params(_EVP_MAC_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_MAC_CTX_set_params(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_MAC_PTR _mkcgo_EVP_MAC_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { ++ _EVP_MAC_PTR _ret = _g_EVP_MAC_fetch(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_MAC_final(_EVP_MAC_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, size_t _arg3, uintptr_t *_err_state) { ++ int _ret = _g_EVP_MAC_final(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_MAC_init(_EVP_MAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const _OSSL_PARAM_PTR _arg3, uintptr_t *_err_state) { ++ int _ret = _g_EVP_MAC_init(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_MAC_update(_EVP_MAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_MAC_update(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR _arg0, const _EVP_MD_CTX_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_MD_CTX_copy_ex(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_MD_CTX_ctrl(_EVP_MD_CTX_PTR _arg0, int _arg1, int _arg2, void* _arg3, uintptr_t *_err_state) { ++ int _ret = _g_EVP_MD_CTX_ctrl(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_MD_CTX_free(_EVP_MD_CTX_PTR _arg0) { ++ _g_EVP_MD_CTX_free(_arg0); ++} ++ ++int _mkcgo_EVP_MD_CTX_get_params(_EVP_MD_CTX_PTR _arg0, _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_MD_CTX_get_params(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_gettable_params(_EVP_MD_CTX_PTR _arg0, uintptr_t *_err_state) { ++ const _OSSL_PARAM_PTR _ret = _g_EVP_MD_CTX_gettable_params(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_MD_CTX_PTR _mkcgo_EVP_MD_CTX_new(uintptr_t *_err_state) { ++ _EVP_MD_CTX_PTR _ret = _g_EVP_MD_CTX_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_MD_CTX_set_params(_EVP_MD_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_MD_CTX_set_params(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_settable_params(_EVP_MD_CTX_PTR _arg0, uintptr_t *_err_state) { ++ const _OSSL_PARAM_PTR _ret = _g_EVP_MD_CTX_settable_params(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_MD_PTR _mkcgo_EVP_MD_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { ++ _EVP_MD_PTR _ret = _g_EVP_MD_fetch(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_MD_free(_EVP_MD_PTR _arg0) { ++ _g_EVP_MD_free(_arg0); ++} ++ ++const char* _mkcgo_EVP_MD_get0_name(const _EVP_MD_PTR _arg0) { ++ return _g_EVP_MD_get0_name(_arg0); ++} ++ ++const _OSSL_PROVIDER_PTR _mkcgo_EVP_MD_get0_provider(const _EVP_MD_PTR _arg0) { ++ return _g_EVP_MD_get0_provider(_arg0); ++} ++ ++int _mkcgo_EVP_MD_get_block_size(const _EVP_MD_PTR _arg0) { ++ return _g_EVP_MD_get_block_size(_arg0); ++} ++ ++int _mkcgo_EVP_MD_get_size(const _EVP_MD_PTR _arg0) { ++ return _g_EVP_MD_get_size(_arg0); ++} ++ ++int _mkcgo_EVP_MD_get_type(const _EVP_MD_PTR _arg0) { ++ return _g_EVP_MD_get_type(_arg0); ++} ++ ++int _mkcgo_EVP_PKEY_CTX_add1_hkdf_info(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_add1_hkdf_info(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR _arg0, int _arg1, int _arg2, int _arg3, int _arg4, void* _arg5, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_ctrl(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR _arg0) { ++ _g_EVP_PKEY_CTX_free(_arg0); ++} ++ ++_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new(_EVP_PKEY_PTR _arg0, _ENGINE_PTR _arg1, uintptr_t *_err_state) { ++ _EVP_PKEY_CTX_PTR _ret = _g_EVP_PKEY_CTX_new(_arg0, _arg1); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR _arg0, _EVP_PKEY_PTR _arg1, const char* _arg2, uintptr_t *_err_state) { ++ _EVP_PKEY_CTX_PTR _ret = _g_EVP_PKEY_CTX_new_from_pkey(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_id(int _arg0, _ENGINE_PTR _arg1, uintptr_t *_err_state) { ++ _EVP_PKEY_CTX_PTR _ret = _g_EVP_PKEY_CTX_new_id(_arg0, _arg1); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, int _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_set0_rsa_oaep_label(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_CTX_set1_hkdf_key(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_set1_hkdf_key(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_set1_hkdf_salt(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR _arg0, const _EVP_MD_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_set_hkdf_md(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR _arg0, int _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_set_hkdf_mode(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_CTX_set_params(_EVP_PKEY_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_CTX_set_params(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, const char* _arg3, uintptr_t *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2, _arg3); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_MLDSA(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_MLKEM(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, size_t _arg3, uintptr_t *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2, _arg3); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_X25519(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_Q_keygen(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_assign(_EVP_PKEY_PTR _arg0, int _arg1, void* _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_assign(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_decapsulate(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_decapsulate(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_decapsulate_init(_EVP_PKEY_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_decapsulate_init(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_decrypt(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_decrypt(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_decrypt_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_decrypt_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_derive(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_derive(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_derive_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_derive_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_derive_set_peer(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_derive_set_peer(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_encapsulate(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, unsigned char* _arg3, size_t* _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_encapsulate(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_encapsulate_init(_EVP_PKEY_CTX_PTR _arg0, const _OSSL_PARAM_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_encapsulate_init(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_encrypt(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_encrypt(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_encrypt_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_encrypt_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_PKEY_free(_EVP_PKEY_PTR _arg0) { ++ _g_EVP_PKEY_free(_arg0); ++} ++ ++int _mkcgo_EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1, int _arg2, _OSSL_PARAM_PTR _arg3, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_fromdata(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_fromdata_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_DSA_PTR _mkcgo_EVP_PKEY_get0_DSA(_EVP_PKEY_PTR _arg0, uintptr_t *_err_state) { ++ _DSA_PTR _ret = _g_EVP_PKEY_get0_DSA(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EC_KEY_PTR _mkcgo_EVP_PKEY_get0_EC_KEY(_EVP_PKEY_PTR _arg0, uintptr_t *_err_state) { ++ _EC_KEY_PTR _ret = _g_EVP_PKEY_get0_EC_KEY(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_RSA_PTR _mkcgo_EVP_PKEY_get1_RSA(_EVP_PKEY_PTR _arg0, uintptr_t *_err_state) { ++ _RSA_PTR _ret = _g_EVP_PKEY_get1_RSA(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++size_t _mkcgo_EVP_PKEY_get1_encoded_public_key(_EVP_PKEY_PTR _arg0, unsigned char** _arg1, uintptr_t *_err_state) { ++ size_t _ret = _g_EVP_PKEY_get1_encoded_public_key(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_get_bits(const _EVP_PKEY_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_get_bits(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_get_bn_param(const _EVP_PKEY_PTR _arg0, const char* _arg1, _BIGNUM_PTR* _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_get_bn_param(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_get_octet_string_param(const _EVP_PKEY_PTR _arg0, const char* _arg1, unsigned char* _arg2, size_t _arg3, size_t* _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_get_octet_string_param(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR _arg0, unsigned char* _arg1, size_t* _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_get_raw_private_key(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR _arg0, unsigned char* _arg1, size_t* _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_get_raw_public_key(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_get_size(const _EVP_PKEY_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_get_size(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_keygen(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_keygen(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_keygen_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_keygen_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new(uintptr_t *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_private_key(int _arg0, _ENGINE_PTR _arg1, const unsigned char* _arg2, size_t _arg3, uintptr_t *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_new_raw_private_key(_arg0, _arg1, _arg2, _arg3); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_public_key(int _arg0, _ENGINE_PTR _arg1, const unsigned char* _arg2, size_t _arg3, uintptr_t *_err_state) { ++ _EVP_PKEY_PTR _ret = _g_EVP_PKEY_new_raw_public_key(_arg0, _arg1, _arg2, _arg3); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_paramgen(_EVP_PKEY_CTX_PTR _arg0, _EVP_PKEY_PTR* _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_paramgen(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_paramgen_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_private_check(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_private_check(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_public_check_quick(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_public_check_quick(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR _arg0, _EC_KEY_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_set1_EC_KEY(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_set1_encoded_public_key(_EVP_PKEY_PTR _arg0, const unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_set1_encoded_public_key(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_sign(_EVP_PKEY_CTX_PTR _arg0, unsigned char* _arg1, size_t* _arg2, const unsigned char* _arg3, size_t _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_sign(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_sign_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_sign_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_up_ref(_EVP_PKEY_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_up_ref(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_verify(_EVP_PKEY_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, const unsigned char* _arg3, size_t _arg4, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_verify(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_PKEY_verify_init(_EVP_PKEY_CTX_PTR _arg0, uintptr_t *_err_state) { ++ int _ret = _g_EVP_PKEY_verify_init(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_EVP_SIGNATURE_PTR _mkcgo_EVP_SIGNATURE_fetch(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, const char* _arg2, uintptr_t *_err_state) { ++ _EVP_SIGNATURE_PTR _ret = _g_EVP_SIGNATURE_fetch(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_EVP_SIGNATURE_free(_EVP_SIGNATURE_PTR _arg0) { ++ _g_EVP_SIGNATURE_free(_arg0); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_cbc(void) { ++ return _g_EVP_aes_128_cbc(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ctr(void) { ++ return _g_EVP_aes_128_ctr(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ecb(void) { ++ return _g_EVP_aes_128_ecb(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_gcm(void) { ++ return _g_EVP_aes_128_gcm(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_cbc(void) { ++ return _g_EVP_aes_192_cbc(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ctr(void) { ++ return _g_EVP_aes_192_ctr(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ecb(void) { ++ return _g_EVP_aes_192_ecb(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_gcm(void) { ++ return _g_EVP_aes_192_gcm(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_cbc(void) { ++ return _g_EVP_aes_256_cbc(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ctr(void) { ++ return _g_EVP_aes_256_ctr(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ecb(void) { ++ return _g_EVP_aes_256_ecb(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_gcm(void) { ++ return _g_EVP_aes_256_gcm(); ++} ++ ++int _mkcgo_available_EVP_chacha20_poly1305() { ++ return _g_EVP_chacha20_poly1305 != NULL; ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_chacha20_poly1305(void) { ++ return _g_EVP_chacha20_poly1305(); ++} ++ ++int _mkcgo_EVP_default_properties_enable_fips(_OSSL_LIB_CTX_PTR _arg0, int _arg1, uintptr_t *_err_state) { ++ int _ret = _g_EVP_default_properties_enable_fips(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_EVP_default_properties_is_fips_enabled(_OSSL_LIB_CTX_PTR _arg0) { ++ return _g_EVP_default_properties_is_fips_enabled(_arg0); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_cbc(void) { ++ return _g_EVP_des_cbc(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_ecb(void) { ++ return _g_EVP_des_ecb(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_cbc(void) { ++ return _g_EVP_des_ede3_cbc(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_ecb(void) { ++ return _g_EVP_des_ede3_ecb(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_md4(void) { ++ return _g_EVP_md4(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_md5(void) { ++ return _g_EVP_md5(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_md5_sha1(void) { ++ return _g_EVP_md5_sha1(); ++} ++ ++const _EVP_CIPHER_PTR _mkcgo_EVP_rc4(void) { ++ return _g_EVP_rc4(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_ripemd160(void) { ++ return _g_EVP_ripemd160(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha1(void) { ++ return _g_EVP_sha1(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha224(void) { ++ return _g_EVP_sha224(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha256(void) { ++ return _g_EVP_sha256(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha384(void) { ++ return _g_EVP_sha384(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha3_224(void) { ++ return _g_EVP_sha3_224(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha3_256(void) { ++ return _g_EVP_sha3_256(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha3_384(void) { ++ return _g_EVP_sha3_384(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha3_512(void) { ++ return _g_EVP_sha3_512(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha512(void) { ++ return _g_EVP_sha512(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha512_224(void) { ++ return _g_EVP_sha512_224(); ++} ++ ++const _EVP_MD_PTR _mkcgo_EVP_sha512_256(void) { ++ return _g_EVP_sha512_256(); ++} ++ ++int _mkcgo_FIPS_mode(void) { ++ return _g_FIPS_mode(); ++} ++ ++int _mkcgo_FIPS_mode_set(int _arg0, uintptr_t *_err_state) { ++ int _ret = _g_FIPS_mode_set(_arg0); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_HMAC_CTX_copy(_HMAC_CTX_PTR _arg0, _HMAC_CTX_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_HMAC_CTX_copy(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_HMAC_CTX_free(_HMAC_CTX_PTR _arg0) { ++ _g_HMAC_CTX_free(_arg0); ++} ++ ++_HMAC_CTX_PTR _mkcgo_HMAC_CTX_new(uintptr_t *_err_state) { ++ _HMAC_CTX_PTR _ret = _g_HMAC_CTX_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_HMAC_Final(_HMAC_CTX_PTR _arg0, unsigned char* _arg1, unsigned int* _arg2, uintptr_t *_err_state) { ++ int _ret = _g_HMAC_Final(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_HMAC_Init_ex(_HMAC_CTX_PTR _arg0, const unsigned char* _arg1, int _arg2, const _EVP_MD_PTR _arg3, _ENGINE_PTR _arg4, uintptr_t *_err_state) { ++ int _ret = _g_HMAC_Init_ex(_arg0, _arg1, _arg2, _arg3, _arg4); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_HMAC_Update(_HMAC_CTX_PTR _arg0, const unsigned char* _arg1, size_t _arg2, uintptr_t *_err_state) { ++ int _ret = _g_HMAC_Update(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++const char* _mkcgo_OBJ_nid2sn(int _arg0) { ++ return _g_OBJ_nid2sn(_arg0); ++} ++ ++void _mkcgo_OPENSSL_init(void) { ++ _g_OPENSSL_init(); ++} ++ ++int _mkcgo_OPENSSL_init_crypto(uint64_t _arg0, const _OPENSSL_INIT_SETTINGS_PTR _arg1, uintptr_t *_err_state) { ++ int _ret = _g_OPENSSL_init_crypto(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_available_OPENSSL_version_major() { ++ return _g_OPENSSL_version_major != NULL; ++} ++ ++unsigned int _mkcgo_OPENSSL_version_major(void) { ++ return _g_OPENSSL_version_major(); ++} ++ ++int _mkcgo_available_OPENSSL_version_minor() { ++ return _g_OPENSSL_version_minor != NULL; ++} ++ ++unsigned int _mkcgo_OPENSSL_version_minor(void) { ++ return _g_OPENSSL_version_minor(); ++} ++ ++int _mkcgo_available_OPENSSL_version_patch() { ++ return _g_OPENSSL_version_patch != NULL; ++} ++ ++unsigned int _mkcgo_OPENSSL_version_patch(void) { ++ return _g_OPENSSL_version_patch(); ++} ++ ++void _mkcgo_OSSL_PARAM_BLD_free(_OSSL_PARAM_BLD_PTR _arg0) { ++ _g_OSSL_PARAM_BLD_free(_arg0); ++} ++ ++_OSSL_PARAM_BLD_PTR _mkcgo_OSSL_PARAM_BLD_new(void) { ++ return _g_OSSL_PARAM_BLD_new(); ++} ++ ++int _mkcgo_OSSL_PARAM_BLD_push_BN(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const _BIGNUM_PTR _arg2, uintptr_t *_err_state) { ++ int _ret = _g_OSSL_PARAM_BLD_push_BN(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_OSSL_PARAM_BLD_push_int32(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, int32_t _arg2, uintptr_t *_err_state) { ++ int _ret = _g_OSSL_PARAM_BLD_push_int32(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_OSSL_PARAM_BLD_push_octet_string(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const unsigned char* _arg2, size_t _arg3, uintptr_t *_err_state) { ++ int _ret = _g_OSSL_PARAM_BLD_push_octet_string(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_OSSL_PARAM_BLD_push_utf8_string(_OSSL_PARAM_BLD_PTR _arg0, const char* _arg1, const char* _arg2, size_t _arg3, uintptr_t *_err_state) { ++ int _ret = _g_OSSL_PARAM_BLD_push_utf8_string(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++_OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_BLD_to_param(_OSSL_PARAM_BLD_PTR _arg0, uintptr_t *_err_state) { ++ _OSSL_PARAM_PTR _ret = _g_OSSL_PARAM_BLD_to_param(_arg0); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_OSSL_PARAM_free(_OSSL_PARAM_PTR _arg0) { ++ _g_OSSL_PARAM_free(_arg0); ++} ++ ++const _OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_locate_const(const _OSSL_PARAM_PTR _arg0, const char* _arg1, uintptr_t *_err_state) { ++ const _OSSL_PARAM_PTR _ret = _g_OSSL_PARAM_locate_const(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_OSSL_PROVIDER_available(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1) { ++ return _g_OSSL_PROVIDER_available(_arg0, _arg1); ++} ++ ++const char* _mkcgo_OSSL_PROVIDER_get0_name(const _OSSL_PROVIDER_PTR _arg0) { ++ return _g_OSSL_PROVIDER_get0_name(_arg0); ++} ++ ++_OSSL_PROVIDER_PTR _mkcgo_OSSL_PROVIDER_try_load(_OSSL_LIB_CTX_PTR _arg0, const char* _arg1, int _arg2, uintptr_t *_err_state) { ++ _OSSL_PROVIDER_PTR _ret = _g_OSSL_PROVIDER_try_load(_arg0, _arg1, _arg2); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++const char* _mkcgo_OpenSSL_version(int _arg0) { ++ return _g_OpenSSL_version(_arg0); ++} ++ ++int _mkcgo_available_OpenSSL_version_num() { ++ return _g_OpenSSL_version_num != NULL; ++} ++ ++unsigned long _mkcgo_OpenSSL_version_num(void) { ++ return _g_OpenSSL_version_num(); ++} ++ ++int _mkcgo_PKCS5_PBKDF2_HMAC(const char* _arg0, int _arg1, const unsigned char* _arg2, int _arg3, int _arg4, const _EVP_MD_PTR _arg5, int _arg6, unsigned char* _arg7, uintptr_t *_err_state) { ++ int _ret = _g_PKCS5_PBKDF2_HMAC(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_RAND_bytes(unsigned char* _arg0, int _arg1, uintptr_t *_err_state) { ++ int _ret = _g_RAND_bytes(_arg0, _arg1); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_RAND_bytes_ex(_OSSL_LIB_CTX_PTR _arg0, unsigned char* _arg1, size_t _arg2, unsigned int _arg3, uintptr_t *_err_state) { ++ int _ret = _g_RAND_bytes_ex(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++void _mkcgo_RSA_free(_RSA_PTR _arg0) { ++ _g_RSA_free(_arg0); ++} ++ ++void _mkcgo_RSA_get0_crt_params(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { ++ _g_RSA_get0_crt_params(_arg0, _arg1, _arg2, _arg3); ++} ++ ++void _mkcgo_RSA_get0_factors(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2) { ++ _g_RSA_get0_factors(_arg0, _arg1, _arg2); ++} ++ ++void _mkcgo_RSA_get0_key(const _RSA_PTR _arg0, const _BIGNUM_PTR* _arg1, const _BIGNUM_PTR* _arg2, const _BIGNUM_PTR* _arg3) { ++ _g_RSA_get0_key(_arg0, _arg1, _arg2, _arg3); ++} ++ ++_RSA_PTR _mkcgo_RSA_new(uintptr_t *_err_state) { ++ _RSA_PTR _ret = _g_RSA_new(); ++ if (_ret == NULL) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_RSA_set0_crt_params(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, uintptr_t *_err_state) { ++ int _ret = _g_RSA_set0_crt_params(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_RSA_set0_factors(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, uintptr_t *_err_state) { ++ int _ret = _g_RSA_set0_factors(_arg0, _arg1, _arg2); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ ++int _mkcgo_RSA_set0_key(_RSA_PTR _arg0, _BIGNUM_PTR _arg1, _BIGNUM_PTR _arg2, _BIGNUM_PTR _arg3, uintptr_t *_err_state) { ++ int _ret = _g_RSA_set0_key(_arg0, _arg1, _arg2, _arg3); ++ if (_ret <= 0) *_err_state = mkcgo_err_retrieve(); ++ return _ret; ++} ++ +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.go +new file mode 100644 +index 00000000000000..a73b6a785f0265 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.go +@@ -0,0 +1,76 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++package ossl ++ ++const ( ++ POINT_CONVERSION_UNCOMPRESSED = 4 ++ OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002 ++ OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004 ++ OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008 ++ OPENSSL_INIT_LOAD_CONFIG = 0x00000040 ++ EVP_CTRL_GCM_GET_TAG = 0x10 ++ EVP_CTRL_GCM_SET_TAG = 0x11 ++ EVP_CTRL_AEAD_SET_IVLEN = 0x9 ++ EVP_CTRL_AEAD_GET_TAG = 0x10 ++ EVP_CTRL_AEAD_SET_TAG = 0x11 ++ EVP_PKEY_CTRL_MD = 1 ++ EVP_PKEY_RSA = 6 ++ EVP_PKEY_EC = 408 ++ EVP_PKEY_TLS1_PRF = 1021 ++ EVP_PKEY_X25519 = 1034 ++ EVP_PKEY_HKDF = 1036 ++ EVP_PKEY_ED25519 = 1087 ++ EVP_PKEY_DSA = 116 ++ EVP_PKEY_MLKEM_768 = 1455 ++ EVP_PKEY_MLKEM_1024 = 1456 ++ EVP_PKEY_ML_DSA_44 = 1457 ++ EVP_PKEY_ML_DSA_65 = 1458 ++ EVP_PKEY_ML_DSA_87 = 1459 ++ EVP_PKEY_OP_DERIVE = (1 << 10) ++ EVP_MAX_MD_SIZE = 64 ++ EVP_PKEY_PUBLIC_KEY = 0x86 ++ EVP_PKEY_KEYPAIR = 0x87 ++ EVP_MD_CTRL_XOF_LEN = 0x3 ++ EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001 ++ EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1 ++ EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2 ++ EVP_PKEY_CTRL_TLS_MD = 0x1000 ++ EVP_PKEY_CTRL_TLS_SECRET = 0x1001 ++ EVP_PKEY_CTRL_TLS_SEED = 0x1002 ++ EVP_PKEY_CTRL_HKDF_MD = 0x1003 ++ EVP_PKEY_CTRL_HKDF_SALT = 0x1004 ++ EVP_PKEY_CTRL_HKDF_KEY = 0x1005 ++ EVP_PKEY_CTRL_HKDF_INFO = 0x1006 ++ EVP_PKEY_CTRL_HKDF_MODE = 0x1007 ++ NID_X9_62_prime256v1 = 415 ++ NID_secp224r1 = 713 ++ NID_secp384r1 = 715 ++ NID_secp521r1 = 716 ++ NID_ML_KEM_768 = 1455 ++ NID_ML_KEM_1024 = 1456 ++ NID_ML_DSA_44 = 1457 ++ NID_ML_DSA_65 = 1458 ++ NID_ML_DSA_87 = 1459 ++ RSA_PKCS1_PADDING = 1 ++ RSA_NO_PADDING = 3 ++ RSA_PKCS1_OAEP_PADDING = 4 ++ RSA_PKCS1_PSS_PADDING = 6 ++ RSA_PSS_SALTLEN_DIGEST = -1 ++ RSA_PSS_SALTLEN_AUTO = -2 ++ RSA_PSS_SALTLEN_MAX_SIGN = -2 ++ RSA_PSS_SALTLEN_MAX = -3 ++ EVP_PKEY_CTRL_RSA_PADDING = 0x1001 ++ EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002 ++ EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003 ++ EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005 ++ EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009 ++ EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A ++ EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001 ++ EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002 ++ OSSL_PARAM_INTEGER = 1 ++ OSSL_PARAM_OCTET_STRING = 5 ++ BIO_CTRL_INFO = 3 ++) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.h b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.h +new file mode 100644 +index 00000000000000..152e26e99367e9 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl.h +@@ -0,0 +1,375 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++// Code generated by mkcgo. DO NOT EDIT. ++ ++#ifndef MKCGO_H // only include this header once ++#define MKCGO_H ++ ++#include ++#include ++ ++typedef void* _OPENSSL_INIT_SETTINGS_PTR; ++typedef void* _OSSL_LIB_CTX_PTR; ++typedef void* _OSSL_PROVIDER_PTR; ++typedef void* _ENGINE_PTR; ++typedef void* _EVP_PKEY_PTR; ++typedef void* _EVP_PKEY_CTX_PTR; ++typedef void* _EVP_MD_PTR; ++typedef void* _EVP_MD_CTX_PTR; ++typedef void* _HMAC_CTX_PTR; ++typedef void* _EVP_CIPHER_PTR; ++typedef void* _EVP_CIPHER_CTX_PTR; ++typedef void* _EC_KEY_PTR; ++typedef void* _EC_POINT_PTR; ++typedef void* _EC_GROUP_PTR; ++typedef void* _RSA_PTR; ++typedef void* _BIGNUM_PTR; ++typedef void* _BN_CTX_PTR; ++typedef void* _EVP_MAC_PTR; ++typedef void* _EVP_MAC_CTX_PTR; ++typedef void* _OSSL_PARAM_BLD_PTR; ++typedef void* _OSSL_PARAM_PTR; ++typedef void* _EVP_SIGNATURE_PTR; ++typedef void* _EVP_KEYMGMT_PTR; ++typedef void* _DSA_PTR; ++typedef void* _EVP_KDF_PTR; ++typedef void* _EVP_KDF_CTX_PTR; ++typedef void* _BIO_METHOD_PTR; ++typedef void* _BIO_PTR; ++typedef int point_conversion_form_t; ++ ++enum { ++ _POINT_CONVERSION_UNCOMPRESSED = 4, ++ _OPENSSL_INIT_LOAD_CRYPTO_STRINGS = 0x00000002, ++ _OPENSSL_INIT_ADD_ALL_CIPHERS = 0x00000004, ++ _OPENSSL_INIT_ADD_ALL_DIGESTS = 0x00000008, ++ _OPENSSL_INIT_LOAD_CONFIG = 0x00000040, ++ _EVP_CTRL_GCM_GET_TAG = 0x10, ++ _EVP_CTRL_GCM_SET_TAG = 0x11, ++ _EVP_CTRL_AEAD_SET_IVLEN = 0x9, ++ _EVP_CTRL_AEAD_GET_TAG = 0x10, ++ _EVP_CTRL_AEAD_SET_TAG = 0x11, ++ _EVP_PKEY_CTRL_MD = 1, ++ _EVP_PKEY_RSA = 6, ++ _EVP_PKEY_EC = 408, ++ _EVP_PKEY_TLS1_PRF = 1021, ++ _EVP_PKEY_X25519 = 1034, ++ _EVP_PKEY_HKDF = 1036, ++ _EVP_PKEY_ED25519 = 1087, ++ _EVP_PKEY_DSA = 116, ++ _EVP_PKEY_MLKEM_768 = 1455, ++ _EVP_PKEY_MLKEM_1024 = 1456, ++ _EVP_PKEY_ML_DSA_44 = 1457, ++ _EVP_PKEY_ML_DSA_65 = 1458, ++ _EVP_PKEY_ML_DSA_87 = 1459, ++ _EVP_PKEY_OP_DERIVE = (1 << 10), ++ _EVP_MAX_MD_SIZE = 64, ++ _EVP_PKEY_PUBLIC_KEY = 0x86, ++ _EVP_PKEY_KEYPAIR = 0x87, ++ _EVP_MD_CTRL_XOF_LEN = 0x3, ++ _EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001, ++ _EVP_KDF_HKDF_MODE_EXTRACT_ONLY = 1, ++ _EVP_KDF_HKDF_MODE_EXPAND_ONLY = 2, ++ _EVP_PKEY_CTRL_TLS_MD = 0x1000, ++ _EVP_PKEY_CTRL_TLS_SECRET = 0x1001, ++ _EVP_PKEY_CTRL_TLS_SEED = 0x1002, ++ _EVP_PKEY_CTRL_HKDF_MD = 0x1003, ++ _EVP_PKEY_CTRL_HKDF_SALT = 0x1004, ++ _EVP_PKEY_CTRL_HKDF_KEY = 0x1005, ++ _EVP_PKEY_CTRL_HKDF_INFO = 0x1006, ++ _EVP_PKEY_CTRL_HKDF_MODE = 0x1007, ++ _NID_X9_62_prime256v1 = 415, ++ _NID_secp224r1 = 713, ++ _NID_secp384r1 = 715, ++ _NID_secp521r1 = 716, ++ _NID_ML_KEM_768 = 1455, ++ _NID_ML_KEM_1024 = 1456, ++ _NID_ML_DSA_44 = 1457, ++ _NID_ML_DSA_65 = 1458, ++ _NID_ML_DSA_87 = 1459, ++ _RSA_PKCS1_PADDING = 1, ++ _RSA_NO_PADDING = 3, ++ _RSA_PKCS1_OAEP_PADDING = 4, ++ _RSA_PKCS1_PSS_PADDING = 6, ++ _RSA_PSS_SALTLEN_DIGEST = -1, ++ _RSA_PSS_SALTLEN_AUTO = -2, ++ _RSA_PSS_SALTLEN_MAX_SIGN = -2, ++ _RSA_PSS_SALTLEN_MAX = -3, ++ _EVP_PKEY_CTRL_RSA_PADDING = 0x1001, ++ _EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002, ++ _EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003, ++ _EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005, ++ _EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009, ++ _EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A, ++ _EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001, ++ _EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002, ++ _OSSL_PARAM_INTEGER = 1, ++ _OSSL_PARAM_OCTET_STRING = 5, ++ BIO_CTRL_INFO = 3, ++}; ++ ++uintptr_t mkcgo_err_retrieve(); ++void __mkcgo_load_(void* handle); ++void __mkcgo_unload_(); ++void __mkcgo_load_3(void* handle); ++void __mkcgo_unload_3(); ++void __mkcgo_load_33(void* handle); ++void __mkcgo_unload_33(); ++void __mkcgo_load_init_1(void* handle); ++void __mkcgo_unload_init_1(); ++void __mkcgo_load_init_3(void* handle); ++void __mkcgo_unload_init_3(); ++void __mkcgo_load_legacy_1(void* handle); ++void __mkcgo_unload_legacy_1(); ++void __mkcgo_load_version(void* handle); ++void __mkcgo_unload_version(); ++ ++int _mkcgo_available_EVP_DigestSqueeze(); ++int _mkcgo_available_EVP_KEYMGMT_fetch(); ++int _mkcgo_available_EVP_chacha20_poly1305(); ++int _mkcgo_available_OPENSSL_version_major(); ++int _mkcgo_available_OPENSSL_version_minor(); ++int _mkcgo_available_OPENSSL_version_patch(); ++int _mkcgo_available_OpenSSL_version_num(); ++ ++long _mkcgo_BIO_ctrl(_BIO_PTR, int, long, void*); ++int _mkcgo_BIO_free(_BIO_PTR); ++_BIO_PTR _mkcgo_BIO_new(const _BIO_METHOD_PTR, uintptr_t *); ++const _BIO_METHOD_PTR _mkcgo_BIO_s_mem(void); ++_BIGNUM_PTR _mkcgo_BN_bin2bn(const unsigned char*, int, _BIGNUM_PTR, uintptr_t *); ++int _mkcgo_BN_bn2binpad(const _BIGNUM_PTR, unsigned char*, int, uintptr_t *); ++int _mkcgo_BN_bn2lebinpad(const _BIGNUM_PTR, unsigned char*, int, uintptr_t *); ++void _mkcgo_BN_clear(_BIGNUM_PTR); ++void _mkcgo_BN_clear_free(_BIGNUM_PTR); ++void _mkcgo_BN_free(_BIGNUM_PTR); ++_BIGNUM_PTR _mkcgo_BN_lebin2bn(const unsigned char*, int, _BIGNUM_PTR, uintptr_t *); ++_BIGNUM_PTR _mkcgo_BN_new(uintptr_t *); ++int _mkcgo_BN_num_bits(const _BIGNUM_PTR); ++void _mkcgo_CRYPTO_free(void*, const char*, int); ++void* _mkcgo_CRYPTO_malloc(size_t, const char*, int, uintptr_t *); ++void _mkcgo_DSA_free(_DSA_PTR); ++int _mkcgo_DSA_generate_key(_DSA_PTR, uintptr_t *); ++void _mkcgo_DSA_get0_key(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++void _mkcgo_DSA_get0_pqg(const _DSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++_DSA_PTR _mkcgo_DSA_new(uintptr_t *); ++int _mkcgo_DSA_set0_key(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, uintptr_t *); ++int _mkcgo_DSA_set0_pqg(_DSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR, uintptr_t *); ++void _mkcgo_EC_GROUP_free(_EC_GROUP_PTR); ++_EC_GROUP_PTR _mkcgo_EC_GROUP_new_by_curve_name(int, uintptr_t *); ++int _mkcgo_EC_KEY_check_key(const _EC_KEY_PTR, uintptr_t *); ++void _mkcgo_EC_KEY_free(_EC_KEY_PTR); ++const _EC_GROUP_PTR _mkcgo_EC_KEY_get0_group(const _EC_KEY_PTR); ++const _BIGNUM_PTR _mkcgo_EC_KEY_get0_private_key(const _EC_KEY_PTR); ++const _EC_POINT_PTR _mkcgo_EC_KEY_get0_public_key(const _EC_KEY_PTR); ++_EC_KEY_PTR _mkcgo_EC_KEY_new_by_curve_name(int, uintptr_t *); ++int _mkcgo_EC_KEY_set_private_key(_EC_KEY_PTR, const _BIGNUM_PTR, uintptr_t *); ++int _mkcgo_EC_KEY_set_public_key(_EC_KEY_PTR, const _EC_POINT_PTR, uintptr_t *); ++int _mkcgo_EC_KEY_set_public_key_affine_coordinates(_EC_KEY_PTR, _BIGNUM_PTR, _BIGNUM_PTR, uintptr_t *); ++void _mkcgo_EC_POINT_free(_EC_POINT_PTR); ++int _mkcgo_EC_POINT_get_affine_coordinates_GFp(const _EC_GROUP_PTR, const _EC_POINT_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BN_CTX_PTR, uintptr_t *); ++int _mkcgo_EC_POINT_mul(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _EC_POINT_PTR, const _BIGNUM_PTR, _BN_CTX_PTR, uintptr_t *); ++_EC_POINT_PTR _mkcgo_EC_POINT_new(const _EC_GROUP_PTR, uintptr_t *); ++int _mkcgo_EC_POINT_oct2point(const _EC_GROUP_PTR, _EC_POINT_PTR, const unsigned char*, size_t, _BN_CTX_PTR, uintptr_t *); ++size_t _mkcgo_EC_POINT_point2oct(const _EC_GROUP_PTR, const _EC_POINT_PTR, point_conversion_form_t, unsigned char*, size_t, _BN_CTX_PTR, uintptr_t *); ++int _mkcgo_EC_POINT_set_affine_coordinates(const _EC_GROUP_PTR, _EC_POINT_PTR, const _BIGNUM_PTR, const _BIGNUM_PTR, _BN_CTX_PTR, uintptr_t *); ++unsigned long _mkcgo_ERR_peek_error(void); ++void _mkcgo_ERR_print_errors(_BIO_PTR); ++int _mkcgo_EVP_CIPHER_CTX_ctrl(_EVP_CIPHER_CTX_PTR, int, int, void*, uintptr_t *); ++void _mkcgo_EVP_CIPHER_CTX_free(_EVP_CIPHER_CTX_PTR); ++_EVP_CIPHER_CTX_PTR _mkcgo_EVP_CIPHER_CTX_new(uintptr_t *); ++int _mkcgo_EVP_CIPHER_CTX_set_key_length(_EVP_CIPHER_CTX_PTR, int, uintptr_t *); ++int _mkcgo_EVP_CIPHER_CTX_set_padding(_EVP_CIPHER_CTX_PTR, int, uintptr_t *); ++_EVP_CIPHER_PTR _mkcgo_EVP_CIPHER_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); ++const char* _mkcgo_EVP_CIPHER_get0_name(const _EVP_CIPHER_PTR); ++int _mkcgo_EVP_CIPHER_get_block_size(const _EVP_CIPHER_PTR); ++int _mkcgo_EVP_CipherInit_ex(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, int, uintptr_t *); ++int _mkcgo_EVP_CipherUpdate(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int, uintptr_t *); ++int _mkcgo_EVP_DecryptFinal_ex(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, uintptr_t *); ++int _mkcgo_EVP_DecryptInit_ex(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, uintptr_t *); ++int _mkcgo_EVP_DecryptUpdate(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int, uintptr_t *); ++int _mkcgo_EVP_Digest(const unsigned char*, size_t, unsigned char*, unsigned int*, const _EVP_MD_PTR, _ENGINE_PTR, uintptr_t *); ++int _mkcgo_EVP_DigestFinalXOF(_EVP_MD_CTX_PTR, unsigned char*, size_t, uintptr_t *); ++int _mkcgo_EVP_DigestFinal_ex(_EVP_MD_CTX_PTR, unsigned char*, unsigned int*, uintptr_t *); ++int _mkcgo_EVP_DigestInit(_EVP_MD_CTX_PTR, const _EVP_MD_PTR, uintptr_t *); ++int _mkcgo_EVP_DigestInit_ex(_EVP_MD_CTX_PTR, const _EVP_MD_PTR, _ENGINE_PTR, uintptr_t *); ++int _mkcgo_EVP_DigestSign(_EVP_MD_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, uintptr_t *); ++int _mkcgo_EVP_DigestSignFinal(_EVP_MD_CTX_PTR, unsigned char*, size_t*, uintptr_t *); ++int _mkcgo_EVP_DigestSignInit(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR, uintptr_t *); ++int _mkcgo_EVP_DigestSqueeze(_EVP_MD_CTX_PTR, unsigned char*, size_t, uintptr_t *); ++int _mkcgo_EVP_DigestUpdate(_EVP_MD_CTX_PTR, const unsigned char*, size_t, uintptr_t *); ++int _mkcgo_EVP_DigestVerify(_EVP_MD_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t, uintptr_t *); ++int _mkcgo_EVP_DigestVerifyFinal(_EVP_MD_CTX_PTR, const unsigned char*, size_t, uintptr_t *); ++int _mkcgo_EVP_DigestVerifyInit(_EVP_MD_CTX_PTR, _EVP_PKEY_CTX_PTR*, const _EVP_MD_PTR, _ENGINE_PTR, _EVP_PKEY_PTR, uintptr_t *); ++int _mkcgo_EVP_EncryptFinal_ex(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, uintptr_t *); ++int _mkcgo_EVP_EncryptInit_ex(_EVP_CIPHER_CTX_PTR, const _EVP_CIPHER_PTR, _ENGINE_PTR, const unsigned char*, const unsigned char*, uintptr_t *); ++int _mkcgo_EVP_EncryptUpdate(_EVP_CIPHER_CTX_PTR, unsigned char*, int*, const unsigned char*, int, uintptr_t *); ++void _mkcgo_EVP_KDF_CTX_free(_EVP_KDF_CTX_PTR); ++size_t _mkcgo_EVP_KDF_CTX_get_kdf_size(_EVP_KDF_CTX_PTR, uintptr_t *); ++_EVP_KDF_CTX_PTR _mkcgo_EVP_KDF_CTX_new(_EVP_KDF_PTR, uintptr_t *); ++int _mkcgo_EVP_KDF_CTX_set_params(_EVP_KDF_CTX_PTR, const _OSSL_PARAM_PTR, uintptr_t *); ++int _mkcgo_EVP_KDF_derive(_EVP_KDF_CTX_PTR, unsigned char*, size_t, const _OSSL_PARAM_PTR, uintptr_t *); ++_EVP_KDF_PTR _mkcgo_EVP_KDF_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); ++void _mkcgo_EVP_KDF_free(_EVP_KDF_PTR); ++_EVP_KEYMGMT_PTR _mkcgo_EVP_KEYMGMT_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); ++void _mkcgo_EVP_KEYMGMT_free(_EVP_KEYMGMT_PTR); ++_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_dup(const _EVP_MAC_CTX_PTR, uintptr_t *); ++void _mkcgo_EVP_MAC_CTX_free(_EVP_MAC_CTX_PTR); ++_EVP_MAC_CTX_PTR _mkcgo_EVP_MAC_CTX_new(_EVP_MAC_PTR, uintptr_t *); ++int _mkcgo_EVP_MAC_CTX_set_params(_EVP_MAC_CTX_PTR, const _OSSL_PARAM_PTR, uintptr_t *); ++_EVP_MAC_PTR _mkcgo_EVP_MAC_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); ++int _mkcgo_EVP_MAC_final(_EVP_MAC_CTX_PTR, unsigned char*, size_t*, size_t, uintptr_t *); ++int _mkcgo_EVP_MAC_init(_EVP_MAC_CTX_PTR, const unsigned char*, size_t, const _OSSL_PARAM_PTR, uintptr_t *); ++int _mkcgo_EVP_MAC_update(_EVP_MAC_CTX_PTR, const unsigned char*, size_t, uintptr_t *); ++int _mkcgo_EVP_MD_CTX_copy_ex(_EVP_MD_CTX_PTR, const _EVP_MD_CTX_PTR, uintptr_t *); ++int _mkcgo_EVP_MD_CTX_ctrl(_EVP_MD_CTX_PTR, int, int, void*, uintptr_t *); ++void _mkcgo_EVP_MD_CTX_free(_EVP_MD_CTX_PTR); ++int _mkcgo_EVP_MD_CTX_get_params(_EVP_MD_CTX_PTR, _OSSL_PARAM_PTR, uintptr_t *); ++const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_gettable_params(_EVP_MD_CTX_PTR, uintptr_t *); ++_EVP_MD_CTX_PTR _mkcgo_EVP_MD_CTX_new(uintptr_t *); ++int _mkcgo_EVP_MD_CTX_set_params(_EVP_MD_CTX_PTR, const _OSSL_PARAM_PTR, uintptr_t *); ++const _OSSL_PARAM_PTR _mkcgo_EVP_MD_CTX_settable_params(_EVP_MD_CTX_PTR, uintptr_t *); ++_EVP_MD_PTR _mkcgo_EVP_MD_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); ++void _mkcgo_EVP_MD_free(_EVP_MD_PTR); ++const char* _mkcgo_EVP_MD_get0_name(const _EVP_MD_PTR); ++const _OSSL_PROVIDER_PTR _mkcgo_EVP_MD_get0_provider(const _EVP_MD_PTR); ++int _mkcgo_EVP_MD_get_block_size(const _EVP_MD_PTR); ++int _mkcgo_EVP_MD_get_size(const _EVP_MD_PTR); ++int _mkcgo_EVP_MD_get_type(const _EVP_MD_PTR); ++int _mkcgo_EVP_PKEY_CTX_add1_hkdf_info(_EVP_PKEY_CTX_PTR, const unsigned char*, int, uintptr_t *); ++int _mkcgo_EVP_PKEY_CTX_ctrl(_EVP_PKEY_CTX_PTR, int, int, int, int, void*, uintptr_t *); ++void _mkcgo_EVP_PKEY_CTX_free(_EVP_PKEY_CTX_PTR); ++_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new(_EVP_PKEY_PTR, _ENGINE_PTR, uintptr_t *); ++_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_from_pkey(_OSSL_LIB_CTX_PTR, _EVP_PKEY_PTR, const char*, uintptr_t *); ++_EVP_PKEY_CTX_PTR _mkcgo_EVP_PKEY_CTX_new_id(int, _ENGINE_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label(_EVP_PKEY_CTX_PTR, unsigned char*, int, uintptr_t *); ++int _mkcgo_EVP_PKEY_CTX_set1_hkdf_key(_EVP_PKEY_CTX_PTR, const unsigned char*, int, uintptr_t *); ++int _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt(_EVP_PKEY_CTX_PTR, const unsigned char*, int, uintptr_t *); ++int _mkcgo_EVP_PKEY_CTX_set_hkdf_md(_EVP_PKEY_CTX_PTR, const _EVP_MD_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_CTX_set_hkdf_mode(_EVP_PKEY_CTX_PTR, int, uintptr_t *); ++int _mkcgo_EVP_PKEY_CTX_set_params(_EVP_PKEY_CTX_PTR, const _OSSL_PARAM_PTR, uintptr_t *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_EC(_OSSL_LIB_CTX_PTR, const char*, const char*, const char*, uintptr_t *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_ED25519(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_MLDSA(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_MLKEM(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_RSA(_OSSL_LIB_CTX_PTR, const char*, const char*, size_t, uintptr_t *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_Q_keygen_X25519(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); ++int _mkcgo_EVP_PKEY_assign(_EVP_PKEY_PTR, int, void*, uintptr_t *); ++int _mkcgo_EVP_PKEY_decapsulate(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, uintptr_t *); ++int _mkcgo_EVP_PKEY_decapsulate_init(_EVP_PKEY_CTX_PTR, const _OSSL_PARAM_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_decrypt(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, uintptr_t *); ++int _mkcgo_EVP_PKEY_decrypt_init(_EVP_PKEY_CTX_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_derive(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, uintptr_t *); ++int _mkcgo_EVP_PKEY_derive_init(_EVP_PKEY_CTX_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_derive_set_peer(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_encapsulate(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, unsigned char*, size_t*, uintptr_t *); ++int _mkcgo_EVP_PKEY_encapsulate_init(_EVP_PKEY_CTX_PTR, const _OSSL_PARAM_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_encrypt(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, uintptr_t *); ++int _mkcgo_EVP_PKEY_encrypt_init(_EVP_PKEY_CTX_PTR, uintptr_t *); ++void _mkcgo_EVP_PKEY_free(_EVP_PKEY_PTR); ++int _mkcgo_EVP_PKEY_fromdata(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, int, _OSSL_PARAM_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_fromdata_init(_EVP_PKEY_CTX_PTR, uintptr_t *); ++_DSA_PTR _mkcgo_EVP_PKEY_get0_DSA(_EVP_PKEY_PTR, uintptr_t *); ++_EC_KEY_PTR _mkcgo_EVP_PKEY_get0_EC_KEY(_EVP_PKEY_PTR, uintptr_t *); ++_RSA_PTR _mkcgo_EVP_PKEY_get1_RSA(_EVP_PKEY_PTR, uintptr_t *); ++size_t _mkcgo_EVP_PKEY_get1_encoded_public_key(_EVP_PKEY_PTR, unsigned char**, uintptr_t *); ++int _mkcgo_EVP_PKEY_get_bits(const _EVP_PKEY_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_get_bn_param(const _EVP_PKEY_PTR, const char*, _BIGNUM_PTR*, uintptr_t *); ++int _mkcgo_EVP_PKEY_get_octet_string_param(const _EVP_PKEY_PTR, const char*, unsigned char*, size_t, size_t*, uintptr_t *); ++int _mkcgo_EVP_PKEY_get_raw_private_key(const _EVP_PKEY_PTR, unsigned char*, size_t*, uintptr_t *); ++int _mkcgo_EVP_PKEY_get_raw_public_key(const _EVP_PKEY_PTR, unsigned char*, size_t*, uintptr_t *); ++int _mkcgo_EVP_PKEY_get_size(const _EVP_PKEY_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_keygen(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, uintptr_t *); ++int _mkcgo_EVP_PKEY_keygen_init(_EVP_PKEY_CTX_PTR, uintptr_t *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new(uintptr_t *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_private_key(int, _ENGINE_PTR, const unsigned char*, size_t, uintptr_t *); ++_EVP_PKEY_PTR _mkcgo_EVP_PKEY_new_raw_public_key(int, _ENGINE_PTR, const unsigned char*, size_t, uintptr_t *); ++int _mkcgo_EVP_PKEY_paramgen(_EVP_PKEY_CTX_PTR, _EVP_PKEY_PTR*, uintptr_t *); ++int _mkcgo_EVP_PKEY_paramgen_init(_EVP_PKEY_CTX_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_private_check(_EVP_PKEY_CTX_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_public_check_quick(_EVP_PKEY_CTX_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_set1_EC_KEY(_EVP_PKEY_PTR, _EC_KEY_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_set1_encoded_public_key(_EVP_PKEY_PTR, const unsigned char*, size_t, uintptr_t *); ++int _mkcgo_EVP_PKEY_sign(_EVP_PKEY_CTX_PTR, unsigned char*, size_t*, const unsigned char*, size_t, uintptr_t *); ++int _mkcgo_EVP_PKEY_sign_init(_EVP_PKEY_CTX_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_up_ref(_EVP_PKEY_PTR, uintptr_t *); ++int _mkcgo_EVP_PKEY_verify(_EVP_PKEY_CTX_PTR, const unsigned char*, size_t, const unsigned char*, size_t, uintptr_t *); ++int _mkcgo_EVP_PKEY_verify_init(_EVP_PKEY_CTX_PTR, uintptr_t *); ++_EVP_SIGNATURE_PTR _mkcgo_EVP_SIGNATURE_fetch(_OSSL_LIB_CTX_PTR, const char*, const char*, uintptr_t *); ++void _mkcgo_EVP_SIGNATURE_free(_EVP_SIGNATURE_PTR); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_cbc(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ctr(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_ecb(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_128_gcm(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_cbc(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ctr(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_ecb(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_192_gcm(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_cbc(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ctr(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_ecb(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_aes_256_gcm(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_chacha20_poly1305(void); ++int _mkcgo_EVP_default_properties_enable_fips(_OSSL_LIB_CTX_PTR, int, uintptr_t *); ++int _mkcgo_EVP_default_properties_is_fips_enabled(_OSSL_LIB_CTX_PTR); ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_cbc(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_ecb(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_cbc(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_des_ede3_ecb(void); ++const _EVP_MD_PTR _mkcgo_EVP_md4(void); ++const _EVP_MD_PTR _mkcgo_EVP_md5(void); ++const _EVP_MD_PTR _mkcgo_EVP_md5_sha1(void); ++const _EVP_CIPHER_PTR _mkcgo_EVP_rc4(void); ++const _EVP_MD_PTR _mkcgo_EVP_ripemd160(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha1(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha224(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha256(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha384(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha3_224(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha3_256(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha3_384(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha3_512(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha512(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha512_224(void); ++const _EVP_MD_PTR _mkcgo_EVP_sha512_256(void); ++int _mkcgo_FIPS_mode(void); ++int _mkcgo_FIPS_mode_set(int, uintptr_t *); ++int _mkcgo_HMAC_CTX_copy(_HMAC_CTX_PTR, _HMAC_CTX_PTR, uintptr_t *); ++void _mkcgo_HMAC_CTX_free(_HMAC_CTX_PTR); ++_HMAC_CTX_PTR _mkcgo_HMAC_CTX_new(uintptr_t *); ++int _mkcgo_HMAC_Final(_HMAC_CTX_PTR, unsigned char*, unsigned int*, uintptr_t *); ++int _mkcgo_HMAC_Init_ex(_HMAC_CTX_PTR, const unsigned char*, int, const _EVP_MD_PTR, _ENGINE_PTR, uintptr_t *); ++int _mkcgo_HMAC_Update(_HMAC_CTX_PTR, const unsigned char*, size_t, uintptr_t *); ++const char* _mkcgo_OBJ_nid2sn(int); ++void _mkcgo_OPENSSL_init(void); ++int _mkcgo_OPENSSL_init_crypto(uint64_t, const _OPENSSL_INIT_SETTINGS_PTR, uintptr_t *); ++unsigned int _mkcgo_OPENSSL_version_major(void); ++unsigned int _mkcgo_OPENSSL_version_minor(void); ++unsigned int _mkcgo_OPENSSL_version_patch(void); ++void _mkcgo_OSSL_PARAM_BLD_free(_OSSL_PARAM_BLD_PTR); ++_OSSL_PARAM_BLD_PTR _mkcgo_OSSL_PARAM_BLD_new(void); ++int _mkcgo_OSSL_PARAM_BLD_push_BN(_OSSL_PARAM_BLD_PTR, const char*, const _BIGNUM_PTR, uintptr_t *); ++int _mkcgo_OSSL_PARAM_BLD_push_int32(_OSSL_PARAM_BLD_PTR, const char*, int32_t, uintptr_t *); ++int _mkcgo_OSSL_PARAM_BLD_push_octet_string(_OSSL_PARAM_BLD_PTR, const char*, const unsigned char*, size_t, uintptr_t *); ++int _mkcgo_OSSL_PARAM_BLD_push_utf8_string(_OSSL_PARAM_BLD_PTR, const char*, const char*, size_t, uintptr_t *); ++_OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_BLD_to_param(_OSSL_PARAM_BLD_PTR, uintptr_t *); ++void _mkcgo_OSSL_PARAM_free(_OSSL_PARAM_PTR); ++const _OSSL_PARAM_PTR _mkcgo_OSSL_PARAM_locate_const(const _OSSL_PARAM_PTR, const char*, uintptr_t *); ++int _mkcgo_OSSL_PROVIDER_available(_OSSL_LIB_CTX_PTR, const char*); ++const char* _mkcgo_OSSL_PROVIDER_get0_name(const _OSSL_PROVIDER_PTR); ++_OSSL_PROVIDER_PTR _mkcgo_OSSL_PROVIDER_try_load(_OSSL_LIB_CTX_PTR, const char*, int, uintptr_t *); ++const char* _mkcgo_OpenSSL_version(int); ++unsigned long _mkcgo_OpenSSL_version_num(void); ++int _mkcgo_PKCS5_PBKDF2_HMAC(const char*, int, const unsigned char*, int, int, const _EVP_MD_PTR, int, unsigned char*, uintptr_t *); ++int _mkcgo_RAND_bytes(unsigned char*, int, uintptr_t *); ++int _mkcgo_RAND_bytes_ex(_OSSL_LIB_CTX_PTR, unsigned char*, size_t, unsigned int, uintptr_t *); ++void _mkcgo_RSA_free(_RSA_PTR); ++void _mkcgo_RSA_get0_crt_params(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++void _mkcgo_RSA_get0_factors(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++void _mkcgo_RSA_get0_key(const _RSA_PTR, const _BIGNUM_PTR*, const _BIGNUM_PTR*, const _BIGNUM_PTR*); ++_RSA_PTR _mkcgo_RSA_new(uintptr_t *); ++int _mkcgo_RSA_set0_crt_params(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR, uintptr_t *); ++int _mkcgo_RSA_set0_factors(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, uintptr_t *); ++int _mkcgo_RSA_set0_key(_RSA_PTR, _BIGNUM_PTR, _BIGNUM_PTR, _BIGNUM_PTR, uintptr_t *); ++ ++#endif // MKCGO_H +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl_cgo.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl_cgo.go +new file mode 100644 +index 00000000000000..2eb57068990277 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.go -@@ -0,0 +1,8 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl_cgo.go +@@ -0,0 +1,1513 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+package cryptokit ++// Code generated by mkcgo. DO NOT EDIT. ++ ++package ossl ++ ++/* ++#cgo CFLAGS: -Wno-attributes ++#cgo unix LDFLAGS: -ldl ++ ++#include "zossl.h" ++#cgo noescape _mkcgo_BIO_ctrl ++#cgo nocallback _mkcgo_BIO_ctrl ++#cgo noescape _mkcgo_BIO_free ++#cgo nocallback _mkcgo_BIO_free ++#cgo noescape _mkcgo_ERR_print_errors ++#cgo nocallback _mkcgo_ERR_print_errors ++#cgo noescape _mkcgo_EVP_CipherUpdate ++#cgo nocallback _mkcgo_EVP_CipherUpdate ++#cgo noescape _mkcgo_EVP_DecryptFinal_ex ++#cgo nocallback _mkcgo_EVP_DecryptFinal_ex ++#cgo noescape _mkcgo_EVP_DecryptUpdate ++#cgo nocallback _mkcgo_EVP_DecryptUpdate ++#cgo noescape _mkcgo_EVP_Digest ++#cgo nocallback _mkcgo_EVP_Digest ++#cgo noescape _mkcgo_EVP_DigestFinalXOF ++#cgo nocallback _mkcgo_EVP_DigestFinalXOF ++#cgo noescape _mkcgo_EVP_DigestFinal_ex ++#cgo nocallback _mkcgo_EVP_DigestFinal_ex ++#cgo noescape _mkcgo_EVP_DigestSign ++#cgo nocallback _mkcgo_EVP_DigestSign ++#cgo noescape _mkcgo_EVP_DigestSqueeze ++#cgo nocallback _mkcgo_EVP_DigestSqueeze ++#cgo noescape _mkcgo_EVP_DigestUpdate ++#cgo nocallback _mkcgo_EVP_DigestUpdate ++#cgo noescape _mkcgo_EVP_EncryptFinal_ex ++#cgo nocallback _mkcgo_EVP_EncryptFinal_ex ++#cgo noescape _mkcgo_EVP_EncryptUpdate ++#cgo nocallback _mkcgo_EVP_EncryptUpdate ++#cgo noescape _mkcgo_EVP_MAC_CTX_free ++#cgo nocallback _mkcgo_EVP_MAC_CTX_free ++#cgo noescape _mkcgo_EVP_MAC_final ++#cgo nocallback _mkcgo_EVP_MAC_final ++#cgo noescape _mkcgo_EVP_MAC_init ++#cgo nocallback _mkcgo_EVP_MAC_init ++#cgo noescape _mkcgo_EVP_MAC_update ++#cgo nocallback _mkcgo_EVP_MAC_update ++#cgo noescape _mkcgo_EVP_MD_CTX_get_params ++#cgo nocallback _mkcgo_EVP_MD_CTX_get_params ++#cgo noescape _mkcgo_EVP_MD_CTX_set_params ++#cgo nocallback _mkcgo_EVP_MD_CTX_set_params ++#cgo noescape _mkcgo_EVP_PKEY_CTX_set_params ++#cgo nocallback _mkcgo_EVP_PKEY_CTX_set_params ++#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_EC ++#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_EC ++#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_ED25519 ++#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_ED25519 ++#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_MLDSA ++#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_MLDSA ++#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_MLKEM ++#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_MLKEM ++#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_RSA ++#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_RSA ++#cgo noescape _mkcgo_EVP_PKEY_Q_keygen_X25519 ++#cgo nocallback _mkcgo_EVP_PKEY_Q_keygen_X25519 ++#cgo noescape _mkcgo_EVP_PKEY_derive ++#cgo nocallback _mkcgo_EVP_PKEY_derive ++#cgo noescape _mkcgo_EVP_PKEY_get_bn_param ++#cgo nocallback _mkcgo_EVP_PKEY_get_bn_param ++#cgo noescape _mkcgo_EVP_PKEY_get_raw_private_key ++#cgo nocallback _mkcgo_EVP_PKEY_get_raw_private_key ++#cgo noescape _mkcgo_EVP_PKEY_get_raw_public_key ++#cgo nocallback _mkcgo_EVP_PKEY_get_raw_public_key ++#cgo noescape _mkcgo_EVP_PKEY_keygen ++#cgo nocallback _mkcgo_EVP_PKEY_keygen ++#cgo noescape _mkcgo_HMAC_CTX_copy ++#cgo nocallback _mkcgo_HMAC_CTX_copy ++#cgo noescape _mkcgo_HMAC_CTX_free ++#cgo nocallback _mkcgo_HMAC_CTX_free ++#cgo noescape _mkcgo_HMAC_Final ++#cgo nocallback _mkcgo_HMAC_Final ++#cgo noescape _mkcgo_HMAC_Init_ex ++#cgo nocallback _mkcgo_HMAC_Init_ex ++#cgo noescape _mkcgo_HMAC_Update ++#cgo nocallback _mkcgo_HMAC_Update ++#cgo noescape _mkcgo_RAND_bytes ++#cgo nocallback _mkcgo_RAND_bytes ++#cgo noescape _mkcgo_RAND_bytes_ex ++#cgo nocallback _mkcgo_RAND_bytes_ex ++*/ ++import "C" ++import "unsafe" ++ ++type BIGNUM_PTR = C._BIGNUM_PTR ++type BIO_METHOD_PTR = C._BIO_METHOD_PTR ++type BIO_PTR = C._BIO_PTR ++type BN_CTX_PTR = C._BN_CTX_PTR ++type DSA_PTR = C._DSA_PTR ++type EC_GROUP_PTR = C._EC_GROUP_PTR ++type EC_KEY_PTR = C._EC_KEY_PTR ++type EC_POINT_PTR = C._EC_POINT_PTR ++type ENGINE_PTR = C._ENGINE_PTR ++type EVP_CIPHER_CTX_PTR = C._EVP_CIPHER_CTX_PTR ++type EVP_CIPHER_PTR = C._EVP_CIPHER_PTR ++type EVP_KDF_CTX_PTR = C._EVP_KDF_CTX_PTR ++type EVP_KDF_PTR = C._EVP_KDF_PTR ++type EVP_KEYMGMT_PTR = C._EVP_KEYMGMT_PTR ++type EVP_MAC_CTX_PTR = C._EVP_MAC_CTX_PTR ++type EVP_MAC_PTR = C._EVP_MAC_PTR ++type EVP_MD_CTX_PTR = C._EVP_MD_CTX_PTR ++type EVP_MD_PTR = C._EVP_MD_PTR ++type EVP_PKEY_CTX_PTR = C._EVP_PKEY_CTX_PTR ++type EVP_PKEY_PTR = C._EVP_PKEY_PTR ++type EVP_SIGNATURE_PTR = C._EVP_SIGNATURE_PTR ++type HMAC_CTX_PTR = C._HMAC_CTX_PTR ++type OPENSSL_INIT_SETTINGS_PTR = C._OPENSSL_INIT_SETTINGS_PTR ++type OSSL_LIB_CTX_PTR = C._OSSL_LIB_CTX_PTR ++type OSSL_PARAM_BLD_PTR = C._OSSL_PARAM_BLD_PTR ++type OSSL_PARAM_PTR = C._OSSL_PARAM_PTR ++type OSSL_PROVIDER_PTR = C._OSSL_PROVIDER_PTR ++type RSA_PTR = C._RSA_PTR ++type Point_conversion_form_t = C.point_conversion_form_t ++ ++func MkcgoLoad_(handle unsafe.Pointer) { ++ C.__mkcgo_load_(handle) ++} ++ ++func MkcgoUnload_() { ++ C.__mkcgo_unload_() ++} ++ ++func MkcgoLoad_3(handle unsafe.Pointer) { ++ C.__mkcgo_load_3(handle) ++} ++ ++func MkcgoUnload_3() { ++ C.__mkcgo_unload_3() ++} ++ ++func MkcgoLoad_33(handle unsafe.Pointer) { ++ C.__mkcgo_load_33(handle) ++} ++ ++func MkcgoUnload_33() { ++ C.__mkcgo_unload_33() ++} ++ ++func MkcgoLoad_init_1(handle unsafe.Pointer) { ++ C.__mkcgo_load_init_1(handle) ++} ++ ++func MkcgoUnload_init_1() { ++ C.__mkcgo_unload_init_1() ++} ++ ++func MkcgoLoad_init_3(handle unsafe.Pointer) { ++ C.__mkcgo_load_init_3(handle) ++} ++ ++func MkcgoUnload_init_3() { ++ C.__mkcgo_unload_init_3() ++} ++ ++func MkcgoLoad_legacy_1(handle unsafe.Pointer) { ++ C.__mkcgo_load_legacy_1(handle) ++} ++ ++func MkcgoUnload_legacy_1() { ++ C.__mkcgo_unload_legacy_1() ++} ++ ++func MkcgoLoad_version(handle unsafe.Pointer) { ++ C.__mkcgo_load_version(handle) ++} ++ ++func MkcgoUnload_version() { ++ C.__mkcgo_unload_version() ++} ++ ++//go:nosplit ++func mkcgoNoEscape(p *C.uintptr_t) *C.uintptr_t { ++ x := uintptr(unsafe.Pointer(p)) ++ return (*C.uintptr_t)(unsafe.Pointer(x ^ 0)) ++} ++ ++func BIO_ctrl(bp BIO_PTR, cmd int32, larg int64, parg unsafe.Pointer) int64 { ++ return int64(C._mkcgo_BIO_ctrl(bp, C.int(cmd), C.long(larg), parg)) ++} ++ ++func BIO_free(a BIO_PTR) int32 { ++ return int32(C._mkcgo_BIO_free(a)) ++} ++ ++func BIO_new(__type BIO_METHOD_PTR) (BIO_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_BIO_new(__type, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("BIO_new", uintptr(_err)) ++} ++ ++func BIO_s_mem() BIO_METHOD_PTR { ++ return C._mkcgo_BIO_s_mem() ++} ++ ++func BN_bin2bn(arg0 []byte, arg2 BIGNUM_PTR) (BIGNUM_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_BN_bin2bn((*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg0))), C.int(len(arg0)), arg2, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("BN_bin2bn", uintptr(_err)) ++} ++ ++func BN_bn2binpad(a BIGNUM_PTR, to []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_BN_bn2binpad(a, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(to))), C.int(len(to)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("BN_bn2binpad", uintptr(_err)) ++} ++ ++func BN_bn2lebinpad(a BIGNUM_PTR, to []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_BN_bn2lebinpad(a, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(to))), C.int(len(to)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("BN_bn2lebinpad", uintptr(_err)) ++} ++ ++func BN_clear(arg0 BIGNUM_PTR) { ++ C._mkcgo_BN_clear(arg0) ++} ++ ++func BN_clear_free(arg0 BIGNUM_PTR) { ++ C._mkcgo_BN_clear_free(arg0) ++} ++ ++func BN_free(arg0 BIGNUM_PTR) { ++ C._mkcgo_BN_free(arg0) ++} ++ ++func BN_lebin2bn(s []byte, ret BIGNUM_PTR) (BIGNUM_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_BN_lebin2bn((*C.uchar)(unsafe.Pointer(unsafe.SliceData(s))), C.int(len(s)), ret, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("BN_lebin2bn", uintptr(_err)) ++} ++ ++func BN_new() (BIGNUM_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_BN_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("BN_new", uintptr(_err)) ++} ++ ++func BN_num_bits(arg0 BIGNUM_PTR) int32 { ++ return int32(C._mkcgo_BN_num_bits(arg0)) ++} ++ ++func CRYPTO_free(str unsafe.Pointer, file *byte, line int32) { ++ C._mkcgo_CRYPTO_free(str, (*C.char)(unsafe.Pointer(file)), C.int(line)) ++} ++ ++func CRYPTO_malloc(num int, file *byte, line int32) (unsafe.Pointer, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_CRYPTO_malloc(C.size_t(num), (*C.char)(unsafe.Pointer(file)), C.int(line), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("CRYPTO_malloc", uintptr(_err)) ++} ++ ++func DSA_free(r DSA_PTR) { ++ C._mkcgo_DSA_free(r) ++} ++ ++func DSA_generate_key(a DSA_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_DSA_generate_key(a, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("DSA_generate_key", uintptr(_err)) ++} ++ ++func DSA_get0_key(d DSA_PTR, pub_key *BIGNUM_PTR, priv_key *BIGNUM_PTR) { ++ C._mkcgo_DSA_get0_key(d, pub_key, priv_key) ++} ++ ++func DSA_get0_pqg(d DSA_PTR, p *BIGNUM_PTR, q *BIGNUM_PTR, g *BIGNUM_PTR) { ++ C._mkcgo_DSA_get0_pqg(d, p, q, g) ++} ++ ++func DSA_new() (DSA_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_DSA_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("DSA_new", uintptr(_err)) ++} ++ ++func DSA_set0_key(d DSA_PTR, pub_key BIGNUM_PTR, priv_key BIGNUM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_DSA_set0_key(d, pub_key, priv_key, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("DSA_set0_key", uintptr(_err)) ++} ++ ++func DSA_set0_pqg(d DSA_PTR, p BIGNUM_PTR, q BIGNUM_PTR, g BIGNUM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_DSA_set0_pqg(d, p, q, g, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("DSA_set0_pqg", uintptr(_err)) ++} ++ ++func EC_GROUP_free(group EC_GROUP_PTR) { ++ C._mkcgo_EC_GROUP_free(group) ++} ++ ++func EC_GROUP_new_by_curve_name(nid int32) (EC_GROUP_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EC_GROUP_new_by_curve_name(C.int(nid), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EC_GROUP_new_by_curve_name", uintptr(_err)) ++} ++ ++func EC_KEY_check_key(key EC_KEY_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EC_KEY_check_key(key, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_KEY_check_key", uintptr(_err)) ++} ++ ++func EC_KEY_free(arg0 EC_KEY_PTR) { ++ C._mkcgo_EC_KEY_free(arg0) ++} ++ ++func EC_KEY_get0_group(arg0 EC_KEY_PTR) EC_GROUP_PTR { ++ return C._mkcgo_EC_KEY_get0_group(arg0) ++} ++ ++func EC_KEY_get0_private_key(arg0 EC_KEY_PTR) BIGNUM_PTR { ++ return C._mkcgo_EC_KEY_get0_private_key(arg0) ++} ++ ++func EC_KEY_get0_public_key(arg0 EC_KEY_PTR) EC_POINT_PTR { ++ return C._mkcgo_EC_KEY_get0_public_key(arg0) ++} ++ ++func EC_KEY_new_by_curve_name(arg0 int32) (EC_KEY_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EC_KEY_new_by_curve_name(C.int(arg0), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EC_KEY_new_by_curve_name", uintptr(_err)) ++} ++ ++func EC_KEY_set_private_key(arg0 EC_KEY_PTR, arg1 BIGNUM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EC_KEY_set_private_key(arg0, arg1, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_KEY_set_private_key", uintptr(_err)) ++} ++ ++func EC_KEY_set_public_key(key EC_KEY_PTR, pub EC_POINT_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EC_KEY_set_public_key(key, pub, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_KEY_set_public_key", uintptr(_err)) ++} ++ ++func EC_KEY_set_public_key_affine_coordinates(key EC_KEY_PTR, x BIGNUM_PTR, y BIGNUM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EC_KEY_set_public_key_affine_coordinates(key, x, y, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_KEY_set_public_key_affine_coordinates", uintptr(_err)) ++} ++ ++func EC_POINT_free(arg0 EC_POINT_PTR) { ++ C._mkcgo_EC_POINT_free(arg0) ++} ++ ++func EC_POINT_get_affine_coordinates_GFp(arg0 EC_GROUP_PTR, arg1 EC_POINT_PTR, arg2 BIGNUM_PTR, arg3 BIGNUM_PTR, arg4 BN_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EC_POINT_get_affine_coordinates_GFp(arg0, arg1, arg2, arg3, arg4, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_POINT_get_affine_coordinates_GFp", uintptr(_err)) ++} ++ ++func EC_POINT_mul(group EC_GROUP_PTR, r EC_POINT_PTR, n BIGNUM_PTR, q EC_POINT_PTR, m BIGNUM_PTR, ctx BN_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EC_POINT_mul(group, r, n, q, m, ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_POINT_mul", uintptr(_err)) ++} ++ ++func EC_POINT_new(arg0 EC_GROUP_PTR) (EC_POINT_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EC_POINT_new(arg0, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EC_POINT_new", uintptr(_err)) ++} ++ ++func EC_POINT_oct2point(group EC_GROUP_PTR, p EC_POINT_PTR, buf []byte, ctx BN_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EC_POINT_oct2point(group, p, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(buf))), C.size_t(len(buf)), ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_POINT_oct2point", uintptr(_err)) ++} ++ ++func EC_POINT_point2oct(group EC_GROUP_PTR, p EC_POINT_PTR, form Point_conversion_form_t, buf []byte, ctx BN_CTX_PTR) (int, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EC_POINT_point2oct(group, p, form, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(buf))), C.size_t(len(buf)), ctx, mkcgoNoEscape(&_err)) ++ return int(_ret), newMkcgoErr("EC_POINT_point2oct", uintptr(_err)) ++} ++ ++func EC_POINT_set_affine_coordinates(arg0 EC_GROUP_PTR, arg1 EC_POINT_PTR, arg2 BIGNUM_PTR, arg3 BIGNUM_PTR, arg4 BN_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EC_POINT_set_affine_coordinates(arg0, arg1, arg2, arg3, arg4, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EC_POINT_set_affine_coordinates", uintptr(_err)) ++} ++ ++func ERR_peek_error() uint64 { ++ return uint64(C._mkcgo_ERR_peek_error()) ++} ++ ++func ERR_print_errors(bp BIO_PTR) { ++ C._mkcgo_ERR_print_errors(bp) ++} ++ ++func EVP_CIPHER_CTX_ctrl(ctx EVP_CIPHER_CTX_PTR, __type int32, arg int32, ptr unsafe.Pointer) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_CIPHER_CTX_ctrl(ctx, C.int(__type), C.int(arg), ptr, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_CIPHER_CTX_ctrl", uintptr(_err)) ++} ++ ++func EVP_CIPHER_CTX_free(arg0 EVP_CIPHER_CTX_PTR) { ++ C._mkcgo_EVP_CIPHER_CTX_free(arg0) ++} ++ ++func EVP_CIPHER_CTX_new() (EVP_CIPHER_CTX_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_CIPHER_CTX_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_CIPHER_CTX_new", uintptr(_err)) ++} ++ ++func EVP_CIPHER_CTX_set_key_length(x EVP_CIPHER_CTX_PTR, keylen int32) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_CIPHER_CTX_set_key_length(x, C.int(keylen), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_CIPHER_CTX_set_key_length", uintptr(_err)) ++} ++ ++func EVP_CIPHER_CTX_set_padding(x EVP_CIPHER_CTX_PTR, padding int32) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_CIPHER_CTX_set_padding(x, C.int(padding), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_CIPHER_CTX_set_padding", uintptr(_err)) ++} ++ ++func EVP_CIPHER_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_CIPHER_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_CIPHER_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_CIPHER_fetch", uintptr(_err)) ++} ++ ++func EVP_CIPHER_get0_name(cipher EVP_CIPHER_PTR) *byte { ++ return (*byte)(unsafe.Pointer(C._mkcgo_EVP_CIPHER_get0_name(cipher))) ++} ++ ++func EVP_CIPHER_get_block_size(cipher EVP_CIPHER_PTR) int32 { ++ return int32(C._mkcgo_EVP_CIPHER_get_block_size(cipher)) ++} ++ ++func EVP_CipherInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte, enc int32) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_CipherInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)), C.int(enc), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_CipherInit_ex", uintptr(_err)) ++} ++ ++func EVP_CipherUpdate(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32, in []byte) (int32, error) { ++ if outl != nil && int(*outl) > len(out) { ++ panic("EVP_CipherUpdate: *outl exceeds len(out)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_CipherUpdate(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(in))), C.int(len(in)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_CipherUpdate", uintptr(_err)) ++} ++ ++func EVP_DecryptFinal_ex(ctx EVP_CIPHER_CTX_PTR, outm []byte, outl *int32) (int32, error) { ++ if outl != nil && int(*outl) > len(outm) { ++ panic("EVP_DecryptFinal_ex: *outl exceeds len(outm)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DecryptFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(outm))), (*C.int)(unsafe.Pointer(outl)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DecryptFinal_ex", uintptr(_err)) ++} ++ ++func EVP_DecryptInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DecryptInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DecryptInit_ex", uintptr(_err)) ++} ++ ++func EVP_DecryptUpdate(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32, in []byte) (int32, error) { ++ if outl != nil && int(*outl) > len(out) { ++ panic("EVP_DecryptUpdate: *outl exceeds len(out)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DecryptUpdate(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(in))), C.int(len(in)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DecryptUpdate", uintptr(_err)) ++} ++ ++func EVP_Digest(data []byte, md []byte, size *uint32, __type EVP_MD_PTR, impl ENGINE_PTR) (int32, error) { ++ if size != nil && int(*size) > len(md) { ++ panic("EVP_Digest: *size exceeds len(md)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_Digest((*C.uchar)(unsafe.Pointer(unsafe.SliceData(data))), C.size_t(len(data)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(md))), (*C.uint)(unsafe.Pointer(size)), __type, impl, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_Digest", uintptr(_err)) ++} ++ ++func EVP_DigestFinalXOF(ctx EVP_MD_CTX_PTR, md []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DigestFinalXOF(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(md))), C.size_t(len(md)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestFinalXOF", uintptr(_err)) ++} ++ ++func EVP_DigestFinal_ex(ctx EVP_MD_CTX_PTR, md []byte, s *uint32) (int32, error) { ++ if s != nil && int(*s) > len(md) { ++ panic("EVP_DigestFinal_ex: *s exceeds len(md)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DigestFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(md))), (*C.uint)(unsafe.Pointer(s)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestFinal_ex", uintptr(_err)) ++} ++ ++func EVP_DigestInit(ctx EVP_MD_CTX_PTR, __type EVP_MD_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DigestInit(ctx, __type, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestInit", uintptr(_err)) ++} ++ ++func EVP_DigestInit_ex(ctx EVP_MD_CTX_PTR, __type EVP_MD_PTR, impl ENGINE_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DigestInit_ex(ctx, __type, impl, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestInit_ex", uintptr(_err)) ++} ++ ++func EVP_DigestSign(ctx EVP_MD_CTX_PTR, sigret []byte, siglen *int, tbs []byte) (int32, error) { ++ if siglen != nil && int(*siglen) > len(sigret) { ++ panic("EVP_DigestSign: *siglen exceeds len(sigret)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DigestSign(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(sigret))), (*C.size_t)(unsafe.Pointer(siglen)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(tbs))), C.size_t(len(tbs)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestSign", uintptr(_err)) ++} ++ ++func EVP_DigestSignFinal(ctx EVP_MD_CTX_PTR, sig []byte, siglen *int) (int32, error) { ++ if siglen != nil && int(*siglen) > len(sig) { ++ panic("EVP_DigestSignFinal: *siglen exceeds len(sig)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DigestSignFinal(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(sig))), (*C.size_t)(unsafe.Pointer(siglen)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestSignFinal", uintptr(_err)) ++} ++ ++func EVP_DigestSignInit(ctx EVP_MD_CTX_PTR, pctx *EVP_PKEY_CTX_PTR, __type EVP_MD_PTR, e ENGINE_PTR, pkey EVP_PKEY_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DigestSignInit(ctx, pctx, __type, e, pkey, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestSignInit", uintptr(_err)) ++} ++ ++func EVP_DigestSqueeze_Available() bool { ++ return C._mkcgo_available_EVP_DigestSqueeze() != 0 ++} ++ ++func EVP_DigestSqueeze(ctx EVP_MD_CTX_PTR, out []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DigestSqueeze(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), C.size_t(len(out)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestSqueeze", uintptr(_err)) ++} ++ ++func EVP_DigestUpdate(ctx EVP_MD_CTX_PTR, d []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DigestUpdate(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(d))), C.size_t(len(d)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestUpdate", uintptr(_err)) ++} ++ ++func EVP_DigestVerify(ctx EVP_MD_CTX_PTR, sigret []byte, tbs []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DigestVerify(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(sigret))), C.size_t(len(sigret)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(tbs))), C.size_t(len(tbs)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestVerify", uintptr(_err)) ++} ++ ++func EVP_DigestVerifyFinal(ctx EVP_MD_CTX_PTR, sig []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DigestVerifyFinal(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(sig))), C.size_t(len(sig)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestVerifyFinal", uintptr(_err)) ++} ++ ++func EVP_DigestVerifyInit(ctx EVP_MD_CTX_PTR, pctx *EVP_PKEY_CTX_PTR, __type EVP_MD_PTR, e ENGINE_PTR, pkey EVP_PKEY_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_DigestVerifyInit(ctx, pctx, __type, e, pkey, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_DigestVerifyInit", uintptr(_err)) ++} ++ ++func EVP_EncryptFinal_ex(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32) (int32, error) { ++ if outl != nil && int(*outl) > len(out) { ++ panic("EVP_EncryptFinal_ex: *outl exceeds len(out)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_EncryptFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), (*C.int)(unsafe.Pointer(outl)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_EncryptFinal_ex", uintptr(_err)) ++} ++ ++func EVP_EncryptInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_EncryptInit_ex(ctx, __type, impl, (*C.uchar)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(iv)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_EncryptInit_ex", uintptr(_err)) ++} ++ ++func EVP_EncryptUpdate(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32, in []byte) (int32, error) { ++ if outl != nil && int(*outl) > len(out) { ++ panic("EVP_EncryptUpdate: *outl exceeds len(out)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_EncryptUpdate(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), (*C.int)(unsafe.Pointer(outl)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(in))), C.int(len(in)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_EncryptUpdate", uintptr(_err)) ++} ++ ++func EVP_KDF_CTX_free(ctx EVP_KDF_CTX_PTR) { ++ C._mkcgo_EVP_KDF_CTX_free(ctx) ++} ++ ++func EVP_KDF_CTX_get_kdf_size(ctx EVP_KDF_CTX_PTR) (int, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_KDF_CTX_get_kdf_size(ctx, mkcgoNoEscape(&_err)) ++ return int(_ret), newMkcgoErr("EVP_KDF_CTX_get_kdf_size", uintptr(_err)) ++} ++ ++func EVP_KDF_CTX_new(kdf EVP_KDF_PTR) (EVP_KDF_CTX_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_KDF_CTX_new(kdf, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_KDF_CTX_new", uintptr(_err)) ++} ++ ++func EVP_KDF_CTX_set_params(ctx EVP_KDF_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_KDF_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_KDF_CTX_set_params", uintptr(_err)) ++} ++ ++func EVP_KDF_derive(ctx EVP_KDF_CTX_PTR, key []byte, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_KDF_derive(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_KDF_derive", uintptr(_err)) ++} ++ ++func EVP_KDF_fetch(libctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_KDF_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_KDF_fetch(libctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_KDF_fetch", uintptr(_err)) ++} ++ ++func EVP_KDF_free(kdf EVP_KDF_PTR) { ++ C._mkcgo_EVP_KDF_free(kdf) ++} ++ ++func EVP_KEYMGMT_fetch_Available() bool { ++ return C._mkcgo_available_EVP_KEYMGMT_fetch() != 0 ++} ++ ++func EVP_KEYMGMT_fetch(libctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_KEYMGMT_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_KEYMGMT_fetch(libctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_KEYMGMT_fetch", uintptr(_err)) ++} ++ ++func EVP_KEYMGMT_free(keymgmt EVP_KEYMGMT_PTR) { ++ C._mkcgo_EVP_KEYMGMT_free(keymgmt) ++} ++ ++func EVP_MAC_CTX_dup(arg0 EVP_MAC_CTX_PTR) (EVP_MAC_CTX_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MAC_CTX_dup(arg0, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_MAC_CTX_dup", uintptr(_err)) ++} ++ ++func EVP_MAC_CTX_free(arg0 EVP_MAC_CTX_PTR) { ++ C._mkcgo_EVP_MAC_CTX_free(arg0) ++} ++ ++func EVP_MAC_CTX_new(arg0 EVP_MAC_PTR) (EVP_MAC_CTX_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MAC_CTX_new(arg0, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_MAC_CTX_new", uintptr(_err)) ++} ++ ++func EVP_MAC_CTX_set_params(ctx EVP_MAC_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MAC_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MAC_CTX_set_params", uintptr(_err)) ++} ++ ++func EVP_MAC_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_MAC_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MAC_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_MAC_fetch", uintptr(_err)) ++} ++ ++func EVP_MAC_final(ctx EVP_MAC_CTX_PTR, out []byte, outl *int) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MAC_final(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), (*C.size_t)(unsafe.Pointer(outl)), C.size_t(len(out)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MAC_final", uintptr(_err)) ++} ++ ++func EVP_MAC_init(ctx EVP_MAC_CTX_PTR, key []byte, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MAC_init(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MAC_init", uintptr(_err)) ++} ++ ++func EVP_MAC_update(ctx EVP_MAC_CTX_PTR, data []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MAC_update(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(data))), C.size_t(len(data)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MAC_update", uintptr(_err)) ++} ++ ++func EVP_MD_CTX_copy_ex(out EVP_MD_CTX_PTR, in EVP_MD_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MD_CTX_copy_ex(out, in, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MD_CTX_copy_ex", uintptr(_err)) ++} ++ ++func EVP_MD_CTX_ctrl(ctx EVP_MD_CTX_PTR, cmd int32, p1 int32, p2 unsafe.Pointer) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MD_CTX_ctrl(ctx, C.int(cmd), C.int(p1), p2, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MD_CTX_ctrl", uintptr(_err)) ++} ++ ++func EVP_MD_CTX_free(ctx EVP_MD_CTX_PTR) { ++ C._mkcgo_EVP_MD_CTX_free(ctx) ++} ++ ++func EVP_MD_CTX_get_params(ctx EVP_MD_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MD_CTX_get_params(ctx, params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MD_CTX_get_params", uintptr(_err)) ++} ++ ++func EVP_MD_CTX_gettable_params(ctx EVP_MD_CTX_PTR) (OSSL_PARAM_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MD_CTX_gettable_params(ctx, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_MD_CTX_gettable_params", uintptr(_err)) ++} ++ ++func EVP_MD_CTX_new() (EVP_MD_CTX_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MD_CTX_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_MD_CTX_new", uintptr(_err)) ++} ++ ++func EVP_MD_CTX_set_params(ctx EVP_MD_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MD_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_MD_CTX_set_params", uintptr(_err)) ++} ++ ++func EVP_MD_CTX_settable_params(ctx EVP_MD_CTX_PTR) (OSSL_PARAM_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MD_CTX_settable_params(ctx, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_MD_CTX_settable_params", uintptr(_err)) ++} ++ ++func EVP_MD_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_MD_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_MD_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_MD_fetch", uintptr(_err)) ++} ++ ++func EVP_MD_free(md EVP_MD_PTR) { ++ C._mkcgo_EVP_MD_free(md) ++} ++ ++func EVP_MD_get0_name(md EVP_MD_PTR) *byte { ++ return (*byte)(unsafe.Pointer(C._mkcgo_EVP_MD_get0_name(md))) ++} ++ ++func EVP_MD_get0_provider(md EVP_MD_PTR) OSSL_PROVIDER_PTR { ++ return C._mkcgo_EVP_MD_get0_provider(md) ++} ++ ++func EVP_MD_get_block_size(md EVP_MD_PTR) int32 { ++ return int32(C._mkcgo_EVP_MD_get_block_size(md)) ++} ++ ++func EVP_MD_get_size(md EVP_MD_PTR) int32 { ++ return int32(C._mkcgo_EVP_MD_get_size(md)) ++} ++ ++func EVP_MD_get_type(md EVP_MD_PTR) int32 { ++ return int32(C._mkcgo_EVP_MD_get_type(md)) ++} ++ ++func EVP_PKEY_CTX_add1_hkdf_info(arg0 EVP_PKEY_CTX_PTR, arg1 []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_CTX_add1_hkdf_info(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), C.int(len(arg1)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_add1_hkdf_info", uintptr(_err)) ++} ++ ++func EVP_PKEY_CTX_ctrl(ctx EVP_PKEY_CTX_PTR, keytype int32, optype int32, cmd int32, p1 int32, p2 unsafe.Pointer) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_CTX_ctrl(ctx, C.int(keytype), C.int(optype), C.int(cmd), C.int(p1), p2, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_ctrl", uintptr(_err)) ++} ++ ++func EVP_PKEY_CTX_free(arg0 EVP_PKEY_CTX_PTR) { ++ C._mkcgo_EVP_PKEY_CTX_free(arg0) ++} ++ ++func EVP_PKEY_CTX_new(arg0 EVP_PKEY_PTR, arg1 ENGINE_PTR) (EVP_PKEY_CTX_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_CTX_new(arg0, arg1, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_CTX_new", uintptr(_err)) ++} ++ ++func EVP_PKEY_CTX_new_from_pkey(libctx OSSL_LIB_CTX_PTR, pkey EVP_PKEY_PTR, propquery *byte) (EVP_PKEY_CTX_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_CTX_new_from_pkey(libctx, pkey, (*C.char)(unsafe.Pointer(propquery)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_CTX_new_from_pkey", uintptr(_err)) ++} ++ ++func EVP_PKEY_CTX_new_id(id int32, e ENGINE_PTR) (EVP_PKEY_CTX_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_CTX_new_id(C.int(id), e, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_CTX_new_id", uintptr(_err)) ++} ++ ++func EVP_PKEY_CTX_set0_rsa_oaep_label(ctx EVP_PKEY_CTX_PTR, label []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(label))), C.int(len(label)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set0_rsa_oaep_label", uintptr(_err)) ++} ++ ++func EVP_PKEY_CTX_set1_hkdf_key(arg0 EVP_PKEY_CTX_PTR, arg1 []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_CTX_set1_hkdf_key(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), C.int(len(arg1)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set1_hkdf_key", uintptr(_err)) ++} ++ ++func EVP_PKEY_CTX_set1_hkdf_salt(arg0 EVP_PKEY_CTX_PTR, arg1 []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_CTX_set1_hkdf_salt(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), C.int(len(arg1)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set1_hkdf_salt", uintptr(_err)) ++} ++ ++func EVP_PKEY_CTX_set_hkdf_md(arg0 EVP_PKEY_CTX_PTR, arg1 EVP_MD_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_CTX_set_hkdf_md(arg0, arg1, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set_hkdf_md", uintptr(_err)) ++} ++ ++func EVP_PKEY_CTX_set_hkdf_mode(arg0 EVP_PKEY_CTX_PTR, arg1 int32) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_CTX_set_hkdf_mode(arg0, C.int(arg1), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set_hkdf_mode", uintptr(_err)) ++} ++ ++func EVP_PKEY_CTX_set_params(ctx EVP_PKEY_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_CTX_set_params(ctx, params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_CTX_set_params", uintptr(_err)) ++} ++ ++func EVP_PKEY_Q_keygen_EC(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 *byte) (EVP_PKEY_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_Q_keygen_EC(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), (*C.char)(unsafe.Pointer(arg1)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_EC", uintptr(_err)) ++} ++ ++func EVP_PKEY_Q_keygen_ED25519(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_Q_keygen_ED25519(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_ED25519", uintptr(_err)) ++} ++ ++func EVP_PKEY_Q_keygen_MLDSA(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_Q_keygen_MLDSA(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_MLDSA", uintptr(_err)) ++} ++ ++func EVP_PKEY_Q_keygen_MLKEM(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_Q_keygen_MLKEM(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_MLKEM", uintptr(_err)) ++} ++ ++func EVP_PKEY_Q_keygen_RSA(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 int) (EVP_PKEY_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_Q_keygen_RSA(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), C.size_t(arg1), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_RSA", uintptr(_err)) ++} ++ ++func EVP_PKEY_Q_keygen_X25519(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_Q_keygen_X25519(ctx, (*C.char)(unsafe.Pointer(propq)), (*C.char)(unsafe.Pointer(__type)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_Q_keygen_X25519", uintptr(_err)) ++} ++ ++func EVP_PKEY_assign(pkey EVP_PKEY_PTR, __type int32, key unsafe.Pointer) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_assign(pkey, C.int(__type), key, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_assign", uintptr(_err)) ++} ++ ++func EVP_PKEY_decapsulate(ctx EVP_PKEY_CTX_PTR, genkey *byte, genkeylen *int, wrappedkey *byte, wrappedkeylen int) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_decapsulate(ctx, (*C.uchar)(unsafe.Pointer(genkey)), (*C.size_t)(unsafe.Pointer(genkeylen)), (*C.uchar)(unsafe.Pointer(wrappedkey)), C.size_t(wrappedkeylen), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_decapsulate", uintptr(_err)) ++} ++ ++func EVP_PKEY_decapsulate_init(ctx EVP_PKEY_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_decapsulate_init(ctx, params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_decapsulate_init", uintptr(_err)) ++} ++ ++func EVP_PKEY_decrypt(arg0 EVP_PKEY_CTX_PTR, arg1 []byte, arg2 *int, arg3 []byte) (int32, error) { ++ if arg2 != nil && int(*arg2) > len(arg1) { ++ panic("EVP_PKEY_decrypt: *arg2 exceeds len(arg1)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_decrypt(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg3))), C.size_t(len(arg3)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_decrypt", uintptr(_err)) ++} ++ ++func EVP_PKEY_decrypt_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_decrypt_init(arg0, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_decrypt_init", uintptr(_err)) ++} ++ ++func EVP_PKEY_derive(ctx EVP_PKEY_CTX_PTR, key []byte, keylen *int) (int32, error) { ++ if keylen != nil && int(*keylen) > len(key) { ++ panic("EVP_PKEY_derive: *keylen exceeds len(key)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_derive(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), (*C.size_t)(unsafe.Pointer(keylen)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_derive", uintptr(_err)) ++} ++ ++func EVP_PKEY_derive_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_derive_init(ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_derive_init", uintptr(_err)) ++} ++ ++func EVP_PKEY_derive_set_peer(ctx EVP_PKEY_CTX_PTR, peer EVP_PKEY_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_derive_set_peer(ctx, peer, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_derive_set_peer", uintptr(_err)) ++} ++ ++func EVP_PKEY_encapsulate(ctx EVP_PKEY_CTX_PTR, wrappedkey *byte, wrappedkeylen *int, genkey *byte, genkeylen *int) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_encapsulate(ctx, (*C.uchar)(unsafe.Pointer(wrappedkey)), (*C.size_t)(unsafe.Pointer(wrappedkeylen)), (*C.uchar)(unsafe.Pointer(genkey)), (*C.size_t)(unsafe.Pointer(genkeylen)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_encapsulate", uintptr(_err)) ++} ++ ++func EVP_PKEY_encapsulate_init(ctx EVP_PKEY_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_encapsulate_init(ctx, params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_encapsulate_init", uintptr(_err)) ++} ++ ++func EVP_PKEY_encrypt(arg0 EVP_PKEY_CTX_PTR, arg1 []byte, arg2 *int, arg3 []byte) (int32, error) { ++ if arg2 != nil && int(*arg2) > len(arg1) { ++ panic("EVP_PKEY_encrypt: *arg2 exceeds len(arg1)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_encrypt(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg3))), C.size_t(len(arg3)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_encrypt", uintptr(_err)) ++} ++ ++func EVP_PKEY_encrypt_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_encrypt_init(arg0, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_encrypt_init", uintptr(_err)) ++} ++ ++func EVP_PKEY_free(arg0 EVP_PKEY_PTR) { ++ C._mkcgo_EVP_PKEY_free(arg0) ++} ++ ++func EVP_PKEY_fromdata(ctx EVP_PKEY_CTX_PTR, pkey *EVP_PKEY_PTR, selection int32, params OSSL_PARAM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_fromdata(ctx, pkey, C.int(selection), params, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_fromdata", uintptr(_err)) ++} ++ ++func EVP_PKEY_fromdata_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_fromdata_init(ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_fromdata_init", uintptr(_err)) ++} ++ ++func EVP_PKEY_get0_DSA(pkey EVP_PKEY_PTR) (DSA_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_get0_DSA(pkey, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_get0_DSA", uintptr(_err)) ++} ++ ++func EVP_PKEY_get0_EC_KEY(pkey EVP_PKEY_PTR) (EC_KEY_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_get0_EC_KEY(pkey, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_get0_EC_KEY", uintptr(_err)) ++} ++ ++func EVP_PKEY_get1_RSA(pkey EVP_PKEY_PTR) (RSA_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_get1_RSA(pkey, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_get1_RSA", uintptr(_err)) ++} ++ ++func EVP_PKEY_get1_encoded_public_key(pkey EVP_PKEY_PTR, ppub **byte) (int, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_get1_encoded_public_key(pkey, (**C.uchar)(unsafe.Pointer(ppub)), mkcgoNoEscape(&_err)) ++ return int(_ret), newMkcgoErr("EVP_PKEY_get1_encoded_public_key", uintptr(_err)) ++} ++ ++func EVP_PKEY_get_bits(pkey EVP_PKEY_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_get_bits(pkey, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_get_bits", uintptr(_err)) ++} ++ ++func EVP_PKEY_get_bn_param(pkey EVP_PKEY_PTR, key_name *byte, bn *BIGNUM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_get_bn_param(pkey, (*C.char)(unsafe.Pointer(key_name)), bn, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_get_bn_param", uintptr(_err)) ++} ++ ++func EVP_PKEY_get_octet_string_param(pkey EVP_PKEY_PTR, key_name *byte, buf []byte, out_len *int) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_get_octet_string_param(pkey, (*C.char)(unsafe.Pointer(key_name)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(buf))), C.size_t(len(buf)), (*C.size_t)(unsafe.Pointer(out_len)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_get_octet_string_param", uintptr(_err)) ++} ++ ++func EVP_PKEY_get_raw_private_key(pkey EVP_PKEY_PTR, priv []byte, privlen *int) (int32, error) { ++ if privlen != nil && int(*privlen) > len(priv) { ++ panic("EVP_PKEY_get_raw_private_key: *privlen exceeds len(priv)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_get_raw_private_key(pkey, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(priv))), (*C.size_t)(unsafe.Pointer(privlen)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_get_raw_private_key", uintptr(_err)) ++} ++ ++func EVP_PKEY_get_raw_public_key(pkey EVP_PKEY_PTR, pub []byte, publen *int) (int32, error) { ++ if publen != nil && int(*publen) > len(pub) { ++ panic("EVP_PKEY_get_raw_public_key: *publen exceeds len(pub)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_get_raw_public_key(pkey, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(pub))), (*C.size_t)(unsafe.Pointer(publen)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_get_raw_public_key", uintptr(_err)) ++} ++ ++func EVP_PKEY_get_size(pkey EVP_PKEY_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_get_size(pkey, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_get_size", uintptr(_err)) ++} ++ ++func EVP_PKEY_keygen(ctx EVP_PKEY_CTX_PTR, ppkey *EVP_PKEY_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_keygen(ctx, ppkey, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_keygen", uintptr(_err)) ++} ++ ++func EVP_PKEY_keygen_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_keygen_init(ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_keygen_init", uintptr(_err)) ++} ++ ++func EVP_PKEY_new() (EVP_PKEY_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_new", uintptr(_err)) ++} ++ ++func EVP_PKEY_new_raw_private_key(__type int32, e ENGINE_PTR, key []byte) (EVP_PKEY_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_new_raw_private_key(C.int(__type), e, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_new_raw_private_key", uintptr(_err)) ++} ++ ++func EVP_PKEY_new_raw_public_key(__type int32, e ENGINE_PTR, key []byte) (EVP_PKEY_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_new_raw_public_key(C.int(__type), e, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_PKEY_new_raw_public_key", uintptr(_err)) ++} ++ ++func EVP_PKEY_paramgen(ctx EVP_PKEY_CTX_PTR, ppkey *EVP_PKEY_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_paramgen(ctx, ppkey, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_paramgen", uintptr(_err)) ++} ++ ++func EVP_PKEY_paramgen_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_paramgen_init(ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_paramgen_init", uintptr(_err)) ++} ++ ++func EVP_PKEY_private_check(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_private_check(ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_private_check", uintptr(_err)) ++} ++ ++func EVP_PKEY_public_check_quick(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_public_check_quick(ctx, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_public_check_quick", uintptr(_err)) ++} ++ ++func EVP_PKEY_set1_EC_KEY(pkey EVP_PKEY_PTR, key EC_KEY_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_set1_EC_KEY(pkey, key, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_set1_EC_KEY", uintptr(_err)) ++} ++ ++func EVP_PKEY_set1_encoded_public_key(pkey EVP_PKEY_PTR, pub []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_set1_encoded_public_key(pkey, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(pub))), C.size_t(len(pub)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_set1_encoded_public_key", uintptr(_err)) ++} ++ ++func EVP_PKEY_sign(arg0 EVP_PKEY_CTX_PTR, arg1 []byte, arg2 *int, arg3 []byte) (int32, error) { ++ if arg2 != nil && int(*arg2) > len(arg1) { ++ panic("EVP_PKEY_sign: *arg2 exceeds len(arg1)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_sign(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), (*C.size_t)(unsafe.Pointer(arg2)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg3))), C.size_t(len(arg3)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_sign", uintptr(_err)) ++} ++ ++func EVP_PKEY_sign_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_sign_init(arg0, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_sign_init", uintptr(_err)) ++} ++ ++func EVP_PKEY_up_ref(key EVP_PKEY_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_up_ref(key, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_up_ref", uintptr(_err)) ++} ++ ++func EVP_PKEY_verify(ctx EVP_PKEY_CTX_PTR, sig []byte, tbs []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_verify(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(sig))), C.size_t(len(sig)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(tbs))), C.size_t(len(tbs)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_verify", uintptr(_err)) ++} ++ ++func EVP_PKEY_verify_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_PKEY_verify_init(arg0, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_PKEY_verify_init", uintptr(_err)) ++} ++ ++func EVP_SIGNATURE_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_SIGNATURE_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_SIGNATURE_fetch(ctx, (*C.char)(unsafe.Pointer(algorithm)), (*C.char)(unsafe.Pointer(properties)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("EVP_SIGNATURE_fetch", uintptr(_err)) ++} ++ ++func EVP_SIGNATURE_free(signature EVP_SIGNATURE_PTR) { ++ C._mkcgo_EVP_SIGNATURE_free(signature) ++} ++ ++func EVP_aes_128_cbc() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_128_cbc() ++} ++ ++func EVP_aes_128_ctr() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_128_ctr() ++} ++ ++func EVP_aes_128_ecb() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_128_ecb() ++} ++ ++func EVP_aes_128_gcm() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_128_gcm() ++} ++ ++func EVP_aes_192_cbc() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_192_cbc() ++} ++ ++func EVP_aes_192_ctr() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_192_ctr() ++} ++ ++func EVP_aes_192_ecb() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_192_ecb() ++} ++ ++func EVP_aes_192_gcm() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_192_gcm() ++} ++ ++func EVP_aes_256_cbc() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_256_cbc() ++} ++ ++func EVP_aes_256_ctr() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_256_ctr() ++} ++ ++func EVP_aes_256_ecb() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_256_ecb() ++} ++ ++func EVP_aes_256_gcm() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_aes_256_gcm() ++} ++ ++func EVP_chacha20_poly1305_Available() bool { ++ return C._mkcgo_available_EVP_chacha20_poly1305() != 0 ++} ++ ++func EVP_chacha20_poly1305() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_chacha20_poly1305() ++} ++ ++func EVP_default_properties_enable_fips(libctx OSSL_LIB_CTX_PTR, enable int32) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_EVP_default_properties_enable_fips(libctx, C.int(enable), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("EVP_default_properties_enable_fips", uintptr(_err)) ++} ++ ++func EVP_default_properties_is_fips_enabled(libctx OSSL_LIB_CTX_PTR) int32 { ++ return int32(C._mkcgo_EVP_default_properties_is_fips_enabled(libctx)) ++} ++ ++func EVP_des_cbc() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_des_cbc() ++} ++ ++func EVP_des_ecb() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_des_ecb() ++} ++ ++func EVP_des_ede3_cbc() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_des_ede3_cbc() ++} ++ ++func EVP_des_ede3_ecb() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_des_ede3_ecb() ++} ++ ++func EVP_md4() EVP_MD_PTR { ++ return C._mkcgo_EVP_md4() ++} ++ ++func EVP_md5() EVP_MD_PTR { ++ return C._mkcgo_EVP_md5() ++} ++ ++func EVP_md5_sha1() EVP_MD_PTR { ++ return C._mkcgo_EVP_md5_sha1() ++} ++ ++func EVP_rc4() EVP_CIPHER_PTR { ++ return C._mkcgo_EVP_rc4() ++} ++ ++func EVP_ripemd160() EVP_MD_PTR { ++ return C._mkcgo_EVP_ripemd160() ++} ++ ++func EVP_sha1() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha1() ++} ++ ++func EVP_sha224() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha224() ++} ++ ++func EVP_sha256() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha256() ++} ++ ++func EVP_sha384() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha384() ++} ++ ++func EVP_sha3_224() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha3_224() ++} ++ ++func EVP_sha3_256() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha3_256() ++} ++ ++func EVP_sha3_384() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha3_384() ++} ++ ++func EVP_sha3_512() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha3_512() ++} ++ ++func EVP_sha512() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha512() ++} ++ ++func EVP_sha512_224() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha512_224() ++} ++ ++func EVP_sha512_256() EVP_MD_PTR { ++ return C._mkcgo_EVP_sha512_256() ++} ++ ++func FIPS_mode() int32 { ++ return int32(C._mkcgo_FIPS_mode()) ++} ++ ++func FIPS_mode_set(r int32) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_FIPS_mode_set(C.int(r), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("FIPS_mode_set", uintptr(_err)) ++} ++ ++func HMAC_CTX_copy(dest HMAC_CTX_PTR, src HMAC_CTX_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_HMAC_CTX_copy(dest, src, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("HMAC_CTX_copy", uintptr(_err)) ++} ++ ++func HMAC_CTX_free(arg0 HMAC_CTX_PTR) { ++ C._mkcgo_HMAC_CTX_free(arg0) ++} ++ ++func HMAC_CTX_new() (HMAC_CTX_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_HMAC_CTX_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("HMAC_CTX_new", uintptr(_err)) ++} ++ ++func HMAC_Final(arg0 HMAC_CTX_PTR, arg1 []byte, arg2 *uint32) (int32, error) { ++ if arg2 != nil && int(*arg2) > len(arg1) { ++ panic("HMAC_Final: *arg2 exceeds len(arg1)") ++ } ++ var _err C.uintptr_t ++ _ret := C._mkcgo_HMAC_Final(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), (*C.uint)(unsafe.Pointer(arg2)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("HMAC_Final", uintptr(_err)) ++} ++ ++func HMAC_Init_ex(arg0 HMAC_CTX_PTR, arg1 []byte, arg3 EVP_MD_PTR, arg4 ENGINE_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_HMAC_Init_ex(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), C.int(len(arg1)), arg3, arg4, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("HMAC_Init_ex", uintptr(_err)) ++} ++ ++func HMAC_Update(arg0 HMAC_CTX_PTR, arg1 []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_HMAC_Update(arg0, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(arg1))), C.size_t(len(arg1)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("HMAC_Update", uintptr(_err)) ++} ++ ++func OBJ_nid2sn(n int32) *byte { ++ return (*byte)(unsafe.Pointer(C._mkcgo_OBJ_nid2sn(C.int(n)))) ++} ++ ++func OPENSSL_init() { ++ C._mkcgo_OPENSSL_init() ++} ++ ++func OPENSSL_init_crypto(ops uint64, settings OPENSSL_INIT_SETTINGS_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_OPENSSL_init_crypto(C.uint64_t(ops), settings, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("OPENSSL_init_crypto", uintptr(_err)) ++} ++ ++func OPENSSL_version_major_Available() bool { ++ return C._mkcgo_available_OPENSSL_version_major() != 0 ++} ++ ++func OPENSSL_version_major() uint32 { ++ return uint32(C._mkcgo_OPENSSL_version_major()) ++} ++ ++func OPENSSL_version_minor_Available() bool { ++ return C._mkcgo_available_OPENSSL_version_minor() != 0 ++} ++ ++func OPENSSL_version_minor() uint32 { ++ return uint32(C._mkcgo_OPENSSL_version_minor()) ++} ++ ++func OPENSSL_version_patch_Available() bool { ++ return C._mkcgo_available_OPENSSL_version_patch() != 0 ++} ++ ++func OPENSSL_version_patch() uint32 { ++ return uint32(C._mkcgo_OPENSSL_version_patch()) ++} ++ ++func OSSL_PARAM_BLD_free(bld OSSL_PARAM_BLD_PTR) { ++ C._mkcgo_OSSL_PARAM_BLD_free(bld) ++} ++ ++func OSSL_PARAM_BLD_new() OSSL_PARAM_BLD_PTR { ++ return C._mkcgo_OSSL_PARAM_BLD_new() ++} ++ ++func OSSL_PARAM_BLD_push_BN(bld OSSL_PARAM_BLD_PTR, key *byte, bn BIGNUM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_OSSL_PARAM_BLD_push_BN(bld, (*C.char)(unsafe.Pointer(key)), bn, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_BN", uintptr(_err)) ++} ++ ++func OSSL_PARAM_BLD_push_int32(bld OSSL_PARAM_BLD_PTR, key *byte, num int32) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_OSSL_PARAM_BLD_push_int32(bld, (*C.char)(unsafe.Pointer(key)), C.int32_t(num), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_int32", uintptr(_err)) ++} ++ ++func OSSL_PARAM_BLD_push_octet_string(bld OSSL_PARAM_BLD_PTR, key *byte, buf []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_OSSL_PARAM_BLD_push_octet_string(bld, (*C.char)(unsafe.Pointer(key)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(buf))), C.size_t(len(buf)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_octet_string", uintptr(_err)) ++} ++ ++func OSSL_PARAM_BLD_push_utf8_string(bld OSSL_PARAM_BLD_PTR, key *byte, buf []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_OSSL_PARAM_BLD_push_utf8_string(bld, (*C.char)(unsafe.Pointer(key)), (*C.char)(unsafe.Pointer(unsafe.SliceData(buf))), C.size_t(len(buf)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("OSSL_PARAM_BLD_push_utf8_string", uintptr(_err)) ++} ++ ++func OSSL_PARAM_BLD_to_param(bld OSSL_PARAM_BLD_PTR) (OSSL_PARAM_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_OSSL_PARAM_BLD_to_param(bld, mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("OSSL_PARAM_BLD_to_param", uintptr(_err)) ++} ++ ++func OSSL_PARAM_free(p OSSL_PARAM_PTR) { ++ C._mkcgo_OSSL_PARAM_free(p) ++} ++ ++func OSSL_PARAM_locate_const(p OSSL_PARAM_PTR, key *byte) (OSSL_PARAM_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_OSSL_PARAM_locate_const(p, (*C.char)(unsafe.Pointer(key)), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("OSSL_PARAM_locate_const", uintptr(_err)) ++} ++ ++func OSSL_PROVIDER_available(libctx OSSL_LIB_CTX_PTR, name *byte) int32 { ++ return int32(C._mkcgo_OSSL_PROVIDER_available(libctx, (*C.char)(unsafe.Pointer(name)))) ++} ++ ++func OSSL_PROVIDER_get0_name(prov OSSL_PROVIDER_PTR) *byte { ++ return (*byte)(unsafe.Pointer(C._mkcgo_OSSL_PROVIDER_get0_name(prov))) ++} ++ ++func OSSL_PROVIDER_try_load(libctx OSSL_LIB_CTX_PTR, name *byte, retain_fallbacks int32) (OSSL_PROVIDER_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_OSSL_PROVIDER_try_load(libctx, (*C.char)(unsafe.Pointer(name)), C.int(retain_fallbacks), mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("OSSL_PROVIDER_try_load", uintptr(_err)) ++} ++ ++func OpenSSL_version(__type int32) *byte { ++ return (*byte)(unsafe.Pointer(C._mkcgo_OpenSSL_version(C.int(__type)))) ++} + -+//go:generate go run ../../cmd/mkcgo -out zcryptokit.go -package cryptokit --noerrors shims.h -+//go:generate go run ../../cmd/mkcgo -out zcryptokit.go -nocgo -package cryptokit --noerrors shims.h -+//go:generate go run ../../cmd/genswiftimports -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit_cgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit_cgo.go -new file mode 100644 -index 00000000000000..e134697ed96de7 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit_cgo.go -@@ -0,0 +1,10 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++func OpenSSL_version_num_Available() bool { ++ return C._mkcgo_available_OpenSSL_version_num() != 0 ++} + -+//go:build cgo && darwin ++func OpenSSL_version_num() uint64 { ++ return uint64(C._mkcgo_OpenSSL_version_num()) ++} + -+package cryptokit ++func PKCS5_PBKDF2_HMAC(pass []byte, salt []byte, iter int32, digest EVP_MD_PTR, out []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_PKCS5_PBKDF2_HMAC((*C.char)(unsafe.Pointer(unsafe.SliceData(pass))), C.int(len(pass)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(salt))), C.int(len(salt)), C.int(iter), digest, C.int(len(out)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(out))), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("PKCS5_PBKDF2_HMAC", uintptr(_err)) ++} + -+// #cgo CFLAGS: -Wno-deprecated-declarations -+// #cgo LDFLAGS: -framework Security -framework CoreFoundation -Wl,-undefined,dynamic_lookup -+import "C" -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/shims.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/shims.h ++func RAND_bytes(buf []byte) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_RAND_bytes((*C.uchar)(unsafe.Pointer(unsafe.SliceData(buf))), C.int(len(buf)), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("RAND_bytes", uintptr(_err)) ++} ++ ++func RAND_bytes_ex(ctx OSSL_LIB_CTX_PTR, buf []byte, strength uint32) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_RAND_bytes_ex(ctx, (*C.uchar)(unsafe.Pointer(unsafe.SliceData(buf))), C.size_t(len(buf)), C.uint(strength), mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("RAND_bytes_ex", uintptr(_err)) ++} ++ ++func RSA_free(arg0 RSA_PTR) { ++ C._mkcgo_RSA_free(arg0) ++} ++ ++func RSA_get0_crt_params(r RSA_PTR, dmp1 *BIGNUM_PTR, dmq1 *BIGNUM_PTR, iqmp *BIGNUM_PTR) { ++ C._mkcgo_RSA_get0_crt_params(r, dmp1, dmq1, iqmp) ++} ++ ++func RSA_get0_factors(rsa RSA_PTR, p *BIGNUM_PTR, q *BIGNUM_PTR) { ++ C._mkcgo_RSA_get0_factors(rsa, p, q) ++} ++ ++func RSA_get0_key(rsa RSA_PTR, n *BIGNUM_PTR, e *BIGNUM_PTR, d *BIGNUM_PTR) { ++ C._mkcgo_RSA_get0_key(rsa, n, e, d) ++} ++ ++func RSA_new() (RSA_PTR, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_RSA_new(mkcgoNoEscape(&_err)) ++ return _ret, newMkcgoErr("RSA_new", uintptr(_err)) ++} ++ ++func RSA_set0_crt_params(rsa RSA_PTR, dmp1 BIGNUM_PTR, dmp2 BIGNUM_PTR, iqmp BIGNUM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_RSA_set0_crt_params(rsa, dmp1, dmp2, iqmp, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("RSA_set0_crt_params", uintptr(_err)) ++} ++ ++func RSA_set0_factors(rsa RSA_PTR, p BIGNUM_PTR, q BIGNUM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_RSA_set0_factors(rsa, p, q, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("RSA_set0_factors", uintptr(_err)) ++} ++ ++func RSA_set0_key(r RSA_PTR, n BIGNUM_PTR, e BIGNUM_PTR, d BIGNUM_PTR) (int32, error) { ++ var _err C.uintptr_t ++ _ret := C._mkcgo_RSA_set0_key(r, n, e, d, mkcgoNoEscape(&_err)) ++ return int32(_ret), newMkcgoErr("RSA_set0_key", uintptr(_err)) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl_nocgo.go new file mode 100644 -index 00000000000000..dc98c702b3d50f +index 00000000000000..4323bdad14f62f --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/shims.h -@@ -0,0 +1,127 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/internal/ossl/zossl_nocgo.go +@@ -0,0 +1,2481 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+// This header declares the C API for the CryptoKit Swift bindings. -+// -+// It serves two purposes: -+// 1. The mkcgo tool parses it to generate cgo and Go bindings. -+// Run "go generate ." to regenerate them. -+// 2. Swift's @implementation @c validates that Swift function signatures -+// match these declarations at compile time (via cryptokit.h wrapper). -+// -+// Type conventions: -+// - Return types and length parameters use `long` (not int64_t) because -+// Swift imports `long` as `Int` and `int64_t` as `Int64`. The Swift -+// implementations use `Int`, so the header must use `long` to match. -+// On macOS (LP64), both are 64-bit. -+// - Buffer size parameters use `size_t` where the mkcgo `slice()` attribute -+// pairs them with a pointer for Go slice generation. -+// - Pointer nullability is declared via `#pragma clang assume_nonnull` -+// (guarded by __clang__) so Swift sees non-optional pointer types. -+// mkcgo parses this file as text and ignores the pragma. -+// - Custom __attribute__ annotations (noescape, nocallback, static, slice) -+// are mkcgo extensions. The cryptokit.h wrapper strips them for clang. -+// -+// Do not include this file directly; import "zcryptokit.h" instead. ++// Code generated by mkcgo. DO NOT EDIT. + -+// mkcgo:static_imports ++//go:build !cgo + -+#ifndef _GO_CRYPTOKIT_SHIMS_H // only include this header once -+#define _GO_CRYPTOKIT_SHIMS_H ++package ossl + -+#include -+#include ++import ( ++ "runtime" ++ "unsafe" ++) + -+// When compiled by clang (e.g. via Swift bridging header), assume all -+// pointers are nonnull. mkcgo parses this file as text, not via clang, -+// so the #ifdef ensures mkcgo never sees these pragmas. -+#ifdef __clang__ -+#pragma clang assume_nonnull begin -+#endif ++var _ = runtime.GOOS + -+// AES GCM encryption and decryption -+long go_encryptAESGCM(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, uint8_t *cipherText, size_t cipherTextLength, uint8_t *tag) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(cipherText, cipherTextLength), slice(tag))); -+long go_decryptAESGCM(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, const uint8_t *tag, size_t tagLength, uint8_t *out, size_t *outLength) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(tag, tagLength), slice(out))); ++var _mkcgoAlwaysFalseOssl bool ++var _mkcgoEscapeSinkOssl unsafe.Pointer + -+// ChaChaPoly encryption and decryption -+long go_encryptChaChaPoly(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, uint8_t *cipherText, size_t cipherTextLength, uint8_t *tag) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(cipherText, cipherTextLength), slice(tag))); -+long go_decryptChaChaPoly(const uint8_t *key, size_t keyLength, const uint8_t *data, size_t dataLength, const uint8_t *nonce, size_t nonceLength, const uint8_t *aad, size_t aadLength, const uint8_t *tag, size_t tagLength, uint8_t *out, size_t *outLength) __attribute__((noescape, nocallback, static, slice(key, keyLength), slice(data, dataLength), slice(nonce, nonceLength), slice(aad, aadLength), slice(tag, tagLength), slice(out))); ++// mkcgoEscapePtrOssl forces p to escape to the heap. ++// This implementation is also used in the standard library: ++// https://github.com/golang/go/blob/f71432d223eeb2139b460957817400750fd13655/src/internal/abi/escape.go#L24-L33 ++func mkcgoEscapePtrOssl(p unsafe.Pointer) unsafe.Pointer { ++ if _mkcgoAlwaysFalseOssl { ++ _mkcgoEscapeSinkOssl = p ++ } ++ return p ++} + -+// Generates an Ed25519 keypair. -+// The private key is 64 bytes (first 32 bytes are the seed, next 32 bytes are the public key). The public key is 32 bytes. -+void go_generateKeyEd25519(uint8_t *key) __attribute__((noescape, nocallback, static, slice(key))); -+long go_newPrivateKeyEd25519FromSeed(uint8_t *key, const uint8_t *seed) __attribute__((noescape, nocallback, static, slice(key), slice(seed))); -+long go_newPublicKeyEd25519(uint8_t *key, const uint8_t *pub) __attribute__((noescape, nocallback, static, slice(key), slice(pub))); -+long go_signEd25519(const uint8_t *privateKey, const uint8_t *message, size_t messageLength, uint8_t *sigBuffer) __attribute__((noescape, nocallback, static, slice(privateKey), slice(message, messageLength), slice(sigBuffer))); -+long go_verifyEd25519(const uint8_t *publicKey, const uint8_t *message, size_t messageLength, const uint8_t *sig) __attribute__((noescape, nocallback, static, slice(publicKey), slice(message, messageLength), slice(sig))); ++type OPENSSL_INIT_SETTINGS_PTR unsafe.Pointer ++type OSSL_LIB_CTX_PTR unsafe.Pointer ++type OSSL_PROVIDER_PTR unsafe.Pointer ++type ENGINE_PTR unsafe.Pointer ++type EVP_PKEY_PTR unsafe.Pointer ++type EVP_PKEY_CTX_PTR unsafe.Pointer ++type EVP_MD_PTR unsafe.Pointer ++type EVP_MD_CTX_PTR unsafe.Pointer ++type HMAC_CTX_PTR unsafe.Pointer ++type EVP_CIPHER_PTR unsafe.Pointer ++type EVP_CIPHER_CTX_PTR unsafe.Pointer ++type EC_KEY_PTR unsafe.Pointer ++type EC_POINT_PTR unsafe.Pointer ++type EC_GROUP_PTR unsafe.Pointer ++type RSA_PTR unsafe.Pointer ++type BIGNUM_PTR unsafe.Pointer ++type BN_CTX_PTR unsafe.Pointer ++type EVP_MAC_PTR unsafe.Pointer ++type EVP_MAC_CTX_PTR unsafe.Pointer ++type OSSL_PARAM_BLD_PTR unsafe.Pointer ++type OSSL_PARAM_PTR unsafe.Pointer ++type EVP_SIGNATURE_PTR unsafe.Pointer ++type EVP_KEYMGMT_PTR unsafe.Pointer ++type DSA_PTR unsafe.Pointer ++type EVP_KDF_PTR unsafe.Pointer ++type EVP_KDF_CTX_PTR unsafe.Pointer ++type BIO_METHOD_PTR unsafe.Pointer ++type BIO_PTR unsafe.Pointer ++type Point_conversion_form_t = int32 + -+// HKDF key derivation -+long go_extractHKDF(int32_t hashFunction, const uint8_t *secret, size_t secretLength, const uint8_t *salt, size_t saltLength, uint8_t *prk, size_t prkLength) __attribute__((noescape, nocallback, static, slice(secret, secretLength), slice(salt, saltLength), slice(prk, prkLength))); -+long go_expandHKDF(int32_t hashFunction, const uint8_t *prk, size_t prkLength, const uint8_t *info, size_t infoLength, uint8_t *okm, size_t okmLength) __attribute__((noescape, nocallback, static, slice(prk, prkLength), slice(info, infoLength), slice(okm, okmLength))); ++var _mkcgo_BIO_ctrl uintptr + -+void *go_initHMAC(int32_t hashFunction, const uint8_t *key, long keyLength) __attribute__((noescape, nocallback, static, slice(key, keyLength))); -+void go_freeHMAC(int32_t hashFunction, void *ptr) __attribute__((noescape, nocallback, static)); -+void go_updateHMAC(int32_t hashFunction, void *ptr, const uint8_t *data, long length) __attribute__((noescape, nocallback, static, slice(data, length))); -+void go_finalizeHMAC(int32_t hashFunction, void *ptr, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(outputPointer))); -+void *go_copyHMAC(int32_t hashAlgorithm, void *ptr) __attribute__((noescape, nocallback, static)); ++func BIO_ctrl(bp BIO_PTR, cmd int32, larg int64, parg unsafe.Pointer) int64 { ++ r0, _ := syscallN(0, _mkcgo_BIO_ctrl, uintptr(bp), uintptr(cmd), uintptr(larg), uintptr(parg)) ++ return int64(r0) ++} + -+void go_MD5(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); -+void go_SHA1(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); -+void go_SHA256(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); -+void go_SHA384(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); -+void go_SHA512(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); -+long go_supportsSHA3() __attribute__((noescape, nocallback, static)); -+void go_SHA3_256(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); -+void go_SHA3_384(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); -+void go_SHA3_512(const uint8_t *inputPointer, size_t inputLength, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(inputPointer, inputLength), slice(outputPointer))); ++var _mkcgo_BIO_free uintptr + -+void *go_hashNew(int32_t hashAlgorithm) __attribute__((noescape, nocallback, static)); -+void go_hashWrite(int32_t hashAlgorithm, void *ptr, const uint8_t *data, long length) __attribute__((noescape, nocallback, static, slice(data, length))); -+void go_hashSum(int32_t hashAlgorithm, void *ptr, uint8_t *outputPointer) __attribute__((noescape, nocallback, static, slice(outputPointer))); -+void go_hashReset(int32_t hashAlgorithm, void *ptr) __attribute__((noescape, nocallback, static)); -+long go_hashSize(int32_t hashAlgorithm) __attribute__((noescape, nocallback, static)); -+long go_hashBlockSize(int32_t hashAlgorithm) __attribute__((noescape, nocallback, static)); -+void *go_hashCopy(int32_t hashAlgorithm, void *ptr) __attribute__((noescape, nocallback, static)); -+void go_hashFree(int32_t hashAlgorithm, void *ptr) __attribute__((noescape, nocallback, static)); ++func BIO_free(a BIO_PTR) int32 { ++ r0, _ := syscallN(0, _mkcgo_BIO_free, uintptr(a)) ++ return int32(r0) ++} + -+// ML-KEM (Post-quantum key encapsulation mechanism) -+long go_supportsMLKEM() __attribute__((noescape, nocallback, static)); -+long go_generateKeyMLKEM768(uint8_t *seed, long seedLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen))); -+long go_generateKeyMLKEM1024(uint8_t *seed, long seedLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen))); -+long go_deriveEncapsulationKeyMLKEM768(const uint8_t *seed, long seedLen, uint8_t *encapKey, long encapKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(encapKey, encapKeyLen))); -+long go_deriveEncapsulationKeyMLKEM1024(const uint8_t *seed, long seedLen, uint8_t *encapKey, long encapKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(encapKey, encapKeyLen))); -+long go_encapsulateMLKEM768(const uint8_t *encapKey, long encapKeyLen, uint8_t *sharedKey, long sharedKeyLen, uint8_t *ciphertext, long ciphertextLen) __attribute__((noescape, nocallback, static, slice(encapKey, encapKeyLen), slice(sharedKey, sharedKeyLen), slice(ciphertext, ciphertextLen))); -+long go_encapsulateMLKEM1024(const uint8_t *encapKey, long encapKeyLen, uint8_t *sharedKey, long sharedKeyLen, uint8_t *ciphertext, long ciphertextLen) __attribute__((noescape, nocallback, static, slice(encapKey, encapKeyLen), slice(sharedKey, sharedKeyLen), slice(ciphertext, ciphertextLen))); -+long go_decapsulateMLKEM768(const uint8_t *seed, long seedLen, const uint8_t *ciphertext, long ciphertextLen, uint8_t *sharedKey, long sharedKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(ciphertext, ciphertextLen), slice(sharedKey, sharedKeyLen))); -+long go_decapsulateMLKEM1024(const uint8_t *seed, long seedLen, const uint8_t *ciphertext, long ciphertextLen, uint8_t *sharedKey, long sharedKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(ciphertext, ciphertextLen), slice(sharedKey, sharedKeyLen))); ++var _mkcgo_BIO_new uintptr + -+// ML-DSA (Post-quantum digital signature algorithm) -+long go_supportsMLDSA() __attribute__((noescape, nocallback, static)); -+long go_generateKeyMLDSA65(uint8_t *seed, long seedLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen))); -+long go_generateKeyMLDSA87(uint8_t *seed, long seedLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen))); -+long go_derivePublicKeyMLDSA65(const uint8_t *seed, long seedLen, uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(publicKey, publicKeyLen))); -+long go_derivePublicKeyMLDSA87(const uint8_t *seed, long seedLen, uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(publicKey, publicKeyLen))); -+long go_signMLDSA65(const uint8_t *seed, long seedLen, const uint8_t *message, long messageLen, const uint8_t *context, long contextLen, uint8_t *signature, long *signatureLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(message, messageLen), slice(context, contextLen), slice(signature))); -+long go_signMLDSA87(const uint8_t *seed, long seedLen, const uint8_t *message, long messageLen, const uint8_t *context, long contextLen, uint8_t *signature, long *signatureLen) __attribute__((noescape, nocallback, static, slice(seed, seedLen), slice(message, messageLen), slice(context, contextLen), slice(signature))); -+long go_verifyMLDSA65(const uint8_t *publicKey, long publicKeyLen, const uint8_t *message, long messageLen, const uint8_t *context, long contextLen, const uint8_t *signature, long signatureLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen), slice(message, messageLen), slice(context, contextLen), slice(signature, signatureLen))); -+long go_verifyMLDSA87(const uint8_t *publicKey, long publicKeyLen, const uint8_t *message, long messageLen, const uint8_t *context, long contextLen, const uint8_t *signature, long signatureLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen), slice(message, messageLen), slice(context, contextLen), slice(signature, signatureLen))); -+long go_validatePublicKeyMLDSA65(const uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen))); -+long go_validatePublicKeyMLDSA87(const uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen))); ++func BIO_new(__type BIO_METHOD_PTR) (BIO_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_BIO_new, uintptr(__type), uintptr(unsafe.Pointer(&_err))) ++ return BIO_PTR(r0), newMkcgoErr("BIO_new", _err) ++} + -+// ECDH -+long go_generateKeyECDH(int32_t curveID, uint8_t *privateKey, long privateKeyLen, uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen), slice(publicKey, publicKeyLen))); -+long go_publicKeyFromPrivateECDH(int32_t curveID, const uint8_t *privateKey, long privateKeyLen, uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen), slice(publicKey, publicKeyLen))); -+long go_ecdhSharedSecret(int32_t curveID, const uint8_t *privateKey, long privateKeyLen, const uint8_t *publicKey, long publicKeyLen, uint8_t *sharedSecret, long sharedSecretLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen), slice(publicKey, publicKeyLen), slice(sharedSecret, sharedSecretLen))); -+long go_validatePrivateKeyECDH(int32_t curveID, const uint8_t *privateKey, long privateKeyLen) __attribute__((noescape, nocallback, static, slice(privateKey, privateKeyLen))); -+long go_validatePublicKeyECDH(int32_t curveID, const uint8_t *publicKey, long publicKeyLen) __attribute__((noescape, nocallback, static, slice(publicKey, publicKeyLen))); ++var _mkcgo_BIO_s_mem uintptr + -+// ECDSA -+long go_generateKeyECDSA(int32_t curveID, uint8_t *x, long xLen, uint8_t *y, long yLen, uint8_t *d, long dLen) __attribute__((noescape, nocallback, static, slice(x, xLen), slice(y, yLen), slice(d, dLen))); -+long go_ecdsaSign(int32_t curveID, const uint8_t *d, long dLen, const uint8_t *message, long messageLen, uint8_t *signature, long *signatureLen) __attribute__((noescape, nocallback, static, slice(d, dLen), slice(message, messageLen), slice(signature))); -+long go_ecdsaVerify(int32_t curveID, const uint8_t *x, long xLen, const uint8_t *y, long yLen, const uint8_t *message, long messageLen, const uint8_t *signature, long signatureLen) __attribute__((noescape, nocallback, static, slice(x, xLen), slice(y, yLen), slice(message, messageLen), slice(signature, signatureLen))); ++func BIO_s_mem() BIO_METHOD_PTR { ++ r0, _ := syscallN(0, _mkcgo_BIO_s_mem) ++ return BIO_METHOD_PTR(r0) ++} + -+#ifdef __clang__ -+#pragma clang assume_nonnull end -+#endif ++var _mkcgo_BN_bin2bn uintptr + -+#endif // _GO_CRYPTOKIT_SHIMS_H -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/syscall_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/syscall_nocgo.go -new file mode 100644 -index 00000000000000..c83bb8660303f6 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/syscall_nocgo.go -@@ -0,0 +1,15 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++func BN_bin2bn(arg0 []byte, arg2 BIGNUM_PTR) (BIGNUM_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_BN_bin2bn, uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg0)))), uintptr(len(arg0)), uintptr(arg2), uintptr(unsafe.Pointer(&_err))) ++ return BIGNUM_PTR(r0), newMkcgoErr("BN_bin2bn", _err) ++} + -+//go:build !cgo ++var _mkcgo_BN_bn2binpad uintptr + -+package cryptokit ++func BN_bn2binpad(a BIGNUM_PTR, to []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(2, _mkcgo_BN_bn2binpad, uintptr(a), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(to)))), uintptr(len(to)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("BN_bn2binpad", _err) ++} + -+import ( -+ "github.com/microsoft/go-crypto-darwin/internal/xsyscall" -+) ++var _mkcgo_BN_bn2lebinpad uintptr + -+//go:nosplit -+func syscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { -+ return xsyscall.SyscallN(errType, fn, args...) ++func BN_bn2lebinpad(a BIGNUM_PTR, to []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(2, _mkcgo_BN_bn2lebinpad, uintptr(a), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(to)))), uintptr(len(to)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("BN_bn2lebinpad", _err) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/xcodebuild_version.txt b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/xcodebuild_version.txt -new file mode 100644 -index 00000000000000..e96680e304c47d ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/xcodebuild_version.txt -@@ -0,0 +1,2 @@ -+Xcode 26.4.1 -+Build version 17E202 -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.c b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.c -new file mode 100644 -index 00000000000000..d0d2a5bbd3475d ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.c -@@ -0,0 +1,317 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. + -+// Code generated by mkcgo. DO NOT EDIT. ++var _mkcgo_BN_clear uintptr + -+#include -+#include -+#include -+#include -+#include "zcryptokit.h" ++func BN_clear(arg0 BIGNUM_PTR) { ++ syscallN(0, _mkcgo_BN_clear, uintptr(arg0)) ++} + -+void go_MD5(const uint8_t*, size_t, uint8_t*); -+void go_SHA1(const uint8_t*, size_t, uint8_t*); -+void go_SHA256(const uint8_t*, size_t, uint8_t*); -+void go_SHA384(const uint8_t*, size_t, uint8_t*); -+void go_SHA3_256(const uint8_t*, size_t, uint8_t*); -+void go_SHA3_384(const uint8_t*, size_t, uint8_t*); -+void go_SHA3_512(const uint8_t*, size_t, uint8_t*); -+void go_SHA512(const uint8_t*, size_t, uint8_t*); -+void* go_copyHMAC(int32_t, void*); -+long go_decapsulateMLKEM1024(const uint8_t*, long, const uint8_t*, long, uint8_t*, long); -+long go_decapsulateMLKEM768(const uint8_t*, long, const uint8_t*, long, uint8_t*, long); -+long go_decryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); -+long go_decryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); -+long go_deriveEncapsulationKeyMLKEM1024(const uint8_t*, long, uint8_t*, long); -+long go_deriveEncapsulationKeyMLKEM768(const uint8_t*, long, uint8_t*, long); -+long go_derivePublicKeyMLDSA65(const uint8_t*, long, uint8_t*, long); -+long go_derivePublicKeyMLDSA87(const uint8_t*, long, uint8_t*, long); -+long go_ecdhSharedSecret(int32_t, const uint8_t*, long, const uint8_t*, long, uint8_t*, long); -+long go_ecdsaSign(int32_t, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); -+long go_ecdsaVerify(int32_t, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); -+long go_encapsulateMLKEM1024(const uint8_t*, long, uint8_t*, long, uint8_t*, long); -+long go_encapsulateMLKEM768(const uint8_t*, long, uint8_t*, long, uint8_t*, long); -+long go_encryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); -+long go_encryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); -+long go_expandHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); -+long go_extractHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); -+void go_finalizeHMAC(int32_t, void*, uint8_t*); -+void go_freeHMAC(int32_t, void*); -+long go_generateKeyECDH(int32_t, uint8_t*, long, uint8_t*, long); -+long go_generateKeyECDSA(int32_t, uint8_t*, long, uint8_t*, long, uint8_t*, long); -+void go_generateKeyEd25519(uint8_t*); -+long go_generateKeyMLDSA65(uint8_t*, long); -+long go_generateKeyMLDSA87(uint8_t*, long); -+long go_generateKeyMLKEM1024(uint8_t*, long); -+long go_generateKeyMLKEM768(uint8_t*, long); -+long go_hashBlockSize(int32_t); -+void* go_hashCopy(int32_t, void*); -+void go_hashFree(int32_t, void*); -+void* go_hashNew(int32_t); -+void go_hashReset(int32_t, void*); -+long go_hashSize(int32_t); -+void go_hashSum(int32_t, void*, uint8_t*); -+void go_hashWrite(int32_t, void*, const uint8_t*, long); -+void* go_initHMAC(int32_t, const uint8_t*, long); -+long go_newPrivateKeyEd25519FromSeed(uint8_t*, const uint8_t*); -+long go_newPublicKeyEd25519(uint8_t*, const uint8_t*); -+long go_publicKeyFromPrivateECDH(int32_t, const uint8_t*, long, uint8_t*, long); -+long go_signEd25519(const uint8_t*, const uint8_t*, size_t, uint8_t*); -+long go_signMLDSA65(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); -+long go_signMLDSA87(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); -+long go_supportsMLDSA(void); -+long go_supportsMLKEM(void); -+long go_supportsSHA3(void); -+void go_updateHMAC(int32_t, void*, const uint8_t*, long); -+long go_validatePrivateKeyECDH(int32_t, const uint8_t*, long); -+long go_validatePublicKeyECDH(int32_t, const uint8_t*, long); -+long go_validatePublicKeyMLDSA65(const uint8_t*, long); -+long go_validatePublicKeyMLDSA87(const uint8_t*, long); -+long go_verifyEd25519(const uint8_t*, const uint8_t*, size_t, const uint8_t*); -+long go_verifyMLDSA65(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); -+long go_verifyMLDSA87(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); ++var _mkcgo_BN_clear_free uintptr ++ ++func BN_clear_free(arg0 BIGNUM_PTR) { ++ syscallN(0, _mkcgo_BN_clear_free, uintptr(arg0)) ++} ++ ++var _mkcgo_BN_free uintptr ++ ++func BN_free(arg0 BIGNUM_PTR) { ++ syscallN(0, _mkcgo_BN_free, uintptr(arg0)) ++} ++ ++var _mkcgo_BN_lebin2bn uintptr ++ ++func BN_lebin2bn(s []byte, ret BIGNUM_PTR) (BIGNUM_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_BN_lebin2bn, uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(s)))), uintptr(len(s)), uintptr(ret), uintptr(unsafe.Pointer(&_err))) ++ return BIGNUM_PTR(r0), newMkcgoErr("BN_lebin2bn", _err) ++} ++ ++var _mkcgo_BN_new uintptr ++ ++func BN_new() (BIGNUM_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_BN_new, uintptr(unsafe.Pointer(&_err))) ++ return BIGNUM_PTR(r0), newMkcgoErr("BN_new", _err) ++} ++ ++var _mkcgo_BN_num_bits uintptr ++ ++func BN_num_bits(arg0 BIGNUM_PTR) int32 { ++ r0, _ := syscallN(0, _mkcgo_BN_num_bits, uintptr(arg0)) ++ return int32(r0) ++} ++ ++var _mkcgo_CRYPTO_free uintptr ++ ++func CRYPTO_free(str unsafe.Pointer, file *byte, line int32) { ++ syscallN(0, _mkcgo_CRYPTO_free, uintptr(str), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(file))), uintptr(line)) ++} ++ ++var _mkcgo_CRYPTO_malloc uintptr ++ ++func CRYPTO_malloc(num int, file *byte, line int32) (unsafe.Pointer, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_CRYPTO_malloc, uintptr(num), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(file))), uintptr(line), uintptr(unsafe.Pointer(&_err))) ++ return unsafe.Pointer(r0), newMkcgoErr("CRYPTO_malloc", _err) ++} ++ ++var _mkcgo_DSA_free uintptr ++ ++func DSA_free(r DSA_PTR) { ++ syscallN(0, _mkcgo_DSA_free, uintptr(r)) ++} ++ ++var _mkcgo_DSA_generate_key uintptr ++ ++func DSA_generate_key(a DSA_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_DSA_generate_key, uintptr(a), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("DSA_generate_key", _err) ++} ++ ++var _mkcgo_DSA_get0_key uintptr ++ ++func DSA_get0_key(d DSA_PTR, pub_key *BIGNUM_PTR, priv_key *BIGNUM_PTR) { ++ syscallN(0, _mkcgo_DSA_get0_key, uintptr(d), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(pub_key))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(priv_key)))) ++} ++ ++var _mkcgo_DSA_get0_pqg uintptr ++ ++func DSA_get0_pqg(d DSA_PTR, p *BIGNUM_PTR, q *BIGNUM_PTR, g *BIGNUM_PTR) { ++ syscallN(0, _mkcgo_DSA_get0_pqg, uintptr(d), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(p))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(q))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(g)))) ++} ++ ++var _mkcgo_DSA_new uintptr ++ ++func DSA_new() (DSA_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_DSA_new, uintptr(unsafe.Pointer(&_err))) ++ return DSA_PTR(r0), newMkcgoErr("DSA_new", _err) ++} ++ ++var _mkcgo_DSA_set0_key uintptr ++ ++func DSA_set0_key(d DSA_PTR, pub_key BIGNUM_PTR, priv_key BIGNUM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_DSA_set0_key, uintptr(d), uintptr(pub_key), uintptr(priv_key), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("DSA_set0_key", _err) ++} ++ ++var _mkcgo_DSA_set0_pqg uintptr ++ ++func DSA_set0_pqg(d DSA_PTR, p BIGNUM_PTR, q BIGNUM_PTR, g BIGNUM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_DSA_set0_pqg, uintptr(d), uintptr(p), uintptr(q), uintptr(g), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("DSA_set0_pqg", _err) ++} ++ ++var _mkcgo_EC_GROUP_free uintptr ++ ++func EC_GROUP_free(group EC_GROUP_PTR) { ++ syscallN(0, _mkcgo_EC_GROUP_free, uintptr(group)) ++} ++ ++var _mkcgo_EC_GROUP_new_by_curve_name uintptr ++ ++func EC_GROUP_new_by_curve_name(nid int32) (EC_GROUP_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EC_GROUP_new_by_curve_name, uintptr(nid), uintptr(unsafe.Pointer(&_err))) ++ return EC_GROUP_PTR(r0), newMkcgoErr("EC_GROUP_new_by_curve_name", _err) ++} ++ ++var _mkcgo_EC_KEY_check_key uintptr ++ ++func EC_KEY_check_key(key EC_KEY_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EC_KEY_check_key, uintptr(key), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EC_KEY_check_key", _err) ++} ++ ++var _mkcgo_EC_KEY_free uintptr ++ ++func EC_KEY_free(arg0 EC_KEY_PTR) { ++ syscallN(0, _mkcgo_EC_KEY_free, uintptr(arg0)) ++} ++ ++var _mkcgo_EC_KEY_get0_group uintptr ++ ++func EC_KEY_get0_group(arg0 EC_KEY_PTR) EC_GROUP_PTR { ++ r0, _ := syscallN(0, _mkcgo_EC_KEY_get0_group, uintptr(arg0)) ++ return EC_GROUP_PTR(r0) ++} + -+void _mkcgo_go_MD5(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { -+ go_MD5(_arg0, _arg1, _arg2); ++var _mkcgo_EC_KEY_get0_private_key uintptr ++ ++func EC_KEY_get0_private_key(arg0 EC_KEY_PTR) BIGNUM_PTR { ++ r0, _ := syscallN(0, _mkcgo_EC_KEY_get0_private_key, uintptr(arg0)) ++ return BIGNUM_PTR(r0) +} + -+void _mkcgo_go_SHA1(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { -+ go_SHA1(_arg0, _arg1, _arg2); ++var _mkcgo_EC_KEY_get0_public_key uintptr ++ ++func EC_KEY_get0_public_key(arg0 EC_KEY_PTR) EC_POINT_PTR { ++ r0, _ := syscallN(0, _mkcgo_EC_KEY_get0_public_key, uintptr(arg0)) ++ return EC_POINT_PTR(r0) +} + -+void _mkcgo_go_SHA256(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { -+ go_SHA256(_arg0, _arg1, _arg2); ++var _mkcgo_EC_KEY_new_by_curve_name uintptr ++ ++func EC_KEY_new_by_curve_name(arg0 int32) (EC_KEY_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EC_KEY_new_by_curve_name, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) ++ return EC_KEY_PTR(r0), newMkcgoErr("EC_KEY_new_by_curve_name", _err) +} + -+void _mkcgo_go_SHA384(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { -+ go_SHA384(_arg0, _arg1, _arg2); ++var _mkcgo_EC_KEY_set_private_key uintptr ++ ++func EC_KEY_set_private_key(arg0 EC_KEY_PTR, arg1 BIGNUM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EC_KEY_set_private_key, uintptr(arg0), uintptr(arg1), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EC_KEY_set_private_key", _err) +} + -+void _mkcgo_go_SHA3_256(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { -+ go_SHA3_256(_arg0, _arg1, _arg2); ++var _mkcgo_EC_KEY_set_public_key uintptr ++ ++func EC_KEY_set_public_key(key EC_KEY_PTR, pub EC_POINT_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EC_KEY_set_public_key, uintptr(key), uintptr(pub), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EC_KEY_set_public_key", _err) +} + -+void _mkcgo_go_SHA3_384(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { -+ go_SHA3_384(_arg0, _arg1, _arg2); ++var _mkcgo_EC_KEY_set_public_key_affine_coordinates uintptr ++ ++func EC_KEY_set_public_key_affine_coordinates(key EC_KEY_PTR, x BIGNUM_PTR, y BIGNUM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EC_KEY_set_public_key_affine_coordinates, uintptr(key), uintptr(x), uintptr(y), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EC_KEY_set_public_key_affine_coordinates", _err) +} + -+void _mkcgo_go_SHA3_512(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { -+ go_SHA3_512(_arg0, _arg1, _arg2); ++var _mkcgo_EC_POINT_free uintptr ++ ++func EC_POINT_free(arg0 EC_POINT_PTR) { ++ syscallN(0, _mkcgo_EC_POINT_free, uintptr(arg0)) +} + -+void _mkcgo_go_SHA512(const uint8_t* _arg0, size_t _arg1, uint8_t* _arg2) { -+ go_SHA512(_arg0, _arg1, _arg2); ++var _mkcgo_EC_POINT_get_affine_coordinates_GFp uintptr ++ ++func EC_POINT_get_affine_coordinates_GFp(arg0 EC_GROUP_PTR, arg1 EC_POINT_PTR, arg2 BIGNUM_PTR, arg3 BIGNUM_PTR, arg4 BN_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EC_POINT_get_affine_coordinates_GFp, uintptr(arg0), uintptr(arg1), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EC_POINT_get_affine_coordinates_GFp", _err) +} + -+void* _mkcgo_go_copyHMAC(int32_t _arg0, void* _arg1) { -+ return go_copyHMAC(_arg0, _arg1); ++var _mkcgo_EC_POINT_mul uintptr ++ ++func EC_POINT_mul(group EC_GROUP_PTR, r EC_POINT_PTR, n BIGNUM_PTR, q EC_POINT_PTR, m BIGNUM_PTR, ctx BN_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EC_POINT_mul, uintptr(group), uintptr(r), uintptr(n), uintptr(q), uintptr(m), uintptr(ctx), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EC_POINT_mul", _err) +} + -+long _mkcgo_go_decapsulateMLKEM1024(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, uint8_t* _arg4, long _arg5) { -+ return go_decapsulateMLKEM1024(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++var _mkcgo_EC_POINT_new uintptr ++ ++func EC_POINT_new(arg0 EC_GROUP_PTR) (EC_POINT_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EC_POINT_new, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) ++ return EC_POINT_PTR(r0), newMkcgoErr("EC_POINT_new", _err) +} + -+long _mkcgo_go_decapsulateMLKEM768(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, uint8_t* _arg4, long _arg5) { -+ return go_decapsulateMLKEM768(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++var _mkcgo_EC_POINT_oct2point uintptr ++ ++func EC_POINT_oct2point(group EC_GROUP_PTR, p EC_POINT_PTR, buf []byte, ctx BN_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EC_POINT_oct2point, uintptr(group), uintptr(p), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(buf)))), uintptr(len(buf)), uintptr(ctx), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EC_POINT_oct2point", _err) +} + -+long _mkcgo_go_decryptAESGCM(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, const uint8_t* _arg8, size_t _arg9, uint8_t* _arg10, size_t* _arg11) { -+ return go_decryptAESGCM(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10, _arg11); ++var _mkcgo_EC_POINT_point2oct uintptr ++ ++func EC_POINT_point2oct(group EC_GROUP_PTR, p EC_POINT_PTR, form Point_conversion_form_t, buf []byte, ctx BN_CTX_PTR) (int, error) { ++ var _err uintptr ++ r0, _ := syscallN(4, _mkcgo_EC_POINT_point2oct, uintptr(group), uintptr(p), uintptr(form), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(buf)))), uintptr(len(buf)), uintptr(ctx), uintptr(unsafe.Pointer(&_err))) ++ return int(r0), newMkcgoErr("EC_POINT_point2oct", _err) +} + -+long _mkcgo_go_decryptChaChaPoly(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, const uint8_t* _arg8, size_t _arg9, uint8_t* _arg10, size_t* _arg11) { -+ return go_decryptChaChaPoly(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10, _arg11); ++var _mkcgo_EC_POINT_set_affine_coordinates uintptr ++ ++func EC_POINT_set_affine_coordinates(arg0 EC_GROUP_PTR, arg1 EC_POINT_PTR, arg2 BIGNUM_PTR, arg3 BIGNUM_PTR, arg4 BN_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EC_POINT_set_affine_coordinates, uintptr(arg0), uintptr(arg1), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EC_POINT_set_affine_coordinates", _err) +} + -+long _mkcgo_go_deriveEncapsulationKeyMLKEM1024(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3) { -+ return go_deriveEncapsulationKeyMLKEM1024(_arg0, _arg1, _arg2, _arg3); ++var _mkcgo_ERR_peek_error uintptr ++ ++func ERR_peek_error() uint64 { ++ r0, _ := syscallN(0, _mkcgo_ERR_peek_error) ++ return uint64(r0) +} + -+long _mkcgo_go_deriveEncapsulationKeyMLKEM768(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3) { -+ return go_deriveEncapsulationKeyMLKEM768(_arg0, _arg1, _arg2, _arg3); ++var _mkcgo_ERR_print_errors uintptr ++ ++func ERR_print_errors(bp BIO_PTR) { ++ syscallN(0, _mkcgo_ERR_print_errors, uintptr(bp)) +} + -+long _mkcgo_go_derivePublicKeyMLDSA65(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3) { -+ return go_derivePublicKeyMLDSA65(_arg0, _arg1, _arg2, _arg3); ++var _mkcgo_EVP_CIPHER_CTX_ctrl uintptr ++ ++func EVP_CIPHER_CTX_ctrl(ctx EVP_CIPHER_CTX_PTR, __type int32, arg int32, ptr unsafe.Pointer) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_CIPHER_CTX_ctrl, uintptr(ctx), uintptr(__type), uintptr(arg), uintptr(ptr), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_CIPHER_CTX_ctrl", _err) +} + -+long _mkcgo_go_derivePublicKeyMLDSA87(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3) { -+ return go_derivePublicKeyMLDSA87(_arg0, _arg1, _arg2, _arg3); ++var _mkcgo_EVP_CIPHER_CTX_free uintptr ++ ++func EVP_CIPHER_CTX_free(arg0 EVP_CIPHER_CTX_PTR) { ++ syscallN(0, _mkcgo_EVP_CIPHER_CTX_free, uintptr(arg0)) +} + -+long _mkcgo_go_ecdhSharedSecret(int32_t _arg0, const uint8_t* _arg1, long _arg2, const uint8_t* _arg3, long _arg4, uint8_t* _arg5, long _arg6) { -+ return go_ecdhSharedSecret(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); ++var _mkcgo_EVP_CIPHER_CTX_new uintptr ++ ++func EVP_CIPHER_CTX_new() (EVP_CIPHER_CTX_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_CIPHER_CTX_new, uintptr(unsafe.Pointer(&_err))) ++ return EVP_CIPHER_CTX_PTR(r0), newMkcgoErr("EVP_CIPHER_CTX_new", _err) +} + -+long _mkcgo_go_ecdsaSign(int32_t _arg0, const uint8_t* _arg1, long _arg2, const uint8_t* _arg3, long _arg4, uint8_t* _arg5, long* _arg6) { -+ return go_ecdsaSign(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); ++var _mkcgo_EVP_CIPHER_CTX_set_key_length uintptr ++ ++func EVP_CIPHER_CTX_set_key_length(x EVP_CIPHER_CTX_PTR, keylen int32) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_CIPHER_CTX_set_key_length, uintptr(x), uintptr(keylen), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_CIPHER_CTX_set_key_length", _err) +} + -+long _mkcgo_go_ecdsaVerify(int32_t _arg0, const uint8_t* _arg1, long _arg2, const uint8_t* _arg3, long _arg4, const uint8_t* _arg5, long _arg6, const uint8_t* _arg7, long _arg8) { -+ return go_ecdsaVerify(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8); ++var _mkcgo_EVP_CIPHER_CTX_set_padding uintptr ++ ++func EVP_CIPHER_CTX_set_padding(x EVP_CIPHER_CTX_PTR, padding int32) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_CIPHER_CTX_set_padding, uintptr(x), uintptr(padding), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_CIPHER_CTX_set_padding", _err) +} + -+long _mkcgo_go_encapsulateMLKEM1024(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3, uint8_t* _arg4, long _arg5) { -+ return go_encapsulateMLKEM1024(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++var _mkcgo_EVP_CIPHER_fetch uintptr ++ ++func EVP_CIPHER_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_CIPHER_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_CIPHER_fetch, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(algorithm))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(properties))), uintptr(unsafe.Pointer(&_err))) ++ return EVP_CIPHER_PTR(r0), newMkcgoErr("EVP_CIPHER_fetch", _err) +} + -+long _mkcgo_go_encapsulateMLKEM768(const uint8_t* _arg0, long _arg1, uint8_t* _arg2, long _arg3, uint8_t* _arg4, long _arg5) { -+ return go_encapsulateMLKEM768(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++var _mkcgo_EVP_CIPHER_get0_name uintptr ++ ++func EVP_CIPHER_get0_name(cipher EVP_CIPHER_PTR) *byte { ++ r0, _ := syscallN(0, _mkcgo_EVP_CIPHER_get0_name, uintptr(cipher)) ++ return (*byte)(unsafe.Pointer(r0)) +} + -+long _mkcgo_go_encryptAESGCM(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, uint8_t* _arg8, size_t _arg9, uint8_t* _arg10) { -+ return go_encryptAESGCM(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10); ++var _mkcgo_EVP_CIPHER_get_block_size uintptr ++ ++func EVP_CIPHER_get_block_size(cipher EVP_CIPHER_PTR) int32 { ++ r0, _ := syscallN(0, _mkcgo_EVP_CIPHER_get_block_size, uintptr(cipher)) ++ return int32(r0) +} + -+long _mkcgo_go_encryptChaChaPoly(const uint8_t* _arg0, size_t _arg1, const uint8_t* _arg2, size_t _arg3, const uint8_t* _arg4, size_t _arg5, const uint8_t* _arg6, size_t _arg7, uint8_t* _arg8, size_t _arg9, uint8_t* _arg10) { -+ return go_encryptChaChaPoly(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7, _arg8, _arg9, _arg10); ++var _mkcgo_EVP_CipherInit_ex uintptr ++ ++func EVP_CipherInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte, enc int32) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_CipherInit_ex, uintptr(ctx), uintptr(__type), uintptr(impl), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(iv))), uintptr(enc), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_CipherInit_ex", _err) +} + -+long _mkcgo_go_expandHKDF(int32_t _arg0, const uint8_t* _arg1, size_t _arg2, const uint8_t* _arg3, size_t _arg4, uint8_t* _arg5, size_t _arg6) { -+ return go_expandHKDF(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); ++var _mkcgo_EVP_CipherUpdate uintptr ++ ++func EVP_CipherUpdate(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32, in []byte) (int32, error) { ++ if outl != nil && int(*outl) > len(out) { ++ panic("EVP_CipherUpdate: *outl exceeds len(out)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_CipherUpdate, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(unsafe.Pointer(outl)), uintptr(unsafe.Pointer(unsafe.SliceData(in))), uintptr(len(in)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_CipherUpdate", _err) +} + -+long _mkcgo_go_extractHKDF(int32_t _arg0, const uint8_t* _arg1, size_t _arg2, const uint8_t* _arg3, size_t _arg4, uint8_t* _arg5, size_t _arg6) { -+ return go_extractHKDF(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); ++var _mkcgo_EVP_DecryptFinal_ex uintptr ++ ++func EVP_DecryptFinal_ex(ctx EVP_CIPHER_CTX_PTR, outm []byte, outl *int32) (int32, error) { ++ if outl != nil && int(*outl) > len(outm) { ++ panic("EVP_DecryptFinal_ex: *outl exceeds len(outm)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DecryptFinal_ex, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(outm))), uintptr(unsafe.Pointer(outl)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DecryptFinal_ex", _err) +} + -+void _mkcgo_go_finalizeHMAC(int32_t _arg0, void* _arg1, uint8_t* _arg2) { -+ go_finalizeHMAC(_arg0, _arg1, _arg2); ++var _mkcgo_EVP_DecryptInit_ex uintptr ++ ++func EVP_DecryptInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DecryptInit_ex, uintptr(ctx), uintptr(__type), uintptr(impl), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(iv))), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DecryptInit_ex", _err) +} + -+void _mkcgo_go_freeHMAC(int32_t _arg0, void* _arg1) { -+ go_freeHMAC(_arg0, _arg1); ++var _mkcgo_EVP_DecryptUpdate uintptr ++ ++func EVP_DecryptUpdate(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32, in []byte) (int32, error) { ++ if outl != nil && int(*outl) > len(out) { ++ panic("EVP_DecryptUpdate: *outl exceeds len(out)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DecryptUpdate, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(unsafe.Pointer(outl)), uintptr(unsafe.Pointer(unsafe.SliceData(in))), uintptr(len(in)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DecryptUpdate", _err) +} + -+long _mkcgo_go_generateKeyECDH(int32_t _arg0, uint8_t* _arg1, long _arg2, uint8_t* _arg3, long _arg4) { -+ return go_generateKeyECDH(_arg0, _arg1, _arg2, _arg3, _arg4); ++var _mkcgo_EVP_Digest uintptr ++ ++func EVP_Digest(data []byte, md []byte, size *uint32, __type EVP_MD_PTR, impl ENGINE_PTR) (int32, error) { ++ if size != nil && int(*size) > len(md) { ++ panic("EVP_Digest: *size exceeds len(md)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_Digest, uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data)), uintptr(unsafe.Pointer(unsafe.SliceData(md))), uintptr(unsafe.Pointer(size)), uintptr(__type), uintptr(impl), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_Digest", _err) +} + -+long _mkcgo_go_generateKeyECDSA(int32_t _arg0, uint8_t* _arg1, long _arg2, uint8_t* _arg3, long _arg4, uint8_t* _arg5, long _arg6) { -+ return go_generateKeyECDSA(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6); ++var _mkcgo_EVP_DigestFinalXOF uintptr ++ ++func EVP_DigestFinalXOF(ctx EVP_MD_CTX_PTR, md []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DigestFinalXOF, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(md))), uintptr(len(md)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DigestFinalXOF", _err) +} + -+void _mkcgo_go_generateKeyEd25519(uint8_t* _arg0) { -+ go_generateKeyEd25519(_arg0); ++var _mkcgo_EVP_DigestFinal_ex uintptr ++ ++func EVP_DigestFinal_ex(ctx EVP_MD_CTX_PTR, md []byte, s *uint32) (int32, error) { ++ if s != nil && int(*s) > len(md) { ++ panic("EVP_DigestFinal_ex: *s exceeds len(md)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DigestFinal_ex, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(md))), uintptr(unsafe.Pointer(s)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DigestFinal_ex", _err) +} + -+long _mkcgo_go_generateKeyMLDSA65(uint8_t* _arg0, long _arg1) { -+ return go_generateKeyMLDSA65(_arg0, _arg1); ++var _mkcgo_EVP_DigestInit uintptr ++ ++func EVP_DigestInit(ctx EVP_MD_CTX_PTR, __type EVP_MD_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DigestInit, uintptr(ctx), uintptr(__type), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DigestInit", _err) +} + -+long _mkcgo_go_generateKeyMLDSA87(uint8_t* _arg0, long _arg1) { -+ return go_generateKeyMLDSA87(_arg0, _arg1); ++var _mkcgo_EVP_DigestInit_ex uintptr ++ ++func EVP_DigestInit_ex(ctx EVP_MD_CTX_PTR, __type EVP_MD_PTR, impl ENGINE_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DigestInit_ex, uintptr(ctx), uintptr(__type), uintptr(impl), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DigestInit_ex", _err) +} + -+long _mkcgo_go_generateKeyMLKEM1024(uint8_t* _arg0, long _arg1) { -+ return go_generateKeyMLKEM1024(_arg0, _arg1); ++var _mkcgo_EVP_DigestSign uintptr ++ ++func EVP_DigestSign(ctx EVP_MD_CTX_PTR, sigret []byte, siglen *int, tbs []byte) (int32, error) { ++ if siglen != nil && int(*siglen) > len(sigret) { ++ panic("EVP_DigestSign: *siglen exceeds len(sigret)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DigestSign, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(sigret))), uintptr(unsafe.Pointer(siglen)), uintptr(unsafe.Pointer(unsafe.SliceData(tbs))), uintptr(len(tbs)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DigestSign", _err) +} + -+long _mkcgo_go_generateKeyMLKEM768(uint8_t* _arg0, long _arg1) { -+ return go_generateKeyMLKEM768(_arg0, _arg1); ++var _mkcgo_EVP_DigestSignFinal uintptr ++ ++func EVP_DigestSignFinal(ctx EVP_MD_CTX_PTR, sig []byte, siglen *int) (int32, error) { ++ if siglen != nil && int(*siglen) > len(sig) { ++ panic("EVP_DigestSignFinal: *siglen exceeds len(sig)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DigestSignFinal, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(sig)))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(siglen))), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DigestSignFinal", _err) +} + -+long _mkcgo_go_hashBlockSize(int32_t _arg0) { -+ return go_hashBlockSize(_arg0); ++var _mkcgo_EVP_DigestSignInit uintptr ++ ++func EVP_DigestSignInit(ctx EVP_MD_CTX_PTR, pctx *EVP_PKEY_CTX_PTR, __type EVP_MD_PTR, e ENGINE_PTR, pkey EVP_PKEY_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DigestSignInit, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(pctx))), uintptr(__type), uintptr(e), uintptr(pkey), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DigestSignInit", _err) +} + -+void* _mkcgo_go_hashCopy(int32_t _arg0, void* _arg1) { -+ return go_hashCopy(_arg0, _arg1); ++func EVP_DigestSqueeze_Available() bool { ++ return _mkcgo_EVP_DigestSqueeze != 0 +} + -+void _mkcgo_go_hashFree(int32_t _arg0, void* _arg1) { -+ go_hashFree(_arg0, _arg1); ++var _mkcgo_EVP_DigestSqueeze uintptr ++ ++func EVP_DigestSqueeze(ctx EVP_MD_CTX_PTR, out []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DigestSqueeze, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(len(out)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DigestSqueeze", _err) +} + -+void* _mkcgo_go_hashNew(int32_t _arg0) { -+ return go_hashNew(_arg0); ++var _mkcgo_EVP_DigestUpdate uintptr ++ ++func EVP_DigestUpdate(ctx EVP_MD_CTX_PTR, d []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DigestUpdate, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(d))), uintptr(len(d)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DigestUpdate", _err) +} + -+void _mkcgo_go_hashReset(int32_t _arg0, void* _arg1) { -+ go_hashReset(_arg0, _arg1); ++var _mkcgo_EVP_DigestVerify uintptr ++ ++func EVP_DigestVerify(ctx EVP_MD_CTX_PTR, sigret []byte, tbs []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DigestVerify, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(sigret)))), uintptr(len(sigret)), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(tbs)))), uintptr(len(tbs)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DigestVerify", _err) +} + -+long _mkcgo_go_hashSize(int32_t _arg0) { -+ return go_hashSize(_arg0); ++var _mkcgo_EVP_DigestVerifyFinal uintptr ++ ++func EVP_DigestVerifyFinal(ctx EVP_MD_CTX_PTR, sig []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DigestVerifyFinal, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(sig)))), uintptr(len(sig)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DigestVerifyFinal", _err) +} + -+void _mkcgo_go_hashSum(int32_t _arg0, void* _arg1, uint8_t* _arg2) { -+ go_hashSum(_arg0, _arg1, _arg2); ++var _mkcgo_EVP_DigestVerifyInit uintptr ++ ++func EVP_DigestVerifyInit(ctx EVP_MD_CTX_PTR, pctx *EVP_PKEY_CTX_PTR, __type EVP_MD_PTR, e ENGINE_PTR, pkey EVP_PKEY_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_DigestVerifyInit, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(pctx))), uintptr(__type), uintptr(e), uintptr(pkey), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_DigestVerifyInit", _err) +} + -+void _mkcgo_go_hashWrite(int32_t _arg0, void* _arg1, const uint8_t* _arg2, long _arg3) { -+ go_hashWrite(_arg0, _arg1, _arg2, _arg3); ++var _mkcgo_EVP_EncryptFinal_ex uintptr ++ ++func EVP_EncryptFinal_ex(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32) (int32, error) { ++ if outl != nil && int(*outl) > len(out) { ++ panic("EVP_EncryptFinal_ex: *outl exceeds len(out)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_EncryptFinal_ex, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(unsafe.Pointer(outl)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_EncryptFinal_ex", _err) +} + -+void* _mkcgo_go_initHMAC(int32_t _arg0, const uint8_t* _arg1, long _arg2) { -+ return go_initHMAC(_arg0, _arg1, _arg2); ++var _mkcgo_EVP_EncryptInit_ex uintptr ++ ++func EVP_EncryptInit_ex(ctx EVP_CIPHER_CTX_PTR, __type EVP_CIPHER_PTR, impl ENGINE_PTR, key *byte, iv *byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_EncryptInit_ex, uintptr(ctx), uintptr(__type), uintptr(impl), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(iv))), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_EncryptInit_ex", _err) +} + -+long _mkcgo_go_newPrivateKeyEd25519FromSeed(uint8_t* _arg0, const uint8_t* _arg1) { -+ return go_newPrivateKeyEd25519FromSeed(_arg0, _arg1); ++var _mkcgo_EVP_EncryptUpdate uintptr ++ ++func EVP_EncryptUpdate(ctx EVP_CIPHER_CTX_PTR, out []byte, outl *int32, in []byte) (int32, error) { ++ if outl != nil && int(*outl) > len(out) { ++ panic("EVP_EncryptUpdate: *outl exceeds len(out)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_EncryptUpdate, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(unsafe.Pointer(outl)), uintptr(unsafe.Pointer(unsafe.SliceData(in))), uintptr(len(in)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_EncryptUpdate", _err) +} + -+long _mkcgo_go_newPublicKeyEd25519(uint8_t* _arg0, const uint8_t* _arg1) { -+ return go_newPublicKeyEd25519(_arg0, _arg1); ++var _mkcgo_EVP_KDF_CTX_free uintptr ++ ++func EVP_KDF_CTX_free(ctx EVP_KDF_CTX_PTR) { ++ syscallN(0, _mkcgo_EVP_KDF_CTX_free, uintptr(ctx)) +} + -+long _mkcgo_go_publicKeyFromPrivateECDH(int32_t _arg0, const uint8_t* _arg1, long _arg2, uint8_t* _arg3, long _arg4) { -+ return go_publicKeyFromPrivateECDH(_arg0, _arg1, _arg2, _arg3, _arg4); ++var _mkcgo_EVP_KDF_CTX_get_kdf_size uintptr ++ ++func EVP_KDF_CTX_get_kdf_size(ctx EVP_KDF_CTX_PTR) (int, error) { ++ var _err uintptr ++ r0, _ := syscallN(4, _mkcgo_EVP_KDF_CTX_get_kdf_size, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) ++ return int(r0), newMkcgoErr("EVP_KDF_CTX_get_kdf_size", _err) +} + -+long _mkcgo_go_signEd25519(const uint8_t* _arg0, const uint8_t* _arg1, size_t _arg2, uint8_t* _arg3) { -+ return go_signEd25519(_arg0, _arg1, _arg2, _arg3); ++var _mkcgo_EVP_KDF_CTX_new uintptr ++ ++func EVP_KDF_CTX_new(kdf EVP_KDF_PTR) (EVP_KDF_CTX_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_KDF_CTX_new, uintptr(kdf), uintptr(unsafe.Pointer(&_err))) ++ return EVP_KDF_CTX_PTR(r0), newMkcgoErr("EVP_KDF_CTX_new", _err) +} + -+long _mkcgo_go_signMLDSA65(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, const uint8_t* _arg4, long _arg5, uint8_t* _arg6, long* _arg7) { -+ return go_signMLDSA65(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); ++var _mkcgo_EVP_KDF_CTX_set_params uintptr ++ ++func EVP_KDF_CTX_set_params(ctx EVP_KDF_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_KDF_CTX_set_params, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_KDF_CTX_set_params", _err) +} + -+long _mkcgo_go_signMLDSA87(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, const uint8_t* _arg4, long _arg5, uint8_t* _arg6, long* _arg7) { -+ return go_signMLDSA87(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); ++var _mkcgo_EVP_KDF_derive uintptr ++ ++func EVP_KDF_derive(ctx EVP_KDF_CTX_PTR, key []byte, params OSSL_PARAM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_KDF_derive, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(key)))), uintptr(len(key)), uintptr(params), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_KDF_derive", _err) +} + -+long _mkcgo_go_supportsMLDSA(void) { -+ return go_supportsMLDSA(); ++var _mkcgo_EVP_KDF_fetch uintptr ++ ++func EVP_KDF_fetch(libctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_KDF_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_KDF_fetch, uintptr(libctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(algorithm))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(properties))), uintptr(unsafe.Pointer(&_err))) ++ return EVP_KDF_PTR(r0), newMkcgoErr("EVP_KDF_fetch", _err) +} + -+long _mkcgo_go_supportsMLKEM(void) { -+ return go_supportsMLKEM(); ++var _mkcgo_EVP_KDF_free uintptr ++ ++func EVP_KDF_free(kdf EVP_KDF_PTR) { ++ syscallN(0, _mkcgo_EVP_KDF_free, uintptr(kdf)) +} + -+long _mkcgo_go_supportsSHA3(void) { -+ return go_supportsSHA3(); ++func EVP_KEYMGMT_fetch_Available() bool { ++ return _mkcgo_EVP_KEYMGMT_fetch != 0 +} + -+void _mkcgo_go_updateHMAC(int32_t _arg0, void* _arg1, const uint8_t* _arg2, long _arg3) { -+ go_updateHMAC(_arg0, _arg1, _arg2, _arg3); ++var _mkcgo_EVP_KEYMGMT_fetch uintptr ++ ++func EVP_KEYMGMT_fetch(libctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_KEYMGMT_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_KEYMGMT_fetch, uintptr(libctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(algorithm))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(properties))), uintptr(unsafe.Pointer(&_err))) ++ return EVP_KEYMGMT_PTR(r0), newMkcgoErr("EVP_KEYMGMT_fetch", _err) +} + -+long _mkcgo_go_validatePrivateKeyECDH(int32_t _arg0, const uint8_t* _arg1, long _arg2) { -+ return go_validatePrivateKeyECDH(_arg0, _arg1, _arg2); ++var _mkcgo_EVP_KEYMGMT_free uintptr ++ ++func EVP_KEYMGMT_free(keymgmt EVP_KEYMGMT_PTR) { ++ syscallN(0, _mkcgo_EVP_KEYMGMT_free, uintptr(keymgmt)) +} + -+long _mkcgo_go_validatePublicKeyECDH(int32_t _arg0, const uint8_t* _arg1, long _arg2) { -+ return go_validatePublicKeyECDH(_arg0, _arg1, _arg2); ++var _mkcgo_EVP_MAC_CTX_dup uintptr ++ ++func EVP_MAC_CTX_dup(arg0 EVP_MAC_CTX_PTR) (EVP_MAC_CTX_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_MAC_CTX_dup, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) ++ return EVP_MAC_CTX_PTR(r0), newMkcgoErr("EVP_MAC_CTX_dup", _err) +} + -+long _mkcgo_go_validatePublicKeyMLDSA65(const uint8_t* _arg0, long _arg1) { -+ return go_validatePublicKeyMLDSA65(_arg0, _arg1); ++var _mkcgo_EVP_MAC_CTX_free uintptr ++ ++func EVP_MAC_CTX_free(arg0 EVP_MAC_CTX_PTR) { ++ syscallN(0, _mkcgo_EVP_MAC_CTX_free, uintptr(arg0)) +} + -+long _mkcgo_go_validatePublicKeyMLDSA87(const uint8_t* _arg0, long _arg1) { -+ return go_validatePublicKeyMLDSA87(_arg0, _arg1); ++var _mkcgo_EVP_MAC_CTX_new uintptr ++ ++func EVP_MAC_CTX_new(arg0 EVP_MAC_PTR) (EVP_MAC_CTX_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_MAC_CTX_new, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) ++ return EVP_MAC_CTX_PTR(r0), newMkcgoErr("EVP_MAC_CTX_new", _err) +} + -+long _mkcgo_go_verifyEd25519(const uint8_t* _arg0, const uint8_t* _arg1, size_t _arg2, const uint8_t* _arg3) { -+ return go_verifyEd25519(_arg0, _arg1, _arg2, _arg3); ++var _mkcgo_EVP_MAC_CTX_set_params uintptr ++ ++func EVP_MAC_CTX_set_params(ctx EVP_MAC_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_MAC_CTX_set_params, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_MAC_CTX_set_params", _err) +} + -+long _mkcgo_go_verifyMLDSA65(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, const uint8_t* _arg4, long _arg5, const uint8_t* _arg6, long _arg7) { -+ return go_verifyMLDSA65(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); ++var _mkcgo_EVP_MAC_fetch uintptr ++ ++func EVP_MAC_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_MAC_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_MAC_fetch, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(algorithm))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(properties))), uintptr(unsafe.Pointer(&_err))) ++ return EVP_MAC_PTR(r0), newMkcgoErr("EVP_MAC_fetch", _err) +} + -+long _mkcgo_go_verifyMLDSA87(const uint8_t* _arg0, long _arg1, const uint8_t* _arg2, long _arg3, const uint8_t* _arg4, long _arg5, const uint8_t* _arg6, long _arg7) { -+ return go_verifyMLDSA87(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5, _arg6, _arg7); ++var _mkcgo_EVP_MAC_final uintptr ++ ++func EVP_MAC_final(ctx EVP_MAC_CTX_PTR, out []byte, outl *int) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_MAC_final, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(unsafe.Pointer(outl)), uintptr(len(out)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_MAC_final", _err) +} + -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.h -new file mode 100644 -index 00000000000000..f933f59c3013da ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.h -@@ -0,0 +1,77 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++var _mkcgo_EVP_MAC_init uintptr + -+// Code generated by mkcgo. DO NOT EDIT. ++func EVP_MAC_init(ctx EVP_MAC_CTX_PTR, key []byte, params OSSL_PARAM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_MAC_init, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key)), uintptr(params), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_MAC_init", _err) ++} ++ ++var _mkcgo_EVP_MAC_update uintptr ++ ++func EVP_MAC_update(ctx EVP_MAC_CTX_PTR, data []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_MAC_update, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_MAC_update", _err) ++} ++ ++var _mkcgo_EVP_MD_CTX_copy_ex uintptr + -+#ifndef MKCGO_H // only include this header once -+#define MKCGO_H ++func EVP_MD_CTX_copy_ex(out EVP_MD_CTX_PTR, in EVP_MD_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_MD_CTX_copy_ex, uintptr(out), uintptr(in), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_MD_CTX_copy_ex", _err) ++} + -+#include -+#include ++var _mkcgo_EVP_MD_CTX_ctrl uintptr + ++func EVP_MD_CTX_ctrl(ctx EVP_MD_CTX_PTR, cmd int32, p1 int32, p2 unsafe.Pointer) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_MD_CTX_ctrl, uintptr(ctx), uintptr(cmd), uintptr(p1), uintptr(p2), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_MD_CTX_ctrl", _err) ++} + -+uintptr_t mkcgo_err_retrieve(); ++var _mkcgo_EVP_MD_CTX_free uintptr + -+void _mkcgo_go_MD5(const uint8_t*, size_t, uint8_t*); -+void _mkcgo_go_SHA1(const uint8_t*, size_t, uint8_t*); -+void _mkcgo_go_SHA256(const uint8_t*, size_t, uint8_t*); -+void _mkcgo_go_SHA384(const uint8_t*, size_t, uint8_t*); -+void _mkcgo_go_SHA3_256(const uint8_t*, size_t, uint8_t*); -+void _mkcgo_go_SHA3_384(const uint8_t*, size_t, uint8_t*); -+void _mkcgo_go_SHA3_512(const uint8_t*, size_t, uint8_t*); -+void _mkcgo_go_SHA512(const uint8_t*, size_t, uint8_t*); -+void* _mkcgo_go_copyHMAC(int32_t, void*); -+long _mkcgo_go_decapsulateMLKEM1024(const uint8_t*, long, const uint8_t*, long, uint8_t*, long); -+long _mkcgo_go_decapsulateMLKEM768(const uint8_t*, long, const uint8_t*, long, uint8_t*, long); -+long _mkcgo_go_decryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); -+long _mkcgo_go_decryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t*); -+long _mkcgo_go_deriveEncapsulationKeyMLKEM1024(const uint8_t*, long, uint8_t*, long); -+long _mkcgo_go_deriveEncapsulationKeyMLKEM768(const uint8_t*, long, uint8_t*, long); -+long _mkcgo_go_derivePublicKeyMLDSA65(const uint8_t*, long, uint8_t*, long); -+long _mkcgo_go_derivePublicKeyMLDSA87(const uint8_t*, long, uint8_t*, long); -+long _mkcgo_go_ecdhSharedSecret(int32_t, const uint8_t*, long, const uint8_t*, long, uint8_t*, long); -+long _mkcgo_go_ecdsaSign(int32_t, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); -+long _mkcgo_go_ecdsaVerify(int32_t, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); -+long _mkcgo_go_encapsulateMLKEM1024(const uint8_t*, long, uint8_t*, long, uint8_t*, long); -+long _mkcgo_go_encapsulateMLKEM768(const uint8_t*, long, uint8_t*, long, uint8_t*, long); -+long _mkcgo_go_encryptAESGCM(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); -+long _mkcgo_go_encryptChaChaPoly(const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t, uint8_t*); -+long _mkcgo_go_expandHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); -+long _mkcgo_go_extractHKDF(int32_t, const uint8_t*, size_t, const uint8_t*, size_t, uint8_t*, size_t); -+void _mkcgo_go_finalizeHMAC(int32_t, void*, uint8_t*); -+void _mkcgo_go_freeHMAC(int32_t, void*); -+long _mkcgo_go_generateKeyECDH(int32_t, uint8_t*, long, uint8_t*, long); -+long _mkcgo_go_generateKeyECDSA(int32_t, uint8_t*, long, uint8_t*, long, uint8_t*, long); -+void _mkcgo_go_generateKeyEd25519(uint8_t*); -+long _mkcgo_go_generateKeyMLDSA65(uint8_t*, long); -+long _mkcgo_go_generateKeyMLDSA87(uint8_t*, long); -+long _mkcgo_go_generateKeyMLKEM1024(uint8_t*, long); -+long _mkcgo_go_generateKeyMLKEM768(uint8_t*, long); -+long _mkcgo_go_hashBlockSize(int32_t); -+void* _mkcgo_go_hashCopy(int32_t, void*); -+void _mkcgo_go_hashFree(int32_t, void*); -+void* _mkcgo_go_hashNew(int32_t); -+void _mkcgo_go_hashReset(int32_t, void*); -+long _mkcgo_go_hashSize(int32_t); -+void _mkcgo_go_hashSum(int32_t, void*, uint8_t*); -+void _mkcgo_go_hashWrite(int32_t, void*, const uint8_t*, long); -+void* _mkcgo_go_initHMAC(int32_t, const uint8_t*, long); -+long _mkcgo_go_newPrivateKeyEd25519FromSeed(uint8_t*, const uint8_t*); -+long _mkcgo_go_newPublicKeyEd25519(uint8_t*, const uint8_t*); -+long _mkcgo_go_publicKeyFromPrivateECDH(int32_t, const uint8_t*, long, uint8_t*, long); -+long _mkcgo_go_signEd25519(const uint8_t*, const uint8_t*, size_t, uint8_t*); -+long _mkcgo_go_signMLDSA65(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); -+long _mkcgo_go_signMLDSA87(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, uint8_t*, long*); -+long _mkcgo_go_supportsMLDSA(void); -+long _mkcgo_go_supportsMLKEM(void); -+long _mkcgo_go_supportsSHA3(void); -+void _mkcgo_go_updateHMAC(int32_t, void*, const uint8_t*, long); -+long _mkcgo_go_validatePrivateKeyECDH(int32_t, const uint8_t*, long); -+long _mkcgo_go_validatePublicKeyECDH(int32_t, const uint8_t*, long); -+long _mkcgo_go_validatePublicKeyMLDSA65(const uint8_t*, long); -+long _mkcgo_go_validatePublicKeyMLDSA87(const uint8_t*, long); -+long _mkcgo_go_verifyEd25519(const uint8_t*, const uint8_t*, size_t, const uint8_t*); -+long _mkcgo_go_verifyMLDSA65(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); -+long _mkcgo_go_verifyMLDSA87(const uint8_t*, long, const uint8_t*, long, const uint8_t*, long, const uint8_t*, long); ++func EVP_MD_CTX_free(ctx EVP_MD_CTX_PTR) { ++ syscallN(0, _mkcgo_EVP_MD_CTX_free, uintptr(ctx)) ++} + -+#endif // MKCGO_H -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.s -new file mode 100644 -index 00000000000000..5be36f4b35dedb ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit.s -@@ -0,0 +1,400 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++var _mkcgo_EVP_MD_CTX_get_params uintptr + -+// Code generated by mkcgo. DO NOT EDIT. ++func EVP_MD_CTX_get_params(ctx EVP_MD_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_MD_CTX_get_params, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_MD_CTX_get_params", _err) ++} + -+//go:build !cgo ++var _mkcgo_EVP_MD_CTX_gettable_params uintptr + -+#include "textflag.h" ++func EVP_MD_CTX_gettable_params(ctx EVP_MD_CTX_PTR) (OSSL_PARAM_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_MD_CTX_gettable_params, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) ++ return OSSL_PARAM_PTR(r0), newMkcgoErr("EVP_MD_CTX_gettable_params", _err) ++} + -+#ifndef GOARCH_amd64 -+#ifndef GOARCH_arm64 -+#ifndef GOARCH_riscv64 -+#ifndef GOARCH_loong64 -+#ifndef GOARCH_mips64 -+#ifndef GOARCH_mips64le -+#ifndef GOARCH_ppc64 -+#ifndef GOARCH_ppc64le -+#ifndef GOARCH_s390x -+#ifndef GOARCH_sparc64 -+#define _GOPTRSIZE 4 -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif ++var _mkcgo_EVP_MD_CTX_new uintptr + -+#ifndef _GOPTRSIZE -+#define _GOPTRSIZE 8 -+#endif -+TEXT _mkcgo_go_MD5_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_MD5(SB) ++func EVP_MD_CTX_new() (EVP_MD_CTX_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_MD_CTX_new, uintptr(unsafe.Pointer(&_err))) ++ return EVP_MD_CTX_PTR(r0), newMkcgoErr("EVP_MD_CTX_new", _err) ++} + -+GLOBL ·_mkcgo_go_MD5_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_MD5_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_MD5_trampoline<>(SB) ++var _mkcgo_EVP_MD_CTX_set_params uintptr + -+TEXT _mkcgo_go_SHA1_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_SHA1(SB) ++func EVP_MD_CTX_set_params(ctx EVP_MD_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_MD_CTX_set_params, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_MD_CTX_set_params", _err) ++} + -+GLOBL ·_mkcgo_go_SHA1_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_SHA1_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_SHA1_trampoline<>(SB) ++var _mkcgo_EVP_MD_CTX_settable_params uintptr + -+TEXT _mkcgo_go_SHA256_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_SHA256(SB) ++func EVP_MD_CTX_settable_params(ctx EVP_MD_CTX_PTR) (OSSL_PARAM_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_MD_CTX_settable_params, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) ++ return OSSL_PARAM_PTR(r0), newMkcgoErr("EVP_MD_CTX_settable_params", _err) ++} + -+GLOBL ·_mkcgo_go_SHA256_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_SHA256_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_SHA256_trampoline<>(SB) ++var _mkcgo_EVP_MD_fetch uintptr + -+TEXT _mkcgo_go_SHA384_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_SHA384(SB) ++func EVP_MD_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_MD_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_MD_fetch, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(algorithm))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(properties))), uintptr(unsafe.Pointer(&_err))) ++ return EVP_MD_PTR(r0), newMkcgoErr("EVP_MD_fetch", _err) ++} + -+GLOBL ·_mkcgo_go_SHA384_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_SHA384_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_SHA384_trampoline<>(SB) ++var _mkcgo_EVP_MD_free uintptr + -+TEXT _mkcgo_go_SHA3_256_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_SHA3_256(SB) ++func EVP_MD_free(md EVP_MD_PTR) { ++ syscallN(0, _mkcgo_EVP_MD_free, uintptr(md)) ++} + -+GLOBL ·_mkcgo_go_SHA3_256_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_SHA3_256_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_SHA3_256_trampoline<>(SB) ++var _mkcgo_EVP_MD_get0_name uintptr + -+TEXT _mkcgo_go_SHA3_384_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_SHA3_384(SB) ++func EVP_MD_get0_name(md EVP_MD_PTR) *byte { ++ r0, _ := syscallN(0, _mkcgo_EVP_MD_get0_name, uintptr(md)) ++ return (*byte)(unsafe.Pointer(r0)) ++} + -+GLOBL ·_mkcgo_go_SHA3_384_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_SHA3_384_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_SHA3_384_trampoline<>(SB) ++var _mkcgo_EVP_MD_get0_provider uintptr + -+TEXT _mkcgo_go_SHA3_512_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_SHA3_512(SB) ++func EVP_MD_get0_provider(md EVP_MD_PTR) OSSL_PROVIDER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_MD_get0_provider, uintptr(md)) ++ return OSSL_PROVIDER_PTR(r0) ++} + -+GLOBL ·_mkcgo_go_SHA3_512_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_SHA3_512_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_SHA3_512_trampoline<>(SB) ++var _mkcgo_EVP_MD_get_block_size uintptr + -+TEXT _mkcgo_go_SHA512_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_SHA512(SB) ++func EVP_MD_get_block_size(md EVP_MD_PTR) int32 { ++ r0, _ := syscallN(0, _mkcgo_EVP_MD_get_block_size, uintptr(md)) ++ return int32(r0) ++} + -+GLOBL ·_mkcgo_go_SHA512_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_SHA512_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_SHA512_trampoline<>(SB) ++var _mkcgo_EVP_MD_get_size uintptr + -+TEXT _mkcgo_go_copyHMAC_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_copyHMAC(SB) ++func EVP_MD_get_size(md EVP_MD_PTR) int32 { ++ r0, _ := syscallN(0, _mkcgo_EVP_MD_get_size, uintptr(md)) ++ return int32(r0) ++} + -+GLOBL ·_mkcgo_go_copyHMAC_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_copyHMAC_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_copyHMAC_trampoline<>(SB) ++var _mkcgo_EVP_MD_get_type uintptr + -+TEXT _mkcgo_go_decapsulateMLKEM1024_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_decapsulateMLKEM1024(SB) ++func EVP_MD_get_type(md EVP_MD_PTR) int32 { ++ r0, _ := syscallN(0, _mkcgo_EVP_MD_get_type, uintptr(md)) ++ return int32(r0) ++} + -+GLOBL ·_mkcgo_go_decapsulateMLKEM1024_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_decapsulateMLKEM1024_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_decapsulateMLKEM1024_trampoline<>(SB) ++var _mkcgo_EVP_PKEY_CTX_add1_hkdf_info uintptr + -+TEXT _mkcgo_go_decapsulateMLKEM768_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_decapsulateMLKEM768(SB) ++func EVP_PKEY_CTX_add1_hkdf_info(arg0 EVP_PKEY_CTX_PTR, arg1 []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_add1_hkdf_info, uintptr(arg0), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg1)))), uintptr(len(arg1)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_add1_hkdf_info", _err) ++} + -+GLOBL ·_mkcgo_go_decapsulateMLKEM768_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_decapsulateMLKEM768_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_decapsulateMLKEM768_trampoline<>(SB) ++var _mkcgo_EVP_PKEY_CTX_ctrl uintptr + -+TEXT _mkcgo_go_decryptAESGCM_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_decryptAESGCM(SB) ++func EVP_PKEY_CTX_ctrl(ctx EVP_PKEY_CTX_PTR, keytype int32, optype int32, cmd int32, p1 int32, p2 unsafe.Pointer) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_ctrl, uintptr(ctx), uintptr(keytype), uintptr(optype), uintptr(cmd), uintptr(p1), uintptr(p2), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_ctrl", _err) ++} + -+GLOBL ·_mkcgo_go_decryptAESGCM_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_decryptAESGCM_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_decryptAESGCM_trampoline<>(SB) ++var _mkcgo_EVP_PKEY_CTX_free uintptr + -+TEXT _mkcgo_go_decryptChaChaPoly_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_decryptChaChaPoly(SB) ++func EVP_PKEY_CTX_free(arg0 EVP_PKEY_CTX_PTR) { ++ syscallN(0, _mkcgo_EVP_PKEY_CTX_free, uintptr(arg0)) ++} + -+GLOBL ·_mkcgo_go_decryptChaChaPoly_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_decryptChaChaPoly_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_decryptChaChaPoly_trampoline<>(SB) ++var _mkcgo_EVP_PKEY_CTX_new uintptr + -+TEXT _mkcgo_go_deriveEncapsulationKeyMLKEM1024_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_deriveEncapsulationKeyMLKEM1024(SB) ++func EVP_PKEY_CTX_new(arg0 EVP_PKEY_PTR, arg1 ENGINE_PTR) (EVP_PKEY_CTX_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_CTX_new, uintptr(arg0), uintptr(arg1), uintptr(unsafe.Pointer(&_err))) ++ return EVP_PKEY_CTX_PTR(r0), newMkcgoErr("EVP_PKEY_CTX_new", _err) ++} + -+GLOBL ·_mkcgo_go_deriveEncapsulationKeyMLKEM1024_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_deriveEncapsulationKeyMLKEM1024_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_deriveEncapsulationKeyMLKEM1024_trampoline<>(SB) ++var _mkcgo_EVP_PKEY_CTX_new_from_pkey uintptr + -+TEXT _mkcgo_go_deriveEncapsulationKeyMLKEM768_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_deriveEncapsulationKeyMLKEM768(SB) ++func EVP_PKEY_CTX_new_from_pkey(libctx OSSL_LIB_CTX_PTR, pkey EVP_PKEY_PTR, propquery *byte) (EVP_PKEY_CTX_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_CTX_new_from_pkey, uintptr(libctx), uintptr(pkey), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(propquery))), uintptr(unsafe.Pointer(&_err))) ++ return EVP_PKEY_CTX_PTR(r0), newMkcgoErr("EVP_PKEY_CTX_new_from_pkey", _err) ++} + -+GLOBL ·_mkcgo_go_deriveEncapsulationKeyMLKEM768_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_deriveEncapsulationKeyMLKEM768_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_deriveEncapsulationKeyMLKEM768_trampoline<>(SB) ++var _mkcgo_EVP_PKEY_CTX_new_id uintptr + -+TEXT _mkcgo_go_derivePublicKeyMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_derivePublicKeyMLDSA65(SB) ++func EVP_PKEY_CTX_new_id(id int32, e ENGINE_PTR) (EVP_PKEY_CTX_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_CTX_new_id, uintptr(id), uintptr(e), uintptr(unsafe.Pointer(&_err))) ++ return EVP_PKEY_CTX_PTR(r0), newMkcgoErr("EVP_PKEY_CTX_new_id", _err) ++} + -+GLOBL ·_mkcgo_go_derivePublicKeyMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_derivePublicKeyMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_derivePublicKeyMLDSA65_trampoline<>(SB) ++var _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label uintptr + -+TEXT _mkcgo_go_derivePublicKeyMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_derivePublicKeyMLDSA87(SB) ++func EVP_PKEY_CTX_set0_rsa_oaep_label(ctx EVP_PKEY_CTX_PTR, label []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(label)))), uintptr(len(label)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_set0_rsa_oaep_label", _err) ++} + -+GLOBL ·_mkcgo_go_derivePublicKeyMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_derivePublicKeyMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_derivePublicKeyMLDSA87_trampoline<>(SB) ++var _mkcgo_EVP_PKEY_CTX_set1_hkdf_key uintptr + -+TEXT _mkcgo_go_ecdhSharedSecret_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_ecdhSharedSecret(SB) ++func EVP_PKEY_CTX_set1_hkdf_key(arg0 EVP_PKEY_CTX_PTR, arg1 []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_set1_hkdf_key, uintptr(arg0), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg1)))), uintptr(len(arg1)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_set1_hkdf_key", _err) ++} + -+GLOBL ·_mkcgo_go_ecdhSharedSecret_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_ecdhSharedSecret_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_ecdhSharedSecret_trampoline<>(SB) ++var _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt uintptr + -+TEXT _mkcgo_go_ecdsaSign_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_ecdsaSign(SB) ++func EVP_PKEY_CTX_set1_hkdf_salt(arg0 EVP_PKEY_CTX_PTR, arg1 []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt, uintptr(arg0), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg1)))), uintptr(len(arg1)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_set1_hkdf_salt", _err) ++} + -+GLOBL ·_mkcgo_go_ecdsaSign_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_ecdsaSign_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_ecdsaSign_trampoline<>(SB) ++var _mkcgo_EVP_PKEY_CTX_set_hkdf_md uintptr + -+TEXT _mkcgo_go_ecdsaVerify_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_ecdsaVerify(SB) ++func EVP_PKEY_CTX_set_hkdf_md(arg0 EVP_PKEY_CTX_PTR, arg1 EVP_MD_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_set_hkdf_md, uintptr(arg0), uintptr(arg1), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_set_hkdf_md", _err) ++} + -+GLOBL ·_mkcgo_go_ecdsaVerify_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_ecdsaVerify_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_ecdsaVerify_trampoline<>(SB) ++var _mkcgo_EVP_PKEY_CTX_set_hkdf_mode uintptr + -+TEXT _mkcgo_go_encapsulateMLKEM1024_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_encapsulateMLKEM1024(SB) ++func EVP_PKEY_CTX_set_hkdf_mode(arg0 EVP_PKEY_CTX_PTR, arg1 int32) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_set_hkdf_mode, uintptr(arg0), uintptr(arg1), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_set_hkdf_mode", _err) ++} + -+GLOBL ·_mkcgo_go_encapsulateMLKEM1024_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_encapsulateMLKEM1024_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_encapsulateMLKEM1024_trampoline<>(SB) ++var _mkcgo_EVP_PKEY_CTX_set_params uintptr + -+TEXT _mkcgo_go_encapsulateMLKEM768_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_encapsulateMLKEM768(SB) ++func EVP_PKEY_CTX_set_params(ctx EVP_PKEY_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_CTX_set_params, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_CTX_set_params", _err) ++} + -+GLOBL ·_mkcgo_go_encapsulateMLKEM768_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_encapsulateMLKEM768_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_encapsulateMLKEM768_trampoline<>(SB) ++var _mkcgo_EVP_PKEY_Q_keygen uintptr + -+TEXT _mkcgo_go_encryptAESGCM_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_encryptAESGCM(SB) ++func EVP_PKEY_Q_keygen_EC(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 *byte) (EVP_PKEY_PTR, error) { ++ var _err uintptr ++ var r0 uintptr ++ if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" { ++ r0, _ = syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(arg1)), uintptr(unsafe.Pointer(&_err))) ++ } else { ++ r0, _ = syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), uintptr(unsafe.Pointer(arg1)), uintptr(unsafe.Pointer(&_err))) ++ } ++ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_Q_keygen_EC", _err) ++} + -+GLOBL ·_mkcgo_go_encryptAESGCM_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_encryptAESGCM_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_encryptAESGCM_trampoline<>(SB) ++func EVP_PKEY_Q_keygen_ED25519(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), uintptr(unsafe.Pointer(&_err))) ++ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_Q_keygen_ED25519", _err) ++} + -+TEXT _mkcgo_go_encryptChaChaPoly_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_encryptChaChaPoly(SB) ++func EVP_PKEY_Q_keygen_MLDSA(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), uintptr(unsafe.Pointer(&_err))) ++ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_Q_keygen_MLDSA", _err) ++} + -+GLOBL ·_mkcgo_go_encryptChaChaPoly_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_encryptChaChaPoly_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_encryptChaChaPoly_trampoline<>(SB) ++func EVP_PKEY_Q_keygen_MLKEM(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), uintptr(unsafe.Pointer(&_err))) ++ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_Q_keygen_MLKEM", _err) ++} + -+TEXT _mkcgo_go_expandHKDF_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_expandHKDF(SB) ++func EVP_PKEY_Q_keygen_RSA(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte, arg1 int) (EVP_PKEY_PTR, error) { ++ var _err uintptr ++ var r0 uintptr ++ if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" { ++ r0, _ = syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), 0, 0, 0, 0, 0, uintptr(arg1), uintptr(unsafe.Pointer(&_err))) ++ } else { ++ r0, _ = syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), uintptr(arg1), uintptr(unsafe.Pointer(&_err))) ++ } ++ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_Q_keygen_RSA", _err) ++} + -+GLOBL ·_mkcgo_go_expandHKDF_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_expandHKDF_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_expandHKDF_trampoline<>(SB) ++func EVP_PKEY_Q_keygen_X25519(ctx OSSL_LIB_CTX_PTR, propq *byte, __type *byte) (EVP_PKEY_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_Q_keygen, uintptr(ctx), uintptr(unsafe.Pointer(propq)), uintptr(unsafe.Pointer(__type)), uintptr(unsafe.Pointer(&_err))) ++ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_Q_keygen_X25519", _err) ++} + -+TEXT _mkcgo_go_extractHKDF_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_extractHKDF(SB) ++var _mkcgo_EVP_PKEY_assign uintptr + -+GLOBL ·_mkcgo_go_extractHKDF_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_extractHKDF_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_extractHKDF_trampoline<>(SB) ++func EVP_PKEY_assign(pkey EVP_PKEY_PTR, __type int32, key unsafe.Pointer) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_assign, uintptr(pkey), uintptr(__type), uintptr(key), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_assign", _err) ++} + -+TEXT _mkcgo_go_finalizeHMAC_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_finalizeHMAC(SB) ++var _mkcgo_EVP_PKEY_decapsulate uintptr + -+GLOBL ·_mkcgo_go_finalizeHMAC_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_finalizeHMAC_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_finalizeHMAC_trampoline<>(SB) ++func EVP_PKEY_decapsulate(ctx EVP_PKEY_CTX_PTR, genkey *byte, genkeylen *int, wrappedkey *byte, wrappedkeylen int) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_decapsulate, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(genkey))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(genkeylen))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(wrappedkey))), uintptr(wrappedkeylen), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_decapsulate", _err) ++} + -+TEXT _mkcgo_go_freeHMAC_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_freeHMAC(SB) ++var _mkcgo_EVP_PKEY_decapsulate_init uintptr + -+GLOBL ·_mkcgo_go_freeHMAC_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_freeHMAC_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_freeHMAC_trampoline<>(SB) ++func EVP_PKEY_decapsulate_init(ctx EVP_PKEY_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_decapsulate_init, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_decapsulate_init", _err) ++} + -+TEXT _mkcgo_go_generateKeyECDH_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_generateKeyECDH(SB) ++var _mkcgo_EVP_PKEY_decrypt uintptr + -+GLOBL ·_mkcgo_go_generateKeyECDH_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_generateKeyECDH_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyECDH_trampoline<>(SB) ++func EVP_PKEY_decrypt(arg0 EVP_PKEY_CTX_PTR, arg1 []byte, arg2 *int, arg3 []byte) (int32, error) { ++ if arg2 != nil && int(*arg2) > len(arg1) { ++ panic("EVP_PKEY_decrypt: *arg2 exceeds len(arg1)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_decrypt, uintptr(arg0), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg1)))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(arg2))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg3)))), uintptr(len(arg3)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_decrypt", _err) ++} + -+TEXT _mkcgo_go_generateKeyECDSA_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_generateKeyECDSA(SB) ++var _mkcgo_EVP_PKEY_decrypt_init uintptr + -+GLOBL ·_mkcgo_go_generateKeyECDSA_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_generateKeyECDSA_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyECDSA_trampoline<>(SB) ++func EVP_PKEY_decrypt_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_decrypt_init, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_decrypt_init", _err) ++} + -+TEXT _mkcgo_go_generateKeyEd25519_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_generateKeyEd25519(SB) ++var _mkcgo_EVP_PKEY_derive uintptr + -+GLOBL ·_mkcgo_go_generateKeyEd25519_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_generateKeyEd25519_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyEd25519_trampoline<>(SB) ++func EVP_PKEY_derive(ctx EVP_PKEY_CTX_PTR, key []byte, keylen *int) (int32, error) { ++ if keylen != nil && int(*keylen) > len(key) { ++ panic("EVP_PKEY_derive: *keylen exceeds len(key)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_derive, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(unsafe.Pointer(keylen)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_derive", _err) ++} + -+TEXT _mkcgo_go_generateKeyMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_generateKeyMLDSA65(SB) ++var _mkcgo_EVP_PKEY_derive_init uintptr + -+GLOBL ·_mkcgo_go_generateKeyMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_generateKeyMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyMLDSA65_trampoline<>(SB) ++func EVP_PKEY_derive_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_derive_init, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_derive_init", _err) ++} + -+TEXT _mkcgo_go_generateKeyMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_generateKeyMLDSA87(SB) ++var _mkcgo_EVP_PKEY_derive_set_peer uintptr + -+GLOBL ·_mkcgo_go_generateKeyMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_generateKeyMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyMLDSA87_trampoline<>(SB) ++func EVP_PKEY_derive_set_peer(ctx EVP_PKEY_CTX_PTR, peer EVP_PKEY_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_derive_set_peer, uintptr(ctx), uintptr(peer), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_derive_set_peer", _err) ++} + -+TEXT _mkcgo_go_generateKeyMLKEM1024_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_generateKeyMLKEM1024(SB) ++var _mkcgo_EVP_PKEY_encapsulate uintptr + -+GLOBL ·_mkcgo_go_generateKeyMLKEM1024_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_generateKeyMLKEM1024_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyMLKEM1024_trampoline<>(SB) ++func EVP_PKEY_encapsulate(ctx EVP_PKEY_CTX_PTR, wrappedkey *byte, wrappedkeylen *int, genkey *byte, genkeylen *int) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_encapsulate, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(wrappedkey))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(wrappedkeylen))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(genkey))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(genkeylen))), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_encapsulate", _err) ++} + -+TEXT _mkcgo_go_generateKeyMLKEM768_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_generateKeyMLKEM768(SB) ++var _mkcgo_EVP_PKEY_encapsulate_init uintptr + -+GLOBL ·_mkcgo_go_generateKeyMLKEM768_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_generateKeyMLKEM768_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_generateKeyMLKEM768_trampoline<>(SB) ++func EVP_PKEY_encapsulate_init(ctx EVP_PKEY_CTX_PTR, params OSSL_PARAM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_encapsulate_init, uintptr(ctx), uintptr(params), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_encapsulate_init", _err) ++} + -+TEXT _mkcgo_go_hashBlockSize_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_hashBlockSize(SB) ++var _mkcgo_EVP_PKEY_encrypt uintptr + -+GLOBL ·_mkcgo_go_hashBlockSize_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_hashBlockSize_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashBlockSize_trampoline<>(SB) ++func EVP_PKEY_encrypt(arg0 EVP_PKEY_CTX_PTR, arg1 []byte, arg2 *int, arg3 []byte) (int32, error) { ++ if arg2 != nil && int(*arg2) > len(arg1) { ++ panic("EVP_PKEY_encrypt: *arg2 exceeds len(arg1)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_encrypt, uintptr(arg0), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg1)))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(arg2))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg3)))), uintptr(len(arg3)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_encrypt", _err) ++} + -+TEXT _mkcgo_go_hashCopy_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_hashCopy(SB) ++var _mkcgo_EVP_PKEY_encrypt_init uintptr + -+GLOBL ·_mkcgo_go_hashCopy_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_hashCopy_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashCopy_trampoline<>(SB) ++func EVP_PKEY_encrypt_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_encrypt_init, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_encrypt_init", _err) ++} + -+TEXT _mkcgo_go_hashFree_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_hashFree(SB) ++var _mkcgo_EVP_PKEY_free uintptr + -+GLOBL ·_mkcgo_go_hashFree_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_hashFree_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashFree_trampoline<>(SB) ++func EVP_PKEY_free(arg0 EVP_PKEY_PTR) { ++ syscallN(0, _mkcgo_EVP_PKEY_free, uintptr(arg0)) ++} + -+TEXT _mkcgo_go_hashNew_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_hashNew(SB) ++var _mkcgo_EVP_PKEY_fromdata uintptr + -+GLOBL ·_mkcgo_go_hashNew_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_hashNew_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashNew_trampoline<>(SB) ++func EVP_PKEY_fromdata(ctx EVP_PKEY_CTX_PTR, pkey *EVP_PKEY_PTR, selection int32, params OSSL_PARAM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_fromdata, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(pkey))), uintptr(selection), uintptr(params), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_fromdata", _err) ++} + -+TEXT _mkcgo_go_hashReset_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_hashReset(SB) ++var _mkcgo_EVP_PKEY_fromdata_init uintptr + -+GLOBL ·_mkcgo_go_hashReset_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_hashReset_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashReset_trampoline<>(SB) ++func EVP_PKEY_fromdata_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_fromdata_init, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_fromdata_init", _err) ++} + -+TEXT _mkcgo_go_hashSize_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_hashSize(SB) ++var _mkcgo_EVP_PKEY_get0_DSA uintptr + -+GLOBL ·_mkcgo_go_hashSize_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_hashSize_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashSize_trampoline<>(SB) ++func EVP_PKEY_get0_DSA(pkey EVP_PKEY_PTR) (DSA_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_get0_DSA, uintptr(pkey), uintptr(unsafe.Pointer(&_err))) ++ return DSA_PTR(r0), newMkcgoErr("EVP_PKEY_get0_DSA", _err) ++} + -+TEXT _mkcgo_go_hashSum_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_hashSum(SB) ++var _mkcgo_EVP_PKEY_get0_EC_KEY uintptr + -+GLOBL ·_mkcgo_go_hashSum_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_hashSum_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashSum_trampoline<>(SB) ++func EVP_PKEY_get0_EC_KEY(pkey EVP_PKEY_PTR) (EC_KEY_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_get0_EC_KEY, uintptr(pkey), uintptr(unsafe.Pointer(&_err))) ++ return EC_KEY_PTR(r0), newMkcgoErr("EVP_PKEY_get0_EC_KEY", _err) ++} + -+TEXT _mkcgo_go_hashWrite_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_hashWrite(SB) ++var _mkcgo_EVP_PKEY_get1_RSA uintptr + -+GLOBL ·_mkcgo_go_hashWrite_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_hashWrite_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_hashWrite_trampoline<>(SB) ++func EVP_PKEY_get1_RSA(pkey EVP_PKEY_PTR) (RSA_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_get1_RSA, uintptr(pkey), uintptr(unsafe.Pointer(&_err))) ++ return RSA_PTR(r0), newMkcgoErr("EVP_PKEY_get1_RSA", _err) ++} + -+TEXT _mkcgo_go_initHMAC_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_initHMAC(SB) ++var _mkcgo_EVP_PKEY_get1_encoded_public_key uintptr + -+GLOBL ·_mkcgo_go_initHMAC_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_initHMAC_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_initHMAC_trampoline<>(SB) ++func EVP_PKEY_get1_encoded_public_key(pkey EVP_PKEY_PTR, ppub **byte) (int, error) { ++ var _err uintptr ++ r0, _ := syscallN(4, _mkcgo_EVP_PKEY_get1_encoded_public_key, uintptr(pkey), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(ppub))), uintptr(unsafe.Pointer(&_err))) ++ return int(r0), newMkcgoErr("EVP_PKEY_get1_encoded_public_key", _err) ++} + -+TEXT _mkcgo_go_newPrivateKeyEd25519FromSeed_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_newPrivateKeyEd25519FromSeed(SB) ++var _mkcgo_EVP_PKEY_get_bits uintptr + -+GLOBL ·_mkcgo_go_newPrivateKeyEd25519FromSeed_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_newPrivateKeyEd25519FromSeed_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_newPrivateKeyEd25519FromSeed_trampoline<>(SB) ++func EVP_PKEY_get_bits(pkey EVP_PKEY_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_get_bits, uintptr(pkey), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_get_bits", _err) ++} + -+TEXT _mkcgo_go_newPublicKeyEd25519_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_newPublicKeyEd25519(SB) ++var _mkcgo_EVP_PKEY_get_bn_param uintptr + -+GLOBL ·_mkcgo_go_newPublicKeyEd25519_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_newPublicKeyEd25519_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_newPublicKeyEd25519_trampoline<>(SB) ++func EVP_PKEY_get_bn_param(pkey EVP_PKEY_PTR, key_name *byte, bn *BIGNUM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_get_bn_param, uintptr(pkey), uintptr(unsafe.Pointer(key_name)), uintptr(unsafe.Pointer(bn)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_get_bn_param", _err) ++} + -+TEXT _mkcgo_go_publicKeyFromPrivateECDH_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_publicKeyFromPrivateECDH(SB) ++var _mkcgo_EVP_PKEY_get_octet_string_param uintptr + -+GLOBL ·_mkcgo_go_publicKeyFromPrivateECDH_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_publicKeyFromPrivateECDH_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_publicKeyFromPrivateECDH_trampoline<>(SB) ++func EVP_PKEY_get_octet_string_param(pkey EVP_PKEY_PTR, key_name *byte, buf []byte, out_len *int) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_get_octet_string_param, uintptr(pkey), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key_name))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(buf)))), uintptr(len(buf)), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(out_len))), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_get_octet_string_param", _err) ++} + -+TEXT _mkcgo_go_signEd25519_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_signEd25519(SB) ++var _mkcgo_EVP_PKEY_get_raw_private_key uintptr + -+GLOBL ·_mkcgo_go_signEd25519_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_signEd25519_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_signEd25519_trampoline<>(SB) ++func EVP_PKEY_get_raw_private_key(pkey EVP_PKEY_PTR, priv []byte, privlen *int) (int32, error) { ++ if privlen != nil && int(*privlen) > len(priv) { ++ panic("EVP_PKEY_get_raw_private_key: *privlen exceeds len(priv)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_get_raw_private_key, uintptr(pkey), uintptr(unsafe.Pointer(unsafe.SliceData(priv))), uintptr(unsafe.Pointer(privlen)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_get_raw_private_key", _err) ++} + -+TEXT _mkcgo_go_signMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_signMLDSA65(SB) ++var _mkcgo_EVP_PKEY_get_raw_public_key uintptr + -+GLOBL ·_mkcgo_go_signMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_signMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_signMLDSA65_trampoline<>(SB) ++func EVP_PKEY_get_raw_public_key(pkey EVP_PKEY_PTR, pub []byte, publen *int) (int32, error) { ++ if publen != nil && int(*publen) > len(pub) { ++ panic("EVP_PKEY_get_raw_public_key: *publen exceeds len(pub)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_get_raw_public_key, uintptr(pkey), uintptr(unsafe.Pointer(unsafe.SliceData(pub))), uintptr(unsafe.Pointer(publen)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_get_raw_public_key", _err) ++} + -+TEXT _mkcgo_go_signMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_signMLDSA87(SB) ++var _mkcgo_EVP_PKEY_get_size uintptr + -+GLOBL ·_mkcgo_go_signMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_signMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_signMLDSA87_trampoline<>(SB) ++func EVP_PKEY_get_size(pkey EVP_PKEY_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_get_size, uintptr(pkey), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_get_size", _err) ++} + -+TEXT _mkcgo_go_supportsMLDSA_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_supportsMLDSA(SB) ++var _mkcgo_EVP_PKEY_keygen uintptr + -+GLOBL ·_mkcgo_go_supportsMLDSA_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_supportsMLDSA_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_supportsMLDSA_trampoline<>(SB) ++func EVP_PKEY_keygen(ctx EVP_PKEY_CTX_PTR, ppkey *EVP_PKEY_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_keygen, uintptr(ctx), uintptr(unsafe.Pointer(ppkey)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_keygen", _err) ++} + -+TEXT _mkcgo_go_supportsMLKEM_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_supportsMLKEM(SB) ++var _mkcgo_EVP_PKEY_keygen_init uintptr + -+GLOBL ·_mkcgo_go_supportsMLKEM_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_supportsMLKEM_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_supportsMLKEM_trampoline<>(SB) ++func EVP_PKEY_keygen_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_keygen_init, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_keygen_init", _err) ++} + -+TEXT _mkcgo_go_supportsSHA3_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_supportsSHA3(SB) ++var _mkcgo_EVP_PKEY_new uintptr + -+GLOBL ·_mkcgo_go_supportsSHA3_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_supportsSHA3_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_supportsSHA3_trampoline<>(SB) ++func EVP_PKEY_new() (EVP_PKEY_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_new, uintptr(unsafe.Pointer(&_err))) ++ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_new", _err) ++} + -+TEXT _mkcgo_go_updateHMAC_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_updateHMAC(SB) ++var _mkcgo_EVP_PKEY_new_raw_private_key uintptr + -+GLOBL ·_mkcgo_go_updateHMAC_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_updateHMAC_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_updateHMAC_trampoline<>(SB) ++func EVP_PKEY_new_raw_private_key(__type int32, e ENGINE_PTR, key []byte) (EVP_PKEY_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_new_raw_private_key, uintptr(__type), uintptr(e), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(key)))), uintptr(len(key)), uintptr(unsafe.Pointer(&_err))) ++ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_new_raw_private_key", _err) ++} + -+TEXT _mkcgo_go_validatePrivateKeyECDH_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_validatePrivateKeyECDH(SB) ++var _mkcgo_EVP_PKEY_new_raw_public_key uintptr + -+GLOBL ·_mkcgo_go_validatePrivateKeyECDH_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_validatePrivateKeyECDH_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_validatePrivateKeyECDH_trampoline<>(SB) ++func EVP_PKEY_new_raw_public_key(__type int32, e ENGINE_PTR, key []byte) (EVP_PKEY_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_PKEY_new_raw_public_key, uintptr(__type), uintptr(e), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(key)))), uintptr(len(key)), uintptr(unsafe.Pointer(&_err))) ++ return EVP_PKEY_PTR(r0), newMkcgoErr("EVP_PKEY_new_raw_public_key", _err) ++} + -+TEXT _mkcgo_go_validatePublicKeyECDH_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_validatePublicKeyECDH(SB) ++var _mkcgo_EVP_PKEY_paramgen uintptr + -+GLOBL ·_mkcgo_go_validatePublicKeyECDH_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_validatePublicKeyECDH_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_validatePublicKeyECDH_trampoline<>(SB) ++func EVP_PKEY_paramgen(ctx EVP_PKEY_CTX_PTR, ppkey *EVP_PKEY_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_paramgen, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(ppkey))), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_paramgen", _err) ++} + -+TEXT _mkcgo_go_validatePublicKeyMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_validatePublicKeyMLDSA65(SB) ++var _mkcgo_EVP_PKEY_paramgen_init uintptr + -+GLOBL ·_mkcgo_go_validatePublicKeyMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_validatePublicKeyMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_validatePublicKeyMLDSA65_trampoline<>(SB) ++func EVP_PKEY_paramgen_init(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_paramgen_init, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_paramgen_init", _err) ++} + -+TEXT _mkcgo_go_validatePublicKeyMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_validatePublicKeyMLDSA87(SB) ++var _mkcgo_EVP_PKEY_private_check uintptr + -+GLOBL ·_mkcgo_go_validatePublicKeyMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_validatePublicKeyMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_validatePublicKeyMLDSA87_trampoline<>(SB) ++func EVP_PKEY_private_check(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_private_check, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_private_check", _err) ++} + -+TEXT _mkcgo_go_verifyEd25519_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_verifyEd25519(SB) ++var _mkcgo_EVP_PKEY_public_check_quick uintptr + -+GLOBL ·_mkcgo_go_verifyEd25519_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_verifyEd25519_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_verifyEd25519_trampoline<>(SB) ++func EVP_PKEY_public_check_quick(ctx EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_public_check_quick, uintptr(ctx), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_public_check_quick", _err) ++} + -+TEXT _mkcgo_go_verifyMLDSA65_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_verifyMLDSA65(SB) ++var _mkcgo_EVP_PKEY_set1_EC_KEY uintptr + -+GLOBL ·_mkcgo_go_verifyMLDSA65_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_verifyMLDSA65_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_verifyMLDSA65_trampoline<>(SB) ++func EVP_PKEY_set1_EC_KEY(pkey EVP_PKEY_PTR, key EC_KEY_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_set1_EC_KEY, uintptr(pkey), uintptr(key), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_set1_EC_KEY", _err) ++} + -+TEXT _mkcgo_go_verifyMLDSA87_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_go_verifyMLDSA87(SB) ++var _mkcgo_EVP_PKEY_set1_encoded_public_key uintptr + -+GLOBL ·_mkcgo_go_verifyMLDSA87_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_go_verifyMLDSA87_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_go_verifyMLDSA87_trampoline<>(SB) ++func EVP_PKEY_set1_encoded_public_key(pkey EVP_PKEY_PTR, pub []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_set1_encoded_public_key, uintptr(pkey), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(pub)))), uintptr(len(pub)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_set1_encoded_public_key", _err) ++} + -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_cgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_cgo.go -new file mode 100644 -index 00000000000000..c05dd1acf80954 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_cgo.go -@@ -0,0 +1,386 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++var _mkcgo_EVP_PKEY_sign uintptr + -+// Code generated by mkcgo. DO NOT EDIT. ++func EVP_PKEY_sign(arg0 EVP_PKEY_CTX_PTR, arg1 []byte, arg2 *int, arg3 []byte) (int32, error) { ++ if arg2 != nil && int(*arg2) > len(arg1) { ++ panic("EVP_PKEY_sign: *arg2 exceeds len(arg1)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_sign, uintptr(arg0), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg1)))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(arg2))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(arg3)))), uintptr(len(arg3)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_sign", _err) ++} + -+package cryptokit ++var _mkcgo_EVP_PKEY_sign_init uintptr + -+/* -+#cgo CFLAGS: -Wno-attributes ++func EVP_PKEY_sign_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_sign_init, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_sign_init", _err) ++} + -+#include "zcryptokit.h" -+#cgo noescape _mkcgo_go_MD5 -+#cgo nocallback _mkcgo_go_MD5 -+#cgo noescape _mkcgo_go_SHA1 -+#cgo nocallback _mkcgo_go_SHA1 -+#cgo noescape _mkcgo_go_SHA256 -+#cgo nocallback _mkcgo_go_SHA256 -+#cgo noescape _mkcgo_go_SHA384 -+#cgo nocallback _mkcgo_go_SHA384 -+#cgo noescape _mkcgo_go_SHA3_256 -+#cgo nocallback _mkcgo_go_SHA3_256 -+#cgo noescape _mkcgo_go_SHA3_384 -+#cgo nocallback _mkcgo_go_SHA3_384 -+#cgo noescape _mkcgo_go_SHA3_512 -+#cgo nocallback _mkcgo_go_SHA3_512 -+#cgo noescape _mkcgo_go_SHA512 -+#cgo nocallback _mkcgo_go_SHA512 -+#cgo noescape _mkcgo_go_copyHMAC -+#cgo nocallback _mkcgo_go_copyHMAC -+#cgo noescape _mkcgo_go_decapsulateMLKEM1024 -+#cgo nocallback _mkcgo_go_decapsulateMLKEM1024 -+#cgo noescape _mkcgo_go_decapsulateMLKEM768 -+#cgo nocallback _mkcgo_go_decapsulateMLKEM768 -+#cgo noescape _mkcgo_go_decryptAESGCM -+#cgo nocallback _mkcgo_go_decryptAESGCM -+#cgo noescape _mkcgo_go_decryptChaChaPoly -+#cgo nocallback _mkcgo_go_decryptChaChaPoly -+#cgo noescape _mkcgo_go_deriveEncapsulationKeyMLKEM1024 -+#cgo nocallback _mkcgo_go_deriveEncapsulationKeyMLKEM1024 -+#cgo noescape _mkcgo_go_deriveEncapsulationKeyMLKEM768 -+#cgo nocallback _mkcgo_go_deriveEncapsulationKeyMLKEM768 -+#cgo noescape _mkcgo_go_derivePublicKeyMLDSA65 -+#cgo nocallback _mkcgo_go_derivePublicKeyMLDSA65 -+#cgo noescape _mkcgo_go_derivePublicKeyMLDSA87 -+#cgo nocallback _mkcgo_go_derivePublicKeyMLDSA87 -+#cgo noescape _mkcgo_go_ecdhSharedSecret -+#cgo nocallback _mkcgo_go_ecdhSharedSecret -+#cgo noescape _mkcgo_go_ecdsaSign -+#cgo nocallback _mkcgo_go_ecdsaSign -+#cgo noescape _mkcgo_go_ecdsaVerify -+#cgo nocallback _mkcgo_go_ecdsaVerify -+#cgo noescape _mkcgo_go_encapsulateMLKEM1024 -+#cgo nocallback _mkcgo_go_encapsulateMLKEM1024 -+#cgo noescape _mkcgo_go_encapsulateMLKEM768 -+#cgo nocallback _mkcgo_go_encapsulateMLKEM768 -+#cgo noescape _mkcgo_go_encryptAESGCM -+#cgo nocallback _mkcgo_go_encryptAESGCM -+#cgo noescape _mkcgo_go_encryptChaChaPoly -+#cgo nocallback _mkcgo_go_encryptChaChaPoly -+#cgo noescape _mkcgo_go_expandHKDF -+#cgo nocallback _mkcgo_go_expandHKDF -+#cgo noescape _mkcgo_go_extractHKDF -+#cgo nocallback _mkcgo_go_extractHKDF -+#cgo noescape _mkcgo_go_finalizeHMAC -+#cgo nocallback _mkcgo_go_finalizeHMAC -+#cgo noescape _mkcgo_go_freeHMAC -+#cgo nocallback _mkcgo_go_freeHMAC -+#cgo noescape _mkcgo_go_generateKeyECDH -+#cgo nocallback _mkcgo_go_generateKeyECDH -+#cgo noescape _mkcgo_go_generateKeyECDSA -+#cgo nocallback _mkcgo_go_generateKeyECDSA -+#cgo noescape _mkcgo_go_generateKeyEd25519 -+#cgo nocallback _mkcgo_go_generateKeyEd25519 -+#cgo noescape _mkcgo_go_generateKeyMLDSA65 -+#cgo nocallback _mkcgo_go_generateKeyMLDSA65 -+#cgo noescape _mkcgo_go_generateKeyMLDSA87 -+#cgo nocallback _mkcgo_go_generateKeyMLDSA87 -+#cgo noescape _mkcgo_go_generateKeyMLKEM1024 -+#cgo nocallback _mkcgo_go_generateKeyMLKEM1024 -+#cgo noescape _mkcgo_go_generateKeyMLKEM768 -+#cgo nocallback _mkcgo_go_generateKeyMLKEM768 -+#cgo noescape _mkcgo_go_hashBlockSize -+#cgo nocallback _mkcgo_go_hashBlockSize -+#cgo noescape _mkcgo_go_hashCopy -+#cgo nocallback _mkcgo_go_hashCopy -+#cgo noescape _mkcgo_go_hashFree -+#cgo nocallback _mkcgo_go_hashFree -+#cgo noescape _mkcgo_go_hashNew -+#cgo nocallback _mkcgo_go_hashNew -+#cgo noescape _mkcgo_go_hashReset -+#cgo nocallback _mkcgo_go_hashReset -+#cgo noescape _mkcgo_go_hashSize -+#cgo nocallback _mkcgo_go_hashSize -+#cgo noescape _mkcgo_go_hashSum -+#cgo nocallback _mkcgo_go_hashSum -+#cgo noescape _mkcgo_go_hashWrite -+#cgo nocallback _mkcgo_go_hashWrite -+#cgo noescape _mkcgo_go_initHMAC -+#cgo nocallback _mkcgo_go_initHMAC -+#cgo noescape _mkcgo_go_newPrivateKeyEd25519FromSeed -+#cgo nocallback _mkcgo_go_newPrivateKeyEd25519FromSeed -+#cgo noescape _mkcgo_go_newPublicKeyEd25519 -+#cgo nocallback _mkcgo_go_newPublicKeyEd25519 -+#cgo noescape _mkcgo_go_publicKeyFromPrivateECDH -+#cgo nocallback _mkcgo_go_publicKeyFromPrivateECDH -+#cgo noescape _mkcgo_go_signEd25519 -+#cgo nocallback _mkcgo_go_signEd25519 -+#cgo noescape _mkcgo_go_signMLDSA65 -+#cgo nocallback _mkcgo_go_signMLDSA65 -+#cgo noescape _mkcgo_go_signMLDSA87 -+#cgo nocallback _mkcgo_go_signMLDSA87 -+#cgo noescape _mkcgo_go_supportsMLDSA -+#cgo nocallback _mkcgo_go_supportsMLDSA -+#cgo noescape _mkcgo_go_supportsMLKEM -+#cgo nocallback _mkcgo_go_supportsMLKEM -+#cgo noescape _mkcgo_go_supportsSHA3 -+#cgo nocallback _mkcgo_go_supportsSHA3 -+#cgo noescape _mkcgo_go_updateHMAC -+#cgo nocallback _mkcgo_go_updateHMAC -+#cgo noescape _mkcgo_go_validatePrivateKeyECDH -+#cgo nocallback _mkcgo_go_validatePrivateKeyECDH -+#cgo noescape _mkcgo_go_validatePublicKeyECDH -+#cgo nocallback _mkcgo_go_validatePublicKeyECDH -+#cgo noescape _mkcgo_go_validatePublicKeyMLDSA65 -+#cgo nocallback _mkcgo_go_validatePublicKeyMLDSA65 -+#cgo noescape _mkcgo_go_validatePublicKeyMLDSA87 -+#cgo nocallback _mkcgo_go_validatePublicKeyMLDSA87 -+#cgo noescape _mkcgo_go_verifyEd25519 -+#cgo nocallback _mkcgo_go_verifyEd25519 -+#cgo noescape _mkcgo_go_verifyMLDSA65 -+#cgo nocallback _mkcgo_go_verifyMLDSA65 -+#cgo noescape _mkcgo_go_verifyMLDSA87 -+#cgo nocallback _mkcgo_go_verifyMLDSA87 -+*/ -+import "C" -+import "unsafe" ++var _mkcgo_EVP_PKEY_up_ref uintptr + -+//go:nosplit -+func mkcgoNoEscape(p *C.uintptr_t) *C.uintptr_t { -+ x := uintptr(unsafe.Pointer(p)) -+ return (*C.uintptr_t)(unsafe.Pointer(x ^ 0)) ++func EVP_PKEY_up_ref(key EVP_PKEY_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_up_ref, uintptr(key), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_up_ref", _err) +} + -+func MD5(inputPointer []uint8, outputPointer []uint8) { -+ C._mkcgo_go_MD5((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) -+} ++var _mkcgo_EVP_PKEY_verify uintptr + -+func SHA1(inputPointer []uint8, outputPointer []uint8) { -+ C._mkcgo_go_SHA1((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++func EVP_PKEY_verify(ctx EVP_PKEY_CTX_PTR, sig []byte, tbs []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_verify, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(sig)))), uintptr(len(sig)), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(tbs)))), uintptr(len(tbs)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_verify", _err) +} + -+func SHA256(inputPointer []uint8, outputPointer []uint8) { -+ C._mkcgo_go_SHA256((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) -+} ++var _mkcgo_EVP_PKEY_verify_init uintptr + -+func SHA384(inputPointer []uint8, outputPointer []uint8) { -+ C._mkcgo_go_SHA384((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++func EVP_PKEY_verify_init(arg0 EVP_PKEY_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_PKEY_verify_init, uintptr(arg0), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_PKEY_verify_init", _err) +} + -+func SHA3_256(inputPointer []uint8, outputPointer []uint8) { -+ C._mkcgo_go_SHA3_256((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) -+} ++var _mkcgo_EVP_SIGNATURE_fetch uintptr + -+func SHA3_384(inputPointer []uint8, outputPointer []uint8) { -+ C._mkcgo_go_SHA3_384((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++func EVP_SIGNATURE_fetch(ctx OSSL_LIB_CTX_PTR, algorithm *byte, properties *byte) (EVP_SIGNATURE_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_EVP_SIGNATURE_fetch, uintptr(ctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(algorithm))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(properties))), uintptr(unsafe.Pointer(&_err))) ++ return EVP_SIGNATURE_PTR(r0), newMkcgoErr("EVP_SIGNATURE_fetch", _err) +} + -+func SHA3_512(inputPointer []uint8, outputPointer []uint8) { -+ C._mkcgo_go_SHA3_512((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) -+} ++var _mkcgo_EVP_SIGNATURE_free uintptr + -+func SHA512(inputPointer []uint8, outputPointer []uint8) { -+ C._mkcgo_go_SHA512((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(inputPointer))), C.size_t(len(inputPointer)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++func EVP_SIGNATURE_free(signature EVP_SIGNATURE_PTR) { ++ syscallN(0, _mkcgo_EVP_SIGNATURE_free, uintptr(signature)) +} + -+func CopyHMAC(hashAlgorithm int32, ptr unsafe.Pointer) unsafe.Pointer { -+ return C._mkcgo_go_copyHMAC(C.int32_t(hashAlgorithm), ptr) -+} ++var _mkcgo_EVP_aes_128_cbc uintptr + -+func DecapsulateMLKEM1024(seed []uint8, ciphertext []uint8, sharedKey []uint8) int64 { -+ return int64(C._mkcgo_go_decapsulateMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.long(len(ciphertext)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.long(len(sharedKey)))) ++func EVP_aes_128_cbc() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_aes_128_cbc) ++ return EVP_CIPHER_PTR(r0) +} + -+func DecapsulateMLKEM768(seed []uint8, ciphertext []uint8, sharedKey []uint8) int64 { -+ return int64(C._mkcgo_go_decapsulateMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.long(len(ciphertext)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.long(len(sharedKey)))) -+} ++var _mkcgo_EVP_aes_128_ctr uintptr + -+func DecryptAESGCM(key []uint8, data []uint8, nonce []uint8, aad []uint8, tag []uint8, out []uint8, outLength *int) int64 { -+ return int64(C._mkcgo_go_decryptAESGCM((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.size_t(len(data)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(nonce))), C.size_t(len(nonce)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(aad))), C.size_t(len(aad)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(tag))), C.size_t(len(tag)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(out))), (*C.size_t)(unsafe.Pointer(outLength)))) ++func EVP_aes_128_ctr() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_aes_128_ctr) ++ return EVP_CIPHER_PTR(r0) +} + -+func DecryptChaChaPoly(key []uint8, data []uint8, nonce []uint8, aad []uint8, tag []uint8, out []uint8, outLength *int) int64 { -+ return int64(C._mkcgo_go_decryptChaChaPoly((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.size_t(len(data)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(nonce))), C.size_t(len(nonce)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(aad))), C.size_t(len(aad)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(tag))), C.size_t(len(tag)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(out))), (*C.size_t)(unsafe.Pointer(outLength)))) -+} ++var _mkcgo_EVP_aes_128_ecb uintptr + -+func DeriveEncapsulationKeyMLKEM1024(seed []uint8, encapKey []uint8) int64 { -+ return int64(C._mkcgo_go_deriveEncapsulationKeyMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.long(len(encapKey)))) ++func EVP_aes_128_ecb() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_aes_128_ecb) ++ return EVP_CIPHER_PTR(r0) +} + -+func DeriveEncapsulationKeyMLKEM768(seed []uint8, encapKey []uint8) int64 { -+ return int64(C._mkcgo_go_deriveEncapsulationKeyMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.long(len(encapKey)))) -+} ++var _mkcgo_EVP_aes_128_gcm uintptr + -+func DerivePublicKeyMLDSA65(seed []uint8, publicKey []uint8) int64 { -+ return int64(C._mkcgo_go_derivePublicKeyMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++func EVP_aes_128_gcm() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_aes_128_gcm) ++ return EVP_CIPHER_PTR(r0) +} + -+func DerivePublicKeyMLDSA87(seed []uint8, publicKey []uint8) int64 { -+ return int64(C._mkcgo_go_derivePublicKeyMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++var _mkcgo_EVP_aes_192_cbc uintptr ++ ++func EVP_aes_192_cbc() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_aes_192_cbc) ++ return EVP_CIPHER_PTR(r0) +} + -+func EcdhSharedSecret(curveID int32, privateKey []uint8, publicKey []uint8, sharedSecret []uint8) int64 { -+ return int64(C._mkcgo_go_ecdhSharedSecret(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.long(len(privateKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedSecret))), C.long(len(sharedSecret)))) ++var _mkcgo_EVP_aes_192_ctr uintptr ++ ++func EVP_aes_192_ctr() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_aes_192_ctr) ++ return EVP_CIPHER_PTR(r0) +} + -+func EcdsaSign(curveID int32, d []uint8, message []uint8, signature []uint8, signatureLen *int64) int64 { -+ return int64(C._mkcgo_go_ecdsaSign(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(d))), C.long(len(d)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), (*C.long)(unsafe.Pointer(signatureLen)))) ++var _mkcgo_EVP_aes_192_ecb uintptr ++ ++func EVP_aes_192_ecb() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_aes_192_ecb) ++ return EVP_CIPHER_PTR(r0) +} + -+func EcdsaVerify(curveID int32, x []uint8, y []uint8, message []uint8, signature []uint8) int64 { -+ return int64(C._mkcgo_go_ecdsaVerify(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(x))), C.long(len(x)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(y))), C.long(len(y)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), C.long(len(signature)))) -+} ++var _mkcgo_EVP_aes_192_gcm uintptr + -+func EncapsulateMLKEM1024(encapKey []uint8, sharedKey []uint8, ciphertext []uint8) int64 { -+ return int64(C._mkcgo_go_encapsulateMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.long(len(encapKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.long(len(sharedKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.long(len(ciphertext)))) ++func EVP_aes_192_gcm() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_aes_192_gcm) ++ return EVP_CIPHER_PTR(r0) +} + -+func EncapsulateMLKEM768(encapKey []uint8, sharedKey []uint8, ciphertext []uint8) int64 { -+ return int64(C._mkcgo_go_encapsulateMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(encapKey))), C.long(len(encapKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sharedKey))), C.long(len(sharedKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(ciphertext))), C.long(len(ciphertext)))) -+} ++var _mkcgo_EVP_aes_256_cbc uintptr + -+func EncryptAESGCM(key []uint8, data []uint8, nonce []uint8, aad []uint8, cipherText []uint8, tag []uint8) int64 { -+ return int64(C._mkcgo_go_encryptAESGCM((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.size_t(len(data)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(nonce))), C.size_t(len(nonce)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(aad))), C.size_t(len(aad)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(cipherText))), C.size_t(len(cipherText)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(tag))))) ++func EVP_aes_256_cbc() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_aes_256_cbc) ++ return EVP_CIPHER_PTR(r0) +} + -+func EncryptChaChaPoly(key []uint8, data []uint8, nonce []uint8, aad []uint8, cipherText []uint8, tag []uint8) int64 { -+ return int64(C._mkcgo_go_encryptChaChaPoly((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), C.size_t(len(key)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.size_t(len(data)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(nonce))), C.size_t(len(nonce)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(aad))), C.size_t(len(aad)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(cipherText))), C.size_t(len(cipherText)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(tag))))) -+} ++var _mkcgo_EVP_aes_256_ctr uintptr + -+func ExpandHKDF(hashFunction int32, prk []uint8, info []uint8, okm []uint8) int64 { -+ return int64(C._mkcgo_go_expandHKDF(C.int32_t(hashFunction), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(prk))), C.size_t(len(prk)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(info))), C.size_t(len(info)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(okm))), C.size_t(len(okm)))) ++func EVP_aes_256_ctr() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_aes_256_ctr) ++ return EVP_CIPHER_PTR(r0) +} + -+func ExtractHKDF(hashFunction int32, secret []uint8, salt []uint8, prk []uint8) int64 { -+ return int64(C._mkcgo_go_extractHKDF(C.int32_t(hashFunction), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(secret))), C.size_t(len(secret)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(salt))), C.size_t(len(salt)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(prk))), C.size_t(len(prk)))) -+} ++var _mkcgo_EVP_aes_256_ecb uintptr + -+func FinalizeHMAC(hashFunction int32, ptr unsafe.Pointer, outputPointer []uint8) { -+ C._mkcgo_go_finalizeHMAC(C.int32_t(hashFunction), ptr, (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++func EVP_aes_256_ecb() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_aes_256_ecb) ++ return EVP_CIPHER_PTR(r0) +} + -+func FreeHMAC(hashFunction int32, ptr unsafe.Pointer) { -+ C._mkcgo_go_freeHMAC(C.int32_t(hashFunction), ptr) -+} ++var _mkcgo_EVP_aes_256_gcm uintptr + -+func GenerateKeyECDH(curveID int32, privateKey []uint8, publicKey []uint8) int64 { -+ return int64(C._mkcgo_go_generateKeyECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.long(len(privateKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++func EVP_aes_256_gcm() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_aes_256_gcm) ++ return EVP_CIPHER_PTR(r0) +} + -+func GenerateKeyECDSA(curveID int32, x []uint8, y []uint8, d []uint8) int64 { -+ return int64(C._mkcgo_go_generateKeyECDSA(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(x))), C.long(len(x)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(y))), C.long(len(y)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(d))), C.long(len(d)))) ++func EVP_chacha20_poly1305_Available() bool { ++ return _mkcgo_EVP_chacha20_poly1305 != 0 +} + -+func GenerateKeyEd25519(key []uint8) { -+ C._mkcgo_go_generateKeyEd25519((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key)))) -+} ++var _mkcgo_EVP_chacha20_poly1305 uintptr + -+func GenerateKeyMLDSA65(seed []uint8) int64 { -+ return int64(C._mkcgo_go_generateKeyMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)))) ++func EVP_chacha20_poly1305() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_chacha20_poly1305) ++ return EVP_CIPHER_PTR(r0) +} + -+func GenerateKeyMLDSA87(seed []uint8) int64 { -+ return int64(C._mkcgo_go_generateKeyMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)))) -+} ++var _mkcgo_EVP_default_properties_enable_fips uintptr + -+func GenerateKeyMLKEM1024(seed []uint8) int64 { -+ return int64(C._mkcgo_go_generateKeyMLKEM1024((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)))) ++func EVP_default_properties_enable_fips(libctx OSSL_LIB_CTX_PTR, enable int32) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_EVP_default_properties_enable_fips, uintptr(libctx), uintptr(enable), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("EVP_default_properties_enable_fips", _err) +} + -+func GenerateKeyMLKEM768(seed []uint8) int64 { -+ return int64(C._mkcgo_go_generateKeyMLKEM768((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)))) -+} ++var _mkcgo_EVP_default_properties_is_fips_enabled uintptr + -+func HashBlockSize(hashAlgorithm int32) int64 { -+ return int64(C._mkcgo_go_hashBlockSize(C.int32_t(hashAlgorithm))) ++func EVP_default_properties_is_fips_enabled(libctx OSSL_LIB_CTX_PTR) int32 { ++ r0, _ := syscallN(0, _mkcgo_EVP_default_properties_is_fips_enabled, uintptr(libctx)) ++ return int32(r0) +} + -+func HashCopy(hashAlgorithm int32, ptr unsafe.Pointer) unsafe.Pointer { -+ return C._mkcgo_go_hashCopy(C.int32_t(hashAlgorithm), ptr) -+} ++var _mkcgo_EVP_des_cbc uintptr + -+func HashFree(hashAlgorithm int32, ptr unsafe.Pointer) { -+ C._mkcgo_go_hashFree(C.int32_t(hashAlgorithm), ptr) ++func EVP_des_cbc() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_des_cbc) ++ return EVP_CIPHER_PTR(r0) +} + -+func HashNew(hashAlgorithm int32) unsafe.Pointer { -+ return C._mkcgo_go_hashNew(C.int32_t(hashAlgorithm)) -+} ++var _mkcgo_EVP_des_ecb uintptr + -+func HashReset(hashAlgorithm int32, ptr unsafe.Pointer) { -+ C._mkcgo_go_hashReset(C.int32_t(hashAlgorithm), ptr) ++func EVP_des_ecb() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_des_ecb) ++ return EVP_CIPHER_PTR(r0) +} + -+func HashSize(hashAlgorithm int32) int64 { -+ return int64(C._mkcgo_go_hashSize(C.int32_t(hashAlgorithm))) -+} ++var _mkcgo_EVP_des_ede3_cbc uintptr + -+func HashSum(hashAlgorithm int32, ptr unsafe.Pointer, outputPointer []uint8) { -+ C._mkcgo_go_hashSum(C.int32_t(hashAlgorithm), ptr, (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++func EVP_des_ede3_cbc() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_des_ede3_cbc) ++ return EVP_CIPHER_PTR(r0) +} + -+func HashWrite(hashAlgorithm int32, ptr unsafe.Pointer, data []uint8) { -+ C._mkcgo_go_hashWrite(C.int32_t(hashAlgorithm), ptr, (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.long(len(data))) -+} ++var _mkcgo_EVP_des_ede3_ecb uintptr + -+func InitHMAC(hashFunction int32, key []uint8) unsafe.Pointer { -+ return C._mkcgo_go_initHMAC(C.int32_t(hashFunction), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), C.long(len(key))) ++func EVP_des_ede3_ecb() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_des_ede3_ecb) ++ return EVP_CIPHER_PTR(r0) +} + -+func NewPrivateKeyEd25519FromSeed(key []uint8, seed []uint8) int64 { -+ return int64(C._mkcgo_go_newPrivateKeyEd25519FromSeed((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))))) -+} ++var _mkcgo_EVP_md4 uintptr + -+func NewPublicKeyEd25519(key []uint8, pub []uint8) int64 { -+ return int64(C._mkcgo_go_newPublicKeyEd25519((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(key))), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(pub))))) ++func EVP_md4() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_md4) ++ return EVP_MD_PTR(r0) +} + -+func PublicKeyFromPrivateECDH(curveID int32, privateKey []uint8, publicKey []uint8) int64 { -+ return int64(C._mkcgo_go_publicKeyFromPrivateECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.long(len(privateKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) -+} ++var _mkcgo_EVP_md5 uintptr + -+func SignEd25519(privateKey []uint8, message []uint8, sigBuffer []uint8) int64 { -+ return int64(C._mkcgo_go_signEd25519((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.size_t(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sigBuffer))))) ++func EVP_md5() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_md5) ++ return EVP_MD_PTR(r0) +} + -+func SignMLDSA65(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 { -+ return int64(C._mkcgo_go_signMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(context))), C.long(len(context)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), (*C.long)(unsafe.Pointer(signatureLen)))) -+} ++var _mkcgo_EVP_md5_sha1 uintptr + -+func SignMLDSA87(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 { -+ return int64(C._mkcgo_go_signMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(seed))), C.long(len(seed)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(context))), C.long(len(context)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), (*C.long)(unsafe.Pointer(signatureLen)))) ++func EVP_md5_sha1() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_md5_sha1) ++ return EVP_MD_PTR(r0) +} + -+func SupportsMLDSA() int64 { -+ return int64(C._mkcgo_go_supportsMLDSA()) -+} ++var _mkcgo_EVP_rc4 uintptr + -+func SupportsMLKEM() int64 { -+ return int64(C._mkcgo_go_supportsMLKEM()) ++func EVP_rc4() EVP_CIPHER_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_rc4) ++ return EVP_CIPHER_PTR(r0) +} + -+func SupportsSHA3() int64 { -+ return int64(C._mkcgo_go_supportsSHA3()) -+} ++var _mkcgo_EVP_ripemd160 uintptr + -+func UpdateHMAC(hashFunction int32, ptr unsafe.Pointer, data []uint8) { -+ C._mkcgo_go_updateHMAC(C.int32_t(hashFunction), ptr, (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(data))), C.long(len(data))) ++func EVP_ripemd160() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_ripemd160) ++ return EVP_MD_PTR(r0) +} + -+func ValidatePrivateKeyECDH(curveID int32, privateKey []uint8) int64 { -+ return int64(C._mkcgo_go_validatePrivateKeyECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(privateKey))), C.long(len(privateKey)))) -+} ++var _mkcgo_EVP_sha1 uintptr + -+func ValidatePublicKeyECDH(curveID int32, publicKey []uint8) int64 { -+ return int64(C._mkcgo_go_validatePublicKeyECDH(C.int32_t(curveID), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++func EVP_sha1() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_sha1) ++ return EVP_MD_PTR(r0) +} + -+func ValidatePublicKeyMLDSA65(publicKey []uint8) int64 { -+ return int64(C._mkcgo_go_validatePublicKeyMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) -+} ++var _mkcgo_EVP_sha224 uintptr + -+func ValidatePublicKeyMLDSA87(publicKey []uint8) int64 { -+ return int64(C._mkcgo_go_validatePublicKeyMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)))) ++func EVP_sha224() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_sha224) ++ return EVP_MD_PTR(r0) +} + -+func VerifyEd25519(publicKey []uint8, message []uint8, sig []uint8) int64 { -+ return int64(C._mkcgo_go_verifyEd25519((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.size_t(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(sig))))) -+} ++var _mkcgo_EVP_sha256 uintptr + -+func VerifyMLDSA65(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 { -+ return int64(C._mkcgo_go_verifyMLDSA65((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(context))), C.long(len(context)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), C.long(len(signature)))) ++func EVP_sha256() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_sha256) ++ return EVP_MD_PTR(r0) +} + -+func VerifyMLDSA87(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 { -+ return int64(C._mkcgo_go_verifyMLDSA87((*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(publicKey))), C.long(len(publicKey)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(message))), C.long(len(message)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(context))), C.long(len(context)), (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(signature))), C.long(len(signature)))) -+} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_nocgo.go -new file mode 100644 -index 00000000000000..222ece4bb14349 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_nocgo.go -@@ -0,0 +1,441 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++var _mkcgo_EVP_sha384 uintptr + -+// Code generated by mkcgo. DO NOT EDIT. ++func EVP_sha384() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_sha384) ++ return EVP_MD_PTR(r0) ++} + -+//go:build !cgo ++var _mkcgo_EVP_sha3_224 uintptr + -+package cryptokit ++func EVP_sha3_224() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_sha3_224) ++ return EVP_MD_PTR(r0) ++} + -+import ( -+ "runtime" -+ "unsafe" -+) ++var _mkcgo_EVP_sha3_256 uintptr + -+var _ = runtime.GOOS ++func EVP_sha3_256() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_sha3_256) ++ return EVP_MD_PTR(r0) ++} + -+var _mkcgoAlwaysFalseCryptokit bool -+var _mkcgoEscapeSinkCryptokit unsafe.Pointer ++var _mkcgo_EVP_sha3_384 uintptr + -+// mkcgoEscapePtrCryptokit forces p to escape to the heap. -+// This implementation is also used in the standard library: -+// https://github.com/golang/go/blob/f71432d223eeb2139b460957817400750fd13655/src/internal/abi/escape.go#L24-L33 -+func mkcgoEscapePtrCryptokit(p unsafe.Pointer) unsafe.Pointer { -+ if _mkcgoAlwaysFalseCryptokit { -+ _mkcgoEscapeSinkCryptokit = p -+ } -+ return p ++func EVP_sha3_384() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_sha3_384) ++ return EVP_MD_PTR(r0) +} + -+//go:linkname go_MD5 go_MD5 -+//go:linkname go_SHA1 go_SHA1 -+//go:linkname go_SHA256 go_SHA256 -+//go:linkname go_SHA384 go_SHA384 -+//go:linkname go_SHA3_256 go_SHA3_256 -+//go:linkname go_SHA3_384 go_SHA3_384 -+//go:linkname go_SHA3_512 go_SHA3_512 -+//go:linkname go_SHA512 go_SHA512 -+//go:linkname go_copyHMAC go_copyHMAC -+//go:linkname go_decapsulateMLKEM1024 go_decapsulateMLKEM1024 -+//go:linkname go_decapsulateMLKEM768 go_decapsulateMLKEM768 -+//go:linkname go_decryptAESGCM go_decryptAESGCM -+//go:linkname go_decryptChaChaPoly go_decryptChaChaPoly -+//go:linkname go_deriveEncapsulationKeyMLKEM1024 go_deriveEncapsulationKeyMLKEM1024 -+//go:linkname go_deriveEncapsulationKeyMLKEM768 go_deriveEncapsulationKeyMLKEM768 -+//go:linkname go_derivePublicKeyMLDSA65 go_derivePublicKeyMLDSA65 -+//go:linkname go_derivePublicKeyMLDSA87 go_derivePublicKeyMLDSA87 -+//go:linkname go_ecdhSharedSecret go_ecdhSharedSecret -+//go:linkname go_ecdsaSign go_ecdsaSign -+//go:linkname go_ecdsaVerify go_ecdsaVerify -+//go:linkname go_encapsulateMLKEM1024 go_encapsulateMLKEM1024 -+//go:linkname go_encapsulateMLKEM768 go_encapsulateMLKEM768 -+//go:linkname go_encryptAESGCM go_encryptAESGCM -+//go:linkname go_encryptChaChaPoly go_encryptChaChaPoly -+//go:linkname go_expandHKDF go_expandHKDF -+//go:linkname go_extractHKDF go_extractHKDF -+//go:linkname go_finalizeHMAC go_finalizeHMAC -+//go:linkname go_freeHMAC go_freeHMAC -+//go:linkname go_generateKeyECDH go_generateKeyECDH -+//go:linkname go_generateKeyECDSA go_generateKeyECDSA -+//go:linkname go_generateKeyEd25519 go_generateKeyEd25519 -+//go:linkname go_generateKeyMLDSA65 go_generateKeyMLDSA65 -+//go:linkname go_generateKeyMLDSA87 go_generateKeyMLDSA87 -+//go:linkname go_generateKeyMLKEM1024 go_generateKeyMLKEM1024 -+//go:linkname go_generateKeyMLKEM768 go_generateKeyMLKEM768 -+//go:linkname go_hashBlockSize go_hashBlockSize -+//go:linkname go_hashCopy go_hashCopy -+//go:linkname go_hashFree go_hashFree -+//go:linkname go_hashNew go_hashNew -+//go:linkname go_hashReset go_hashReset -+//go:linkname go_hashSize go_hashSize -+//go:linkname go_hashSum go_hashSum -+//go:linkname go_hashWrite go_hashWrite -+//go:linkname go_initHMAC go_initHMAC -+//go:linkname go_newPrivateKeyEd25519FromSeed go_newPrivateKeyEd25519FromSeed -+//go:linkname go_newPublicKeyEd25519 go_newPublicKeyEd25519 -+//go:linkname go_publicKeyFromPrivateECDH go_publicKeyFromPrivateECDH -+//go:linkname go_signEd25519 go_signEd25519 -+//go:linkname go_signMLDSA65 go_signMLDSA65 -+//go:linkname go_signMLDSA87 go_signMLDSA87 -+//go:linkname go_supportsMLDSA go_supportsMLDSA -+//go:linkname go_supportsMLKEM go_supportsMLKEM -+//go:linkname go_supportsSHA3 go_supportsSHA3 -+//go:linkname go_updateHMAC go_updateHMAC -+//go:linkname go_validatePrivateKeyECDH go_validatePrivateKeyECDH -+//go:linkname go_validatePublicKeyECDH go_validatePublicKeyECDH -+//go:linkname go_validatePublicKeyMLDSA65 go_validatePublicKeyMLDSA65 -+//go:linkname go_validatePublicKeyMLDSA87 go_validatePublicKeyMLDSA87 -+//go:linkname go_verifyEd25519 go_verifyEd25519 -+//go:linkname go_verifyMLDSA65 go_verifyMLDSA65 -+//go:linkname go_verifyMLDSA87 go_verifyMLDSA87 -+ -+var go_MD5 byte -+var go_SHA1 byte -+var go_SHA256 byte -+var go_SHA384 byte -+var go_SHA3_256 byte -+var go_SHA3_384 byte -+var go_SHA3_512 byte -+var go_SHA512 byte -+var go_copyHMAC byte -+var go_decapsulateMLKEM1024 byte -+var go_decapsulateMLKEM768 byte -+var go_decryptAESGCM byte -+var go_decryptChaChaPoly byte -+var go_deriveEncapsulationKeyMLKEM1024 byte -+var go_deriveEncapsulationKeyMLKEM768 byte -+var go_derivePublicKeyMLDSA65 byte -+var go_derivePublicKeyMLDSA87 byte -+var go_ecdhSharedSecret byte -+var go_ecdsaSign byte -+var go_ecdsaVerify byte -+var go_encapsulateMLKEM1024 byte -+var go_encapsulateMLKEM768 byte -+var go_encryptAESGCM byte -+var go_encryptChaChaPoly byte -+var go_expandHKDF byte -+var go_extractHKDF byte -+var go_finalizeHMAC byte -+var go_freeHMAC byte -+var go_generateKeyECDH byte -+var go_generateKeyECDSA byte -+var go_generateKeyEd25519 byte -+var go_generateKeyMLDSA65 byte -+var go_generateKeyMLDSA87 byte -+var go_generateKeyMLKEM1024 byte -+var go_generateKeyMLKEM768 byte -+var go_hashBlockSize byte -+var go_hashCopy byte -+var go_hashFree byte -+var go_hashNew byte -+var go_hashReset byte -+var go_hashSize byte -+var go_hashSum byte -+var go_hashWrite byte -+var go_initHMAC byte -+var go_newPrivateKeyEd25519FromSeed byte -+var go_newPublicKeyEd25519 byte -+var go_publicKeyFromPrivateECDH byte -+var go_signEd25519 byte -+var go_signMLDSA65 byte -+var go_signMLDSA87 byte -+var go_supportsMLDSA byte -+var go_supportsMLKEM byte -+var go_supportsSHA3 byte -+var go_updateHMAC byte -+var go_validatePrivateKeyECDH byte -+var go_validatePublicKeyECDH byte -+var go_validatePublicKeyMLDSA65 byte -+var go_validatePublicKeyMLDSA87 byte -+var go_verifyEd25519 byte -+var go_verifyMLDSA65 byte -+var go_verifyMLDSA87 byte ++var _mkcgo_EVP_sha3_512 uintptr + -+func MD5(inputPointer []uint8, outputPointer []uint8) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_MD5)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++func EVP_sha3_512() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_sha3_512) ++ return EVP_MD_PTR(r0) +} + -+func SHA1(inputPointer []uint8, outputPointer []uint8) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_SHA1)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) -+} ++var _mkcgo_EVP_sha512 uintptr + -+func SHA256(inputPointer []uint8, outputPointer []uint8) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_SHA256)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++func EVP_sha512() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_sha512) ++ return EVP_MD_PTR(r0) +} + -+func SHA384(inputPointer []uint8, outputPointer []uint8) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_SHA384)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) -+} ++var _mkcgo_EVP_sha512_224 uintptr + -+func SHA3_256(inputPointer []uint8, outputPointer []uint8) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_SHA3_256)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++func EVP_sha512_224() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_sha512_224) ++ return EVP_MD_PTR(r0) +} + -+func SHA3_384(inputPointer []uint8, outputPointer []uint8) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_SHA3_384)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) -+} ++var _mkcgo_EVP_sha512_256 uintptr + -+func SHA3_512(inputPointer []uint8, outputPointer []uint8) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_SHA3_512)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++func EVP_sha512_256() EVP_MD_PTR { ++ r0, _ := syscallN(0, _mkcgo_EVP_sha512_256) ++ return EVP_MD_PTR(r0) +} + -+func SHA512(inputPointer []uint8, outputPointer []uint8) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_SHA512)), uintptr(unsafe.Pointer(unsafe.SliceData(inputPointer))), uintptr(len(inputPointer)), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) -+} ++var _mkcgo_FIPS_mode uintptr + -+func CopyHMAC(hashAlgorithm int32, ptr unsafe.Pointer) unsafe.Pointer { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_copyHMAC)), uintptr(hashAlgorithm), uintptr(ptr)) -+ return unsafe.Pointer(r0) ++func FIPS_mode() int32 { ++ r0, _ := syscallN(0, _mkcgo_FIPS_mode) ++ return int32(r0) +} + -+func DecapsulateMLKEM1024(seed []uint8, ciphertext []uint8, sharedKey []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_decapsulateMLKEM1024)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(ciphertext))), uintptr(len(ciphertext)), uintptr(unsafe.Pointer(unsafe.SliceData(sharedKey))), uintptr(len(sharedKey))) -+ return int64(r0) -+} ++var _mkcgo_FIPS_mode_set uintptr + -+func DecapsulateMLKEM768(seed []uint8, ciphertext []uint8, sharedKey []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_decapsulateMLKEM768)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(ciphertext))), uintptr(len(ciphertext)), uintptr(unsafe.Pointer(unsafe.SliceData(sharedKey))), uintptr(len(sharedKey))) -+ return int64(r0) ++func FIPS_mode_set(r int32) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_FIPS_mode_set, uintptr(r), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("FIPS_mode_set", _err) +} + -+func DecryptAESGCM(key []uint8, data []uint8, nonce []uint8, aad []uint8, tag []uint8, out []uint8, outLength *int) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_decryptAESGCM)), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key)), uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data)), uintptr(unsafe.Pointer(unsafe.SliceData(nonce))), uintptr(len(nonce)), uintptr(unsafe.Pointer(unsafe.SliceData(aad))), uintptr(len(aad)), uintptr(unsafe.Pointer(unsafe.SliceData(tag))), uintptr(len(tag)), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(unsafe.Pointer(outLength))) -+ return int64(r0) -+} ++var _mkcgo_HMAC_CTX_copy uintptr + -+func DecryptChaChaPoly(key []uint8, data []uint8, nonce []uint8, aad []uint8, tag []uint8, out []uint8, outLength *int) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_decryptChaChaPoly)), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key)), uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data)), uintptr(unsafe.Pointer(unsafe.SliceData(nonce))), uintptr(len(nonce)), uintptr(unsafe.Pointer(unsafe.SliceData(aad))), uintptr(len(aad)), uintptr(unsafe.Pointer(unsafe.SliceData(tag))), uintptr(len(tag)), uintptr(unsafe.Pointer(unsafe.SliceData(out))), uintptr(unsafe.Pointer(outLength))) -+ return int64(r0) ++func HMAC_CTX_copy(dest HMAC_CTX_PTR, src HMAC_CTX_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_HMAC_CTX_copy, uintptr(dest), uintptr(src), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("HMAC_CTX_copy", _err) +} + -+func DeriveEncapsulationKeyMLKEM1024(seed []uint8, encapKey []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_deriveEncapsulationKeyMLKEM1024)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(encapKey))), uintptr(len(encapKey))) -+ return int64(r0) -+} ++var _mkcgo_HMAC_CTX_free uintptr + -+func DeriveEncapsulationKeyMLKEM768(seed []uint8, encapKey []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_deriveEncapsulationKeyMLKEM768)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(encapKey))), uintptr(len(encapKey))) -+ return int64(r0) ++func HMAC_CTX_free(arg0 HMAC_CTX_PTR) { ++ syscallN(0, _mkcgo_HMAC_CTX_free, uintptr(arg0)) +} + -+func DerivePublicKeyMLDSA65(seed []uint8, publicKey []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_derivePublicKeyMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) -+ return int64(r0) -+} ++var _mkcgo_HMAC_CTX_new uintptr + -+func DerivePublicKeyMLDSA87(seed []uint8, publicKey []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_derivePublicKeyMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) -+ return int64(r0) ++func HMAC_CTX_new() (HMAC_CTX_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_HMAC_CTX_new, uintptr(unsafe.Pointer(&_err))) ++ return HMAC_CTX_PTR(r0), newMkcgoErr("HMAC_CTX_new", _err) +} + -+func EcdhSharedSecret(curveID int32, privateKey []uint8, publicKey []uint8, sharedSecret []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_ecdhSharedSecret)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(privateKey))), uintptr(len(privateKey)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey)), uintptr(unsafe.Pointer(unsafe.SliceData(sharedSecret))), uintptr(len(sharedSecret))) -+ return int64(r0) -+} ++var _mkcgo_HMAC_Final uintptr + -+func EcdsaSign(curveID int32, d []uint8, message []uint8, signature []uint8, signatureLen *int64) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_ecdsaSign)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(d))), uintptr(len(d)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(unsafe.Pointer(signatureLen))) -+ return int64(r0) ++func HMAC_Final(arg0 HMAC_CTX_PTR, arg1 []byte, arg2 *uint32) (int32, error) { ++ if arg2 != nil && int(*arg2) > len(arg1) { ++ panic("HMAC_Final: *arg2 exceeds len(arg1)") ++ } ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_HMAC_Final, uintptr(arg0), uintptr(unsafe.Pointer(unsafe.SliceData(arg1))), uintptr(unsafe.Pointer(arg2)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("HMAC_Final", _err) +} + -+func EcdsaVerify(curveID int32, x []uint8, y []uint8, message []uint8, signature []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_ecdsaVerify)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(x))), uintptr(len(x)), uintptr(unsafe.Pointer(unsafe.SliceData(y))), uintptr(len(y)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(len(signature))) -+ return int64(r0) -+} ++var _mkcgo_HMAC_Init_ex uintptr + -+func EncapsulateMLKEM1024(encapKey []uint8, sharedKey []uint8, ciphertext []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_encapsulateMLKEM1024)), uintptr(unsafe.Pointer(unsafe.SliceData(encapKey))), uintptr(len(encapKey)), uintptr(unsafe.Pointer(unsafe.SliceData(sharedKey))), uintptr(len(sharedKey)), uintptr(unsafe.Pointer(unsafe.SliceData(ciphertext))), uintptr(len(ciphertext))) -+ return int64(r0) ++func HMAC_Init_ex(arg0 HMAC_CTX_PTR, arg1 []byte, arg3 EVP_MD_PTR, arg4 ENGINE_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_HMAC_Init_ex, uintptr(arg0), uintptr(unsafe.Pointer(unsafe.SliceData(arg1))), uintptr(len(arg1)), uintptr(arg3), uintptr(arg4), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("HMAC_Init_ex", _err) +} + -+func EncapsulateMLKEM768(encapKey []uint8, sharedKey []uint8, ciphertext []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_encapsulateMLKEM768)), uintptr(unsafe.Pointer(unsafe.SliceData(encapKey))), uintptr(len(encapKey)), uintptr(unsafe.Pointer(unsafe.SliceData(sharedKey))), uintptr(len(sharedKey)), uintptr(unsafe.Pointer(unsafe.SliceData(ciphertext))), uintptr(len(ciphertext))) -+ return int64(r0) -+} ++var _mkcgo_HMAC_Update uintptr + -+func EncryptAESGCM(key []uint8, data []uint8, nonce []uint8, aad []uint8, cipherText []uint8, tag []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_encryptAESGCM)), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key)), uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data)), uintptr(unsafe.Pointer(unsafe.SliceData(nonce))), uintptr(len(nonce)), uintptr(unsafe.Pointer(unsafe.SliceData(aad))), uintptr(len(aad)), uintptr(unsafe.Pointer(unsafe.SliceData(cipherText))), uintptr(len(cipherText)), uintptr(unsafe.Pointer(unsafe.SliceData(tag)))) -+ return int64(r0) ++func HMAC_Update(arg0 HMAC_CTX_PTR, arg1 []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_HMAC_Update, uintptr(arg0), uintptr(unsafe.Pointer(unsafe.SliceData(arg1))), uintptr(len(arg1)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("HMAC_Update", _err) +} + -+func EncryptChaChaPoly(key []uint8, data []uint8, nonce []uint8, aad []uint8, cipherText []uint8, tag []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_encryptChaChaPoly)), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key)), uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data)), uintptr(unsafe.Pointer(unsafe.SliceData(nonce))), uintptr(len(nonce)), uintptr(unsafe.Pointer(unsafe.SliceData(aad))), uintptr(len(aad)), uintptr(unsafe.Pointer(unsafe.SliceData(cipherText))), uintptr(len(cipherText)), uintptr(unsafe.Pointer(unsafe.SliceData(tag)))) -+ return int64(r0) -+} ++var _mkcgo_OBJ_nid2sn uintptr + -+func ExpandHKDF(hashFunction int32, prk []uint8, info []uint8, okm []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_expandHKDF)), uintptr(hashFunction), uintptr(unsafe.Pointer(unsafe.SliceData(prk))), uintptr(len(prk)), uintptr(unsafe.Pointer(unsafe.SliceData(info))), uintptr(len(info)), uintptr(unsafe.Pointer(unsafe.SliceData(okm))), uintptr(len(okm))) -+ return int64(r0) ++func OBJ_nid2sn(n int32) *byte { ++ r0, _ := syscallN(0, _mkcgo_OBJ_nid2sn, uintptr(n)) ++ return (*byte)(unsafe.Pointer(r0)) +} + -+func ExtractHKDF(hashFunction int32, secret []uint8, salt []uint8, prk []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_extractHKDF)), uintptr(hashFunction), uintptr(unsafe.Pointer(unsafe.SliceData(secret))), uintptr(len(secret)), uintptr(unsafe.Pointer(unsafe.SliceData(salt))), uintptr(len(salt)), uintptr(unsafe.Pointer(unsafe.SliceData(prk))), uintptr(len(prk))) -+ return int64(r0) -+} ++var _mkcgo_OPENSSL_init uintptr + -+func FinalizeHMAC(hashFunction int32, ptr unsafe.Pointer, outputPointer []uint8) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_finalizeHMAC)), uintptr(hashFunction), uintptr(ptr), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) ++func OPENSSL_init() { ++ syscallN(0, _mkcgo_OPENSSL_init) +} + -+func FreeHMAC(hashFunction int32, ptr unsafe.Pointer) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_freeHMAC)), uintptr(hashFunction), uintptr(ptr)) ++var _mkcgo_OPENSSL_init_crypto uintptr ++ ++func OPENSSL_init_crypto(ops uint64, settings OPENSSL_INIT_SETTINGS_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_OPENSSL_init_crypto, uintptr(ops), uintptr(settings), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("OPENSSL_init_crypto", _err) +} + -+func GenerateKeyECDH(curveID int32, privateKey []uint8, publicKey []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyECDH)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(privateKey))), uintptr(len(privateKey)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) -+ return int64(r0) ++func OPENSSL_version_major_Available() bool { ++ return _mkcgo_OPENSSL_version_major != 0 +} + -+func GenerateKeyECDSA(curveID int32, x []uint8, y []uint8, d []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyECDSA)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(x))), uintptr(len(x)), uintptr(unsafe.Pointer(unsafe.SliceData(y))), uintptr(len(y)), uintptr(unsafe.Pointer(unsafe.SliceData(d))), uintptr(len(d))) -+ return int64(r0) -+} ++var _mkcgo_OPENSSL_version_major uintptr + -+func GenerateKeyEd25519(key []uint8) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyEd25519)), uintptr(unsafe.Pointer(unsafe.SliceData(key)))) ++func OPENSSL_version_major() uint32 { ++ r0, _ := syscallN(0, _mkcgo_OPENSSL_version_major) ++ return uint32(r0) +} + -+func GenerateKeyMLDSA65(seed []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed))) -+ return int64(r0) ++func OPENSSL_version_minor_Available() bool { ++ return _mkcgo_OPENSSL_version_minor != 0 +} + -+func GenerateKeyMLDSA87(seed []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed))) -+ return int64(r0) -+} ++var _mkcgo_OPENSSL_version_minor uintptr + -+func GenerateKeyMLKEM1024(seed []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyMLKEM1024)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed))) -+ return int64(r0) ++func OPENSSL_version_minor() uint32 { ++ r0, _ := syscallN(0, _mkcgo_OPENSSL_version_minor) ++ return uint32(r0) +} + -+func GenerateKeyMLKEM768(seed []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_generateKeyMLKEM768)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed))) -+ return int64(r0) ++func OPENSSL_version_patch_Available() bool { ++ return _mkcgo_OPENSSL_version_patch != 0 +} + -+func HashBlockSize(hashAlgorithm int32) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_hashBlockSize)), uintptr(hashAlgorithm)) -+ return int64(r0) -+} ++var _mkcgo_OPENSSL_version_patch uintptr + -+func HashCopy(hashAlgorithm int32, ptr unsafe.Pointer) unsafe.Pointer { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_hashCopy)), uintptr(hashAlgorithm), uintptr(ptr)) -+ return unsafe.Pointer(r0) ++func OPENSSL_version_patch() uint32 { ++ r0, _ := syscallN(0, _mkcgo_OPENSSL_version_patch) ++ return uint32(r0) +} + -+func HashFree(hashAlgorithm int32, ptr unsafe.Pointer) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_hashFree)), uintptr(hashAlgorithm), uintptr(ptr)) -+} ++var _mkcgo_OSSL_PARAM_BLD_free uintptr + -+func HashNew(hashAlgorithm int32) unsafe.Pointer { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_hashNew)), uintptr(hashAlgorithm)) -+ return unsafe.Pointer(r0) ++func OSSL_PARAM_BLD_free(bld OSSL_PARAM_BLD_PTR) { ++ syscallN(0, _mkcgo_OSSL_PARAM_BLD_free, uintptr(bld)) +} + -+func HashReset(hashAlgorithm int32, ptr unsafe.Pointer) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_hashReset)), uintptr(hashAlgorithm), uintptr(ptr)) -+} ++var _mkcgo_OSSL_PARAM_BLD_new uintptr + -+func HashSize(hashAlgorithm int32) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_hashSize)), uintptr(hashAlgorithm)) -+ return int64(r0) ++func OSSL_PARAM_BLD_new() OSSL_PARAM_BLD_PTR { ++ r0, _ := syscallN(0, _mkcgo_OSSL_PARAM_BLD_new) ++ return OSSL_PARAM_BLD_PTR(r0) +} + -+func HashSum(hashAlgorithm int32, ptr unsafe.Pointer, outputPointer []uint8) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_hashSum)), uintptr(hashAlgorithm), uintptr(ptr), uintptr(unsafe.Pointer(unsafe.SliceData(outputPointer)))) -+} ++var _mkcgo_OSSL_PARAM_BLD_push_BN uintptr + -+func HashWrite(hashAlgorithm int32, ptr unsafe.Pointer, data []uint8) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_hashWrite)), uintptr(hashAlgorithm), uintptr(ptr), uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data))) ++func OSSL_PARAM_BLD_push_BN(bld OSSL_PARAM_BLD_PTR, key *byte, bn BIGNUM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_OSSL_PARAM_BLD_push_BN, uintptr(bld), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(bn), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("OSSL_PARAM_BLD_push_BN", _err) +} + -+func InitHMAC(hashFunction int32, key []uint8) unsafe.Pointer { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_initHMAC)), uintptr(hashFunction), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(len(key))) -+ return unsafe.Pointer(r0) -+} ++var _mkcgo_OSSL_PARAM_BLD_push_int32 uintptr + -+func NewPrivateKeyEd25519FromSeed(key []uint8, seed []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_newPrivateKeyEd25519FromSeed)), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(unsafe.Pointer(unsafe.SliceData(seed)))) -+ return int64(r0) ++func OSSL_PARAM_BLD_push_int32(bld OSSL_PARAM_BLD_PTR, key *byte, num int32) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_OSSL_PARAM_BLD_push_int32, uintptr(bld), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(num), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("OSSL_PARAM_BLD_push_int32", _err) +} + -+func NewPublicKeyEd25519(key []uint8, pub []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_newPublicKeyEd25519)), uintptr(unsafe.Pointer(unsafe.SliceData(key))), uintptr(unsafe.Pointer(unsafe.SliceData(pub)))) -+ return int64(r0) -+} ++var _mkcgo_OSSL_PARAM_BLD_push_octet_string uintptr + -+func PublicKeyFromPrivateECDH(curveID int32, privateKey []uint8, publicKey []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_publicKeyFromPrivateECDH)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(privateKey))), uintptr(len(privateKey)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) -+ return int64(r0) ++func OSSL_PARAM_BLD_push_octet_string(bld OSSL_PARAM_BLD_PTR, key *byte, buf []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_OSSL_PARAM_BLD_push_octet_string, uintptr(bld), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(buf)))), uintptr(len(buf)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("OSSL_PARAM_BLD_push_octet_string", _err) +} + -+func SignEd25519(privateKey []uint8, message []uint8, sigBuffer []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_signEd25519)), uintptr(unsafe.Pointer(unsafe.SliceData(privateKey))), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(sigBuffer)))) -+ return int64(r0) -+} ++var _mkcgo_OSSL_PARAM_BLD_push_utf8_string uintptr + -+func SignMLDSA65(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_signMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(context))), uintptr(len(context)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(unsafe.Pointer(signatureLen))) -+ return int64(r0) ++func OSSL_PARAM_BLD_push_utf8_string(bld OSSL_PARAM_BLD_PTR, key *byte, buf []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_OSSL_PARAM_BLD_push_utf8_string, uintptr(bld), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(buf)))), uintptr(len(buf)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("OSSL_PARAM_BLD_push_utf8_string", _err) +} + -+func SignMLDSA87(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_signMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(seed))), uintptr(len(seed)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(context))), uintptr(len(context)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(unsafe.Pointer(signatureLen))) -+ return int64(r0) -+} ++var _mkcgo_OSSL_PARAM_BLD_to_param uintptr + -+func SupportsMLDSA() int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_supportsMLDSA))) -+ return int64(r0) ++func OSSL_PARAM_BLD_to_param(bld OSSL_PARAM_BLD_PTR) (OSSL_PARAM_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_OSSL_PARAM_BLD_to_param, uintptr(bld), uintptr(unsafe.Pointer(&_err))) ++ return OSSL_PARAM_PTR(r0), newMkcgoErr("OSSL_PARAM_BLD_to_param", _err) +} + -+func SupportsMLKEM() int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_supportsMLKEM))) -+ return int64(r0) -+} ++var _mkcgo_OSSL_PARAM_free uintptr + -+func SupportsSHA3() int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_supportsSHA3))) -+ return int64(r0) ++func OSSL_PARAM_free(p OSSL_PARAM_PTR) { ++ syscallN(0, _mkcgo_OSSL_PARAM_free, uintptr(p)) +} + -+func UpdateHMAC(hashFunction int32, ptr unsafe.Pointer, data []uint8) { -+ syscallN(0, uintptr(unsafe.Pointer(&go_updateHMAC)), uintptr(hashFunction), uintptr(ptr), uintptr(unsafe.Pointer(unsafe.SliceData(data))), uintptr(len(data))) -+} ++var _mkcgo_OSSL_PARAM_locate_const uintptr + -+func ValidatePrivateKeyECDH(curveID int32, privateKey []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_validatePrivateKeyECDH)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(privateKey))), uintptr(len(privateKey))) -+ return int64(r0) ++func OSSL_PARAM_locate_const(p OSSL_PARAM_PTR, key *byte) (OSSL_PARAM_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_OSSL_PARAM_locate_const, uintptr(p), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(key))), uintptr(unsafe.Pointer(&_err))) ++ return OSSL_PARAM_PTR(r0), newMkcgoErr("OSSL_PARAM_locate_const", _err) +} + -+func ValidatePublicKeyECDH(curveID int32, publicKey []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_validatePublicKeyECDH)), uintptr(curveID), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) -+ return int64(r0) -+} ++var _mkcgo_OSSL_PROVIDER_available uintptr + -+func ValidatePublicKeyMLDSA65(publicKey []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_validatePublicKeyMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) -+ return int64(r0) ++func OSSL_PROVIDER_available(libctx OSSL_LIB_CTX_PTR, name *byte) int32 { ++ r0, _ := syscallN(0, _mkcgo_OSSL_PROVIDER_available, uintptr(libctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(name)))) ++ return int32(r0) +} + -+func ValidatePublicKeyMLDSA87(publicKey []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_validatePublicKeyMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey))) -+ return int64(r0) ++var _mkcgo_OSSL_PROVIDER_get0_name uintptr ++ ++func OSSL_PROVIDER_get0_name(prov OSSL_PROVIDER_PTR) *byte { ++ r0, _ := syscallN(0, _mkcgo_OSSL_PROVIDER_get0_name, uintptr(prov)) ++ return (*byte)(unsafe.Pointer(r0)) +} + -+func VerifyEd25519(publicKey []uint8, message []uint8, sig []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_verifyEd25519)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(sig)))) -+ return int64(r0) ++var _mkcgo_OSSL_PROVIDER_try_load uintptr ++ ++func OSSL_PROVIDER_try_load(libctx OSSL_LIB_CTX_PTR, name *byte, retain_fallbacks int32) (OSSL_PROVIDER_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_OSSL_PROVIDER_try_load, uintptr(libctx), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(name))), uintptr(retain_fallbacks), uintptr(unsafe.Pointer(&_err))) ++ return OSSL_PROVIDER_PTR(r0), newMkcgoErr("OSSL_PROVIDER_try_load", _err) +} + -+func VerifyMLDSA65(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_verifyMLDSA65)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(context))), uintptr(len(context)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(len(signature))) -+ return int64(r0) ++var _mkcgo_OpenSSL_version uintptr ++ ++func OpenSSL_version(__type int32) *byte { ++ r0, _ := syscallN(0, _mkcgo_OpenSSL_version, uintptr(__type)) ++ return (*byte)(unsafe.Pointer(r0)) +} + -+func VerifyMLDSA87(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 { -+ r0, _ := syscallN(0, uintptr(unsafe.Pointer(&go_verifyMLDSA87)), uintptr(unsafe.Pointer(unsafe.SliceData(publicKey))), uintptr(len(publicKey)), uintptr(unsafe.Pointer(unsafe.SliceData(message))), uintptr(len(message)), uintptr(unsafe.Pointer(unsafe.SliceData(context))), uintptr(len(context)), uintptr(unsafe.Pointer(unsafe.SliceData(signature))), uintptr(len(signature))) -+ return int64(r0) ++func OpenSSL_version_num_Available() bool { ++ return _mkcgo_OpenSSL_version_num != 0 +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_amd64.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_amd64.go -new file mode 100644 -index 00000000000000..2b9858f5e5ce80 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_amd64.go -@@ -0,0 +1,307 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+// Code generated by genswiftimports. DO NOT EDIT. + -+//go:build !cgo && darwin && amd64 ++var _mkcgo_OpenSSL_version_num uintptr + -+package cryptokit ++func OpenSSL_version_num() uint64 { ++ r0, _ := syscallN(0, _mkcgo_OpenSSL_version_num) ++ return uint64(r0) ++} + -+//go:cgo_import_dynamic $s10Foundation12DataProtocolPAAE9copyBytes2toSiSw_tF $s10Foundation12DataProtocolPAAE9copyBytes2toSiSw_tF "" -+//go:cgo_import_dynamic $s10Foundation15ContiguousBytesP010withUnsafeC0yqd__qd__SWKXEKlFTj $s10Foundation15ContiguousBytesP010withUnsafeC0yqd__qd__SWKXEKlFTj "" -+//go:cgo_import_dynamic $s10Foundation4DataV15withUnsafeBytesyxxSWKXEKlF $s10Foundation4DataV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s10Foundation4DataV5bytes5countACSV_SitcfC $s10Foundation4DataV5bytes5countACSV_SitcfC "" -+//go:cgo_import_dynamic $s10Foundation4DataV5countSivg $s10Foundation4DataV5countSivg "" -+//go:cgo_import_dynamic $s10Foundation4DataV9copyBytes2to5countySpys5UInt8VG_SitF $s10Foundation4DataV9copyBytes2to5countySpys5UInt8VG_SitF "" -+//go:cgo_import_dynamic $s10Foundation4DataV9repeating5countACs5UInt8V_SitcfC $s10Foundation4DataV9repeating5countACs5UInt8V_SitcfC "" -+//go:cgo_import_dynamic $s10Foundation4DataVAA0B8ProtocolAAMc $s10Foundation4DataVAA0B8ProtocolAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $s10Foundation4DataVAA15ContiguousBytesAAWP $s10Foundation4DataVAA15ContiguousBytesAAWP "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $s10Foundation4DataVACycfC $s10Foundation4DataVACycfC "" -+//go:cgo_import_dynamic $s10Foundation4DataVN $s10Foundation4DataVN "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $s10Foundation4DataVSKAAMc $s10Foundation4DataVSKAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $s10Foundation4DataVSTAAMc $s10Foundation4DataVSTAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $s10Foundation4DataVSlAAMc $s10Foundation4DataVSlAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $s10Foundation4DataVSmAAMc $s10Foundation4DataVSmAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $s10Foundation4DataVyACxcSTRzs5UInt8V7ElementRtzlufC $s10Foundation4DataVyACxcSTRzs5UInt8V7ElementRtzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO4open_5using14authenticating10Foundation4DataVAC9SealedBoxV_AA12SymmetricKeyVxtKAG0I8ProtocolRzlFZ $s9CryptoKit03ChaC4PolyO4open_5using14authenticating10Foundation4DataVAC9SealedBoxV_AA12SymmetricKeyVxtKAG0I8ProtocolRzlFZ "" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO4seal_5using5nonce14authenticatingAC9SealedBoxVx_AA12SymmetricKeyVAC5NonceVSgq_tK10Foundation12DataProtocolRzAoPR_r0_lFZ $s9CryptoKit03ChaC4PolyO4seal_5using5nonce14authenticatingAC9SealedBoxVx_AA12SymmetricKeyVAC5NonceVSgq_tK10Foundation12DataProtocolRzAoPR_r0_lFZ "" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO5NonceV4dataAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit03ChaC4PolyO5NonceV4dataAEx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO5NonceVMa $s9CryptoKit03ChaC4PolyO5NonceVMa "" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO5NonceVMn $s9CryptoKit03ChaC4PolyO5NonceVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO9SealedBoxV10ciphertext10Foundation4DataVvg $s9CryptoKit03ChaC4PolyO9SealedBoxV10ciphertext10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO9SealedBoxV3tag10Foundation4DataVvg $s9CryptoKit03ChaC4PolyO9SealedBoxV3tag10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO9SealedBoxV5nonce10ciphertext3tagAeC5NonceV_xq_tKc10Foundation12DataProtocolRzAkLR_r0_lufC $s9CryptoKit03ChaC4PolyO9SealedBoxV5nonce10ciphertext3tagAeC5NonceV_xq_tKc10Foundation12DataProtocolRzAkLR_r0_lufC "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0VMa $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VAGycfC $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VAGycfC "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VMa $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV9signature3for10Foundation4DataVx_tKAJ0J8ProtocolRzlF $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV9signature3for10Foundation4DataVx_tKAJ0J8ProtocolRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVAGycfC $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVAGycfC "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVMa $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAjKR_r0_lF $s9CryptoKit10Curve25519O7SigningO9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAjKR_r0_lF "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMa $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMn $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit12HashFunctionPAAE4hash4data6DigestQzqd___t10Foundation12DataProtocolRd__lFZ $s9CryptoKit12HashFunctionPAAE4hash4data6DigestQzqd___t10Foundation12DataProtocolRd__lFZ "" -+//go:cgo_import_dynamic $s9CryptoKit12HashFunctionPAAE6update4datayqd___t10Foundation12DataProtocolRd__lF $s9CryptoKit12HashFunctionPAAE6update4datayqd___t10Foundation12DataProtocolRd__lF "" -+//go:cgo_import_dynamic $s9CryptoKit12SHA256DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SHA256DigestV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s9CryptoKit12SHA256DigestVAA0D0AAMc $s9CryptoKit12SHA256DigestVAA0D0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit12SHA256DigestVMa $s9CryptoKit12SHA256DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit12SHA384DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SHA384DigestV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s9CryptoKit12SHA384DigestVAA0D0AAMc $s9CryptoKit12SHA384DigestVAA0D0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit12SHA384DigestVMa $s9CryptoKit12SHA384DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit12SHA512DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SHA512DigestV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s9CryptoKit12SHA512DigestVAA0D0AAMc $s9CryptoKit12SHA512DigestVAA0D0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit12SHA512DigestVMa $s9CryptoKit12SHA512DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit12SharedSecretV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SharedSecretV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s9CryptoKit12SharedSecretVMa $s9CryptoKit12SharedSecretVMa "" -+//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyV10Foundation15ContiguousBytesAAMc $s9CryptoKit12SymmetricKeyV10Foundation15ContiguousBytesAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SymmetricKeyV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyV4dataACx_tc10Foundation15ContiguousBytesRzlufC $s9CryptoKit12SymmetricKeyV4dataACx_tc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyVMa $s9CryptoKit12SymmetricKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit14SHA3_256DigestVMa $s9CryptoKit14SHA3_256DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit14SHA3_256DigestVSTAAMc $s9CryptoKit14SHA3_256DigestVSTAAMc "" -+//go:cgo_import_dynamic $s9CryptoKit14SHA3_384DigestVMa $s9CryptoKit14SHA3_384DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit14SHA3_384DigestVSTAAMc $s9CryptoKit14SHA3_384DigestVSTAAMc "" -+//go:cgo_import_dynamic $s9CryptoKit14SHA3_512DigestVMa $s9CryptoKit14SHA3_512DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit14SHA3_512DigestVSTAAMc $s9CryptoKit14SHA3_512DigestVSTAAMc "" -+//go:cgo_import_dynamic $s9CryptoKit24HashedAuthenticationCodeVMn $s9CryptoKit24HashedAuthenticationCodeVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit24HashedAuthenticationCodeVyxGAA07MessagedE0AAMc $s9CryptoKit24HashedAuthenticationCodeVyxGAA07MessagedE0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit24HashedAuthenticationCodeVyxGSTAAMc $s9CryptoKit24HashedAuthenticationCodeVyxGSTAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO4open_5using14authenticating10Foundation4DataVAE9SealedBoxV_AA12SymmetricKeyVxtKAI0I8ProtocolRzlFZ $s9CryptoKit3AESO3GCMO4open_5using14authenticating10Foundation4DataVAE9SealedBoxV_AA12SymmetricKeyVxtKAI0I8ProtocolRzlFZ "" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO4seal_5using5nonce14authenticatingAE9SealedBoxVx_AA12SymmetricKeyVAE5NonceVSgq_tK10Foundation12DataProtocolRzAqRR_r0_lFZ $s9CryptoKit3AESO3GCMO4seal_5using5nonce14authenticatingAE9SealedBoxVx_AA12SymmetricKeyVAE5NonceVSgq_tK10Foundation12DataProtocolRzAqRR_r0_lFZ "" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO5NonceV4dataAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit3AESO3GCMO5NonceV4dataAGx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO5NonceVMa $s9CryptoKit3AESO3GCMO5NonceVMa "" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO5NonceVMn $s9CryptoKit3AESO3GCMO5NonceVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxV10ciphertext10Foundation4DataVvg $s9CryptoKit3AESO3GCMO9SealedBoxV10ciphertext10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxV3tag10Foundation4DataVvg $s9CryptoKit3AESO3GCMO9SealedBoxV3tag10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxV5nonce10ciphertext3tagAgE5NonceV_xq_tKc10Foundation12DataProtocolRzAmNR_r0_lufC $s9CryptoKit3AESO3GCMO9SealedBoxV5nonce10ciphertext3tagAgE5NonceV_xq_tKc10Foundation12DataProtocolRzAmNR_r0_lufC "" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxVMa $s9CryptoKit3AESO3GCMO9SealedBoxVMa "" -+//go:cgo_import_dynamic $s9CryptoKit3KEMO19EncapsulationResultV12encapsulated10Foundation4DataVvg $s9CryptoKit3KEMO19EncapsulationResultV12encapsulated10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit3KEMO19EncapsulationResultV12sharedSecretAA12SymmetricKeyVvg $s9CryptoKit3KEMO19EncapsulationResultV12sharedSecretAA12SymmetricKeyVvg "" -+//go:cgo_import_dynamic $s9CryptoKit3KEMO19EncapsulationResultVMa $s9CryptoKit3KEMO19EncapsulationResultVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4HKDFV6expand15pseudoRandomKey4info15outputByteCountAA09SymmetricG0Vqd___qd_0_SgSit10Foundation15ContiguousBytesRd__AK12DataProtocolRd_0_r0_lFZ $s9CryptoKit4HKDFV6expand15pseudoRandomKey4info15outputByteCountAA09SymmetricG0Vqd___qd_0_SgSit10Foundation15ContiguousBytesRd__AK12DataProtocolRd_0_r0_lFZ "" -+//go:cgo_import_dynamic $s9CryptoKit4HKDFV7extract16inputKeyMaterial4saltAA24HashedAuthenticationCodeVyxGAA09SymmetricF0V_qd__Sgt10Foundation12DataProtocolRd__lFZ $s9CryptoKit4HKDFV7extract16inputKeyMaterial4saltAA24HashedAuthenticationCodeVyxGAA09SymmetricF0V_qd__Sgt10Foundation12DataProtocolRd__lFZ "" -+//go:cgo_import_dynamic $s9CryptoKit4HMACV3keyACyxGAA12SymmetricKeyV_tcfC $s9CryptoKit4HMACV3keyACyxGAA12SymmetricKeyV_tcfC "" -+//go:cgo_import_dynamic $s9CryptoKit4HMACV6update4datayqd___t10Foundation12DataProtocolRd__lF $s9CryptoKit4HMACV6update4datayqd___t10Foundation12DataProtocolRd__lF "" -+//go:cgo_import_dynamic $s9CryptoKit4HMACV8finalizeAA24HashedAuthenticationCodeVyxGyF $s9CryptoKit4HMACV8finalizeAA24HashedAuthenticationCodeVyxGyF "" -+//go:cgo_import_dynamic $s9CryptoKit4HMACVMn $s9CryptoKit4HMACVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO06PublicD0VMa $s9CryptoKit4P256O12KeyAgreementO06PublicD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0VMa $s9CryptoKit4P256O12KeyAgreementO07PrivateD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit4P256O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC $s9CryptoKit4P256O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF $s9CryptoKit4P256O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyVMa $s9CryptoKit4P256O7SigningO10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO14ECDSASignatureVMa $s9CryptoKit4P256O7SigningO14ECDSASignatureVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF $s9CryptoKit4P256O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyVMa $s9CryptoKit4P256O7SigningO9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO06PublicD0VMa $s9CryptoKit4P384O12KeyAgreementO06PublicD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0VMa $s9CryptoKit4P384O12KeyAgreementO07PrivateD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit4P384O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC $s9CryptoKit4P384O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF $s9CryptoKit4P384O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyVMa $s9CryptoKit4P384O7SigningO10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO14ECDSASignatureVMa $s9CryptoKit4P384O7SigningO14ECDSASignatureVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF $s9CryptoKit4P384O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyVMa $s9CryptoKit4P384O7SigningO9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO06PublicD0VMa $s9CryptoKit4P521O12KeyAgreementO06PublicD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0VMa $s9CryptoKit4P521O12KeyAgreementO07PrivateD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit4P521O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC $s9CryptoKit4P521O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF $s9CryptoKit4P521O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyVMa $s9CryptoKit4P521O7SigningO10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO14ECDSASignatureVMa $s9CryptoKit4P521O7SigningO14ECDSASignatureVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF $s9CryptoKit4P521O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyVMa $s9CryptoKit4P521O7SigningO9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit6DigestP9byteCountSivgZTj $s9CryptoKit6DigestP9byteCountSivgZTj "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA256V14blockByteCountSivgZ $s9CryptoKit6SHA256V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA256V8finalizeAA0C6DigestVyF $s9CryptoKit6SHA256V8finalizeAA0C6DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA256V9byteCountSivgZ $s9CryptoKit6SHA256V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA256VAA12HashFunctionAAMc $s9CryptoKit6SHA256VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit6SHA256VACycfC $s9CryptoKit6SHA256VACycfC "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA256VMa $s9CryptoKit6SHA256VMa "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA256VMn $s9CryptoKit6SHA256VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit6SHA384V14blockByteCountSivgZ $s9CryptoKit6SHA384V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA384V8finalizeAA0C6DigestVyF $s9CryptoKit6SHA384V8finalizeAA0C6DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA384V9byteCountSivgZ $s9CryptoKit6SHA384V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA384VAA12HashFunctionAAMc $s9CryptoKit6SHA384VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit6SHA384VACycfC $s9CryptoKit6SHA384VACycfC "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA384VMa $s9CryptoKit6SHA384VMa "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA384VMn $s9CryptoKit6SHA384VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit6SHA512V14blockByteCountSivgZ $s9CryptoKit6SHA512V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA512V8finalizeAA0C6DigestVyF $s9CryptoKit6SHA512V8finalizeAA0C6DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA512V9byteCountSivgZ $s9CryptoKit6SHA512V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA512VAA12HashFunctionAAMc $s9CryptoKit6SHA512VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit6SHA512VACycfC $s9CryptoKit6SHA512VACycfC "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA512VMa $s9CryptoKit6SHA512VMa "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA512VMn $s9CryptoKit6SHA512VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit7MLDSA65O10PrivateKeyV06publicE0AC06PublicE0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyVAEyKcfC $s9CryptoKit7MLDSA65O10PrivateKeyVAEyKcfC "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyVMa $s9CryptoKit7MLDSA65O10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyVMa $s9CryptoKit7MLDSA65O9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyVMn $s9CryptoKit7MLDSA65O9PublicKeyVMn "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit7MLDSA87O10PrivateKeyV06publicE0AC06PublicE0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyVAEyKcfC $s9CryptoKit7MLDSA87O10PrivateKeyVAEyKcfC "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyVMa $s9CryptoKit7MLDSA87O10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyVMa $s9CryptoKit7MLDSA87O9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyVMn $s9CryptoKit7MLDSA87O9PublicKeyVMn "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO10SHA1DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit8InsecureO10SHA1DigestV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO10SHA1DigestVMa $s9CryptoKit8InsecureO10SHA1DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5V14blockByteCountSivgZ $s9CryptoKit8InsecureO3MD5V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5V8finalizeAC0D6DigestVyF $s9CryptoKit8InsecureO3MD5V8finalizeAC0D6DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5V9byteCountSivgZ $s9CryptoKit8InsecureO3MD5V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VAA12HashFunctionAAMc $s9CryptoKit8InsecureO3MD5VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VAEycfC $s9CryptoKit8InsecureO3MD5VAEycfC "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VMa $s9CryptoKit8InsecureO3MD5VMa "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VMn $s9CryptoKit8InsecureO3MD5VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1V14blockByteCountSivgZ $s9CryptoKit8InsecureO4SHA1V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1V8finalizeAC0D6DigestVyF $s9CryptoKit8InsecureO4SHA1V8finalizeAC0D6DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1V9byteCountSivgZ $s9CryptoKit8InsecureO4SHA1V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VAA12HashFunctionAAMc $s9CryptoKit8InsecureO4SHA1VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VAEycfC $s9CryptoKit8InsecureO4SHA1VAEycfC "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VMa $s9CryptoKit8InsecureO4SHA1VMa "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VMn $s9CryptoKit8InsecureO4SHA1VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO9MD5DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit8InsecureO9MD5DigestV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO9MD5DigestVMa $s9CryptoKit8InsecureO9MD5DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit8MLKEM768O10PrivateKeyV06publicE0AC06PublicE0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF $s9CryptoKit8MLKEM768O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyVAEyKcfC $s9CryptoKit8MLKEM768O10PrivateKeyVAEyKcfC "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyVMa $s9CryptoKit8MLKEM768O10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF $s9CryptoKit8MLKEM768O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyVMa $s9CryptoKit8MLKEM768O9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyVMn $s9CryptoKit8MLKEM768O9PublicKeyVMn "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_256V14blockByteCountSivgZ $s9CryptoKit8SHA3_256V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_256V8finalizeAA0C10_256DigestVyF $s9CryptoKit8SHA3_256V8finalizeAA0C10_256DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_256V9byteCountSivgZ $s9CryptoKit8SHA3_256V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_256VAA12HashFunctionAAMc $s9CryptoKit8SHA3_256VAA12HashFunctionAAMc "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_256VACycfC $s9CryptoKit8SHA3_256VACycfC "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_256VMa $s9CryptoKit8SHA3_256VMa "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_384V14blockByteCountSivgZ $s9CryptoKit8SHA3_384V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_384V8finalizeAA0C10_384DigestVyF $s9CryptoKit8SHA3_384V8finalizeAA0C10_384DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_384V9byteCountSivgZ $s9CryptoKit8SHA3_384V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_384VAA12HashFunctionAAMc $s9CryptoKit8SHA3_384VAA12HashFunctionAAMc "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_384VACycfC $s9CryptoKit8SHA3_384VACycfC "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_384VMa $s9CryptoKit8SHA3_384VMa "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_512V14blockByteCountSivgZ $s9CryptoKit8SHA3_512V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_512V8finalizeAA0C10_512DigestVyF $s9CryptoKit8SHA3_512V8finalizeAA0C10_512DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_512V9byteCountSivgZ $s9CryptoKit8SHA3_512V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_512VAA12HashFunctionAAMc $s9CryptoKit8SHA3_512VAA12HashFunctionAAMc "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_512VACycfC $s9CryptoKit8SHA3_512VACycfC "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_512VMa $s9CryptoKit8SHA3_512VMa "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit9MLKEM1024O10PrivateKeyV06publicE0AC06PublicE0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF $s9CryptoKit9MLKEM1024O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyVAEyKcfC $s9CryptoKit9MLKEM1024O10PrivateKeyVAEyKcfC "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyVMa $s9CryptoKit9MLKEM1024O10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF $s9CryptoKit9MLKEM1024O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyVMa $s9CryptoKit9MLKEM1024O9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyVMn $s9CryptoKit9MLKEM1024O9PublicKeyVMn "" -+//go:cgo_import_dynamic $sSKsE6suffixy11SubSequenceQzSiF $sSKsE6suffixy11SubSequenceQzSiF "" -+//go:cgo_import_dynamic $sSS19stringInterpolationSSs013DefaultStringB0V_tcfC $sSS19stringInterpolationSSs013DefaultStringB0V_tcfC "" -+//go:cgo_import_dynamic $sSS21_builtinStringLiteral17utf8CodeUnitCount7isASCIISSBp_BwBi1_tcfC $sSS21_builtinStringLiteral17utf8CodeUnitCount7isASCIISSBp_BwBi1_tcfC "" -+//go:cgo_import_dynamic $sSW10Foundation12DataProtocolAAMc $sSW10Foundation12DataProtocolAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $sSW4load14fromByteOffset2asxSi_xmtlF $sSW4load14fromByteOffset2asxSi_xmtlF "" -+//go:cgo_import_dynamic $sSW5countSivg $sSW5countSivg "" -+//go:cgo_import_dynamic $sSWN $sSWN "/usr/lib/swift/libswiftCore.dylib" -+//go:cgo_import_dynamic $sSWSTsWP $sSWSTsWP "/usr/lib/swift/libswiftCore.dylib" -+//go:cgo_import_dynamic $sSWSlsMc $sSWSlsMc "/usr/lib/swift/libswiftCore.dylib" -+//go:cgo_import_dynamic $sSiN $sSiN "/usr/lib/swift/libswiftCore.dylib" -+//go:cgo_import_dynamic $sSis23CustomStringConvertiblesWP $sSis23CustomStringConvertiblesWP "/usr/lib/swift/libswiftCore.dylib" -+//go:cgo_import_dynamic $sSlsE6prefixy11SubSequenceQzSiF $sSlsE6prefixy11SubSequenceQzSiF "" -+//go:cgo_import_dynamic $sSmsE1poiyxx_qd__tSmRd__7ElementQyd__ABRtzlFZ $sSmsE1poiyxx_qd__tSmRd__7ElementQyd__ABRtzlFZ "" -+//go:cgo_import_dynamic $sSp10deallocateyyF $sSp10deallocateyyF "" -+//go:cgo_import_dynamic $sSp8allocate8capacitySpyxGSi_tFZ $sSp8allocate8capacitySpyxGSi_tFZ "" -+//go:cgo_import_dynamic $sSw9copyBytes4fromyx_tSlRzs5UInt8V7ElementRtzlF $sSw9copyBytes4fromyx_tSlRzs5UInt8V7ElementRtzlF "" -+//go:cgo_import_dynamic $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF "" -+//go:cgo_import_dynamic $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_SSAHSus6UInt32VtF $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_SSAHSus6UInt32VtF "" -+//go:cgo_import_dynamic $ss18_fatalErrorMessage__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF $ss18_fatalErrorMessage__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF "" -+//go:cgo_import_dynamic $ss26DefaultStringInterpolationV06appendC0yyxs06CustomB11ConvertibleRzlF $ss26DefaultStringInterpolationV06appendC0yyxs06CustomB11ConvertibleRzlF "" -+//go:cgo_import_dynamic $ss26DefaultStringInterpolationV13appendLiteralyySSF $ss26DefaultStringInterpolationV13appendLiteralyySSF "" -+//go:cgo_import_dynamic $ss26DefaultStringInterpolationV15literalCapacity18interpolationCountABSi_SitcfC $ss26DefaultStringInterpolationV15literalCapacity18interpolationCountABSi_SitcfC "" -+//go:cgo_import_dynamic $ss26_stdlib_isOSVersionAtLeastyBi1_Bw_BwBwtF $ss26_stdlib_isOSVersionAtLeastyBi1_Bw_BwBwtF "" -+//go:cgo_import_dynamic $sytN $sytN "/usr/lib/swift/libswiftCore.dylib" -+//go:cgo_import_dynamic ___chkstk_darwin ___chkstk_darwin "" -+//go:cgo_import_dynamic memcpy memcpy "" -+//go:cgo_import_dynamic memset memset "" -+//go:cgo_import_dynamic swift_allocBox swift_allocBox "" -+//go:cgo_import_dynamic swift_beginAccess swift_beginAccess "" -+//go:cgo_import_dynamic swift_bridgeObjectRelease swift_bridgeObjectRelease "" -+//go:cgo_import_dynamic swift_bridgeObjectRetain swift_bridgeObjectRetain "" -+//go:cgo_import_dynamic swift_endAccess swift_endAccess "" -+//go:cgo_import_dynamic swift_errorRelease swift_errorRelease "" -+//go:cgo_import_dynamic swift_getTypeByMangledNameInContext swift_getTypeByMangledNameInContext "" -+//go:cgo_import_dynamic swift_getTypeByMangledNameInContextInMetadataState swift_getTypeByMangledNameInContextInMetadataState "" -+//go:cgo_import_dynamic swift_getWitnessTable swift_getWitnessTable "" -+//go:cgo_import_dynamic swift_release swift_release "" -+//go:cgo_import_dynamic swift_retain swift_retain "" -+//go:cgo_import_dynamic swift_unexpectedError swift_unexpectedError "" -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_arm64.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_arm64.go -new file mode 100644 -index 00000000000000..ce5806b1910da9 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/zcryptokit_swift_arm64.go -@@ -0,0 +1,306 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+// Code generated by genswiftimports. DO NOT EDIT. ++var _mkcgo_PKCS5_PBKDF2_HMAC uintptr ++ ++func PKCS5_PBKDF2_HMAC(pass []byte, salt []byte, iter int32, digest EVP_MD_PTR, out []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_PKCS5_PBKDF2_HMAC, uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(pass)))), uintptr(len(pass)), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(salt)))), uintptr(len(salt)), uintptr(iter), uintptr(digest), uintptr(len(out)), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(unsafe.SliceData(out)))), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("PKCS5_PBKDF2_HMAC", _err) ++} + -+//go:build !cgo && darwin && arm64 ++var _mkcgo_RAND_bytes uintptr + -+package cryptokit ++func RAND_bytes(buf []byte) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_RAND_bytes, uintptr(unsafe.Pointer(unsafe.SliceData(buf))), uintptr(len(buf)), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("RAND_bytes", _err) ++} + -+//go:cgo_import_dynamic $s10Foundation12DataProtocolPAAE9copyBytes2toSiSw_tF $s10Foundation12DataProtocolPAAE9copyBytes2toSiSw_tF "" -+//go:cgo_import_dynamic $s10Foundation15ContiguousBytesP010withUnsafeC0yqd__qd__SWKXEKlFTj $s10Foundation15ContiguousBytesP010withUnsafeC0yqd__qd__SWKXEKlFTj "" -+//go:cgo_import_dynamic $s10Foundation4DataV15withUnsafeBytesyxxSWKXEKlF $s10Foundation4DataV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s10Foundation4DataV5bytes5countACSV_SitcfC $s10Foundation4DataV5bytes5countACSV_SitcfC "" -+//go:cgo_import_dynamic $s10Foundation4DataV5countSivg $s10Foundation4DataV5countSivg "" -+//go:cgo_import_dynamic $s10Foundation4DataV9copyBytes2to5countySpys5UInt8VG_SitF $s10Foundation4DataV9copyBytes2to5countySpys5UInt8VG_SitF "" -+//go:cgo_import_dynamic $s10Foundation4DataV9repeating5countACs5UInt8V_SitcfC $s10Foundation4DataV9repeating5countACs5UInt8V_SitcfC "" -+//go:cgo_import_dynamic $s10Foundation4DataVAA0B8ProtocolAAMc $s10Foundation4DataVAA0B8ProtocolAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $s10Foundation4DataVAA15ContiguousBytesAAWP $s10Foundation4DataVAA15ContiguousBytesAAWP "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $s10Foundation4DataVACycfC $s10Foundation4DataVACycfC "" -+//go:cgo_import_dynamic $s10Foundation4DataVN $s10Foundation4DataVN "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $s10Foundation4DataVSKAAMc $s10Foundation4DataVSKAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $s10Foundation4DataVSTAAMc $s10Foundation4DataVSTAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $s10Foundation4DataVSlAAMc $s10Foundation4DataVSlAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $s10Foundation4DataVSmAAMc $s10Foundation4DataVSmAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $s10Foundation4DataVyACxcSTRzs5UInt8V7ElementRtzlufC $s10Foundation4DataVyACxcSTRzs5UInt8V7ElementRtzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO4open_5using14authenticating10Foundation4DataVAC9SealedBoxV_AA12SymmetricKeyVxtKAG0I8ProtocolRzlFZ $s9CryptoKit03ChaC4PolyO4open_5using14authenticating10Foundation4DataVAC9SealedBoxV_AA12SymmetricKeyVxtKAG0I8ProtocolRzlFZ "" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO4seal_5using5nonce14authenticatingAC9SealedBoxVx_AA12SymmetricKeyVAC5NonceVSgq_tK10Foundation12DataProtocolRzAoPR_r0_lFZ $s9CryptoKit03ChaC4PolyO4seal_5using5nonce14authenticatingAC9SealedBoxVx_AA12SymmetricKeyVAC5NonceVSgq_tK10Foundation12DataProtocolRzAoPR_r0_lFZ "" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO5NonceV4dataAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit03ChaC4PolyO5NonceV4dataAEx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO5NonceVMa $s9CryptoKit03ChaC4PolyO5NonceVMa "" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO5NonceVMn $s9CryptoKit03ChaC4PolyO5NonceVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO9SealedBoxV10ciphertext10Foundation4DataVvg $s9CryptoKit03ChaC4PolyO9SealedBoxV10ciphertext10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO9SealedBoxV3tag10Foundation4DataVvg $s9CryptoKit03ChaC4PolyO9SealedBoxV3tag10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit03ChaC4PolyO9SealedBoxV5nonce10ciphertext3tagAeC5NonceV_xq_tKc10Foundation12DataProtocolRzAkLR_r0_lufC $s9CryptoKit03ChaC4PolyO9SealedBoxV5nonce10ciphertext3tagAeC5NonceV_xq_tKc10Foundation12DataProtocolRzAkLR_r0_lufC "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0VMa $s9CryptoKit10Curve25519O12KeyAgreementO06PublicD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VAGycfC $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VAGycfC "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VMa $s9CryptoKit10Curve25519O12KeyAgreementO07PrivateD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV9signature3for10Foundation4DataVx_tKAJ0J8ProtocolRzlF $s9CryptoKit10Curve25519O7SigningO10PrivateKeyV9signature3for10Foundation4DataVx_tKAJ0J8ProtocolRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVAGycfC $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVAGycfC "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVMa $s9CryptoKit10Curve25519O7SigningO10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAjKR_r0_lF $s9CryptoKit10Curve25519O7SigningO9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAjKR_r0_lF "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit10Curve25519O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMa $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMn $s9CryptoKit10Curve25519O7SigningO9PublicKeyVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit12HashFunctionPAAE4hash4data6DigestQzqd___t10Foundation12DataProtocolRd__lFZ $s9CryptoKit12HashFunctionPAAE4hash4data6DigestQzqd___t10Foundation12DataProtocolRd__lFZ "" -+//go:cgo_import_dynamic $s9CryptoKit12HashFunctionPAAE6update4datayqd___t10Foundation12DataProtocolRd__lF $s9CryptoKit12HashFunctionPAAE6update4datayqd___t10Foundation12DataProtocolRd__lF "" -+//go:cgo_import_dynamic $s9CryptoKit12SHA256DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SHA256DigestV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s9CryptoKit12SHA256DigestVAA0D0AAMc $s9CryptoKit12SHA256DigestVAA0D0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit12SHA256DigestVMa $s9CryptoKit12SHA256DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit12SHA384DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SHA384DigestV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s9CryptoKit12SHA384DigestVAA0D0AAMc $s9CryptoKit12SHA384DigestVAA0D0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit12SHA384DigestVMa $s9CryptoKit12SHA384DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit12SHA512DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SHA512DigestV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s9CryptoKit12SHA512DigestVAA0D0AAMc $s9CryptoKit12SHA512DigestVAA0D0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit12SHA512DigestVMa $s9CryptoKit12SHA512DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit12SharedSecretV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SharedSecretV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s9CryptoKit12SharedSecretVMa $s9CryptoKit12SharedSecretVMa "" -+//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyV10Foundation15ContiguousBytesAAMc $s9CryptoKit12SymmetricKeyV10Foundation15ContiguousBytesAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit12SymmetricKeyV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyV4dataACx_tc10Foundation15ContiguousBytesRzlufC $s9CryptoKit12SymmetricKeyV4dataACx_tc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit12SymmetricKeyVMa $s9CryptoKit12SymmetricKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit14SHA3_256DigestVMa $s9CryptoKit14SHA3_256DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit14SHA3_256DigestVSTAAMc $s9CryptoKit14SHA3_256DigestVSTAAMc "" -+//go:cgo_import_dynamic $s9CryptoKit14SHA3_384DigestVMa $s9CryptoKit14SHA3_384DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit14SHA3_384DigestVSTAAMc $s9CryptoKit14SHA3_384DigestVSTAAMc "" -+//go:cgo_import_dynamic $s9CryptoKit14SHA3_512DigestVMa $s9CryptoKit14SHA3_512DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit14SHA3_512DigestVSTAAMc $s9CryptoKit14SHA3_512DigestVSTAAMc "" -+//go:cgo_import_dynamic $s9CryptoKit24HashedAuthenticationCodeVMn $s9CryptoKit24HashedAuthenticationCodeVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit24HashedAuthenticationCodeVyxGAA07MessagedE0AAMc $s9CryptoKit24HashedAuthenticationCodeVyxGAA07MessagedE0AAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit24HashedAuthenticationCodeVyxGSTAAMc $s9CryptoKit24HashedAuthenticationCodeVyxGSTAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO4open_5using14authenticating10Foundation4DataVAE9SealedBoxV_AA12SymmetricKeyVxtKAI0I8ProtocolRzlFZ $s9CryptoKit3AESO3GCMO4open_5using14authenticating10Foundation4DataVAE9SealedBoxV_AA12SymmetricKeyVxtKAI0I8ProtocolRzlFZ "" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO4seal_5using5nonce14authenticatingAE9SealedBoxVx_AA12SymmetricKeyVAE5NonceVSgq_tK10Foundation12DataProtocolRzAqRR_r0_lFZ $s9CryptoKit3AESO3GCMO4seal_5using5nonce14authenticatingAE9SealedBoxVx_AA12SymmetricKeyVAE5NonceVSgq_tK10Foundation12DataProtocolRzAqRR_r0_lFZ "" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO5NonceV4dataAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit3AESO3GCMO5NonceV4dataAGx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO5NonceVMa $s9CryptoKit3AESO3GCMO5NonceVMa "" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO5NonceVMn $s9CryptoKit3AESO3GCMO5NonceVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxV10ciphertext10Foundation4DataVvg $s9CryptoKit3AESO3GCMO9SealedBoxV10ciphertext10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxV3tag10Foundation4DataVvg $s9CryptoKit3AESO3GCMO9SealedBoxV3tag10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxV5nonce10ciphertext3tagAgE5NonceV_xq_tKc10Foundation12DataProtocolRzAmNR_r0_lufC $s9CryptoKit3AESO3GCMO9SealedBoxV5nonce10ciphertext3tagAgE5NonceV_xq_tKc10Foundation12DataProtocolRzAmNR_r0_lufC "" -+//go:cgo_import_dynamic $s9CryptoKit3AESO3GCMO9SealedBoxVMa $s9CryptoKit3AESO3GCMO9SealedBoxVMa "" -+//go:cgo_import_dynamic $s9CryptoKit3KEMO19EncapsulationResultV12encapsulated10Foundation4DataVvg $s9CryptoKit3KEMO19EncapsulationResultV12encapsulated10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit3KEMO19EncapsulationResultV12sharedSecretAA12SymmetricKeyVvg $s9CryptoKit3KEMO19EncapsulationResultV12sharedSecretAA12SymmetricKeyVvg "" -+//go:cgo_import_dynamic $s9CryptoKit3KEMO19EncapsulationResultVMa $s9CryptoKit3KEMO19EncapsulationResultVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4HKDFV6expand15pseudoRandomKey4info15outputByteCountAA09SymmetricG0Vqd___qd_0_SgSit10Foundation15ContiguousBytesRd__AK12DataProtocolRd_0_r0_lFZ $s9CryptoKit4HKDFV6expand15pseudoRandomKey4info15outputByteCountAA09SymmetricG0Vqd___qd_0_SgSit10Foundation15ContiguousBytesRd__AK12DataProtocolRd_0_r0_lFZ "" -+//go:cgo_import_dynamic $s9CryptoKit4HKDFV7extract16inputKeyMaterial4saltAA24HashedAuthenticationCodeVyxGAA09SymmetricF0V_qd__Sgt10Foundation12DataProtocolRd__lFZ $s9CryptoKit4HKDFV7extract16inputKeyMaterial4saltAA24HashedAuthenticationCodeVyxGAA09SymmetricF0V_qd__Sgt10Foundation12DataProtocolRd__lFZ "" -+//go:cgo_import_dynamic $s9CryptoKit4HMACV3keyACyxGAA12SymmetricKeyV_tcfC $s9CryptoKit4HMACV3keyACyxGAA12SymmetricKeyV_tcfC "" -+//go:cgo_import_dynamic $s9CryptoKit4HMACV6update4datayqd___t10Foundation12DataProtocolRd__lF $s9CryptoKit4HMACV6update4datayqd___t10Foundation12DataProtocolRd__lF "" -+//go:cgo_import_dynamic $s9CryptoKit4HMACV8finalizeAA24HashedAuthenticationCodeVyxGyF $s9CryptoKit4HMACV8finalizeAA24HashedAuthenticationCodeVyxGyF "" -+//go:cgo_import_dynamic $s9CryptoKit4HMACVMn $s9CryptoKit4HMACVMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO06PublicD0VMa $s9CryptoKit4P256O12KeyAgreementO06PublicD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC $s9CryptoKit4P256O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O12KeyAgreementO07PrivateD0VMa $s9CryptoKit4P256O12KeyAgreementO07PrivateD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit4P256O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC $s9CryptoKit4P256O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF $s9CryptoKit4P256O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO10PrivateKeyVMa $s9CryptoKit4P256O7SigningO10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit4P256O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO14ECDSASignatureVMa $s9CryptoKit4P256O7SigningO14ECDSASignatureVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF $s9CryptoKit4P256O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P256O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P256O7SigningO9PublicKeyVMa $s9CryptoKit4P256O7SigningO9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO06PublicD0VMa $s9CryptoKit4P384O12KeyAgreementO06PublicD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC $s9CryptoKit4P384O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O12KeyAgreementO07PrivateD0VMa $s9CryptoKit4P384O12KeyAgreementO07PrivateD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit4P384O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC $s9CryptoKit4P384O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF $s9CryptoKit4P384O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO10PrivateKeyVMa $s9CryptoKit4P384O7SigningO10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit4P384O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO14ECDSASignatureVMa $s9CryptoKit4P384O7SigningO14ECDSASignatureVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF $s9CryptoKit4P384O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P384O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P384O7SigningO9PublicKeyVMa $s9CryptoKit4P384O7SigningO9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963Representation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O12KeyAgreementO06PublicD0V18x963RepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO06PublicD0VMa $s9CryptoKit4P521O12KeyAgreementO06PublicD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V016sharedSecretFromdE04withAA06SharedH0VAE06PublicD0V_tKF "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V06publicD0AE06PublicD0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC $s9CryptoKit4P521O12KeyAgreementO07PrivateD0V20compactRepresentableAGSb_tcfC "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O12KeyAgreementO07PrivateD0VMa $s9CryptoKit4P521O12KeyAgreementO07PrivateD0VMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg $s9CryptoKit4P521O7SigningO10PrivateKeyV06publicF0AE06PublicF0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O7SigningO10PrivateKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC $s9CryptoKit4P521O7SigningO10PrivateKeyV20compactRepresentableAGSb_tcfC "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF $s9CryptoKit4P521O7SigningO10PrivateKeyV9signature3forAE14ECDSASignatureVx_tKAA6DigestRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO10PrivateKeyVMa $s9CryptoKit4P521O7SigningO10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit4P521O7SigningO14ECDSASignatureV17derRepresentationAGx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO14ECDSASignatureVMa $s9CryptoKit4P521O7SigningO14ECDSASignatureVMa "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF $s9CryptoKit4P521O7SigningO9PublicKeyV16isValidSignature_3forSbAE14ECDSASignatureV_xtAA6DigestRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC $s9CryptoKit4P521O7SigningO9PublicKeyV17rawRepresentationAGx_tKc10Foundation15ContiguousBytesRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit4P521O7SigningO9PublicKeyVMa $s9CryptoKit4P521O7SigningO9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit6DigestP9byteCountSivgZTj $s9CryptoKit6DigestP9byteCountSivgZTj "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA256V14blockByteCountSivgZ $s9CryptoKit6SHA256V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA256V8finalizeAA0C6DigestVyF $s9CryptoKit6SHA256V8finalizeAA0C6DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA256V9byteCountSivgZ $s9CryptoKit6SHA256V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA256VAA12HashFunctionAAMc $s9CryptoKit6SHA256VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit6SHA256VACycfC $s9CryptoKit6SHA256VACycfC "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA256VMa $s9CryptoKit6SHA256VMa "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA256VMn $s9CryptoKit6SHA256VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit6SHA384V14blockByteCountSivgZ $s9CryptoKit6SHA384V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA384V8finalizeAA0C6DigestVyF $s9CryptoKit6SHA384V8finalizeAA0C6DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA384V9byteCountSivgZ $s9CryptoKit6SHA384V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA384VAA12HashFunctionAAMc $s9CryptoKit6SHA384VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit6SHA384VACycfC $s9CryptoKit6SHA384VACycfC "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA384VMa $s9CryptoKit6SHA384VMa "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA384VMn $s9CryptoKit6SHA384VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit6SHA512V14blockByteCountSivgZ $s9CryptoKit6SHA512V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA512V8finalizeAA0C6DigestVyF $s9CryptoKit6SHA512V8finalizeAA0C6DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA512V9byteCountSivgZ $s9CryptoKit6SHA512V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA512VAA12HashFunctionAAMc $s9CryptoKit6SHA512VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit6SHA512VACycfC $s9CryptoKit6SHA512VACycfC "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA512VMa $s9CryptoKit6SHA512VMa "" -+//go:cgo_import_dynamic $s9CryptoKit6SHA512VMn $s9CryptoKit6SHA512VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit7MLDSA65O10PrivateKeyV06publicE0AC06PublicE0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA65O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF $s9CryptoKit7MLDSA65O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyVAEyKcfC $s9CryptoKit7MLDSA65O10PrivateKeyVAEyKcfC "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O10PrivateKeyVMa $s9CryptoKit7MLDSA65O10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF $s9CryptoKit7MLDSA65O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA65O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyVMa $s9CryptoKit7MLDSA65O9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA65O9PublicKeyVMn $s9CryptoKit7MLDSA65O9PublicKeyVMn "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit7MLDSA87O10PrivateKeyV06publicE0AC06PublicE0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA87O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for10Foundation4DataVx_tKAH0I8ProtocolRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF $s9CryptoKit7MLDSA87O10PrivateKeyV9signature3for7context10Foundation4DataVx_q_tKAI0J8ProtocolRzAiLR_r0_lF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyVAEyKcfC $s9CryptoKit7MLDSA87O10PrivateKeyVAEyKcfC "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O10PrivateKeyVMa $s9CryptoKit7MLDSA87O10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3for7contextSbx_q_q0_t10Foundation12DataProtocolRzAiJR_AiJR0_r1_lF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF $s9CryptoKit7MLDSA87O9PublicKeyV16isValidSignature_3forSbx_q_t10Foundation12DataProtocolRzAhIR_r0_lF "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit7MLDSA87O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyVMa $s9CryptoKit7MLDSA87O9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit7MLDSA87O9PublicKeyVMn $s9CryptoKit7MLDSA87O9PublicKeyVMn "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO10SHA1DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit8InsecureO10SHA1DigestV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO10SHA1DigestVMa $s9CryptoKit8InsecureO10SHA1DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5V14blockByteCountSivgZ $s9CryptoKit8InsecureO3MD5V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5V8finalizeAC0D6DigestVyF $s9CryptoKit8InsecureO3MD5V8finalizeAC0D6DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5V9byteCountSivgZ $s9CryptoKit8InsecureO3MD5V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VAA12HashFunctionAAMc $s9CryptoKit8InsecureO3MD5VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VAEycfC $s9CryptoKit8InsecureO3MD5VAEycfC "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VMa $s9CryptoKit8InsecureO3MD5VMa "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO3MD5VMn $s9CryptoKit8InsecureO3MD5VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1V14blockByteCountSivgZ $s9CryptoKit8InsecureO4SHA1V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1V8finalizeAC0D6DigestVyF $s9CryptoKit8InsecureO4SHA1V8finalizeAC0D6DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1V9byteCountSivgZ $s9CryptoKit8InsecureO4SHA1V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VAA12HashFunctionAAMc $s9CryptoKit8InsecureO4SHA1VAA12HashFunctionAAMc "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VAEycfC $s9CryptoKit8InsecureO4SHA1VAEycfC "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VMa $s9CryptoKit8InsecureO4SHA1VMa "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO4SHA1VMn $s9CryptoKit8InsecureO4SHA1VMn "/System/Library/Frameworks/CryptoKit.framework/Versions/A/CryptoKit" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO9MD5DigestV15withUnsafeBytesyxxSWKXEKlF $s9CryptoKit8InsecureO9MD5DigestV15withUnsafeBytesyxxSWKXEKlF "" -+//go:cgo_import_dynamic $s9CryptoKit8InsecureO9MD5DigestVMa $s9CryptoKit8InsecureO9MD5DigestVMa "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit8MLKEM768O10PrivateKeyV06publicE0AC06PublicE0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF $s9CryptoKit8MLKEM768O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit8MLKEM768O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyVAEyKcfC $s9CryptoKit8MLKEM768O10PrivateKeyVAEyKcfC "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O10PrivateKeyVMa $s9CryptoKit8MLKEM768O10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF $s9CryptoKit8MLKEM768O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit8MLKEM768O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyVMa $s9CryptoKit8MLKEM768O9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit8MLKEM768O9PublicKeyVMn $s9CryptoKit8MLKEM768O9PublicKeyVMn "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_256V14blockByteCountSivgZ $s9CryptoKit8SHA3_256V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_256V8finalizeAA0C10_256DigestVyF $s9CryptoKit8SHA3_256V8finalizeAA0C10_256DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_256V9byteCountSivgZ $s9CryptoKit8SHA3_256V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_256VAA12HashFunctionAAMc $s9CryptoKit8SHA3_256VAA12HashFunctionAAMc "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_256VACycfC $s9CryptoKit8SHA3_256VACycfC "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_256VMa $s9CryptoKit8SHA3_256VMa "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_384V14blockByteCountSivgZ $s9CryptoKit8SHA3_384V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_384V8finalizeAA0C10_384DigestVyF $s9CryptoKit8SHA3_384V8finalizeAA0C10_384DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_384V9byteCountSivgZ $s9CryptoKit8SHA3_384V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_384VAA12HashFunctionAAMc $s9CryptoKit8SHA3_384VAA12HashFunctionAAMc "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_384VACycfC $s9CryptoKit8SHA3_384VACycfC "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_384VMa $s9CryptoKit8SHA3_384VMa "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_512V14blockByteCountSivgZ $s9CryptoKit8SHA3_512V14blockByteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_512V8finalizeAA0C10_512DigestVyF $s9CryptoKit8SHA3_512V8finalizeAA0C10_512DigestVyF "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_512V9byteCountSivgZ $s9CryptoKit8SHA3_512V9byteCountSivgZ "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_512VAA12HashFunctionAAMc $s9CryptoKit8SHA3_512VAA12HashFunctionAAMc "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_512VACycfC $s9CryptoKit8SHA3_512VACycfC "" -+//go:cgo_import_dynamic $s9CryptoKit8SHA3_512VMa $s9CryptoKit8SHA3_512VMa "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV06publicE0AC06PublicE0Vvg $s9CryptoKit9MLKEM1024O10PrivateKeyV06publicE0AC06PublicE0Vvg "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF $s9CryptoKit9MLKEM1024O10PrivateKeyV11decapsulateyAA09SymmetricE0VxK10Foundation12DataProtocolRzlF "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation06publicE0AEx_AC06PublicE0VSgtKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation10Foundation4DataVvg $s9CryptoKit9MLKEM1024O10PrivateKeyV18seedRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyVAEyKcfC $s9CryptoKit9MLKEM1024O10PrivateKeyVAEyKcfC "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O10PrivateKeyVMa $s9CryptoKit9MLKEM1024O10PrivateKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF $s9CryptoKit9MLKEM1024O9PublicKeyV11encapsulateAA3KEMO19EncapsulationResultVyKF "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentation10Foundation4DataVvg $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentation10Foundation4DataVvg "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC $s9CryptoKit9MLKEM1024O9PublicKeyV17rawRepresentationAEx_tKc10Foundation12DataProtocolRzlufC "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyVMa $s9CryptoKit9MLKEM1024O9PublicKeyVMa "" -+//go:cgo_import_dynamic $s9CryptoKit9MLKEM1024O9PublicKeyVMn $s9CryptoKit9MLKEM1024O9PublicKeyVMn "" -+//go:cgo_import_dynamic $sSKsE6suffixy11SubSequenceQzSiF $sSKsE6suffixy11SubSequenceQzSiF "" -+//go:cgo_import_dynamic $sSS19stringInterpolationSSs013DefaultStringB0V_tcfC $sSS19stringInterpolationSSs013DefaultStringB0V_tcfC "" -+//go:cgo_import_dynamic $sSS21_builtinStringLiteral17utf8CodeUnitCount7isASCIISSBp_BwBi1_tcfC $sSS21_builtinStringLiteral17utf8CodeUnitCount7isASCIISSBp_BwBi1_tcfC "" -+//go:cgo_import_dynamic $sSW10Foundation12DataProtocolAAMc $sSW10Foundation12DataProtocolAAMc "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation" -+//go:cgo_import_dynamic $sSW4load14fromByteOffset2asxSi_xmtlF $sSW4load14fromByteOffset2asxSi_xmtlF "" -+//go:cgo_import_dynamic $sSW5countSivg $sSW5countSivg "" -+//go:cgo_import_dynamic $sSWN $sSWN "/usr/lib/swift/libswiftCore.dylib" -+//go:cgo_import_dynamic $sSWSTsWP $sSWSTsWP "/usr/lib/swift/libswiftCore.dylib" -+//go:cgo_import_dynamic $sSWSlsMc $sSWSlsMc "/usr/lib/swift/libswiftCore.dylib" -+//go:cgo_import_dynamic $sSiN $sSiN "/usr/lib/swift/libswiftCore.dylib" -+//go:cgo_import_dynamic $sSis23CustomStringConvertiblesWP $sSis23CustomStringConvertiblesWP "/usr/lib/swift/libswiftCore.dylib" -+//go:cgo_import_dynamic $sSlsE6prefixy11SubSequenceQzSiF $sSlsE6prefixy11SubSequenceQzSiF "" -+//go:cgo_import_dynamic $sSmsE1poiyxx_qd__tSmRd__7ElementQyd__ABRtzlFZ $sSmsE1poiyxx_qd__tSmRd__7ElementQyd__ABRtzlFZ "" -+//go:cgo_import_dynamic $sSp10deallocateyyF $sSp10deallocateyyF "" -+//go:cgo_import_dynamic $sSp8allocate8capacitySpyxGSi_tFZ $sSp8allocate8capacitySpyxGSi_tFZ "" -+//go:cgo_import_dynamic $sSw9copyBytes4fromyx_tSlRzs5UInt8V7ElementRtzlF $sSw9copyBytes4fromyx_tSlRzs5UInt8V7ElementRtzlF "" -+//go:cgo_import_dynamic $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF "" -+//go:cgo_import_dynamic $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_SSAHSus6UInt32VtF $ss17_assertionFailure__4file4line5flagss5NeverOs12StaticStringV_SSAHSus6UInt32VtF "" -+//go:cgo_import_dynamic $ss18_fatalErrorMessage__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF $ss18_fatalErrorMessage__4file4line5flagss5NeverOs12StaticStringV_A2HSus6UInt32VtF "" -+//go:cgo_import_dynamic $ss26DefaultStringInterpolationV06appendC0yyxs06CustomB11ConvertibleRzlF $ss26DefaultStringInterpolationV06appendC0yyxs06CustomB11ConvertibleRzlF "" -+//go:cgo_import_dynamic $ss26DefaultStringInterpolationV13appendLiteralyySSF $ss26DefaultStringInterpolationV13appendLiteralyySSF "" -+//go:cgo_import_dynamic $ss26DefaultStringInterpolationV15literalCapacity18interpolationCountABSi_SitcfC $ss26DefaultStringInterpolationV15literalCapacity18interpolationCountABSi_SitcfC "" -+//go:cgo_import_dynamic $ss26_stdlib_isOSVersionAtLeastyBi1_Bw_BwBwtF $ss26_stdlib_isOSVersionAtLeastyBi1_Bw_BwBwtF "" -+//go:cgo_import_dynamic $sytN $sytN "/usr/lib/swift/libswiftCore.dylib" -+//go:cgo_import_dynamic __chkstk_darwin __chkstk_darwin "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic memcpy memcpy "" -+//go:cgo_import_dynamic swift_allocBox swift_allocBox "" -+//go:cgo_import_dynamic swift_beginAccess swift_beginAccess "" -+//go:cgo_import_dynamic swift_bridgeObjectRelease swift_bridgeObjectRelease "" -+//go:cgo_import_dynamic swift_bridgeObjectRetain swift_bridgeObjectRetain "" -+//go:cgo_import_dynamic swift_endAccess swift_endAccess "" -+//go:cgo_import_dynamic swift_errorRelease swift_errorRelease "" -+//go:cgo_import_dynamic swift_getTypeByMangledNameInContext swift_getTypeByMangledNameInContext "" -+//go:cgo_import_dynamic swift_getTypeByMangledNameInContextInMetadataState swift_getTypeByMangledNameInContextInMetadataState "" -+//go:cgo_import_dynamic swift_getWitnessTable swift_getWitnessTable "" -+//go:cgo_import_dynamic swift_release swift_release "" -+//go:cgo_import_dynamic swift_retain swift_retain "" -+//go:cgo_import_dynamic swift_unexpectedError swift_unexpectedError "" -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/abi_amd64.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/abi_amd64.h -new file mode 100644 -index 00000000000000..9949435fe9e0ae ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/abi_amd64.h -@@ -0,0 +1,99 @@ -+// Copyright 2021 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. ++var _mkcgo_RAND_bytes_ex uintptr ++ ++func RAND_bytes_ex(ctx OSSL_LIB_CTX_PTR, buf []byte, strength uint32) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_RAND_bytes_ex, uintptr(ctx), uintptr(unsafe.Pointer(unsafe.SliceData(buf))), uintptr(len(buf)), uintptr(strength), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("RAND_bytes_ex", _err) ++} ++ ++var _mkcgo_RSA_free uintptr ++ ++func RSA_free(arg0 RSA_PTR) { ++ syscallN(0, _mkcgo_RSA_free, uintptr(arg0)) ++} ++ ++var _mkcgo_RSA_get0_crt_params uintptr ++ ++func RSA_get0_crt_params(r RSA_PTR, dmp1 *BIGNUM_PTR, dmq1 *BIGNUM_PTR, iqmp *BIGNUM_PTR) { ++ syscallN(0, _mkcgo_RSA_get0_crt_params, uintptr(r), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(dmp1))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(dmq1))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(iqmp)))) ++} ++ ++var _mkcgo_RSA_get0_factors uintptr ++ ++func RSA_get0_factors(rsa RSA_PTR, p *BIGNUM_PTR, q *BIGNUM_PTR) { ++ syscallN(0, _mkcgo_RSA_get0_factors, uintptr(rsa), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(p))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(q)))) ++} ++ ++var _mkcgo_RSA_get0_key uintptr ++ ++func RSA_get0_key(rsa RSA_PTR, n *BIGNUM_PTR, e *BIGNUM_PTR, d *BIGNUM_PTR) { ++ syscallN(0, _mkcgo_RSA_get0_key, uintptr(rsa), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(n))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(e))), uintptr(mkcgoEscapePtrOssl(unsafe.Pointer(d)))) ++} ++ ++var _mkcgo_RSA_new uintptr ++ ++func RSA_new() (RSA_PTR, error) { ++ var _err uintptr ++ r0, _ := syscallN(1, _mkcgo_RSA_new, uintptr(unsafe.Pointer(&_err))) ++ return RSA_PTR(r0), newMkcgoErr("RSA_new", _err) ++} ++ ++var _mkcgo_RSA_set0_crt_params uintptr ++ ++func RSA_set0_crt_params(rsa RSA_PTR, dmp1 BIGNUM_PTR, dmp2 BIGNUM_PTR, iqmp BIGNUM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_RSA_set0_crt_params, uintptr(rsa), uintptr(dmp1), uintptr(dmp2), uintptr(iqmp), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("RSA_set0_crt_params", _err) ++} ++ ++var _mkcgo_RSA_set0_factors uintptr ++ ++func RSA_set0_factors(rsa RSA_PTR, p BIGNUM_PTR, q BIGNUM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_RSA_set0_factors, uintptr(rsa), uintptr(p), uintptr(q), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("RSA_set0_factors", _err) ++} ++ ++var _mkcgo_RSA_set0_key uintptr ++ ++func RSA_set0_key(r RSA_PTR, n BIGNUM_PTR, e BIGNUM_PTR, d BIGNUM_PTR) (int32, error) { ++ var _err uintptr ++ r0, _ := syscallN(3, _mkcgo_RSA_set0_key, uintptr(r), uintptr(n), uintptr(e), uintptr(d), uintptr(unsafe.Pointer(&_err))) ++ return int32(r0), newMkcgoErr("RSA_set0_key", _err) ++} ++ ++//go:nosplit ++func _mkcgo_error_check(errType, r1, args, n uintptr) { ++ var hasError bool ++ switch errType { ++ case 1: ++ hasError = r1 == 0 ++ case 2: ++ hasError = int32(r1) == -1 ++ case 3: ++ hasError = int32(r1) <= 0 ++ case 4: ++ hasError = int64(r1) <= 0 ++ default: ++ panic("invalid error check type") ++ } ++ if hasError { ++ **(**uintptr)(unsafe.Pointer(args + unsafe.Sizeof(uintptr(0))*n)) = retrieveErrorState() ++ } ++} ++ ++func MkcgoLoad_(handle unsafe.Pointer) { ++ _mkcgo_BIO_ctrl = dlsym(handle, "BIO_ctrl\x00", false) ++ _mkcgo_BIO_free = dlsym(handle, "BIO_free\x00", false) ++ _mkcgo_BIO_new = dlsym(handle, "BIO_new\x00", false) ++ _mkcgo_BIO_s_mem = dlsym(handle, "BIO_s_mem\x00", false) ++ _mkcgo_BN_bin2bn = dlsym(handle, "BN_bin2bn\x00", false) ++ _mkcgo_BN_bn2binpad = dlsym(handle, "BN_bn2binpad\x00", false) ++ _mkcgo_BN_bn2lebinpad = dlsym(handle, "BN_bn2lebinpad\x00", false) ++ _mkcgo_BN_clear = dlsym(handle, "BN_clear\x00", false) ++ _mkcgo_BN_clear_free = dlsym(handle, "BN_clear_free\x00", false) ++ _mkcgo_BN_free = dlsym(handle, "BN_free\x00", false) ++ _mkcgo_BN_lebin2bn = dlsym(handle, "BN_lebin2bn\x00", false) ++ _mkcgo_BN_new = dlsym(handle, "BN_new\x00", false) ++ _mkcgo_BN_num_bits = dlsym(handle, "BN_num_bits\x00", false) ++ _mkcgo_CRYPTO_free = dlsym(handle, "CRYPTO_free\x00", false) ++ _mkcgo_CRYPTO_malloc = dlsym(handle, "CRYPTO_malloc\x00", false) ++ _mkcgo_EC_GROUP_free = dlsym(handle, "EC_GROUP_free\x00", false) ++ _mkcgo_EC_GROUP_new_by_curve_name = dlsym(handle, "EC_GROUP_new_by_curve_name\x00", false) ++ _mkcgo_EC_POINT_free = dlsym(handle, "EC_POINT_free\x00", false) ++ _mkcgo_EC_POINT_mul = dlsym(handle, "EC_POINT_mul\x00", false) ++ _mkcgo_EC_POINT_new = dlsym(handle, "EC_POINT_new\x00", false) ++ _mkcgo_EC_POINT_oct2point = dlsym(handle, "EC_POINT_oct2point\x00", false) ++ _mkcgo_EC_POINT_point2oct = dlsym(handle, "EC_POINT_point2oct\x00", false) ++ _mkcgo_ERR_peek_error = dlsym(handle, "ERR_peek_error\x00", false) ++ _mkcgo_ERR_print_errors = dlsym(handle, "ERR_print_errors\x00", false) ++ _mkcgo_EVP_CIPHER_CTX_ctrl = dlsym(handle, "EVP_CIPHER_CTX_ctrl\x00", false) ++ _mkcgo_EVP_CIPHER_CTX_free = dlsym(handle, "EVP_CIPHER_CTX_free\x00", false) ++ _mkcgo_EVP_CIPHER_CTX_new = dlsym(handle, "EVP_CIPHER_CTX_new\x00", false) ++ _mkcgo_EVP_CIPHER_CTX_set_key_length = dlsym(handle, "EVP_CIPHER_CTX_set_key_length\x00", false) ++ _mkcgo_EVP_CIPHER_CTX_set_padding = dlsym(handle, "EVP_CIPHER_CTX_set_padding\x00", false) ++ _mkcgo_EVP_CipherInit_ex = dlsym(handle, "EVP_CipherInit_ex\x00", false) ++ _mkcgo_EVP_CipherUpdate = dlsym(handle, "EVP_CipherUpdate\x00", false) ++ _mkcgo_EVP_DecryptFinal_ex = dlsym(handle, "EVP_DecryptFinal_ex\x00", false) ++ _mkcgo_EVP_DecryptInit_ex = dlsym(handle, "EVP_DecryptInit_ex\x00", false) ++ _mkcgo_EVP_DecryptUpdate = dlsym(handle, "EVP_DecryptUpdate\x00", false) ++ _mkcgo_EVP_Digest = dlsym(handle, "EVP_Digest\x00", false) ++ _mkcgo_EVP_DigestFinal_ex = dlsym(handle, "EVP_DigestFinal_ex\x00", false) ++ _mkcgo_EVP_DigestInit = dlsym(handle, "EVP_DigestInit\x00", false) ++ _mkcgo_EVP_DigestInit_ex = dlsym(handle, "EVP_DigestInit_ex\x00", false) ++ _mkcgo_EVP_DigestSign = dlsym(handle, "EVP_DigestSign\x00", false) ++ _mkcgo_EVP_DigestSignFinal = dlsym(handle, "EVP_DigestSignFinal\x00", false) ++ _mkcgo_EVP_DigestSignInit = dlsym(handle, "EVP_DigestSignInit\x00", false) ++ _mkcgo_EVP_DigestUpdate = dlsym(handle, "EVP_DigestUpdate\x00", false) ++ _mkcgo_EVP_DigestVerify = dlsym(handle, "EVP_DigestVerify\x00", false) ++ _mkcgo_EVP_DigestVerifyFinal = dlsym(handle, "EVP_DigestVerifyFinal\x00", false) ++ _mkcgo_EVP_DigestVerifyInit = dlsym(handle, "EVP_DigestVerifyInit\x00", false) ++ _mkcgo_EVP_EncryptFinal_ex = dlsym(handle, "EVP_EncryptFinal_ex\x00", false) ++ _mkcgo_EVP_EncryptInit_ex = dlsym(handle, "EVP_EncryptInit_ex\x00", false) ++ _mkcgo_EVP_EncryptUpdate = dlsym(handle, "EVP_EncryptUpdate\x00", false) ++ _mkcgo_EVP_MD_CTX_copy_ex = dlsym(handle, "EVP_MD_CTX_copy_ex\x00", false) ++ _mkcgo_EVP_MD_CTX_ctrl = dlsym(handle, "EVP_MD_CTX_ctrl\x00", false) ++ _mkcgo_EVP_MD_CTX_free = dlsym(handle, "EVP_MD_CTX_free\x00", false) ++ _mkcgo_EVP_MD_CTX_new = dlsym(handle, "EVP_MD_CTX_new\x00", false) ++ _mkcgo_EVP_PKEY_CTX_ctrl = dlsym(handle, "EVP_PKEY_CTX_ctrl\x00", false) ++ _mkcgo_EVP_PKEY_CTX_free = dlsym(handle, "EVP_PKEY_CTX_free\x00", false) ++ _mkcgo_EVP_PKEY_CTX_new = dlsym(handle, "EVP_PKEY_CTX_new\x00", false) ++ _mkcgo_EVP_PKEY_CTX_new_id = dlsym(handle, "EVP_PKEY_CTX_new_id\x00", false) ++ _mkcgo_EVP_PKEY_decrypt = dlsym(handle, "EVP_PKEY_decrypt\x00", false) ++ _mkcgo_EVP_PKEY_decrypt_init = dlsym(handle, "EVP_PKEY_decrypt_init\x00", false) ++ _mkcgo_EVP_PKEY_derive = dlsym(handle, "EVP_PKEY_derive\x00", false) ++ _mkcgo_EVP_PKEY_derive_init = dlsym(handle, "EVP_PKEY_derive_init\x00", false) ++ _mkcgo_EVP_PKEY_derive_set_peer = dlsym(handle, "EVP_PKEY_derive_set_peer\x00", false) ++ _mkcgo_EVP_PKEY_encrypt = dlsym(handle, "EVP_PKEY_encrypt\x00", false) ++ _mkcgo_EVP_PKEY_encrypt_init = dlsym(handle, "EVP_PKEY_encrypt_init\x00", false) ++ _mkcgo_EVP_PKEY_free = dlsym(handle, "EVP_PKEY_free\x00", false) ++ _mkcgo_EVP_PKEY_get_raw_private_key = dlsym(handle, "EVP_PKEY_get_raw_private_key\x00", false) ++ _mkcgo_EVP_PKEY_get_raw_public_key = dlsym(handle, "EVP_PKEY_get_raw_public_key\x00", false) ++ _mkcgo_EVP_PKEY_keygen = dlsym(handle, "EVP_PKEY_keygen\x00", false) ++ _mkcgo_EVP_PKEY_keygen_init = dlsym(handle, "EVP_PKEY_keygen_init\x00", false) ++ _mkcgo_EVP_PKEY_new = dlsym(handle, "EVP_PKEY_new\x00", false) ++ _mkcgo_EVP_PKEY_new_raw_private_key = dlsym(handle, "EVP_PKEY_new_raw_private_key\x00", false) ++ _mkcgo_EVP_PKEY_new_raw_public_key = dlsym(handle, "EVP_PKEY_new_raw_public_key\x00", false) ++ _mkcgo_EVP_PKEY_paramgen = dlsym(handle, "EVP_PKEY_paramgen\x00", false) ++ _mkcgo_EVP_PKEY_paramgen_init = dlsym(handle, "EVP_PKEY_paramgen_init\x00", false) ++ _mkcgo_EVP_PKEY_sign = dlsym(handle, "EVP_PKEY_sign\x00", false) ++ _mkcgo_EVP_PKEY_sign_init = dlsym(handle, "EVP_PKEY_sign_init\x00", false) ++ _mkcgo_EVP_PKEY_up_ref = dlsym(handle, "EVP_PKEY_up_ref\x00", false) ++ _mkcgo_EVP_PKEY_verify = dlsym(handle, "EVP_PKEY_verify\x00", false) ++ _mkcgo_EVP_PKEY_verify_init = dlsym(handle, "EVP_PKEY_verify_init\x00", false) ++ _mkcgo_EVP_aes_128_cbc = dlsym(handle, "EVP_aes_128_cbc\x00", false) ++ _mkcgo_EVP_aes_128_ctr = dlsym(handle, "EVP_aes_128_ctr\x00", false) ++ _mkcgo_EVP_aes_128_ecb = dlsym(handle, "EVP_aes_128_ecb\x00", false) ++ _mkcgo_EVP_aes_128_gcm = dlsym(handle, "EVP_aes_128_gcm\x00", false) ++ _mkcgo_EVP_aes_192_cbc = dlsym(handle, "EVP_aes_192_cbc\x00", false) ++ _mkcgo_EVP_aes_192_ctr = dlsym(handle, "EVP_aes_192_ctr\x00", false) ++ _mkcgo_EVP_aes_192_ecb = dlsym(handle, "EVP_aes_192_ecb\x00", false) ++ _mkcgo_EVP_aes_192_gcm = dlsym(handle, "EVP_aes_192_gcm\x00", false) ++ _mkcgo_EVP_aes_256_cbc = dlsym(handle, "EVP_aes_256_cbc\x00", false) ++ _mkcgo_EVP_aes_256_ctr = dlsym(handle, "EVP_aes_256_ctr\x00", false) ++ _mkcgo_EVP_aes_256_ecb = dlsym(handle, "EVP_aes_256_ecb\x00", false) ++ _mkcgo_EVP_aes_256_gcm = dlsym(handle, "EVP_aes_256_gcm\x00", false) ++ _mkcgo_EVP_chacha20_poly1305 = dlsym(handle, "EVP_chacha20_poly1305\x00", true) ++ _mkcgo_EVP_des_cbc = dlsym(handle, "EVP_des_cbc\x00", false) ++ _mkcgo_EVP_des_ecb = dlsym(handle, "EVP_des_ecb\x00", false) ++ _mkcgo_EVP_des_ede3_cbc = dlsym(handle, "EVP_des_ede3_cbc\x00", false) ++ _mkcgo_EVP_des_ede3_ecb = dlsym(handle, "EVP_des_ede3_ecb\x00", false) ++ _mkcgo_EVP_md4 = dlsym(handle, "EVP_md4\x00", false) ++ _mkcgo_EVP_md5 = dlsym(handle, "EVP_md5\x00", false) ++ _mkcgo_EVP_md5_sha1 = dlsym(handle, "EVP_md5_sha1\x00", false) ++ _mkcgo_EVP_rc4 = dlsym(handle, "EVP_rc4\x00", false) ++ _mkcgo_EVP_ripemd160 = dlsym(handle, "EVP_ripemd160\x00", false) ++ _mkcgo_EVP_sha1 = dlsym(handle, "EVP_sha1\x00", false) ++ _mkcgo_EVP_sha224 = dlsym(handle, "EVP_sha224\x00", false) ++ _mkcgo_EVP_sha256 = dlsym(handle, "EVP_sha256\x00", false) ++ _mkcgo_EVP_sha384 = dlsym(handle, "EVP_sha384\x00", false) ++ _mkcgo_EVP_sha3_224 = dlsym(handle, "EVP_sha3_224\x00", false) ++ _mkcgo_EVP_sha3_256 = dlsym(handle, "EVP_sha3_256\x00", false) ++ _mkcgo_EVP_sha3_384 = dlsym(handle, "EVP_sha3_384\x00", false) ++ _mkcgo_EVP_sha3_512 = dlsym(handle, "EVP_sha3_512\x00", false) ++ _mkcgo_EVP_sha512 = dlsym(handle, "EVP_sha512\x00", false) ++ _mkcgo_EVP_sha512_224 = dlsym(handle, "EVP_sha512_224\x00", false) ++ _mkcgo_EVP_sha512_256 = dlsym(handle, "EVP_sha512_256\x00", false) ++ _mkcgo_OBJ_nid2sn = dlsym(handle, "OBJ_nid2sn\x00", false) ++ _mkcgo_OPENSSL_init = dlsym(handle, "OPENSSL_init\x00", false) ++ _mkcgo_OPENSSL_init_crypto = dlsym(handle, "OPENSSL_init_crypto\x00", false) ++ _mkcgo_OpenSSL_version = dlsym(handle, "OpenSSL_version\x00", false) ++} + -+// Macros for transitioning from the host ABI to Go ABI0. -+// -+// These save the frame pointer, so in general, functions that use -+// these should have zero frame size to suppress the automatic frame -+// pointer, though it's harmless to not do this. ++func MkcgoUnload_() { ++ _mkcgo_BIO_ctrl = 0 ++ _mkcgo_BIO_free = 0 ++ _mkcgo_BIO_new = 0 ++ _mkcgo_BIO_s_mem = 0 ++ _mkcgo_BN_bin2bn = 0 ++ _mkcgo_BN_bn2binpad = 0 ++ _mkcgo_BN_bn2lebinpad = 0 ++ _mkcgo_BN_clear = 0 ++ _mkcgo_BN_clear_free = 0 ++ _mkcgo_BN_free = 0 ++ _mkcgo_BN_lebin2bn = 0 ++ _mkcgo_BN_new = 0 ++ _mkcgo_BN_num_bits = 0 ++ _mkcgo_CRYPTO_free = 0 ++ _mkcgo_CRYPTO_malloc = 0 ++ _mkcgo_EC_GROUP_free = 0 ++ _mkcgo_EC_GROUP_new_by_curve_name = 0 ++ _mkcgo_EC_POINT_free = 0 ++ _mkcgo_EC_POINT_mul = 0 ++ _mkcgo_EC_POINT_new = 0 ++ _mkcgo_EC_POINT_oct2point = 0 ++ _mkcgo_EC_POINT_point2oct = 0 ++ _mkcgo_ERR_peek_error = 0 ++ _mkcgo_ERR_print_errors = 0 ++ _mkcgo_EVP_CIPHER_CTX_ctrl = 0 ++ _mkcgo_EVP_CIPHER_CTX_free = 0 ++ _mkcgo_EVP_CIPHER_CTX_new = 0 ++ _mkcgo_EVP_CIPHER_CTX_set_key_length = 0 ++ _mkcgo_EVP_CIPHER_CTX_set_padding = 0 ++ _mkcgo_EVP_CipherInit_ex = 0 ++ _mkcgo_EVP_CipherUpdate = 0 ++ _mkcgo_EVP_DecryptFinal_ex = 0 ++ _mkcgo_EVP_DecryptInit_ex = 0 ++ _mkcgo_EVP_DecryptUpdate = 0 ++ _mkcgo_EVP_Digest = 0 ++ _mkcgo_EVP_DigestFinal_ex = 0 ++ _mkcgo_EVP_DigestInit = 0 ++ _mkcgo_EVP_DigestInit_ex = 0 ++ _mkcgo_EVP_DigestSign = 0 ++ _mkcgo_EVP_DigestSignFinal = 0 ++ _mkcgo_EVP_DigestSignInit = 0 ++ _mkcgo_EVP_DigestUpdate = 0 ++ _mkcgo_EVP_DigestVerify = 0 ++ _mkcgo_EVP_DigestVerifyFinal = 0 ++ _mkcgo_EVP_DigestVerifyInit = 0 ++ _mkcgo_EVP_EncryptFinal_ex = 0 ++ _mkcgo_EVP_EncryptInit_ex = 0 ++ _mkcgo_EVP_EncryptUpdate = 0 ++ _mkcgo_EVP_MD_CTX_copy_ex = 0 ++ _mkcgo_EVP_MD_CTX_ctrl = 0 ++ _mkcgo_EVP_MD_CTX_free = 0 ++ _mkcgo_EVP_MD_CTX_new = 0 ++ _mkcgo_EVP_PKEY_CTX_ctrl = 0 ++ _mkcgo_EVP_PKEY_CTX_free = 0 ++ _mkcgo_EVP_PKEY_CTX_new = 0 ++ _mkcgo_EVP_PKEY_CTX_new_id = 0 ++ _mkcgo_EVP_PKEY_decrypt = 0 ++ _mkcgo_EVP_PKEY_decrypt_init = 0 ++ _mkcgo_EVP_PKEY_derive = 0 ++ _mkcgo_EVP_PKEY_derive_init = 0 ++ _mkcgo_EVP_PKEY_derive_set_peer = 0 ++ _mkcgo_EVP_PKEY_encrypt = 0 ++ _mkcgo_EVP_PKEY_encrypt_init = 0 ++ _mkcgo_EVP_PKEY_free = 0 ++ _mkcgo_EVP_PKEY_get_raw_private_key = 0 ++ _mkcgo_EVP_PKEY_get_raw_public_key = 0 ++ _mkcgo_EVP_PKEY_keygen = 0 ++ _mkcgo_EVP_PKEY_keygen_init = 0 ++ _mkcgo_EVP_PKEY_new = 0 ++ _mkcgo_EVP_PKEY_new_raw_private_key = 0 ++ _mkcgo_EVP_PKEY_new_raw_public_key = 0 ++ _mkcgo_EVP_PKEY_paramgen = 0 ++ _mkcgo_EVP_PKEY_paramgen_init = 0 ++ _mkcgo_EVP_PKEY_sign = 0 ++ _mkcgo_EVP_PKEY_sign_init = 0 ++ _mkcgo_EVP_PKEY_up_ref = 0 ++ _mkcgo_EVP_PKEY_verify = 0 ++ _mkcgo_EVP_PKEY_verify_init = 0 ++ _mkcgo_EVP_aes_128_cbc = 0 ++ _mkcgo_EVP_aes_128_ctr = 0 ++ _mkcgo_EVP_aes_128_ecb = 0 ++ _mkcgo_EVP_aes_128_gcm = 0 ++ _mkcgo_EVP_aes_192_cbc = 0 ++ _mkcgo_EVP_aes_192_ctr = 0 ++ _mkcgo_EVP_aes_192_ecb = 0 ++ _mkcgo_EVP_aes_192_gcm = 0 ++ _mkcgo_EVP_aes_256_cbc = 0 ++ _mkcgo_EVP_aes_256_ctr = 0 ++ _mkcgo_EVP_aes_256_ecb = 0 ++ _mkcgo_EVP_aes_256_gcm = 0 ++ _mkcgo_EVP_chacha20_poly1305 = 0 ++ _mkcgo_EVP_des_cbc = 0 ++ _mkcgo_EVP_des_ecb = 0 ++ _mkcgo_EVP_des_ede3_cbc = 0 ++ _mkcgo_EVP_des_ede3_ecb = 0 ++ _mkcgo_EVP_md4 = 0 ++ _mkcgo_EVP_md5 = 0 ++ _mkcgo_EVP_md5_sha1 = 0 ++ _mkcgo_EVP_rc4 = 0 ++ _mkcgo_EVP_ripemd160 = 0 ++ _mkcgo_EVP_sha1 = 0 ++ _mkcgo_EVP_sha224 = 0 ++ _mkcgo_EVP_sha256 = 0 ++ _mkcgo_EVP_sha384 = 0 ++ _mkcgo_EVP_sha3_224 = 0 ++ _mkcgo_EVP_sha3_256 = 0 ++ _mkcgo_EVP_sha3_384 = 0 ++ _mkcgo_EVP_sha3_512 = 0 ++ _mkcgo_EVP_sha512 = 0 ++ _mkcgo_EVP_sha512_224 = 0 ++ _mkcgo_EVP_sha512_256 = 0 ++ _mkcgo_OBJ_nid2sn = 0 ++ _mkcgo_OPENSSL_init = 0 ++ _mkcgo_OPENSSL_init_crypto = 0 ++ _mkcgo_OpenSSL_version = 0 ++} + -+#ifdef GOOS_windows ++func MkcgoLoad_3(handle unsafe.Pointer) { ++ _mkcgo_EC_POINT_set_affine_coordinates = dlsym(handle, "EC_POINT_set_affine_coordinates\x00", false) ++ _mkcgo_EVP_CIPHER_fetch = dlsym(handle, "EVP_CIPHER_fetch\x00", false) ++ _mkcgo_EVP_CIPHER_get0_name = dlsym(handle, "EVP_CIPHER_get0_name\x00", false) ++ _mkcgo_EVP_CIPHER_get_block_size = dlsym(handle, "EVP_CIPHER_get_block_size\x00", false) ++ _mkcgo_EVP_KDF_CTX_free = dlsym(handle, "EVP_KDF_CTX_free\x00", false) ++ _mkcgo_EVP_KDF_CTX_get_kdf_size = dlsym(handle, "EVP_KDF_CTX_get_kdf_size\x00", false) ++ _mkcgo_EVP_KDF_CTX_new = dlsym(handle, "EVP_KDF_CTX_new\x00", false) ++ _mkcgo_EVP_KDF_CTX_set_params = dlsym(handle, "EVP_KDF_CTX_set_params\x00", false) ++ _mkcgo_EVP_KDF_derive = dlsym(handle, "EVP_KDF_derive\x00", false) ++ _mkcgo_EVP_KDF_fetch = dlsym(handle, "EVP_KDF_fetch\x00", false) ++ _mkcgo_EVP_KDF_free = dlsym(handle, "EVP_KDF_free\x00", false) ++ _mkcgo_EVP_KEYMGMT_fetch = dlsym(handle, "EVP_KEYMGMT_fetch\x00", true) ++ _mkcgo_EVP_KEYMGMT_free = dlsym(handle, "EVP_KEYMGMT_free\x00", false) ++ _mkcgo_EVP_MAC_CTX_dup = dlsym(handle, "EVP_MAC_CTX_dup\x00", false) ++ _mkcgo_EVP_MAC_CTX_free = dlsym(handle, "EVP_MAC_CTX_free\x00", false) ++ _mkcgo_EVP_MAC_CTX_new = dlsym(handle, "EVP_MAC_CTX_new\x00", false) ++ _mkcgo_EVP_MAC_CTX_set_params = dlsym(handle, "EVP_MAC_CTX_set_params\x00", false) ++ _mkcgo_EVP_MAC_fetch = dlsym(handle, "EVP_MAC_fetch\x00", false) ++ _mkcgo_EVP_MAC_final = dlsym(handle, "EVP_MAC_final\x00", false) ++ _mkcgo_EVP_MAC_init = dlsym(handle, "EVP_MAC_init\x00", false) ++ _mkcgo_EVP_MAC_update = dlsym(handle, "EVP_MAC_update\x00", false) ++ _mkcgo_EVP_MD_CTX_get_params = dlsym(handle, "EVP_MD_CTX_get_params\x00", false) ++ _mkcgo_EVP_MD_CTX_gettable_params = dlsym(handle, "EVP_MD_CTX_gettable_params\x00", false) ++ _mkcgo_EVP_MD_CTX_set_params = dlsym(handle, "EVP_MD_CTX_set_params\x00", false) ++ _mkcgo_EVP_MD_CTX_settable_params = dlsym(handle, "EVP_MD_CTX_settable_params\x00", false) ++ _mkcgo_EVP_MD_fetch = dlsym(handle, "EVP_MD_fetch\x00", false) ++ _mkcgo_EVP_MD_free = dlsym(handle, "EVP_MD_free\x00", false) ++ _mkcgo_EVP_MD_get0_name = dlsym(handle, "EVP_MD_get0_name\x00", false) ++ _mkcgo_EVP_MD_get0_provider = dlsym(handle, "EVP_MD_get0_provider\x00", false) ++ _mkcgo_EVP_MD_get_block_size = dlsym(handle, "EVP_MD_get_block_size\x00", false) ++ _mkcgo_EVP_MD_get_size = dlsym(handle, "EVP_MD_get_size\x00", false) ++ _mkcgo_EVP_MD_get_type = dlsym(handle, "EVP_MD_get_type\x00", false) ++ _mkcgo_EVP_PKEY_CTX_add1_hkdf_info = dlsym(handle, "EVP_PKEY_CTX_add1_hkdf_info\x00", false) ++ _mkcgo_EVP_PKEY_CTX_new_from_pkey = dlsym(handle, "EVP_PKEY_CTX_new_from_pkey\x00", false) ++ _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label = dlsym(handle, "EVP_PKEY_CTX_set0_rsa_oaep_label\x00", false) ++ _mkcgo_EVP_PKEY_CTX_set1_hkdf_key = dlsym(handle, "EVP_PKEY_CTX_set1_hkdf_key\x00", false) ++ _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt = dlsym(handle, "EVP_PKEY_CTX_set1_hkdf_salt\x00", false) ++ _mkcgo_EVP_PKEY_CTX_set_hkdf_md = dlsym(handle, "EVP_PKEY_CTX_set_hkdf_md\x00", false) ++ _mkcgo_EVP_PKEY_CTX_set_hkdf_mode = dlsym(handle, "EVP_PKEY_CTX_set_hkdf_mode\x00", false) ++ _mkcgo_EVP_PKEY_CTX_set_params = dlsym(handle, "EVP_PKEY_CTX_set_params\x00", false) ++ _mkcgo_EVP_PKEY_Q_keygen = dlsym(handle, "EVP_PKEY_Q_keygen\x00", false) ++ _mkcgo_EVP_PKEY_decapsulate = dlsym(handle, "EVP_PKEY_decapsulate\x00", false) ++ _mkcgo_EVP_PKEY_decapsulate_init = dlsym(handle, "EVP_PKEY_decapsulate_init\x00", false) ++ _mkcgo_EVP_PKEY_encapsulate = dlsym(handle, "EVP_PKEY_encapsulate\x00", false) ++ _mkcgo_EVP_PKEY_encapsulate_init = dlsym(handle, "EVP_PKEY_encapsulate_init\x00", false) ++ _mkcgo_EVP_PKEY_fromdata = dlsym(handle, "EVP_PKEY_fromdata\x00", false) ++ _mkcgo_EVP_PKEY_fromdata_init = dlsym(handle, "EVP_PKEY_fromdata_init\x00", false) ++ _mkcgo_EVP_PKEY_get1_encoded_public_key = dlsym(handle, "EVP_PKEY_get1_encoded_public_key\x00", false) ++ _mkcgo_EVP_PKEY_get_bits = dlsym(handle, "EVP_PKEY_get_bits\x00", false) ++ _mkcgo_EVP_PKEY_get_bn_param = dlsym(handle, "EVP_PKEY_get_bn_param\x00", false) ++ _mkcgo_EVP_PKEY_get_octet_string_param = dlsym(handle, "EVP_PKEY_get_octet_string_param\x00", false) ++ _mkcgo_EVP_PKEY_get_size = dlsym(handle, "EVP_PKEY_get_size\x00", false) ++ _mkcgo_EVP_PKEY_private_check = dlsym(handle, "EVP_PKEY_private_check\x00", false) ++ _mkcgo_EVP_PKEY_public_check_quick = dlsym(handle, "EVP_PKEY_public_check_quick\x00", false) ++ _mkcgo_EVP_PKEY_set1_encoded_public_key = dlsym(handle, "EVP_PKEY_set1_encoded_public_key\x00", false) ++ _mkcgo_EVP_SIGNATURE_fetch = dlsym(handle, "EVP_SIGNATURE_fetch\x00", false) ++ _mkcgo_EVP_SIGNATURE_free = dlsym(handle, "EVP_SIGNATURE_free\x00", false) ++ _mkcgo_EVP_default_properties_enable_fips = dlsym(handle, "EVP_default_properties_enable_fips\x00", false) ++ _mkcgo_EVP_default_properties_is_fips_enabled = dlsym(handle, "EVP_default_properties_is_fips_enabled\x00", false) ++ _mkcgo_OSSL_PARAM_BLD_free = dlsym(handle, "OSSL_PARAM_BLD_free\x00", false) ++ _mkcgo_OSSL_PARAM_BLD_new = dlsym(handle, "OSSL_PARAM_BLD_new\x00", false) ++ _mkcgo_OSSL_PARAM_BLD_push_BN = dlsym(handle, "OSSL_PARAM_BLD_push_BN\x00", false) ++ _mkcgo_OSSL_PARAM_BLD_push_int32 = dlsym(handle, "OSSL_PARAM_BLD_push_int32\x00", false) ++ _mkcgo_OSSL_PARAM_BLD_push_octet_string = dlsym(handle, "OSSL_PARAM_BLD_push_octet_string\x00", false) ++ _mkcgo_OSSL_PARAM_BLD_push_utf8_string = dlsym(handle, "OSSL_PARAM_BLD_push_utf8_string\x00", false) ++ _mkcgo_OSSL_PARAM_BLD_to_param = dlsym(handle, "OSSL_PARAM_BLD_to_param\x00", false) ++ _mkcgo_OSSL_PARAM_free = dlsym(handle, "OSSL_PARAM_free\x00", false) ++ _mkcgo_OSSL_PARAM_locate_const = dlsym(handle, "OSSL_PARAM_locate_const\x00", false) ++ _mkcgo_OSSL_PROVIDER_available = dlsym(handle, "OSSL_PROVIDER_available\x00", false) ++ _mkcgo_OSSL_PROVIDER_get0_name = dlsym(handle, "OSSL_PROVIDER_get0_name\x00", false) ++ _mkcgo_OSSL_PROVIDER_try_load = dlsym(handle, "OSSL_PROVIDER_try_load\x00", false) ++ _mkcgo_RAND_bytes_ex = dlsym(handle, "RAND_bytes_ex\x00", false) ++} + -+// REGS_HOST_TO_ABI0_STACK is the stack bytes used by -+// PUSH_REGS_HOST_TO_ABI0. -+#define REGS_HOST_TO_ABI0_STACK (28*8 + 8) ++func MkcgoUnload_3() { ++ _mkcgo_EC_POINT_set_affine_coordinates = 0 ++ _mkcgo_EVP_CIPHER_fetch = 0 ++ _mkcgo_EVP_CIPHER_get0_name = 0 ++ _mkcgo_EVP_CIPHER_get_block_size = 0 ++ _mkcgo_EVP_KDF_CTX_free = 0 ++ _mkcgo_EVP_KDF_CTX_get_kdf_size = 0 ++ _mkcgo_EVP_KDF_CTX_new = 0 ++ _mkcgo_EVP_KDF_CTX_set_params = 0 ++ _mkcgo_EVP_KDF_derive = 0 ++ _mkcgo_EVP_KDF_fetch = 0 ++ _mkcgo_EVP_KDF_free = 0 ++ _mkcgo_EVP_KEYMGMT_fetch = 0 ++ _mkcgo_EVP_KEYMGMT_free = 0 ++ _mkcgo_EVP_MAC_CTX_dup = 0 ++ _mkcgo_EVP_MAC_CTX_free = 0 ++ _mkcgo_EVP_MAC_CTX_new = 0 ++ _mkcgo_EVP_MAC_CTX_set_params = 0 ++ _mkcgo_EVP_MAC_fetch = 0 ++ _mkcgo_EVP_MAC_final = 0 ++ _mkcgo_EVP_MAC_init = 0 ++ _mkcgo_EVP_MAC_update = 0 ++ _mkcgo_EVP_MD_CTX_get_params = 0 ++ _mkcgo_EVP_MD_CTX_gettable_params = 0 ++ _mkcgo_EVP_MD_CTX_set_params = 0 ++ _mkcgo_EVP_MD_CTX_settable_params = 0 ++ _mkcgo_EVP_MD_fetch = 0 ++ _mkcgo_EVP_MD_free = 0 ++ _mkcgo_EVP_MD_get0_name = 0 ++ _mkcgo_EVP_MD_get0_provider = 0 ++ _mkcgo_EVP_MD_get_block_size = 0 ++ _mkcgo_EVP_MD_get_size = 0 ++ _mkcgo_EVP_MD_get_type = 0 ++ _mkcgo_EVP_PKEY_CTX_add1_hkdf_info = 0 ++ _mkcgo_EVP_PKEY_CTX_new_from_pkey = 0 ++ _mkcgo_EVP_PKEY_CTX_set0_rsa_oaep_label = 0 ++ _mkcgo_EVP_PKEY_CTX_set1_hkdf_key = 0 ++ _mkcgo_EVP_PKEY_CTX_set1_hkdf_salt = 0 ++ _mkcgo_EVP_PKEY_CTX_set_hkdf_md = 0 ++ _mkcgo_EVP_PKEY_CTX_set_hkdf_mode = 0 ++ _mkcgo_EVP_PKEY_CTX_set_params = 0 ++ _mkcgo_EVP_PKEY_Q_keygen = 0 ++ _mkcgo_EVP_PKEY_decapsulate = 0 ++ _mkcgo_EVP_PKEY_decapsulate_init = 0 ++ _mkcgo_EVP_PKEY_encapsulate = 0 ++ _mkcgo_EVP_PKEY_encapsulate_init = 0 ++ _mkcgo_EVP_PKEY_fromdata = 0 ++ _mkcgo_EVP_PKEY_fromdata_init = 0 ++ _mkcgo_EVP_PKEY_get1_encoded_public_key = 0 ++ _mkcgo_EVP_PKEY_get_bits = 0 ++ _mkcgo_EVP_PKEY_get_bn_param = 0 ++ _mkcgo_EVP_PKEY_get_octet_string_param = 0 ++ _mkcgo_EVP_PKEY_get_size = 0 ++ _mkcgo_EVP_PKEY_private_check = 0 ++ _mkcgo_EVP_PKEY_public_check_quick = 0 ++ _mkcgo_EVP_PKEY_set1_encoded_public_key = 0 ++ _mkcgo_EVP_SIGNATURE_fetch = 0 ++ _mkcgo_EVP_SIGNATURE_free = 0 ++ _mkcgo_EVP_default_properties_enable_fips = 0 ++ _mkcgo_EVP_default_properties_is_fips_enabled = 0 ++ _mkcgo_OSSL_PARAM_BLD_free = 0 ++ _mkcgo_OSSL_PARAM_BLD_new = 0 ++ _mkcgo_OSSL_PARAM_BLD_push_BN = 0 ++ _mkcgo_OSSL_PARAM_BLD_push_int32 = 0 ++ _mkcgo_OSSL_PARAM_BLD_push_octet_string = 0 ++ _mkcgo_OSSL_PARAM_BLD_push_utf8_string = 0 ++ _mkcgo_OSSL_PARAM_BLD_to_param = 0 ++ _mkcgo_OSSL_PARAM_free = 0 ++ _mkcgo_OSSL_PARAM_locate_const = 0 ++ _mkcgo_OSSL_PROVIDER_available = 0 ++ _mkcgo_OSSL_PROVIDER_get0_name = 0 ++ _mkcgo_OSSL_PROVIDER_try_load = 0 ++ _mkcgo_RAND_bytes_ex = 0 ++} + -+// PUSH_REGS_HOST_TO_ABI0 prepares for transitioning from -+// the host ABI to Go ABI0 code. It saves all registers that are -+// callee-save in the host ABI and caller-save in Go ABI0 and prepares -+// for entry to Go. -+// -+// Save DI SI BP BX R12 R13 R14 R15 X6-X15 registers and the DF flag. -+// Clear the DF flag for the Go ABI. -+// MXCSR matches the Go ABI, so we don't have to set that, -+// and Go doesn't modify it, so we don't have to save it. -+#define PUSH_REGS_HOST_TO_ABI0() \ -+ PUSHFQ \ -+ CLD \ -+ ADJSP $(REGS_HOST_TO_ABI0_STACK - 8) \ -+ MOVQ DI, (0*0)(SP) \ -+ MOVQ SI, (1*8)(SP) \ -+ MOVQ BP, (2*8)(SP) \ -+ MOVQ BX, (3*8)(SP) \ -+ MOVQ R12, (4*8)(SP) \ -+ MOVQ R13, (5*8)(SP) \ -+ MOVQ R14, (6*8)(SP) \ -+ MOVQ R15, (7*8)(SP) \ -+ MOVUPS X6, (8*8)(SP) \ -+ MOVUPS X7, (10*8)(SP) \ -+ MOVUPS X8, (12*8)(SP) \ -+ MOVUPS X9, (14*8)(SP) \ -+ MOVUPS X10, (16*8)(SP) \ -+ MOVUPS X11, (18*8)(SP) \ -+ MOVUPS X12, (20*8)(SP) \ -+ MOVUPS X13, (22*8)(SP) \ -+ MOVUPS X14, (24*8)(SP) \ -+ MOVUPS X15, (26*8)(SP) ++func MkcgoLoad_33(handle unsafe.Pointer) { ++ _mkcgo_EVP_DigestFinalXOF = dlsym(handle, "EVP_DigestFinalXOF\x00", false) ++ _mkcgo_EVP_DigestSqueeze = dlsym(handle, "EVP_DigestSqueeze\x00", true) ++} + -+#define POP_REGS_HOST_TO_ABI0() \ -+ MOVQ (0*0)(SP), DI \ -+ MOVQ (1*8)(SP), SI \ -+ MOVQ (2*8)(SP), BP \ -+ MOVQ (3*8)(SP), BX \ -+ MOVQ (4*8)(SP), R12 \ -+ MOVQ (5*8)(SP), R13 \ -+ MOVQ (6*8)(SP), R14 \ -+ MOVQ (7*8)(SP), R15 \ -+ MOVUPS (8*8)(SP), X6 \ -+ MOVUPS (10*8)(SP), X7 \ -+ MOVUPS (12*8)(SP), X8 \ -+ MOVUPS (14*8)(SP), X9 \ -+ MOVUPS (16*8)(SP), X10 \ -+ MOVUPS (18*8)(SP), X11 \ -+ MOVUPS (20*8)(SP), X12 \ -+ MOVUPS (22*8)(SP), X13 \ -+ MOVUPS (24*8)(SP), X14 \ -+ MOVUPS (26*8)(SP), X15 \ -+ ADJSP $-(REGS_HOST_TO_ABI0_STACK - 8) \ -+ POPFQ ++func MkcgoUnload_33() { ++ _mkcgo_EVP_DigestFinalXOF = 0 ++ _mkcgo_EVP_DigestSqueeze = 0 ++} + -+#else -+// SysV ABI ++func MkcgoLoad_init_1(handle unsafe.Pointer) { ++ _mkcgo_FIPS_mode = dlsym(handle, "FIPS_mode\x00", false) ++ _mkcgo_FIPS_mode_set = dlsym(handle, "FIPS_mode_set\x00", false) ++} + -+#define REGS_HOST_TO_ABI0_STACK (6*8) ++func MkcgoUnload_init_1() { ++ _mkcgo_FIPS_mode = 0 ++ _mkcgo_FIPS_mode_set = 0 ++} + -+// SysV MXCSR matches the Go ABI, so we don't have to set that, -+// and Go doesn't modify it, so we don't have to save it. -+// Both SysV and Go require DF to be cleared, so that's already clear. -+// The SysV and Go frame pointer conventions are compatible. -+#define PUSH_REGS_HOST_TO_ABI0() \ -+ ADJSP $(REGS_HOST_TO_ABI0_STACK) \ -+ MOVQ BP, (5*8)(SP) \ -+ LEAQ (5*8)(SP), BP \ -+ MOVQ BX, (0*8)(SP) \ -+ MOVQ R12, (1*8)(SP) \ -+ MOVQ R13, (2*8)(SP) \ -+ MOVQ R14, (3*8)(SP) \ -+ MOVQ R15, (4*8)(SP) ++func MkcgoLoad_init_3(handle unsafe.Pointer) { ++ _mkcgo_BIO_ctrl = dlsym(handle, "BIO_ctrl\x00", false) ++ _mkcgo_BIO_free = dlsym(handle, "BIO_free\x00", false) ++ _mkcgo_BIO_new = dlsym(handle, "BIO_new\x00", false) ++ _mkcgo_BIO_s_mem = dlsym(handle, "BIO_s_mem\x00", false) ++ _mkcgo_ERR_print_errors = dlsym(handle, "ERR_print_errors\x00", false) ++ _mkcgo_EVP_MD_fetch = dlsym(handle, "EVP_MD_fetch\x00", false) ++ _mkcgo_EVP_MD_free = dlsym(handle, "EVP_MD_free\x00", false) ++ _mkcgo_EVP_MD_get0_provider = dlsym(handle, "EVP_MD_get0_provider\x00", false) ++ _mkcgo_EVP_default_properties_is_fips_enabled = dlsym(handle, "EVP_default_properties_is_fips_enabled\x00", false) ++} + -+#define POP_REGS_HOST_TO_ABI0() \ -+ MOVQ (0*8)(SP), BX \ -+ MOVQ (1*8)(SP), R12 \ -+ MOVQ (2*8)(SP), R13 \ -+ MOVQ (3*8)(SP), R14 \ -+ MOVQ (4*8)(SP), R15 \ -+ MOVQ (5*8)(SP), BP \ -+ ADJSP $-(REGS_HOST_TO_ABI0_STACK) ++func MkcgoUnload_init_3() { ++ _mkcgo_BIO_ctrl = 0 ++ _mkcgo_BIO_free = 0 ++ _mkcgo_BIO_new = 0 ++ _mkcgo_BIO_s_mem = 0 ++ _mkcgo_ERR_print_errors = 0 ++ _mkcgo_EVP_MD_fetch = 0 ++ _mkcgo_EVP_MD_free = 0 ++ _mkcgo_EVP_MD_get0_provider = 0 ++ _mkcgo_EVP_default_properties_is_fips_enabled = 0 ++} + -+#endif -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/abi_arm64.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/abi_arm64.h -new file mode 100644 -index 00000000000000..5d5061ec1dbf8c ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/abi_arm64.h -@@ -0,0 +1,39 @@ -+// Copyright 2021 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. ++func MkcgoLoad_legacy_1(handle unsafe.Pointer) { ++ _mkcgo_DSA_free = dlsym(handle, "DSA_free\x00", false) ++ _mkcgo_DSA_generate_key = dlsym(handle, "DSA_generate_key\x00", false) ++ _mkcgo_DSA_get0_key = dlsym(handle, "DSA_get0_key\x00", false) ++ _mkcgo_DSA_get0_pqg = dlsym(handle, "DSA_get0_pqg\x00", false) ++ _mkcgo_DSA_new = dlsym(handle, "DSA_new\x00", false) ++ _mkcgo_DSA_set0_key = dlsym(handle, "DSA_set0_key\x00", false) ++ _mkcgo_DSA_set0_pqg = dlsym(handle, "DSA_set0_pqg\x00", false) ++ _mkcgo_EC_KEY_check_key = dlsym(handle, "EC_KEY_check_key\x00", false) ++ _mkcgo_EC_KEY_free = dlsym(handle, "EC_KEY_free\x00", false) ++ _mkcgo_EC_KEY_get0_group = dlsym(handle, "EC_KEY_get0_group\x00", false) ++ _mkcgo_EC_KEY_get0_private_key = dlsym(handle, "EC_KEY_get0_private_key\x00", false) ++ _mkcgo_EC_KEY_get0_public_key = dlsym(handle, "EC_KEY_get0_public_key\x00", false) ++ _mkcgo_EC_KEY_new_by_curve_name = dlsym(handle, "EC_KEY_new_by_curve_name\x00", false) ++ _mkcgo_EC_KEY_set_private_key = dlsym(handle, "EC_KEY_set_private_key\x00", false) ++ _mkcgo_EC_KEY_set_public_key = dlsym(handle, "EC_KEY_set_public_key\x00", false) ++ _mkcgo_EC_KEY_set_public_key_affine_coordinates = dlsym(handle, "EC_KEY_set_public_key_affine_coordinates\x00", false) ++ _mkcgo_EC_POINT_get_affine_coordinates_GFp = dlsym(handle, "EC_POINT_get_affine_coordinates_GFp\x00", false) ++ _mkcgo_EVP_CIPHER_get_block_size = dlsym(handle, "EVP_CIPHER_block_size\x00", false) ++ _mkcgo_EVP_MD_get_block_size = dlsym(handle, "EVP_MD_block_size\x00", false) ++ _mkcgo_EVP_MD_get_size = dlsym(handle, "EVP_MD_size\x00", false) ++ _mkcgo_EVP_PKEY_assign = dlsym(handle, "EVP_PKEY_assign\x00", false) ++ _mkcgo_EVP_PKEY_get0_DSA = dlsym(handle, "EVP_PKEY_get0_DSA\x00", false) ++ _mkcgo_EVP_PKEY_get0_EC_KEY = dlsym(handle, "EVP_PKEY_get0_EC_KEY\x00", false) ++ _mkcgo_EVP_PKEY_get1_RSA = dlsym(handle, "EVP_PKEY_get1_RSA\x00", false) ++ _mkcgo_EVP_PKEY_get_bits = dlsym(handle, "EVP_PKEY_bits\x00", false) ++ _mkcgo_EVP_PKEY_get_size = dlsym(handle, "EVP_PKEY_size\x00", false) ++ _mkcgo_EVP_PKEY_set1_EC_KEY = dlsym(handle, "EVP_PKEY_set1_EC_KEY\x00", false) ++ _mkcgo_FIPS_mode = dlsym(handle, "FIPS_mode\x00", false) ++ _mkcgo_FIPS_mode_set = dlsym(handle, "FIPS_mode_set\x00", false) ++ _mkcgo_HMAC_CTX_copy = dlsym(handle, "HMAC_CTX_copy\x00", false) ++ _mkcgo_HMAC_CTX_free = dlsym(handle, "HMAC_CTX_free\x00", false) ++ _mkcgo_HMAC_CTX_new = dlsym(handle, "HMAC_CTX_new\x00", false) ++ _mkcgo_HMAC_Final = dlsym(handle, "HMAC_Final\x00", false) ++ _mkcgo_HMAC_Init_ex = dlsym(handle, "HMAC_Init_ex\x00", false) ++ _mkcgo_HMAC_Update = dlsym(handle, "HMAC_Update\x00", false) ++ _mkcgo_PKCS5_PBKDF2_HMAC = dlsym(handle, "PKCS5_PBKDF2_HMAC\x00", false) ++ _mkcgo_RAND_bytes = dlsym(handle, "RAND_bytes\x00", false) ++ _mkcgo_RSA_free = dlsym(handle, "RSA_free\x00", false) ++ _mkcgo_RSA_get0_crt_params = dlsym(handle, "RSA_get0_crt_params\x00", false) ++ _mkcgo_RSA_get0_factors = dlsym(handle, "RSA_get0_factors\x00", false) ++ _mkcgo_RSA_get0_key = dlsym(handle, "RSA_get0_key\x00", false) ++ _mkcgo_RSA_new = dlsym(handle, "RSA_new\x00", false) ++ _mkcgo_RSA_set0_crt_params = dlsym(handle, "RSA_set0_crt_params\x00", false) ++ _mkcgo_RSA_set0_factors = dlsym(handle, "RSA_set0_factors\x00", false) ++ _mkcgo_RSA_set0_key = dlsym(handle, "RSA_set0_key\x00", false) ++} + -+// Macros for transitioning from the host ABI to Go ABI0. -+// -+// These macros save and restore the callee-saved registers -+// from the stack, but they don't adjust stack pointer, so -+// the user should prepare stack space in advance. -+// SAVE_R19_TO_R28(offset) saves R19 ~ R28 to the stack space -+// of ((offset)+0*8)(RSP) ~ ((offset)+9*8)(RSP). -+// -+// SAVE_F8_TO_F15(offset) saves F8 ~ F15 to the stack space -+// of ((offset)+0*8)(RSP) ~ ((offset)+7*8)(RSP). -+// -+// R29 is not saved because Go will save and restore it. ++func MkcgoUnload_legacy_1() { ++ _mkcgo_DSA_free = 0 ++ _mkcgo_DSA_generate_key = 0 ++ _mkcgo_DSA_get0_key = 0 ++ _mkcgo_DSA_get0_pqg = 0 ++ _mkcgo_DSA_new = 0 ++ _mkcgo_DSA_set0_key = 0 ++ _mkcgo_DSA_set0_pqg = 0 ++ _mkcgo_EC_KEY_check_key = 0 ++ _mkcgo_EC_KEY_free = 0 ++ _mkcgo_EC_KEY_get0_group = 0 ++ _mkcgo_EC_KEY_get0_private_key = 0 ++ _mkcgo_EC_KEY_get0_public_key = 0 ++ _mkcgo_EC_KEY_new_by_curve_name = 0 ++ _mkcgo_EC_KEY_set_private_key = 0 ++ _mkcgo_EC_KEY_set_public_key = 0 ++ _mkcgo_EC_KEY_set_public_key_affine_coordinates = 0 ++ _mkcgo_EC_POINT_get_affine_coordinates_GFp = 0 ++ _mkcgo_EVP_CIPHER_get_block_size = 0 ++ _mkcgo_EVP_MD_get_block_size = 0 ++ _mkcgo_EVP_MD_get_size = 0 ++ _mkcgo_EVP_PKEY_assign = 0 ++ _mkcgo_EVP_PKEY_get0_DSA = 0 ++ _mkcgo_EVP_PKEY_get0_EC_KEY = 0 ++ _mkcgo_EVP_PKEY_get1_RSA = 0 ++ _mkcgo_EVP_PKEY_get_bits = 0 ++ _mkcgo_EVP_PKEY_get_size = 0 ++ _mkcgo_EVP_PKEY_set1_EC_KEY = 0 ++ _mkcgo_FIPS_mode = 0 ++ _mkcgo_FIPS_mode_set = 0 ++ _mkcgo_HMAC_CTX_copy = 0 ++ _mkcgo_HMAC_CTX_free = 0 ++ _mkcgo_HMAC_CTX_new = 0 ++ _mkcgo_HMAC_Final = 0 ++ _mkcgo_HMAC_Init_ex = 0 ++ _mkcgo_HMAC_Update = 0 ++ _mkcgo_PKCS5_PBKDF2_HMAC = 0 ++ _mkcgo_RAND_bytes = 0 ++ _mkcgo_RSA_free = 0 ++ _mkcgo_RSA_get0_crt_params = 0 ++ _mkcgo_RSA_get0_factors = 0 ++ _mkcgo_RSA_get0_key = 0 ++ _mkcgo_RSA_new = 0 ++ _mkcgo_RSA_set0_crt_params = 0 ++ _mkcgo_RSA_set0_factors = 0 ++ _mkcgo_RSA_set0_key = 0 ++} ++ ++func MkcgoLoad_version(handle unsafe.Pointer) { ++ _mkcgo_OPENSSL_version_major = dlsym(handle, "OPENSSL_version_major\x00", true) ++ _mkcgo_OPENSSL_version_minor = dlsym(handle, "OPENSSL_version_minor\x00", true) ++ _mkcgo_OPENSSL_version_patch = dlsym(handle, "OPENSSL_version_patch\x00", true) ++ _mkcgo_OpenSSL_version_num = dlsym(handle, "OpenSSL_version_num\x00", true) ++} + -+#define SAVE_R19_TO_R28(offset) \ -+ STP (R19, R20), ((offset)+0*8)(RSP) \ -+ STP (R21, R22), ((offset)+2*8)(RSP) \ -+ STP (R23, R24), ((offset)+4*8)(RSP) \ -+ STP (R25, R26), ((offset)+6*8)(RSP) \ -+ STP (R27, g), ((offset)+8*8)(RSP) -+#define RESTORE_R19_TO_R28(offset) \ -+ LDP ((offset)+0*8)(RSP), (R19, R20) \ -+ LDP ((offset)+2*8)(RSP), (R21, R22) \ -+ LDP ((offset)+4*8)(RSP), (R23, R24) \ -+ LDP ((offset)+6*8)(RSP), (R25, R26) \ -+ LDP ((offset)+8*8)(RSP), (R27, g) /* R28 */ -+#define SAVE_F8_TO_F15(offset) \ -+ FSTPD (F8, F9), ((offset)+0*8)(RSP) \ -+ FSTPD (F10, F11), ((offset)+2*8)(RSP) \ -+ FSTPD (F12, F13), ((offset)+4*8)(RSP) \ -+ FSTPD (F14, F15), ((offset)+6*8)(RSP) -+#define RESTORE_F8_TO_F15(offset) \ -+ FLDPD ((offset)+0*8)(RSP), (F8, F9) \ -+ FLDPD ((offset)+2*8)(RSP), (F10, F11) \ -+ FLDPD ((offset)+4*8)(RSP), (F12, F13) \ -+ FLDPD ((offset)+6*8)(RSP), (F14, F15) -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/asm_amd64.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/asm_amd64.s ++func MkcgoUnload_version() { ++ _mkcgo_OPENSSL_version_major = 0 ++ _mkcgo_OPENSSL_version_minor = 0 ++ _mkcgo_OPENSSL_version_patch = 0 ++ _mkcgo_OpenSSL_version_num = 0 ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/aes.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/aes.go new file mode 100644 -index 00000000000000..2b7eb57f8ae783 +index 00000000000000..e487d1f1688cb7 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/asm_amd64.s -@@ -0,0 +1,39 @@ -+// Copyright 2009 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+#include "textflag.h" -+#include "abi_amd64.h" -+ -+// Called by C code generated by cmd/cgo. -+// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) -+// Saves C callee-saved registers and calls cgocallback with three arguments. -+// fn is the PC of a func(a unsafe.Pointer) function. -+// This signature is known to SWIG, so we can't change it. -+TEXT crosscall2(SB), NOSPLIT, $0-0 -+ PUSH_REGS_HOST_TO_ABI0() ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/aes.go +@@ -0,0 +1,158 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+ // Make room for arguments to cgocallback. -+ ADJSP $0x18 ++package openssl + -+#ifndef GOOS_windows -+ MOVQ DI, 0x0(SP) // fn -+ MOVQ SI, 0x8(SP) // arg ++import ( ++ "crypto/cipher" ++ "errors" ++) + -+ // Skip n in DX. -+ MOVQ CX, 0x10(SP) // ctxt ++//go:generate go run github.com/microsoft/go-crypto-openssl/cmd/genaesmodes -in aes.go -modes CBC,CTR,GCM -out zaes.go ++//go:generate go run github.com/microsoft/go-crypto-openssl/cmd/gentestvectors -out vectors_test.go + -+#else -+ MOVQ CX, 0x0(SP) // fn -+ MOVQ DX, 0x8(SP) // arg ++// Steps to support a new AES mode, e.g. `FOO`: ++// 1. Add `FOO` to the list of modes in the `genaesmodes` command. ++// 2. Run `go generate` to update the generated code. ++// 3. Implement the necessary interfaces for the new struct, which will be named `cipherWithFOO`. + -+ // Skip n in R8. -+ MOVQ R9, 0x10(SP) // ctxt ++// NewAESCipher creates and returns a new AES cipher.Block. ++// The key argument should be the AES key, either 16, 24, or 32 bytes to select ++// AES-128, AES-192, or AES-256. ++// The returned cipher.Block implements the CBC, CTR, and/or GCM modes if ++// the underlying OpenSSL library supports them. ++func NewAESCipher(key []byte) (cipher.Block, error) { ++ var kind cipherKind ++ switch len(key) * 8 { ++ case 128: ++ kind = cipherAES128 ++ case 192: ++ kind = cipherAES192 ++ case 256: ++ kind = cipherAES256 ++ default: ++ return nil, errors.New("crypto/aes: invalid key size") ++ } ++ c, err := newEVPCipher(key, kind) ++ if err != nil { ++ return nil, err ++ } ++ return newAESBlock(c, kind), nil ++} + -+#endif ++// NewGCMTLS returns a GCM cipher specific to TLS ++// and should not be used for non-TLS purposes. ++func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { ++ if c, ok := c.(interface { ++ NewGCMTLS() (cipher.AEAD, error) ++ }); ok { ++ return c.NewGCMTLS() ++ } ++ return nil, errors.New("GCM not supported") ++} + -+ CALL runtime·cgocallback(SB) ++// NewGCMTLS13 returns a GCM cipher specific to TLS 1.3 and should not be used ++// for non-TLS purposes. ++func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { ++ if c, ok := c.(interface { ++ NewGCMTLS13() (cipher.AEAD, error) ++ }); ok { ++ return c.NewGCMTLS13() ++ } ++ return nil, errors.New("GCM not supported") ++} + -+ ADJSP $-0x18 -+ POP_REGS_HOST_TO_ABI0() -+ RET -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/asm_arm64.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/asm_arm64.s -new file mode 100644 -index 00000000000000..50e5261d922c56 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/asm_arm64.s -@@ -0,0 +1,36 @@ -+// Copyright 2015 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. ++// aesCipher implements the cipher.Block interface. ++type aesCipher struct { ++ cipher *evpCipher ++} + -+#include "textflag.h" -+#include "abi_arm64.h" ++func (c aesCipher) BlockSize() int { ++ return c.cipher.blockSize ++} + -+// Called by C code generated by cmd/cgo. -+// func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr) -+// Saves C callee-saved registers and calls cgocallback with three arguments. -+// fn is the PC of a func(a unsafe.Pointer) function. -+TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0 -+/* -+ * We still need to save all callee save register as before, and then -+ * push 3 args for fn (R0, R1, R3), skipping R2. -+ * Also note that at procedure entry in gc world, 8(RSP) will be the -+ * first arg. -+ */ -+ SUB $(8*24), RSP -+ STP (R0, R1), (8*1)(RSP) -+ MOVD R3, (8*3)(RSP) ++func (c aesCipher) Encrypt(dst, src []byte) { ++ if err := c.cipher.encrypt(dst, src); err != nil { ++ // crypto/aes expects that the panic message starts with "crypto/aes: ". ++ panic("crypto/aes: " + err.Error()) ++ } ++} + -+ SAVE_R19_TO_R28(8*4) -+ SAVE_F8_TO_F15(8*14) -+ STP (R29, R30), (8*22)(RSP) ++func (c aesCipher) Decrypt(dst, src []byte) { ++ if err := c.cipher.decrypt(dst, src); err != nil { ++ // crypto/aes expects that the panic message starts with "crypto/aes: ". ++ panic("crypto/aes: " + err.Error()) ++ } ++} + -+ // Initialize Go ABI environment -+ BL runtime·load_g(SB) -+ BL runtime·cgocallback(SB) ++// Implement optional interfaces for AES modes. + -+ RESTORE_R19_TO_R28(8*4) -+ RESTORE_F8_TO_F15(8*14) -+ LDP (8*22)(RSP), (R29, R30) ++func (c cipherWithCBC) NewCBCEncrypter(iv []byte) cipher.BlockMode { ++ return c.cipher.newCBC(iv, cipherOpEncrypt) ++} + -+ ADD $(8*24), RSP -+ RET -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/callbacks.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/callbacks.go -new file mode 100644 -index 00000000000000..e48722128a09d7 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/callbacks.go -@@ -0,0 +1,93 @@ -+// Copyright 2011 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. ++func (c cipherWithCBC) NewFIPSCBCEncrypter(iv []byte) cipher.BlockMode { ++ return c.cipher.newCBC(iv, cipherOpEncrypt) ++} + -+//go:build !cgo && darwin ++func (c cipherWithCBC) NewCBCDecrypter(iv []byte) cipher.BlockMode { ++ return c.cipher.newCBC(iv, cipherOpDecrypt) ++} + -+package fakecgo ++func (c cipherWithCBC) NewFIPSCBCDecrypter(iv []byte) cipher.BlockMode { ++ return c.cipher.newCBC(iv, cipherOpDecrypt) ++} + -+import ( -+ _ "unsafe" -+) ++func (c cipherWithCTR) NewCTR(iv []byte) cipher.Stream { ++ return c.cipher.newCTR(iv) ++} + -+// TODO: decide if we need _runtime_cgo_panic_internal ++func (c cipherWithCTR) NewFIPSCTR(iv []byte) cipher.Stream { ++ return c.cipher.newCTR(iv) ++} + -+//go:linkname x_cgo_init_trampoline x_cgo_init_trampoline -+//go:linkname _cgo_init _cgo_init -+var x_cgo_init_trampoline byte -+var _cgo_init = &x_cgo_init_trampoline ++func (c cipherWithGCM) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) { ++ return c.cipher.newGCMChecked(nonceSize, tagSize) ++} + -+// Creates a new system thread without updating any Go state. -+// -+// This method is invoked during shared library loading to create a new OS -+// thread to perform the runtime initialization. This method is similar to -+// _cgo_sys_thread_start except that it doesn't update any Go state. ++func (c cipherWithGCM) NewGCMTLS() (cipher.AEAD, error) { ++ return c.cipher.newGCM(cipherGCMTLS12) ++} + -+//go:linkname x_cgo_thread_start_trampoline x_cgo_thread_start_trampoline -+//go:linkname _cgo_thread_start _cgo_thread_start -+var x_cgo_thread_start_trampoline byte -+var _cgo_thread_start = &x_cgo_thread_start_trampoline ++func (c cipherWithGCM) NewGCMTLS13() (cipher.AEAD, error) { ++ return c.cipher.newGCM(cipherGCMTLS13) ++} + -+// Notifies that the runtime has been initialized. -+// -+// We currently block at every CGO entry point (via _cgo_wait_runtime_init_done) -+// to ensure that the runtime has been initialized before the CGO call is -+// executed. This is necessary for shared libraries where we kickoff runtime -+// initialization in a separate thread and return without waiting for this -+// thread to complete the init. ++// The following interfaces have been copied out of crypto/aes/modes.go. + -+//go:linkname x_cgo_notify_runtime_init_done_trampoline x_cgo_notify_runtime_init_done_trampoline -+//go:linkname _cgo_notify_runtime_init_done _cgo_notify_runtime_init_done -+var x_cgo_notify_runtime_init_done_trampoline byte -+var _cgo_notify_runtime_init_done = &x_cgo_notify_runtime_init_done_trampoline ++type gcmAble interface { ++ NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) ++} + -+// Indicates whether a dummy thread key has been created or not. -+// -+// When calling go exported function from C, we register a destructor -+// callback, for a dummy thread key, by using pthread_key_create. ++type cbcEncAble interface { ++ NewCBCEncrypter(iv []byte) cipher.BlockMode ++} + -+//go:linkname _cgo_pthread_key_created _cgo_pthread_key_created -+var x_cgo_pthread_key_created uintptr -+var _cgo_pthread_key_created = &x_cgo_pthread_key_created ++type cbcDecAble interface { ++ NewCBCDecrypter(iv []byte) cipher.BlockMode ++} + -+// Set the x_crosscall2_ptr C function pointer variable point to crosscall2. -+// It's for the runtime package to call at init time. -+func set_crosscall2() { -+ // nothing needs to be done here for fakecgo -+ // because it's possible to just call cgocallback directly ++type ctrAble interface { ++ NewCTR(iv []byte) cipher.Stream +} + -+//go:linkname _set_crosscall2 runtime.set_crosscall2 -+var _set_crosscall2 = set_crosscall2 ++// Test that the interfaces are implemented. + -+// Store the g into the thread-specific value. -+// So that pthread_key_destructor will dropm when the thread is exiting. ++var ( ++ _ cipher.Block = (*aesCipher)(nil) + -+//go:linkname x_cgo_bindm_trampoline x_cgo_bindm_trampoline -+//go:linkname _cgo_bindm _cgo_bindm -+var x_cgo_bindm_trampoline byte -+var _cgo_bindm = &x_cgo_bindm_trampoline ++ _ cipher.Block = (*cipherWithCBC)(nil) ++ _ cbcEncAble = (*cipherWithCBC)(nil) ++ _ cbcDecAble = (*cipherWithCBC)(nil) + -+// TODO: decide if we need x_cgo_set_context_function -+// TODO: decide if we need _cgo_yield ++ _ cipher.Block = (*cipherWithCTR)(nil) ++ _ ctrAble = (*cipherWithCTR)(nil) + -+var ( -+ // In Go 1.20 the race detector was rewritten to pure Go -+ // on darwin. This means that when CGO_ENABLED=0 is set -+ // fakecgo is built with race detector code. This is not -+ // good since this code is pretending to be C. The go:norace -+ // pragma is not enough, since it only applies to the native -+ // ABIInternal function. The ABIO wrapper (which is necessary, -+ // since all references to text symbols from assembly will use it) -+ // does not inherit the go:norace pragma, so it will still be -+ // instrumented by the race detector. -+ // -+ // To circumvent this issue, using closure calls in the -+ // assembly, which forces the compiler to use the ABIInternal -+ // native implementation (which has go:norace) instead. -+ threadentry_call = threadentry -+ x_cgo_init_call = x_cgo_init -+ x_cgo_setenv_call = x_cgo_setenv -+ x_cgo_unsetenv_call = x_cgo_unsetenv -+ x_cgo_thread_start_call = x_cgo_thread_start ++ _ cipher.Block = (*cipherWithGCM)(nil) ++ _ gcmAble = (*cipherWithGCM)(nil) +) -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/fakecgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/fakecgo.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/big.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/big.go new file mode 100644 -index 00000000000000..b631396bd2ffe7 +index 00000000000000..a5d005176e63f9 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/fakecgo.go ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/big.go @@ -0,0 +1,14 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2025 The Ebitengine Authors -+ -+//go:build !cgo && darwin -+ -+package fakecgo ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+import _ "unsafe" ++package openssl + -+// setg_trampoline calls setg with the G provided -+func setg_trampoline(setg uintptr, G uintptr) ++// This file does not have build constraints to ++// facilitate using BigInt in Go crypto. ++// Go crypto references BigInt unconditionally, ++// even if it is not finally used. + -+// call5 takes fn the C function and 5 arguments and calls the function with those arguments -+func call5(fn, a1, a2, a3, a4, a5 uintptr) uintptr -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/fakecgo.lock b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/fakecgo.lock -new file mode 100644 -index 00000000000000..9b0650d53777bd ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/fakecgo.lock -@@ -0,0 +1,3 @@ -+{ -+ "commit_hash": "5110604b3385278be6887d0feead513a1bfe7a82" -+} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/generate.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/generate.go ++// A BigInt is the raw words from a BigInt. ++// This definition allows us to avoid importing math/big. ++// Conversion between BigInt and *big.Int is in openssl/bbig. ++type BigInt []uint +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/chacha20poly1305.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/chacha20poly1305.go new file mode 100644 -index 00000000000000..88c4cdf9ec04cc +index 00000000000000..410829738931c7 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/generate.go -@@ -0,0 +1,6 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/chacha20poly1305.go +@@ -0,0 +1,152 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+package fakecgo -+ -+//go:generate go run update_tool.go -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_darwin.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_darwin.go -new file mode 100644 -index 00000000000000..d0868f0f790351 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_darwin.go -@@ -0,0 +1,88 @@ -+// Copyright 2011 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo -+ -+package fakecgo ++package openssl + -+import "unsafe" ++import ( ++ "crypto/cipher" ++ "errors" ++ "runtime" ++ "sync" ++ "unsafe" + -+//go:nosplit -+//go:norace -+func _cgo_sys_thread_start(ts *ThreadStart) { -+ var attr pthread_attr_t -+ var ign, oset sigset_t -+ var p pthread_t -+ var size size_t -+ var err int ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+ sigfillset(&ign) -+ pthread_sigmask(SIG_SETMASK, &ign, &oset) ++const ( ++ chacha20Poly1305KeySize = 32 ++ chacha20Poly1305NonceSize = 12 ++ chacha20Poly1305Overhead = 16 ++) + -+ size = pthread_get_stacksize_np(pthread_self()) -+ pthread_attr_init(&attr) -+ pthread_attr_setstacksize(&attr, size) -+ // Leave stacklo=0 and set stackhi=size; mstart will do the rest. -+ ts.g.stackhi = uintptr(size) ++var supportsChaCha20Poly1305 = sync.OnceValue(func() bool { ++ return loadCipher(cipherChaCha20Poly1305, cipherModeNone) != nil ++}) + -+ err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts) ++func SupportsChaCha20Poly1305() bool { ++ return supportsChaCha20Poly1305() ++} + -+ pthread_sigmask(SIG_SETMASK, &oset, nil) ++type chacha20poly1305 struct { ++ key [chacha20Poly1305KeySize]byte ++} + -+ if err != 0 { -+ print("fakecgo: pthread_create failed: ") -+ println(err) -+ abort() ++// NewChaCha20Poly1305 returns a ChaCha20-Poly1305 AEAD that uses the given 256-bit key. ++func NewChaCha20Poly1305(key []byte) (cipher.AEAD, error) { ++ if len(key) != chacha20Poly1305KeySize { ++ return nil, errors.New("chacha20poly1305: bad key length") + } ++ ret := new(chacha20poly1305) ++ copy(ret.key[:], key) ++ return ret, nil +} + -+// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function -+// -+//go:linkname x_threadentry_trampoline threadentry_trampoline -+var x_threadentry_trampoline byte -+var threadentry_trampolineABI0 = &x_threadentry_trampoline -+ -+//go:nosplit -+//go:norace -+func threadentry(v unsafe.Pointer) unsafe.Pointer { -+ ts := *(*ThreadStart)(v) -+ free(v) -+ -+ // TODO: support ios -+ //#if TARGET_OS_IPHONE -+ // darwin_arm_init_thread_exception_port(); -+ //#endif -+ setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g))) -+ -+ // faking funcs in go is a bit a... involved - but the following works :) -+ fn := uintptr(unsafe.Pointer(&ts.fn)) -+ (*(*func())(unsafe.Pointer(&fn)))() -+ -+ return nil ++func (c *chacha20poly1305) NonceSize() int { ++ return chacha20Poly1305NonceSize +} + -+// here we will store a pointer to the provided setg func -+var setg_func uintptr -+ -+// x_cgo_init(G *g, void (*setg)(void*)) (runtime/cgo/gcc_linux_amd64.c) -+// This get's called during startup, adjusts stacklo, and provides a pointer to setg_gcc for us -+// Additionally, if we set _cgo_init to non-null, go won't do it's own TLS setup -+// This function can't be go:systemstack since go is not in a state where the systemcheck would work. -+// -+//go:nosplit -+//go:norace -+func x_cgo_init(g *G, setg uintptr) { -+ var size size_t ++func (c *chacha20poly1305) Overhead() int { ++ return chacha20Poly1305Overhead ++} + -+ setg_func = setg -+ size = pthread_get_stacksize_np(pthread_self()) -+ g.stacklo = uintptr(unsafe.Add(unsafe.Pointer(&size), -size+4096)) ++func (c *chacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte { ++ if len(nonce) != chacha20Poly1305NonceSize { ++ panic("chacha20poly1305: bad nonce length passed to Seal") ++ } ++ if uint64(len(plaintext)) > (1<<38)-64 { ++ panic("chacha20poly1305: plaintext too large") ++ } ++ ret, out := sliceForAppend(dst, len(plaintext)+chacha20Poly1305Overhead) ++ if inexactOverlap(out, plaintext) { ++ panic("chacha20poly1305: invalid buffer overlap of output and input") ++ } ++ if anyOverlap(out, additionalData) { ++ panic("chacha20poly1305: invalid buffer overlap of output and additional data") ++ } ++ ctx, err := newCipherCtx(cipherChaCha20Poly1305, cipherModeNone, cipherOpEncrypt, c.key[:], nil) ++ if err != nil { ++ panic(err) ++ } ++ defer ossl.EVP_CIPHER_CTX_free(ctx) ++ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_AEAD_SET_IVLEN, int32(len(nonce)), nil); err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_EncryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { ++ panic(err) ++ } ++ if len(additionalData) > 0 { ++ var discard int32 ++ if _, err := ossl.EVP_EncryptUpdate(ctx, nil, &discard, additionalData); err != nil { ++ panic(err) ++ } ++ } ++ var outl int32 ++ if len(plaintext) > 0 { ++ if _, err := ossl.EVP_EncryptUpdate(ctx, out, &outl, plaintext); err != nil { ++ panic(err) ++ } ++ } ++ var discard int32 ++ if _, err := ossl.EVP_EncryptFinal_ex(ctx, out[outl:], &discard); err != nil { ++ panic(err) ++ } ++ tag := out[len(out)-chacha20Poly1305Overhead:] ++ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_AEAD_GET_TAG, 16, unsafe.Pointer(base(tag))); err != nil { ++ panic(err) ++ } ++ runtime.KeepAlive(c) ++ return ret ++} + -+ //TODO: support ios -+ //#if TARGET_OS_IPHONE -+ // darwin_arm_init_mach_exception_handler(); -+ // darwin_arm_init_thread_exception_port(); -+ // init_working_dir(); -+ //#endif ++func (c *chacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { ++ if len(nonce) != chacha20Poly1305NonceSize { ++ panic("chacha20poly1305: bad nonce length passed to Open") ++ } ++ if len(ciphertext) < 16 { ++ return nil, errOpen ++ } ++ if uint64(len(ciphertext)) > (1<<38)-48 { ++ panic("chacha20poly1305: ciphertext too large") ++ } ++ tag := ciphertext[len(ciphertext)-chacha20Poly1305Overhead:] ++ ciphertext = ciphertext[:len(ciphertext)-chacha20Poly1305Overhead] ++ ret, out := sliceForAppend(dst, len(ciphertext)) ++ if inexactOverlap(out, ciphertext) { ++ panic("chacha20poly1305: invalid buffer overlap of output and input") ++ } ++ if anyOverlap(out, additionalData) { ++ panic("chacha20poly1305: invalid buffer overlap of output and additional data") ++ } ++ ctx, err := newCipherCtx(cipherChaCha20Poly1305, cipherModeNone, cipherOpDecrypt, c.key[:], nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_CIPHER_CTX_free(ctx) ++ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_AEAD_SET_IVLEN, int32(len(nonce)), nil); err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_AEAD_SET_TAG, 16, unsafe.Pointer(base(tag))); err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EVP_DecryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { ++ return nil, err ++ } ++ if len(additionalData) > 0 { ++ var discard int32 ++ if _, err := ossl.EVP_DecryptUpdate(ctx, nil, &discard, additionalData); err != nil { ++ return nil, err ++ } ++ } ++ var outl int32 ++ if len(ciphertext) > 0 { ++ if _, err := ossl.EVP_DecryptUpdate(ctx, out, &outl, ciphertext); err != nil { ++ return nil, err ++ } ++ } ++ var discard int32 ++ if _, err := ossl.EVP_DecryptFinal_ex(ctx, out[outl:], &discard); err != nil { ++ return nil, errOpen ++ } ++ runtime.KeepAlive(c) ++ return ret[:len(dst)+len(ciphertext)], nil +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_libinit.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_libinit.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/cipher.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/cipher.go new file mode 100644 -index 00000000000000..f6fa2328af41bc +index 00000000000000..24615432053f01 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_libinit.go -@@ -0,0 +1,72 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo && darwin ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/cipher.go +@@ -0,0 +1,666 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+package fakecgo ++package openssl + +import ( -+ "syscall" ++ "crypto/cipher" ++ "errors" ++ "runtime" ++ "strconv" ++ "sync" + "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+var ( -+ pthread_g pthread_key_t ++type cipherKind int8 + -+ runtime_init_cond = PTHREAD_COND_INITIALIZER -+ runtime_init_mu = PTHREAD_MUTEX_INITIALIZER -+ runtime_init_done int ++const ( ++ cipherAES128 cipherKind = iota ++ cipherAES192 ++ cipherAES256 ++ cipherDES ++ cipherDES3 ++ cipherRC4 ++ cipherChaCha20Poly1305 +) + -+//go:nosplit -+//go:norace -+func x_cgo_notify_runtime_init_done() { -+ pthread_mutex_lock(&runtime_init_mu) -+ runtime_init_done = 1 -+ pthread_cond_broadcast(&runtime_init_cond) -+ pthread_mutex_unlock(&runtime_init_mu) ++func (c cipherKind) String() string { ++ switch c { ++ case cipherAES128: ++ return "AES-128" ++ case cipherAES192: ++ return "AES-192" ++ case cipherAES256: ++ return "AES-256" ++ case cipherDES: ++ return "DES" ++ case cipherDES3: ++ return "DES3" ++ case cipherRC4: ++ return "RC4" ++ case cipherChaCha20Poly1305: ++ return "ChaCha20-Poly1305" ++ default: ++ panic("unknown cipher kind: " + strconv.Itoa(int(c))) ++ } +} + -+// Store the g into a thread-specific value associated with the pthread key pthread_g. -+// And pthread_key_destructor will dropm when the thread is exiting. -+// -+//go:norace -+func x_cgo_bindm(g unsafe.Pointer) { -+ // We assume this will always succeed, otherwise, there might be extra M leaking, -+ // when a C thread exits after a cgo call. -+ // We only invoke this function once per thread in runtime.needAndBindM, -+ // and the next calls just reuse the bound m. -+ pthread_setspecific(pthread_g, g) -+} ++type cipherMode int8 + -+// _cgo_try_pthread_create retries pthread_create if it fails with -+// EAGAIN. ++const ( ++ cipherModeNone cipherMode = -1 ++ cipherModeECB cipherMode = iota ++ cipherModeCBC ++ cipherModeCTR ++ cipherModeGCM ++) ++ ++// cipherOp is the allowed operations for a cipher, ++// as documented in [EVP_CipherInit_ex]. +// -+//go:nosplit -+//go:norace -+func _cgo_try_pthread_create(thread *pthread_t, attr *pthread_attr_t, pfn unsafe.Pointer, arg *ThreadStart) int { -+ var ts syscall.Timespec -+ // tries needs to be the same type as syscall.Timespec.Nsec -+ // but the fields are int32 on 32bit and int64 on 64bit. -+ // tries is assigned to syscall.Timespec.Nsec in order to match its type. -+ tries := ts.Nsec -+ var err int ++// [EVP_CipherInit_ex]: https://www.openssl.org/docs/man3.0/man3/EVP_CipherInit_ex.html ++type cipherOp int8 + -+ for tries = 0; tries < 20; tries++ { -+ // inlined this call because it ran out of stack when inlining was disabled -+ err = int(call5(pthread_createABI0, uintptr(unsafe.Pointer(thread)), uintptr(unsafe.Pointer(attr)), uintptr(pfn), uintptr(unsafe.Pointer(arg)), 0)) -+ if err == 0 { -+ // inlined this call because it ran out of stack when inlining was disabled -+ call5(pthread_detachABI0, uintptr(*thread), 0, 0, 0, 0) -+ return 0 ++const ( ++ cipherOpNone cipherOp = -1 // leaves the value of the previous call, if any. ++ cipherOpDecrypt cipherOp = 0 ++ cipherOpEncrypt cipherOp = 1 ++) ++ ++// cacheCipher is a cache of cipherKind to GO_EVP_CIPHER_PTR. ++var cacheCipher sync.Map ++ ++type cacheCipherKey struct { ++ kind cipherKind ++ mode cipherMode ++} ++ ++// loadCipher returns a cipher object for the given k. ++func loadCipher(k cipherKind, mode cipherMode) (cipher ossl.EVP_CIPHER_PTR) { ++ if v, ok := cacheCipher.Load(cacheCipherKey{k, mode}); ok { ++ return v.(ossl.EVP_CIPHER_PTR) ++ } ++ defer func() { ++ if cipher != nil { ++ switch major() { ++ case 3, 4: ++ // On OpenSSL 3, directly operating on a EVP_CIPHER object ++ // not created by EVP_CIPHER has negative performance ++ // implications, as cipher operations will have ++ // to fetch it on every call. Better to just fetch it once here. ++ cipher, _ = ossl.EVP_CIPHER_fetch(nil, ossl.EVP_CIPHER_get0_name(cipher), nil) ++ } + } -+ if err != int(syscall.EAGAIN) { -+ return err ++ cacheCipher.Store(cacheCipherKey{k, mode}, cipher) ++ }() ++ switch k { ++ case cipherAES128: ++ switch mode { ++ case cipherModeECB: ++ cipher = ossl.EVP_aes_128_ecb() ++ case cipherModeCBC: ++ cipher = ossl.EVP_aes_128_cbc() ++ case cipherModeCTR: ++ cipher = ossl.EVP_aes_128_ctr() ++ case cipherModeGCM: ++ cipher = ossl.EVP_aes_128_gcm() ++ } ++ case cipherAES192: ++ switch mode { ++ case cipherModeECB: ++ cipher = ossl.EVP_aes_192_ecb() ++ case cipherModeCBC: ++ cipher = ossl.EVP_aes_192_cbc() ++ case cipherModeCTR: ++ cipher = ossl.EVP_aes_192_ctr() ++ case cipherModeGCM: ++ cipher = ossl.EVP_aes_192_gcm() ++ } ++ case cipherAES256: ++ switch mode { ++ case cipherModeECB: ++ cipher = ossl.EVP_aes_256_ecb() ++ case cipherModeCBC: ++ cipher = ossl.EVP_aes_256_cbc() ++ case cipherModeCTR: ++ cipher = ossl.EVP_aes_256_ctr() ++ case cipherModeGCM: ++ cipher = ossl.EVP_aes_256_gcm() ++ } ++ case cipherDES: ++ switch mode { ++ case cipherModeECB: ++ cipher = ossl.EVP_des_ecb() ++ case cipherModeCBC: ++ cipher = ossl.EVP_des_cbc() ++ } ++ case cipherDES3: ++ switch mode { ++ case cipherModeECB: ++ cipher = ossl.EVP_des_ede3_ecb() ++ case cipherModeCBC: ++ cipher = ossl.EVP_des_ede3_cbc() ++ } ++ case cipherRC4: ++ cipher = ossl.EVP_rc4() ++ case cipherChaCha20Poly1305: ++ if ossl.EVP_chacha20_poly1305_Available() { ++ cipher = ossl.EVP_chacha20_poly1305() + } -+ ts.Sec = 0 -+ ts.Nsec = (tries + 1) * 1000 * 1000 // Milliseconds. -+ // inlined this call because it ran out of stack when inlining was disabled -+ call5(nanosleepABI0, uintptr(unsafe.Pointer(&ts)), 0, 0, 0, 0) + } -+ return int(syscall.EAGAIN) ++ return cipher +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_setenv.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_setenv.go -new file mode 100644 -index 00000000000000..a79441edffbcb9 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_setenv.go -@@ -0,0 +1,18 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo && darwin + -+package fakecgo ++type evpCipher struct { ++ key []byte ++ kind cipherKind ++ blockSize int ++} + -+//go:nosplit -+//go:norace -+func x_cgo_setenv(arg *[2]*byte) { -+ setenv(arg[0], arg[1], 1) ++func newEVPCipher(key []byte, kind cipherKind) (*evpCipher, error) { ++ cipher := loadCipher(kind, cipherModeECB) ++ if cipher == nil { ++ return nil, errors.New("crypto/cipher: unsupported cipher: " + kind.String()) ++ } ++ c := &evpCipher{key: make([]byte, len(key)), kind: kind} ++ copy(c.key, key) ++ c.blockSize = int(ossl.EVP_CIPHER_get_block_size(cipher)) ++ return c, nil +} + -+//go:nosplit -+//go:norace -+func x_cgo_unsetenv(arg *[1]*byte) { -+ unsetenv(arg[0]) ++func (c *evpCipher) encrypt(dst, src []byte) error { ++ if len(src) < c.blockSize { ++ return errors.New("input not full block") ++ } ++ if len(dst) < c.blockSize { ++ return errors.New("output not full block") ++ } ++ // Only check for overlap between the parts of src and dst that will actually be used. ++ // This matches Go standard library behavior. ++ if inexactOverlap(dst[:c.blockSize], src[:c.blockSize]) { ++ return errors.New("invalid buffer overlap") ++ } ++ enc_ctx, err := newCipherCtx(c.kind, cipherModeECB, cipherOpEncrypt, c.key, nil) ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_CIPHER_CTX_free(enc_ctx) ++ ++ var outl int32 ++ if _, err := ossl.EVP_EncryptUpdate(enc_ctx, dst[:c.blockSize], &outl, src[:c.blockSize]); err != nil { ++ return err ++ } ++ runtime.KeepAlive(c) ++ return nil +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_util.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_util.go -new file mode 100644 -index 00000000000000..1d59e7f6b628d1 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/go_util.go -@@ -0,0 +1,38 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors + -+//go:build !cgo && darwin ++func (c *evpCipher) decrypt(dst, src []byte) error { ++ if len(src) < c.blockSize { ++ return errors.New("input not full block") ++ } ++ if len(dst) < c.blockSize { ++ return errors.New("output not full block") ++ } ++ // Only check for overlap between the parts of src and dst that will actually be used. ++ // This matches Go standard library behavior. ++ if inexactOverlap(dst[:c.blockSize], src[:c.blockSize]) { ++ return errors.New("invalid buffer overlap") ++ } ++ dec_ctx, err := newCipherCtx(c.kind, cipherModeECB, cipherOpDecrypt, c.key, nil) ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_CIPHER_CTX_free(dec_ctx) + -+package fakecgo ++ if _, err := ossl.EVP_CIPHER_CTX_set_padding(dec_ctx, 0); err != nil { ++ return err ++ } + -+import "unsafe" ++ var outl int32 ++ ossl.EVP_DecryptUpdate(dec_ctx, dst[:c.blockSize], &outl, src[:c.blockSize]) ++ runtime.KeepAlive(c) ++ return nil ++} + -+// _cgo_thread_start is split into three parts in cgo since only one part is system dependent (keep it here for easier handling) ++type cipherCBC struct { ++ ctx ossl.EVP_CIPHER_CTX_PTR ++ blockSize int ++} + -+// _cgo_thread_start(ThreadStart *arg) (runtime/cgo/gcc_util.c) -+// This get's called instead of the go code for creating new threads -+// -> pthread_* stuff is used, so threads are setup correctly for C -+// If this is missing, TLS is only setup correctly on thread 1! -+// This function should be go:systemstack instead of go:nosplit (but that requires runtime) -+// -+//go:nosplit -+//go:norace -+func x_cgo_thread_start(arg *ThreadStart) { -+ var ts *ThreadStart -+ // Make our own copy that can persist after we return. -+ // _cgo_tsan_acquire(); -+ ts = (*ThreadStart)(malloc(unsafe.Sizeof(*ts))) -+ // _cgo_tsan_release(); -+ if ts == nil { -+ println("fakecgo: out of memory in thread_start") -+ abort() ++func (c *cipherCBC) finalize() { ++ ossl.EVP_CIPHER_CTX_free(c.ctx) ++} ++ ++func (x *cipherCBC) BlockSize() int { return x.blockSize } ++ ++func (x *cipherCBC) CryptBlocks(dst, src []byte) { ++ if inexactOverlap(dst, src) { ++ panic("crypto/cipher: invalid buffer overlap") + } -+ // *ts = *arg would cause a writebarrier so copy using slices -+ const ptrSize = unsafe.Sizeof(uintptr(0)) -+ s1 := unsafe.Slice((*uintptr)(unsafe.Pointer(ts)), unsafe.Sizeof(*ts)/ptrSize) -+ s2 := unsafe.Slice((*uintptr)(unsafe.Pointer(arg)), unsafe.Sizeof(*arg)/ptrSize) -+ for i := range s2 { -+ s1[i] = s2[i] ++ if len(src)%x.blockSize != 0 { ++ panic("crypto/cipher: input not full blocks") ++ } ++ if len(dst) < len(src) { ++ panic("crypto/cipher: output smaller than input") ++ } ++ if len(src) > 0 { ++ var outl int32 ++ if _, err := ossl.EVP_CipherUpdate(x.ctx, dst, &outl, src); err != nil { ++ panic("crypto/cipher: " + err.Error()) ++ } ++ runtime.KeepAlive(x) + } -+ _cgo_sys_thread_start(ts) // OS-dependent half +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/iscgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/iscgo.go -new file mode 100644 -index 00000000000000..76f7ef6dc58c7c ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/iscgo.go -@@ -0,0 +1,19 @@ -+// Copyright 2010 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. + -+//go:build !cgo && darwin ++func (x *cipherCBC) SetIV(iv []byte) { ++ if len(iv) != x.blockSize { ++ panic("crypto/cipher: incorrect length IV") ++ } ++ if _, err := ossl.EVP_CipherInit_ex(x.ctx, nil, nil, nil, base(iv), int32(cipherOpNone)); err != nil { ++ panic("crypto/cipher: " + err.Error()) ++ } ++} + -+// The runtime package contains an uninitialized definition -+// for runtime·iscgo. Override it to tell the runtime we're here. -+// There are various function pointers that should be set too, -+// but those depend on dynamic linker magic to get initialized -+// correctly, and sometimes they break. This variable is a -+// backup: it depends only on old C style static linking rules. ++func (c *evpCipher) newCBC(iv []byte, op cipherOp) cipher.BlockMode { ++ ctx, err := newCipherCtx(c.kind, cipherModeCBC, op, c.key, iv) ++ if err != nil { ++ panic(err) ++ } ++ x := &cipherCBC{ctx: ctx, blockSize: c.blockSize} ++ runtime.SetFinalizer(x, (*cipherCBC).finalize) ++ if _, err := ossl.EVP_CIPHER_CTX_set_padding(x.ctx, 0); err != nil { ++ panic("crypto/cipher: " + err.Error()) ++ } ++ return x ++} + -+package fakecgo ++type cipherCTR struct { ++ ctx ossl.EVP_CIPHER_CTX_PTR ++} + -+import _ "unsafe" // for go:linkname ++func (x *cipherCTR) XORKeyStream(dst, src []byte) { ++ if inexactOverlap(dst, src) { ++ panic("crypto/cipher: invalid buffer overlap") ++ } ++ if len(dst) < len(src) { ++ panic("crypto/cipher: output smaller than input") ++ } ++ if len(src) == 0 { ++ return ++ } ++ var outl int32 ++ if _, err := ossl.EVP_EncryptUpdate(x.ctx, dst, &outl, src); err != nil { ++ panic("crypto/cipher: " + err.Error()) ++ } ++ runtime.KeepAlive(x) ++} + -+//go:linkname _iscgo runtime.iscgo -+var _iscgo bool = true -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/libcgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/libcgo.go -new file mode 100644 -index 00000000000000..001b698842a36c ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/libcgo.go -@@ -0,0 +1,39 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++func (c *evpCipher) newCTR(iv []byte) cipher.Stream { ++ ctx, err := newCipherCtx(c.kind, cipherModeCTR, cipherOpEncrypt, c.key, iv) ++ if err != nil { ++ panic(err) ++ } ++ x := &cipherCTR{ctx: ctx} ++ runtime.SetFinalizer(x, (*cipherCTR).finalize) ++ return x ++} + -+//go:build !cgo && darwin ++func (c *cipherCTR) finalize() { ++ ossl.EVP_CIPHER_CTX_free(c.ctx) ++} + -+package fakecgo ++type cipherGCMTLS uint8 + -+type ( -+ size_t uintptr -+ // Sources: -+ // Darwin (32 bytes) - https://github.com/apple/darwin-xnu/blob/2ff845c2e033bd0ff64b5b6aa6063a1f8f65aa32/bsd/sys/_types.h#L74 -+ // FreeBSD (32 bytes) - https://github.com/DoctorWkt/xv6-freebsd/blob/d2a294c2a984baed27676068b15ed9a29b06ab6f/include/signal.h#L98C9-L98C21 -+ // Linux (128 bytes) - https://github.com/torvalds/linux/blob/ab75170520d4964f3acf8bb1f91d34cbc650688e/arch/x86/include/asm/signal.h#L25 -+ sigset_t [128]byte -+ pthread_attr_t [64]byte -+ pthread_t int -+ pthread_key_t uint64 ++const ( ++ cipherGCMTLSNone cipherGCMTLS = iota ++ cipherGCMTLS12 ++ cipherGCMTLS13 +) + -+// for pthread_sigmask: -+ -+type sighow int32 ++type cipherGCM struct { ++ c *evpCipher ++ tls cipherGCMTLS ++ // minNextNonce is the minimum value that the next nonce can be, enforced by ++ // all TLS modes. ++ minNextNonce uint64 ++ // mask is the nonce mask used in TLS 1.3 mode. ++ mask uint64 ++ // maskInitialized is true if mask has been initialized. This happens during ++ // the first Seal. The initialized mask may be 0. Used by TLS 1.3 mode. ++ maskInitialized bool ++ blockSize int ++} + +const ( -+ SIG_BLOCK sighow = 0 -+ SIG_UNBLOCK sighow = 1 -+ SIG_SETMASK sighow = 2 ++ aesBlockSize = 16 ++ gcmTagSize = 16 ++ gcmStandardNonceSize = 12 ++ // TLS 1.2 additional data is constructed as: ++ // ++ // additional_data = seq_num(8) + TLSCompressed.type(1) + TLSCompressed.version(2) + TLSCompressed.length(2); ++ gcmTls12AddSize = 13 ++ // TLS 1.3 additional data is constructed as: ++ // ++ // additional_data = TLSCiphertext.opaque_type(1) || TLSCiphertext.legacy_record_version(2) || TLSCiphertext.length(2) ++ gcmTls13AddSize = 5 ++ gcmTlsFixedNonceSize = 4 +) -+ -+type G struct { -+ stacklo uintptr -+ stackhi uintptr ++ ++type noGCM struct { ++ *evpCipher +} + -+type ThreadStart struct { -+ g *G -+ tls *uintptr -+ fn uintptr ++func (g *noGCM) BlockSize() int { ++ return g.blockSize +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/libcgo_darwin.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/libcgo_darwin.go -new file mode 100644 -index 00000000000000..ecdcb2e7852560 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/libcgo_darwin.go -@@ -0,0 +1,26 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors + -+//go:build !cgo ++func (g *noGCM) Encrypt(dst, src []byte) { ++ g.encrypt(dst, src) ++} + -+package fakecgo ++func (g *noGCM) Decrypt(dst, src []byte) { ++ g.decrypt(dst, src) ++} + -+type ( -+ pthread_mutex_t struct { -+ sig int64 -+ opaque [56]byte ++func (c *evpCipher) newGCMChecked(nonceSize, tagSize int) (cipher.AEAD, error) { ++ if nonceSize != gcmStandardNonceSize && tagSize != gcmTagSize { ++ return nil, errors.New("crypto/cipher: GCM tag and nonce sizes can't be non-standard at the same time") + } -+ pthread_cond_t struct { -+ sig int64 -+ opaque [40]byte ++ // Fall back to standard library for GCM with non-standard nonce or tag size. ++ if nonceSize != gcmStandardNonceSize { ++ return cipher.NewGCMWithNonceSize(&noGCM{c}, nonceSize) + } -+) -+ -+var ( -+ PTHREAD_COND_INITIALIZER = pthread_cond_t{sig: 0x3CB0B1BB} -+ PTHREAD_MUTEX_INITIALIZER = pthread_mutex_t{sig: 0x32AAABA7} -+) -+ -+type stack_t struct { -+ /* not implemented */ ++ if tagSize != gcmTagSize { ++ return cipher.NewGCMWithTagSize(&noGCM{c}, tagSize) ++ } ++ return c.newGCM(cipherGCMTLSNone) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/setenv.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/setenv.go -new file mode 100644 -index 00000000000000..e761fecfb89280 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/setenv.go -@@ -0,0 +1,19 @@ -+// Copyright 2011 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo && darwin -+ -+package fakecgo + -+import _ "unsafe" // for go:linkname -+ -+//go:linkname x_cgo_setenv_trampoline x_cgo_setenv_trampoline -+//go:linkname _cgo_setenv runtime._cgo_setenv -+var x_cgo_setenv_trampoline byte -+var _cgo_setenv = &x_cgo_setenv_trampoline ++func (c *evpCipher) newGCM(tls cipherGCMTLS) (cipher.AEAD, error) { ++ g := &cipherGCM{c: c, tls: tls, blockSize: c.blockSize} ++ return g, nil ++} + -+//go:linkname x_cgo_unsetenv_trampoline x_cgo_unsetenv_trampoline -+//go:linkname _cgo_unsetenv runtime._cgo_unsetenv -+var x_cgo_unsetenv_trampoline byte -+var _cgo_unsetenv = &x_cgo_unsetenv_trampoline -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/trampolines_amd64.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/trampolines_amd64.s -new file mode 100644 -index 00000000000000..098f56ce5e6b77 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/trampolines_amd64.s -@@ -0,0 +1,107 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++func (g *cipherGCM) NonceSize() int { ++ return gcmStandardNonceSize ++} + -+//go:build !cgo && darwin ++func (g *cipherGCM) Overhead() int { ++ return gcmTagSize ++} + -+/* -+trampoline for emulating required C functions for cgo in go (see cgo.go) -+(we convert cdecl calling convention to go and vice-versa) ++func (g *cipherGCM) Seal(dst, nonce, plaintext, aad []byte) []byte { ++ if len(nonce) != gcmStandardNonceSize { ++ panic("cipher: incorrect nonce length given to GCM") ++ } ++ if uint64(len(plaintext)) > ((1<<32)-2)*uint64(g.blockSize) || len(plaintext)+gcmTagSize < len(plaintext) { ++ panic("cipher: message too large for GCM") ++ } ++ if len(dst)+len(plaintext)+gcmTagSize < len(dst) { ++ panic("cipher: message too large for buffer") ++ } ++ if g.tls != cipherGCMTLSNone { ++ if g.tls == cipherGCMTLS12 && len(aad) != gcmTls12AddSize { ++ panic("cipher: incorrect additional data length given to GCM TLS 1.2") ++ } else if g.tls == cipherGCMTLS13 && len(aad) != gcmTls13AddSize { ++ panic("cipher: incorrect additional data length given to GCM TLS 1.3") ++ } ++ counter := bigEndianUint64(nonce[gcmTlsFixedNonceSize:]) ++ if g.tls == cipherGCMTLS13 { ++ // In TLS 1.3, the counter in the nonce has a mask and requires ++ // further decoding. ++ if !g.maskInitialized { ++ // According to TLS 1.3 nonce construction details at ++ // https://tools.ietf.org/html/rfc8446#section-5.3: ++ // ++ // the first record transmitted under a particular traffic ++ // key MUST use sequence number 0. ++ // ++ // The padded sequence number is XORed with [a mask]. ++ // ++ // The resulting quantity (of length iv_length) is used as ++ // the per-record nonce. ++ // ++ // We need to convert from the given nonce to sequence numbers ++ // to keep track of minNextNonce and enforce the counter ++ // maximum. On the first call, we know counter^mask is 0^mask, ++ // so we can simply store it as the mask. ++ g.mask = counter ++ g.maskInitialized = true ++ } ++ counter ^= g.mask ++ } ++ // BoringCrypto enforces strictly monotonically increasing explicit nonces ++ // and to fail after 2^64 - 1 keys as per FIPS 140-2 IG A.5, ++ // but OpenSSL does not perform this check, so it is implemented here. ++ const maxUint64 = 1<<64 - 1 ++ if counter == maxUint64 { ++ panic("cipher: nonce counter must be less than 2^64 - 1") ++ } ++ if counter < g.minNextNonce { ++ panic("cipher: nonce counter must be strictly monotonically increasing") ++ } ++ defer func() { ++ g.minNextNonce = counter + 1 ++ }() ++ } + -+C Calling convention cdecl used here (we only need integer args): -+1. arg: DI -+2. arg: SI -+3. arg: DX -+4. arg: CX -+5. arg: R8 -+6. arg: R9 -+We don't need floats with these functions -> AX=0 -+return value will be in AX -+temporary register is R11 -+*/ -+#include "textflag.h" -+#include "go_asm.h" -+#include "abi_amd64.h" ++ // Make room in dst to append plaintext+overhead. ++ ret, out := sliceForAppend(dst, len(plaintext)+gcmTagSize) + -+// these trampolines map the gcc ABI to Go ABI and then calls into the Go equivalent functions. ++ // Check delayed until now to make sure len(dst) is accurate. ++ if inexactOverlap(out, plaintext) { ++ panic("cipher: invalid buffer overlap") ++ } + -+TEXT x_cgo_init_trampoline(SB), NOSPLIT, $16 -+ MOVQ DI, AX -+ MOVQ SI, BX -+ MOVQ ·x_cgo_init_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET ++ ctx, err := newCipherCtx(g.c.kind, cipherModeGCM, cipherOpNone, g.c.key, nil) ++ if err != nil { ++ panic(err) ++ } ++ defer ossl.EVP_CIPHER_CTX_free(ctx) ++ // Encrypt additional data. ++ // When sealing a TLS payload, OpenSSL app sets the additional data using ++ // '_EVP_CIPHER_CTX_ctrl(g.ctx, _EVP_CTRL_AEAD_TLS1_AAD, _EVP_AEAD_TLS1_AAD_LEN, base(additionalData))'. ++ // This makes the explicit nonce component to monotonically increase on every Seal operation without ++ // relying in the explicit nonce being securely set externally, ++ // and it also gives some interesting speed gains. ++ // Unfortunately we can't use it because Go expects AEAD.Seal to honor the provided nonce. ++ if _, err := ossl.EVP_EncryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { ++ panic(err) ++ } ++ var outl, discard int32 ++ if _, err := ossl.EVP_EncryptUpdate(ctx, nil, &discard, sliceNeverNil(aad)); err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_EncryptUpdate(ctx, out, &outl, sliceNeverNil(plaintext)); err != nil { ++ panic(err) ++ } ++ if len(plaintext) != int(outl) { ++ panic("cipher: incorrect length returned from GCM EncryptUpdate") ++ } ++ discard = 0 ++ if _, err := ossl.EVP_EncryptFinal_ex(ctx, out[outl:], &discard); err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_GCM_GET_TAG, 16, unsafe.Pointer(base(out[outl:]))); err != nil { ++ panic(err) ++ } ++ runtime.KeepAlive(g) ++ return ret ++} + -+TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_thread_start_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET ++func (g *cipherGCM) SealWithRandomNonce(out, nonce, plaintext, aad []byte) { ++ if uint64(len(plaintext)) > uint64((1<<32)-2)*aesBlockSize { ++ panic("crypto/cipher: message too large for GCM") ++ } ++ if len(nonce) != gcmStandardNonceSize { ++ panic("crypto/cipher: incorrect nonce length given to GCMWithRandomNonce") ++ } ++ if len(out) != len(plaintext)+gcmTagSize { ++ panic("crypto/cipher: incorrect output length given to GCMWithRandomNonce") ++ } ++ if inexactOverlap(out, plaintext) { ++ panic("crypto/cipher: invalid buffer overlap of output and input") ++ } ++ if anyOverlap(out, aad) { ++ panic("crypto/cipher: invalid buffer overlap of output and additional data") ++ } + -+TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_setenv_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET ++ if g.tls != cipherGCMTLSNone { ++ panic("cipher: encryption failed") ++ } + -+TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $8 -+ MOVQ DI, AX -+ MOVQ ·x_cgo_unsetenv_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 -+ RET ++ RandReader.Read(nonce) ++ ctx, err := newCipherCtx(g.c.kind, cipherModeGCM, cipherOpNone, g.c.key, nil) ++ if err != nil { ++ panic(err) ++ } ++ defer ossl.EVP_CIPHER_CTX_free(ctx) + -+TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0 -+ JMP ·x_cgo_notify_runtime_init_done(SB) ++ if _, err := ossl.EVP_EncryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { ++ panic(err) ++ } ++ var outl, discard int32 ++ if _, err := ossl.EVP_EncryptUpdate(ctx, nil, &discard, sliceNeverNil(aad)); err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_EncryptUpdate(ctx, out, &outl, sliceNeverNil(plaintext)); err != nil { ++ panic(err) ++ } ++ if len(plaintext) != int(outl) { ++ panic("cipher: incorrect length returned from GCM EncryptUpdate") ++ } ++ discard = 0 ++ if _, err := ossl.EVP_EncryptFinal_ex(ctx, out[outl:], &discard); err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_GCM_GET_TAG, 16, unsafe.Pointer(base(out[outl:]))); err != nil { ++ panic(err) ++ } ++ runtime.KeepAlive(g) ++} + -+TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 -+ JMP ·x_cgo_bindm(SB) ++var errOpen = errors.New("cipher: message authentication failed") + -+// func setg_trampoline(setg uintptr, g uintptr) -+TEXT ·setg_trampoline(SB), NOSPLIT, $0-16 -+ MOVQ G+8(FP), DI -+ MOVQ setg+0(FP), R11 -+ XORL AX, AX -+ CALL R11 -+ RET ++func (g *cipherGCM) Open(dst, nonce, ciphertext, aad []byte) (_ []byte, err error) { ++ if len(nonce) != gcmStandardNonceSize { ++ panic("cipher: incorrect nonce length given to GCM") ++ } ++ if len(ciphertext) < gcmTagSize { ++ return nil, errOpen ++ } ++ if uint64(len(ciphertext)) > ((1<<32)-2)*uint64(g.blockSize)+gcmTagSize { ++ return nil, errOpen ++ } ++ // BoringCrypto does not do any TLS check when decrypting, neither do we. + -+TEXT threadentry_trampoline(SB), NOSPLIT, $0 -+ // See crosscall2. -+ PUSH_REGS_HOST_TO_ABI0() ++ tag := ciphertext[len(ciphertext)-gcmTagSize:] ++ ciphertext = ciphertext[:len(ciphertext)-gcmTagSize] + -+ // X15 is designated by Go as a fixed zero register. -+ // Calling directly into ABIInternal, ensure it is zero. -+ PXOR X15, X15 ++ // Make room in dst to append ciphertext without tag. ++ ret, out := sliceForAppend(dst, len(ciphertext)) + -+ MOVQ DI, AX -+ MOVQ ·threadentry_call(SB), R11 -+ MOVQ (R11), R11 -+ CALL R11 ++ // Check delayed until now to make sure len(dst) is accurate. ++ if inexactOverlap(out, ciphertext) { ++ panic("cipher: invalid buffer overlap") ++ } + -+ POP_REGS_HOST_TO_ABI0() -+ RET ++ ctx, err := newCipherCtx(g.c.kind, cipherModeGCM, cipherOpNone, g.c.key, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_CIPHER_CTX_free(ctx) + -+TEXT ·call5(SB), NOSPLIT, $0-56 -+ MOVQ fn+0(FP), R11 -+ MOVQ a1+8(FP), DI -+ MOVQ a2+16(FP), SI -+ MOVQ a3+24(FP), DX -+ MOVQ a4+32(FP), CX -+ MOVQ a5+40(FP), R8 ++ defer func() { ++ if err != nil { ++ // Zero output buffer on error. ++ for i := range out { ++ out[i] = 0 ++ } ++ } ++ }() ++ if _, err := ossl.EVP_DecryptInit_ex(ctx, nil, nil, nil, base(nonce)); err != nil { ++ return nil, errOpen ++ } ++ if _, err := ossl.EVP_CIPHER_CTX_ctrl(ctx, ossl.EVP_CTRL_GCM_SET_TAG, 16, unsafe.Pointer(base(tag))); err != nil { ++ return nil, errOpen ++ } ++ var outl, discard int32 ++ if _, err := ossl.EVP_DecryptUpdate(ctx, nil, &discard, sliceNeverNil(aad)); err != nil { ++ return nil, errOpen ++ } ++ if _, err := ossl.EVP_DecryptUpdate(ctx, out, &outl, sliceNeverNil(ciphertext)); err != nil { ++ return nil, errOpen ++ } ++ if len(ciphertext) != int(outl) { ++ return nil, errOpen ++ } ++ discard = 0 ++ if _, err := ossl.EVP_DecryptFinal_ex(ctx, out[outl:], &discard); err != nil { ++ return nil, errOpen ++ } ++ runtime.KeepAlive(g) ++ return ret, nil ++} + -+ XORL AX, AX // no floats ++// sliceForAppend is a mirror of crypto/cipher.sliceForAppend. ++func sliceForAppend(in []byte, n int) (head, tail []byte) { ++ if total := len(in) + n; cap(in) >= total { ++ head = in[:total] ++ } else { ++ head = make([]byte, total) ++ copy(head, in) ++ } ++ tail = head[len(in):] ++ return ++} + -+ PUSHQ BP // save BP -+ MOVQ SP, BP // save SP inside BP bc BP is callee-saved -+ SUBQ $16, SP // allocate space for alignment -+ ANDQ $-16, SP // align on 16 bytes for SSE ++func newCipherCtx(kind cipherKind, mode cipherMode, encrypt cipherOp, key, iv []byte) (_ ossl.EVP_CIPHER_CTX_PTR, err error) { ++ cipher := loadCipher(kind, mode) ++ if cipher == nil { ++ panic("crypto/cipher: unsupported cipher: " + kind.String()) ++ } ++ ctx, err := ossl.EVP_CIPHER_CTX_new() ++ if err != nil { ++ return nil, err ++ } ++ defer func() { ++ if err != nil { ++ ossl.EVP_CIPHER_CTX_free(ctx) ++ } ++ }() ++ if kind == cipherRC4 { ++ // RC4 cipher supports a variable key length. ++ // We need to set the key length before setting the key, ++ // and to do so we need to have an initialized cipher ctx. ++ if _, err := ossl.EVP_CipherInit_ex(ctx, cipher, nil, nil, nil, int32(encrypt)); err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EVP_CIPHER_CTX_set_key_length(ctx, int32(len(key))); err != nil { ++ return nil, err ++ } ++ // Pass nil to the next call to EVP_CipherInit_ex to avoid resetting ctx's cipher. ++ cipher = nil ++ } ++ if _, err := ossl.EVP_CipherInit_ex(ctx, cipher, nil, base(key), base(iv), int32(encrypt)); err != nil { ++ return nil, err ++ } ++ return ctx, nil ++} + -+ CALL R11 ++// The following two functions are a mirror of golang.org/x/crypto/internal/subtle. + -+ MOVQ BP, SP // get SP back -+ POPQ BP // restore BP ++func anyOverlap(x, y []byte) bool { ++ return len(x) > 0 && len(y) > 0 && ++ uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) && ++ uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1])) ++} + -+ MOVQ AX, ret+48(FP) -+ RET -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/trampolines_arm64.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/trampolines_arm64.s ++func inexactOverlap(x, y []byte) bool { ++ if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] { ++ return false ++ } ++ return anyOverlap(x, y) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/const.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/const.go new file mode 100644 -index 00000000000000..970f3fd9a1ef0d +index 00000000000000..7817e37ffdc40f --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/trampolines_arm64.s -@@ -0,0 +1,81 @@ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo && darwin -+ -+#include "textflag.h" -+#include "go_asm.h" -+#include "abi_arm64.h" -+ -+// These trampolines map the gcc ABI to Go ABIInternal and then calls into the Go equivalent functions. -+// Note that C arguments are passed in R0-R7, which matches Go ABIInternal for the first eight arguments. -+// R9 is used as a temporary register. ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/const.go +@@ -0,0 +1,109 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+TEXT x_cgo_init_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_init_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET ++package openssl + -+TEXT x_cgo_thread_start_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_thread_start_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET ++import "unsafe" + -+TEXT x_cgo_setenv_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_setenv_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET ++// cString is a null-terminated string, ++// akin to C's char*. ++type cString string + -+TEXT x_cgo_unsetenv_trampoline(SB), NOSPLIT, $0-0 -+ MOVD ·x_cgo_unsetenv_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ RET ++// str returns the string value. ++func (s cString) str() string { ++ return string(s) ++} + -+TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0-0 -+ CALL ·x_cgo_notify_runtime_init_done(SB) -+ RET ++// ptr returns a pointer to the string data. ++// It panics if the string is not null-terminated. ++// ++// The memory pointed to by the returned pointer should ++// not be modified and it must only be passed to ++// "const char*" parameters. Any attempt to modify it ++// will result in a runtime panic, as Go strings are ++// allocated in read-only memory. ++func (s cString) ptr() *byte { ++ if len(s) == 0 { ++ return nil ++ } ++ if s[len(s)-1] != 0 { ++ panic("must be null-terminated") ++ } ++ return unsafe.StringData(string(s)) ++} + -+TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0 -+ CALL ·x_cgo_bindm(SB) -+ RET ++const ( //checkheader:ignore ++ // Key types ++ _KeyTypeRSA cString = "RSA\x00" ++ _KeyTypeEC cString = "EC\x00" ++ _KeyTypeED25519 cString = "ED25519\x00" ++ _KeyTypeX25519 cString = "X25519\x00" ++ _KeyTypeMLKEM768 cString = "ML-KEM-768\x00" ++ _KeyTypeMLKEM1024 cString = "ML-KEM-1024\x00" ++ _KeyTypeMLDSA44 cString = "ML-DSA-44\x00" ++ _KeyTypeMLDSA65 cString = "ML-DSA-65\x00" ++ _KeyTypeMLDSA87 cString = "ML-DSA-87\x00" ++ _KeyTypeChacha20Poly1305 cString = "CHACHA20-POLY1305\x00" + -+// func setg_trampoline(setg uintptr, g uintptr) -+TEXT ·setg_trampoline(SB), NOSPLIT, $0-16 -+ MOVD G+8(FP), R0 -+ MOVD setg+0(FP), R9 -+ CALL R9 -+ RET ++ // Digest names ++ _DigestNameSHAKE128 cString = "SHAKE-128\x00" ++ _DigestNameSHAKE256 cString = "SHAKE-256\x00" + -+TEXT threadentry_trampoline(SB), NOSPLIT, $0-0 -+ // See crosscall2. -+ SUB $(8*24), RSP -+ STP (R0, R1), (8*1)(RSP) -+ MOVD R3, (8*3)(RSP) ++ // KDF names ++ _OSSL_KDF_NAME_HKDF cString = "HKDF\x00" ++ _OSSL_KDF_NAME_PBKDF2 cString = "PBKDF2\x00" ++ _OSSL_KDF_NAME_TLS1_PRF cString = "TLS1-PRF\x00" ++ _OSSL_KDF_NAME_TLS13_KDF cString = "TLS13-KDF\x00" ++ _OSSL_MAC_NAME_HMAC cString = "HMAC\x00" + -+ SAVE_R19_TO_R28(8*4) -+ SAVE_F8_TO_F15(8*14) ++ // KDF parameters ++ _OSSL_KDF_PARAM_DIGEST cString = "digest\x00" ++ _OSSL_KDF_PARAM_SECRET cString = "secret\x00" ++ _OSSL_KDF_PARAM_SEED cString = "seed\x00" ++ _OSSL_KDF_PARAM_KEY cString = "key\x00" ++ _OSSL_KDF_PARAM_PASSWORD cString = "pass\x00" ++ _OSSL_KDF_PARAM_ITER cString = "iter\x00" ++ _OSSL_KDF_PARAM_PKCS5 cString = "pkcs5\x00" ++ _OSSL_KDF_PARAM_INFO cString = "info\x00" ++ _OSSL_KDF_PARAM_SALT cString = "salt\x00" ++ _OSSL_KDF_PARAM_MODE cString = "mode\x00" ++ ++ // KDF FIPS parameters ++ _OSSL_KDF_PARAM_FIPS_KEY_CHECK cString = "key-check\x00" + -+ MOVD ·threadentry_call(SB), R9 -+ MOVD (R9), R9 -+ CALL R9 -+ MOVD $0, R0 // TODO: get the return value from threadentry ++ // TLS3-KDF parameters ++ _OSSL_KDF_PARAM_PREFIX cString = "prefix\x00" ++ _OSSL_KDF_PARAM_LABEL cString = "label\x00" ++ _OSSL_KDF_PARAM_DATA cString = "data\x00" + -+ RESTORE_R19_TO_R28(8*4) -+ RESTORE_F8_TO_F15(8*14) -+ ADD $(8*24), RSP -+ RET ++ // PKEY parameters ++ _OSSL_PKEY_PARAM_PUB_KEY cString = "pub\x00" ++ _OSSL_PKEY_PARAM_PRIV_KEY cString = "priv\x00" ++ _OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY cString = "encoded-pub-key\x00" ++ _OSSL_PKEY_PARAM_GROUP_NAME cString = "group\x00" ++ _OSSL_PKEY_PARAM_EC_PUB_X cString = "qx\x00" ++ _OSSL_PKEY_PARAM_EC_PUB_Y cString = "qy\x00" ++ _OSSL_PKEY_PARAM_FFC_PBITS cString = "pbits\x00" ++ _OSSL_PKEY_PARAM_FFC_QBITS cString = "qbits\x00" ++ _OSSL_PKEY_PARAM_RSA_N cString = "n\x00" ++ _OSSL_PKEY_PARAM_RSA_E cString = "e\x00" ++ _OSSL_PKEY_PARAM_RSA_D cString = "d\x00" ++ _OSSL_PKEY_PARAM_FFC_P cString = "p\x00" ++ _OSSL_PKEY_PARAM_FFC_Q cString = "q\x00" ++ _OSSL_PKEY_PARAM_FFC_G cString = "g\x00" ++ _OSSL_PKEY_PARAM_RSA_FACTOR1 cString = "rsa-factor1\x00" ++ _OSSL_PKEY_PARAM_RSA_FACTOR2 cString = "rsa-factor2\x00" ++ _OSSL_PKEY_PARAM_RSA_EXPONENT1 cString = "rsa-exponent1\x00" ++ _OSSL_PKEY_PARAM_RSA_EXPONENT2 cString = "rsa-exponent2\x00" ++ _OSSL_PKEY_PARAM_RSA_COEFFICIENT1 cString = "rsa-coefficient1\x00" ++ _OSSL_PKEY_PARAM_ML_KEM_SEED cString = "seed\x00" ++ _OSSL_PKEY_PARAM_ML_DSA_SEED cString = "seed\x00" + -+TEXT ·call5(SB), NOSPLIT, $0-0 -+ MOVD fn+0(FP), R9 -+ MOVD a1+8(FP), R0 -+ MOVD a2+16(FP), R1 -+ MOVD a3+24(FP), R2 -+ MOVD a4+32(FP), R3 -+ MOVD a5+40(FP), R4 -+ CALL R9 -+ MOVD R0, ret+48(FP) -+ RET -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/zsymbols.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/zsymbols.go ++ // Signature parameters ++ _OSSL_SIGNATURE_PARAM_CONTEXT_STRING cString = "context-string\x00" ++ _OSSL_SIGNATURE_PARAM_MU cString = "mu\x00" ++ ++ // MAC parameters ++ _OSSL_MAC_PARAM_DIGEST cString = "digest\x00" ++ _OSSL_MAC_PARAM_FIPS_KEY_CHECK cString = "key-check\x00" ++) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/cshake.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/cshake.go new file mode 100644 -index 00000000000000..3f720df236e392 +index 00000000000000..ece9605829f12d --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/zsymbols.go -@@ -0,0 +1,165 @@ -+// Code generated by 'go generate' with gen.go. DO NOT EDIT. -+ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo && darwin ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/cshake.go +@@ -0,0 +1,256 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+package fakecgo ++package openssl + +import ( -+ "syscall" -+ "unsafe" ++ "runtime" ++ "strconv" ++ "sync" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+//go:nosplit -+//go:norace -+func malloc(size uintptr) unsafe.Pointer { -+ ret := call5(mallocABI0, uintptr(size), 0, 0, 0, 0) -+ // this indirection is to avoid go vet complaining about possible misuse of unsafe.Pointer -+ return *(*unsafe.Pointer)(unsafe.Pointer(&ret)) ++// shakeOneShot applies the SHAKE extendable output function to data and ++// writes the output to out. ++func shakeOneShot(secuirtyBits int, data []byte, out []byte) { ++ // Can't use EVP_Digest because it doesn't support output lengths ++ // larger than the block size, while crypto/sha3 supports any length. ++ alg := loadShake(secuirtyBits) ++ if alg == nil { ++ panic("openssl: unsupported SHAKE" + strconv.Itoa(secuirtyBits) + " function") ++ } ++ ctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ panic(err) ++ } ++ defer ossl.EVP_MD_CTX_free(ctx) ++ if _, err := ossl.EVP_DigestInit_ex(ctx, alg.md, nil); err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_DigestUpdate(ctx, data); err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_DigestFinalXOF(ctx, out); err != nil { ++ panic(err) ++ } +} + -+//go:nosplit -+//go:norace -+func free(ptr unsafe.Pointer) { -+ call5(freeABI0, uintptr(ptr), 0, 0, 0, 0) ++// SumSHAKE128 applies the SHAKE128 extendable output function to data and ++// returns an output of the given length in bytes. ++func SumSHAKE128(data []byte, length int) []byte { ++ out := make([]byte, length) ++ shakeOneShot(128, data, out) ++ return out +} + -+//go:nosplit -+//go:norace -+func setenv(name *byte, value *byte, overwrite int32) int32 { -+ return int32(call5(setenvABI0, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(value)), uintptr(overwrite), 0, 0)) ++// SumSHAKE256 applies the SHAKE256 extendable output function to data and ++// returns an output of the given length in bytes. ++func SumSHAKE256(data []byte, length int) []byte { ++ out := make([]byte, length) ++ shakeOneShot(256, data, out) ++ return out +} + -+//go:nosplit -+//go:norace -+func unsetenv(name *byte) int32 { -+ return int32(call5(unsetenvABI0, uintptr(unsafe.Pointer(name)), 0, 0, 0, 0)) -+} ++var shakeSupported sync.Map + -+//go:nosplit -+//go:norace -+func sigfillset(set *sigset_t) int32 { -+ return int32(call5(sigfillsetABI0, uintptr(unsafe.Pointer(set)), 0, 0, 0, 0)) -+} ++var hasDigestSqueeze = sync.OnceValue(ossl.EVP_DigestSqueeze_Available) + -+//go:nosplit -+//go:norace -+func nanosleep(ts *syscall.Timespec, rem *syscall.Timespec) int32 { -+ return int32(call5(nanosleepABI0, uintptr(unsafe.Pointer(ts)), uintptr(unsafe.Pointer(rem)), 0, 0, 0)) ++// SupportsSHAKE returns true if the SHAKE extendable output functions ++// with the given securityBits are supported. ++func SupportsSHAKE(securityBits int) bool { ++ if !hasDigestSqueeze() { ++ // SHAKE MD's are supported since OpenSSL 1.1.1, but ++ // EVP_DigestSqueeze (added in OpenSSL 3.3) is required to ++ // implement [sha3.SHAKE]'s streaming Read API. ++ return false ++ } ++ if v, ok := shakeSupported.Load(securityBits); ok { ++ return v.(bool) ++ } ++ alg := loadShake(securityBits) ++ if alg == nil { ++ shakeSupported.Store(securityBits, false) ++ return false ++ } ++ // EVP_MD objects can be non-nil but the underlying provider may not ++ // support EVP_DigestSqueeze. We need to test it. ++ var supported bool ++ if ctx, _ := ossl.EVP_MD_CTX_new(); ctx != nil { ++ defer ossl.EVP_MD_CTX_free(ctx) ++ if _, err := ossl.EVP_DigestInit_ex(ctx, alg.md, nil); err == nil { ++ var tmp [1]byte ++ _, err := ossl.EVP_DigestSqueeze(ctx, tmp[:]) ++ supported = err == nil ++ } ++ } ++ shakeSupported.Store(securityBits, supported) ++ return supported +} + -+//go:nosplit -+//go:norace -+func abort() { -+ call5(abortABI0, 0, 0, 0, 0, 0) ++// SupportsCSHAKE returns true if the CSHAKE extendable output functions ++// with the given securityBits are supported. ++func SupportsCSHAKE(securityBits int) bool { ++ // OpenSSL tracker issue https://github.com/openssl/openssl/issues/28358 ++ return false +} + -+//go:nosplit -+//go:norace -+func pthread_attr_init(attr *pthread_attr_t) int32 { -+ return int32(call5(pthread_attr_initABI0, uintptr(unsafe.Pointer(attr)), 0, 0, 0, 0)) ++// SHAKE is an instance of a SHAKE extendable output function. ++type SHAKE struct { ++ alg *shakeAlgorithm ++ ctx ossl.EVP_MD_CTX_PTR ++ lastXofLen int +} + -+//go:nosplit -+//go:norace -+func pthread_create(thread *pthread_t, attr *pthread_attr_t, start unsafe.Pointer, arg unsafe.Pointer) int32 { -+ return int32(call5(pthread_createABI0, uintptr(unsafe.Pointer(thread)), uintptr(unsafe.Pointer(attr)), uintptr(start), uintptr(arg), 0)) ++// NewSHAKE128 creates a new SHAKE128 XOF. ++func NewSHAKE128() *SHAKE { ++ return newSHAKE(128) +} + -+//go:nosplit -+//go:norace -+func pthread_detach(thread pthread_t) int32 { -+ return int32(call5(pthread_detachABI0, uintptr(thread), 0, 0, 0, 0)) ++// NewSHAKE256 creates a new SHAKE256 XOF. ++func NewSHAKE256() *SHAKE { ++ return newSHAKE(256) +} + -+//go:nosplit -+//go:norace -+func pthread_sigmask(how sighow, ign *sigset_t, oset *sigset_t) int32 { -+ return int32(call5(pthread_sigmaskABI0, uintptr(how), uintptr(unsafe.Pointer(ign)), uintptr(unsafe.Pointer(oset)), 0, 0)) ++// NewCSHAKE128 creates a new cSHAKE128 XOF. ++// ++// N is used to define functions based on cSHAKE, it can be empty when plain ++// cSHAKE is desired. S is a customization byte string used for domain ++// separation. When N and S are both empty, this is equivalent to NewSHAKE128. ++func NewCSHAKE128(N, S []byte) *SHAKE { ++ if len(N) == 0 && len(S) == 0 { ++ return NewSHAKE128() ++ } ++ return nil +} + -+//go:nosplit -+//go:norace -+func pthread_mutex_lock(mutex *pthread_mutex_t) int32 { -+ return int32(call5(pthread_mutex_lockABI0, uintptr(unsafe.Pointer(mutex)), 0, 0, 0, 0)) ++// NewCSHAKE256 creates a new cSHAKE256 XOF. ++// ++// N is used to define functions based on cSHAKE, it can be empty when plain ++// cSHAKE is desired. S is a customization byte string used for domain ++// separation. When N and S are both empty, this is equivalent to NewSHAKE256. ++func NewCSHAKE256(N, S []byte) *SHAKE { ++ if len(N) == 0 && len(S) == 0 { ++ return NewSHAKE256() ++ } ++ return nil +} + -+//go:nosplit -+//go:norace -+func pthread_mutex_unlock(mutex *pthread_mutex_t) int32 { -+ return int32(call5(pthread_mutex_unlockABI0, uintptr(unsafe.Pointer(mutex)), 0, 0, 0, 0)) ++func newSHAKE(securityBits int) *SHAKE { ++ alg := loadShake(securityBits) ++ if alg == nil { ++ panic("openssl: unsupported SHAKE" + strconv.Itoa(securityBits) + " function") ++ } ++ ctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_DigestInit_ex(ctx, alg.md, nil); err != nil { ++ ossl.EVP_MD_CTX_free(ctx) ++ panic(err) ++ } ++ s := &SHAKE{alg: alg, ctx: ctx} ++ runtime.SetFinalizer(s, (*SHAKE).finalize) ++ return s +} + -+//go:nosplit -+//go:norace -+func pthread_cond_broadcast(cond *pthread_cond_t) int32 { -+ return int32(call5(pthread_cond_broadcastABI0, uintptr(unsafe.Pointer(cond)), 0, 0, 0, 0)) ++func (s *SHAKE) finalize() { ++ ossl.EVP_MD_CTX_free(s.ctx) +} + -+//go:nosplit -+//go:norace -+func pthread_setspecific(key pthread_key_t, value unsafe.Pointer) int32 { -+ return int32(call5(pthread_setspecificABI0, uintptr(key), uintptr(value), 0, 0, 0)) ++// Write absorbs more data into the XOF's state. ++// ++// It panics if any output has already been read. ++func (s *SHAKE) Write(p []byte) (n int, err error) { ++ defer runtime.KeepAlive(s) ++ if len(p) == 0 { ++ return 0, nil ++ } ++ if _, err := ossl.EVP_DigestUpdate(s.ctx, p); err != nil { ++ panic(err) ++ } ++ return len(p), nil +} + -+//go:linkname _malloc _malloc -+var _malloc uint8 -+var mallocABI0 = uintptr(unsafe.Pointer(&_malloc)) -+ -+//go:linkname _free _free -+var _free uint8 -+var freeABI0 = uintptr(unsafe.Pointer(&_free)) -+ -+//go:linkname _setenv _setenv -+var _setenv uint8 -+var setenvABI0 = uintptr(unsafe.Pointer(&_setenv)) -+ -+//go:linkname _unsetenv _unsetenv -+var _unsetenv uint8 -+var unsetenvABI0 = uintptr(unsafe.Pointer(&_unsetenv)) -+ -+//go:linkname _sigfillset _sigfillset -+var _sigfillset uint8 -+var sigfillsetABI0 = uintptr(unsafe.Pointer(&_sigfillset)) -+ -+//go:linkname _nanosleep _nanosleep -+var _nanosleep uint8 -+var nanosleepABI0 = uintptr(unsafe.Pointer(&_nanosleep)) -+ -+//go:linkname _abort _abort -+var _abort uint8 -+var abortABI0 = uintptr(unsafe.Pointer(&_abort)) -+ -+//go:linkname _pthread_attr_init _pthread_attr_init -+var _pthread_attr_init uint8 -+var pthread_attr_initABI0 = uintptr(unsafe.Pointer(&_pthread_attr_init)) -+ -+//go:linkname _pthread_create _pthread_create -+var _pthread_create uint8 -+var pthread_createABI0 = uintptr(unsafe.Pointer(&_pthread_create)) -+ -+//go:linkname _pthread_detach _pthread_detach -+var _pthread_detach uint8 -+var pthread_detachABI0 = uintptr(unsafe.Pointer(&_pthread_detach)) -+ -+//go:linkname _pthread_sigmask _pthread_sigmask -+var _pthread_sigmask uint8 -+var pthread_sigmaskABI0 = uintptr(unsafe.Pointer(&_pthread_sigmask)) -+ -+//go:linkname _pthread_mutex_lock _pthread_mutex_lock -+var _pthread_mutex_lock uint8 -+var pthread_mutex_lockABI0 = uintptr(unsafe.Pointer(&_pthread_mutex_lock)) -+ -+//go:linkname _pthread_mutex_unlock _pthread_mutex_unlock -+var _pthread_mutex_unlock uint8 -+var pthread_mutex_unlockABI0 = uintptr(unsafe.Pointer(&_pthread_mutex_unlock)) -+ -+//go:linkname _pthread_cond_broadcast _pthread_cond_broadcast -+var _pthread_cond_broadcast uint8 -+var pthread_cond_broadcastABI0 = uintptr(unsafe.Pointer(&_pthread_cond_broadcast)) -+ -+//go:linkname _pthread_setspecific _pthread_setspecific -+var _pthread_setspecific uint8 -+var pthread_setspecificABI0 = uintptr(unsafe.Pointer(&_pthread_setspecific)) -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/zsymbols_darwin.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/zsymbols_darwin.go -new file mode 100644 -index 00000000000000..960f8168eb88d7 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/zsymbols_darwin.go -@@ -0,0 +1,59 @@ -+// Code generated by 'go generate' with gen.go. DO NOT EDIT. -+ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors -+ -+//go:build !cgo -+ -+package fakecgo -+ -+import "unsafe" -+ -+//go:cgo_import_dynamic purego_malloc malloc "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_free free "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_setenv setenv "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_unsetenv unsetenv "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_sigfillset sigfillset "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_nanosleep nanosleep "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_abort abort "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_create pthread_create "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_detach pthread_detach "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_mutex_lock pthread_mutex_lock "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_mutex_unlock pthread_mutex_unlock "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_cond_broadcast pthread_cond_broadcast "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_setspecific pthread_setspecific "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_self pthread_self "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_get_stacksize_np pthread_get_stacksize_np "/usr/lib/libSystem.B.dylib" -+//go:cgo_import_dynamic purego_pthread_attr_setstacksize pthread_attr_setstacksize "/usr/lib/libSystem.B.dylib" -+ -+//go:nosplit -+//go:norace -+func pthread_self() pthread_t { -+ return pthread_t(call5(pthread_selfABI0, 0, 0, 0, 0, 0)) ++// Read squeezes more output from the XOF. ++// ++// Any call to Write after a call to Read will panic. ++func (s *SHAKE) Read(p []byte) (n int, err error) { ++ defer runtime.KeepAlive(s) ++ if len(p) == 0 { ++ return 0, nil ++ } ++ if len(p) != s.lastXofLen { ++ if _, err := ossl.EVP_MD_CTX_ctrl(s.ctx, ossl.EVP_MD_CTRL_XOF_LEN, int32(len(p)), nil); err != nil { ++ panic(err) ++ } ++ s.lastXofLen = len(p) ++ } ++ if _, err := ossl.EVP_DigestSqueeze(s.ctx, p); err != nil { ++ panic(err) ++ } ++ return len(p), nil +} + -+//go:nosplit -+//go:norace -+func pthread_get_stacksize_np(thread pthread_t) size_t { -+ return size_t(call5(pthread_get_stacksize_npABI0, uintptr(thread), 0, 0, 0, 0)) ++// Reset resets the XOF to its initial state. ++func (s *SHAKE) Reset() { ++ defer runtime.KeepAlive(s) ++ if _, err := ossl.EVP_DigestInit_ex(s.ctx, nil, nil); err != nil { ++ panic(err) ++ } ++ s.lastXofLen = 0 +} + -+//go:nosplit -+//go:norace -+func pthread_attr_setstacksize(attr *pthread_attr_t, size size_t) int32 { -+ return int32(call5(pthread_attr_setstacksizeABI0, uintptr(unsafe.Pointer(attr)), uintptr(size), 0, 0, 0)) ++// BlockSize returns the rate of the XOF. ++func (s *SHAKE) BlockSize() int { ++ return s.alg.blockSize +} + -+//go:linkname _pthread_self _pthread_self -+var _pthread_self uint8 -+var pthread_selfABI0 = uintptr(unsafe.Pointer(&_pthread_self)) -+ -+//go:linkname _pthread_get_stacksize_np _pthread_get_stacksize_np -+var _pthread_get_stacksize_np uint8 -+var pthread_get_stacksize_npABI0 = uintptr(unsafe.Pointer(&_pthread_get_stacksize_np)) ++func (s *SHAKE) MarshalBinary() ([]byte, error) { ++ return nil, errMarshallUnsupported{} ++} + -+//go:linkname _pthread_attr_setstacksize _pthread_attr_setstacksize -+var _pthread_attr_setstacksize uint8 -+var pthread_attr_setstacksizeABI0 = uintptr(unsafe.Pointer(&_pthread_attr_setstacksize)) -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/ztrampolines_darwin.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/ztrampolines_darwin.s -new file mode 100644 -index 00000000000000..35ef7ac11cb955 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/ztrampolines_darwin.s -@@ -0,0 +1,19 @@ -+// Code generated by 'go generate' with gen.go. DO NOT EDIT. ++func (s *SHAKE) AppendBinary(b []byte) ([]byte, error) { ++ return nil, errMarshallUnsupported{} ++} + -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++func (s *SHAKE) UnmarshalBinary(data []byte) error { ++ return errMarshallUnsupported{} ++} + -+//go:build !cgo ++type shakeAlgorithm struct { ++ md ossl.EVP_MD_PTR ++ blockSize int ++} + -+#include "textflag.h" ++var cacheSHAKE sync.Map + -+// these stubs are here because it is not possible to go:linkname directly the C functions ++// loadShake converts a crypto.Hash to a EVP_MD. ++func loadShake(securityBits int) (alg *shakeAlgorithm) { ++ if v, ok := cacheSHAKE.Load(securityBits); ok { ++ return v.(*shakeAlgorithm) ++ } ++ defer func() { ++ cacheSHAKE.Store(securityBits, alg) ++ }() + -+TEXT _pthread_self(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_self(SB) ++ var name cString ++ switch securityBits { ++ case 128: ++ name = _DigestNameSHAKE128 ++ case 256: ++ name = _DigestNameSHAKE256 ++ default: ++ return nil ++ } + -+TEXT _pthread_get_stacksize_np(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_get_stacksize_np(SB) ++ md, err := ossl.EVP_MD_fetch(nil, name.ptr(), nil) ++ if err != nil || md == nil { ++ return nil ++ } + -+TEXT _pthread_attr_setstacksize(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_attr_setstacksize(SB) -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/ztrampolines_stubs.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/ztrampolines_stubs.s ++ alg = new(shakeAlgorithm) ++ alg.md = md ++ alg.blockSize = int(ossl.EVP_MD_get_block_size(md)) ++ return alg ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/des.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/des.go new file mode 100644 -index 00000000000000..c59e0dce68c449 +index 00000000000000..6ae4a6372f8d08 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/fakecgo/ztrampolines_stubs.s -@@ -0,0 +1,55 @@ -+// Code generated by 'go generate' with gen.go. DO NOT EDIT. -+ -+// SPDX-License-Identifier: Apache-2.0 -+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/des.go +@@ -0,0 +1,121 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+//go:build !cgo && darwin ++package openssl + -+#include "textflag.h" ++import ( ++ "crypto/cipher" ++ "errors" + -+// these stubs are here because it is not possible to go:linkname directly the C functions ++ "github.com/microsoft/go-crypto-openssl/osslsetup" ++) + -+TEXT _malloc(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_malloc(SB) ++// SupportsDESCipher returns true if NewDESCipher is supported, ++// which uses ECB mode. ++// If CBC is also supported, then the returned cipher.Block ++// will also implement NewCBCEncrypter and NewCBCDecrypter. ++func SupportsDESCipher() bool { ++ switch major() { ++ case 1: ++ // DES is not part of the OpenSSL 1.x FIPS module. ++ return !osslsetup.FIPS() && loadCipher(cipherDES, cipherModeECB) != nil ++ default: ++ // On OpenSSL 3+ availability is decided by the algorithm probe: ++ // EVP_CIPHER_fetch returns nil unless the legacy provider is loaded. ++ return loadCipher(cipherDES, cipherModeECB) != nil ++ } ++} + -+TEXT _free(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_free(SB) ++// SupportsTripleDESCipher returns true if NewTripleDESCipher is supported, ++// which uses ECB mode. ++// If CBC is also supported, then the returned cipher.Block ++// will also implement NewCBCEncrypter and NewCBCDecrypter. ++func SupportsTripleDESCipher() bool { ++ // Should always be true for stock OpenSSL, ++ // even when using the FIPS provider. ++ return loadCipher(cipherDES3, cipherModeECB) != nil ++} + -+TEXT _setenv(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_setenv(SB) ++func NewDESCipher(key []byte) (cipher.Block, error) { ++ if len(key) != 8 { ++ return nil, errors.New("crypto/des: invalid key size") ++ } ++ return newDESCipher(key, cipherDES) ++} + -+TEXT _unsetenv(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_unsetenv(SB) ++func NewTripleDESCipher(key []byte) (cipher.Block, error) { ++ if len(key) != 24 { ++ return nil, errors.New("crypto/des: invalid key size") ++ } ++ return newDESCipher(key, cipherDES3) ++} + -+TEXT _sigfillset(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_sigfillset(SB) ++func newDESCipher(key []byte, kind cipherKind) (cipher.Block, error) { ++ c, err := newEVPCipher(key, kind) ++ if err != nil { ++ return nil, err ++ } ++ if loadCipher(kind, cipherModeCBC) == nil { ++ return &desCipherWithoutCBC{c}, nil ++ } ++ return &desCipher{c}, nil ++} + -+TEXT _nanosleep(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_nanosleep(SB) ++type desExtraModes interface { ++ NewCBCEncrypter(iv []byte) cipher.BlockMode ++ NewCBCDecrypter(iv []byte) cipher.BlockMode ++} + -+TEXT _abort(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_abort(SB) ++var _ desExtraModes = (*desCipher)(nil) + -+TEXT _pthread_attr_init(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_attr_init(SB) ++type desCipher struct { ++ *evpCipher ++} + -+TEXT _pthread_create(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_create(SB) ++func (c *desCipher) BlockSize() int { ++ return c.blockSize ++} + -+TEXT _pthread_detach(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_detach(SB) ++func (c *desCipher) Encrypt(dst, src []byte) { ++ if err := c.encrypt(dst, src); err != nil { ++ // crypto/des expects that the panic message starts with "crypto/des: ". ++ panic("crypto/des: " + err.Error()) ++ } ++} + -+TEXT _pthread_sigmask(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_sigmask(SB) ++func (c *desCipher) Decrypt(dst, src []byte) { ++ if err := c.decrypt(dst, src); err != nil { ++ // crypto/des expects that the panic message starts with "crypto/des: ". ++ panic("crypto/des: " + err.Error()) ++ } ++} + -+TEXT _pthread_mutex_lock(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_mutex_lock(SB) ++func (c *desCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { ++ return c.newCBC(iv, cipherOpEncrypt) ++} + -+TEXT _pthread_mutex_unlock(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_mutex_unlock(SB) ++func (c *desCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { ++ return c.newCBC(iv, cipherOpDecrypt) ++} + -+TEXT _pthread_cond_broadcast(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_cond_broadcast(SB) ++type desCipherWithoutCBC struct { ++ *evpCipher ++} + -+TEXT _pthread_setspecific(SB), NOSPLIT|NOFRAME, $0-0 -+ JMP purego_pthread_setspecific(SB) -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/security.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/security.go -new file mode 100644 -index 00000000000000..74ee18d383784e ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/security.go -@@ -0,0 +1,9 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++func (c *desCipherWithoutCBC) BlockSize() int { ++ return c.blockSize ++} + -+// Package security provides a Go interface to the Security framework -+package security ++func (c *desCipherWithoutCBC) Encrypt(dst, src []byte) { ++ if err := c.encrypt(dst, src); err != nil { ++ // crypto/des expects that the panic message starts with "crypto/des: ". ++ panic("crypto/des: " + err.Error()) ++ } ++} + -+//go:generate go run ../../cmd/checkheader shims.h -+//go:generate go run ../../cmd/mkcgo -out zsecurity.go -package security --noerrors shims.h -+//go:generate go run ../../cmd/mkcgo -out zsecurity.go -nocgo -package security --noerrors shims.h -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/shims.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/shims.h ++func (c *desCipherWithoutCBC) Decrypt(dst, src []byte) { ++ if err := c.decrypt(dst, src); err != nil { ++ // crypto/des expects that the panic message starts with "crypto/des: ". ++ panic("crypto/des: " + err.Error()) ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/dsa.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/dsa.go new file mode 100644 -index 00000000000000..d37be58038a718 +index 00000000000000..82b7b1081468de --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/shims.h -@@ -0,0 +1,107 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/dsa.go +@@ -0,0 +1,306 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+// This header file is used by the mkcgo tool to generate cgo and Go bindings for the -+// Security framework C API. Run "go generate ." to regenerate the bindings. -+// Do not include this file, import "zsecurity.h" instead. -+ -+#ifndef _GO_SECURITY_SHIMS_H // only include this header once -+#define _GO_SECURITY_SHIMS_H -+ -+#include // bool -+#include // uint64_t -+#include // size_t -+ -+// The following includes are used by the checkheader tool. -+// #include ++package openssl + -+typedef unsigned char Boolean; -+typedef void *SecRandomRef; -+typedef void *SecKeyRef; -+typedef void *CFDataRef; -+typedef void *CFTypeRef; -+typedef void *CFStringRef; -+typedef void *CFDictionaryRef; -+typedef void *CFMutableDictionaryRef; -+typedef void *CFNumberRef; -+typedef void *CFErrorRef; -+typedef void *CFAllocatorRef; -+typedef void *CFDictionaryKeyCallBacks; -+typedef void *CFDictionaryValueCallBacks; -+typedef long CFIndex; -+typedef CFStringRef SecKeyAlgorithm; ++import ( ++ "runtime" ++ "unsafe" + -+typedef enum { -+ kSecKeyOperationTypeSign = 0, -+ kSecKeyOperationTypeVerify = 1, -+ kSecKeyOperationTypeEncrypt = 2, -+ kSecKeyOperationTypeDecrypt = 3, -+} SecKeyOperationType; ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+typedef enum { -+ kCFStringEncodingUTF8 = 0x08000100 -+} CFStringEncoding; ++// SupportsDSA returns true if the OpenSSL library supports DSA. ++func SupportsDSA() bool { ++ ctx, err := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_DSA, nil) ++ if err != nil { ++ return false ++ } ++ ossl.EVP_PKEY_CTX_free(ctx) ++ return true ++} + -+typedef enum { -+ kCFNumberLongType = 10 -+} CFNumberType; ++// DSAParameters contains the DSA parameters. ++type DSAParameters struct { ++ P, Q, G BigInt ++} + -+extern const CFAllocatorRef kCFAllocatorDefault __attribute__((framework(CoreFoundation, A))); -+extern const SecRandomRef kSecRandomDefault __attribute__((framework(Security, A))); -+extern const CFStringRef kSecAttrKeyTypeRSA __attribute__((framework(Security, A))); -+extern const CFStringRef kSecAttrKeyClassPublic __attribute__((framework(Security, A))); -+extern const CFStringRef kSecAttrKeyClassPrivate __attribute__((framework(Security, A))); -+extern const CFStringRef kSecAttrKeyType __attribute__((framework(Security, A))); -+extern const CFStringRef kSecAttrKeySizeInBits __attribute__((framework(Security, A))); -+extern const CFStringRef kSecAttrKeyClass __attribute__((framework(Security, A))); -+// PSS -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA1 __attribute__((framework(Security, A))); -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA224 __attribute__((framework(Security, A))); -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA256 __attribute__((framework(Security, A))); -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA384 __attribute__((framework(Security, A))); -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA512 __attribute__((framework(Security, A))); -+// RAW -+extern const CFStringRef kSecKeyAlgorithmRSAEncryptionRaw __attribute__((framework(Security, A))); -+// PKCS1v15 -+extern const CFStringRef kSecKeyAlgorithmRSAEncryptionPKCS1 __attribute__((framework(Security, A))); -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 __attribute__((framework(Security, A))); -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 __attribute__((framework(Security, A))); -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 __attribute__((framework(Security, A))); -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 __attribute__((framework(Security, A))); -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 __attribute__((framework(Security, A))); -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw __attribute__((framework(Security, A))); -+// OAEP -+extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA1 __attribute__((framework(Security, A))); -+extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA224 __attribute__((framework(Security, A))); -+extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA256 __attribute__((framework(Security, A))); -+extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA384 __attribute__((framework(Security, A))); -+extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA512 __attribute__((framework(Security, A))); -+// ECDSA -+extern const CFStringRef kSecKeyAlgorithmECDSASignatureDigestX962 __attribute__((framework(Security, A))); ++// PrivateKeyDSA represents a DSA private key. ++type PrivateKeyDSA struct { ++ DSAParameters ++ X, Y BigInt + -+int SecRandomCopyBytes(SecRandomRef rnd, size_t count, void *bytes) __attribute__((framework(Security, A), noescape, nocallback, slice(bytes, count))); -+SecKeyRef SecKeyCopyPublicKey(SecKeyRef key) __attribute__((framework(Security, A))); -+SecKeyRef SecKeyCreateWithData(CFDataRef keyData, CFDictionaryRef attributes, CFErrorRef *error) __attribute__((noescape, nocallback, framework(Security, A))); -+SecKeyRef SecKeyCreateRandomKey(CFDictionaryRef parameters, CFErrorRef *error) __attribute__((noescape, nocallback, framework(Security, A))); -+CFDataRef SecKeyCopyExternalRepresentation(SecKeyRef key, CFErrorRef *error) __attribute__((noescape, nocallback, framework(Security, A))); -+CFDataRef SecKeyCreateDecryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef ciphertext, CFErrorRef *error) __attribute__((noescape, nocallback, framework(Security, A))); -+CFDataRef SecKeyCreateEncryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef plaintext, CFErrorRef *error) __attribute__((noescape, nocallback, framework(Security, A))); -+CFDataRef SecKeyCreateSignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef data, CFErrorRef *error) __attribute__((noescape, nocallback, framework(Security, A))); -+Boolean SecKeyVerifySignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef signedData, CFDataRef signature, CFErrorRef *error) __attribute__((noescape, nocallback, framework(Security, A))); -+Boolean SecKeyIsAlgorithmSupported(SecKeyRef key, SecKeyOperationType operation, SecKeyAlgorithm algorithm) __attribute__((framework(Security, A))); -+size_t SecKeyGetBlockSize(SecKeyRef key) __attribute__((framework(Security, A))); ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey ossl.EVP_PKEY_PTR ++} + -+CFDataRef CFDataCreate(CFAllocatorRef allocator, const uint8_t *bytes, CFIndex length) __attribute__((noescape, nocallback, framework(CoreFoundation, A), slice(bytes, length))); -+CFDictionaryRef CFDictionaryCreate(CFAllocatorRef allocator, const void **keys, const void **values, CFIndex numValues, const CFDictionaryKeyCallBacks *keyCallBacks, const CFDictionaryValueCallBacks *valueCallBacks) __attribute__((framework(CoreFoundation, A))); -+CFMutableDictionaryRef CFDictionaryCreateMutable(CFAllocatorRef allocator, CFIndex capacity, const CFDictionaryKeyCallBacks *keyCallBacks, const CFDictionaryValueCallBacks *valueCallBacks) __attribute__((framework(CoreFoundation, A))); -+CFNumberRef CFNumberCreate(CFAllocatorRef allocator, CFNumberType theType, const void *valuePtr) __attribute__((noescape, nocallback, framework(CoreFoundation, A))); -+CFIndex CFDataGetLength(CFDataRef data) __attribute__((framework(CoreFoundation, A))); -+const uint8_t *CFDataGetBytePtr(CFDataRef data) __attribute__((framework(CoreFoundation, A))); -+void CFRelease(CFTypeRef cf) __attribute__((framework(CoreFoundation, A))); -+void CFDictionarySetValue(CFMutableDictionaryRef theDict, const void *key, const void *value) __attribute__((framework(CoreFoundation, A))); -+CFStringRef CFErrorCopyDescription(CFErrorRef error) __attribute__((framework(CoreFoundation, A))); -+const char *CFStringGetCStringPtr(CFStringRef str, CFStringEncoding encoding) __attribute__((framework(CoreFoundation, A))); -+CFIndex CFStringGetLength(CFStringRef str) __attribute__((framework(CoreFoundation, A))); -+CFIndex CFErrorGetCode(CFErrorRef error) __attribute__((framework(CoreFoundation, A))); ++func (k *PrivateKeyDSA) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} + -+#endif // _GO_SECURITY_SHIMS_H -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/syscall_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/syscall_nocgo.go -new file mode 100644 -index 00000000000000..3a03e583346c1c ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/syscall_nocgo.go -@@ -0,0 +1,15 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++func (k *PrivateKeyDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} + -+//go:build !cgo ++// PublicKeyDSA represents a DSA public key. ++type PublicKeyDSA struct { ++ DSAParameters ++ Y BigInt + -+package security ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey ossl.EVP_PKEY_PTR ++} + -+import ( -+ "github.com/microsoft/go-crypto-darwin/internal/xsyscall" -+) ++func (k *PublicKeyDSA) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} + -+//go:nosplit -+func syscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { -+ return xsyscall.SyscallN(errType, fn, args...) ++func (k *PublicKeyDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.c b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.c -new file mode 100644 -index 00000000000000..a74278d02fd6ef ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.c -@@ -0,0 +1,127 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. + -+// Code generated by mkcgo. DO NOT EDIT. ++// GenerateParametersDSA generates a set of DSA parameters. ++func GenerateParametersDSA(l, n int) (DSAParameters, error) { ++ // The DSA parameters are generated by creating a new DSA key and ++ // extracting the domain parameters from it. + -+#include -+#include -+#include -+#include -+#include "zsecurity.h" ++ // Generate a new DSA key context and set the known parameters. ++ ctx, err := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_DSA, nil) ++ if err != nil { ++ return DSAParameters{}, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if _, err := ossl.EVP_PKEY_paramgen_init(ctx); err != nil { ++ return DSAParameters{}, err ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_DSA, -1, ossl.EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, int32(l), nil); err != nil { ++ return DSAParameters{}, err ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_DSA, -1, ossl.EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, int32(n), nil); err != nil { ++ return DSAParameters{}, err ++ } ++ var pkey ossl.EVP_PKEY_PTR ++ if _, err := ossl.EVP_PKEY_paramgen(ctx, &pkey); err != nil { ++ return DSAParameters{}, err ++ } ++ defer ossl.EVP_PKEY_free(pkey) + -+CFDataRef CFDataCreate(CFAllocatorRef, const uint8_t*, CFIndex); -+const uint8_t* CFDataGetBytePtr(CFDataRef); -+CFIndex CFDataGetLength(CFDataRef); -+CFDictionaryRef CFDictionaryCreate(CFAllocatorRef, const void**, const void**, CFIndex, const CFDictionaryKeyCallBacks*, const CFDictionaryValueCallBacks*); -+CFMutableDictionaryRef CFDictionaryCreateMutable(CFAllocatorRef, CFIndex, const CFDictionaryKeyCallBacks*, const CFDictionaryValueCallBacks*); -+void CFDictionarySetValue(CFMutableDictionaryRef, const void*, const void*); -+CFStringRef CFErrorCopyDescription(CFErrorRef); -+CFIndex CFErrorGetCode(CFErrorRef); -+CFNumberRef CFNumberCreate(CFAllocatorRef, CFNumberType, const void*); -+void CFRelease(CFTypeRef); -+const char* CFStringGetCStringPtr(CFStringRef, CFStringEncoding); -+CFIndex CFStringGetLength(CFStringRef); -+CFDataRef SecKeyCopyExternalRepresentation(SecKeyRef, CFErrorRef*); -+SecKeyRef SecKeyCopyPublicKey(SecKeyRef); -+CFDataRef SecKeyCreateDecryptedData(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFErrorRef*); -+CFDataRef SecKeyCreateEncryptedData(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFErrorRef*); -+SecKeyRef SecKeyCreateRandomKey(CFDictionaryRef, CFErrorRef*); -+CFDataRef SecKeyCreateSignature(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFErrorRef*); -+SecKeyRef SecKeyCreateWithData(CFDataRef, CFDictionaryRef, CFErrorRef*); -+size_t SecKeyGetBlockSize(SecKeyRef); -+Boolean SecKeyIsAlgorithmSupported(SecKeyRef, SecKeyOperationType, SecKeyAlgorithm); -+Boolean SecKeyVerifySignature(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFDataRef, CFErrorRef*); -+int SecRandomCopyBytes(SecRandomRef, size_t, unsigned char*); ++ // Extract the domain parameters from the generated key. ++ var p, q, g ossl.BIGNUM_PTR ++ switch major() { ++ case 1: ++ dsa := getDSA(pkey) ++ ossl.DSA_get0_pqg(dsa, &p, &q, &g) ++ case 3, 4: ++ defer func() { ++ ossl.BN_free(p) ++ ossl.BN_free(q) ++ ossl.BN_free(g) ++ }() ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_P.ptr(), &p); err != nil { ++ return DSAParameters{}, err ++ } ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_Q.ptr(), &q); err != nil { ++ return DSAParameters{}, err ++ } ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_G.ptr(), &g); err != nil { ++ return DSAParameters{}, err ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } + -+CFDataRef _mkcgo_CFDataCreate(CFAllocatorRef _arg0, const uint8_t* _arg1, CFIndex _arg2) { -+ return CFDataCreate(_arg0, _arg1, _arg2); ++ return DSAParameters{ ++ P: bnToBig(p), ++ Q: bnToBig(q), ++ G: bnToBig(g), ++ }, nil +} + -+const uint8_t* _mkcgo_CFDataGetBytePtr(CFDataRef _arg0) { -+ return CFDataGetBytePtr(_arg0); ++// NewPrivateKeyDSA creates a new DSA private key from the given parameters. ++func NewPrivateKeyDSA(params DSAParameters, x, y BigInt) (*PrivateKeyDSA, error) { ++ if x == nil || y == nil { ++ panic("x and y must not be nil") ++ } ++ pkey, err := newDSA(params, x, y) ++ if err != nil { ++ return nil, err ++ } ++ k := &PrivateKeyDSA{params, x, y, pkey} ++ runtime.SetFinalizer(k, (*PrivateKeyDSA).finalize) ++ return k, nil +} + -+CFIndex _mkcgo_CFDataGetLength(CFDataRef _arg0) { -+ return CFDataGetLength(_arg0); ++// NewPublicKeyDSA creates a new DSA public key from the given parameters. ++func NewPublicKeyDSA(params DSAParameters, y BigInt) (*PublicKeyDSA, error) { ++ if y == nil { ++ panic("y must not be nil") ++ } ++ pkey, err := newDSA(params, nil, y) ++ if err != nil { ++ return nil, err ++ } ++ k := &PublicKeyDSA{params, y, pkey} ++ runtime.SetFinalizer(k, (*PublicKeyDSA).finalize) ++ return k, nil +} + -+CFDictionaryRef _mkcgo_CFDictionaryCreate(CFAllocatorRef _arg0, const void** _arg1, const void** _arg2, CFIndex _arg3, const CFDictionaryKeyCallBacks* _arg4, const CFDictionaryValueCallBacks* _arg5) { -+ return CFDictionaryCreate(_arg0, _arg1, _arg2, _arg3, _arg4, _arg5); ++// GenerateKeyDSA generates a new private DSA key using the given parameters. ++func GenerateKeyDSA(params DSAParameters) (x, y BigInt, err error) { ++ pkey, err := newDSA(params, nil, nil) ++ if err != nil { ++ return nil, nil, err ++ } ++ defer ossl.EVP_PKEY_free(pkey) ++ var bx, by ossl.BIGNUM_PTR ++ switch major() { ++ case 1: ++ dsa := getDSA(pkey) ++ ossl.DSA_get0_key(dsa, &by, &bx) ++ case 3, 4: ++ defer func() { ++ ossl.BN_clear_free(bx) ++ ossl.BN_free(by) ++ }() ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PUB_KEY.ptr(), &by); err != nil { ++ return nil, nil, err ++ } ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &bx); err != nil { ++ return nil, nil, err ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ return bnToBig(bx), bnToBig(by), nil +} + -+CFMutableDictionaryRef _mkcgo_CFDictionaryCreateMutable(CFAllocatorRef _arg0, CFIndex _arg1, const CFDictionaryKeyCallBacks* _arg2, const CFDictionaryValueCallBacks* _arg3) { -+ return CFDictionaryCreateMutable(_arg0, _arg1, _arg2, _arg3); ++// SignDSA signs a hash (which should be the result of hashing a larger message). ++func SignDSA(priv *PrivateKeyDSA, hash []byte) ([]byte, error) { ++ return evpSign(priv.withKey, 0, 0, 0, hash) +} + -+void _mkcgo_CFDictionarySetValue(CFMutableDictionaryRef _arg0, const void* _arg1, const void* _arg2) { -+ CFDictionarySetValue(_arg0, _arg1, _arg2); ++// VerifyDSA verifiessig using the public key, pub. ++func VerifyDSA(pub *PublicKeyDSA, hash []byte, sig []byte) bool { ++ return evpVerify(pub.withKey, 0, 0, 0, sig, hash) == nil +} + -+CFStringRef _mkcgo_CFErrorCopyDescription(CFErrorRef _arg0) { -+ return CFErrorCopyDescription(_arg0); ++func newDSA(params DSAParameters, x, y BigInt) (ossl.EVP_PKEY_PTR, error) { ++ switch major() { ++ case 1: ++ return newDSA1(params, x, y) ++ case 3, 4: ++ return newDSA3(params, x, y) ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} ++ ++func newDSA1(params DSAParameters, x, y BigInt) (pkey ossl.EVP_PKEY_PTR, err error) { ++ checkMajorVersion(1) ++ ++ dsa, err := ossl.DSA_new() ++ if err != nil { ++ return nil, err ++ } ++ defer func() { ++ if pkey == nil { ++ ossl.DSA_free(dsa) ++ } ++ }() ++ // No need to check for errors here, DSA_set0_* functions will fail ++ // if the BNs are NULL and we will free non-NULL BNs in the error handling. ++ p, _ := bigToBN(params.P) ++ q, _ := bigToBN(params.Q) ++ g, _ := bigToBN(params.G) ++ if _, err := ossl.DSA_set0_pqg(dsa, p, q, g); err != nil { ++ ossl.BN_free(p) ++ ossl.BN_free(q) ++ ossl.BN_free(g) ++ return nil, err ++ } ++ if y != nil { ++ pub, _ := bigToBN(y) ++ priv, _ := bigToBN(x) ++ if _, err := ossl.DSA_set0_key(dsa, pub, priv); err != nil { ++ ossl.BN_free(pub) ++ ossl.BN_clear_free(priv) ++ return nil, err ++ } ++ } else { ++ if _, err := ossl.DSA_generate_key(dsa); err != nil { ++ return nil, err ++ } ++ } ++ pkey, err = ossl.EVP_PKEY_new() ++ if err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_DSA, unsafe.Pointer(dsa)); err != nil { ++ ossl.EVP_PKEY_free(pkey) ++ return nil, err ++ } ++ return pkey, nil +} + -+CFIndex _mkcgo_CFErrorGetCode(CFErrorRef _arg0) { -+ return CFErrorGetCode(_arg0); -+} ++func newDSA3(params DSAParameters, x, y BigInt) (ossl.EVP_PKEY_PTR, error) { ++ checkMajorVersion(3, 4) + -+CFNumberRef _mkcgo_CFNumberCreate(CFAllocatorRef _arg0, CFNumberType _arg1, const void* _arg2) { -+ return CFNumberCreate(_arg0, _arg1, _arg2); -+} ++ bld := newParamBuilder() ++ defer bld.finalize() + -+void _mkcgo_CFRelease(CFTypeRef _arg0) { -+ CFRelease(_arg0); ++ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_P, params.P, false) ++ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_Q, params.Q, false) ++ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_G, params.G, false) ++ selection := int32(ossl.EVP_PKEY_KEYPAIR) ++ if y != nil { ++ bld.addBigInt(_OSSL_PKEY_PARAM_PUB_KEY, y, false) ++ if x == nil { ++ selection = ossl.EVP_PKEY_PUBLIC_KEY ++ } ++ } ++ if x != nil { ++ bld.addBigInt(_OSSL_PKEY_PARAM_PRIV_KEY, x, true) ++ } ++ bldparams, err := bld.build() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.OSSL_PARAM_free(bldparams) ++ pkey, err := newEvpFromParams(ossl.EVP_PKEY_DSA, selection, bldparams) ++ if err != nil { ++ return nil, err ++ } ++ if y != nil { ++ return pkey, nil ++ } ++ // pkey doesn't contain the public component, but the crypto/dsa package ++ // expects it to be always there. Generate a new key using pkey as domain ++ // parameters placeholder. ++ defer ossl.EVP_PKEY_free(pkey) ++ ctx, err := ossl.EVP_PKEY_CTX_new_from_pkey(nil, pkey, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if _, err := ossl.EVP_PKEY_keygen_init(ctx); err != nil { ++ return nil, err ++ } ++ var gkey ossl.EVP_PKEY_PTR ++ if _, err := ossl.EVP_PKEY_keygen(ctx, &gkey); err != nil { ++ return nil, err ++ } ++ return gkey, nil +} + -+const char* _mkcgo_CFStringGetCStringPtr(CFStringRef _arg0, CFStringEncoding _arg1) { -+ return CFStringGetCStringPtr(_arg0, _arg1); ++// getDSA returns the DSA from pkey. ++// If pkey does not contain an DSA it panics. ++// The returned key should not be freed. ++func getDSA(pkey ossl.EVP_PKEY_PTR) ossl.DSA_PTR { ++ key, err := ossl.EVP_PKEY_get0_DSA(pkey) ++ if err != nil { ++ panic(err) ++ } ++ return key +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ec.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ec.go +new file mode 100644 +index 00000000000000..d871a04b37942b +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ec.go +@@ -0,0 +1,132 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+CFIndex _mkcgo_CFStringGetLength(CFStringRef _arg0) { -+ return CFStringGetLength(_arg0); -+} ++package openssl + -+CFDataRef _mkcgo_SecKeyCopyExternalRepresentation(SecKeyRef _arg0, CFErrorRef* _arg1) { -+ return SecKeyCopyExternalRepresentation(_arg0, _arg1); -+} ++import ( ++ "errors" ++ "strconv" ++ "sync" + -+SecKeyRef _mkcgo_SecKeyCopyPublicKey(SecKeyRef _arg0) { -+ return SecKeyCopyPublicKey(_arg0); -+} ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+CFDataRef _mkcgo_SecKeyCreateDecryptedData(SecKeyRef _arg0, SecKeyAlgorithm _arg1, CFDataRef _arg2, CFErrorRef* _arg3) { -+ return SecKeyCreateDecryptedData(_arg0, _arg1, _arg2, _arg3); ++func SupportsCurve(curve string) bool { ++ switch curve { ++ case "P-224", "P-256", "P-384", "P-521": ++ return true ++ case "X25519": ++ return supportsX25519() ++ default: ++ return false ++ } +} + -+CFDataRef _mkcgo_SecKeyCreateEncryptedData(SecKeyRef _arg0, SecKeyAlgorithm _arg1, CFDataRef _arg2, CFErrorRef* _arg3) { -+ return SecKeyCreateEncryptedData(_arg0, _arg1, _arg2, _arg3); -+} ++var supportsX25519 = sync.OnceValue(func() bool { ++ ctx, _ := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_X25519, nil) ++ if ctx != nil { ++ ossl.EVP_PKEY_CTX_free(ctx) ++ return true ++ } ++ return false ++}) + -+SecKeyRef _mkcgo_SecKeyCreateRandomKey(CFDictionaryRef _arg0, CFErrorRef* _arg1) { -+ return SecKeyCreateRandomKey(_arg0, _arg1); ++func curveID(curve string) int32 { ++ switch curve { ++ case "P-224": ++ return ossl.EVP_PKEY_EC ++ case "P-256": ++ return ossl.EVP_PKEY_EC ++ case "P-384": ++ return ossl.EVP_PKEY_EC ++ case "P-521": ++ return ossl.EVP_PKEY_EC ++ case "X25519": ++ return ossl.EVP_PKEY_X25519 ++ default: ++ panic("openssl: unknown curve " + curve) ++ } +} + -+CFDataRef _mkcgo_SecKeyCreateSignature(SecKeyRef _arg0, SecKeyAlgorithm _arg1, CFDataRef _arg2, CFErrorRef* _arg3) { -+ return SecKeyCreateSignature(_arg0, _arg1, _arg2, _arg3); ++func curveNID(curve string) int32 { ++ switch curve { ++ case "P-224": ++ return ossl.NID_secp224r1 ++ case "P-256": ++ return ossl.NID_X9_62_prime256v1 ++ case "P-384": ++ return ossl.NID_secp384r1 ++ case "P-521": ++ return ossl.NID_secp521r1 ++ default: ++ panic("openssl: unknown curve " + curve) ++ } +} + -+SecKeyRef _mkcgo_SecKeyCreateWithData(CFDataRef _arg0, CFDictionaryRef _arg1, CFErrorRef* _arg2) { -+ return SecKeyCreateWithData(_arg0, _arg1, _arg2); ++// curveSize returns the size of the curve in bytes. ++func curveSize(curve string) int { ++ switch curve { ++ case "P-224": ++ return 224 / 8 ++ case "P-256": ++ return 256 / 8 ++ case "P-384": ++ return 384 / 8 ++ case "P-521": ++ return (521 + 7) / 8 ++ default: ++ panic("openssl: unknown curve " + curve) ++ } +} + -+size_t _mkcgo_SecKeyGetBlockSize(SecKeyRef _arg0) { -+ return SecKeyGetBlockSize(_arg0); ++// encodeEcPoint encodes pt. ++func encodeEcPoint(group ossl.EC_GROUP_PTR, pt ossl.EC_POINT_PTR) ([]byte, error) { ++ // Get encoded point size. ++ n, err := ossl.EC_POINT_point2oct(group, pt, ossl.POINT_CONVERSION_UNCOMPRESSED, nil, nil) ++ if err != nil { ++ return nil, err ++ } ++ // Encode point into bytes. ++ bytes := make([]byte, n) ++ if _, err = ossl.EC_POINT_point2oct(group, pt, ossl.POINT_CONVERSION_UNCOMPRESSED, bytes, nil); err != nil { ++ return nil, err ++ } ++ return bytes, nil +} + -+Boolean _mkcgo_SecKeyIsAlgorithmSupported(SecKeyRef _arg0, SecKeyOperationType _arg1, SecKeyAlgorithm _arg2) { -+ return SecKeyIsAlgorithmSupported(_arg0, _arg1, _arg2); ++// generateAndEncodeEcPublicKey calls newPubKeyPointFn to generate a public key point and then encodes it. ++func generateAndEncodeEcPublicKey(nid int32, newPubKeyPointFn func(group ossl.EC_GROUP_PTR) (ossl.EC_POINT_PTR, error)) ([]byte, error) { ++ group, err := ossl.EC_GROUP_new_by_curve_name(nid) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EC_GROUP_free(group) ++ pt, err := newPubKeyPointFn(group) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EC_POINT_free(pt) ++ return encodeEcPoint(group, pt) +} + -+Boolean _mkcgo_SecKeyVerifySignature(SecKeyRef _arg0, SecKeyAlgorithm _arg1, CFDataRef _arg2, CFDataRef _arg3, CFErrorRef* _arg4) { -+ return SecKeyVerifySignature(_arg0, _arg1, _arg2, _arg3, _arg4); ++func extractPKEYRawPublic(pkey ossl.EVP_PKEY_PTR, pub []byte) error { ++ keylen := len(pub) ++ if _, err := ossl.EVP_PKEY_get_raw_public_key(pkey, pub, &keylen); err != nil { ++ return err ++ } ++ if keylen != len(pub) { ++ return errors.New("bad public key length: " + strconv.Itoa(keylen)) ++ } ++ return nil +} + -+int _mkcgo_SecRandomCopyBytes(SecRandomRef _arg0, size_t _arg1, unsigned char* _arg2) { -+ return SecRandomCopyBytes(_arg0, _arg1, _arg2); ++func extractPKEYRawPrivate(pkey ossl.EVP_PKEY_PTR, pub []byte) error { ++ keylen := len(pub) ++ if _, err := ossl.EVP_PKEY_get_raw_private_key(pkey, pub, &keylen); err != nil { ++ return err ++ } ++ if keylen != len(pub) { ++ return errors.New("bad private key length: " + strconv.Itoa(keylen)) ++ } ++ return nil +} -+ -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdh.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdh.go new file mode 100644 -index 00000000000000..41aa0341b8a2b2 +index 00000000000000..7289538d753dc8 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.go -@@ -0,0 +1,21 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdh.go +@@ -0,0 +1,341 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+// Code generated by mkcgo. DO NOT EDIT. -+ -+package security -+ -+const ( -+ KSecKeyOperationTypeSign SecKeyOperationType = 0 -+ KSecKeyOperationTypeVerify SecKeyOperationType = 1 -+ KSecKeyOperationTypeEncrypt SecKeyOperationType = 2 -+ KSecKeyOperationTypeDecrypt SecKeyOperationType = 3 -+) ++package openssl + -+const ( -+ KCFStringEncodingUTF8 CFStringEncoding = 0x08000100 -+) ++import ( ++ "errors" ++ "runtime" ++ "slices" ++ "unsafe" + -+const ( -+ KCFNumberLongType CFNumberType = 10 ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.h -new file mode 100644 -index 00000000000000..8a2524b3cd0fe6 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.h -@@ -0,0 +1,98 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+#ifndef MKCGO_H // only include this header once -+#define MKCGO_H -+ -+#include -+#include -+#include -+ -+typedef unsigned char Boolean; -+typedef void* SecRandomRef; -+typedef void* SecKeyRef; -+typedef void* CFDataRef; -+typedef void* CFTypeRef; -+typedef void* CFStringRef; -+typedef void* CFDictionaryRef; -+typedef void* CFMutableDictionaryRef; -+typedef void* CFNumberRef; -+typedef void* CFErrorRef; -+typedef void* CFAllocatorRef; -+typedef void* CFDictionaryKeyCallBacks; -+typedef void* CFDictionaryValueCallBacks; -+typedef long CFIndex; -+typedef CFStringRef SecKeyAlgorithm; -+ -+extern const CFAllocatorRef kCFAllocatorDefault; -+extern const SecRandomRef kSecRandomDefault; -+extern const CFStringRef kSecAttrKeyTypeRSA; -+extern const CFStringRef kSecAttrKeyClassPublic; -+extern const CFStringRef kSecAttrKeyClassPrivate; -+extern const CFStringRef kSecAttrKeyType; -+extern const CFStringRef kSecAttrKeySizeInBits; -+extern const CFStringRef kSecAttrKeyClass; -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA1; -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA224; -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA256; -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA384; -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPSSSHA512; -+extern const CFStringRef kSecKeyAlgorithmRSAEncryptionRaw; -+extern const CFStringRef kSecKeyAlgorithmRSAEncryptionPKCS1; -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1; -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224; -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256; -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384; -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512; -+extern const CFStringRef kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw; -+extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA1; -+extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA224; -+extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA256; -+extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA384; -+extern const CFStringRef kSecKeyAlgorithmRSAEncryptionOAEPSHA512; -+extern const CFStringRef kSecKeyAlgorithmECDSASignatureDigestX962; -+ -+typedef enum { -+ kSecKeyOperationTypeSign = 0, -+ kSecKeyOperationTypeVerify = 1, -+ kSecKeyOperationTypeEncrypt = 2, -+ kSecKeyOperationTypeDecrypt = 3, -+} SecKeyOperationType; -+ -+typedef enum { -+ kCFStringEncodingUTF8 = 0x08000100, -+} CFStringEncoding; -+ -+typedef enum { -+ kCFNumberLongType = 10, -+} CFNumberType; -+ -+uintptr_t mkcgo_err_retrieve(); -+ -+CFDataRef _mkcgo_CFDataCreate(CFAllocatorRef, const uint8_t*, CFIndex); -+const uint8_t* _mkcgo_CFDataGetBytePtr(CFDataRef); -+CFIndex _mkcgo_CFDataGetLength(CFDataRef); -+CFDictionaryRef _mkcgo_CFDictionaryCreate(CFAllocatorRef, const void**, const void**, CFIndex, const CFDictionaryKeyCallBacks*, const CFDictionaryValueCallBacks*); -+CFMutableDictionaryRef _mkcgo_CFDictionaryCreateMutable(CFAllocatorRef, CFIndex, const CFDictionaryKeyCallBacks*, const CFDictionaryValueCallBacks*); -+void _mkcgo_CFDictionarySetValue(CFMutableDictionaryRef, const void*, const void*); -+CFStringRef _mkcgo_CFErrorCopyDescription(CFErrorRef); -+CFIndex _mkcgo_CFErrorGetCode(CFErrorRef); -+CFNumberRef _mkcgo_CFNumberCreate(CFAllocatorRef, CFNumberType, const void*); -+void _mkcgo_CFRelease(CFTypeRef); -+const char* _mkcgo_CFStringGetCStringPtr(CFStringRef, CFStringEncoding); -+CFIndex _mkcgo_CFStringGetLength(CFStringRef); -+CFDataRef _mkcgo_SecKeyCopyExternalRepresentation(SecKeyRef, CFErrorRef*); -+SecKeyRef _mkcgo_SecKeyCopyPublicKey(SecKeyRef); -+CFDataRef _mkcgo_SecKeyCreateDecryptedData(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFErrorRef*); -+CFDataRef _mkcgo_SecKeyCreateEncryptedData(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFErrorRef*); -+SecKeyRef _mkcgo_SecKeyCreateRandomKey(CFDictionaryRef, CFErrorRef*); -+CFDataRef _mkcgo_SecKeyCreateSignature(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFErrorRef*); -+SecKeyRef _mkcgo_SecKeyCreateWithData(CFDataRef, CFDictionaryRef, CFErrorRef*); -+size_t _mkcgo_SecKeyGetBlockSize(SecKeyRef); -+Boolean _mkcgo_SecKeyIsAlgorithmSupported(SecKeyRef, SecKeyOperationType, SecKeyAlgorithm); -+Boolean _mkcgo_SecKeyVerifySignature(SecKeyRef, SecKeyAlgorithm, CFDataRef, CFDataRef, CFErrorRef*); -+int _mkcgo_SecRandomCopyBytes(SecRandomRef, size_t, unsigned char*); -+ -+#endif // MKCGO_H -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.s -new file mode 100644 -index 00000000000000..5b021a6afed14b ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity.s -@@ -0,0 +1,172 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+//go:build !cgo -+ -+#include "textflag.h" -+ -+#ifndef GOARCH_amd64 -+#ifndef GOARCH_arm64 -+#ifndef GOARCH_riscv64 -+#ifndef GOARCH_loong64 -+#ifndef GOARCH_mips64 -+#ifndef GOARCH_mips64le -+#ifndef GOARCH_ppc64 -+#ifndef GOARCH_ppc64le -+#ifndef GOARCH_s390x -+#ifndef GOARCH_sparc64 -+#define _GOPTRSIZE 4 -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+#endif -+ -+#ifndef _GOPTRSIZE -+#define _GOPTRSIZE 8 -+#endif -+TEXT _mkcgo_CFDataCreate_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CFDataCreate(SB) -+ -+GLOBL ·_mkcgo_CFDataCreate_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CFDataCreate_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFDataCreate_trampoline<>(SB) + -+TEXT _mkcgo_CFDataGetBytePtr_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CFDataGetBytePtr(SB) -+ -+GLOBL ·_mkcgo_CFDataGetBytePtr_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CFDataGetBytePtr_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFDataGetBytePtr_trampoline<>(SB) -+ -+TEXT _mkcgo_CFDataGetLength_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CFDataGetLength(SB) -+ -+GLOBL ·_mkcgo_CFDataGetLength_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CFDataGetLength_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFDataGetLength_trampoline<>(SB) -+ -+TEXT _mkcgo_CFDictionaryCreate_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CFDictionaryCreate(SB) -+ -+GLOBL ·_mkcgo_CFDictionaryCreate_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CFDictionaryCreate_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFDictionaryCreate_trampoline<>(SB) -+ -+TEXT _mkcgo_CFDictionaryCreateMutable_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CFDictionaryCreateMutable(SB) -+ -+GLOBL ·_mkcgo_CFDictionaryCreateMutable_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CFDictionaryCreateMutable_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFDictionaryCreateMutable_trampoline<>(SB) -+ -+TEXT _mkcgo_CFDictionarySetValue_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CFDictionarySetValue(SB) -+ -+GLOBL ·_mkcgo_CFDictionarySetValue_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CFDictionarySetValue_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFDictionarySetValue_trampoline<>(SB) -+ -+TEXT _mkcgo_CFErrorCopyDescription_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CFErrorCopyDescription(SB) ++const publicKeySizeX25519 = 32 ++const privateKeySizeX25519 = 32 + -+GLOBL ·_mkcgo_CFErrorCopyDescription_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CFErrorCopyDescription_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFErrorCopyDescription_trampoline<>(SB) ++type PublicKeyECDH struct { ++ _pkey ossl.EVP_PKEY_PTR ++ bytes []byte ++} + -+TEXT _mkcgo_CFErrorGetCode_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CFErrorGetCode(SB) ++func (k *PublicKeyECDH) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} + -+GLOBL ·_mkcgo_CFErrorGetCode_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CFErrorGetCode_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFErrorGetCode_trampoline<>(SB) ++type PrivateKeyECDH struct { ++ _pkey ossl.EVP_PKEY_PTR ++ curve string ++} + -+TEXT _mkcgo_CFNumberCreate_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CFNumberCreate(SB) ++func (k *PrivateKeyECDH) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} + -+GLOBL ·_mkcgo_CFNumberCreate_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CFNumberCreate_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFNumberCreate_trampoline<>(SB) ++func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) { ++ expectedLen := publicKeySizeX25519 ++ if curve != "X25519" { ++ expectedLen = 1 + 2*curveSize(curve) ++ } ++ if len(bytes) != expectedLen { ++ return nil, errors.New("NewPublicKeyECDH: wrong key length") ++ } + -+TEXT _mkcgo_CFRelease_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CFRelease(SB) ++ pkey, err := newECDHPkey(curve, bytes, false) ++ if err != nil { ++ return nil, err ++ } ++ k := &PublicKeyECDH{pkey, slices.Clone(bytes)} ++ runtime.SetFinalizer(k, (*PublicKeyECDH).finalize) ++ return k, nil ++} + -+GLOBL ·_mkcgo_CFRelease_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CFRelease_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFRelease_trampoline<>(SB) ++func (k *PublicKeyECDH) Bytes() []byte { return k.bytes } + -+TEXT _mkcgo_CFStringGetCStringPtr_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CFStringGetCStringPtr(SB) ++func NewPrivateKeyECDH(curve string, bytes []byte) (*PrivateKeyECDH, error) { ++ expectedLen := privateKeySizeX25519 ++ if curve != "X25519" { ++ expectedLen = curveSize(curve) ++ } ++ if len(bytes) != expectedLen { ++ return nil, errors.New("NewPrivateKeyECDH: wrong key length") ++ } ++ pkey, err := newECDHPkey(curve, bytes, true) ++ if err != nil { ++ return nil, err ++ } ++ k := &PrivateKeyECDH{pkey, curve} ++ runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize) ++ return k, nil ++} + -+GLOBL ·_mkcgo_CFStringGetCStringPtr_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CFStringGetCStringPtr_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFStringGetCStringPtr_trampoline<>(SB) ++func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { ++ defer runtime.KeepAlive(k) ++ var pkey ossl.EVP_PKEY_PTR ++ defer func() { ++ ossl.EVP_PKEY_free(pkey) ++ }() + -+TEXT _mkcgo_CFStringGetLength_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_CFStringGetLength(SB) ++ var bytes []byte ++ if k.curve == "X25519" { ++ pkey = k._pkey ++ if _, err := ossl.EVP_PKEY_up_ref(pkey); err != nil { ++ return nil, err ++ } ++ bytes = make([]byte, publicKeySizeX25519) ++ if err := extractPKEYRawPublic(pkey, bytes); err != nil { ++ return nil, err ++ } ++ } else { ++ switch major() { ++ case 1: ++ var err error ++ pkey, err = ossl.EVP_PKEY_new() ++ if err != nil { ++ return nil, err ++ } ++ key := getECKey(k._pkey) ++ if _, err := ossl.EVP_PKEY_set1_EC_KEY(pkey, key); err != nil { ++ return nil, err ++ } ++ pt := ossl.EC_KEY_get0_public_key(key) ++ if pt == nil { ++ return nil, fail("missing ECDH public key") ++ } ++ group := ossl.EC_KEY_get0_group(key) ++ if bytes, err = encodeEcPoint(group, pt); err != nil { ++ return nil, err ++ } ++ case 3, 4: ++ pkey = k._pkey ++ if _, err := ossl.EVP_PKEY_up_ref(pkey); err != nil { ++ return nil, err ++ } ++ var cbytes *byte ++ n, err := ossl.EVP_PKEY_get1_encoded_public_key(k._pkey, &cbytes) ++ if err != nil { ++ return nil, err ++ } ++ bytes = goBytes(unsafe.Pointer(cbytes), n) ++ cryptoFree(unsafe.Pointer(cbytes)) ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ } ++ pub := &PublicKeyECDH{pkey, bytes} ++ pkey = nil ++ runtime.SetFinalizer(pub, (*PublicKeyECDH).finalize) ++ return pub, nil ++} + -+GLOBL ·_mkcgo_CFStringGetLength_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_CFStringGetLength_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_CFStringGetLength_trampoline<>(SB) ++func newECDHPkey(curve string, bytes []byte, isPrivate bool) (ossl.EVP_PKEY_PTR, error) { ++ if curve == "X25519" { ++ if isPrivate { ++ return ossl.EVP_PKEY_new_raw_private_key(ossl.EVP_PKEY_X25519, nil, bytes) ++ } else { ++ return ossl.EVP_PKEY_new_raw_public_key(ossl.EVP_PKEY_X25519, nil, bytes) ++ } ++ } ++ nid := curveNID(curve) ++ switch major() { ++ case 1: ++ return newECDHPkey1(nid, bytes, isPrivate) ++ case 3, 4: ++ return newECDHPkey3(nid, bytes, isPrivate) ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} + -+TEXT _mkcgo_SecKeyCopyExternalRepresentation_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_SecKeyCopyExternalRepresentation(SB) ++func newECDHPkey1(nid int32, bytes []byte, isPrivate bool) (pkey ossl.EVP_PKEY_PTR, err error) { ++ checkMajorVersion(1) + -+GLOBL ·_mkcgo_SecKeyCopyExternalRepresentation_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_SecKeyCopyExternalRepresentation_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyCopyExternalRepresentation_trampoline<>(SB) ++ key, err := ossl.EC_KEY_new_by_curve_name(nid) ++ if err != nil { ++ return nil, err ++ } ++ defer func() { ++ if pkey == nil { ++ ossl.EC_KEY_free(key) ++ } ++ }() ++ group := ossl.EC_KEY_get0_group(key) ++ if isPrivate { ++ priv, err := ossl.BN_bin2bn(bytes, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.BN_clear_free(priv) ++ if _, err := ossl.EC_KEY_set_private_key(key, priv); err != nil { ++ return nil, err ++ } ++ pub, err := pointMult(group, priv) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EC_POINT_free(pub) ++ if _, err := ossl.EC_KEY_set_public_key(key, pub); err != nil { ++ return nil, err ++ } ++ } else { ++ pub, err := ossl.EC_POINT_new(group) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EC_POINT_free(pub) ++ if _, err := ossl.EC_POINT_oct2point(group, pub, bytes, nil); err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EC_KEY_set_public_key(key, pub); err != nil { ++ return nil, err ++ } ++ } ++ if _, err := ossl.EC_KEY_check_key(key); err != nil { ++ // Match upstream error message. ++ if isPrivate { ++ return nil, errors.New("crypto/ecdh: invalid private key") ++ } else { ++ return nil, errors.New("crypto/ecdh: invalid public key") ++ } ++ } ++ return newEVPPKEY(key) ++} + -+TEXT _mkcgo_SecKeyCopyPublicKey_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_SecKeyCopyPublicKey(SB) ++func newECDHPkey3(nid int32, bytes []byte, isPrivate bool) (ossl.EVP_PKEY_PTR, error) { ++ checkMajorVersion(3, 4) + -+GLOBL ·_mkcgo_SecKeyCopyPublicKey_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_SecKeyCopyPublicKey_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyCopyPublicKey_trampoline<>(SB) ++ bld := newParamBuilder() ++ defer bld.finalize() ++ bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, ossl.OBJ_nid2sn(nid), 0) ++ var selection int32 ++ if isPrivate { ++ priv, err := ossl.BN_bin2bn(bytes, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.BN_clear_free(priv) ++ pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group ossl.EC_GROUP_PTR) (ossl.EC_POINT_PTR, error) { ++ return pointMult(group, priv) ++ }) ++ if err != nil { ++ return nil, err ++ } ++ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubBytes) ++ bld.addBN(_OSSL_PKEY_PARAM_PRIV_KEY, priv) ++ selection = ossl.EVP_PKEY_KEYPAIR ++ } else { ++ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, bytes) ++ selection = ossl.EVP_PKEY_PUBLIC_KEY ++ } + -+TEXT _mkcgo_SecKeyCreateDecryptedData_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_SecKeyCreateDecryptedData(SB) ++ params, err := bld.build() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.OSSL_PARAM_free(params) ++ pkey, err := newEvpFromParams(ossl.EVP_PKEY_EC, selection, params) ++ if err != nil { ++ return nil, err ++ } + -+GLOBL ·_mkcgo_SecKeyCreateDecryptedData_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_SecKeyCreateDecryptedData_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyCreateDecryptedData_trampoline<>(SB) ++ if err := checkPkey(pkey, isPrivate); err != nil { ++ ossl.EVP_PKEY_free(pkey) ++ return nil, errors.New("crypto/ecdh: " + err.Error()) ++ } ++ return pkey, nil ++} + -+TEXT _mkcgo_SecKeyCreateEncryptedData_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_SecKeyCreateEncryptedData(SB) ++func pointMult(group ossl.EC_GROUP_PTR, priv ossl.BIGNUM_PTR) (ossl.EC_POINT_PTR, error) { ++ // OpenSSL does not expose any method to generate the public ++ // key from the private key [1], so we have to calculate it here. ++ // [1] https://github.com/openssl/openssl/issues/18437#issuecomment-1144717206 ++ pt, err := ossl.EC_POINT_new(group) ++ if err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EC_POINT_mul(group, pt, priv, nil, nil, nil); err != nil { ++ ossl.EC_POINT_free(pt) ++ return nil, err ++ } ++ return pt, nil ++} + -+GLOBL ·_mkcgo_SecKeyCreateEncryptedData_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_SecKeyCreateEncryptedData_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyCreateEncryptedData_trampoline<>(SB) ++func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) { ++ defer runtime.KeepAlive(priv) ++ defer runtime.KeepAlive(pub) ++ ctx, err := ossl.EVP_PKEY_CTX_new(priv._pkey, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if _, err := ossl.EVP_PKEY_derive_init(ctx); err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EVP_PKEY_derive_set_peer(ctx, pub._pkey); err != nil { ++ return nil, err ++ } ++ var keylen int ++ if _, err := ossl.EVP_PKEY_derive(ctx, nil, &keylen); err != nil { ++ return nil, err ++ } ++ out := make([]byte, keylen) ++ if _, err := ossl.EVP_PKEY_derive(ctx, out, &keylen); err != nil { ++ return nil, err ++ } ++ return out, nil ++} + -+TEXT _mkcgo_SecKeyCreateRandomKey_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_SecKeyCreateRandomKey(SB) ++func GenerateKeyECDH(curve string) (*PrivateKeyECDH, []byte, error) { ++ pkey, err := generateEVPPKey(curveID(curve), 0, curve) ++ if err != nil { ++ return nil, nil, err ++ } ++ var k *PrivateKeyECDH ++ defer func() { ++ if k == nil { ++ ossl.EVP_PKEY_free(pkey) ++ } ++ }() ++ var bytes []byte ++ if curve == "X25519" { ++ bytes = make([]byte, privateKeySizeX25519) ++ keylen := len(bytes) ++ if _, err := ossl.EVP_PKEY_get_raw_private_key(pkey, bytes, &keylen); err != nil { ++ return nil, nil, err ++ } ++ } else { ++ var priv ossl.BIGNUM_PTR ++ switch major() { ++ case 1: ++ key := getECKey(pkey) ++ priv = ossl.EC_KEY_get0_private_key(key) ++ if priv == nil { ++ return nil, nil, fail("missing ECDH private key") ++ } ++ case 3, 4: ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &priv); err != nil { ++ return nil, nil, err ++ } ++ defer ossl.BN_clear_free(priv) ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ // We should not leak bit length of the secret scalar in the key. ++ // For this reason, we use BN_bn2binpad instead of BN_bn2bin with fixed length. ++ // The fixed length is the order of the large prime subgroup of the curve, ++ // returned by EVP_PKEY_get_bits, which is generally the upper bound for ++ // generating a private ECDH key. ++ bits, err := ossl.EVP_PKEY_get_bits(pkey) ++ if err != nil { ++ return nil, nil, err ++ } ++ bytes = make([]byte, (bits+7)/8) ++ if err := bnToBinPad(priv, bytes); err != nil { ++ return nil, nil, err ++ } ++ } ++ k = &PrivateKeyECDH{pkey, curve} ++ runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize) ++ return k, bytes, nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdsa.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdsa.go +new file mode 100644 +index 00000000000000..d96c368fe1ca76 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdsa.go +@@ -0,0 +1,220 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+GLOBL ·_mkcgo_SecKeyCreateRandomKey_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_SecKeyCreateRandomKey_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyCreateRandomKey_trampoline<>(SB) ++package openssl + -+TEXT _mkcgo_SecKeyCreateSignature_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_SecKeyCreateSignature(SB) ++import ( ++ "crypto" ++ "runtime" + -+GLOBL ·_mkcgo_SecKeyCreateSignature_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_SecKeyCreateSignature_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyCreateSignature_trampoline<>(SB) ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+TEXT _mkcgo_SecKeyCreateWithData_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_SecKeyCreateWithData(SB) ++type PrivateKeyECDSA struct { ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey ossl.EVP_PKEY_PTR ++} + -+GLOBL ·_mkcgo_SecKeyCreateWithData_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_SecKeyCreateWithData_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyCreateWithData_trampoline<>(SB) ++func (k *PrivateKeyECDSA) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} + -+TEXT _mkcgo_SecKeyGetBlockSize_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_SecKeyGetBlockSize(SB) ++func (k *PrivateKeyECDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} + -+GLOBL ·_mkcgo_SecKeyGetBlockSize_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_SecKeyGetBlockSize_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyGetBlockSize_trampoline<>(SB) ++type PublicKeyECDSA struct { ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey ossl.EVP_PKEY_PTR ++} + -+TEXT _mkcgo_SecKeyIsAlgorithmSupported_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_SecKeyIsAlgorithmSupported(SB) ++func (k *PublicKeyECDSA) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) ++} + -+GLOBL ·_mkcgo_SecKeyIsAlgorithmSupported_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_SecKeyIsAlgorithmSupported_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyIsAlgorithmSupported_trampoline<>(SB) ++func (k *PublicKeyECDSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} + -+TEXT _mkcgo_SecKeyVerifySignature_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_SecKeyVerifySignature(SB) ++func NewPublicKeyECDSA(curve string, x, y BigInt) (*PublicKeyECDSA, error) { ++ pkey, err := newECDSAKey(curve, x, y, nil) ++ if err != nil { ++ return nil, err ++ } ++ k := &PublicKeyECDSA{_pkey: pkey} ++ runtime.SetFinalizer(k, (*PublicKeyECDSA).finalize) ++ return k, nil ++} + -+GLOBL ·_mkcgo_SecKeyVerifySignature_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_SecKeyVerifySignature_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecKeyVerifySignature_trampoline<>(SB) ++func NewPrivateKeyECDSA(curve string, x, y, d BigInt) (*PrivateKeyECDSA, error) { ++ pkey, err := newECDSAKey(curve, x, y, d) ++ if err != nil { ++ return nil, err ++ } ++ k := &PrivateKeyECDSA{_pkey: pkey} ++ runtime.SetFinalizer(k, (*PrivateKeyECDSA).finalize) ++ return k, nil ++} + -+TEXT _mkcgo_SecRandomCopyBytes_trampoline<>(SB), NOSPLIT, $0-0 -+ JMP _mkcgo_SecRandomCopyBytes(SB) ++func GenerateKeyECDSA(curve string) (x, y, d BigInt, err error) { ++ // Generate the private key. ++ pkey, err := generateEVPPKey(ossl.EVP_PKEY_EC, 0, curve) ++ if err != nil { ++ return nil, nil, nil, err ++ } ++ defer ossl.EVP_PKEY_free(pkey) + -+GLOBL ·_mkcgo_SecRandomCopyBytes_trampoline_addr(SB), RODATA, $_GOPTRSIZE -+DATA ·_mkcgo_SecRandomCopyBytes_trampoline_addr(SB)/_GOPTRSIZE, $_mkcgo_SecRandomCopyBytes_trampoline<>(SB) ++ var bx, by, bd ossl.BIGNUM_PTR ++ defer func() { ++ ossl.BN_free(bx) ++ ossl.BN_free(by) ++ }() ++ switch major() { ++ case 1: ++ // Retrieve the internal EC_KEY, which holds the X, Y, and D coordinates. ++ key := getECKey(pkey) ++ group := ossl.EC_KEY_get0_group(key) ++ pt := ossl.EC_KEY_get0_public_key(key) ++ // Allocate two big numbers to store the X and Y coordinates. ++ bx, err = ossl.BN_new() ++ if err != nil { ++ return nil, nil, nil, err ++ } ++ by, err = ossl.BN_new() ++ if err != nil { ++ return nil, nil, nil, err ++ } ++ // Get X and Y. ++ if _, err := ossl.EC_POINT_get_affine_coordinates_GFp(group, pt, bx, by, nil); err != nil { ++ return nil, nil, nil, err ++ } ++ // Get Z. We don't need to free it, get0 does not increase the reference count. ++ bd = ossl.EC_KEY_get0_private_key(key) ++ case 3, 4: ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_X.ptr(), &bx); err != nil { ++ return nil, nil, nil, err ++ } ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_Y.ptr(), &by); err != nil { ++ return nil, nil, nil, err ++ } ++ if _, err := ossl.EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY.ptr(), &bd); err != nil { ++ return nil, nil, nil, err ++ } ++ defer ossl.BN_clear_free(bd) ++ default: ++ panic(errUnsupportedVersion()) ++ } + -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_cgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_cgo.go -new file mode 100644 -index 00000000000000..c17b764ee90662 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_cgo.go -@@ -0,0 +1,388 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++ // Get D. ++ return bnToBig(bx), bnToBig(by), bnToBig(bd), nil ++} + -+// Code generated by mkcgo. DO NOT EDIT. ++func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) { ++ return evpSign(priv.withKey, 0, 0, 0, hash) ++} + -+package security ++func HashSignECDSA(priv *PrivateKeyECDSA, h crypto.Hash, msg []byte) ([]byte, error) { ++ return evpHashSign(priv.withKey, h, msg) ++} + -+/* -+#cgo CFLAGS: -Wno-attributes -+#cgo darwin LDFLAGS: -framework CoreFoundation -+#cgo darwin LDFLAGS: -framework Security ++func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool { ++ return evpVerify(pub.withKey, 0, 0, 0, sig, hash) == nil ++} + -+#include "zsecurity.h" -+#cgo noescape _mkcgo_CFDataCreate -+#cgo nocallback _mkcgo_CFDataCreate -+#cgo noescape _mkcgo_CFNumberCreate -+#cgo nocallback _mkcgo_CFNumberCreate -+#cgo noescape _mkcgo_SecKeyCopyExternalRepresentation -+#cgo nocallback _mkcgo_SecKeyCopyExternalRepresentation -+#cgo noescape _mkcgo_SecKeyCreateDecryptedData -+#cgo nocallback _mkcgo_SecKeyCreateDecryptedData -+#cgo noescape _mkcgo_SecKeyCreateEncryptedData -+#cgo nocallback _mkcgo_SecKeyCreateEncryptedData -+#cgo noescape _mkcgo_SecKeyCreateRandomKey -+#cgo nocallback _mkcgo_SecKeyCreateRandomKey -+#cgo noescape _mkcgo_SecKeyCreateSignature -+#cgo nocallback _mkcgo_SecKeyCreateSignature -+#cgo noescape _mkcgo_SecKeyCreateWithData -+#cgo nocallback _mkcgo_SecKeyCreateWithData -+#cgo noescape _mkcgo_SecKeyVerifySignature -+#cgo nocallback _mkcgo_SecKeyVerifySignature -+#cgo noescape _mkcgo_SecRandomCopyBytes -+#cgo nocallback _mkcgo_SecRandomCopyBytes -+*/ -+import "C" -+import "unsafe" ++func HashVerifyECDSA(pub *PublicKeyECDSA, h crypto.Hash, msg, sig []byte) bool { ++ return evpHashVerify(pub.withKey, h, msg, sig) == nil ++} + -+//go:cgo_import_dynamic _mkcgo_kCFAllocatorDefault kCFAllocatorDefault "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" -+//go:cgo_import_dynamic _mkcgo_kSecRandomDefault kSecRandomDefault "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecAttrKeyTypeRSA kSecAttrKeyTypeRSA "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecAttrKeyClassPublic kSecAttrKeyClassPublic "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecAttrKeyClassPrivate kSecAttrKeyClassPrivate "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecAttrKeyType kSecAttrKeyType "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecAttrKeySizeInBits kSecAttrKeySizeInBits "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecAttrKeyClass kSecAttrKeyClass "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 kSecKeyAlgorithmRSASignatureDigestPSSSHA1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 kSecKeyAlgorithmRSASignatureDigestPSSSHA224 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 kSecKeyAlgorithmRSASignatureDigestPSSSHA256 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 kSecKeyAlgorithmRSASignatureDigestPSSSHA384 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 kSecKeyAlgorithmRSASignatureDigestPSSSHA512 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw kSecKeyAlgorithmRSAEncryptionRaw "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 kSecKeyAlgorithmRSAEncryptionPKCS1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 kSecKeyAlgorithmRSAEncryptionOAEPSHA1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 kSecKeyAlgorithmRSAEncryptionOAEPSHA224 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 kSecKeyAlgorithmRSAEncryptionOAEPSHA256 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 kSecKeyAlgorithmRSAEncryptionOAEPSHA384 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 kSecKeyAlgorithmRSAEncryptionOAEPSHA512 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 kSecKeyAlgorithmECDSASignatureDigestX962 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++func newECDSAKey(curve string, x, y, d BigInt) (ossl.EVP_PKEY_PTR, error) { ++ nid := curveNID(curve) ++ bx, err := bigToBN(x) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.BN_free(bx) ++ by, err := bigToBN(y) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.BN_free(by) ++ var bd ossl.BIGNUM_PTR ++ if d != nil { ++ bd, err = bigToBN(d) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.BN_clear_free(bd) ++ } ++ switch major() { ++ case 1: ++ return newECDSAKey1(nid, bx, by, bd) ++ case 3, 4: ++ return newECDSAKey3(nid, bx, by, bd) ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} + -+//go:linkname _mkcgo_kCFAllocatorDefault _mkcgo_kCFAllocatorDefault -+//go:linkname _mkcgo_kSecRandomDefault _mkcgo_kSecRandomDefault -+//go:linkname _mkcgo_kSecAttrKeyTypeRSA _mkcgo_kSecAttrKeyTypeRSA -+//go:linkname _mkcgo_kSecAttrKeyClassPublic _mkcgo_kSecAttrKeyClassPublic -+//go:linkname _mkcgo_kSecAttrKeyClassPrivate _mkcgo_kSecAttrKeyClassPrivate -+//go:linkname _mkcgo_kSecAttrKeyType _mkcgo_kSecAttrKeyType -+//go:linkname _mkcgo_kSecAttrKeySizeInBits _mkcgo_kSecAttrKeySizeInBits -+//go:linkname _mkcgo_kSecAttrKeyClass _mkcgo_kSecAttrKeyClass -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw -+//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw -+//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 -+//go:linkname _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 ++func newECDSAKey1(nid int32, bx, by, bd ossl.BIGNUM_PTR) (pkey ossl.EVP_PKEY_PTR, err error) { ++ checkMajorVersion(1) + -+var ( -+ _mkcgo_kCFAllocatorDefault CFAllocatorRef -+ _mkcgo_kSecRandomDefault SecRandomRef -+ _mkcgo_kSecAttrKeyTypeRSA CFStringRef -+ _mkcgo_kSecAttrKeyClassPublic CFStringRef -+ _mkcgo_kSecAttrKeyClassPrivate CFStringRef -+ _mkcgo_kSecAttrKeyType CFStringRef -+ _mkcgo_kSecAttrKeySizeInBits CFStringRef -+ _mkcgo_kSecAttrKeyClass CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 CFStringRef -+ _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 CFStringRef -+) ++ key, err := ossl.EC_KEY_new_by_curve_name(nid) ++ if err != nil { ++ return nil, err ++ } ++ defer func() { ++ if pkey == nil { ++ defer ossl.EC_KEY_free(key) ++ } ++ }() ++ if _, err := ossl.EC_KEY_set_public_key_affine_coordinates(key, bx, by); err != nil { ++ return nil, err ++ } ++ if bd != nil { ++ if _, err := ossl.EC_KEY_set_private_key(key, bd); err != nil { ++ return nil, err ++ } ++ } + -+//go:noinline -+func _mkcgo_addr_kCFAllocatorDefault() *CFAllocatorRef { return &_mkcgo_kCFAllocatorDefault } ++ return newEVPPKEY(key) ++} + -+//go:noinline -+func _mkcgo_addr_kSecRandomDefault() *SecRandomRef { return &_mkcgo_kSecRandomDefault } ++func newECDSAKey3(nid int32, bx, by, bd ossl.BIGNUM_PTR) (ossl.EVP_PKEY_PTR, error) { ++ checkMajorVersion(3, 4) + -+//go:noinline -+func _mkcgo_addr_kSecAttrKeyTypeRSA() *CFStringRef { return &_mkcgo_kSecAttrKeyTypeRSA } ++ // Create the encoded public key public key from bx and by. ++ pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group ossl.EC_GROUP_PTR) (ossl.EC_POINT_PTR, error) { ++ pt, err := ossl.EC_POINT_new(group) ++ if err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EC_POINT_set_affine_coordinates(group, pt, bx, by, nil); err != nil { ++ ossl.EC_POINT_free(pt) ++ return nil, err ++ } ++ return pt, nil ++ }) ++ if err != nil { ++ return nil, err ++ } ++ // Construct the parameters. ++ bld := newParamBuilder() ++ defer bld.finalize() ++ bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, ossl.OBJ_nid2sn(nid), 0) ++ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubBytes) ++ var selection int32 ++ if bd != nil { ++ bld.addBN(_OSSL_PKEY_PARAM_PRIV_KEY, bd) ++ selection = ossl.EVP_PKEY_KEYPAIR ++ } else { ++ selection = ossl.EVP_PKEY_PUBLIC_KEY ++ } ++ params, err := bld.build() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.OSSL_PARAM_free(params) ++ return newEvpFromParams(ossl.EVP_PKEY_EC, selection, params) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ed25519.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ed25519.go +new file mode 100644 +index 00000000000000..205b01cd36b206 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ed25519.go +@@ -0,0 +1,209 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+//go:noinline -+func _mkcgo_addr_kSecAttrKeyClassPublic() *CFStringRef { return &_mkcgo_kSecAttrKeyClassPublic } ++package openssl + -+//go:noinline -+func _mkcgo_addr_kSecAttrKeyClassPrivate() *CFStringRef { return &_mkcgo_kSecAttrKeyClassPrivate } ++import ( ++ "errors" ++ "runtime" ++ "strconv" ++ "sync" + -+//go:noinline -+func _mkcgo_addr_kSecAttrKeyType() *CFStringRef { return &_mkcgo_kSecAttrKeyType } ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+//go:noinline -+func _mkcgo_addr_kSecAttrKeySizeInBits() *CFStringRef { return &_mkcgo_kSecAttrKeySizeInBits } ++const ( ++ // publicKeySizeEd25519 is the size, in bytes, of public keys as used in crypto/ed25519. ++ publicKeySizeEd25519 = 32 ++ // privateKeySizeEd25519 is the size, in bytes, of private keys as used in crypto/ed25519. ++ privateKeySizeEd25519 = 64 ++ // signatureSizeEd25519 is the size, in bytes, of signatures generated and verified by crypto/ed25519. ++ signatureSizeEd25519 = 64 ++ // seedSizeEd25519 is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032. ++ seedSizeEd25519 = 32 ++) + -+//go:noinline -+func _mkcgo_addr_kSecAttrKeyClass() *CFStringRef { return &_mkcgo_kSecAttrKeyClass } ++// TODO: Add support for Ed25519ph and Ed25519ctx when OpenSSL supports them, ++// which will probably be in 3.2.0 (https://github.com/openssl/openssl/issues/20418). + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA1() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 -+} ++var supportsEd25519 = sync.OnceValue(func() bool { ++ switch major() { ++ case 1: ++ ctx, _ := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_ED25519, nil) ++ if ctx != nil { ++ ossl.EVP_PKEY_CTX_free(ctx) ++ return true ++ } ++ case 3, 4: ++ sig, _ := ossl.EVP_SIGNATURE_fetch(nil, _KeyTypeED25519.ptr(), nil) ++ if sig != nil { ++ ossl.EVP_SIGNATURE_free(sig) ++ return true ++ } ++ } ++ return false ++}) + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA224() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 ++// SupportsEd25519 returns true if the current OpenSSL version supports ++// GenerateKeyEd25519, NewKeyFromSeedEd25519, SignEd25519 and VerifyEd25519. ++func SupportsEd25519() bool { ++ return supportsEd25519() +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA256() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 ++type PublicKeyEd25519 struct { ++ _pkey ossl.EVP_PKEY_PTR +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA384() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 ++func (k *PublicKeyEd25519) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA512() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 ++func (k *PublicKeyEd25519) Bytes() ([]byte, error) { ++ defer runtime.KeepAlive(k) ++ pub := make([]byte, publicKeySizeEd25519) ++ if err := extractPKEYRawPublic(k._pkey, pub); err != nil { ++ return nil, err ++ } ++ return pub, nil +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionRaw() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionRaw ++type PrivateKeyEd25519 struct { ++ _pkey ossl.EVP_PKEY_PTR +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionPKCS1() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 ++func (k *PrivateKeyEd25519) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 ++func (k *PrivateKeyEd25519) Bytes() ([]byte, error) { ++ defer runtime.KeepAlive(k) ++ priv := make([]byte, privateKeySizeEd25519) ++ if err := extractPKEYPrivEd25519(k._pkey, priv); err != nil { ++ return nil, err ++ } ++ return priv, nil +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 ++func (k *PrivateKeyEd25519) Public() (*PublicKeyEd25519, error) { ++ pub := make([]byte, publicKeySizeEd25519) ++ if err := extractPKEYRawPublic(k._pkey, pub); err != nil { ++ return nil, err ++ } ++ pubk, err := NewPublicKeyEd25519(pub) ++ if err != nil { ++ return nil, err ++ } ++ return pubk, nil +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 ++// GenerateKeyEd25519 generates a private key. ++func GenerateKeyEd25519() (*PrivateKeyEd25519, error) { ++ pkeyPriv, err := generateEVPPKey(ossl.EVP_PKEY_ED25519, 0, "") ++ if err != nil { ++ return nil, err ++ } ++ priv := &PrivateKeyEd25519{_pkey: pkeyPriv} ++ runtime.SetFinalizer(priv, (*PrivateKeyEd25519).finalize) ++ return priv, nil +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 ++// Deprecated: use NewPrivateKeyEd25519 instead. ++func NewPrivateKeyEd25119(priv []byte) (*PrivateKeyEd25519, error) { ++ return NewPrivateKeyEd25519(priv) +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 ++func NewPrivateKeyEd25519(priv []byte) (*PrivateKeyEd25519, error) { ++ if len(priv) != privateKeySizeEd25519 { ++ panic("ed25519: bad private key length: " + strconv.Itoa(len(priv))) ++ } ++ return NewPrivateKeyEd25519FromSeed(priv[:seedSizeEd25519]) +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw ++// Deprecated: use NewPublicKeyEd25519 instead. ++func NewPublicKeyEd25119(pub []byte) (*PublicKeyEd25519, error) { ++ return NewPublicKeyEd25519(pub) +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA1() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 ++func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { ++ if len(pub) != publicKeySizeEd25519 { ++ panic("ed25519: bad public key length: " + strconv.Itoa(len(pub))) ++ } ++ pkey, err := ossl.EVP_PKEY_new_raw_public_key(ossl.EVP_PKEY_ED25519, nil, pub) ++ if err != nil { ++ return nil, err ++ } ++ pubk := &PublicKeyEd25519{_pkey: pkey} ++ runtime.SetFinalizer(pubk, (*PublicKeyEd25519).finalize) ++ return pubk, nil +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA224() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 ++// NewPrivateKeyEd25519FromSeed calculates a private key from a seed. It will panic if ++// len(seed) is not [SeedSize]. RFC 8032's private keys correspond to seeds in this ++// package. ++func NewPrivateKeyEd25519FromSeed(seed []byte) (*PrivateKeyEd25519, error) { ++ if len(seed) != seedSizeEd25519 { ++ panic("ed25519: bad seed length: " + strconv.Itoa(len(seed))) ++ } ++ pkey, err := ossl.EVP_PKEY_new_raw_private_key(ossl.EVP_PKEY_ED25519, nil, seed) ++ if err != nil { ++ return nil, err ++ } ++ priv := &PrivateKeyEd25519{_pkey: pkey} ++ runtime.SetFinalizer(priv, (*PrivateKeyEd25519).finalize) ++ return priv, nil +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA256() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 ++func extractPKEYPrivEd25519(pkey ossl.EVP_PKEY_PTR, priv []byte) error { ++ if err := extractPKEYRawPublic(pkey, priv[seedSizeEd25519:]); err != nil { ++ return err ++ } ++ return extractPKEYRawPrivate(pkey, priv[:seedSizeEd25519]) +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA384() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 ++// SignEd25519 signs the message with priv and returns a signature. ++func SignEd25519(priv *PrivateKeyEd25519, message []byte) (sig []byte, err error) { ++ // Outline the function body so that the returned key can be stack-allocated. ++ sig = make([]byte, signatureSizeEd25519) ++ err = signEd25519(priv, sig, message) ++ if err != nil { ++ return nil, err ++ } ++ return sig, err +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA512() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 ++func signEd25519(priv *PrivateKeyEd25519, sig, message []byte) error { ++ defer runtime.KeepAlive(priv) ++ ctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_MD_CTX_free(ctx) ++ if _, err := ossl.EVP_DigestSignInit(ctx, nil, nil, nil, priv._pkey); err != nil { ++ return err ++ } ++ siglen := signatureSizeEd25519 ++ if _, err := ossl.EVP_DigestSign(ctx, sig, &siglen, message); err != nil { ++ return err ++ } ++ if siglen != signatureSizeEd25519 { ++ return errors.New("ed25519: bad signature length: " + strconv.Itoa(siglen)) ++ } ++ return nil +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmECDSASignatureDigestX962() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 ++// VerifyEd25519 reports whether sig is a valid signature of message by pub. ++func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error { ++ defer runtime.KeepAlive(pub) ++ ctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_MD_CTX_free(ctx) ++ if _, err := ossl.EVP_DigestVerifyInit(ctx, nil, nil, nil, pub._pkey); err != nil { ++ return err ++ } ++ if _, err := ossl.EVP_DigestVerify(ctx, sig, message); err != nil { ++ return errors.New("ed25519: invalid signature") ++ } ++ return nil +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/evp.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/evp.go +new file mode 100644 +index 00000000000000..65f4d2ddcbc6fb +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/evp.go +@@ -0,0 +1,615 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+var ( -+ KCFAllocatorDefault CFAllocatorRef = *_mkcgo_addr_kCFAllocatorDefault() -+ KSecRandomDefault SecRandomRef = *_mkcgo_addr_kSecRandomDefault() -+ KSecAttrKeyTypeRSA CFStringRef = *_mkcgo_addr_kSecAttrKeyTypeRSA() -+ KSecAttrKeyClassPublic CFStringRef = *_mkcgo_addr_kSecAttrKeyClassPublic() -+ KSecAttrKeyClassPrivate CFStringRef = *_mkcgo_addr_kSecAttrKeyClassPrivate() -+ KSecAttrKeyType CFStringRef = *_mkcgo_addr_kSecAttrKeyType() -+ KSecAttrKeySizeInBits CFStringRef = *_mkcgo_addr_kSecAttrKeySizeInBits() -+ KSecAttrKeyClass CFStringRef = *_mkcgo_addr_kSecAttrKeyClass() -+ KSecKeyAlgorithmRSASignatureDigestPSSSHA1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA1() -+ KSecKeyAlgorithmRSASignatureDigestPSSSHA224 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA224() -+ KSecKeyAlgorithmRSASignatureDigestPSSSHA256 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA256() -+ KSecKeyAlgorithmRSASignatureDigestPSSSHA384 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA384() -+ KSecKeyAlgorithmRSASignatureDigestPSSSHA512 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA512() -+ KSecKeyAlgorithmRSAEncryptionRaw CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionRaw() -+ KSecKeyAlgorithmRSAEncryptionPKCS1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionPKCS1() -+ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1() -+ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224() -+ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256() -+ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384() -+ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512() -+ KSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw() -+ KSecKeyAlgorithmRSAEncryptionOAEPSHA1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA1() -+ KSecKeyAlgorithmRSAEncryptionOAEPSHA224 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA224() -+ KSecKeyAlgorithmRSAEncryptionOAEPSHA256 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA256() -+ KSecKeyAlgorithmRSAEncryptionOAEPSHA384 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA384() -+ KSecKeyAlgorithmRSAEncryptionOAEPSHA512 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA512() -+ KSecKeyAlgorithmECDSASignatureDigestX962 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmECDSASignatureDigestX962() ++package openssl ++ ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ "strconv" ++ "sync" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+type Boolean = C.Boolean -+type CFAllocatorRef = C.CFAllocatorRef -+type CFDataRef = C.CFDataRef -+type CFDictionaryKeyCallBacks = C.CFDictionaryKeyCallBacks -+type CFDictionaryRef = C.CFDictionaryRef -+type CFDictionaryValueCallBacks = C.CFDictionaryValueCallBacks -+type CFErrorRef = C.CFErrorRef -+type CFIndex = C.CFIndex -+type CFMutableDictionaryRef = C.CFMutableDictionaryRef -+type CFNumberRef = C.CFNumberRef -+type CFNumberType = C.CFNumberType -+type CFStringEncoding = C.CFStringEncoding -+type CFStringRef = C.CFStringRef -+type CFTypeRef = C.CFTypeRef -+type SecKeyAlgorithm = C.SecKeyAlgorithm -+type SecKeyOperationType = C.SecKeyOperationType -+type SecKeyRef = C.SecKeyRef -+type SecRandomRef = C.SecRandomRef ++// cacheMD is a cache of crypto.Hash to GOossl.EVP_MD_PTR. ++var cacheMD sync.Map + -+//go:nosplit -+func mkcgoNoEscape(p *C.uintptr_t) *C.uintptr_t { -+ x := uintptr(unsafe.Pointer(p)) -+ return (*C.uintptr_t)(unsafe.Pointer(x ^ 0)) ++// hashFuncHash calls fn() and returns its result. ++// If fn() panics, the panic is recovered and returned as an error. ++// This is used to avoid aborting the program when calling ++// an unsupported hash function. It is the caller's responsibility ++// to check the returned value. ++func hashFuncHash(fn func() hash.Hash) (h hash.Hash, err error) { ++ defer func() { ++ r := recover() ++ if r == nil { ++ return ++ } ++ h = nil ++ switch e := r.(type) { ++ case error: ++ err = e ++ case string: ++ err = errors.New(e) ++ default: ++ err = errors.New("unsupported panic") ++ } ++ }() ++ return fn(), nil +} + -+func CFDataCreate(allocator CFAllocatorRef, bytes []uint8) CFDataRef { -+ return C._mkcgo_CFDataCreate(allocator, (*C.uint8_t)(unsafe.Pointer(unsafe.SliceData(bytes))), CFIndex(len(bytes))) ++// hashToMD converts a hash.Hash implementation from this package to a GOossl.EVP_MD_PTR. ++func hashToMD(h hash.Hash) ossl.EVP_MD_PTR { ++ if h, ok := h.(*Hash); ok { ++ return h.alg.md ++ } ++ return nil +} + -+func CFDataGetBytePtr(data CFDataRef) *uint8 { -+ return (*uint8)(unsafe.Pointer(C._mkcgo_CFDataGetBytePtr(data))) ++// hashToCryptoHash converts a hash.Hash implementation from this package to a crypto.Hash. ++func hashToCryptoHash(h hash.Hash) crypto.Hash { ++ if h, ok := h.(*Hash); ok { ++ return h.alg.ch ++ } ++ return 0 ++} ++ ++// hashFuncToMD converts a hash.Hash function to a GOossl.EVP_MD_PTR. ++// See [hashFuncHash] for details on error handling. ++func hashFuncToMD(fn func() hash.Hash) (ossl.EVP_MD_PTR, error) { ++ h, err := hashFuncHash(fn) ++ if err != nil { ++ return nil, err ++ } ++ md := hashToMD(h) ++ if md == nil { ++ return nil, errors.New("unsupported hash function") ++ } ++ return md, nil ++} ++ ++// provider is an identifier for a known provider. ++type provider uint8 ++ ++const ( ++ providerNone provider = iota ++ providerOSSLDefault ++ providerOSSLFIPS ++ providerSymCrypt ++) ++ ++type hashAlgorithm struct { ++ md ossl.EVP_MD_PTR ++ ch crypto.Hash ++ size int ++ blockSize int ++ provider provider ++ marshallable bool ++ magic string ++ marshalledSize int +} + -+func CFDataGetLength(data CFDataRef) CFIndex { -+ return C._mkcgo_CFDataGetLength(data) -+} ++// loadHash converts a crypto.Hash to a EVP_MD. ++func loadHash(ch crypto.Hash, must bool) (h *hashAlgorithm) { ++ defer func() { ++ if h == nil && must { ++ panic("openssl: unsupported hash function: " + strconv.Itoa(int(ch))) ++ } ++ }() ++ if v, ok := cacheMD.Load(ch); ok { ++ return v.(*hashAlgorithm) ++ } ++ ++ var hash hashAlgorithm ++ switch ch { ++ case crypto.RIPEMD160: ++ hash.md = ossl.EVP_ripemd160() ++ case crypto.MD4: ++ hash.md = ossl.EVP_md4() ++ case crypto.MD5: ++ hash.md = ossl.EVP_md5() ++ hash.magic = magicMD5 ++ hash.marshalledSize = marshaledSizeMD5 ++ case crypto.MD5SHA1: ++ hash.md = ossl.EVP_md5_sha1() ++ case crypto.SHA1: ++ hash.md = ossl.EVP_sha1() ++ hash.magic = magic1 ++ hash.marshalledSize = marshaledSize1 ++ case crypto.SHA224: ++ hash.md = ossl.EVP_sha224() ++ hash.magic = magic224 ++ hash.marshalledSize = marshaledSize256 ++ case crypto.SHA256: ++ hash.md = ossl.EVP_sha256() ++ hash.magic = magic256 ++ hash.marshalledSize = marshaledSize256 ++ case crypto.SHA384: ++ hash.md = ossl.EVP_sha384() ++ hash.magic = magic384 ++ hash.marshalledSize = marshaledSize512 ++ case crypto.SHA512: ++ hash.md = ossl.EVP_sha512() ++ hash.magic = magic512 ++ hash.marshalledSize = marshaledSize512 ++ case crypto.SHA512_224: ++ hash.md = ossl.EVP_sha512_224() ++ hash.magic = magic512_224 ++ hash.marshalledSize = marshaledSize512 ++ case crypto.SHA512_256: ++ hash.md = ossl.EVP_sha512_256() ++ hash.magic = magic512_256 ++ hash.marshalledSize = marshaledSize512 ++ case crypto.SHA3_224: ++ hash.md = ossl.EVP_sha3_224() ++ case crypto.SHA3_256: ++ hash.md = ossl.EVP_sha3_256() ++ case crypto.SHA3_384: ++ hash.md = ossl.EVP_sha3_384() ++ case crypto.SHA3_512: ++ hash.md = ossl.EVP_sha3_512() ++ } ++ if hash.md == nil { ++ cacheMD.Store(ch, (*hashAlgorithm)(nil)) ++ return nil ++ } ++ hash.ch = ch ++ hash.size = int(ossl.EVP_MD_get_size(hash.md)) ++ hash.blockSize = int(ossl.EVP_MD_get_block_size(hash.md)) ++ switch major() { ++ case 3, 4: ++ // On OpenSSL 3, directly operating on a EVP_MD object ++ // not created by EVP_MD_fetch has negative performance ++ // implications, as digest operations will have ++ // to fetch it on every call. Better to just fetch it once here. ++ md, _ := ossl.EVP_MD_fetch(nil, ossl.EVP_MD_get0_name(hash.md), nil) ++ // Don't overwrite md in case it can't be fetched, as the md may still be used ++ // outside of EVP_MD_CTX, for example to sign and verify RSA signatures. ++ if md != nil { ++ hash.md = md ++ } ++ } ++ if hash.magic != "" { ++ if hash.marshalledSize == 0 { ++ panic("marshalledSize must be set for " + hash.magic) ++ } ++ } ++ ++ switch major() { ++ case 1: ++ hash.provider = providerOSSLDefault ++ case 3, 4: ++ if prov := ossl.EVP_MD_get0_provider(hash.md); prov != nil { ++ cname := ossl.OSSL_PROVIDER_get0_name(prov) ++ switch goString(cname) { ++ case "default": ++ hash.provider = providerOSSLDefault ++ hash.marshallable = hash.magic != "" ++ case "fips": ++ hash.provider = providerOSSLFIPS ++ hash.marshallable = hash.magic != "" ++ case "symcryptprovider": ++ hash.provider = providerSymCrypt ++ hash.marshallable = hash.magic != "" && isSymCryptHashStateSerializable(hash.md) ++ } ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } + -+func CFDictionaryCreate(allocator CFAllocatorRef, keys *unsafe.Pointer, values *unsafe.Pointer, numValues CFIndex, keyCallBacks *CFDictionaryKeyCallBacks, valueCallBacks *CFDictionaryValueCallBacks) CFDictionaryRef { -+ return C._mkcgo_CFDictionaryCreate(allocator, keys, values, numValues, keyCallBacks, valueCallBacks) ++ cacheMD.Store(ch, &hash) ++ return &hash +} + -+func CFDictionaryCreateMutable(allocator CFAllocatorRef, capacity CFIndex, keyCallBacks *CFDictionaryKeyCallBacks, valueCallBacks *CFDictionaryValueCallBacks) CFMutableDictionaryRef { -+ return C._mkcgo_CFDictionaryCreateMutable(allocator, capacity, keyCallBacks, valueCallBacks) -+} ++// generateEVPPKey generates a new EVP_PKEY with the given id and properties. ++func generateEVPPKey(id, bits int32, curve string) (ossl.EVP_PKEY_PTR, error) { ++ if bits != 0 && curve != "" { ++ return nil, fail("incorrect generateEVPPKey parameters") ++ } ++ var pkey ossl.EVP_PKEY_PTR ++ switch major() { ++ case 1: ++ ctx, err := ossl.EVP_PKEY_CTX_new_id(id, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if _, err := ossl.EVP_PKEY_keygen_init(ctx); err != nil { ++ return nil, err ++ } ++ if bits != 0 { ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, id, -1, ossl.EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, nil); err != nil { ++ return nil, err ++ } ++ } ++ if id == ossl.EVP_PKEY_EC && curve != "" { ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, id, -1, ossl.EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, curveNID(curve), nil); err != nil { ++ return nil, err ++ } ++ } ++ if _, err := ossl.EVP_PKEY_keygen(ctx, &pkey); err != nil { ++ return nil, err ++ } ++ case 3, 4: ++ var err error ++ switch id { ++ case ossl.EVP_PKEY_RSA: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_RSA(nil, nil, _KeyTypeRSA.ptr(), int(bits)) ++ case ossl.EVP_PKEY_EC: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_EC(nil, nil, _KeyTypeEC.ptr(), ossl.OBJ_nid2sn(curveNID(curve))) ++ case ossl.EVP_PKEY_ED25519: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_ED25519(nil, nil, _KeyTypeED25519.ptr()) ++ case ossl.EVP_PKEY_X25519: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_X25519(nil, nil, _KeyTypeX25519.ptr()) ++ case ossl.EVP_PKEY_MLKEM_768: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_MLKEM(nil, nil, _KeyTypeMLKEM768.ptr()) ++ case ossl.EVP_PKEY_MLKEM_1024: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_MLKEM(nil, nil, _KeyTypeMLKEM1024.ptr()) ++ case ossl.EVP_PKEY_ML_DSA_44: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_MLDSA(nil, nil, _KeyTypeMLDSA44.ptr()) ++ case ossl.EVP_PKEY_ML_DSA_65: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_MLDSA(nil, nil, _KeyTypeMLDSA65.ptr()) ++ case ossl.EVP_PKEY_ML_DSA_87: ++ pkey, err = ossl.EVP_PKEY_Q_keygen_MLDSA(nil, nil, _KeyTypeMLDSA87.ptr()) ++ default: ++ panic("unsupported key type '" + strconv.Itoa(int(id)) + "'") ++ } ++ if err != nil { ++ return nil, err ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } + -+func CFDictionarySetValue(theDict CFMutableDictionaryRef, key unsafe.Pointer, value unsafe.Pointer) { -+ C._mkcgo_CFDictionarySetValue(theDict, key, value) ++ return pkey, nil +} + -+func CFErrorCopyDescription(__error CFErrorRef) CFStringRef { -+ return C._mkcgo_CFErrorCopyDescription(__error) -+} ++type withKeyFunc func(func(ossl.EVP_PKEY_PTR) error) error ++type initFunc func(ossl.EVP_PKEY_CTX_PTR) error ++type cryptFunc func(ossl.EVP_PKEY_CTX_PTR, []byte, *int, []byte) error ++type verifyFunc func(ossl.EVP_PKEY_CTX_PTR, []byte, []byte) error + -+func CFErrorGetCode(__error CFErrorRef) CFIndex { -+ return C._mkcgo_CFErrorGetCode(__error) ++func setupEVP(withKey withKeyFunc, padding int32, ++ h, mgfHash hash.Hash, label []byte, saltLen int32, ch crypto.Hash, ++ init initFunc) (_ ossl.EVP_PKEY_CTX_PTR, err error) { ++ var ctx ossl.EVP_PKEY_CTX_PTR ++ if err := withKey(func(pkey ossl.EVP_PKEY_PTR) error { ++ ctx, err = ossl.EVP_PKEY_CTX_new(pkey, nil) ++ return err ++ }); err != nil { ++ return nil, err ++ } ++ defer func() { ++ if err != nil { ++ if ctx != nil { ++ ossl.EVP_PKEY_CTX_free(ctx) ++ ctx = nil ++ } ++ } ++ }() ++ if err := init(ctx); err != nil { ++ return nil, err ++ } ++ if padding == 0 { ++ return ctx, nil ++ } ++ // Each padding type has its own requirements in terms of when to apply the padding, ++ // so it can't be just set at this point. ++ switch padding { ++ case ossl.RSA_PKCS1_OAEP_PADDING: ++ err = setOAEPPadding(ctx, h, mgfHash, label) ++ case ossl.RSA_PKCS1_PSS_PADDING: ++ err = setPSSPadding(ctx, saltLen, ch) ++ case ossl.RSA_PKCS1_PADDING: ++ err = setPKCS1Padding(ctx, ch) ++ default: ++ _, err = ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PADDING, padding, nil) ++ } ++ if err != nil { ++ return nil, err ++ } ++ return ctx, nil +} + -+func CFNumberCreate(allocator CFAllocatorRef, theType CFNumberType, valuePtr unsafe.Pointer) CFNumberRef { -+ return C._mkcgo_CFNumberCreate(allocator, theType, valuePtr) ++func setPSSPadding(ctx ossl.EVP_PKEY_CTX_PTR, saltLen int32, ch crypto.Hash) error { ++ alg := loadHash(ch, false) ++ if alg == nil { ++ return errors.New("crypto/rsa: unsupported hash function") ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(alg.md)); err != nil { ++ return err ++ } ++ // setPadding must happen after setting EVP_PKEY_CTRL_MD. ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PADDING, ossl.RSA_PKCS1_PSS_PADDING, nil); err != nil { ++ return err ++ } ++ if saltLen != 0 { ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PSS_SALTLEN, saltLen, nil); err != nil { ++ return err ++ } ++ } ++ return nil +} + -+func CFRelease(cf CFTypeRef) { -+ C._mkcgo_CFRelease(cf) ++func setPKCS1Padding(ctx ossl.EVP_PKEY_CTX_PTR, ch crypto.Hash) error { ++ if ch == 0 { ++ // We support unhashed messages. ++ return nil ++ } ++ alg := loadHash(ch, false) ++ if alg == nil { ++ return errors.New("crypto/rsa: unsupported hash function") ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, -1, ossl.EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(alg.md)); err != nil { ++ return err ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PADDING, ossl.RSA_PKCS1_PADDING, nil); err != nil { ++ return err ++ } ++ return nil +} + -+func CFStringGetCStringPtr(str CFStringRef, encoding CFStringEncoding) *byte { -+ return (*byte)(unsafe.Pointer(C._mkcgo_CFStringGetCStringPtr(str, encoding))) ++func setOAEPPadding(ctx ossl.EVP_PKEY_CTX_PTR, h, mgfHash hash.Hash, label []byte) error { ++ md := hashToMD(h) ++ if md == nil { ++ return errors.New("crypto/rsa: unsupported hash function") ++ } ++ var mgfMD ossl.EVP_MD_PTR ++ if mgfHash != nil { ++ // mgfHash is optional, but if it is set it must match a supported hash function. ++ mgfMD = hashToMD(mgfHash) ++ if mgfMD == nil { ++ return errors.New("crypto/rsa: unsupported hash function") ++ } ++ } ++ // setPadding must happen before setting EVP_PKEY_CTRL_RSA_OAEP_MD. ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PADDING, ossl.RSA_PKCS1_OAEP_PADDING, nil); err != nil { ++ return err ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_OAEP_MD, 0, unsafe.Pointer(md)); err != nil { ++ return err ++ } ++ if mgfHash != nil { ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_MGF1_MD, 0, unsafe.Pointer(mgfMD)); err != nil { ++ return err ++ } ++ } ++ // ctx takes ownership of label, so malloc a copy for OpenSSL to free. ++ // OpenSSL does not take ownership of the label if the length is zero, ++ // so better avoid the allocation. ++ var clabel *byte ++ if len(label) > 0 { ++ clabel = (*byte)(cryptoMalloc(len(label))) ++ copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label) ++ var err error ++ switch major() { ++ case 3, 4: ++ _, err = ossl.EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, unsafe.Slice(clabel, len(label))) ++ default: ++ _, err = ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_OAEP_LABEL, int32(len(label)), unsafe.Pointer(clabel)) ++ } ++ if err != nil { ++ cryptoFree(unsafe.Pointer(clabel)) ++ return err ++ } ++ } ++ return nil +} + -+func CFStringGetLength(str CFStringRef) CFIndex { -+ return C._mkcgo_CFStringGetLength(str) -+} ++func cryptEVP(withKey withKeyFunc, padding int32, ++ h, mgfHash hash.Hash, label []byte, saltLen int32, ch crypto.Hash, ++ init initFunc, crypt cryptFunc, in []byte) ([]byte, error) { + -+func SecKeyCopyExternalRepresentation(key SecKeyRef, __error *CFErrorRef) CFDataRef { -+ return C._mkcgo_SecKeyCopyExternalRepresentation(key, __error) ++ ctx, err := setupEVP(withKey, padding, h, mgfHash, label, saltLen, ch, init) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ var pkeySize int32 ++ if err := withKey(func(pkey ossl.EVP_PKEY_PTR) (err error) { ++ pkeySize, err = ossl.EVP_PKEY_get_size(pkey) ++ return err ++ }); err != nil { ++ return nil, err ++ } ++ outLen := int(pkeySize) ++ out := make([]byte, pkeySize) ++ if err := crypt(ctx, out, &outLen, in); err != nil { ++ return nil, err ++ } ++ // The size returned by EVP_PKEY_get_size() is only preliminary and not exact, ++ // so the final contents of the out buffer may be smaller. ++ return out[:outLen], nil +} + -+func SecKeyCopyPublicKey(key SecKeyRef) SecKeyRef { -+ return C._mkcgo_SecKeyCopyPublicKey(key) -+} ++func verifyEVP(withKey withKeyFunc, padding int32, ++ h hash.Hash, label []byte, saltLen int32, ch crypto.Hash, ++ init initFunc, verify verifyFunc, ++ sig, in []byte) error { + -+func SecKeyCreateDecryptedData(key SecKeyRef, algorithm SecKeyAlgorithm, ciphertext CFDataRef, __error *CFErrorRef) CFDataRef { -+ return C._mkcgo_SecKeyCreateDecryptedData(key, algorithm, ciphertext, __error) ++ ctx, err := setupEVP(withKey, padding, h, nil, label, saltLen, ch, init) ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ return verify(ctx, sig, in) +} + -+func SecKeyCreateEncryptedData(key SecKeyRef, algorithm SecKeyAlgorithm, plaintext CFDataRef, __error *CFErrorRef) CFDataRef { -+ return C._mkcgo_SecKeyCreateEncryptedData(key, algorithm, plaintext, __error) ++func evpEncrypt(withKey withKeyFunc, padding int32, h, mgfHash hash.Hash, label, msg []byte) ([]byte, error) { ++ encryptInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { ++ _, err := ossl.EVP_PKEY_encrypt_init(ctx) ++ return err ++ } ++ encrypt := func(ctx ossl.EVP_PKEY_CTX_PTR, out []byte, outLen *int, in []byte) error { ++ if _, err := ossl.EVP_PKEY_encrypt(ctx, out, outLen, in); err != nil { ++ return err ++ } ++ return nil ++ } ++ return cryptEVP(withKey, padding, h, mgfHash, label, 0, 0, encryptInit, encrypt, msg) +} + -+func SecKeyCreateRandomKey(parameters CFDictionaryRef, __error *CFErrorRef) SecKeyRef { -+ return C._mkcgo_SecKeyCreateRandomKey(parameters, __error) ++func evpDecrypt(withKey withKeyFunc, padding int32, h, mgfHash hash.Hash, label, msg []byte) ([]byte, error) { ++ decryptInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { ++ _, err := ossl.EVP_PKEY_decrypt_init(ctx) ++ return err ++ } ++ decrypt := func(ctx ossl.EVP_PKEY_CTX_PTR, out []byte, outLen *int, in []byte) error { ++ _, err := ossl.EVP_PKEY_decrypt(ctx, out, outLen, in) ++ return err ++ } ++ return cryptEVP(withKey, padding, h, mgfHash, label, 0, 0, decryptInit, decrypt, msg) +} + -+func SecKeyCreateSignature(key SecKeyRef, algorithm SecKeyAlgorithm, data CFDataRef, __error *CFErrorRef) CFDataRef { -+ return C._mkcgo_SecKeyCreateSignature(key, algorithm, data, __error) ++func evpSign(withKey withKeyFunc, padding int32, saltLen int32, h crypto.Hash, hashed []byte) ([]byte, error) { ++ signtInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { ++ _, err := ossl.EVP_PKEY_sign_init(ctx) ++ return err ++ } ++ sign := func(ctx ossl.EVP_PKEY_CTX_PTR, out []byte, outLen *int, in []byte) error { ++ _, err := ossl.EVP_PKEY_sign(ctx, out, outLen, in) ++ return err ++ } ++ return cryptEVP(withKey, padding, nil, nil, nil, saltLen, h, signtInit, sign, hashed) +} + -+func SecKeyCreateWithData(keyData CFDataRef, attributes CFDictionaryRef, __error *CFErrorRef) SecKeyRef { -+ return C._mkcgo_SecKeyCreateWithData(keyData, attributes, __error) ++func evpVerify(withKey withKeyFunc, padding int32, saltLen int32, h crypto.Hash, sig, hashed []byte) error { ++ verifyInit := func(ctx ossl.EVP_PKEY_CTX_PTR) error { ++ _, err := ossl.EVP_PKEY_verify_init(ctx) ++ return err ++ } ++ verify := func(ctx ossl.EVP_PKEY_CTX_PTR, sig []byte, in []byte) error { ++ _, err := ossl.EVP_PKEY_verify(ctx, sig, in) ++ return err ++ } ++ return verifyEVP(withKey, padding, nil, nil, saltLen, h, verifyInit, verify, sig, hashed) +} + -+func SecKeyGetBlockSize(key SecKeyRef) int { -+ return int(C._mkcgo_SecKeyGetBlockSize(key)) ++func evpHashSign(withKey withKeyFunc, h crypto.Hash, msg []byte) ([]byte, error) { ++ alg := loadHash(h, false) ++ if alg == nil { ++ return nil, errors.New("unsupported hash function: " + strconv.Itoa(int(h))) ++ } ++ var out []byte ++ var outLen int ++ ctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_MD_CTX_free(ctx) ++ if err := withKey(func(key ossl.EVP_PKEY_PTR) error { ++ _, err := ossl.EVP_DigestSignInit(ctx, nil, alg.md, nil, key) ++ return err ++ }); err != nil { ++ return nil, err ++ } ++ if len(msg) > 0 { ++ if _, err := ossl.EVP_DigestUpdate(ctx, msg); err != nil { ++ return nil, err ++ } ++ } ++ // Obtain the signature length ++ if _, err := ossl.EVP_DigestSignFinal(ctx, nil, &outLen); err != nil { ++ return nil, err ++ } ++ out = make([]byte, outLen) ++ // Obtain the signature ++ if _, err := ossl.EVP_DigestSignFinal(ctx, out, &outLen); err != nil { ++ return nil, err ++ } ++ return out[:outLen], nil +} + -+func SecKeyIsAlgorithmSupported(key SecKeyRef, operation SecKeyOperationType, algorithm SecKeyAlgorithm) Boolean { -+ return C._mkcgo_SecKeyIsAlgorithmSupported(key, operation, algorithm) ++func evpHashVerify(withKey withKeyFunc, h crypto.Hash, msg, sig []byte) error { ++ alg := loadHash(h, false) ++ if alg == nil { ++ return errors.New("unsupported hash function: " + strconv.Itoa(int(h))) ++ } ++ ctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_MD_CTX_free(ctx) ++ if err := withKey(func(key ossl.EVP_PKEY_PTR) error { ++ _, err := ossl.EVP_DigestVerifyInit(ctx, nil, alg.md, nil, key) ++ return err ++ }); err != nil { ++ return err ++ } ++ if len(msg) > 0 { ++ if _, err := ossl.EVP_DigestUpdate(ctx, msg); err != nil { ++ return err ++ } ++ } ++ if _, err := ossl.EVP_DigestVerifyFinal(ctx, sig); err != nil { ++ return err ++ } ++ return nil +} + -+func SecKeyVerifySignature(key SecKeyRef, algorithm SecKeyAlgorithm, signedData CFDataRef, signature CFDataRef, __error *CFErrorRef) Boolean { -+ return C._mkcgo_SecKeyVerifySignature(key, algorithm, signedData, signature, __error) ++func newEVPPKEY(key ossl.EC_KEY_PTR) (ossl.EVP_PKEY_PTR, error) { ++ pkey, err := ossl.EVP_PKEY_new() ++ if err != nil { ++ return nil, err ++ } ++ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_EC, unsafe.Pointer(key)); err != nil { ++ ossl.EVP_PKEY_free(pkey) ++ return nil, err ++ } ++ return pkey, nil +} + -+func SecRandomCopyBytes(rnd SecRandomRef, bytes []byte) int32 { -+ return int32(C._mkcgo_SecRandomCopyBytes(rnd, C.size_t(len(bytes)), (*C.uchar)(unsafe.Pointer(unsafe.SliceData(bytes))))) ++// getECKey returns the EC_KEY from pkey. ++// If pkey does not contain an EC_KEY it panics. ++// The returned key should not be freed. ++func getECKey(pkey ossl.EVP_PKEY_PTR) ossl.EC_KEY_PTR { ++ key, err := ossl.EVP_PKEY_get0_EC_KEY(pkey) ++ if err != nil { ++ panic(err) ++ } ++ return key +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_nocgo.go -new file mode 100644 -index 00000000000000..7e5d52ef2d3c63 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/security/zsecurity_nocgo.go -@@ -0,0 +1,466 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+// Code generated by mkcgo. DO NOT EDIT. -+ -+//go:build !cgo -+ -+package security -+ -+import ( -+ "runtime" -+ "unsafe" -+) -+ -+var _ = runtime.GOOS -+ -+var _mkcgoAlwaysFalseSecurity bool -+var _mkcgoEscapeSinkSecurity unsafe.Pointer + -+// mkcgoEscapePtrSecurity forces p to escape to the heap. -+// This implementation is also used in the standard library: -+// https://github.com/golang/go/blob/f71432d223eeb2139b460957817400750fd13655/src/internal/abi/escape.go#L24-L33 -+func mkcgoEscapePtrSecurity(p unsafe.Pointer) unsafe.Pointer { -+ if _mkcgoAlwaysFalseSecurity { -+ _mkcgoEscapeSinkSecurity = p ++func newEvpFromParams(id int32, selection int32, params ossl.OSSL_PARAM_PTR) (ossl.EVP_PKEY_PTR, error) { ++ ctx, err := ossl.EVP_PKEY_CTX_new_id(id, nil) ++ if err != nil { ++ return nil, err + } -+ return p ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if _, err := ossl.EVP_PKEY_fromdata_init(ctx); err != nil { ++ return nil, err ++ } ++ var pkey ossl.EVP_PKEY_PTR ++ if _, err := ossl.EVP_PKEY_fromdata(ctx, &pkey, selection, params); err != nil { ++ //versionguardcheck:ignore OpenSSL 3.0.0–3.0.2 leak EVP_PKEY on error: https://github.com/openssl/openssl/issues/17407. ++ if major() == 3 && minor() == 0 && patch() <= 2 { ++ ossl.EVP_PKEY_free(pkey) ++ } ++ return nil, err ++ } ++ return pkey, nil +} + -+type Boolean = byte -+type SecRandomRef unsafe.Pointer -+type SecKeyRef unsafe.Pointer -+type CFDataRef unsafe.Pointer -+type CFTypeRef unsafe.Pointer -+type CFStringRef unsafe.Pointer -+type CFDictionaryRef unsafe.Pointer -+type CFMutableDictionaryRef unsafe.Pointer -+type CFNumberRef unsafe.Pointer -+type CFErrorRef unsafe.Pointer -+type CFAllocatorRef unsafe.Pointer -+type CFDictionaryKeyCallBacks unsafe.Pointer -+type CFDictionaryValueCallBacks unsafe.Pointer -+type CFIndex = int64 -+type SecKeyAlgorithm = CFStringRef -+ -+type SecKeyOperationType int32 -+type CFStringEncoding int32 -+type CFNumberType int32 ++func checkPkey(pkey ossl.EVP_PKEY_PTR, isPrivate bool) error { ++ ctx, err := ossl.EVP_PKEY_CTX_new(pkey, nil) ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if isPrivate { ++ if _, err := ossl.EVP_PKEY_private_check(ctx); err != nil { ++ // Match upstream error message. ++ return errors.New("invalid private key") ++ } ++ } else { ++ // Upstream Go does a partial check here, so do we. ++ if _, err := ossl.EVP_PKEY_public_check_quick(ctx); err != nil { ++ // Match upstream error message. ++ return errors.New("invalid public key") ++ } ++ } ++ return nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hash.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hash.go +new file mode 100644 +index 00000000000000..020323eb7be25e +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hash.go +@@ -0,0 +1,521 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+//go:cgo_import_dynamic _mkcgo_kCFAllocatorDefault kCFAllocatorDefault "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" -+//go:cgo_import_dynamic _mkcgo_kSecRandomDefault kSecRandomDefault "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecAttrKeyTypeRSA kSecAttrKeyTypeRSA "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecAttrKeyClassPublic kSecAttrKeyClassPublic "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecAttrKeyClassPrivate kSecAttrKeyClassPrivate "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecAttrKeyType kSecAttrKeyType "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecAttrKeySizeInBits kSecAttrKeySizeInBits "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecAttrKeyClass kSecAttrKeyClass "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 kSecKeyAlgorithmRSASignatureDigestPSSSHA1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 kSecKeyAlgorithmRSASignatureDigestPSSSHA224 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 kSecKeyAlgorithmRSASignatureDigestPSSSHA256 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 kSecKeyAlgorithmRSASignatureDigestPSSSHA384 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 kSecKeyAlgorithmRSASignatureDigestPSSSHA512 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw kSecKeyAlgorithmRSAEncryptionRaw "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 kSecKeyAlgorithmRSAEncryptionPKCS1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 kSecKeyAlgorithmRSAEncryptionOAEPSHA1 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 kSecKeyAlgorithmRSAEncryptionOAEPSHA224 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 kSecKeyAlgorithmRSAEncryptionOAEPSHA256 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 kSecKeyAlgorithmRSAEncryptionOAEPSHA384 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 kSecKeyAlgorithmRSAEncryptionOAEPSHA512 "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 kSecKeyAlgorithmECDSASignatureDigestX962 "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++package openssl + -+//go:linkname _mkcgo_kCFAllocatorDefault _mkcgo_kCFAllocatorDefault -+//go:linkname _mkcgo_kSecRandomDefault _mkcgo_kSecRandomDefault -+//go:linkname _mkcgo_kSecAttrKeyTypeRSA _mkcgo_kSecAttrKeyTypeRSA -+//go:linkname _mkcgo_kSecAttrKeyClassPublic _mkcgo_kSecAttrKeyClassPublic -+//go:linkname _mkcgo_kSecAttrKeyClassPrivate _mkcgo_kSecAttrKeyClassPrivate -+//go:linkname _mkcgo_kSecAttrKeyType _mkcgo_kSecAttrKeyType -+//go:linkname _mkcgo_kSecAttrKeySizeInBits _mkcgo_kSecAttrKeySizeInBits -+//go:linkname _mkcgo_kSecAttrKeyClass _mkcgo_kSecAttrKeyClass -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw -+//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw -+//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 -+//go:linkname _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 -+//go:linkname _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ "runtime" ++ "strconv" ++ "sync" ++ "unsafe" + -+var ( -+ _mkcgo_kCFAllocatorDefault CFAllocatorRef -+ _mkcgo_kSecRandomDefault SecRandomRef -+ _mkcgo_kSecAttrKeyTypeRSA CFStringRef -+ _mkcgo_kSecAttrKeyClassPublic CFStringRef -+ _mkcgo_kSecAttrKeyClassPrivate CFStringRef -+ _mkcgo_kSecAttrKeyType CFStringRef -+ _mkcgo_kSecAttrKeySizeInBits CFStringRef -+ _mkcgo_kSecAttrKeyClass CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSAEncryptionRaw CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 CFStringRef -+ _mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 CFStringRef -+ _mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 CFStringRef ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+//go:noinline -+func _mkcgo_addr_kCFAllocatorDefault() *CFAllocatorRef { return &_mkcgo_kCFAllocatorDefault } -+ -+//go:noinline -+func _mkcgo_addr_kSecRandomDefault() *SecRandomRef { return &_mkcgo_kSecRandomDefault } ++const ( ++ magicMD5 = "md5\x01" ++ magic1 = "sha\x01" ++ magic224 = "sha\x02" ++ magic256 = "sha\x03" ++ magic384 = "sha\x04" ++ magic512_224 = "sha\x05" ++ magic512_256 = "sha\x06" ++ magic512 = "sha\x07" + -+//go:noinline -+func _mkcgo_addr_kSecAttrKeyTypeRSA() *CFStringRef { return &_mkcgo_kSecAttrKeyTypeRSA } ++ marshaledSizeMD5 = len(magicMD5) + 4*4 + 64 + 8 // from crypto/md5 ++ marshaledSize1 = len(magic1) + 5*4 + 64 + 8 // from crypto/sha1 ++ marshaledSize256 = len(magic256) + 8*4 + 64 + 8 // from crypto/sha256 ++ marshaledSize512 = len(magic512) + 8*8 + 128 + 8 // from crypto/sha512 ++) + -+//go:noinline -+func _mkcgo_addr_kSecAttrKeyClassPublic() *CFStringRef { return &_mkcgo_kSecAttrKeyClassPublic } ++// maxHashSize is the size of SHA52 and SHA3_512, the largest hashes we support. ++const maxHashSize = 64 + -+//go:noinline -+func _mkcgo_addr_kSecAttrKeyClassPrivate() *CFStringRef { return &_mkcgo_kSecAttrKeyClassPrivate } ++type HashCloner = hash.Cloner + -+//go:noinline -+func _mkcgo_addr_kSecAttrKeyType() *CFStringRef { return &_mkcgo_kSecAttrKeyType } ++func hashOneShot(ch crypto.Hash, p []byte, sum []byte) bool { ++ _, err := ossl.EVP_Digest(p, sum, nil, loadHash(ch, true).md, nil) ++ return err == nil ++} + -+//go:noinline -+func _mkcgo_addr_kSecAttrKeySizeInBits() *CFStringRef { return &_mkcgo_kSecAttrKeySizeInBits } ++func MD4(p []byte) (sum [16]byte) { ++ if !hashOneShot(crypto.MD4, p, sum[:]) { ++ panic("openssl: MD4 failed") ++ } ++ return ++} + -+//go:noinline -+func _mkcgo_addr_kSecAttrKeyClass() *CFStringRef { return &_mkcgo_kSecAttrKeyClass } ++func MD5(p []byte) (sum [16]byte) { ++ if !hashOneShot(crypto.MD5, p, sum[:]) { ++ panic("openssl: MD5 failed") ++ } ++ return ++} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA1() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA1 ++func SHA1(p []byte) (sum [20]byte) { ++ if !hashOneShot(crypto.SHA1, p, sum[:]) { ++ panic("openssl: SHA1 failed") ++ } ++ return +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA224() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA224 ++func SHA224(p []byte) (sum [28]byte) { ++ if !hashOneShot(crypto.SHA224, p, sum[:]) { ++ panic("openssl: SHA224 failed") ++ } ++ return +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA256() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA256 ++func SHA256(p []byte) (sum [32]byte) { ++ if !hashOneShot(crypto.SHA256, p, sum[:]) { ++ panic("openssl: SHA256 failed") ++ } ++ return +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA384() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA384 ++func SHA384(p []byte) (sum [48]byte) { ++ if !hashOneShot(crypto.SHA384, p, sum[:]) { ++ panic("openssl: SHA384 failed") ++ } ++ return +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA512() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPSSSHA512 ++func SHA512(p []byte) (sum [64]byte) { ++ if !hashOneShot(crypto.SHA512, p, sum[:]) { ++ panic("openssl: SHA512 failed") ++ } ++ return +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionRaw() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionRaw ++func SHA512_224(p []byte) (sum [28]byte) { ++ if !hashOneShot(crypto.SHA512_224, p, sum[:]) { ++ panic("openssl: SHA512 failed") ++ } ++ return +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionPKCS1() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionPKCS1 ++func SHA512_256(p []byte) (sum [32]byte) { ++ if !hashOneShot(crypto.SHA512_256, p, sum[:]) { ++ panic("openssl: SHA512_256 failed") ++ } ++ return +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 ++// cacheHashSupported is a cache of crypto.Hash support. ++var cacheHashSupported sync.Map ++ ++// SupportsHash reports whether the current OpenSSL version supports the given hash. ++func SupportsHash(h crypto.Hash) bool { ++ if v, ok := cacheHashSupported.Load(h); ok { ++ return v.(bool) ++ } ++ alg := loadHash(h, false) ++ if alg == nil { ++ cacheHashSupported.Store(h, false) ++ return false ++ } ++ // EVP_MD objects can be non-nil even when they can't be used ++ // in a EVP_MD_CTX, e.g. MD5 in FIPS mode. We need to prove ++ // if they can be used by passing them to a EVP_MD_CTX. ++ var supported bool ++ if ctx, _ := ossl.EVP_MD_CTX_new(); ctx != nil { ++ _, err := ossl.EVP_DigestInit_ex(ctx, alg.md, nil) ++ supported = err == nil ++ ossl.EVP_MD_CTX_free(ctx) ++ } ++ cacheHashSupported.Store(h, supported) ++ return supported +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 ++func SumSHA3_224(p []byte) (sum [28]byte) { ++ if !hashOneShot(crypto.SHA3_224, p, sum[:]) { ++ panic("openssl: SHA3_224 failed") ++ } ++ return +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 ++func SumSHA3_256(p []byte) (sum [32]byte) { ++ if !hashOneShot(crypto.SHA3_256, p, sum[:]) { ++ panic("openssl: SHA3_256 failed") ++ } ++ return +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 ++func SumSHA3_384(p []byte) (sum [48]byte) { ++ if !hashOneShot(crypto.SHA3_384, p, sum[:]) { ++ panic("openssl: SHA3_384 failed") ++ } ++ return +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 ++func SumSHA3_512(p []byte) (sum [64]byte) { ++ if !hashOneShot(crypto.SHA3_512, p, sum[:]) { ++ panic("openssl: SHA3_512 failed") ++ } ++ return +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw ++// NewMD4 returns a new MD4 hash. ++// The returned hash doesn't implement encoding.BinaryMarshaler and ++// encoding.BinaryUnmarshaler. ++func NewMD4() hash.Hash { ++ return newHash(crypto.MD4) +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA1() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 ++// NewMD5 returns a new MD5 hash. ++func NewMD5() hash.Hash { ++ return newHash(crypto.MD5) +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA224() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 ++// NewSHA1 returns a new SHA1 hash. ++func NewSHA1() hash.Hash { ++ return newHash(crypto.SHA1) +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA256() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 ++// NewSHA224 returns a new SHA224 hash. ++func NewSHA224() hash.Hash { ++ return newHash(crypto.SHA224) +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA384() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 ++// NewSHA256 returns a new SHA256 hash. ++func NewSHA256() hash.Hash { ++ return newHash(crypto.SHA256) +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA512() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 ++// NewSHA384 returns a new SHA384 hash. ++func NewSHA384() hash.Hash { ++ return newHash(crypto.SHA384) +} + -+//go:noinline -+func _mkcgo_addr_kSecKeyAlgorithmECDSASignatureDigestX962() *CFStringRef { -+ return &_mkcgo_kSecKeyAlgorithmECDSASignatureDigestX962 ++// NewSHA512 returns a new SHA512 hash. ++func NewSHA512() hash.Hash { ++ return newHash(crypto.SHA512) +} + -+var ( -+ KCFAllocatorDefault CFAllocatorRef = *_mkcgo_addr_kCFAllocatorDefault() -+ KSecRandomDefault SecRandomRef = *_mkcgo_addr_kSecRandomDefault() -+ KSecAttrKeyTypeRSA CFStringRef = *_mkcgo_addr_kSecAttrKeyTypeRSA() -+ KSecAttrKeyClassPublic CFStringRef = *_mkcgo_addr_kSecAttrKeyClassPublic() -+ KSecAttrKeyClassPrivate CFStringRef = *_mkcgo_addr_kSecAttrKeyClassPrivate() -+ KSecAttrKeyType CFStringRef = *_mkcgo_addr_kSecAttrKeyType() -+ KSecAttrKeySizeInBits CFStringRef = *_mkcgo_addr_kSecAttrKeySizeInBits() -+ KSecAttrKeyClass CFStringRef = *_mkcgo_addr_kSecAttrKeyClass() -+ KSecKeyAlgorithmRSASignatureDigestPSSSHA1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA1() -+ KSecKeyAlgorithmRSASignatureDigestPSSSHA224 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA224() -+ KSecKeyAlgorithmRSASignatureDigestPSSSHA256 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA256() -+ KSecKeyAlgorithmRSASignatureDigestPSSSHA384 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA384() -+ KSecKeyAlgorithmRSASignatureDigestPSSSHA512 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPSSSHA512() -+ KSecKeyAlgorithmRSAEncryptionRaw CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionRaw() -+ KSecKeyAlgorithmRSAEncryptionPKCS1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionPKCS1() -+ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1() -+ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224() -+ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256() -+ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384() -+ KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512() -+ KSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw() -+ KSecKeyAlgorithmRSAEncryptionOAEPSHA1 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA1() -+ KSecKeyAlgorithmRSAEncryptionOAEPSHA224 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA224() -+ KSecKeyAlgorithmRSAEncryptionOAEPSHA256 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA256() -+ KSecKeyAlgorithmRSAEncryptionOAEPSHA384 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA384() -+ KSecKeyAlgorithmRSAEncryptionOAEPSHA512 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmRSAEncryptionOAEPSHA512() -+ KSecKeyAlgorithmECDSASignatureDigestX962 CFStringRef = *_mkcgo_addr_kSecKeyAlgorithmECDSASignatureDigestX962() -+) ++// NewSHA512_224 returns a new SHA512_224 hash. ++func NewSHA512_224() hash.Hash { ++ return newHash(crypto.SHA512_224) ++} + -+//go:cgo_import_dynamic _mkcgo_CFDataCreate CFDataCreate "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" -+//go:cgo_import_dynamic _mkcgo_CFDataGetBytePtr CFDataGetBytePtr "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" -+//go:cgo_import_dynamic _mkcgo_CFDataGetLength CFDataGetLength "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" -+//go:cgo_import_dynamic _mkcgo_CFDictionaryCreate CFDictionaryCreate "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" -+//go:cgo_import_dynamic _mkcgo_CFDictionaryCreateMutable CFDictionaryCreateMutable "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" -+//go:cgo_import_dynamic _mkcgo_CFDictionarySetValue CFDictionarySetValue "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" -+//go:cgo_import_dynamic _mkcgo_CFErrorCopyDescription CFErrorCopyDescription "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" -+//go:cgo_import_dynamic _mkcgo_CFErrorGetCode CFErrorGetCode "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" -+//go:cgo_import_dynamic _mkcgo_CFNumberCreate CFNumberCreate "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" -+//go:cgo_import_dynamic _mkcgo_CFRelease CFRelease "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" -+//go:cgo_import_dynamic _mkcgo_CFStringGetCStringPtr CFStringGetCStringPtr "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" -+//go:cgo_import_dynamic _mkcgo_CFStringGetLength CFStringGetLength "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation" -+//go:cgo_import_dynamic _mkcgo_SecKeyCopyExternalRepresentation SecKeyCopyExternalRepresentation "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_SecKeyCopyPublicKey SecKeyCopyPublicKey "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_SecKeyCreateDecryptedData SecKeyCreateDecryptedData "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_SecKeyCreateEncryptedData SecKeyCreateEncryptedData "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_SecKeyCreateRandomKey SecKeyCreateRandomKey "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_SecKeyCreateSignature SecKeyCreateSignature "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_SecKeyCreateWithData SecKeyCreateWithData "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_SecKeyGetBlockSize SecKeyGetBlockSize "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_SecKeyIsAlgorithmSupported SecKeyIsAlgorithmSupported "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_SecKeyVerifySignature SecKeyVerifySignature "/System/Library/Frameworks/Security.framework/Versions/A/Security" -+//go:cgo_import_dynamic _mkcgo_SecRandomCopyBytes SecRandomCopyBytes "/System/Library/Frameworks/Security.framework/Versions/A/Security" ++// NewSHA512_256 returns a new SHA512_256 hash. ++func NewSHA512_256() hash.Hash { ++ return newHash(crypto.SHA512_256) ++} + -+var _mkcgo_CFDataCreate_trampoline_addr uintptr ++// NewSHA3_224 returns a new SHA3-224 hash. ++func NewSHA3_224() *Hash { ++ return newHash(crypto.SHA3_224) ++} + -+func CFDataCreate(allocator CFAllocatorRef, bytes []uint8) CFDataRef { -+ r0, _ := syscallN(0, _mkcgo_CFDataCreate_trampoline_addr, uintptr(allocator), uintptr(unsafe.Pointer(unsafe.SliceData(bytes))), uintptr(len(bytes))) -+ return CFDataRef(r0) ++// NewSHA3_256 creates a new SHA3-256 hash. ++func NewSHA3_256() *Hash { ++ return newHash(crypto.SHA3_256) +} + -+var _mkcgo_CFDataGetBytePtr_trampoline_addr uintptr ++// NewSHA3_384 creates a new SHA3-384 hash. ++func NewSHA3_384() *Hash { ++ return newHash(crypto.SHA3_384) ++} + -+func CFDataGetBytePtr(data CFDataRef) *uint8 { -+ r0, _ := syscallN(0, _mkcgo_CFDataGetBytePtr_trampoline_addr, uintptr(data)) -+ return (*uint8)(unsafe.Pointer(r0)) ++// NewSHA3_512 creates a new SHA3-512 hash. ++func NewSHA3_512() *Hash { ++ return newHash(crypto.SHA3_512) +} + -+var _mkcgo_CFDataGetLength_trampoline_addr uintptr ++var _ hash.Hash = (*Hash)(nil) ++var _ HashCloner = (*Hash)(nil) + -+func CFDataGetLength(data CFDataRef) CFIndex { -+ r0, _ := syscallN(0, _mkcgo_CFDataGetLength_trampoline_addr, uintptr(data)) -+ return CFIndex(r0) ++// FIPSApprovedHash reports whether this hash algorithm is FIPS 140-3 approved. ++func FIPSApprovedHash(h hash.Hash) bool { ++ xh, ok := h.(*Hash) ++ if !ok { ++ return false ++ } ++ switch xh.alg.ch { ++ case crypto.SHA224, crypto.SHA256, crypto.SHA384, crypto.SHA512, ++ crypto.SHA512_224, crypto.SHA512_256, ++ crypto.SHA3_224, crypto.SHA3_256, crypto.SHA3_384, crypto.SHA3_512: ++ return true ++ default: ++ return false ++ } +} + -+var _mkcgo_CFDictionaryCreate_trampoline_addr uintptr ++// hashBufSize is the size of the buffer used for hashing. ++// 256 bytes is a reasonable compromise for general purpose use, ++// and the resulting evpHash size is still similar to the ++// upstream sha512 hash object. ++const hashBufSize = 256 + -+func CFDictionaryCreate(allocator CFAllocatorRef, keys *unsafe.Pointer, values *unsafe.Pointer, numValues CFIndex, keyCallBacks *CFDictionaryKeyCallBacks, valueCallBacks *CFDictionaryValueCallBacks) CFDictionaryRef { -+ r0, _ := syscallN(0, _mkcgo_CFDictionaryCreate_trampoline_addr, uintptr(allocator), uintptr(mkcgoEscapePtrSecurity(unsafe.Pointer(keys))), uintptr(mkcgoEscapePtrSecurity(unsafe.Pointer(values))), uintptr(numValues), uintptr(mkcgoEscapePtrSecurity(unsafe.Pointer(keyCallBacks))), uintptr(mkcgoEscapePtrSecurity(unsafe.Pointer(valueCallBacks)))) -+ return CFDictionaryRef(r0) ++// Hash implements generic hash methods. ++type Hash struct { ++ alg *hashAlgorithm ++ ctx ossl.EVP_MD_CTX_PTR ++ // ctx2 is used in Hash.Sum to avoid changing ++ // the state of ctx. Having it here allows reusing the ++ // same allocated object multiple times. ++ ctx2 ossl.EVP_MD_CTX_PTR ++ ++ // buf is a buffer for data not yet written to ctx. ++ // It is used to reduce calls into OpenSSL for small writes. ++ // The buffer size is a trade-off between memory usage and ++ // number of calls into OpenSSL. ++ buf [hashBufSize]byte ++ nbuf int +} + -+var _mkcgo_CFDictionaryCreateMutable_trampoline_addr uintptr ++func newHash(ch crypto.Hash) *Hash { ++ // Don't call init() yet, it would be wasteful ++ // if the caller only wants to know the hash type. This ++ // is a common pattern in this package, as some functions ++ // accept a `func() hash.Hash` parameter and call it just ++ // to know the hash type. ++ return &Hash{alg: loadHash(ch, true)} ++} + -+func CFDictionaryCreateMutable(allocator CFAllocatorRef, capacity CFIndex, keyCallBacks *CFDictionaryKeyCallBacks, valueCallBacks *CFDictionaryValueCallBacks) CFMutableDictionaryRef { -+ r0, _ := syscallN(0, _mkcgo_CFDictionaryCreateMutable_trampoline_addr, uintptr(allocator), uintptr(capacity), uintptr(mkcgoEscapePtrSecurity(unsafe.Pointer(keyCallBacks))), uintptr(mkcgoEscapePtrSecurity(unsafe.Pointer(valueCallBacks)))) -+ return CFMutableDictionaryRef(r0) ++func (h *Hash) finalize() { ++ if h.ctx != nil { ++ ossl.EVP_MD_CTX_free(h.ctx) ++ } ++ if h.ctx2 != nil { ++ ossl.EVP_MD_CTX_free(h.ctx2) ++ } +} + -+var _mkcgo_CFDictionarySetValue_trampoline_addr uintptr ++func (h *Hash) init() { ++ if h.ctx != nil { ++ return ++ } ++ var err error ++ h.ctx, err = ossl.EVP_MD_CTX_new() ++ if err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_DigestInit_ex(h.ctx, h.alg.md, nil); err != nil { ++ ossl.EVP_MD_CTX_free(h.ctx) ++ panic(err) ++ } ++ h.ctx2, err = ossl.EVP_MD_CTX_new() ++ if err != nil { ++ ossl.EVP_MD_CTX_free(h.ctx) ++ panic(err) ++ } ++ runtime.SetFinalizer(h, (*Hash).finalize) ++} + -+func CFDictionarySetValue(theDict CFMutableDictionaryRef, key unsafe.Pointer, value unsafe.Pointer) { -+ syscallN(0, _mkcgo_CFDictionarySetValue_trampoline_addr, uintptr(theDict), uintptr(key), uintptr(value)) ++func (h *Hash) write(p []byte) int { ++ if len(p) == 0 { ++ return 0 ++ } ++ if h.nbuf > 0 && h.nbuf+len(p) > len(h.buf) { ++ // We have buffered data and adding p would exceed the buffer, ++ // flush the buffer first. ++ h.flush() ++ } ++ if len(p) > len(h.buf) { ++ // p is larger than the buffer, write it directly. ++ h.init() ++ if _, err := ossl.EVP_DigestUpdate(h.ctx, p); err != nil { ++ panic(err) ++ } ++ } else { ++ // Otherwise, buffer it. ++ h.nbuf += copy(h.buf[h.nbuf:], p) ++ } ++ runtime.KeepAlive(h) ++ return len(p) +} + -+var _mkcgo_CFErrorCopyDescription_trampoline_addr uintptr -+ -+func CFErrorCopyDescription(__error CFErrorRef) CFStringRef { -+ r0, _ := syscallN(0, _mkcgo_CFErrorCopyDescription_trampoline_addr, uintptr(__error)) -+ return CFStringRef(r0) ++func (h *Hash) flush() { ++ h.init() ++ if h.nbuf > 0 { ++ if _, err := ossl.EVP_DigestUpdate(h.ctx, h.buf[:h.nbuf]); err != nil { ++ panic(err) ++ } ++ h.nbuf = 0 ++ } +} + -+var _mkcgo_CFErrorGetCode_trampoline_addr uintptr -+ -+func CFErrorGetCode(__error CFErrorRef) CFIndex { -+ r0, _ := syscallN(0, _mkcgo_CFErrorGetCode_trampoline_addr, uintptr(__error)) -+ return CFIndex(r0) ++func (h *Hash) Reset() { ++ h.nbuf = 0 ++ if h.ctx == nil { ++ // The hash is not initialized yet, no need to reset ctx. ++ return ++ } ++ // There is no need to reset h.ctx2 because it is always reset in evpHash.Sum. ++ if _, err := ossl.EVP_DigestInit_ex(h.ctx, nil, nil); err != nil { ++ panic(err) ++ } ++ runtime.KeepAlive(h) +} + -+var _mkcgo_CFNumberCreate_trampoline_addr uintptr -+ -+func CFNumberCreate(allocator CFAllocatorRef, theType CFNumberType, valuePtr unsafe.Pointer) CFNumberRef { -+ r0, _ := syscallN(0, _mkcgo_CFNumberCreate_trampoline_addr, uintptr(allocator), uintptr(theType), uintptr(valuePtr)) -+ return CFNumberRef(r0) ++func (h *Hash) Write(p []byte) (int, error) { ++ return h.write(p), nil +} + -+var _mkcgo_CFRelease_trampoline_addr uintptr -+ -+func CFRelease(cf CFTypeRef) { -+ syscallN(0, _mkcgo_CFRelease_trampoline_addr, uintptr(cf)) ++func (h *Hash) WriteString(s string) (int, error) { ++ return h.write(unsafe.Slice(unsafe.StringData(s), len(s))), nil +} + -+var _mkcgo_CFStringGetCStringPtr_trampoline_addr uintptr -+ -+func CFStringGetCStringPtr(str CFStringRef, encoding CFStringEncoding) *byte { -+ r0, _ := syscallN(0, _mkcgo_CFStringGetCStringPtr_trampoline_addr, uintptr(str), uintptr(encoding)) -+ return (*byte)(unsafe.Pointer(r0)) ++func (h *Hash) WriteByte(c byte) error { ++ h.write(unsafe.Slice(&c, 1)) ++ return nil +} + -+var _mkcgo_CFStringGetLength_trampoline_addr uintptr -+ -+func CFStringGetLength(str CFStringRef) CFIndex { -+ r0, _ := syscallN(0, _mkcgo_CFStringGetLength_trampoline_addr, uintptr(str)) -+ return CFIndex(r0) ++func (h *Hash) Size() int { ++ return h.alg.size +} + -+var _mkcgo_SecKeyCopyExternalRepresentation_trampoline_addr uintptr -+ -+func SecKeyCopyExternalRepresentation(key SecKeyRef, __error *CFErrorRef) CFDataRef { -+ r0, _ := syscallN(0, _mkcgo_SecKeyCopyExternalRepresentation_trampoline_addr, uintptr(key), uintptr(unsafe.Pointer(__error))) -+ return CFDataRef(r0) ++func (h *Hash) BlockSize() int { ++ return h.alg.blockSize +} + -+var _mkcgo_SecKeyCopyPublicKey_trampoline_addr uintptr -+ -+func SecKeyCopyPublicKey(key SecKeyRef) SecKeyRef { -+ r0, _ := syscallN(0, _mkcgo_SecKeyCopyPublicKey_trampoline_addr, uintptr(key)) -+ return SecKeyRef(r0) ++func (h *Hash) Sum(in []byte) []byte { ++ out := append(in, make([]byte, h.Size(), maxHashSize)...) ++ if h.ctx == nil { ++ // Fast path: if ctx hasn't been initialized, all data is in the buffer ++ // and we can use the one-shot EVP_Digest function. ++ if _, err := ossl.EVP_Digest(h.buf[:h.nbuf], out[len(in):], nil, h.alg.md, nil); err != nil { ++ panic(err) ++ } ++ return out ++ } ++ // Slow path: copy h.ctx into h.ctx2 and call EVP_DigestFinal_ex using h.ctx2. ++ // This is necessary because Go hash.Hash mandates that Sum has no effect ++ // on the underlying stream. In particular it is OK to Sum, then Write more, ++ // then Sum again, and the second Sum acts as if the first didn't happen. ++ if _, err := ossl.EVP_MD_CTX_copy_ex(h.ctx2, h.ctx); err != nil { ++ panic(err) ++ } ++ if h.nbuf > 0 { ++ // If we have buffered data, update ctx2 with it ++ if _, err := ossl.EVP_DigestUpdate(h.ctx2, h.buf[:h.nbuf]); err != nil { ++ panic(err) ++ } ++ } ++ if _, err := ossl.EVP_DigestFinal_ex(h.ctx2, out[len(in):], nil); err != nil { ++ panic(err) ++ } ++ runtime.KeepAlive(h) ++ return out +} + -+var _mkcgo_SecKeyCreateDecryptedData_trampoline_addr uintptr -+ -+func SecKeyCreateDecryptedData(key SecKeyRef, algorithm SecKeyAlgorithm, ciphertext CFDataRef, __error *CFErrorRef) CFDataRef { -+ r0, _ := syscallN(0, _mkcgo_SecKeyCreateDecryptedData_trampoline_addr, uintptr(key), uintptr(algorithm), uintptr(ciphertext), uintptr(unsafe.Pointer(__error))) -+ return CFDataRef(r0) ++// Clone returns a new Hash object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *Hash) Clone() (HashCloner, error) { ++ h2 := &Hash{alg: h.alg, nbuf: h.nbuf} ++ copy(h2.buf[:h.nbuf], h.buf[:h.nbuf]) ++ if h.ctx != nil { ++ var err error ++ h2.ctx, err = ossl.EVP_MD_CTX_new() ++ if err != nil { ++ panic(err) ++ } ++ if _, err := ossl.EVP_MD_CTX_copy_ex(h2.ctx, h.ctx); err != nil { ++ ossl.EVP_MD_CTX_free(h2.ctx) ++ panic(err) ++ } ++ h2.ctx2, err = ossl.EVP_MD_CTX_new() ++ if err != nil { ++ ossl.EVP_MD_CTX_free(h2.ctx) ++ panic(err) ++ } ++ runtime.SetFinalizer(h2, (*Hash).finalize) ++ } ++ runtime.KeepAlive(h) ++ return h2, nil +} + -+var _mkcgo_SecKeyCreateEncryptedData_trampoline_addr uintptr ++type errMarshallUnsupported struct{} + -+func SecKeyCreateEncryptedData(key SecKeyRef, algorithm SecKeyAlgorithm, plaintext CFDataRef, __error *CFErrorRef) CFDataRef { -+ r0, _ := syscallN(0, _mkcgo_SecKeyCreateEncryptedData_trampoline_addr, uintptr(key), uintptr(algorithm), uintptr(plaintext), uintptr(unsafe.Pointer(__error))) -+ return CFDataRef(r0) ++func (e errMarshallUnsupported) Error() string { ++ return "cryptokit: hash state is not marshallable" +} + -+var _mkcgo_SecKeyCreateRandomKey_trampoline_addr uintptr -+ -+func SecKeyCreateRandomKey(parameters CFDictionaryRef, __error *CFErrorRef) SecKeyRef { -+ r0, _ := syscallN(0, _mkcgo_SecKeyCreateRandomKey_trampoline_addr, uintptr(parameters), uintptr(unsafe.Pointer(__error))) -+ return SecKeyRef(r0) ++func (e errMarshallUnsupported) Unwrap() error { ++ return errors.ErrUnsupported +} + -+var _mkcgo_SecKeyCreateSignature_trampoline_addr uintptr -+ -+func SecKeyCreateSignature(key SecKeyRef, algorithm SecKeyAlgorithm, data CFDataRef, __error *CFErrorRef) CFDataRef { -+ r0, _ := syscallN(0, _mkcgo_SecKeyCreateSignature_trampoline_addr, uintptr(key), uintptr(algorithm), uintptr(data), uintptr(unsafe.Pointer(__error))) -+ return CFDataRef(r0) ++func (d *Hash) MarshalBinary() ([]byte, error) { ++ if d.alg == nil || !d.alg.marshallable { ++ return nil, errMarshallUnsupported{} ++ } ++ buf := make([]byte, 0, d.alg.marshalledSize) ++ return d.AppendBinary(buf) +} + -+var _mkcgo_SecKeyCreateWithData_trampoline_addr uintptr -+ -+func SecKeyCreateWithData(keyData CFDataRef, attributes CFDictionaryRef, __error *CFErrorRef) SecKeyRef { -+ r0, _ := syscallN(0, _mkcgo_SecKeyCreateWithData_trampoline_addr, uintptr(keyData), uintptr(attributes), uintptr(unsafe.Pointer(__error))) -+ return SecKeyRef(r0) ++func (d *Hash) AppendBinary(buf []byte) ([]byte, error) { ++ defer runtime.KeepAlive(d) ++ if d.alg == nil || !d.alg.marshallable { ++ return nil, errMarshallUnsupported{} ++ } ++ d.flush() ++ switch d.alg.provider { ++ case providerOSSLDefault, providerOSSLFIPS: ++ return osslHashAppendBinary(d.ctx, d.alg.ch, d.alg.magic, buf) ++ case providerSymCrypt: ++ return symCryptHashAppendBinary(d.ctx, d.alg.ch, d.alg.magic, buf) ++ default: ++ panic("openssl: unknown hash provider" + strconv.Itoa(int(d.alg.provider))) ++ } +} + -+var _mkcgo_SecKeyGetBlockSize_trampoline_addr uintptr -+ -+func SecKeyGetBlockSize(key SecKeyRef) int { -+ r0, _ := syscallN(0, _mkcgo_SecKeyGetBlockSize_trampoline_addr, uintptr(key)) -+ return int(r0) ++func (d *Hash) UnmarshalBinary(b []byte) error { ++ defer runtime.KeepAlive(d) ++ d.flush() ++ if d.alg == nil || !d.alg.marshallable { ++ return errMarshallUnsupported{} ++ } ++ if len(b) < len(d.alg.magic) || string(b[:len(d.alg.magic)]) != d.alg.magic { ++ return errors.New("openssl: invalid hash state identifier") ++ } ++ if len(b) != d.alg.marshalledSize { ++ return errors.New("openssl: invalid hash state size") ++ } ++ switch d.alg.provider { ++ case providerOSSLDefault, providerOSSLFIPS: ++ return osslHashUnmarshalBinary(d.ctx, d.alg.ch, d.alg.magic, b) ++ case providerSymCrypt: ++ return symCryptHashUnmarshalBinary(d.ctx, d.alg.ch, d.alg.magic, b) ++ default: ++ panic("openssl: unknown hash provider" + strconv.Itoa(int(d.alg.provider))) ++ } +} + -+var _mkcgo_SecKeyIsAlgorithmSupported_trampoline_addr uintptr -+ -+func SecKeyIsAlgorithmSupported(key SecKeyRef, operation SecKeyOperationType, algorithm SecKeyAlgorithm) Boolean { -+ r0, _ := syscallN(0, _mkcgo_SecKeyIsAlgorithmSupported_trampoline_addr, uintptr(key), uintptr(operation), uintptr(algorithm)) -+ return Boolean(r0) ++// appendUint64 appends x into b as a big endian byte sequence. ++func appendUint64(b []byte, x uint64) []byte { ++ return append(b, ++ byte(x>>56), ++ byte(x>>48), ++ byte(x>>40), ++ byte(x>>32), ++ byte(x>>24), ++ byte(x>>16), ++ byte(x>>8), ++ byte(x), ++ ) +} + -+var _mkcgo_SecKeyVerifySignature_trampoline_addr uintptr -+ -+func SecKeyVerifySignature(key SecKeyRef, algorithm SecKeyAlgorithm, signedData CFDataRef, signature CFDataRef, __error *CFErrorRef) Boolean { -+ r0, _ := syscallN(0, _mkcgo_SecKeyVerifySignature_trampoline_addr, uintptr(key), uintptr(algorithm), uintptr(signedData), uintptr(signature), uintptr(unsafe.Pointer(__error))) -+ return Boolean(r0) ++// appendUint32 appends x into b as a big endian byte sequence. ++func appendUint32(b []byte, x uint32) []byte { ++ return append(b, byte(x>>24), byte(x>>16), byte(x>>8), byte(x)) +} + -+var _mkcgo_SecRandomCopyBytes_trampoline_addr uintptr ++// consumeUint64 reads a big endian uint64 number from b. ++func consumeUint64(b []byte) ([]byte, uint64) { ++ _ = b[7] ++ x := uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | ++ uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 ++ return b[8:], x ++} + -+func SecRandomCopyBytes(rnd SecRandomRef, bytes []byte) int32 { -+ r0, _ := syscallN(0, _mkcgo_SecRandomCopyBytes_trampoline_addr, uintptr(rnd), uintptr(len(bytes)), uintptr(unsafe.Pointer(unsafe.SliceData(bytes)))) -+ return int32(r0) ++// consumeUint32 reads a big endian uint32 number from b. ++func consumeUint32(b []byte) ([]byte, uint32) { ++ _ = b[3] ++ x := uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24 ++ return b[4:], x +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/asm_amd64.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/asm_amd64.s +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hkdf.go new file mode 100644 -index 00000000000000..512d8087daf527 +index 00000000000000..75207faf1aa043 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/asm_amd64.s -@@ -0,0 +1,120 @@ -+// Copyright 2009 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !cgo -+ -+#include "go_asm.h" -+#include "textflag.h" -+ -+TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $16 -+#ifdef GOOS_windows -+ MOVQ CX, 0(SP) -+ -+#else -+ MOVQ DI, 0(SP) -+ -+#endif -+ CALL ·syscallNSystemStack(SB) -+ RET ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hkdf.go +@@ -0,0 +1,330 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+#ifdef GOOS_windows -+#define RegArgsN 4 -+#else -+#define RegArgsN 6 -+#endif ++package openssl + -+TEXT ·syscallNAsm(SB), NOSPLIT, $16-8 -+ // Load pointer from stack (ABI0 calling convention) -+ // Store argument and original SP in a callee-saved register -+ MOVQ libcArgs+0(FP), R13 -+ MOVQ SP, R14 ++import ( ++ "hash" ++ "sync" ++ "unsafe" + -+ // Align stack to 16 bytes -+ ANDQ $~15, SP ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+ MOVQ libcCallInfo_fn(R13), R11 -+ MOVQ libcCallInfo_n(R13), CX -+ MOVQ libcCallInfo_args(R13), R10 ++// SupprtHKDF reports whether the current OpenSSL version supports HKDF. ++func SupportsHKDF() bool { ++ switch major() { ++ case 1: ++ return true ++ case 3, 4: ++ _, err := fetchHKDF3() ++ return err == nil ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} + -+ // Fast version, do not store args on the stack. -+ CMPL CX, $0; JE _0args -+ CMPL CX, $1; JE _1args -+ CMPL CX, $2; JE _2args -+ CMPL CX, $3; JE _3args -+ CMPL CX, $4; JE _4args ++// SupprtsTLS13KDF reports whether the current OpenSSL version supports TLS13-KDF. ++func SupportsTLS13KDF() bool { ++ switch major() { ++ case 1: ++ return false ++ case 3, 4: ++ // TLS13-KDF is available in OpenSSL 3.0.0 and later. ++ _, err := fetchTLS13_KDF() ++ return err == nil ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} + -+#ifndef GOOS_windows // Windows does not pass more than 4 args in registers -+ CMPL CX, $5; JE _5args -+ CMPL CX, $6; JE _6args ++func newHKDFCtx1(md ossl.EVP_MD_PTR, mode int32, secret, salt, pseudorandomKey, info []byte) (ctx ossl.EVP_PKEY_CTX_PTR, err error) { ++ checkMajorVersion(1) + -+#endif ++ ctx, err = ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_HKDF, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer func() { ++ if err != nil { ++ ossl.EVP_PKEY_CTX_free(ctx) ++ } ++ }() + -+ // Reserve stack space for remaining args -+ MOVQ CX, R12 -+ SUBQ $RegArgsN, R12 -+ ADDQ $1, R12 // make even number of words for stack alignment -+ ANDQ $~1, R12 -+ SHLQ $3, R12 -+ SUBQ R12, SP ++ if _, err := ossl.EVP_PKEY_derive_init(ctx); err != nil { ++ return ctx, err ++ } + -+ // Copy args to the stack. -+ // CX: count of stack arguments (n-RegArgsN) -+ // SI: &args[RegArgsN] -+ // DI: copy of RSP -+ SUBQ $RegArgsN, CX -+ MOVQ R10, SI -+ ADDQ $(8*RegArgsN), SI -+ MOVQ SP, DI -+ CLD -+ REP; MOVSQ ++ ctrlSlice := func(ctrl int32, data []byte) bool { ++ if err != nil { ++ return false ++ } ++ if len(data) == 0 { ++ return true // No data to set. ++ } ++ _, err = ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ossl.EVP_PKEY_OP_DERIVE, ctrl, int32(len(data)), unsafe.Pointer(base(data))) ++ return err == nil ++ } + -+#ifndef GOOS_windows -+_6args: -+ MOVQ (5*8)(R10), R9 ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ossl.EVP_PKEY_OP_DERIVE, ossl.EVP_PKEY_CTRL_HKDF_MODE, mode, nil); err != nil { ++ return ctx, err ++ } ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ossl.EVP_PKEY_OP_DERIVE, ossl.EVP_PKEY_CTRL_HKDF_MD, 0, unsafe.Pointer(md)); err != nil { ++ return ctx, err ++ } ++ if ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_KEY, secret) && ++ ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_SALT, salt) && ++ ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_KEY, pseudorandomKey) && ++ ctrlSlice(ossl.EVP_PKEY_CTRL_HKDF_INFO, info) { ++ return ctx, err ++ } ++ return ctx, nil ++} + -+_5args: -+ MOVQ (4*8)(R10), R8 ++// hkdfAllZerosSalt is a preallocated buffer of zeros used in ExtractHKDF(). ++// The size should be kept as large as the output length of any hash algorithm ++// used with HKDF. ++var hkdfAllZerosSalt [64]byte + -+#endif -+_4args: -+ MOVQ (3*8)(R10), CX ++// ExtractHDKF implements the HDKF extract step. ++// If salt is nil, then this function replaces it internally with a buffer of ++// zeros whose length equals the output length of the specified hash algorithm. ++func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { ++ if !SupportsHKDF() { ++ return nil, errUnsupportedVersion() ++ } + -+_3args: -+ MOVQ (2*8)(R10), DX ++ md, err := hashFuncToMD(h) ++ if err != nil { ++ return nil, err ++ } + -+_2args: -+ MOVQ (1*8)(R10), SI ++ // If calling code specifies nil salt, replace it with a buffer of hashLen ++ // zeros, as specified in RFC 5896 and as OpenSSL EVP_KDF-HKDF documentation ++ // instructs. Take a slice of a preallocated buffer to avoid allocating new ++ // buffer per call, but fall back to allocating a buffer if preallocated ++ // buffer is not large enough. ++ if salt == nil { ++ hlen := h().Size() ++ if hlen > len(hkdfAllZerosSalt) { ++ salt = make([]byte, hlen) ++ } else { ++ salt = hkdfAllZerosSalt[:hlen] ++ } ++ } + -+_1args: -+ MOVQ (0*8)(R10), DI ++ switch major() { ++ case 1: ++ ctx, err := newHKDFCtx1(md, ossl.EVP_KDF_HKDF_MODE_EXTRACT_ONLY, secret, salt, nil, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ var keylen int ++ if _, err := ossl.EVP_PKEY_derive(ctx, nil, &keylen); err != nil { ++ return nil, err ++ } ++ out := make([]byte, keylen) ++ if _, err := ossl.EVP_PKEY_derive(ctx, out, &keylen); err != nil { ++ return nil, err ++ } ++ return out[:keylen], nil ++ case 3, 4: ++ ctx, err := newHKDFCtx3(md, ossl.EVP_KDF_HKDF_MODE_EXTRACT_ONLY, secret, salt, nil, nil) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_KDF_CTX_free(ctx) ++ size, err := ossl.EVP_KDF_CTX_get_kdf_size(ctx) ++ if err != nil { ++ return nil, err ++ } ++ out := make([]byte, size) ++ if _, err := ossl.EVP_KDF_derive(ctx, out, nil); err != nil { ++ return nil, err ++ } ++ return out, nil ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} + -+_0args: ++// ExpandHKDF derives a key from the given hash, key, and optional context info. ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ if !SupportsHKDF() { ++ return nil, errUnsupportedVersion() ++ } + -+ XORL AX, AX // vararg: say "no float args" ++ md, err := hashFuncToMD(h) ++ if err != nil { ++ return nil, err ++ } + -+#ifdef GOOS_windows -+ // Windows x64 syscall ABI: first four integer args in CX, DX, R8, R9 -+ // and 32 bytes of shadow space on the stack. -+ ADJSP $32 -+ MOVQ CX, R9 -+ MOVQ DX, R8 -+ MOVQ SI, DX -+ MOVQ DI, CX ++ out := make([]byte, keyLength) ++ switch major() { ++ case 1: ++ ctx, err := newHKDFCtx1(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if len(out) == 0 { ++ // Nothing to do, so exit early. ++ // We also can't call EVP_PKEY_derive because some engines error on zero-length output. ++ // We can only exit after calling newHKDFCtx1 because we still need it to validate the parameters. ++ return out, nil ++ } ++ keylen := keyLength ++ if _, err := ossl.EVP_PKEY_derive(ctx, out, &keylen); err != nil { ++ return nil, err ++ } ++ case 3, 4: ++ ctx, err := newHKDFCtx3(md, ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_KDF_CTX_free(ctx) ++ if len(out) == 0 { ++ // Nothing to do, so exit early. ++ // We also can't call EVP_PKEY_derive because some engines error on zero-length output. ++ // We can only exit after calling newHKDFCtx3 because we still need it to validate the parameters. ++ return out, nil ++ } ++ if _, err := ossl.EVP_KDF_derive(ctx, out, nil); err != nil { ++ return nil, err ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ return out, nil ++} + -+#endif ++// ExpandTLS13KDF derives a key from the given hash, key, label and context. It will use ++// "TLS13-KDF" algorithm to do so. ++func ExpandTLS13KDF(h func() hash.Hash, pseudorandomKey, label, context []byte, keyLength int) ([]byte, error) { ++ if !SupportsTLS13KDF() { ++ return nil, errUnsupportedVersion() ++ } + -+ CALL R11 ++ md, err := hashFuncToMD(h) ++ if err != nil { ++ return nil, err ++ } + -+#ifdef GOOS_windows -+ ADJSP $-32 ++ out := make([]byte, keyLength) + -+#endif ++ ctx, err := newTLS13KDFExpandCtx3(md, label, context, pseudorandomKey) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_KDF_CTX_free(ctx) ++ if _, err := ossl.EVP_KDF_derive(ctx, out, nil); err != nil { ++ return nil, err ++ } ++ return out, nil ++} + -+ MOVQ R14, SP // free stack space ++// fetchTLS13_KDF fetches the TLS13-KDF algorithm. ++// It is safe to call this function concurrently. ++// The returned EVP_KDF_PTR shouldn't be freed. ++var fetchTLS13_KDF = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { ++ checkMajorVersion(3, 4) + -+ // Return result. -+ MOVQ AX, libcCallInfo_r1(R13) -+ MOVQ DX, libcCallInfo_r2(R13) ++ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_TLS13_KDF.ptr(), nil) ++ if err != nil { ++ return nil, err ++ } ++ return kdf, nil ++}) + -+ RET -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/asm_arm64.s b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/asm_arm64.s -new file mode 100644 -index 00000000000000..261a7e4cb90d56 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/asm_arm64.s -@@ -0,0 +1,97 @@ -+// Copyright 2015 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. ++// newTLS13KDFExpandCtx3 fetches the "TLS13-KDF" for TLS 1.3 handshakes. ++func newTLS13KDFExpandCtx3(md ossl.EVP_MD_PTR, label, context, pseudorandomKey []byte) (_ ossl.EVP_KDF_CTX_PTR, err error) { ++ checkMajorVersion(3, 4) + -+//go:build !cgo ++ kdf, err := fetchTLS13_KDF() ++ if err != nil { ++ return nil, err ++ } + -+#include "go_asm.h" -+#include "textflag.h" ++ ctx, err := ossl.EVP_KDF_CTX_new(kdf) ++ if err != nil { ++ return nil, err ++ } ++ defer func() { ++ if err != nil { ++ ossl.EVP_KDF_CTX_free(ctx) ++ } ++ }() + -+TEXT ·syscallNSystemStack_trampoline(SB), NOSPLIT, $16 -+ MOVD R0, 8(RSP) -+ CALL ·syscallNSystemStack(SB) -+ RET ++ bld := newParamBuilder() ++ defer bld.finalize() ++ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) ++ bld.addInt32(_OSSL_KDF_PARAM_MODE, int32(ossl.EVP_KDF_HKDF_MODE_EXPAND_ONLY)) ++ bld.addOctetString(_OSSL_KDF_PARAM_PREFIX, []byte("tls13 ")) ++ bld.addOctetString(_OSSL_KDF_PARAM_LABEL, label) ++ bld.addOctetString(_OSSL_KDF_PARAM_DATA, context) ++ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) + -+TEXT ·syscallNAsm(SB), NOSPLIT, $0-16 -+ // Save original stack pointer -+ MOVD RSP, R20 ++ params, err := bld.build() ++ if err != nil { ++ return ctx, err ++ } ++ defer ossl.OSSL_PARAM_free(params) + -+ // Load pointer from stack (ABI0 calling convention) -+ MOVD libcArgs+0(FP), R3 ++ if _, err := ossl.EVP_KDF_CTX_set_params(ctx, params); err != nil { ++ return ctx, err ++ } ++ return ctx, nil ++} + -+ MOVD libcCallInfo_args(R3), R12 -+ MOVD libcCallInfo_fn(R3), R13 ++// fetchHKDF3 fetches the HKDF algorithm. ++// It is safe to call this function concurrently. ++// The returned EVP_KDF_PTR shouldn't be freed. ++var fetchHKDF3 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { ++ checkMajorVersion(3, 4) + -+ // Do we have more than 8 arguments? -+ MOVD libcCallInfo_n(R3), R0 -+ CMP $0, R0; BEQ _0args -+ CMP $1, R0; BEQ _1args -+ CMP $2, R0; BEQ _2args -+ CMP $3, R0; BEQ _3args -+ CMP $4, R0; BEQ _4args -+ CMP $5, R0; BEQ _5args -+ CMP $6, R0; BEQ _6args -+ CMP $7, R0; BEQ _7args -+ CMP $8, R0; BEQ _8args ++ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_HKDF.ptr(), nil) ++ if err != nil { ++ return nil, err ++ } ++ return kdf, nil ++}) + -+ // Reserve stack space for remaining args -+ SUB $8, R0, R2 -+ ADD $1, R2, R3 // make even number of words for stack alignment -+ AND $~1, R3 -+ LSL $3, R3 -+ SUB R3, RSP ++// newHKDFCtx3 implements HKDF for OpenSSL 3 using the EVP_KDF API. ++func newHKDFCtx3(md ossl.EVP_MD_PTR, mode int32, secret, salt, pseudorandomKey, info []byte) (_ ossl.EVP_KDF_CTX_PTR, err error) { ++ checkMajorVersion(3, 4) + -+ // R4: size of stack arguments (n-8)*8 -+ // R5: &args[8] -+ // R6: loop counter, from 0 to (n-8)*8 -+ // R7: scratch -+ // R8: copy of RSP - (R2)(RSP) assembles as (R2)(ZR) -+ SUB $8, R0, R4 -+ LSL $3, R4 -+ ADD $(8*8), R12, R5 -+ MOVD $0, R6 -+ MOVD RSP, R8 ++ kdf, err := fetchHKDF3() ++ if err != nil { ++ return nil, err ++ } ++ ctx, err := ossl.EVP_KDF_CTX_new(kdf) ++ if err != nil { ++ return nil, err ++ } ++ defer func() { ++ if err != nil { ++ ossl.EVP_KDF_CTX_free(ctx) ++ } ++ }() + -+stackargs: -+ MOVD (R6)(R5), R7 -+ MOVD R7, (R6)(R8) -+ ADD $8, R6 -+ CMP R6, R4 -+ BNE stackargs ++ bld := newParamBuilder() ++ defer bld.finalize() ++ bld.addInt32(_OSSL_KDF_PARAM_FIPS_KEY_CHECK, 0) ++ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) ++ bld.addInt32(_OSSL_KDF_PARAM_MODE, int32(mode)) ++ bld.addOctetString(_OSSL_KDF_PARAM_KEY, secret) ++ bld.addOctetString(_OSSL_KDF_PARAM_SALT, salt) ++ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) ++ bld.addOctetString(_OSSL_KDF_PARAM_INFO, info) ++ params, err := bld.build() ++ if err != nil { ++ return ctx, err ++ } ++ defer ossl.OSSL_PARAM_free(params) + -+_8args: -+ MOVD (7*8)(R12), R7 ++ if _, err := ossl.EVP_KDF_CTX_set_params(ctx, params); err != nil { ++ return ctx, err ++ } ++ return ctx, nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hmac.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hmac.go +new file mode 100644 +index 00000000000000..88f6ce7eb85ca1 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hmac.go +@@ -0,0 +1,280 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+_7args: -+ MOVD (6*8)(R12), R6 ++package openssl + -+_6args: -+ MOVD (5*8)(R12), R5 ++import ( ++ "hash" ++ "runtime" ++ "slices" ++ "sync" + -+_5args: -+ MOVD (4*8)(R12), R4 ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+_4args: -+ MOVD (3*8)(R12), R3 ++// NewHMAC returns a new HMAC using OpenSSL. ++// The function h must return a hash implemented by ++// OpenSSL (for example, h could be openssl.NewSHA256). ++// If h is not recognized, NewHMAC returns nil. ++func NewHMAC(fh func() hash.Hash, key []byte) hash.Hash { ++ h, _ := hashFuncHash(fh) ++ md := hashToMD(h) ++ if md == nil { ++ return nil ++ } + -+_3args: -+ MOVD (2*8)(R12), R2 ++ if len(key) == 0 { ++ // This is supported in OpenSSL/Standard lib and as such ++ // we must support it here. When using HMAC with a null key ++ // HMAC_Init will try and reuse the key from the ctx. This is ++ // not the behavior previously implemented, so as a workaround ++ // we pass an "empty" key. ++ key = make([]byte, ossl.EVP_MAX_MD_SIZE) ++ } + -+_2args: -+ MOVD (1*8)(R12), R1 ++ hmac := &opensslHMAC{ ++ size: h.Size(), ++ blockSize: h.BlockSize(), ++ } + -+_1args: -+ MOVD (0*8)(R12), R0 ++ switch major() { ++ case 1: ++ ctx := newHMAC1(key, md) ++ if ctx.ctx == nil { ++ return nil ++ } ++ hmac.ctx1 = ctx ++ case 3, 4: ++ ctx := newHMAC3(key, md) ++ if ctx.ctx == nil { ++ return nil ++ } ++ hmac.ctx3 = ctx ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ runtime.SetFinalizer(hmac, (*opensslHMAC).finalize) ++ return hmac ++} + -+_0args: ++// hmacCtx3 is used for OpenSSL 1. ++type hmacCtx1 struct { ++ ctx ossl.HMAC_CTX_PTR ++} + -+ BL (R13) ++// hmacCtx3 is used for OpenSSL 3. ++type hmacCtx3 struct { ++ ctx ossl.EVP_MAC_CTX_PTR ++ key []byte // only set for OpenSSL 3.0.0, 3.0.1, and 3.0.2. ++} + -+ // Restore original stack pointer -+ MOVD R20, RSP ++type opensslHMAC struct { ++ ctx1 hmacCtx1 ++ ctx3 hmacCtx3 ++ size int ++ blockSize int ++ sum [maxHashSize]byte ++} + -+ MOVD libcArgs+0(FP), R3 -+ MOVD R0, libcCallInfo_r1(R3) // save r1 -+ MOVD R1, libcCallInfo_r2(R3) // save r2 ++func newHMAC1(key []byte, md ossl.EVP_MD_PTR) hmacCtx1 { ++ ctx, err := ossl.HMAC_CTX_new() ++ if err != nil { ++ panic(err) ++ } ++ if _, err := ossl.HMAC_Init_ex(ctx, key, md, nil); err != nil { ++ panic(err) ++ } ++ return hmacCtx1{ctx} ++} + -+ RET -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo.go -new file mode 100644 -index 00000000000000..a9ad56e22fa2ac ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo.go -@@ -0,0 +1,72 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++var hmacDigestsSupported sync.Map ++var fetchHMAC3 = sync.OnceValue(func() ossl.EVP_MAC_PTR { ++ mac, err := ossl.EVP_MAC_fetch(nil, _OSSL_MAC_NAME_HMAC.ptr(), nil) ++ if err != nil { ++ panic(err) ++ } ++ return mac ++}) + -+//go:build !cgo && (amd64 || arm64) ++func buildHMAC3Params(md ossl.EVP_MD_PTR) (ossl.OSSL_PARAM_PTR, error) { ++ bld := newParamBuilder() ++ defer bld.finalize() ++ bld.addUTF8String(_OSSL_MAC_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) ++ bld.addInt32(_OSSL_MAC_PARAM_FIPS_KEY_CHECK, 0) ++ return bld.build() ++} + -+package xsyscall ++func isHMAC3DigestSupported(md ossl.EVP_MD_PTR) bool { ++ nid := ossl.EVP_MD_get_type(md) ++ if v, ok := hmacDigestsSupported.Load(nid); ok { ++ return v.(bool) ++ } ++ ctx, err := ossl.EVP_MAC_CTX_new(fetchHMAC3()) ++ if err != nil { ++ panic(err) ++ } ++ defer ossl.EVP_MAC_CTX_free(ctx) + -+import ( -+ "unsafe" -+) ++ params, err := buildHMAC3Params(md) ++ if err != nil { ++ panic(err) ++ } ++ defer ossl.OSSL_PARAM_free(params) + -+//go:linkname runtime_cgocall runtime.cgocall ++ _, err = ossl.EVP_MAC_CTX_set_params(ctx, params) ++ supported := err == nil ++ hmacDigestsSupported.Store(nid, supported) ++ return supported ++} + -+//go:noescape -+func runtime_cgocall(fn uintptr, arg unsafe.Pointer) int32 // from runtime/sys_libc.go ++func newHMAC3(key []byte, md ossl.EVP_MD_PTR) hmacCtx3 { ++ if !isHMAC3DigestSupported(md) { ++ // The digest is not supported by the HMAC provider. ++ // Don't panic here so the Go standard library to ++ // fall back to the Go implementation. ++ // See https://github.com/golang-fips/openssl/issues/153. ++ return hmacCtx3{} ++ } ++ params, err := buildHMAC3Params(md) ++ if err != nil { ++ panic(err) ++ } ++ defer ossl.OSSL_PARAM_free(params) + -+//go:linkname noescape -+//go:nosplit -+func noescape(p unsafe.Pointer) unsafe.Pointer { -+ x := uintptr(p) -+ return unsafe.Pointer(x ^ 0) -+} ++ ctx, err := ossl.EVP_MAC_CTX_new(fetchHMAC3()) ++ if err != nil { ++ panic(err) ++ } + -+type libcCallInfo struct { -+ fn uintptr -+ n uintptr // number of parameters -+ args uintptr // parameters -+ r1, r2 uintptr // return values -+ errType uintptr ++ if _, err := ossl.EVP_MAC_init(ctx, key, params); err != nil { ++ ossl.EVP_MAC_CTX_free(ctx) ++ panic(err) ++ } ++ var hkey []byte ++ //versionguardcheck:ignore OpenSSL 3.0.0–3.0.2 EVP_MAC_init does not reset without a key: https://github.com/openssl/openssl/issues/17811. ++ if major() == 3 && minor() == 0 && patch() <= 2 { ++ // EVP_MAC_init only resets the ctx internal state if a key is passed ++ // when using OpenSSL 3.0.0, 3.0.1, and 3.0.2. Save a copy of the key ++ // in the context so Reset can use it later. New OpenSSL versions ++ // do not have this issue so it isn't necessary to save the key. ++ hkey = make([]byte, len(key)) ++ copy(hkey, key) ++ } ++ return hmacCtx3{ctx, hkey} +} + -+//go:noescape -+func syscallNAsm(libcArgs *libcCallInfo) ++func (h *opensslHMAC) Reset() { ++ switch major() { ++ case 1: ++ if _, err := ossl.HMAC_Init_ex(h.ctx1.ctx, nil, nil, nil); err != nil { ++ panic(err) ++ } ++ case 3, 4: ++ if _, err := ossl.EVP_MAC_init(h.ctx3.ctx, h.ctx3.key, nil); err != nil { ++ panic(err) ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } + -+// syscallNSystemStack performs a syscall on the system stack. -+// It can't allocate Go memory nor grow the stack over the nosplit limit. -+// -+//go:nosplit -+func syscallNSystemStack(libcArgs *libcCallInfo) { -+ syscallNAsm(libcArgs) ++ runtime.KeepAlive(h) // Next line will keep h alive too; just making doubly sure. +} + -+var syscallNSystemStack_trampoline byte -+var syscallNSystemStackABIInternal = uintptr(unsafe.Pointer(&syscallNSystemStack_trampoline)) -+ -+// SyscallN performs a syscall with the given function and arguments. -+// -+// All its parameters and return values must be uintptr in order -+// for the Go compiler to automatically set the //go:uintptrkeepalive -+// directive (which we can't set manually here). -+// See https://github.com/golang/go/blob/9a5a1202f4c4d5a7048b149b65c3e5b82a2de9aa/src/cmd/compile/internal/escape/call.go#L275. -+// -+//go:nosplit -+func SyscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { -+ libcArgs := libcCallInfo{ -+ fn: fn, -+ n: uintptr(len(args)), -+ errType: errType, ++func (h *opensslHMAC) finalize() { ++ if h.ctx1.ctx != nil { ++ ossl.HMAC_CTX_free(h.ctx1.ctx) + } -+ if libcArgs.n != 0 { -+ libcArgs.args = uintptr(noescape(unsafe.Pointer(&args[0]))) ++ if h.ctx3.ctx != nil { ++ ossl.EVP_MAC_CTX_free(h.ctx3.ctx) + } -+ runtime_cgocall(syscallNSystemStackABIInternal, unsafe.Pointer(&libcArgs)) -+ return libcArgs.r1, libcArgs.r2 +} + -+// Shim syscallN calls SyscallN. -+// -+//go:nosplit -+func syscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { -+ return SyscallN(errType, fn, args...) ++func (h *opensslHMAC) Write(p []byte) (int, error) { ++ if len(p) > 0 { ++ switch major() { ++ case 1: ++ ossl.HMAC_Update(h.ctx1.ctx, p) ++ case 3, 4: ++ ossl.EVP_MAC_update(h.ctx3.ctx, p) ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ } ++ runtime.KeepAlive(h) ++ return len(p), nil +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo_darwin.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo_darwin.go -new file mode 100644 -index 00000000000000..2d4d32fca87fdb ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo_darwin.go -@@ -0,0 +1,10 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. + -+//go:build !cgo ++func (h *opensslHMAC) Size() int { ++ return h.size ++} + -+package xsyscall ++func (h *opensslHMAC) BlockSize() int { ++ return h.blockSize ++} + -+import ( -+ _ "github.com/microsoft/go-crypto-darwin/internal/fakecgo" -+) -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo_others.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo_others.go -new file mode 100644 -index 00000000000000..28dba16a23340e ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/xsyscall/syscall_nocgo_others.go -@@ -0,0 +1,14 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++func (h *opensslHMAC) Sum(in []byte) []byte { ++ // Make copy of context because Go hash.Hash mandates ++ // that Sum has no effect on the underlying stream. ++ // In particular it is OK to Sum, then Write more, then Sum again, ++ // and the second Sum acts as if the first didn't happen. ++ switch major() { ++ case 1: ++ ctx2, err := ossl.HMAC_CTX_new() ++ if err != nil { ++ panic(err) ++ } ++ defer ossl.HMAC_CTX_free(ctx2) ++ if _, err := ossl.HMAC_CTX_copy(ctx2, h.ctx1.ctx); err != nil { ++ panic(err) ++ } ++ ossl.HMAC_Final(ctx2, h.sum[:h.size], nil) ++ case 3, 4: ++ ctx2, err := ossl.EVP_MAC_CTX_dup(h.ctx3.ctx) ++ if err != nil { ++ panic(err) ++ } ++ defer ossl.EVP_MAC_CTX_free(ctx2) ++ ossl.EVP_MAC_final(ctx2, h.sum[:h.size], nil) ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ return append(in, h.sum[:h.size]...) ++} + -+//go:build !cgo && !(amd64 || arm64) ++func (h *opensslHMAC) Clone() (HashCloner, error) { ++ switch major() { ++ case 1: ++ ctx2, err := ossl.HMAC_CTX_new() ++ if err != nil { ++ panic(err) ++ } ++ if _, err := ossl.HMAC_CTX_copy(ctx2, h.ctx1.ctx); err != nil { ++ ossl.HMAC_CTX_free(ctx2) ++ panic(err) ++ } ++ cl := &opensslHMAC{ ++ ctx1: hmacCtx1{ctx: ctx2}, ++ size: h.size, ++ blockSize: h.blockSize, ++ } ++ runtime.SetFinalizer(cl, (*opensslHMAC).finalize) ++ return cl, nil + -+package xsyscall ++ case 3, 4: ++ ctx2, err := ossl.EVP_MAC_CTX_dup(h.ctx3.ctx) ++ if err != nil { ++ panic(err) ++ } + -+// Implement a mock version of SyscallN for unsupported architectures. -+// This will simply panic to indicate that the syscall is not supported. ++ cl := &opensslHMAC{ ++ ctx3: hmacCtx3{ctx: ctx2, key: slices.Clone(h.ctx3.key)}, ++ size: h.size, ++ blockSize: h.blockSize, ++ } ++ runtime.SetFinalizer(cl, (*opensslHMAC).finalize) ++ return cl, nil + -+//go:nosplit -+func SyscallN(errType uintptr, fn uintptr, args ...uintptr) (r1, r2 uintptr) { -+ panic("SyscallN is not supported on this architecture") ++ default: ++ panic(errUnsupportedVersion()) ++ } +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/mldsa.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/mldsa.go new file mode 100644 -index 00000000000000..5f005eda956f2c +index 00000000000000..49481d99023c12 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go -@@ -0,0 +1,152 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/mldsa.go +@@ -0,0 +1,449 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+//go:build darwin -+ -+package xcrypto ++package openssl + +import ( -+ "crypto/cipher" + "errors" -+ "slices" ++ "sync" + -+ "github.com/microsoft/go-crypto-darwin/internal/commoncrypto" ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+//go:generate go run github.com/microsoft/go-crypto-darwin/cmd/gentestvectors -out vectors_test.go ++const ( ++ // privateKeySizeMLDSA is the size of an ML-DSA private key seed. ++ privateKeySizeMLDSA = 32 + -+type cipherGCMTLS uint8 ++ // publicKeySizeMLDSA44 is the size of an ML-DSA-44 public key encoding. ++ publicKeySizeMLDSA44 = 1312 + -+const ( -+ cipherGCMTLSNone cipherGCMTLS = iota -+ cipherGCMTLS12 -+ cipherGCMTLS13 -+) ++ // publicKeySizeMLDSA65 is the size of an ML-DSA-65 public key encoding. ++ publicKeySizeMLDSA65 = 1952 + -+const ( -+ // AES block size is the same for all key sizes -+ aesBlockSize = commoncrypto.KCCBlockSizeAES128 -+ gcmTagSize = 16 -+ gcmStandardNonceSize = 12 -+ // TLS 1.2 additional data is constructed as: -+ // -+ // additional_data = seq_num(8) + TLSCompressed.type(1) + TLSCompressed.version(2) + TLSCompressed.length(2); -+ gcmTls12AddSize = 13 -+ // TLS 1.3 additional data is constructed as: -+ // -+ // additional_data = TLSCiphertext.opaque_type(1) || TLSCiphertext.legacy_record_version(2) || TLSCiphertext.length(2) -+ gcmTls13AddSize = 5 -+ gcmTlsFixedNonceSize = 4 ++ // publicKeySizeMLDSA87 is the size of an ML-DSA-87 public key encoding. ++ publicKeySizeMLDSA87 = 2592 ++ ++ // signatureSizeMLDSA44 is the size of an ML-DSA-44 signature. ++ signatureSizeMLDSA44 = 2420 ++ ++ // signatureSizeMLDSA65 is the size of an ML-DSA-65 signature. ++ signatureSizeMLDSA65 = 3309 ++ ++ // signatureSizeMLDSA87 is the size of an ML-DSA-87 signature. ++ signatureSizeMLDSA87 = 4627 ++ ++ // muSizeMLDSA is the size of the pre-hashed mu input to the external-mu ++ // variants of Sign and Verify. ++ muSizeMLDSA = 64 ++ ++ // maxContextSizeMLDSA is the maximum allowed length of the context string ++ // passed to Sign and Verify. ++ maxContextSizeMLDSA = 255 +) + -+type aesCipher struct { -+ key []byte -+ kind commoncrypto.CCAlgorithm ++// SupportsMLDSA returns true if the given ML-DSA parameter set is supported ++// on this platform. Providers may not implement every security level, so ++// callers must probe each parameter set they intend to use. ++func SupportsMLDSA(params MLDSAParameters) bool { ++ switch params.keyType { ++ case ossl.EVP_PKEY_ML_DSA_44: ++ return supportsMLDSA44() ++ case ossl.EVP_PKEY_ML_DSA_65: ++ return supportsMLDSA65() ++ case ossl.EVP_PKEY_ML_DSA_87: ++ return supportsMLDSA87() ++ default: ++ return false ++ } +} + -+func NewAESCipher(key []byte) (cipher.Block, error) { -+ var alg commoncrypto.CCAlgorithm -+ switch len(key) { -+ case 16, 24, 32: -+ alg = commoncrypto.KCCAlgorithmAES -+ default: -+ return nil, errors.New("crypto/aes: invalid key size") ++// probeMLDSA reports whether the OpenSSL provider exposes the given ML-DSA ++// algorithm via the keymgmt fetch interface. ML-DSA was added in OpenSSL 3.5; ++// older 3.x releases return nil for unknown algorithm names, and 1.x lacks ++// the fetch interface entirely. ++func probeMLDSA(name cString) bool { ++ if !ossl.EVP_KEYMGMT_fetch_Available() { ++ return false + } -+ c := &aesCipher{ -+ key: slices.Clone(key), -+ kind: alg, ++ mgmt, _ := ossl.EVP_KEYMGMT_fetch(nil, name.ptr(), nil) ++ if mgmt == nil { ++ return false + } -+ return c, nil ++ ossl.EVP_KEYMGMT_free(mgmt) ++ return true +} + -+func (c *aesCipher) BlockSize() int { return aesBlockSize } ++var ( ++ supportsMLDSA44 = sync.OnceValue(func() bool { return probeMLDSA(_KeyTypeMLDSA44) }) ++ supportsMLDSA65 = sync.OnceValue(func() bool { return probeMLDSA(_KeyTypeMLDSA65) }) ++ supportsMLDSA87 = sync.OnceValue(func() bool { return probeMLDSA(_KeyTypeMLDSA87) }) ++) + -+func (c *aesCipher) Encrypt(dst, src []byte) { -+ blockSize := c.BlockSize() -+ if len(src) < blockSize || len(dst) < blockSize { -+ panic("crypto/aes: input or output block is too small") ++// MLDSAParameters represents one of the fixed ML-DSA parameter sets. ++type MLDSAParameters struct { ++ name string ++ keyType int32 ++ keyTypeName cString ++ publicKeySize int ++ signatureSize int ++} ++ ++var ( ++ mldsa44 = MLDSAParameters{ ++ name: "ML-DSA-44", ++ keyType: ossl.EVP_PKEY_ML_DSA_44, ++ keyTypeName: _KeyTypeMLDSA44, ++ publicKeySize: publicKeySizeMLDSA44, ++ signatureSize: signatureSizeMLDSA44, ++ } ++ mldsa65 = MLDSAParameters{ ++ name: "ML-DSA-65", ++ keyType: ossl.EVP_PKEY_ML_DSA_65, ++ keyTypeName: _KeyTypeMLDSA65, ++ publicKeySize: publicKeySizeMLDSA65, ++ signatureSize: signatureSizeMLDSA65, ++ } ++ mldsa87 = MLDSAParameters{ ++ name: "ML-DSA-87", ++ keyType: ossl.EVP_PKEY_ML_DSA_87, ++ keyTypeName: _KeyTypeMLDSA87, ++ publicKeySize: publicKeySizeMLDSA87, ++ signatureSize: signatureSizeMLDSA87, + } ++) + -+ src, dst = src[:blockSize], dst[:blockSize] ++// MLDSA44 returns the ML-DSA-44 parameter set. ++func MLDSA44() MLDSAParameters { return mldsa44 } + -+ if inexactOverlap(dst, src) { -+ panic("crypto/aes: invalid buffer overlap") ++// MLDSA65 returns the ML-DSA-65 parameter set. ++func MLDSA65() MLDSAParameters { return mldsa65 } ++ ++// MLDSA87 returns the ML-DSA-87 parameter set. ++func MLDSA87() MLDSAParameters { return mldsa87 } ++ ++func (params MLDSAParameters) valid() bool { ++ switch params { ++ case mldsa44, mldsa65, mldsa87: ++ return true ++ default: ++ return false + } ++} + -+ status := commoncrypto.CCCrypt( -+ commoncrypto.KCCEncrypt, // Operation -+ commoncrypto.CCAlgorithm(c.kind), // Algorithm -+ 0, // Options -+ c.key, // Key -+ nil, // IV -+ src, // Input -+ dst, // Output -+ nil, // Output length -+ ) -+ if status != commoncrypto.KCCSuccess { -+ panic("crypto/aes: encryption failed") ++// PublicKeySize returns the size of public keys for this parameter set, in bytes. ++func (params MLDSAParameters) PublicKeySize() int { return params.publicKeySize } ++ ++// SignatureSize returns the size of signatures for this parameter set, in bytes. ++func (params MLDSAParameters) SignatureSize() int { return params.signatureSize } ++ ++// String returns the name of the parameter set. ++func (params MLDSAParameters) String() string { return params.name } ++ ++var errInvalidMLDSAParameters = errors.New("mldsa: invalid parameters") ++ ++// PrivateKeyMLDSA is an ML-DSA private key seed. ++type PrivateKeyMLDSA struct { ++ params MLDSAParameters ++ seed [privateKeySizeMLDSA]byte ++} ++ ++// GenerateKeyMLDSA generates a new ML-DSA private key. ++func GenerateKeyMLDSA(params MLDSAParameters) (*PrivateKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters + } ++ key := &PrivateKeyMLDSA{params: params} ++ if err := generateMLDSASeed(params.keyType, key.seed[:]); err != nil { ++ return nil, err ++ } ++ return key, nil +} + -+func (c *aesCipher) Decrypt(dst, src []byte) { -+ blockSize := c.BlockSize() -+ if len(src) < blockSize || len(dst) < blockSize { -+ panic("crypto/aes: input or output block is too small") ++// NewPrivateKeyMLDSA constructs an ML-DSA private key from its 32-byte seed. ++func NewPrivateKeyMLDSA(params MLDSAParameters, seed []byte) (*PrivateKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters ++ } ++ if len(seed) != privateKeySizeMLDSA { ++ return nil, errors.New("mldsa: invalid private key size") + } ++ key := &PrivateKeyMLDSA{params: params} ++ copy(key.seed[:], seed) ++ return key, nil ++} + -+ src, dst = src[:blockSize], dst[:blockSize] ++// Bytes returns the private key seed. ++func (key *PrivateKeyMLDSA) Bytes() []byte { ++ return key.seed[:] ++} + -+ if inexactOverlap(dst, src) { -+ panic("crypto/aes: invalid buffer overlap") ++// Parameters returns the parameters associated with this private key. ++func (key *PrivateKeyMLDSA) Parameters() MLDSAParameters { return key.params } ++ ++// PublicKey returns the corresponding public key. ++func (key *PrivateKeyMLDSA) PublicKey() *PublicKeyMLDSA { ++ publicKey := &PublicKeyMLDSA{params: key.params} ++ if err := mldsaExtractPublicKey(key.params, key.seed[:], publicKey.bytes[:key.params.publicKeySize]); err != nil { ++ panic(err) + } ++ return publicKey ++} + -+ status := commoncrypto.CCCrypt( -+ commoncrypto.KCCDecrypt, // Operation -+ commoncrypto.CCAlgorithm(c.kind), // Algorithm -+ 0, // Options -+ c.key, // Key -+ nil, // IV -+ src, // Input -+ dst, // Output -+ nil, // Output length -+ ) -+ if status != commoncrypto.KCCSuccess { -+ panic("crypto/aes: decryption failed") ++// Sign signs message with the private key, optionally binding the signature ++// to a context string. The context string must be at most 255 bytes long. ++func (key *PrivateKeyMLDSA) Sign(message []byte, context string) ([]byte, error) { ++ return mldsaSign(key.params, key.seed[:], message, context) ++} ++ ++// SignExternalMu signs a pre-hashed mu message representative using ML-DSA. ++// mu must be exactly 64 bytes long. ++func (key *PrivateKeyMLDSA) SignExternalMu(mu []byte) ([]byte, error) { ++ if len(mu) != muSizeMLDSA { ++ return nil, errors.New("mldsa: invalid message hash length") + } ++ return mldsaSignExternalMu(key.params, key.seed[:], mu) +} + -+var errOpen = errors.New("cipher: message authentication failed") ++// PublicKeyMLDSA is an ML-DSA public key. ++type PublicKeyMLDSA struct { ++ params MLDSAParameters ++ bytes [publicKeySizeMLDSA87]byte ++} + -+func (c *aesCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { -+ return newCBC(commoncrypto.KCCEncrypt, c.kind, c.key, iv) ++// NewPublicKeyMLDSA constructs an ML-DSA public key from its encoding. ++func NewPublicKeyMLDSA(params MLDSAParameters, publicKey []byte) (*PublicKeyMLDSA, error) { ++ if !params.valid() { ++ return nil, errInvalidMLDSAParameters ++ } ++ if len(publicKey) != params.publicKeySize { ++ return nil, errors.New("mldsa: invalid public key size") ++ } ++ // Validate by attempting a key import. ++ pkey, err := createMLDSAPublicKey(params.keyType, publicKey) ++ if err != nil { ++ return nil, err ++ } ++ ossl.EVP_PKEY_free(pkey) ++ key := &PublicKeyMLDSA{params: params} ++ copy(key.bytes[:], publicKey) ++ return key, nil +} + -+func (c *aesCipher) NewFIPSCBCEncrypter(iv []byte) cipher.BlockMode { -+ return newCBC(commoncrypto.KCCEncrypt, c.kind, c.key, iv) ++// Bytes returns the public key encoding. ++func (key *PublicKeyMLDSA) Bytes() []byte { ++ return key.bytes[:key.params.publicKeySize] +} + -+func (c *aesCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { -+ return newCBC(commoncrypto.KCCDecrypt, c.kind, c.key, iv) ++// Parameters returns the parameters associated with this public key. ++func (key *PublicKeyMLDSA) Parameters() MLDSAParameters { return key.params } ++ ++// Verify verifies an ML-DSA signature over message bound to the given context. ++func (key *PublicKeyMLDSA) Verify(message, signature []byte, context string) error { ++ return mldsaVerify(key.params, key.bytes[:key.params.publicKeySize], message, signature, context) +} + -+func (c *aesCipher) NewFIPSCBCDecrypter(iv []byte) cipher.BlockMode { -+ return newCBC(commoncrypto.KCCDecrypt, c.kind, c.key, iv) ++// VerifyExternalMu verifies an ML-DSA signature over a pre-hashed mu message ++// representative. mu must be exactly 64 bytes long. ++func (key *PublicKeyMLDSA) VerifyExternalMu(mu, signature []byte) error { ++ if len(mu) != muSizeMLDSA { ++ return errors.New("mldsa: invalid message hash length") ++ } ++ return mldsaVerifyExternalMu(key.params, key.bytes[:key.params.publicKeySize], mu, signature) +} + -+// sliceForAppend is a mirror of crypto/cipher.sliceForAppend. -+func sliceForAppend(in []byte, n int) (head, tail []byte) { -+ if total := len(in) + n; cap(in) >= total { -+ head = in[:total] -+ } else { -+ head = make([]byte, total) -+ copy(head, in) ++// Helper functions ++ ++// generateMLDSASeed generates a new ML-DSA private key and extracts the seed. ++func generateMLDSASeed(keyType int32, seed []byte) error { ++ pkey, err := generateEVPPKey(keyType, 0, "") ++ if err != nil { ++ return err + } -+ tail = head[len(in):] -+ return ++ defer ossl.EVP_PKEY_free(pkey) ++ ++ _, err = ossl.EVP_PKEY_get_octet_string_param(pkey, _OSSL_PKEY_PARAM_ML_DSA_SEED.ptr(), seed, nil) ++ return err +} + -+func bigUint64(b []byte) uint64 { -+ _ = b[7] // bounds check hint to compiler; see go.dev/issue/14808 -+ return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | -+ uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 ++// createMLDSAPrivateKey creates an ML-DSA EVP_PKEY from a 32-byte seed. ++func createMLDSAPrivateKey(id int32, seed []byte) (ossl.EVP_PKEY_PTR, error) { ++ if len(seed) != privateKeySizeMLDSA { ++ return nil, errors.New("mldsa: invalid seed size") ++ } ++ ++ bld := newParamBuilder() ++ defer bld.finalize() ++ ++ bld.addOctetString(_OSSL_PKEY_PARAM_ML_DSA_SEED, seed) ++ ++ params, err := bld.build() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.OSSL_PARAM_free(params) ++ ++ return newEvpFromParams(id, ossl.EVP_PKEY_KEYPAIR, params) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go -new file mode 100644 -index 00000000000000..865e22ab6a3dda ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go -@@ -0,0 +1,16 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. + -+package xcrypto ++// createMLDSAPublicKey creates an ML-DSA EVP_PKEY from encoded public key bytes. ++func createMLDSAPublicKey(id int32, pubKeyBytes []byte) (ossl.EVP_PKEY_PTR, error) { ++ bld := newParamBuilder() ++ defer bld.finalize() + -+// This file does not have build constraints to -+// facilitate using BigInt in Go crypto. -+// Go crypto references BigInt unconditionally, -+// even if it is not finally used. ++ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubKeyBytes) + -+// A BigInt is the big-endian bytes from a math/big BigInt, -+// which are normalized to remove any leading 0 byte. -+// Windows BCrypt accepts this specific data format. -+// This definition allows us to avoid importing math/big. -+// Conversion between BigInt and *big.Int is in xcrypto/bbig. -+type BigInt []byte -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/chacha20poly1305.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/chacha20poly1305.go -new file mode 100644 -index 00000000000000..b0ad6c0aeaff09 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/chacha20poly1305.go -@@ -0,0 +1,88 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++ params, err := bld.build() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.OSSL_PARAM_free(params) + -+//go:build darwin ++ return newEvpFromParams(id, ossl.EVP_PKEY_PUBLIC_KEY, params) ++} + -+package xcrypto ++// mldsaExtractPublicKey derives and copies the encoded public key bytes from ++// a private key seed. ++func mldsaExtractPublicKey(params MLDSAParameters, seed, dst []byte) error { ++ pkey, err := createMLDSAPrivateKey(params.keyType, seed) ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_PKEY_free(pkey) + -+import ( -+ "crypto/cipher" -+ "errors" ++ var pubLen int ++ if _, err := ossl.EVP_PKEY_get_octet_string_param(pkey, _OSSL_PKEY_PARAM_PUB_KEY.ptr(), dst, &pubLen); err != nil { ++ return err ++ } ++ if pubLen != params.publicKeySize { ++ return errors.New("mldsa: unexpected public key size") ++ } ++ return nil ++} + -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) ++// mldsaSigParams builds the OSSL_PARAM array used to bind a context string ++// (and/or the external-mu flag) to an ML-DSA Sign or Verify operation. ++// Returns nil params when neither is set. ++func mldsaSigParams(context string, externalMu bool) (ossl.OSSL_PARAM_PTR, error) { ++ if len(context) > maxContextSizeMLDSA { ++ return nil, errors.New("mldsa: context too long") ++ } ++ if context == "" && !externalMu { ++ return nil, nil ++ } ++ bld := newParamBuilder() ++ defer bld.finalize() ++ if context != "" { ++ bld.addOctetString(_OSSL_SIGNATURE_PARAM_CONTEXT_STRING, []byte(context)) ++ } ++ if externalMu { ++ bld.addInt32(_OSSL_SIGNATURE_PARAM_MU, 1) ++ } ++ return bld.build() ++} + -+const ( -+ chacha20Poly1305KeySize = 32 -+ chacha20Poly1305NonceSize = 12 -+ chacha20Poly1305Overhead = 16 -+) ++func mldsaSign(params MLDSAParameters, seed, message []byte, context string) ([]byte, error) { ++ pkey, err := createMLDSAPrivateKey(params.keyType, seed) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_PKEY_free(pkey) + -+type chacha20poly1305 struct { -+ key [chacha20Poly1305KeySize]byte ++ return mldsaSignWithKey(pkey, params, message, context, false) +} + -+// NewChaCha20Poly1305 returns a ChaCha20-Poly1305 AEAD that uses the given 256-bit key. -+func NewChaCha20Poly1305(key []byte) (cipher.AEAD, error) { -+ if len(key) != chacha20Poly1305KeySize { -+ return nil, errors.New("chacha20poly1305: bad key length") ++func mldsaSignExternalMu(params MLDSAParameters, seed, mu []byte) ([]byte, error) { ++ pkey, err := createMLDSAPrivateKey(params.keyType, seed) ++ if err != nil { ++ return nil, err + } -+ ret := new(chacha20poly1305) -+ copy(ret.key[:], key) -+ return ret, nil ++ defer ossl.EVP_PKEY_free(pkey) ++ ++ return mldsaSignWithKey(pkey, params, mu, "", true) +} + -+func (c *chacha20poly1305) NonceSize() int { -+ return chacha20Poly1305NonceSize ++func mldsaSignWithKey(pkey ossl.EVP_PKEY_PTR, params MLDSAParameters, message []byte, context string, externalMu bool) ([]byte, error) { ++ mdctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_MD_CTX_free(mdctx) ++ ++ var pctx ossl.EVP_PKEY_CTX_PTR ++ if _, err := ossl.EVP_DigestSignInit(mdctx, &pctx, nil, nil, pkey); err != nil { ++ return nil, err ++ } ++ sigParams, err := mldsaSigParams(context, externalMu) ++ if err != nil { ++ return nil, err ++ } ++ if sigParams != nil { ++ defer ossl.OSSL_PARAM_free(sigParams) ++ if _, err := ossl.EVP_PKEY_CTX_set_params(pctx, sigParams); err != nil { ++ return nil, err ++ } ++ } ++ ++ signature := make([]byte, params.signatureSize) ++ siglen := params.signatureSize ++ if _, err := ossl.EVP_DigestSign(mdctx, signature, &siglen, message); err != nil { ++ return nil, err ++ } ++ if siglen != params.signatureSize { ++ return nil, errors.New("mldsa: unexpected signature length") ++ } ++ return signature[:siglen], nil +} + -+func (c *chacha20poly1305) Overhead() int { -+ return chacha20Poly1305Overhead ++func mldsaVerify(params MLDSAParameters, publicKey, message, signature []byte, context string) error { ++ if len(signature) != params.signatureSize { ++ return errors.New("mldsa: invalid signature length") ++ } ++ pkey, err := createMLDSAPublicKey(params.keyType, publicKey) ++ if err != nil { ++ return err ++ } ++ defer ossl.EVP_PKEY_free(pkey) ++ ++ return mldsaVerifyWithKey(pkey, message, signature, context, false) +} + -+func (c *chacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte { -+ if len(nonce) != chacha20Poly1305NonceSize { -+ panic("chacha20poly1305: bad nonce length passed to Seal") -+ } -+ if uint64(len(plaintext)) > (1<<38)-64 { -+ panic("chacha20poly1305: plaintext too large") -+ } -+ ret, out := sliceForAppend(dst, len(plaintext)+chacha20Poly1305Overhead) -+ if inexactOverlap(out, plaintext) { -+ panic("chacha20poly1305: invalid buffer overlap of output and input") -+ } -+ if anyOverlap(out, additionalData) { -+ panic("chacha20poly1305: invalid buffer overlap of output and additional data") ++func mldsaVerifyExternalMu(params MLDSAParameters, publicKey, mu, signature []byte) error { ++ if len(signature) != params.signatureSize { ++ return errors.New("mldsa: invalid signature length") + } -+ tag := out[len(out)-chacha20Poly1305Overhead:] -+ if cryptokit.EncryptChaChaPoly(c.key[:], plaintext, nonce, additionalData, out[:len(plaintext)], tag) != 0 { -+ panic("chacha20poly1305: encryption failed") ++ pkey, err := createMLDSAPublicKey(params.keyType, publicKey) ++ if err != nil { ++ return err + } -+ return ret ++ defer ossl.EVP_PKEY_free(pkey) ++ ++ return mldsaVerifyWithKey(pkey, mu, signature, "", true) +} + -+func (c *chacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { -+ if len(nonce) != chacha20Poly1305NonceSize { -+ panic("chacha20poly1305: bad nonce length passed to Open") -+ } -+ if len(ciphertext) < 16 { -+ return nil, errOpen ++func mldsaVerifyWithKey(pkey ossl.EVP_PKEY_PTR, message, signature []byte, context string, externalMu bool) error { ++ mdctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ return err + } -+ if uint64(len(ciphertext)) > (1<<38)-48 { -+ panic("chacha20poly1305: ciphertext too large") ++ defer ossl.EVP_MD_CTX_free(mdctx) ++ ++ var pctx ossl.EVP_PKEY_CTX_PTR ++ if _, err := ossl.EVP_DigestVerifyInit(mdctx, &pctx, nil, nil, pkey); err != nil { ++ return err + } -+ tag := ciphertext[len(ciphertext)-chacha20Poly1305Overhead:] -+ ciphertext = ciphertext[:len(ciphertext)-chacha20Poly1305Overhead] -+ ret, out := sliceForAppend(dst, len(ciphertext)) -+ if inexactOverlap(out, ciphertext) { -+ panic("chacha20poly1305: invalid buffer overlap of output and input") ++ sigParams, err := mldsaSigParams(context, externalMu) ++ if err != nil { ++ return err + } -+ if anyOverlap(out, additionalData) { -+ panic("chacha20poly1305: invalid buffer overlap of output and additional data") ++ if sigParams != nil { ++ defer ossl.OSSL_PARAM_free(sigParams) ++ if _, err := ossl.EVP_PKEY_CTX_set_params(pctx, sigParams); err != nil { ++ return err ++ } + } -+ var outLen int -+ if cryptokit.DecryptChaChaPoly(c.key[:], ciphertext, nonce, additionalData, tag, out, &outLen) != 0 { -+ return nil, errOpen ++ ++ if _, err := ossl.EVP_DigestVerify(mdctx, signature, message); err != nil { ++ return errors.New("mldsa: invalid signature") + } -+ return ret[:len(dst)+outLen], nil ++ return nil +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/mlkem.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/mlkem.go new file mode 100644 -index 00000000000000..d4c550b90fafae +index 00000000000000..5c2ffbabe92e15 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go -@@ -0,0 +1,114 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/mlkem.go +@@ -0,0 +1,369 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+//go:build darwin -+ -+package xcrypto ++package openssl + +import ( -+ "runtime" ++ "errors" ++ "sync" + "unsafe" + -+ "github.com/microsoft/go-crypto-darwin/internal/commoncrypto" ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+type cbcCipher struct { -+ blockSize int -+ cryptor commoncrypto.CCCryptorRef -+} ++const ( ++ // sharedKeySizeMLKEM is the size of a shared key produced by ML-KEM. ++ sharedKeySizeMLKEM = 32 + -+func newCBC(operation commoncrypto.CCOperation, kind commoncrypto.CCAlgorithm, key, iv []byte) *cbcCipher { -+ var blockSize int -+ switch kind { -+ case commoncrypto.KCCAlgorithmAES: -+ blockSize = aesBlockSize -+ case commoncrypto.KCCAlgorithmDES, commoncrypto.KCCAlgorithm3DES: -+ blockSize = desBlockSize -+ default: -+ panic("invalid algorithm") -+ } ++ // seedSizeMLKEM is the size of a seed used to generate a decapsulation key. ++ seedSizeMLKEM = 64 + -+ // Create and initialize the cbcMode struct with CCCryptorCreateWithMode here -+ x := &cbcCipher{blockSize: blockSize} -+ status := commoncrypto.CCCryptorCreateWithMode( -+ operation, // Specifies whether encryption or decryption is performed (kCCEncrypt or kCCDecrypt). -+ commoncrypto.KCCModeCBC, // Mode of operation, here explicitly set to CBC (Cipher Block Chaining). -+ commoncrypto.CCAlgorithm(kind), // The encryption algorithm (e.g., kCCAlgorithmAES128, kCCAlgorithmDES). -+ commoncrypto.CcNoPadding, // Padding option, set to no padding; padding can be handled at a higher level if necessary. -+ iv, // Initialization Vector (IV) for the cipher, required for CBC mode. Should be nil for ECB mode. -+ key, // PEncryption key. -+ nil, // Tweak key, used only for XTS mode; here set to nil as it’s not required for CBC. -+ 0, // Number of rounds, mainly for RC2 and Blowfish; not used here, so set to 0. -+ 0, // Mode options for CTR and F8 modes; not used for CBC, so set to 0. -+ &x.cryptor, // Pointer to the CCCryptorRef output, which will hold the state for encryption or decryption. -+ ) ++ // ciphertextSizeMLKEM768 is the size of a ciphertext produced by ML-KEM-768. ++ ciphertextSizeMLKEM768 = 1088 + -+ if status != commoncrypto.KCCSuccess { -+ panic("crypto/des: CCCryptorCreateWithMode failed") -+ } ++ // encapsulationKeySizeMLKEM768 is the size of an ML-KEM-768 encapsulation key. ++ encapsulationKeySizeMLKEM768 = 1184 + -+ runtime.SetFinalizer(x, (*cbcCipher).finalize) -+ return x ++ // ciphertextSizeMLKEM1024 is the size of a ciphertext produced by ML-KEM-1024. ++ ciphertextSizeMLKEM1024 = 1568 + -+} ++ // encapsulationKeySizeMLKEM1024 is the size of an ML-KEM-1024 encapsulation key. ++ encapsulationKeySizeMLKEM1024 = 1568 ++) + -+func (x *cbcCipher) finalize() { -+ if x.cryptor != nil { -+ commoncrypto.CCCryptorRelease(x.cryptor) -+ x.cryptor = nil -+ } ++// SupportsMLKEM768 returns true if ML-KEM-768 is supported on this platform. ++func SupportsMLKEM768() bool { ++ return supportsMLKEM768() +} + -+func (x *cbcCipher) BlockSize() int { return x.blockSize } ++// SupportsMLKEM1024 returns true if ML-KEM-1024 is supported on this platform. ++func SupportsMLKEM1024() bool { ++ return supportsMLKEM1024() ++} + -+func (x *cbcCipher) CryptBlocks(dst, src []byte) { -+ if inexactOverlap(dst, src) { -+ panic("crypto/cipher: invalid buffer overlap") ++var supportsMLKEM768 = sync.OnceValue(func() bool { ++ // EVP_KEYMGMT_fetch was added in OpenSSL 3.0; if it is not available we ++ // are on 1.x and ML-KEM is not supported. On 3.0–3.4 the fetch returns ++ // nil for the ML-KEM algorithm name, which the probe reports as false. ++ if !ossl.EVP_KEYMGMT_fetch_Available() { ++ return false + } -+ if len(src)%x.blockSize != 0 { -+ panic("crypto/cipher: input not full blocks") ++ sig, _ := ossl.EVP_KEYMGMT_fetch(nil, _KeyTypeMLKEM768.ptr(), nil) ++ if sig == nil { ++ return false + } -+ if len(dst) < len(src) { -+ panic("crypto/cipher: output smaller than input") ++ ossl.EVP_KEYMGMT_free(sig) ++ return true ++}) ++ ++var supportsMLKEM1024 = sync.OnceValue(func() bool { ++ if !ossl.EVP_KEYMGMT_fetch_Available() { ++ return false + } -+ if len(src) == 0 { -+ return ++ sig, _ := ossl.EVP_KEYMGMT_fetch(nil, _KeyTypeMLKEM1024.ptr(), nil) ++ if sig == nil { ++ return false + } -+ var outLength int -+ status := commoncrypto.CCCryptorUpdate( -+ x.cryptor, // CCCryptorRef created by CCCryptorCreateWithMode; holds the encryption/decryption state. -+ src, // Input data (source buffer) to be encrypted or decrypted. -+ dst, // Output buffer (destination buffer) where the result will be stored. -+ &outLength, // Pointer to a variable that will contain the number of bytes written to the output buffer. -+ ) -+ if status != commoncrypto.KCCSuccess { -+ panic("crypto/cipher: CCCryptorUpdate failed") ++ ossl.EVP_KEYMGMT_free(sig) ++ return true ++}) ++ ++// DecapsulationKeyMLKEM768 is the secret key used to decapsulate a shared key ++// from a ciphertext. It includes various precomputed values. ++type DecapsulationKeyMLKEM768 [seedSizeMLKEM]byte ++ ++// GenerateKeyMLKEM768 generates a new decapsulation key, drawing random bytes from ++// the default crypto/rand source. The decapsulation key must be kept secret. ++func GenerateKeyMLKEM768() (DecapsulationKeyMLKEM768, error) { ++ var dk DecapsulationKeyMLKEM768 ++ if err := generateMLKEMSeed(ossl.EVP_PKEY_MLKEM_768, dk[:]); err != nil { ++ return DecapsulationKeyMLKEM768{}, err + } -+ runtime.KeepAlive(x) ++ return dk, nil +} + -+func (x *cbcCipher) SetIV(iv []byte) { -+ if len(iv) != x.blockSize { -+ panic("crypto/cipher: incorrect IV length") -+ } -+ status := commoncrypto.CCCryptorReset(x.cryptor, iv) -+ if status != commoncrypto.KCCSuccess { -+ panic("crypto/cipher: CCCryptorReset failed") ++// NewDecapsulationKeyMLKEM768 expands a decapsulation key from a 64-byte seed in the ++// "d || z" form. The seed must be uniformly random. ++func NewDecapsulationKeyMLKEM768(seed []byte) (DecapsulationKeyMLKEM768, error) { ++ if len(seed) != seedSizeMLKEM { ++ return DecapsulationKeyMLKEM768{}, errors.New("mlkem: invalid seed size") + } -+ runtime.KeepAlive(x) -+} + -+// The following two functions are a mirror of golang.org/x/crypto/internal/subtle. ++ var dk DecapsulationKeyMLKEM768 ++ copy(dk[:], seed) ++ return dk, nil ++} + -+func anyOverlap(x, y []byte) bool { -+ return len(x) > 0 && len(y) > 0 && -+ uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) && -+ uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1])) ++// Bytes returns the decapsulation key as a 64-byte seed in the "d || z" form. ++// ++// The decapsulation key must be kept secret. ++func (dk DecapsulationKeyMLKEM768) Bytes() []byte { ++ return dk[:] +} + -+func inexactOverlap(x, y []byte) bool { -+ if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] { -+ return false -+ } -+ return anyOverlap(x, y) ++// Decapsulate generates a shared key from a ciphertext and a decapsulation ++// key. If the ciphertext is not valid, Decapsulate returns an error. ++// ++// The shared key must be kept secret. ++func (dk DecapsulationKeyMLKEM768) Decapsulate(ciphertext []byte) (sharedKey []byte, err error) { ++ return performDecapsulation(ossl.NID_ML_KEM_768, dk[:], ciphertext) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go -new file mode 100644 -index 00000000000000..c27d6db4fe472a ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go -@@ -0,0 +1,111 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. + -+//go:build darwin ++// EncapsulationKey returns the public encapsulation key necessary to produce ++// ciphertexts. ++func (dk DecapsulationKeyMLKEM768) EncapsulationKey() EncapsulationKeyMLKEM768 { ++ ekBytes := extractEncapsulationKeyBytes(ossl.NID_ML_KEM_768, dk[:], encapsulationKeySizeMLKEM768) ++ var ek EncapsulationKeyMLKEM768 ++ copy(ek[:], ekBytes) ++ return ek ++} + -+package xcrypto ++// An EncapsulationKeyMLKEM768 is the public key used to produce ciphertexts to be ++// decapsulated by the corresponding DecapsulationKeyMLKEM768. ++type EncapsulationKeyMLKEM768 [encapsulationKeySizeMLKEM768]byte + -+import ( -+ "crypto/cipher" -+ "errors" -+ "slices" ++// NewEncapsulationKeyMLKEM768 parses an encapsulation key from its encoded form. If ++// the encapsulation key is not valid, NewEncapsulationKeyMLKEM768 returns an error. ++func NewEncapsulationKeyMLKEM768(encapsulationKey []byte) (EncapsulationKeyMLKEM768, error) { ++ if len(encapsulationKey) != encapsulationKeySizeMLKEM768 { ++ return EncapsulationKeyMLKEM768{}, errors.New("mlkem: invalid encapsulation key size") ++ } + -+ "github.com/microsoft/go-crypto-darwin/internal/commoncrypto" -+) ++ var ek EncapsulationKeyMLKEM768 ++ copy(ek[:], encapsulationKey) ++ return ek, nil ++} + -+const desBlockSize = commoncrypto.KCCBlockSizeDES ++// Bytes returns the encapsulation key as a byte slice. ++func (ek EncapsulationKeyMLKEM768) Bytes() []byte { ++ return ek[:] ++} + -+type desCipher struct { -+ key []byte -+ kind commoncrypto.CCAlgorithm ++// Encapsulate generates a shared key and an associated ciphertext from an ++// encapsulation key, drawing random bytes from the default crypto/rand source. ++// ++// The shared key must be kept secret. ++func (ek EncapsulationKeyMLKEM768) Encapsulate() (sharedKey, ciphertext []byte) { ++ return performEncapsulation(ossl.NID_ML_KEM_768, ciphertextSizeMLKEM768, ek[:]) +} + -+// NewDESCipher creates a new DES cipher block using the specified key (8 bytes). -+func NewDESCipher(key []byte) (cipher.Block, error) { -+ if len(key) != 8 { -+ return nil, errors.New("crypto/des: invalid key size for DES") ++func performEncapsulation(id int32, ciphertextSize int, ek []byte) (sharedKey, ciphertext []byte) { ++ pkey, err := createMLKEMPublicKey(id, ek) ++ if err != nil { ++ panic(err) + } ++ defer ossl.EVP_PKEY_free(pkey) + -+ c := &desCipher{ -+ key: slices.Clone(key), -+ kind: commoncrypto.KCCAlgorithmDES, ++ // Create encapsulation context ++ ctx, err := ossl.EVP_PKEY_CTX_new_from_pkey(nil, pkey, nil) ++ if err != nil { ++ panic(err) + } -+ return c, nil -+} ++ defer ossl.EVP_PKEY_CTX_free(ctx) + -+// NewTripleDESCipher creates a new 3DES cipher block using the specified key (24 bytes). -+func NewTripleDESCipher(key []byte) (cipher.Block, error) { -+ if len(key) != 24 { -+ return nil, errors.New("crypto/des: invalid key size for 3DES") ++ // Initialize encapsulation ++ if _, err := ossl.EVP_PKEY_encapsulate_init(ctx, nil); err != nil { ++ panic(err) + } + -+ c := &desCipher{ -+ key: slices.Clone(key), -+ kind: commoncrypto.KCCAlgorithm3DES, -+ } -+ return c, nil -+} ++ // Perform encapsulation - allocate buffers based on the key size ++ sharedKey = make([]byte, sharedKeySizeMLKEM) ++ ciphertext = make([]byte, ciphertextSize) + -+func (c *desCipher) BlockSize() int { return desBlockSize } ++ sharedKeyLen := len(sharedKey) ++ ciphertextLen := len(ciphertext) + -+func (c *desCipher) Encrypt(dst, src []byte) { -+ blockSize := c.BlockSize() -+ if len(src) < blockSize || len(dst) < blockSize { -+ panic("crypto/des: input or output block is too small") ++ if _, err := ossl.EVP_PKEY_encapsulate(ctx, base(ciphertext), &ciphertextLen, base(sharedKey), &sharedKeyLen); err != nil { ++ panic(err) + } + -+ if inexactOverlap(dst[:blockSize], src[:blockSize]) { -+ panic("crypto/des: invalid buffer overlap") ++ return sharedKey[:sharedKeyLen], ciphertext[:ciphertextLen] ++} ++ ++func performDecapsulation(id int32, seed, ciphertext []byte) (sharedKey []byte, err error) { ++ if len(ciphertext) == 0 { ++ return nil, errors.New("mlkem: invalid ciphertext size") + } + -+ var outLength int -+ status := commoncrypto.CCCrypt( -+ commoncrypto.KCCEncrypt, -+ commoncrypto.CCAlgorithm(c.kind), -+ commoncrypto.KCCOptionECBMode, -+ c.key, -+ nil, -+ src[:blockSize], -+ dst[:blockSize], -+ &outLength, -+ ) -+ if status != commoncrypto.KCCSuccess { -+ panic("crypto/des: encryption failed") ++ pkey, err := createMLKEMPrivateKey(id, seed) ++ if err != nil { ++ return nil, err + } -+} ++ defer ossl.EVP_PKEY_free(pkey) + -+func (c *desCipher) Decrypt(dst, src []byte) { -+ blockSize := c.BlockSize() -+ if len(src) < blockSize || len(dst) < blockSize { -+ panic("crypto/des: input or output block is too small") ++ // Create decapsulation context ++ ctx, err := ossl.EVP_PKEY_CTX_new_from_pkey(nil, pkey, nil) ++ if err != nil { ++ return nil, err + } ++ defer ossl.EVP_PKEY_CTX_free(ctx) + -+ if inexactOverlap(dst[:blockSize], src[:blockSize]) { -+ panic("crypto/des: invalid buffer overlap") ++ // Initialize decapsulation ++ if _, err := ossl.EVP_PKEY_decapsulate_init(ctx, nil); err != nil { ++ return nil, err + } + -+ var outLength int -+ status := commoncrypto.CCCrypt( -+ commoncrypto.KCCDecrypt, -+ commoncrypto.CCAlgorithm(c.kind), -+ commoncrypto.KCCOptionECBMode, -+ c.key, -+ nil, -+ src[:blockSize], -+ dst[:blockSize], -+ &outLength, -+ ) -+ if status != commoncrypto.KCCSuccess { -+ panic("crypto/des: decryption failed") ++ // Perform decapsulation ++ sharedKey = make([]byte, sharedKeySizeMLKEM) ++ sharedKeyLen := len(sharedKey) ++ if _, err := ossl.EVP_PKEY_decapsulate(ctx, base(sharedKey), &sharedKeyLen, base(ciphertext), len(ciphertext)); err != nil { ++ return nil, err + } -+} + -+// CBC mode encrypter -+func (c *desCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { -+ return newCBC(commoncrypto.KCCEncrypt, c.kind, c.key, iv) ++ return sharedKey[:sharedKeyLen], nil +} + -+// CBC mode decrypter -+func (c *desCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { -+ return newCBC(commoncrypto.KCCDecrypt, c.kind, c.key, iv) -+} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go -new file mode 100644 -index 00000000000000..b14fc4ddb1c235 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go -@@ -0,0 +1,39 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. ++// DecapsulationKeyMLKEM1024 is the secret key used to decapsulate a shared key ++// from a ciphertext. It includes various precomputed values. ++type DecapsulationKeyMLKEM1024 [seedSizeMLKEM]byte + -+//go:build darwin ++// GenerateKeyMLKEM1024 generates a new decapsulation key, drawing random bytes from ++// the default crypto/rand source. The decapsulation key must be kept secret. ++func GenerateKeyMLKEM1024() (DecapsulationKeyMLKEM1024, error) { ++ var dk DecapsulationKeyMLKEM1024 ++ if err := generateMLKEMSeed(ossl.EVP_PKEY_MLKEM_1024, dk[:]); err != nil { ++ return DecapsulationKeyMLKEM1024{}, err ++ } ++ return dk, nil ++} + -+package xcrypto ++// NewDecapsulationKeyMLKEM1024 expands a decapsulation key from a 64-byte seed in the ++// "d || z" form. The seed must be uniformly random. ++func NewDecapsulationKeyMLKEM1024(seed []byte) (DecapsulationKeyMLKEM1024, error) { ++ if len(seed) != seedSizeMLKEM { ++ return DecapsulationKeyMLKEM1024{}, errors.New("mlkem: invalid seed size") ++ } + -+import "errors" ++ var dk DecapsulationKeyMLKEM1024 ++ copy(dk[:], seed) ++ return dk, nil ++} + -+// curveToID maps a curve name to its corresponding CryptoKit curve ID. -+func curveToID(curve string) (int32, error) { -+ switch curve { -+ case "P-256": -+ return 1, nil -+ case "P-384": -+ return 2, nil -+ case "P-521": -+ return 3, nil -+ case "X25519": -+ return 0, nil -+ default: -+ return -1, errors.New("unsupported curve") -+ } ++// Bytes returns the decapsulation key as a 64-byte seed in the "d || z" form. ++// ++// The decapsulation key must be kept secret. ++func (dk DecapsulationKeyMLKEM1024) Bytes() []byte { ++ return dk[:] +} + -+func curveToKeySizeInBytes(curve string) int { -+ switch curve { -+ case "P-256": -+ return (256 + 7) / 8 -+ case "P-384": -+ return (384 + 7) / 8 -+ case "P-521": -+ return (521 + 7) / 8 -+ case "X25519": -+ return 32 -+ default: -+ return 0 -+ } ++// Decapsulate generates a shared key from a ciphertext and a decapsulation ++// key. If the ciphertext is not valid, Decapsulate returns an error. ++// ++// The shared key must be kept secret. ++func (dk DecapsulationKeyMLKEM1024) Decapsulate(ciphertext []byte) (sharedKey []byte, err error) { ++ return performDecapsulation(ossl.NID_ML_KEM_1024, dk[:], ciphertext) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go -new file mode 100644 -index 00000000000000..d59db1be807ac5 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go -@@ -0,0 +1,146 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. + -+//go:build darwin ++// EncapsulationKey returns the public encapsulation key necessary to produce ++// ciphertexts. ++func (dk DecapsulationKeyMLKEM1024) EncapsulationKey() EncapsulationKeyMLKEM1024 { ++ ekBytes := extractEncapsulationKeyBytes(ossl.NID_ML_KEM_1024, dk[:], encapsulationKeySizeMLKEM1024) ++ var ek EncapsulationKeyMLKEM1024 ++ copy(ek[:], ekBytes) ++ return ek ++} + -+package xcrypto ++// An EncapsulationKeyMLKEM1024 is the public key used to produce ciphertexts to be ++// decapsulated by the corresponding DecapsulationKeyMLKEM1024. ++type EncapsulationKeyMLKEM1024 [encapsulationKeySizeMLKEM1024]byte + -+import ( -+ "errors" -+ "slices" ++// NewEncapsulationKeyMLKEM1024 parses an encapsulation key from its encoded form. If ++// the encapsulation key is not valid, NewEncapsulationKeyMLKEM1024 returns an error. ++func NewEncapsulationKeyMLKEM1024(encapsulationKey []byte) (EncapsulationKeyMLKEM1024, error) { ++ if len(encapsulationKey) != encapsulationKeySizeMLKEM1024 { ++ return EncapsulationKeyMLKEM1024{}, errors.New("mlkem: invalid encapsulation key size") ++ } + -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) ++ var ek EncapsulationKeyMLKEM1024 ++ copy(ek[:], encapsulationKey) ++ return ek, nil ++} + -+type PublicKeyECDH struct { -+ bytes []byte ++// Bytes returns the encapsulation key as a byte slice. ++func (ek EncapsulationKeyMLKEM1024) Bytes() []byte { ++ return ek[:] +} + -+type PrivateKeyECDH struct { -+ pub []byte -+ priv []byte // For X25519: the actual private key bytes -+ curve string // Track the curve type ++// Encapsulate generates a shared key and an associated ciphertext from an ++// encapsulation key, drawing random bytes from the default crypto/rand source. ++// ++// The shared key must be kept secret. ++func (ek EncapsulationKeyMLKEM1024) Encapsulate() (sharedKey, ciphertext []byte) { ++ return performEncapsulation(ossl.NID_ML_KEM_1024, ciphertextSizeMLKEM1024, ek[:]) +} + -+func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) { -+ if len(bytes) < 1 { -+ return nil, errors.New("NewPublicKeyECDH: missing key") -+ } ++// Helper functions + -+ curveID, err := curveToID(curve) ++// generateMLKEMSeed generates a new ML-KEM seed by creating a key and extracting its seed parameter. ++func generateMLKEMSeed(keyType int32, seed []byte) error { ++ pkey, err := generateEVPPKey(keyType, 0, "") + if err != nil { -+ return nil, err -+ } -+ -+ // Validate the public key -+ ret := cryptokit.ValidatePublicKeyECDH(curveID, bytes) -+ if ret != 0 { -+ return nil, errors.New("invalid public key") ++ return err + } ++ defer ossl.EVP_PKEY_free(pkey) + -+ // For all curves (including EC curves), we just store the bytes -+ // X25519 uses raw 32-byte format -+ // EC curves use uncompressed X9.63 format (0x04 || x || y) -+ return &PublicKeyECDH{bytes: slices.Clone(bytes)}, nil ++ _, err = ossl.EVP_PKEY_get_octet_string_param(pkey, _OSSL_PKEY_PARAM_ML_KEM_SEED.ptr(), seed, nil) ++ return err +} + -+func (k *PublicKeyECDH) Bytes() []byte { return k.bytes } -+ -+// bytes expects the public key to be in uncompressed ANSI X9.63 format -+func NewPrivateKeyECDH(curve string, priv []byte) (*PrivateKeyECDH, error) { -+ curveID, err := curveToID(curve) -+ if err != nil { -+ return nil, err ++// createMLKEMPrivateKey creates an ML-KEM private key from a seed ++func createMLKEMPrivateKey(id int32, seed []byte) (ossl.EVP_PKEY_PTR, error) { ++ if len(seed) != seedSizeMLKEM { ++ return nil, errors.New("mlkem: invalid seed size") + } + -+ // Validate the private key -+ ret := cryptokit.ValidatePrivateKeyECDH(curveID, priv) -+ if ret != 0 { -+ return nil, errors.New("invalid private key") -+ } ++ bld := newParamBuilder() ++ defer bld.finalize() + -+ // Derive the public key -+ keySize := curveToKeySizeInBytes(curve) -+ var pubKeySize int -+ if curve == "X25519" { -+ pubKeySize = 32 -+ } else { -+ pubKeySize = 1 + keySize*2 -+ } ++ bld.addOctetString(_OSSL_PKEY_PARAM_ML_KEM_SEED, seed) + -+ publicKey := make([]byte, pubKeySize) -+ ret = cryptokit.PublicKeyFromPrivateECDH(curveID, priv, publicKey) -+ if ret != 0 { -+ return nil, errors.New("failed to derive public key") ++ params, err := bld.build() ++ if err != nil { ++ return nil, err + } ++ defer ossl.OSSL_PARAM_free(params) + -+ privKey := &PrivateKeyECDH{ -+ pub: publicKey, -+ priv: slices.Clone(priv), -+ curve: curve, -+ } -+ return privKey, nil ++ return newEvpFromParams(id, ossl.EVP_PKEY_KEYPAIR, params) +} + -+func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { -+ // For all curves, just return the stored public key bytes -+ return &PublicKeyECDH{ -+ bytes: slices.Clone(k.pub), -+ }, nil -+} ++// createMLKEMPublicKey creates an ML-KEM public key from encoded bytes. ++func createMLKEMPublicKey(id int32, pubKeyBytes []byte) (ossl.EVP_PKEY_PTR, error) { ++ bld := newParamBuilder() ++ defer bld.finalize() + -+func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) { -+ if priv == nil || pub == nil { -+ return nil, errors.New("invalid keys") -+ } ++ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubKeyBytes) + -+ curveID, err := curveToID(priv.curve) ++ params, err := bld.build() + if err != nil { + return nil, err + } ++ defer ossl.OSSL_PARAM_free(params) + -+ keySize := curveToKeySizeInBytes(priv.curve) -+ sharedSecret := make([]byte, keySize) -+ -+ ret := cryptokit.EcdhSharedSecret(curveID, priv.priv, pub.bytes, sharedSecret) -+ if ret != 0 { -+ return nil, errors.New("ECDH: key exchange failed") -+ } -+ -+ return sharedSecret, nil ++ return newEvpFromParams(id, ossl.EVP_PKEY_PUBLIC_KEY, params) +} + -+func GenerateKeyECDH(curve string) (*PrivateKeyECDH, []byte, error) { -+ keySize := curveToKeySizeInBytes(curve) -+ if keySize == 0 { -+ return nil, nil, errors.New("unsupported curve") -+ } -+ -+ curveID, err := curveToID(curve) ++// extractEncapsulationKeyBytes extracts the encapsulation key bytes from a decapsulation key. ++func extractEncapsulationKeyBytes(id int32, seed []byte, expectedSize int) []byte { ++ pkey, err := createMLKEMPrivateKey(id, seed) + if err != nil { -+ return nil, nil, err ++ panic(err) + } ++ defer ossl.EVP_PKEY_free(pkey) + -+ var pubKeySize int -+ if curve == "X25519" { -+ pubKeySize = 32 -+ } else { -+ pubKeySize = 1 + keySize*2 ++ // Extract public key bytes ++ var pubBytes *byte ++ pubLen, err := ossl.EVP_PKEY_get1_encoded_public_key(pkey, &pubBytes) ++ if err != nil { ++ panic(err) + } ++ defer cryptoFree(unsafe.Pointer(pubBytes)) + -+ privateKey := make([]byte, keySize) -+ publicKey := make([]byte, pubKeySize) -+ -+ ret := cryptokit.GenerateKeyECDH(curveID, privateKey, publicKey) -+ if ret != 0 { -+ return nil, nil, errors.New("EC key generation failed") ++ if pubLen != expectedSize { ++ panic(errors.New("mlkem: invalid encapsulation key size")) + } + -+ // Store the public key in X9.63 format and the private key -+ k := &PrivateKeyECDH{ -+ pub: slices.Clone(publicKey), -+ priv: slices.Clone(privateKey), -+ curve: curve, -+ } -+ return k, slices.Clone(privateKey), nil ++ // Copy the bytes before pubBytes is freed ++ result := make([]byte, pubLen) ++ copy(result, unsafe.Slice(pubBytes, pubLen)) ++ return result +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl.go new file mode 100644 -index 00000000000000..82d68bfabe9c62 +index 00000000000000..94fd563ac87978 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go -@@ -0,0 +1,154 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl.go +@@ -0,0 +1,183 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+//go:build darwin -+ -+package xcrypto ++// Package openssl provides access to OpenSSL cryptographic functions. ++package openssl + +import ( + "errors" ++ "math/bits" ++ "strconv" ++ "sync" ++ "unsafe" + -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++ "github.com/microsoft/go-crypto-openssl/osslsetup" +) + -+type PrivateKeyECDSA struct { -+ x BigInt // public key x coordinate -+ y BigInt // public key y coordinate -+ d BigInt // private key -+ curve string // curve name ++var isBigEndian = sync.OnceValue(func() bool { ++ buf := [2]byte{} ++ *(*uint16)(unsafe.Pointer(&buf[0])) = uint16(0xABCD) ++ ++ switch buf { ++ case [2]byte{0xCD, 0xAB}: ++ return false ++ case [2]byte{0xAB, 0xCD}: ++ return true ++ default: ++ panic("Could not determine native endianness.") ++ } ++}) ++ ++func major() int { ++ return osslsetup.VersionMajor() +} + -+type PublicKeyECDSA struct { -+ x BigInt // public key x coordinate -+ y BigInt // public key y coordinate -+ curve string // curve name ++func minor() int { ++ return osslsetup.VersionMinor() +} + -+func NewPublicKeyECDSA(curve string, x, y BigInt) (*PublicKeyECDSA, error) { -+ keySize := curveToKeySizeInBytes(curve) -+ if keySize == 0 { -+ return nil, errors.New("unsupported curve") -+ } -+ // Validate that x and y are of appropriate length -+ if len(x) > keySize || len(y) > keySize { -+ return nil, errors.New("public key coordinates are too large") -+ } -+ pubKey := &PublicKeyECDSA{ -+ x: x, -+ y: y, -+ curve: curve, -+ } -+ return pubKey, nil ++func patch() int { ++ return osslsetup.VersionPatch() +} + -+// NewPrivateKeyECDSA creates a new ECDSA private key using the provided curve name and parameters (x, y, d). -+func NewPrivateKeyECDSA(curve string, x, y, d BigInt) (*PrivateKeyECDSA, error) { -+ keySize := curveToKeySizeInBytes(curve) -+ if keySize == 0 { -+ return nil, errors.New("unsupported curve") -+ } -+ // Validate that x, y, and d are of appropriate length -+ if len(x) > keySize || len(y) > keySize || len(d) > keySize { -+ return nil, errors.New("key parameters are too large") -+ } -+ privKey := &PrivateKeyECDSA{ -+ x: x, -+ y: y, -+ d: d, -+ curve: curve, ++func utoa(n int) string { ++ return strconv.FormatUint(uint64(n), 10) ++} ++ ++func errUnsupportedVersion() error { ++ return errors.New("openssl: unsupported OpenSSL version: " + utoa(major()) + "." + utoa(minor()) + "." + utoa(patch()) + " (minimum supported version is 1.1.1)") ++} ++ ++// checkMajorVersion panics if the current major version is not one of the expected versions. ++func checkMajorVersion(expected ...int) { ++ for _, v := range expected { ++ if major() == v { ++ return ++ } + } -+ return privKey, nil ++ panic("openssl: incorrect major version (" + strconv.Itoa(major()) + ")") +} + -+func GenerateKeyECDSA(curve string) (x, y, d BigInt, err error) { -+ keySize := curveToKeySizeInBytes(curve) -+ if keySize == 0 { -+ return nil, nil, nil, errors.New("unsupported curve") ++type fail string ++ ++func (e fail) Error() string { return "openssl: " + string(e) + " failed" } ++ ++// sliceNeverNil returns b if non-nil, and a non-nil zero-length slice otherwise. ++func sliceNeverNil(b []byte) []byte { ++ if b == nil { ++ return []byte{} + } ++ return b ++} + -+ curveID, err := curveToID(curve) -+ if err != nil { -+ return nil, nil, nil, err ++// base returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++func base(b []byte) *byte { ++ if len(b) == 0 { ++ return nil + } ++ return unsafe.SliceData(b) ++} + -+ // Generate key using CryptoKit -+ xBytes := make([]byte, keySize) -+ yBytes := make([]byte, keySize) -+ dBytes := make([]byte, keySize) ++//go:linkname throw runtime.throw ++func throw(string) + -+ ret := cryptokit.GenerateKeyECDSA(curveID, xBytes, yBytes, dBytes) -+ if ret != 0 { -+ return nil, nil, nil, errors.New("ECDSA key generation failed") ++// cryptoMalloc allocates n bytes of memory on the OpenSSL heap, which may be ++// different from the heap which C.malloc allocates on. The allocated object ++// must be freed using cryptoFree. cryptoMalloc is equivalent to the ++// OPENSSL_malloc macro. ++// ++// Like C.malloc, this function is guaranteed to never return nil. If OpenSSL's ++// malloc indicates out of memory, it crashes the program. ++// ++// Only objects which the OpenSSL library will take ownership of (i.e. will be ++// freed by OPENSSL_free / CRYPTO_free) need to be allocated on the OpenSSL ++// heap. ++func cryptoMalloc(n int) unsafe.Pointer { ++ p, _ := ossl.CRYPTO_malloc(n, nil, 0) ++ if p == nil { ++ // Un-recover()-ably crash the program in the same manner as the ++ // C.malloc() wrapper function. ++ throw("openssl: CRYPTO_malloc failed") + } ++ return p ++} + -+ return normalizeBigInt(xBytes), normalizeBigInt(yBytes), normalizeBigInt(dBytes), nil ++// cryptoFree frees an object allocated on the OpenSSL heap, which may be ++// different from the heap which C.malloc allocates on. cryptoFree is equivalent ++// to the OPENSSL_free macro. ++func cryptoFree(p unsafe.Pointer) { ++ ossl.CRYPTO_free(p, nil, 0) +} + -+func SignMarshalECDSA(priv *PrivateKeyECDSA, hashed []byte) ([]byte, error) { -+ if priv == nil || len(hashed) == 0 { -+ return nil, errors.New("invalid parameters") ++const wordBytes = bits.UintSize / 8 ++ ++// Reverse each limb of z. ++func (z BigInt) byteSwap() { ++ for i, d := range z { ++ var n uint = 0 ++ for j := range wordBytes { ++ n |= uint(byte(d)) << (8 * (wordBytes - j - 1)) ++ d >>= 8 ++ } ++ z[i] = n + } ++} + -+ curveID, err := curveToID(priv.curve) ++func wbase(b BigInt) *byte { ++ if len(b) == 0 { ++ return nil ++ } ++ return (*byte)(unsafe.Pointer(unsafe.SliceData(b))) ++} ++ ++func bigToBN(x BigInt) (ossl.BIGNUM_PTR, error) { ++ if len(x) == 0 { ++ return nil, nil ++ } ++ if isBigEndian() { ++ z := make(BigInt, len(x)) ++ copy(z, x) ++ z.byteSwap() ++ x = z ++ } ++ // Limbs are always ordered in LSB first, so we can safely apply ++ // BN_lebin2bn regardless of host endianness. ++ bn, err := ossl.BN_lebin2bn(unsafe.Slice(wbase(x), len(x)*wordBytes), nil) + if err != nil { + return nil, err + } ++ return bn, nil ++} + -+ keySize := curveToKeySizeInBytes(priv.curve) -+ -+ // Normalize private key to proper size -+ dBytes := make([]byte, keySize) -+ copy(dBytes[len(dBytes)-len(priv.d):], priv.d) -+ -+ // Allocate signature buffer (max size for DER-encoded signature) -+ maxSigLen := 256 -+ signature := make([]byte, maxSigLen) -+ sigLen := int64(0) -+ -+ ret := cryptokit.EcdsaSign(curveID, dBytes, hashed, signature, &sigLen) -+ if ret != 0 { -+ return nil, errors.New("ECDSA signing failed") ++func bnToBig(bn ossl.BIGNUM_PTR) BigInt { ++ if bn == nil { ++ return nil + } + -+ if sigLen <= 0 || sigLen > int64(len(signature)) { -+ return nil, errors.New("invalid signature length") ++ // Limbs are always ordered in LSB first, so we can safely apply ++ // BN_bn2lebinpad regardless of host endianness. ++ x := make(BigInt, ossl.BN_num_bits(bn)) ++ if _, err := ossl.BN_bn2lebinpad(bn, unsafe.Slice(wbase(x), len(x)*wordBytes)); err != nil { ++ panic(err) + } ++ if isBigEndian() { ++ x.byteSwap() ++ } ++ return x ++} + -+ return signature[:sigLen], nil ++// bnToBinPad converts the absolute value of bn into big-endian form and stores ++// it at to, padding with zeroes if necessary. If len(to) is not large enough to ++// hold the result, an error is returned. ++func bnToBinPad(bn ossl.BIGNUM_PTR, to []byte) error { ++ _, err := ossl.BN_bn2binpad(bn, to) ++ return err +} + -+func VerifyECDSA(pub *PublicKeyECDSA, hashed []byte, sig []byte) bool { -+ if pub == nil || len(hashed) == 0 || len(sig) == 0 { -+ return false -+ } ++func bigEndianUint64(b []byte) uint64 { ++ _ = b[7] // bounds check hint to compiler; see golang.org/issue/14808 ++ return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | ++ uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl_cgo.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl_cgo.go +new file mode 100644 +index 00000000000000..092c8046462b6f +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl_cgo.go +@@ -0,0 +1,17 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+ curveID, err := curveToID(pub.curve) -+ if err != nil { -+ return false -+ } ++package openssl + -+ keySize := curveToKeySizeInBytes(pub.curve) ++import "C" ++import "unsafe" + -+ // Normalize public key coordinates to proper size -+ xBytes := make([]byte, keySize) -+ yBytes := make([]byte, keySize) ++// goString converts a C string pointer to a Go string for cgo mode ++func goString(ptr *byte) string { ++ return C.GoString((*C.char)(unsafe.Pointer(ptr))) ++} + -+ // Safety check: ensure BigInts are not longer than keySize -+ if len(pub.x) > keySize || len(pub.y) > keySize { -+ return false -+ } ++// goBytes converts a C byte array to a Go byte slice for cgo mode ++func goBytes(ptr unsafe.Pointer, length int) []byte { ++ return C.GoBytes(ptr, C.int(length)) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl_nocgo.go +new file mode 100644 +index 00000000000000..5dc44cacea9c05 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl_nocgo.go +@@ -0,0 +1,35 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+ copy(xBytes[len(xBytes)-len(pub.x):], pub.x) -+ copy(yBytes[len(yBytes)-len(pub.y):], pub.y) ++//go:build !cgo + -+ ret := cryptokit.EcdsaVerify(curveID, xBytes, yBytes, hashed, sig) -+ return ret == 1 ++package openssl ++ ++import "unsafe" ++ ++// goString converts a C string pointer to a Go string for nocgo mode ++func goString(ptr *byte) string { ++ if ptr == nil { ++ return "" ++ } ++ var result []byte ++ for i := 0; ; i++ { ++ b := *(*byte)(unsafe.Pointer(uintptr(unsafe.Pointer(ptr)) + uintptr(i))) ++ if b == 0 { ++ break ++ } ++ result = append(result, b) ++ } ++ return string(result) +} + -+func normalizeBigInt(b []byte) BigInt { -+ // Remove leading zero bytes -+ for len(b) > 0 && b[0] == 0 { -+ b = b[1:] ++// goBytes converts a C byte array to a Go byte slice for nocgo mode ++func goBytes(ptr unsafe.Pointer, length int) []byte { ++ if ptr == nil || length == 0 { ++ return nil + } -+ return b ++ // Copy the data to Go memory, similar to C.GoBytes ++ result := make([]byte, length) ++ copy(result, unsafe.Slice((*byte)(ptr), length)) ++ return result +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/params.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/params.go new file mode 100644 -index 00000000000000..316ecba6792d47 +index 00000000000000..8bd651d6493707 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go -@@ -0,0 +1,124 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/params.go +@@ -0,0 +1,191 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+//go:build darwin -+ -+package xcrypto ++package openssl + +import ( -+ "errors" -+ "strconv" ++ "runtime" ++ "unsafe" + -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+const ( -+ // publicKeySizeEd25519 is the size, in bytes, of public keys as used in crypto/ed25519. -+ publicKeySizeEd25519 = 32 -+ // privateKeySizeEd25519 is the size, in bytes, of private keys as used in crypto/ed25519. -+ privateKeySizeEd25519 = 64 -+ // signatureSizeEd25519 is the size, in bytes, of signatures generated and verified by crypto/ed25519. -+ signatureSizeEd25519 = 64 -+ // seedSizeEd25519 is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032. -+ seedSizeEd25519 = 32 -+) ++type addParamError struct { ++ name string ++ err error ++} + -+// PublicKeyEd25519 represents an Ed25519 public key. -+type PublicKeyEd25519 []byte ++func (e addParamError) Error() string { ++ return "failed to add parameter " + e.name + ": " + e.err.Error() ++} + -+// PrivateKeyEd25519 represents an Ed25519 private key. -+type PrivateKeyEd25519 []byte ++type bnParam struct { ++ value ossl.BIGNUM_PTR ++ private bool ++} + -+func (k PrivateKeyEd25519) Public() PublicKeyEd25519 { -+ publicKey := make([]byte, publicKeySizeEd25519) -+ copy(publicKey, k[seedSizeEd25519:]) -+ return PublicKeyEd25519(publicKey) ++// paramBuilder is a helper for building OSSL_PARAMs. ++// If an error occurs when adding a new parameter, ++// subsequent calls to add parameters are ignored ++// and build() will return the error. ++type paramBuilder struct { ++ bld ossl.OSSL_PARAM_BLD_PTR ++ pinner runtime.Pinner ++ bnToFree []bnParam ++ ++ err error ++} ++ ++// newParamBuilder creates a new paramBuilder. ++// [paramBuilder.finalize] must be called to free the builder. ++func newParamBuilder() *paramBuilder { ++ bld := ossl.OSSL_PARAM_BLD_new() ++ if bld == nil { ++ // If this happens it indicates an issue allocating memory. ++ panic("openssl: failed to create OSSL_PARAM_BLD") ++ } ++ return ¶mBuilder{bld: bld} ++} ++ ++// finalize frees the builder. ++func (b *paramBuilder) finalize() { ++ if b.bld != nil { ++ b.pinner.Unpin() ++ for _, bn := range b.bnToFree { ++ if bn.private { ++ ossl.BN_clear_free(bn.value) ++ } else { ++ ossl.BN_free(bn.value) ++ } ++ } ++ ossl.OSSL_PARAM_BLD_free(b.bld) ++ b.bld = nil ++ } +} + -+// GenerateKeyEd25519 generates a new Ed25519 private key. -+func GenerateKeyEd25519() PrivateKeyEd25519 { -+ pkeyPriv := make([]byte, privateKeySizeEd25519) -+ cryptokit.GenerateKeyEd25519(pkeyPriv) -+ return pkeyPriv ++// check is used internally to enforce invariants and should not be called by users of paramBuilder. ++// Returns true if it's ok to add parameters to the builder or build it. ++// Returns false if there has been an error while adding a parameter. ++// Panics if the paramBuilder has been freed, e.g. if it has already been built. ++func (b *paramBuilder) check() bool { ++ if b.err != nil { ++ return false ++ } ++ if b.bld == nil { ++ panic("openssl: paramBuilder has been freed") ++ } ++ return true +} + -+func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { -+ if len(priv) != privateKeySizeEd25519 { -+ panic("ed25519: bad private key length: " + strconv.Itoa(len(priv))) ++// build creates an OSSL_PARAM from the builder. ++// The returned OSSL_PARAM must be freed with OSSL_PARAM_free. ++// If an error occurred while adding parameters, the error is returned ++// and the OSSL_PARAM is nil. Once build() is called, the builder is finalized ++// and cannot be reused. ++func (b *paramBuilder) build() (ossl.OSSL_PARAM_PTR, error) { ++ defer b.finalize() ++ if !b.check() { ++ return nil, b.err + } -+ return NewPrivateKeyEd25519FromSeed(priv[:seedSizeEd25519]) ++ param, err := ossl.OSSL_PARAM_BLD_to_param(b.bld) ++ if err != nil { ++ return nil, err ++ } ++ return param, nil +} + -+func (k PrivateKeyEd25519) Bytes() ([]byte, error) { -+ return k, nil ++// addUTF8String adds a NUL-terminated UTF-8 string to the builder. ++// size should not include the terminating NUL byte. If size is zero, then it will be calculated. ++func (b *paramBuilder) addUTF8String(name cString, value *byte, size int) { ++ if !b.check() { ++ return ++ } ++ // OSSL_PARAM_BLD_push_utf8_string calculates the size if it is zero. ++ if size == 0 { ++ size = cStringLen(value) ++ } ++ if _, err := ossl.OSSL_PARAM_BLD_push_utf8_string(b.bld, name.ptr(), unsafe.Slice(value, size)); err != nil { ++ b.err = addParamError{name.str(), err} ++ } +} + -+func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { -+ if len(pub) != publicKeySizeEd25519 { -+ panic("ed25519: bad public key length: " + strconv.Itoa(len(pub))) ++// addOctetString adds an octet string to the builder. ++// The value is pinned and will be unpinned when the builder is freed. ++func (b *paramBuilder) addOctetString(name cString, value []byte) { ++ if !b.check() { ++ return + } -+ pkey := make([]byte, publicKeySizeEd25519) -+ result := cryptokit.NewPublicKeyEd25519(pkey, pub) -+ if result != 0 { -+ return nil, errors.New("failed to create Ed25519 public key") ++ if value == nil { ++ // Short-circuit a nil slice: don't pass anything at all to OpenSSL. ++ // OpenSSL 3.5.6 raises an error when passed null, and expects users ++ // to not call this function at all in this case. ++ // See https://github.com/openssl/openssl/issues/30728 ++ // ++ // Don't short-circuit empty slices, as they might have a meaning. ++ // For example, in KDFs an empty salt is different from a nil salt. ++ return ++ } ++ if len(value) != 0 { ++ b.pinner.Pin(&value[0]) ++ } ++ if _, err := ossl.OSSL_PARAM_BLD_push_octet_string(b.bld, name.ptr(), value); err != nil { ++ b.err = addParamError{name.str(), err} + } -+ return pkey, nil +} + -+func (k PublicKeyEd25519) Bytes() ([]byte, error) { -+ return k, nil ++func cStringLen(ptr *byte) int { ++ if ptr == nil { ++ return 0 ++ } ++ for n := 0; ; n++ { ++ if *(*byte)(unsafe.Pointer(uintptr(unsafe.Pointer(ptr)) + uintptr(n))) == 0 { ++ return n ++ } ++ } +} + -+// NewPrivateKeyEd25519FromSeed calculates a private key from a seed. It will panic if -+// len(seed) is not [SeedSize]. RFC 8032's private keys correspond to seeds in this -+// package. -+// NewPrivateKeyEd25519FromSeed creates an Ed25519 private key from a seed. -+func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { -+ if len(seed) != seedSizeEd25519 { -+ panic("ed25519: bad seed length: " + strconv.Itoa(len(seed))) ++// addInt32 adds an int32 to the builder. ++func (b *paramBuilder) addInt32(name cString, value int32) { ++ if !b.check() { ++ return + } -+ pkey := make([]byte, privateKeySizeEd25519) -+ result := cryptokit.NewPrivateKeyEd25519FromSeed(pkey, seed) -+ if result != 0 { -+ return nil, errors.New("failed to generate Ed25519 key from seed") ++ if _, err := ossl.OSSL_PARAM_BLD_push_int32(b.bld, name.ptr(), value); err != nil { ++ b.err = addParamError{name.str(), err} + } -+ return pkey, nil +} + -+// SignEd25519 signs the message with priv and returns a signature. -+func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { -+ sig := make([]byte, signatureSizeEd25519) -+ result := cryptokit.SignEd25519(priv, message, sig) -+ if result < 0 { -+ switch result { -+ case -1: -+ return nil, errors.New("invalid inputs to SignEd25519") -+ case -2: -+ return nil, errors.New("failed to reconstruct private key") -+ case -3: -+ return nil, errors.New("failed to sign the message") -+ case -4: -+ return nil, errors.New("signature buffer too small") -+ default: -+ return nil, errors.New("unknown error in SignEd25519") -+ } ++// addBN adds a GOossl.BIGNUM_PTR to the builder. ++func (b *paramBuilder) addBN(name cString, value ossl.BIGNUM_PTR) { ++ if !b.check() { ++ return ++ } ++ if _, err := ossl.OSSL_PARAM_BLD_push_BN(b.bld, name.ptr(), value); err != nil { ++ b.err = addParamError{name.str(), err} + } -+ return sig, nil +} + -+// VerifyEd25519 reports whether sig is a valid signature of message by pub. -+func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { -+ result := cryptokit.VerifyEd25519(pub, message, sig) -+ switch result { -+ case 1: -+ return nil // Valid signature -+ case 0: -+ return errors.New("ed25519: invalid signature") -+ case -1: -+ return errors.New("invalid inputs to VerifyEd25519") -+ case -2: -+ return errors.New("failed to reconstruct public key") -+ default: -+ return errors.New("unknown error in VerifyEd25519") ++// addBigInt adds a BigInt to the builder. ++// The BigInt is converted using bigToBN to a BIGNUM that is freed when the builder is finalized. ++// If private is true, the BIGNUM will be cleared with BN_clear_free, ++// otherwise it will be freed with BN_free. ++func (b *paramBuilder) addBigInt(name cString, value BigInt, private bool) { ++ if !b.check() { ++ return ++ } ++ if len(value) == 0 { ++ // Nothing to do. ++ return ++ } ++ bn, err := bigToBN(value) ++ if err != nil { ++ b.err = err ++ return ++ } ++ if b.bnToFree == nil { ++ // Preallocate the slice to avoid growing it later, which would cause allocations and copies. ++ // The maximum known number of BIGNUMs to free are 8 for RSA, so we use that as the capacity. ++ b.bnToFree = make([]bnParam, 0, 8) + } ++ b.bnToFree = append(b.bnToFree, bnParam{bn, private}) ++ b.addBN(name, bn) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/pbkdf2.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/pbkdf2.go new file mode 100644 -index 00000000000000..a085303b10ac00 +index 00000000000000..66af2060e2cf87 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go -@@ -0,0 +1,339 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/pbkdf2.go +@@ -0,0 +1,86 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+//go:build darwin -+ -+package xcrypto ++package openssl + +import ( -+ "crypto" + "errors" + "hash" -+ "slices" -+ "strconv" -+ "unsafe" ++ "sync" + -+ "github.com/microsoft/go-crypto-darwin/internal/security" ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+type algorithmType int -+ -+const ( -+ algorithmTypePSS algorithmType = iota -+ algorithmTypeRAW -+ algorithmTypePKCS1v15Enc -+ algorithmTypePKCS1v15Sig -+ algorithmTypeOAEP -+ algorithmTypeECDSA -+) ++// SupportsPBKDF2 reports whether the current OpenSSL version supports PBKDF2. ++func SupportsPBKDF2() bool { ++ switch major() { ++ case 1: ++ return true ++ case 3, 4: ++ _, err := fetchPBKDF2() ++ return err == nil ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} + -+type withKeyFunc func(func(security.SecKeyRef) error) error ++// fetchPBKDF2 fetches the PBKDF2 algorithm. ++// It is safe to call this function concurrently. ++// The returned EVP_KDF_PTR shouldn't be freed. ++var fetchPBKDF2 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { ++ checkMajorVersion(3, 4) + -+// Encrypt encrypts a plaintext message using a given key and algorithm. -+func evpEncrypt(withKey withKeyFunc, algorithmType algorithmType, plaintext []byte, hash hash.Hash) ([]byte, error) { -+ var cryptoHash crypto.Hash -+ if hash != nil { -+ var err error -+ cryptoHash, err = hashToCryptoHash(hash) -+ if err != nil { -+ return nil, err -+ } -+ } -+ algorithm, err := selectAlgorithm(cryptoHash, algorithmType) ++ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_PBKDF2.ptr(), nil) + if err != nil { + return nil, err + } ++ return kdf, nil ++}) + -+ dataRef := bytesToCFData(plaintext) -+ defer cfRelease(unsafe.Pointer(dataRef)) -+ -+ var encryptedDataRef security.CFDataRef -+ err = withKey(func(key security.SecKeyRef) error { -+ if security.SecKeyIsAlgorithmSupported(key, security.KSecKeyOperationTypeEncrypt, algorithm) != 1 { -+ return errors.New("algorithm not supported by the key") -+ } -+ encryptedDataRef = security.SecKeyCreateEncryptedData(key, algorithm, dataRef, nil) -+ if encryptedDataRef == nil { -+ return errors.New("encryption failed") -+ } -+ return nil -+ }) ++func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { ++ h, err := hashFuncHash(fh) + if err != nil { + return nil, err + } -+ defer cfRelease(unsafe.Pointer(encryptedDataRef)) ++ md := hashToMD(h) ++ if md == nil { ++ return nil, errors.New("unsupported hash function") ++ } ++ out := make([]byte, keyLen) ++ switch major() { ++ case 1: ++ if _, err = ossl.PKCS5_PBKDF2_HMAC(password, salt, int32(iter), md, out); err != nil { ++ return nil, err ++ } ++ default: ++ kdf, err := fetchPBKDF2() ++ if err != nil { ++ return nil, err ++ } ++ ctx, err := ossl.EVP_KDF_CTX_new(kdf) ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.EVP_KDF_CTX_free(ctx) + -+ return cfDataToBytes(encryptedDataRef), nil -+} ++ bld := newParamBuilder() ++ defer bld.finalize() ++ bld.addOctetString(_OSSL_KDF_PARAM_PASSWORD, password) ++ bld.addOctetString(_OSSL_KDF_PARAM_SALT, salt) ++ bld.addInt32(_OSSL_KDF_PARAM_ITER, int32(iter)) ++ bld.addInt32(_OSSL_KDF_PARAM_PKCS5, 1) // disable SP800-132 compliance checks, they are done at the crypto/pbkdf2 level ++ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) ++ params, err := bld.build() ++ if err != nil { ++ return nil, err ++ } ++ defer ossl.OSSL_PARAM_free(params) + -+// Decrypt decrypts a ciphertext using a given key and algorithm. -+func evpDecrypt(withKey withKeyFunc, algorithmType algorithmType, ciphertext []byte, hash hash.Hash) ([]byte, error) { -+ var cryptoHash crypto.Hash -+ if hash != nil { -+ var err error -+ cryptoHash, err = hashToCryptoHash(hash) ++ _, err = ossl.EVP_KDF_derive(ctx, out, params) + if err != nil { + return nil, err + } + } -+ algorithm, err := selectAlgorithm(cryptoHash, algorithmType) -+ if err != nil { -+ return nil, err -+ } + -+ msg := bytesToCFData(ciphertext) ++ return out, nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/provideropenssl.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/provideropenssl.go +new file mode 100644 +index 00000000000000..f6a4b1ac20b654 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/provideropenssl.go +@@ -0,0 +1,250 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+ var decryptedDataRef security.CFDataRef -+ var cfErr security.CFErrorRef -+ err = withKey(func(key security.SecKeyRef) error { -+ if security.SecKeyIsAlgorithmSupported(key, security.KSecKeyOperationTypeDecrypt, algorithm) != 1 { -+ return errors.New("algorithm not supported by the key") -+ } -+ decryptedDataRef = security.SecKeyCreateDecryptedData(key, algorithm, msg, &cfErr) -+ if decryptedDataRef == nil { -+ return errors.New("decryption failed") -+ } -+ return nil -+ }) ++package openssl + -+ if err := goCFErrorRef(cfErr); err != nil { -+ return nil, err -+ } ++import ( ++ "crypto" ++ "errors" ++ "unsafe" + -+ if err != nil { -+ return nil, err -+ } -+ defer cfRelease(unsafe.Pointer(decryptedDataRef)) ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+ return cfDataToBytes(decryptedDataRef), nil ++// This file contains code specific to the built-in OpenSSL providers. ++ ++// _OSSL_MD5_CTX layout is taken from ++// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/md5.h#L33. ++type _OSSL_MD5_CTX struct { ++ h [4]uint32 ++ nl, nh uint32 ++ x [64]byte ++ nx uint32 +} + -+func evpSign(withKey withKeyFunc, algorithmType algorithmType, hash crypto.Hash, hashed []byte) ([]byte, error) { -+ algorithm, err := selectAlgorithm(hash, algorithmType) -+ if err != nil { -+ return nil, err -+ } ++func (d *_OSSL_MD5_CTX) UnmarshalBinary(b []byte) error { ++ b, d.h[0] = consumeUint32(b) ++ b, d.h[1] = consumeUint32(b) ++ b, d.h[2] = consumeUint32(b) ++ b, d.h[3] = consumeUint32(b) ++ b = b[copy(d.x[:], b):] ++ _, n := consumeUint64(b) ++ d.nl = uint32(n << 3) ++ d.nh = uint32(n >> 29) ++ d.nx = uint32(n) % 64 ++ return nil ++} + -+ var signedDataRef security.CFDataRef -+ var cfErr security.CFErrorRef -+ err = withKey(func(key security.SecKeyRef) error { -+ if security.SecKeyIsAlgorithmSupported(key, security.KSecKeyOperationTypeSign, algorithm) != 1 { -+ return errors.New("algorithm not supported by the key") -+ } -+ signedDataRef = security.SecKeyCreateSignature(key, algorithm, bytesToCFData(hashed), &cfErr) -+ if signedDataRef == nil { -+ return errors.New("signing failed") -+ } -+ return nil -+ }) ++func (d *_OSSL_MD5_CTX) AppendBinary(buf []byte) ([]byte, error) { ++ buf = appendUint32(buf, d.h[0]) ++ buf = appendUint32(buf, d.h[1]) ++ buf = appendUint32(buf, d.h[2]) ++ buf = appendUint32(buf, d.h[3]) ++ buf = append(buf, d.x[:d.nx]...) ++ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) ++ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) ++ return buf, nil ++} + -+ if err := goCFErrorRef(cfErr); err != nil { -+ return nil, err -+ } ++// _OSSL_SHA_CTX layout is taken from ++// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L34. ++type _OSSL_SHA_CTX struct { ++ h [5]uint32 ++ nl, nh uint32 ++ x [64]byte ++ nx uint32 ++} + -+ if err != nil { -+ return nil, err -+ } -+ defer cfRelease(unsafe.Pointer(signedDataRef)) ++func (d *_OSSL_SHA_CTX) UnmarshalBinary(b []byte) error { ++ b, d.h[0] = consumeUint32(b) ++ b, d.h[1] = consumeUint32(b) ++ b, d.h[2] = consumeUint32(b) ++ b, d.h[3] = consumeUint32(b) ++ b, d.h[4] = consumeUint32(b) ++ b = b[copy(d.x[:], b):] ++ _, n := consumeUint64(b) ++ d.nl = uint32(n << 3) ++ d.nh = uint32(n >> 29) ++ d.nx = uint32(n) % 64 ++ return nil ++} + -+ return cfDataToBytes(signedDataRef), nil ++func (d *_OSSL_SHA_CTX) AppendBinary(buf []byte) ([]byte, error) { ++ buf = appendUint32(buf, d.h[0]) ++ buf = appendUint32(buf, d.h[1]) ++ buf = appendUint32(buf, d.h[2]) ++ buf = appendUint32(buf, d.h[3]) ++ buf = appendUint32(buf, d.h[4]) ++ buf = append(buf, d.x[:d.nx]...) ++ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) ++ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) ++ return buf, nil +} + -+func evpVerify(withKey withKeyFunc, algorithmType algorithmType, hash crypto.Hash, hashed, signature []byte) error { -+ algorithm, err := selectAlgorithm(hash, algorithmType) -+ if err != nil { -+ return err -+ } ++// _OSSL_SHA256_CTX layout is taken from ++// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L51. ++type _OSSL_SHA256_CTX struct { ++ h [8]uint32 ++ nl, nh uint32 ++ x [64]byte ++ nx uint32 ++} + -+ var cfErr security.CFErrorRef -+ err = withKey(func(key security.SecKeyRef) error { -+ if security.SecKeyIsAlgorithmSupported(key, security.KSecKeyOperationTypeVerify, algorithm) != 1 { -+ return errors.New("algorithm not supported by the key") ++func (d *_OSSL_SHA256_CTX) UnmarshalBinary(b []byte) error { ++ b, d.h[0] = consumeUint32(b) ++ b, d.h[1] = consumeUint32(b) ++ b, d.h[2] = consumeUint32(b) ++ b, d.h[3] = consumeUint32(b) ++ b, d.h[4] = consumeUint32(b) ++ b, d.h[5] = consumeUint32(b) ++ b, d.h[6] = consumeUint32(b) ++ b, d.h[7] = consumeUint32(b) ++ b = b[copy(d.x[:], b):] ++ _, n := consumeUint64(b) ++ d.nl = uint32(n << 3) ++ d.nh = uint32(n >> 29) ++ d.nx = uint32(n) % 64 ++ return nil ++} ++ ++func (d *_OSSL_SHA256_CTX) AppendBinary(buf []byte) ([]byte, error) { ++ buf = appendUint32(buf, d.h[0]) ++ buf = appendUint32(buf, d.h[1]) ++ buf = appendUint32(buf, d.h[2]) ++ buf = appendUint32(buf, d.h[3]) ++ buf = appendUint32(buf, d.h[4]) ++ buf = appendUint32(buf, d.h[5]) ++ buf = appendUint32(buf, d.h[6]) ++ buf = appendUint32(buf, d.h[7]) ++ buf = append(buf, d.x[:d.nx]...) ++ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) ++ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) ++ return buf, nil ++} ++ ++// _OSSL_SHA512_CTX layout is taken from ++// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L95. ++type _OSSL_SHA512_CTX struct { ++ h [8]uint64 ++ nl, nh uint64 ++ x [128]byte ++ nx uint32 ++} ++ ++func (d *_OSSL_SHA512_CTX) UnmarshalBinary(b []byte) error { ++ b, d.h[0] = consumeUint64(b) ++ b, d.h[1] = consumeUint64(b) ++ b, d.h[2] = consumeUint64(b) ++ b, d.h[3] = consumeUint64(b) ++ b, d.h[4] = consumeUint64(b) ++ b, d.h[5] = consumeUint64(b) ++ b, d.h[6] = consumeUint64(b) ++ b, d.h[7] = consumeUint64(b) ++ b = b[copy(d.x[:], b):] ++ _, n := consumeUint64(b) ++ d.nl = n << 3 ++ d.nh = n >> 61 ++ d.nx = uint32(n) % 128 ++ return nil ++} ++ ++func (d *_OSSL_SHA512_CTX) AppendBinary(buf []byte) ([]byte, error) { ++ buf = appendUint64(buf, d.h[0]) ++ buf = appendUint64(buf, d.h[1]) ++ buf = appendUint64(buf, d.h[2]) ++ buf = appendUint64(buf, d.h[3]) ++ buf = appendUint64(buf, d.h[4]) ++ buf = appendUint64(buf, d.h[5]) ++ buf = appendUint64(buf, d.h[6]) ++ buf = appendUint64(buf, d.h[7]) ++ buf = append(buf, d.x[:d.nx]...) ++ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) ++ buf = appendUint64(buf, d.nl>>3|d.nh<<61) ++ return buf, nil ++} ++ ++func getOSSLDigetsContext(ctx ossl.EVP_MD_CTX_PTR) unsafe.Pointer { ++ switch major() { ++ case 1: ++ // https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/crypto/evp/evp_local.h#L12. ++ type mdCtx struct { ++ _ [2]unsafe.Pointer ++ _ uint32 ++ md_data unsafe.Pointer ++ } ++ return (*mdCtx)(unsafe.Pointer(ctx)).md_data ++ case 3: ++ // The EVP_MD_CTX memory layout has changed in OpenSSL 3 ++ // and the property holding the internal structure is no longer md_data but algctx. ++ // https://github.com/openssl/openssl/blob/5675a5aaf6a2e489022bcfc18330dae9263e598e/crypto/evp/evp_local.h#L16. ++ type mdCtx struct { ++ _ [3]unsafe.Pointer ++ _ uint32 ++ _ [3]unsafe.Pointer ++ algctx unsafe.Pointer + } -+ if security.SecKeyVerifySignature(key, algorithm, bytesToCFData(hashed), bytesToCFData(signature), &cfErr) != 1 { -+ return errors.New("verification failed") ++ return (*mdCtx)(unsafe.Pointer(ctx)).algctx ++ case 4: ++ // OpenSSL 4 removed the ENGINE, md_data, and update fields from EVP_MD_CTX. ++ // https://github.com/openssl/openssl/blob/openssl-4.0.0-alpha1/crypto/evp/evp_local.h ++ type mdCtx struct { ++ _ [2]unsafe.Pointer // reqdigest, digest ++ _ uint32 // flags ++ _ unsafe.Pointer // pctx ++ algctx unsafe.Pointer + } -+ return nil -+ }) -+ -+ if err := goCFErrorRef(cfErr); err != nil { -+ return err ++ return (*mdCtx)(unsafe.Pointer(ctx)).algctx ++ default: ++ panic(errUnsupportedVersion()) + } -+ -+ return err +} + -+// hashToCryptoHash converts a hash.Hash to a crypto.Hash. -+func hashToCryptoHash(hash hash.Hash) (crypto.Hash, error) { -+ switch h := hash.(type) { -+ case *Hash: -+ return h.alg.ch, nil ++var errHashStateInvalid = errors.New("openssl: can't retrieve hash state") ++ ++func osslHashAppendBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, buf []byte) ([]byte, error) { ++ algctx := getOSSLDigetsContext(ctx) ++ if algctx == nil { ++ return nil, errHashStateInvalid ++ } ++ buf = append(buf, magic...) ++ switch ch { ++ case crypto.MD5: ++ d := (*_OSSL_MD5_CTX)(unsafe.Pointer(algctx)) ++ return d.AppendBinary(buf) ++ case crypto.SHA1: ++ d := (*_OSSL_SHA_CTX)(unsafe.Pointer(algctx)) ++ return d.AppendBinary(buf) ++ case crypto.SHA224, crypto.SHA256: ++ d := (*_OSSL_SHA256_CTX)(unsafe.Pointer(algctx)) ++ return d.AppendBinary(buf) ++ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: ++ d := (*_OSSL_SHA512_CTX)(unsafe.Pointer(algctx)) ++ return d.AppendBinary(buf) + default: -+ return 0, errors.New("unsupported hash function") ++ panic("unsupported hash " + ch.String()) + } +} + -+// selectAlgorithm selects the appropriate SecKeyAlgorithm based on hash and algorithm type. -+func selectAlgorithm(hash crypto.Hash, algorithmType algorithmType) (security.CFStringRef, error) { -+ var algo security.CFStringRef -+ switch algorithmType { -+ case algorithmTypePSS: -+ switch hash { -+ case crypto.SHA1: -+ algo = security.KSecKeyAlgorithmRSASignatureDigestPSSSHA1 -+ case crypto.SHA224: -+ algo = security.KSecKeyAlgorithmRSASignatureDigestPSSSHA224 -+ case crypto.SHA256: -+ algo = security.KSecKeyAlgorithmRSASignatureDigestPSSSHA256 -+ case crypto.SHA384: -+ algo = security.KSecKeyAlgorithmRSASignatureDigestPSSSHA384 -+ case crypto.SHA512: -+ algo = security.KSecKeyAlgorithmRSASignatureDigestPSSSHA512 -+ default: -+ return nil, errors.New("unsupported PSS hash: " + hash.String()) -+ } -+ case algorithmTypeRAW: -+ algo = security.KSecKeyAlgorithmRSAEncryptionRaw -+ case algorithmTypePKCS1v15Enc: -+ return security.KSecKeyAlgorithmRSAEncryptionPKCS1, nil -+ case algorithmTypePKCS1v15Sig: -+ switch hash { -+ case crypto.SHA1: -+ algo = security.KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 -+ case crypto.SHA224: -+ algo = security.KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 -+ case crypto.SHA256: -+ algo = security.KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 -+ case crypto.SHA384: -+ algo = security.KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 -+ case crypto.SHA512: -+ algo = security.KSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 -+ case 0: -+ algo = security.KSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw -+ default: -+ return nil, errors.New("unsupported PKCS1v15 hash: " + hash.String()) -+ } -+ case algorithmTypeOAEP: -+ switch hash { -+ case crypto.SHA1: -+ algo = security.KSecKeyAlgorithmRSAEncryptionOAEPSHA1 -+ case crypto.SHA224: -+ algo = security.KSecKeyAlgorithmRSAEncryptionOAEPSHA224 -+ case crypto.SHA256: -+ algo = security.KSecKeyAlgorithmRSAEncryptionOAEPSHA256 -+ case crypto.SHA384: -+ algo = security.KSecKeyAlgorithmRSAEncryptionOAEPSHA384 -+ case crypto.SHA512: -+ algo = security.KSecKeyAlgorithmRSAEncryptionOAEPSHA512 -+ default: -+ return nil, errors.New("unsupported OAEP hash: " + hash.String()) -+ } -+ case algorithmTypeECDSA: -+ return security.KSecKeyAlgorithmECDSASignatureDigestX962, nil ++func osslHashUnmarshalBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, b []byte) error { ++ algctx := getOSSLDigetsContext(ctx) ++ if algctx == nil { ++ return errHashStateInvalid ++ } ++ b = b[len(magic):] ++ switch ch { ++ case crypto.MD5: ++ d := (*_OSSL_MD5_CTX)(unsafe.Pointer(algctx)) ++ return d.UnmarshalBinary(b) ++ case crypto.SHA1: ++ d := (*_OSSL_SHA_CTX)(unsafe.Pointer(algctx)) ++ return d.UnmarshalBinary(b) ++ case crypto.SHA224, crypto.SHA256: ++ d := (*_OSSL_SHA256_CTX)(unsafe.Pointer(algctx)) ++ return d.UnmarshalBinary(b) ++ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: ++ d := (*_OSSL_SHA512_CTX)(unsafe.Pointer(algctx)) ++ return d.UnmarshalBinary(b) + default: -+ return nil, errors.New("unsupported algorithm type: " + strconv.Itoa(int(algorithmType))) ++ panic("unsupported hash " + ch.String()) + } -+ return algo, nil +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/providersymcrypt.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/providersymcrypt.go +new file mode 100644 +index 00000000000000..1fc14f756a0ce4 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/providersymcrypt.go +@@ -0,0 +1,331 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+// bytesToCFData turns a byte slice into a CFDataRef. Caller then "owns" the -+// CFDataRef and must CFRelease the CFDataRef when done. -+func bytesToCFData(buf []byte) security.CFDataRef { -+ return security.CFDataCreate(security.KCFAllocatorDefault, buf) -+} ++package openssl + -+// cfDataToBytes turns a CFDataRef into a byte slice. -+func cfDataToBytes(cfData security.CFDataRef) []byte { -+ // TODO: remove this allocation -+ return slices.Clone(unsafe.Slice(security.CFDataGetBytePtr(cfData), security.CFDataGetLength(cfData))) ++import ( ++ "crypto" ++ "errors" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) ++ ++// This file contains code specific to the SymCrypt provider. ++ ++const ( ++ _SCOSSL_DIGEST_PARAM_STATE cString = "state\x00" ++ _SCOSSL_DIGEST_PARAM_RECOMPUTE_CHECKSUM cString = "recompute_checksum\x00" ++) ++ ++const ( ++ _SYMCRYPT_BLOB_MAGIC = 0x636D7973 // "cysm" in little-endian ++ ++ _SymCryptBlobTypeHashState = 0x100 ++ _SymCryptBlobTypeMd2State = _SymCryptBlobTypeHashState + 1 ++ _SymCryptBlobTypeMd4State = _SymCryptBlobTypeHashState + 2 ++ _SymCryptBlobTypeMd5State = _SymCryptBlobTypeHashState + 3 ++ _SymCryptBlobTypeSha1State = _SymCryptBlobTypeHashState + 4 ++ _SymCryptBlobTypeSha256State = _SymCryptBlobTypeHashState + 5 ++ _SymCryptBlobTypeSha384State = _SymCryptBlobTypeHashState + 6 ++ _SymCryptBlobTypeSha512State = _SymCryptBlobTypeHashState + 7 ++ _SymCryptBlobTypeSha3_256State = _SymCryptBlobTypeHashState + 8 ++ _SymCryptBlobTypeSha3_384State = _SymCryptBlobTypeHashState + 9 ++ _SymCryptBlobTypeSha3_512State = _SymCryptBlobTypeHashState + 10 ++ _SymCryptBlobTypeSha224State = _SymCryptBlobTypeHashState + 11 ++ _SymCryptBlobTypeSha512_224State = _SymCryptBlobTypeHashState + 12 ++ _SymCryptBlobTypeSha512_256State = _SymCryptBlobTypeHashState + 13 ++ _SymCryptBlobTypeSha3_224State = _SymCryptBlobTypeHashState + 14 ++ ++ _SYMCRYPT_MD5_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_MD5_STATE_EXPORT_BLOB{})) ++ _SYMCRYPT_SHA1_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_SHA1_STATE_EXPORT_BLOB{})) ++ _SYMCRYPT_SHA256_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_SHA256_STATE_EXPORT_BLOB{})) ++ _SYMCRYPT_SHA512_STATE_EXPORT_SIZE = uint32(unsafe.Sizeof(_SYMCRYPT_SHA512_STATE_EXPORT_BLOB{})) ++) ++ ++type _SYMCRYPT_BLOB_HEADER struct { ++ magic uint32 ++ size uint32 ++ _type uint32 +} + -+// cfRelease releases a CoreFoundation object. -+func cfRelease(ref unsafe.Pointer) { -+ security.CFRelease(security.CFTypeRef(ref)) ++type _SYMCRYPT_BLOB_TRAILER struct { ++ checksum [8]uint8 +} + -+// createSecKeyWithData creates a SecKey from the provided encoded key and attributes dictionary. -+func createSecKeyWithData(encodedKey []byte, keyType, keyClass security.CFStringRef) (security.SecKeyRef, error) { -+ encodedKeyCF := security.CFDataCreate(security.KCFAllocatorDefault, encodedKey) -+ if encodedKeyCF == nil { -+ return nil, errors.New("xcrypto: failed to create CFData for private key") -+ } -+ defer security.CFRelease(security.CFTypeRef(encodedKeyCF)) ++// _UINT64 is a 64-bit unsigned integer, stored in native endianess. ++// It is used to represent a SymCrypt UINT64 type without making the ++// parent struct 8-byte aligned, given that the Windows ABI makes ++// the struct 4-byte aligned. ++type _UINT64 [2]uint32 + -+ attrKeys := []security.CFTypeRef{ -+ security.CFTypeRef(security.KSecAttrKeyType), -+ security.CFTypeRef(security.KSecAttrKeyClass), ++func newUINT64(v uint64) _UINT64 { ++ var u _UINT64 ++ if isBigEndian() { ++ u[0], u[1] = uint32(v>>32), uint32(v) ++ } else { ++ u[0], u[1] = uint32(v), uint32(v>>32) + } ++ return u ++} + -+ attrValues := []security.CFTypeRef{ -+ security.CFTypeRef(keyType), -+ security.CFTypeRef(keyClass), ++func (u *_UINT64) uint64() uint64 { ++ if isBigEndian() { ++ return uint64(u[0])<<32 | (uint64(u[1])) + } ++ return uint64(u[0]) | (uint64(u[1]) << 32) ++} + -+ // Create attributes dictionary for the key -+ attrDict := security.CFDictionaryCreate( -+ security.KCFAllocatorDefault, -+ (*unsafe.Pointer)(unsafe.Pointer(&attrKeys[0])), -+ (*unsafe.Pointer)(unsafe.Pointer(&attrValues[0])), -+ security.CFIndex(len(attrKeys)), -+ nil, -+ nil, -+ ) -+ if attrDict == nil { -+ return nil, errors.New("xcrypto: failed to create attributes dictionary") ++// symCryptAppendBinary appends the binary representation of a SymCrypt state ++// to the given destination slice. ++func symCryptAppendBinary(dst, chain, buffer []byte, blength _UINT64) []byte { ++ length := blength.uint64() ++ var nx uint64 ++ if len(buffer) <= 64 { ++ nx = length & 0x3f ++ } else { ++ nx = length & 0x7f + } -+ defer security.CFRelease(security.CFTypeRef(attrDict)) ++ dst = append(dst, chain...) ++ dst = append(dst, buffer[:nx]...) ++ dst = append(dst, make([]byte, len(buffer)-int(nx))...) ++ dst = appendUint64(dst, length) ++ return dst ++} + -+ // Generate the SecKey -+ var errorRef security.CFErrorRef -+ key := security.SecKeyCreateWithData(encodedKeyCF, attrDict, &errorRef) -+ if err := goCFErrorRef(errorRef); err != nil { -+ return nil, err -+ } -+ return key, nil ++// symCryptUnmarshalBinary unmarshals the binary representation of a SymCrypt state ++// from the given source slice. It returns the length of the data. ++func symCryptUnmarshalBinary(d []byte, chain, buffer []byte) _UINT64 { ++ copy(chain[:], d) ++ d = d[len(chain):] ++ copy(buffer[:], d) ++ d = d[len(buffer):] ++ _, length := consumeUint64(d) ++ return newUINT64(length) +} + -+// createSecKeyRandom creates a new SecKey with the provided attributes dictionary. -+func createSecKeyRandom(keyType security.CFStringRef, keySize int) ([]byte, security.SecKeyRef, error) { -+ keyAttrs := security.CFDictionaryCreateMutable(security.KCFAllocatorDefault, 0, nil, nil) -+ if keyAttrs == nil { -+ return nil, nil, errors.New("failed to create key attributes dictionary") ++// swapEndianessUint32 swaps the endianness of the given byte slice ++// in place. It assumes the slice is a backup of a 32-bit integer array. ++func swapEndianessUint32(d []uint8) { ++ for i := 0; i < len(d); i += 4 { ++ d[i], d[i+3] = d[i+3], d[i] ++ d[i+1], d[i+2] = d[i+2], d[i+1] + } -+ defer security.CFRelease(security.CFTypeRef(keyAttrs)) -+ -+ security.CFDictionarySetValue( -+ keyAttrs, -+ unsafe.Pointer(security.KSecAttrKeyType), -+ unsafe.Pointer(keyType), -+ ) + -+ cfNum := security.CFNumberCreate(security.KCFAllocatorDefault, security.KCFNumberLongType, unsafe.Pointer(&keySize)) -+ defer security.CFRelease(security.CFTypeRef(cfNum)) ++} + -+ security.CFDictionarySetValue( -+ keyAttrs, -+ unsafe.Pointer(security.KSecAttrKeySizeInBits), -+ unsafe.Pointer(cfNum), -+ ) ++type _SYMCRYPT_MD5_STATE_EXPORT_BLOB struct { ++ header _SYMCRYPT_BLOB_HEADER ++ chain [16]uint8 // little endian ++ length _UINT64 // native endian ++ buffer [64]uint8 ++ _ [8]uint8 // reserved ++ _ _SYMCRYPT_BLOB_TRAILER ++} + -+ // Generate the private key -+ var errorRef security.CFErrorRef -+ privKeyRef := security.SecKeyCreateRandomKey(security.CFDictionaryRef(keyAttrs), &errorRef) -+ if err := goCFErrorRef(errorRef); err != nil { -+ return nil, nil, err -+ } ++func (b *_SYMCRYPT_MD5_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { ++ // b.chain is little endian, but Go expects big endian, ++ // we need to swap the bytes. ++ swapEndianessUint32(b.chain[:]) ++ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.length), nil ++} + -+ // Export the private key as DER -+ privData := security.SecKeyCopyExternalRepresentation(privKeyRef, &errorRef) -+ if err := goCFErrorRef(errorRef); err != nil { -+ return nil, nil, err -+ } -+ defer security.CFRelease(security.CFTypeRef(privData)) ++func (b *_SYMCRYPT_MD5_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { ++ b.length = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) ++ swapEndianessUint32(b.chain[:]) ++} + -+ privKeyDER := cfDataToBytes(privData) -+ if privKeyDER == nil { -+ return nil, nil, errors.New("failed to convert CFData to bytes") -+ } -+ return privKeyDER, privKeyRef, nil ++type _SYMCRYPT_SHA1_STATE_EXPORT_BLOB struct { ++ header _SYMCRYPT_BLOB_HEADER ++ chain [20]uint8 // big endian ++ length _UINT64 // native endian ++ buffer [64]uint8 ++ _ [8]uint8 // reserved ++ _ _SYMCRYPT_BLOB_TRAILER +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/gcm.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/gcm.go -new file mode 100644 -index 00000000000000..82a961d974f129 ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/gcm.go -@@ -0,0 +1,218 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. + -+//go:build darwin ++func (b *_SYMCRYPT_SHA1_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { ++ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.length), nil ++} + -+package xcrypto ++func (b *_SYMCRYPT_SHA1_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { ++ b.length = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) ++} + -+import ( -+ "crypto/cipher" -+ "errors" ++type _SYMCRYPT_SHA256_STATE_EXPORT_BLOB struct { ++ header _SYMCRYPT_BLOB_HEADER ++ chain [32]uint8 // big endian ++ length _UINT64 // native endian ++ buffer [64]uint8 ++ _ [8]uint8 // reserved ++ _ _SYMCRYPT_BLOB_TRAILER ++} + -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) ++func (b *_SYMCRYPT_SHA256_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { ++ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.length), nil ++} + -+type aesGCM struct { -+ key []byte -+ tls cipherGCMTLS -+ // minNextNonce is the minimum value that the next nonce can be, enforced by -+ // all TLS modes. -+ minNextNonce uint64 -+ // mask is the nonce mask used in TLS 1.3 mode. -+ mask uint64 -+ // maskInitialized is true if mask has been initialized. This happens during -+ // the first Seal. The initialized mask may be 0. Used by TLS 1.3 mode. -+ maskInitialized bool ++func (b *_SYMCRYPT_SHA256_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { ++ b.length = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) +} + -+type noGCM struct { -+ cipher.Block ++type _SYMCRYPT_SHA512_STATE_EXPORT_BLOB struct { ++ header _SYMCRYPT_BLOB_HEADER ++ chain [64]uint8 // big endian ++ lengthL _UINT64 // native endian ++ lengthH _UINT64 // native endian ++ buffer [128]uint8 ++ _ [8]uint8 // reserved ++ _ _SYMCRYPT_BLOB_TRAILER +} + -+// NewGCM constructs a GCM block mode for AES using the cryptokit package -+func (c *aesCipher) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) { -+ if nonceSize != gcmStandardNonceSize && tagSize != gcmTagSize { -+ return nil, errors.New("crypto/aes: GCM tag and nonce sizes can't be non-standard at the same time") -+ } -+ // Fall back to standard library for GCM with non-standard nonce or tag size. -+ if nonceSize != gcmStandardNonceSize { -+ return cipher.NewGCMWithNonceSize(&noGCM{c}, nonceSize) -+ } -+ if tagSize != gcmTagSize { -+ return cipher.NewGCMWithTagSize(&noGCM{c}, tagSize) ++func (b *_SYMCRYPT_SHA512_STATE_EXPORT_BLOB) appendBinary(d []byte) ([]byte, error) { ++ if b.lengthH.uint64() != 0 { ++ return nil, errors.New("exporting state with more than 2^63-1 bytes of data is not supported") + } -+ return &aesGCM{key: c.key, tls: cipherGCMTLSNone}, nil ++ return symCryptAppendBinary(d, b.chain[:], b.buffer[:], b.lengthL), nil +} + -+func (g *aesGCM) NonceSize() int { return gcmStandardNonceSize } -+ -+func (g *aesGCM) Overhead() int { return gcmTagSize } ++func (b *_SYMCRYPT_SHA512_STATE_EXPORT_BLOB) unmarshalBinary(d []byte) { ++ b.lengthL = symCryptUnmarshalBinary(d, b.chain[:], b.buffer[:]) ++} + -+func (g *aesGCM) Seal(dst, nonce, plaintext, additionalData []byte) []byte { -+ if len(nonce) != gcmStandardNonceSize { -+ panic("cipher: incorrect nonce length given to GCM") ++func symCryptHashAppendBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, buf []byte) ([]byte, error) { ++ size, typ := symCryptHashStateInfo(ch) ++ state := make([]byte, size, _SYMCRYPT_SHA512_STATE_EXPORT_SIZE) // 512 is the largest size ++ params := [2]ossl.OSSL_PARAM{ ++ ossl.OSSL_PARAM_construct_octet_string(_SCOSSL_DIGEST_PARAM_STATE.ptr(), unsafe.Pointer(&state[0]), len(state)), ++ ossl.OSSL_PARAM_construct_end(), + } -+ if uint64(len(plaintext)) > ((1<<32)-2)*aesBlockSize || len(plaintext)+gcmTagSize < len(plaintext) { -+ panic("cipher: message too large for GCM") ++ if _, err := ossl.EVP_MD_CTX_get_params(ctx, (ossl.OSSL_PARAM_PTR)(unsafe.Pointer(¶ms[0]))); err != nil { ++ return nil, err + } -+ if len(dst)+len(plaintext)+gcmTagSize < len(dst) { -+ panic("cipher: message too large for buffer") ++ if !ossl.OSSL_PARAM_modified(¶ms[0]) { ++ return nil, errors.New("EVP_MD_CTX_get_params did not retrieve the state") + } + -+ if g.tls != cipherGCMTLSNone { -+ if g.tls == cipherGCMTLS12 && len(additionalData) != gcmTls12AddSize { -+ panic("cipher: incorrect additional data length given to GCM TLS 1.2") -+ } else if g.tls == cipherGCMTLS13 && len(additionalData) != gcmTls13AddSize { -+ panic("cipher: incorrect additional data length given to GCM TLS 1.3") -+ } -+ counter := bigUint64(nonce[gcmTlsFixedNonceSize:]) -+ -+ // TLS 1.3 Masking -+ if g.tls == cipherGCMTLS13 { -+ if !g.maskInitialized { -+ g.mask = counter -+ g.maskInitialized = true -+ } -+ // Apply mask to the counter -+ counter ^= g.mask -+ } ++ header := (*_SYMCRYPT_BLOB_HEADER)(unsafe.Pointer(&state[0])) ++ if header.magic != _SYMCRYPT_BLOB_MAGIC { ++ return nil, errors.New("invalid blob magic") ++ } ++ if header.size != size { ++ return nil, errors.New("invalid blob size") ++ } ++ if header._type != typ { ++ return nil, errors.New("invalid blob type") ++ } + -+ // Enforce monotonicity and max limit -+ const maxUint64 = 1<<64 - 1 -+ if counter == maxUint64 { -+ panic("cipher: nonce counter must be less than 2^64 - 1") -+ } -+ if counter < g.minNextNonce { -+ panic("cipher: nonce counter must be strictly monotonically increasing") -+ } ++ buf = append(buf, magic...) ++ switch ch { ++ case crypto.MD5: ++ blob := (*_SYMCRYPT_MD5_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) ++ return blob.appendBinary(buf) ++ case crypto.SHA1: ++ blob := (*_SYMCRYPT_SHA1_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) ++ return blob.appendBinary(buf) ++ case crypto.SHA224, crypto.SHA256: ++ blob := (*_SYMCRYPT_SHA256_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) ++ return blob.appendBinary(buf) ++ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: ++ blob := (*_SYMCRYPT_SHA512_STATE_EXPORT_BLOB)(unsafe.Pointer(&state[0])) ++ return blob.appendBinary(buf) ++ default: ++ panic("unsupported hash " + ch.String()) ++ } ++} + -+ defer func() { -+ g.minNextNonce = counter + 1 -+ }() ++func symCryptHashUnmarshalBinary(ctx ossl.EVP_MD_CTX_PTR, ch crypto.Hash, magic string, b []byte) error { ++ size, typ := symCryptHashStateInfo(ch) ++ hdr := _SYMCRYPT_BLOB_HEADER{ ++ magic: _SYMCRYPT_BLOB_MAGIC, ++ size: size, ++ _type: typ, ++ } ++ var blobPtr unsafe.Pointer ++ b = b[len(magic):] ++ switch ch { ++ case crypto.MD5: ++ var blob _SYMCRYPT_MD5_STATE_EXPORT_BLOB ++ blobPtr = unsafe.Pointer(&blob) ++ blob.header = hdr ++ blob.unmarshalBinary(b) ++ case crypto.SHA1: ++ var blob _SYMCRYPT_SHA1_STATE_EXPORT_BLOB ++ blobPtr = unsafe.Pointer(&blob) ++ blob.header = hdr ++ blob.unmarshalBinary(b) ++ case crypto.SHA224, crypto.SHA256: ++ var blob _SYMCRYPT_SHA256_STATE_EXPORT_BLOB ++ blobPtr = unsafe.Pointer(&blob) ++ blob.header = hdr ++ blob.unmarshalBinary(b) ++ case crypto.SHA384, crypto.SHA512_224, crypto.SHA512_256, crypto.SHA512: ++ var blob _SYMCRYPT_SHA512_STATE_EXPORT_BLOB ++ blobPtr = unsafe.Pointer(&blob) ++ blob.header = hdr ++ blob.unmarshalBinary(b) ++ default: ++ panic("unsupported hash " + ch.String()) + } -+ -+ // Make room in dst to append plaintext+overhead. -+ ret, out := sliceForAppend(dst, len(plaintext)+gcmTagSize) -+ -+ // Check delayed until now to make sure len(dst) is accurate. -+ if inexactOverlap(out, plaintext) { -+ panic("cipher: invalid buffer overlap") ++ var checksum int32 = 1 ++ params := [3]ossl.OSSL_PARAM{ ++ ossl.OSSL_PARAM_construct_octet_string(_SCOSSL_DIGEST_PARAM_STATE.ptr(), blobPtr, int(hdr.size)), ++ ossl.OSSL_PARAM_construct_int32(_SCOSSL_DIGEST_PARAM_RECOMPUTE_CHECKSUM.ptr(), &checksum), ++ ossl.OSSL_PARAM_construct_end(), + } ++ _, err := ossl.EVP_MD_CTX_set_params(ctx, (ossl.OSSL_PARAM_PTR)(unsafe.Pointer(¶ms[0]))) ++ return err ++} + -+ err := cryptokit.EncryptAESGCM( -+ g.key, -+ plaintext, -+ nonce, -+ additionalData, -+ out[:len(out)-gcmTagSize], -+ out[len(out)-gcmTagSize:], -+ ) -+ if err != 0 { -+ panic("cipher: encryption failed") ++func symCryptHashStateInfo(ch crypto.Hash) (size, typ uint32) { ++ switch ch { ++ case crypto.MD5: ++ return _SYMCRYPT_MD5_STATE_EXPORT_SIZE, _SymCryptBlobTypeMd5State ++ case crypto.SHA1: ++ return _SYMCRYPT_SHA1_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha1State ++ case crypto.SHA224: ++ return _SYMCRYPT_SHA256_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha224State ++ case crypto.SHA256: ++ return _SYMCRYPT_SHA256_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha256State ++ case crypto.SHA384: ++ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha384State ++ case crypto.SHA512_224: ++ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha512_224State ++ case crypto.SHA512_256: ++ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha512_256State ++ case crypto.SHA512: ++ return _SYMCRYPT_SHA512_STATE_EXPORT_SIZE, _SymCryptBlobTypeSha512State ++ default: ++ panic("unsupported hash " + ch.String()) + } -+ return ret +} + -+func (g *aesGCM) SealWithRandomNonce(out, nonce, plaintext, additionalData []byte) { -+ if uint64(len(plaintext)) > uint64((1<<32)-2)*aesBlockSize { -+ panic("crypto/cipher: message too large for GCM") ++// isSymCryptHashStateSerializable checks if the SymCrypt hash state is serializable. ++func isSymCryptHashStateSerializable(md ossl.EVP_MD_PTR) bool { ++ ctx, err := ossl.EVP_MD_CTX_new() ++ if err != nil { ++ return false + } -+ if len(nonce) != gcmStandardNonceSize { -+ panic("crypto/cipher: incorrect nonce length given to GCMWithRandomNonce") ++ defer ossl.EVP_MD_CTX_free(ctx) ++ if _, err := ossl.EVP_DigestInit_ex(ctx, md, nil); err != nil { ++ return false + } -+ if len(out) != len(plaintext)+gcmTagSize { -+ panic("crypto/cipher: incorrect output length given to GCMWithRandomNonce") ++ params, err := ossl.EVP_MD_CTX_gettable_params(ctx) ++ if err != nil { ++ return false + } -+ if inexactOverlap(out, plaintext) { -+ panic("crypto/cipher: invalid buffer overlap of output and input") ++ if _, err = ossl.OSSL_PARAM_locate_const(params, _SCOSSL_DIGEST_PARAM_STATE.ptr()); err != nil { ++ return false + } -+ if anyOverlap(out, additionalData) { -+ panic("crypto/cipher: invalid buffer overlap of output and additional data") ++ params, err = ossl.EVP_MD_CTX_settable_params(ctx) ++ if err != nil { ++ return false + } -+ -+ if g.tls != cipherGCMTLSNone { -+ panic("cipher: TLS 1.2 and 1.3 modes do not support random nonce") ++ if _, err = ossl.OSSL_PARAM_locate_const(params, _SCOSSL_DIGEST_PARAM_STATE.ptr()); err != nil { ++ return false + } -+ -+ // Generate a random nonce -+ RandReader.Read(nonce) -+ err := cryptokit.EncryptAESGCM( -+ g.key, -+ plaintext, -+ nonce, -+ additionalData, -+ out[:len(out)-gcmTagSize], -+ out[len(out)-gcmTagSize:], -+ ) -+ if err != 0 { -+ panic("cipher: encryption failed") ++ if _, err = ossl.OSSL_PARAM_locate_const(params, _SCOSSL_DIGEST_PARAM_RECOMPUTE_CHECKSUM.ptr()); err != nil { ++ return false + } ++ return true +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rand.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rand.go +new file mode 100644 +index 00000000000000..cd8a656a8bae65 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rand.go +@@ -0,0 +1,37 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+func (g *aesGCM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { -+ if len(nonce) != gcmStandardNonceSize { -+ panic("cipher: incorrect nonce length given to GCM") -+ } -+ if len(ciphertext) < gcmTagSize { -+ return nil, errOpen -+ } -+ if uint64(len(ciphertext)) > ((1<<32)-2)*aesBlockSize+gcmTagSize { -+ return nil, errOpen -+ } -+ // BoringCrypto does not do any TLS check when decrypting, neither do we. ++package openssl + -+ // Ensure we don't process if ciphertext lacks both ciphertext and tag -+ if len(ciphertext) < gcmTagSize { -+ return nil, errors.New("decryption failed: ciphertext too short for tag") -+ } ++import ( ++ "math" + -+ tag := ciphertext[len(ciphertext)-gcmTagSize:] -+ ciphertext = ciphertext[:len(ciphertext)-gcmTagSize] ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+ // Make room in dst to append ciphertext without tag. -+ ret, out := sliceForAppend(dst, len(ciphertext)) ++type randReader int + -+ // Check delayed until now to make sure len(dst) is accurate. -+ if inexactOverlap(out, ciphertext) { -+ panic("cipher: invalid buffer overlap") ++func (randReader) Read(b []byte) (int, error) { ++ if len(b) == 0 { ++ return 0, nil + } -+ -+ var decSize int -+ err := cryptokit.DecryptAESGCM( -+ g.key, -+ ciphertext, -+ nonce, -+ additionalData, -+ tag, -+ out, -+ &decSize, -+ ) -+ if err != 0 || int(decSize) != len(ciphertext) { -+ // If the decrypted data size does not match, zero out `out` and return `errOpen` -+ for i := range out { -+ out[i] = 0 ++ switch major() { ++ case 1: ++ if len(b) > math.MaxInt32 { ++ // OpenSSL 1 does not support reading more than 2^31-1 bytes at once. ++ // Instead of erroring out, read only up to 2^31-1 bytes and return ++ // the number of bytes read. ++ b = b[:math.MaxInt32] ++ } ++ if _, err := ossl.RAND_bytes(b); err != nil { ++ return 0, err ++ } ++ default: ++ if _, err := ossl.RAND_bytes_ex(nil, b, 0); err != nil { ++ return 0, err + } -+ return nil, errOpen -+ } -+ return ret, nil -+} -+ -+// NewGCMTLS returns a GCM cipher specific to TLS -+// and should not be used for non-TLS purposes. -+func NewGCMTLS(block cipher.Block) (cipher.AEAD, error) { -+ cipher, ok := block.(*aesCipher) -+ if !ok { -+ return nil, errors.New("crypto/aes: invalid block cipher") + } -+ return &aesGCM{key: cipher.key, tls: cipherGCMTLS12}, nil ++ return len(b), nil +} + -+// NewGCMTLS13 returns a GCM cipher specific to TLS 1.3 and should not be used -+// for non-TLS purposes. -+func NewGCMTLS13(block cipher.Block) (cipher.AEAD, error) { -+ cipher, ok := block.(*aesCipher) -+ if !ok { -+ return nil, errors.New("crypto/aes: invalid block cipher") -+ } -+ return &aesGCM{key: cipher.key, tls: cipherGCMTLS13}, nil -+} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go ++const RandReader = randReader(0) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rc4.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rc4.go new file mode 100644 -index 00000000000000..016827afea2eee +index 00000000000000..37d12ec889a91e --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go -@@ -0,0 +1,337 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rc4.go +@@ -0,0 +1,76 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+//go:build darwin -+ -+package xcrypto ++package openssl + +import ( -+ "crypto" -+ "errors" -+ "hash" + "runtime" -+ "sync" -+ "unsafe" -+ -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) + -+const ( -+ md5 = 1 -+ sha1 = 2 -+ sha256 = 3 -+ sha384 = 4 -+ sha512 = 5 -+ sha3256 = 6 -+ sha3384 = 7 -+ sha3512 = 8 ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++ "github.com/microsoft/go-crypto-openssl/osslsetup" +) + -+type hashAlgorithm struct { -+ id int32 -+ ch crypto.Hash -+ size int -+ blockSize int -+} -+ -+type HashCloner = hash.Cloner -+ -+var cacheHash sync.Map // map[crypto.Hash]*hashAlgorithm -+ -+// supportsSHA3 returns true if SHA-3 is available on this macOS version. -+func supportsSHA3() bool { -+ return cryptokit.SupportsSHA3() == 1 -+} -+ -+// loadHash converts a crypto.Hash to a hashAlgorithm. -+func loadHash(ch crypto.Hash, required bool) *hashAlgorithm { -+ if v, ok := cacheHash.Load(ch); ok { -+ if v == nil && required { -+ panic("cryptokit: " + ch.String() + " not available") -+ } -+ return v.(*hashAlgorithm) -+ } -+ -+ var hash hashAlgorithm -+ hash.ch = ch -+ supported := true -+ -+ switch ch { -+ case crypto.MD5: -+ hash.id = md5 -+ hash.size = int(cryptokit.HashSize(md5)) -+ hash.blockSize = int(cryptokit.HashBlockSize(md5)) -+ case crypto.SHA1: -+ hash.id = sha1 -+ hash.size = int(cryptokit.HashSize(sha1)) -+ hash.blockSize = int(cryptokit.HashBlockSize(sha1)) -+ case crypto.SHA256: -+ hash.id = sha256 -+ hash.size = int(cryptokit.HashSize(sha256)) -+ hash.blockSize = int(cryptokit.HashBlockSize(sha256)) -+ case crypto.SHA384: -+ hash.id = sha384 -+ hash.size = int(cryptokit.HashSize(sha384)) -+ hash.blockSize = int(cryptokit.HashBlockSize(sha384)) -+ case crypto.SHA512: -+ hash.id = sha512 -+ hash.size = int(cryptokit.HashSize(sha512)) -+ hash.blockSize = int(cryptokit.HashBlockSize(sha512)) -+ case crypto.SHA3_256: -+ if !supportsSHA3() { -+ supported = false -+ break -+ } -+ hash.id = sha3256 -+ hash.size = int(cryptokit.HashSize(sha3256)) -+ hash.blockSize = int(cryptokit.HashBlockSize(sha3256)) -+ case crypto.SHA3_384: -+ if !supportsSHA3() { -+ supported = false -+ break -+ } -+ hash.id = sha3384 -+ hash.size = int(cryptokit.HashSize(sha3384)) -+ hash.blockSize = int(cryptokit.HashBlockSize(sha3384)) -+ case crypto.SHA3_512: -+ if !supportsSHA3() { -+ supported = false -+ break -+ } -+ hash.id = sha3512 -+ hash.size = int(cryptokit.HashSize(sha3512)) -+ hash.blockSize = int(cryptokit.HashBlockSize(sha3512)) ++// SupportsRC4 returns true if NewRC4Cipher is supported. ++func SupportsRC4() bool { ++ switch major() { ++ case 1: ++ // RC4 is not part of the OpenSSL 1.x FIPS module. ++ return !osslsetup.FIPS() && loadCipher(cipherRC4, cipherModeNone) != nil + default: -+ supported = false -+ } -+ -+ if !supported { -+ if required { -+ panic("cryptokit: " + ch.String() + " not available") -+ } -+ cacheHash.Store(ch, (*hashAlgorithm)(nil)) -+ return nil ++ // On OpenSSL 3+ availability is decided by the algorithm probe: ++ // EVP_CIPHER_fetch returns nil unless the legacy provider is loaded. ++ return loadCipher(cipherRC4, cipherModeNone) != nil + } -+ -+ cacheHash.Store(ch, &hash) -+ return &hash +} + -+// Hash implements generic hash methods. -+type Hash struct { -+ ptr unsafe.Pointer -+ alg *hashAlgorithm ++// A RC4Cipher is an instance of RC4 using a particular key. ++type RC4Cipher struct { ++ ctx ossl.EVP_CIPHER_CTX_PTR +} + -+// SupportsHash returns true if a hash.Hash implementation is supported for h. -+func SupportsHash(h crypto.Hash) bool { -+ return loadHash(h, false) != nil ++// NewRC4Cipher creates and returns a new Cipher. ++func NewRC4Cipher(key []byte) (*RC4Cipher, error) { ++ ctx, err := newCipherCtx(cipherRC4, cipherModeNone, cipherOpEncrypt, key, nil) ++ if err != nil { ++ return nil, err ++ } ++ c := &RC4Cipher{ctx} ++ runtime.SetFinalizer(c, (*RC4Cipher).finalize) ++ return c, nil +} + -+func newHash(ch crypto.Hash) *Hash { -+ alg := loadHash(ch, true) -+ -+ h := &Hash{ -+ ptr: cryptokit.HashNew(alg.id), -+ alg: alg, ++func (c *RC4Cipher) finalize() { ++ if c.ctx != nil { ++ ossl.EVP_CIPHER_CTX_free(c.ctx) + } -+ -+ runtime.SetFinalizer(h, (*Hash).finalize) -+ -+ return h +} + -+func (h *Hash) finalize() { -+ if h.ptr != nil { -+ cryptokit.HashFree(h.alg.id, h.ptr) -+ h.ptr = nil ++// Reset zeros the key data and makes the Cipher unusable. ++func (c *RC4Cipher) Reset() { ++ if c.ctx != nil { ++ ossl.EVP_CIPHER_CTX_free(c.ctx) ++ c.ctx = nil + } +} + -+func (h *Hash) Clone() (HashCloner, error) { -+ if h.ptr == nil { -+ panic("cryptokit: hash already finalized") ++// XORKeyStream sets dst to the result of XORing src with the key stream. ++// Dst and src must overlap entirely or not at all. ++func (c *RC4Cipher) XORKeyStream(dst, src []byte) { ++ if c.ctx == nil || len(src) == 0 { ++ return + } -+ -+ newHash := &Hash{ -+ ptr: cryptokit.HashCopy(h.alg.id, h.ptr), -+ alg: h.alg, ++ if inexactOverlap(dst[:len(src)], src) { ++ panic("crypto/rc4: invalid buffer overlap") + } -+ -+ runtime.SetFinalizer(newHash, (*Hash).finalize) -+ -+ runtime.KeepAlive(h) -+ -+ return newHash, nil -+} -+ -+func (h *Hash) Write(p []byte) (int, error) { -+ if len(p) == 0 { -+ return 0, nil ++ // panic if len(dst) < len(src) with a runtime out of bound error, ++ // which is what crypto/rc4 does. ++ _ = dst[len(src)-1] ++ var outLen int32 ++ if _, err := ossl.EVP_EncryptUpdate(c.ctx, dst, &outLen, src); err != nil { ++ panic("crypto/rc4: " + err.Error()) + } -+ cryptokit.HashWrite(h.alg.id, h.ptr, p) -+ -+ runtime.KeepAlive(h) -+ -+ return len(p), nil -+} -+ -+func (h *Hash) WriteString(s string) (int, error) { -+ if len(s) == 0 { -+ return 0, nil ++ if int(outLen) != len(src) { ++ panic("crypto/rc4: src not fully XORed") + } -+ cryptokit.HashWrite(h.alg.id, h.ptr, unsafe.Slice(unsafe.StringData(s), len(s))) -+ -+ runtime.KeepAlive(h) -+ -+ return len(s), nil -+} -+ -+func (h *Hash) WriteByte(c byte) error { -+ cryptokit.HashWrite(h.alg.id, h.ptr, unsafe.Slice(&c, 1)) -+ -+ runtime.KeepAlive(h) -+ -+ return nil -+} -+ -+func (h *Hash) Sum(b []byte) []byte { -+ hashSlice := make([]byte, h.alg.size, 64) // explicit cap to allow stack allocation -+ cryptokit.HashSum(h.alg.id, h.ptr, hashSlice) -+ runtime.KeepAlive(h) -+ b = append(b, hashSlice...) -+ return b ++ runtime.KeepAlive(c) +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rsa.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rsa.go +new file mode 100644 +index 00000000000000..36f84902a21ece +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rsa.go +@@ -0,0 +1,712 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+type errMarshallUnsupported struct{} ++package openssl + -+func (e errMarshallUnsupported) Error() string { -+ return "cryptokit: hash state is not marshallable" -+} ++import ( ++ "crypto" ++ "crypto/subtle" ++ "errors" ++ "hash" ++ "runtime" ++ "sync" ++ "unsafe" + -+func (e errMarshallUnsupported) Unwrap() error { -+ return errors.ErrUnsupported -+} ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+func (h *Hash) MarshalBinary() ([]byte, error) { -+ return nil, errMarshallUnsupported{} ++func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { ++ bad := func(e error) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { ++ return nil, nil, nil, nil, nil, nil, nil, nil, e ++ } ++ pkey, err := generateEVPPKey(ossl.EVP_PKEY_RSA, int32(bits), "") ++ if err != nil { ++ return bad(err) ++ } ++ defer ossl.EVP_PKEY_free(pkey) ++ switch major() { ++ case 1: ++ key, err := ossl.EVP_PKEY_get1_RSA(pkey) ++ if err != nil { ++ return bad(err) ++ } ++ defer ossl.RSA_free(key) ++ var n, e, d, p, q, dmp1, dmq1, iqmp ossl.BIGNUM_PTR ++ ossl.RSA_get0_key(key, &n, &e, &d) ++ ossl.RSA_get0_factors(key, &p, &q) ++ ossl.RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp) ++ N, E, D = bnToBig(n), bnToBig(e), bnToBig(d) ++ P, Q = bnToBig(p), bnToBig(q) ++ Dp, Dq, Qinv = bnToBig(dmp1), bnToBig(dmq1), bnToBig(iqmp) ++ case 3, 4: ++ tmp, err := ossl.BN_new() ++ if err != nil { ++ return bad(err) ++ } ++ defer func() { ++ ossl.BN_clear_free(tmp) ++ }() ++ setBigInt := func(bi *BigInt, param cString) bool { ++ if err != nil { ++ return false ++ } ++ if _, err = ossl.EVP_PKEY_get_bn_param(pkey, param.ptr(), &tmp); err != nil { ++ return false ++ } ++ *bi = bnToBig(tmp) ++ ossl.BN_clear(tmp) ++ return true ++ } ++ if !(setBigInt(&N, _OSSL_PKEY_PARAM_RSA_N) && ++ setBigInt(&E, _OSSL_PKEY_PARAM_RSA_E) && ++ setBigInt(&D, _OSSL_PKEY_PARAM_RSA_D) && ++ setBigInt(&P, _OSSL_PKEY_PARAM_RSA_FACTOR1) && ++ setBigInt(&Q, _OSSL_PKEY_PARAM_RSA_FACTOR2) && ++ setBigInt(&Dp, _OSSL_PKEY_PARAM_RSA_EXPONENT1) && ++ setBigInt(&Dq, _OSSL_PKEY_PARAM_RSA_EXPONENT2) && ++ setBigInt(&Qinv, _OSSL_PKEY_PARAM_RSA_COEFFICIENT1)) { ++ return bad(err) ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ return +} + -+func (h *Hash) AppendBinary(b []byte) ([]byte, error) { -+ return nil, errMarshallUnsupported{} ++type PublicKeyRSA struct { ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey ossl.EVP_PKEY_PTR +} + -+func (h *Hash) UnmarshalBinary(data []byte) error { -+ return errMarshallUnsupported{} ++func NewPublicKeyRSA(n, e BigInt) (*PublicKeyRSA, error) { ++ var pkey ossl.EVP_PKEY_PTR ++ switch major() { ++ case 1: ++ key, err := ossl.RSA_new() ++ if err != nil { ++ return nil, err ++ } ++ // No need to check for errors here, RSA_set0_* functions will fail ++ // if the BNs are NULL and we will free non-NULL BNs in the error handling. ++ bn, _ := bigToBN(n) ++ be, _ := bigToBN(e) ++ if _, err := ossl.RSA_set0_key(key, bn, be, nil); err != nil { ++ ossl.BN_free(bn) ++ ossl.BN_free(be) ++ ossl.RSA_free(key) ++ return nil, err ++ } ++ pkey, err = ossl.EVP_PKEY_new() ++ if err != nil { ++ ossl.RSA_free(key) ++ return nil, err ++ } ++ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_RSA, (unsafe.Pointer)(key)); err != nil { ++ ossl.RSA_free(key) ++ ossl.EVP_PKEY_free(pkey) ++ return nil, err ++ } ++ case 3, 4: ++ var err error ++ if pkey, err = newRSAKey3(false, n, e, nil, nil, nil, nil, nil, nil); err != nil { ++ return nil, err ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ k := &PublicKeyRSA{_pkey: pkey} ++ runtime.SetFinalizer(k, (*PublicKeyRSA).finalize) ++ return k, nil +} + -+func (h *Hash) Reset() { -+ cryptokit.HashReset(h.alg.id, h.ptr) ++func (k *PublicKeyRSA) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) +} + -+func (h *Hash) BlockSize() int { -+ return h.alg.blockSize ++func (k *PublicKeyRSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { ++ // Because of the finalizer, any time _pkey is passed to cgo, that call must ++ // be followed by a call to runtime.KeepAlive, to make sure k is not ++ // collected (and finalized) before the cgo call returns. ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) +} + -+func (h *Hash) Size() int { -+ return h.alg.size ++type PrivateKeyRSA struct { ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey ossl.EVP_PKEY_PTR +} + -+// FIPSApprovedHash reports whether this hash algorithm is FIPS 140-3 approved. -+func FIPSApprovedHash(h hash.Hash) bool { -+ xh, ok := h.(*Hash) -+ if !ok { -+ return false -+ } -+ switch xh.alg.ch { -+ case crypto.SHA256, crypto.SHA384, crypto.SHA512, -+ crypto.SHA3_256, crypto.SHA3_384, crypto.SHA3_512: -+ return true ++func NewPrivateKeyRSA(n, e, d, p, q, dp, dq, qinv BigInt) (*PrivateKeyRSA, error) { ++ var pkey ossl.EVP_PKEY_PTR ++ switch major() { ++ case 1: ++ key, err := ossl.RSA_new() ++ if err != nil { ++ return nil, err ++ } ++ // No need to check for errors here, RSA_set0_* functions will fail ++ // if the BNs are NULL and we will free non-NULL BNs in the error handling. ++ bn, _ := bigToBN(n) ++ be, _ := bigToBN(e) ++ bd, _ := bigToBN(d) ++ if _, err := ossl.RSA_set0_key(key, bn, be, bd); err != nil { ++ ossl.BN_free(bn) ++ ossl.BN_free(be) ++ ossl.BN_clear_free(bd) ++ return nil, err ++ } ++ if p != nil && q != nil { ++ bp, _ := bigToBN(p) ++ bq, _ := bigToBN(q) ++ if _, err := ossl.RSA_set0_factors(key, bp, bq); err != nil { ++ ossl.BN_clear_free(bp) ++ ossl.BN_clear_free(bq) ++ return nil, err ++ } ++ } ++ if dp != nil && dq != nil && qinv != nil { ++ bdp, _ := bigToBN(dp) ++ bdq, _ := bigToBN(dq) ++ bqinv, _ := bigToBN(qinv) ++ if _, err := ossl.RSA_set0_crt_params(key, bdp, bdq, bqinv); err != nil { ++ ossl.BN_free(bdp) ++ ossl.BN_free(bdq) ++ ossl.BN_free(bqinv) ++ return nil, err ++ } ++ } ++ pkey, err = ossl.EVP_PKEY_new() ++ if err != nil { ++ ossl.RSA_free(key) ++ return nil, err ++ } ++ if _, err := ossl.EVP_PKEY_assign(pkey, ossl.EVP_PKEY_RSA, (unsafe.Pointer)(key)); err != nil { ++ ossl.RSA_free(key) ++ ossl.EVP_PKEY_free(pkey) ++ return nil, err ++ } ++ case 3, 4: ++ var err error ++ if pkey, err = newRSAKey3(true, n, e, d, p, q, dp, dq, qinv); err != nil { ++ return nil, err ++ } + default: -+ return false ++ panic(errUnsupportedVersion()) + } ++ k := &PrivateKeyRSA{_pkey: pkey} ++ runtime.SetFinalizer(k, (*PrivateKeyRSA).finalize) ++ return k, nil +} + -+var _ hash.Hash = (*Hash)(nil) -+var _ HashCloner = (*Hash)(nil) -+ -+func MD5(p []byte) (sum [16]byte) { -+ cryptokit.MD5(p, sum[:]) -+ return -+} -+ -+func SHA1(p []byte) (sum [20]byte) { -+ cryptokit.SHA1(p, sum[:]) -+ return ++func (k *PrivateKeyRSA) finalize() { ++ ossl.EVP_PKEY_free(k._pkey) +} + -+func SHA256(p []byte) (sum [32]byte) { -+ cryptokit.SHA256(p, sum[:]) -+ return ++func (k *PrivateKeyRSA) withKey(f func(ossl.EVP_PKEY_PTR) error) error { ++ // Because of the finalizer, any time _pkey is passed to cgo, that call must ++ // be followed by a call to runtime.KeepAlive, to make sure k is not ++ // collected (and finalized) before the cgo call returns. ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) +} + -+func SHA384(p []byte) (sum [48]byte) { -+ cryptokit.SHA384(p, sum[:]) -+ return ++func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { ++ return evpDecrypt(priv.withKey, ossl.RSA_PKCS1_OAEP_PADDING, h, mgfHash, label, ciphertext) +} + -+func SHA512(p []byte) (sum [64]byte) { -+ cryptokit.SHA512(p, sum[:]) -+ return ++func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) { ++ return evpEncrypt(pub.withKey, ossl.RSA_PKCS1_OAEP_PADDING, h, mgfHash, label, msg) +} + -+func SumSHA3_256(p []byte) (sum [32]byte) { -+ cryptokit.SHA3_256(p, sum[:]) -+ return ++func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return evpDecrypt(priv.withKey, ossl.RSA_PKCS1_PADDING, nil, nil, nil, ciphertext) +} + -+func SumSHA3_384(p []byte) (sum [48]byte) { -+ cryptokit.SHA3_384(p, sum[:]) -+ return ++func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) { ++ return evpEncrypt(pub.withKey, ossl.RSA_PKCS1_PADDING, nil, nil, nil, msg) +} + -+func SumSHA3_512(p []byte) (sum [64]byte) { -+ cryptokit.SHA3_512(p, sum[:]) -+ return ++func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ ret, err := evpDecrypt(priv.withKey, ossl.RSA_NO_PADDING, nil, nil, nil, ciphertext) ++ if err != nil { ++ return nil, err ++ } ++ // We could return here, but the Go standard library test expects DecryptRSANoPadding to verify the result ++ // in order to defend against errors in the CRT computation. ++ // ++ // The following code tries to replicate the verification implemented in the upstream function decryptAndCheck, found at ++ // https://github.com/golang/go/blob/9de1ac6ac2cad3871760d0aa288f5ca713afd0a6/src/crypto/rsa/rsa.go#L569-L582. ++ pub := &PublicKeyRSA{_pkey: priv._pkey} ++ // A private EVP_PKEY can be used as a public key as it contains the public information. ++ enc, err := EncryptRSANoPadding(pub, ret) ++ if err != nil { ++ return nil, err ++ } ++ // Upstream does not do a constant time comparison because it works with math/big instead of byte slices, ++ // and math/big does not support constant-time arithmetic yet. See #20654 for more info. ++ if subtle.ConstantTimeCompare(ciphertext, enc) != 1 { ++ return nil, errors.New("rsa: internal error") ++ } ++ return ret, nil +} + -+// NewMD5 initializes a new MD5 hasher. -+func NewMD5() hash.Hash { -+ return newHash(crypto.MD5) -+ ++func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) { ++ return evpEncrypt(pub.withKey, ossl.RSA_NO_PADDING, nil, nil, nil, msg) +} + -+// NewSHA1 initializes a new SHA1 hasher. -+func NewSHA1() hash.Hash { -+ return newHash(crypto.SHA1) ++func saltLength(saltLen int, sign bool) (int32, error) { ++ // A salt length of -2 is valid in OpenSSL, but not in crypto/rsa, so reject ++ // it, and lengths < -2, before we convert to the OpenSSL sentinel values. ++ if saltLen <= -2 { ++ return 0, errors.New("crypto/rsa: invalid PSS salt length") ++ } ++ // OpenSSL uses sentinel salt length values like Go crypto does, ++ // but the values don't fully match for rsa.PSSSaltLengthAuto (0). ++ if saltLen == 0 { ++ if sign { ++ if major() == 1 { ++ // OpenSSL 1.x uses -2 to mean maximal size when signing where Go crypto uses 0. ++ return ossl.RSA_PSS_SALTLEN_MAX_SIGN, nil ++ } ++ // OpenSSL 3.x deprecated RSA_PSS_SALTLEN_MAX_SIGN ++ // and uses -3 to mean maximal size when signing where Go crypto uses 0. ++ return ossl.RSA_PSS_SALTLEN_MAX, nil ++ } ++ // OpenSSL uses -2 to mean auto-detect size when verifying where Go crypto uses 0. ++ return ossl.RSA_PSS_SALTLEN_AUTO, nil ++ } ++ return int32(saltLen), nil +} + -+// NewSHA256 initializes a new SHA256 hasher. -+func NewSHA256() hash.Hash { -+ return newHash(crypto.SHA256) ++func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { ++ cSaltLen, err := saltLength(saltLen, true) ++ if err != nil { ++ return nil, err ++ } ++ return evpSign(priv.withKey, ossl.RSA_PKCS1_PSS_PADDING, cSaltLen, h, hashed) +} + -+// NewSHA384 initializes a new SHA384 hasher. -+func NewSHA384() hash.Hash { -+ return newHash(crypto.SHA384) ++func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { ++ cSaltLen, err := saltLength(saltLen, false) ++ if err != nil { ++ return err ++ } ++ return evpVerify(pub.withKey, ossl.RSA_PKCS1_PSS_PADDING, cSaltLen, h, sig, hashed) +} + -+// NewSHA512 initializes a new SHA512 hasher. -+func NewSHA512() hash.Hash { -+ return newHash(crypto.SHA512) ++func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { ++ return evpSign(priv.withKey, ossl.RSA_PKCS1_PADDING, 0, h, hashed) +} + -+// NewSHA3_256 creates a new SHA3-256 hash. -+func NewSHA3_256() *Hash { -+ return newHash(crypto.SHA3_256) ++func HashSignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, msg []byte) ([]byte, error) { ++ return evpHashSign(priv.withKey, h, msg) +} + -+// NewSHA3_384 creates a new SHA3-384 hash. -+func NewSHA3_384() *Hash { -+ return newHash(crypto.SHA3_384) ++func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { ++ defer runtime.KeepAlive(pub) ++ var size int32 ++ if err := pub.withKey(func(pkey ossl.EVP_PKEY_PTR) (err error) { ++ size, err = ossl.EVP_PKEY_get_size(pkey) ++ if err != nil { ++ return err ++ } ++ if len(sig) < int(size) { ++ return errors.New("crypto/rsa: verification error") ++ } ++ return nil ++ }); err != nil { ++ return err ++ } ++ return evpVerify(pub.withKey, ossl.RSA_PKCS1_PADDING, 0, h, sig, hashed) +} + -+// NewSHA3_512 creates a new SHA3-512 hash. -+func NewSHA3_512() *Hash { -+ return newHash(crypto.SHA3_512) ++func HashVerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, msg, sig []byte) error { ++ return evpHashVerify(pub.withKey, h, msg, sig) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go -new file mode 100644 -index 00000000000000..f6183de583d9ac ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go -@@ -0,0 +1,103 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin -+ -+package xcrypto + -+import ( -+ "crypto" -+ "errors" -+ "hash" ++func newRSAKey3(isPriv bool, n, e, d, p, q, dp, dq, qinv BigInt) (ossl.EVP_PKEY_PTR, error) { ++ bld := newParamBuilder() ++ defer bld.finalize() + -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_N, n, false) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_E, e, false) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_D, d, false) + -+// ExtractHKDF performs the extract step of HKDF using the specified hash function. -+func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { -+ // Handle empty secret -+ if len(secret) == 0 { -+ return nil, errors.New("secret cannot be empty") ++ // OpenSSL 3.0 and 3.1 required all the precomputed values if ++ // P and Q are present. See: ++ // https://github.com/openssl/openssl/pull/22334 ++ // ++ // We could only set P and Q if they exist when using OpenSSL 3.2 ++ // or newer, but the RSA provider might be built with an older ++ // OpenSSL version, in which case it would still require all the ++ // precomputed values. So better always provide all the values or ++ // none of them. ++ if p != nil && q != nil && dp != nil && dq != nil && qinv != nil { ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_FACTOR1, p, true) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_FACTOR2, q, true) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_EXPONENT1, dp, true) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_EXPONENT2, dq, true) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_COEFFICIENT1, qinv, true) + } + -+ hash, err := hashToCryptoHash(h()) ++ params, err := bld.build() + if err != nil { + return nil, err + } -+ -+ // Default salt to a zero-filled array if not provided -+ if len(salt) == 0 { -+ salt = make([]byte, hash.Size()) ++ defer ossl.OSSL_PARAM_free(params) ++ selection := ossl.EVP_PKEY_PUBLIC_KEY ++ if isPriv { ++ selection = ossl.EVP_PKEY_KEYPAIR + } ++ return newEvpFromParams(ossl.EVP_PKEY_RSA, int32(selection), params) ++} + -+ swiftHash, err := cryptoHashToSwift(hash) ++// SupportsRSAPKCS1v15Encryption returns true if the RSA PKCS1 v1.5 padding is supported for encryption and decryption. ++var SupportsRSAPKCS1v15Encryption = sync.OnceValue(func() bool { ++ pkey := testRSAPrivateKey() ++ ctx, err := ossl.EVP_PKEY_CTX_new(pkey, nil) + if err != nil { -+ return nil, err ++ return false + } ++ defer ossl.EVP_PKEY_CTX_free(ctx) + -+ // Allocate buffer for derived key -+ prk := make([]byte, hash.Size()) -+ -+ result := cryptokit.ExtractHKDF(swiftHash, secret, salt, prk) -+ if result != 0 { -+ return nil, errors.New("HKDF derivation failed") ++ if _, err := ossl.EVP_PKEY_encrypt_init(ctx); err != nil { ++ return false + } + -+ return prk, nil -+} -+ -+// ExpandHKDF performs the expand step of HKDF using the specified hash function. -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { -+ // Handle empty secret -+ if len(pseudorandomKey) == 0 { -+ return nil, errors.New("pseudorandom key cannot be empty") ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, ossl.EVP_PKEY_RSA, -1, ossl.EVP_PKEY_CTRL_RSA_PADDING, ossl.RSA_PKCS1_PADDING, nil); err != nil { ++ return false + } + -+ hash, err := hashToCryptoHash(h()) -+ if err != nil { -+ return nil, err ++ // In FIPS mode, setting the padding might succeed, but the actual encryption will fail. ++ // So we need to try to encrypt something to be sure. ++ in := []byte("test") ++ var outLen int ++ if _, err := ossl.EVP_PKEY_encrypt(ctx, nil, &outLen, in); err != nil { ++ return false + } ++ return true ++}) + -+ // Determine the maximum expandable key length based on the hash function -+ maxAllowedLength := hash.Size() * 255 ++var rsaPKCS1SignatureSupport sync.Map + -+ // Validate requested key length -+ if keyLength > maxAllowedLength { -+ return nil, errors.New("requested key length exceeds maximum allowable size") ++// SupportsRSAPKCS1v15Signature returns true if the RSA PKCS1 v1.5 padding is supported for signatures with the given hash. ++func SupportsRSAPKCS1v15Signature(ch crypto.Hash) (supported bool) { ++ v, ok := rsaPKCS1SignatureSupport.Load(ch) ++ if ok { ++ return v.(bool) + } ++ defer func() { ++ rsaPKCS1SignatureSupport.Store(ch, supported) ++ }() + -+ swiftHash, err := cryptoHashToSwift(hash) ++ pkey := testRSAPrivateKey() ++ ctx, err := ossl.EVP_PKEY_CTX_new(pkey, nil) + if err != nil { -+ return nil, err ++ return false + } -+ -+ // Allocate buffer for derived key -+ expandedKey := make([]byte, keyLength) -+ if len(expandedKey) == 0 { -+ // Nothing to do, and CryptoKit may error on zero-length output. -+ // We do need to validate the inputs for consistency, though. -+ return expandedKey, nil ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if _, err := ossl.EVP_PKEY_sign_init(ctx); err != nil { ++ return false + } -+ -+ result := cryptokit.ExpandHKDF(swiftHash, pseudorandomKey, info, expandedKey) -+ if result != 0 { -+ return nil, errors.New("HKDF derivation failed") ++ if setPKCS1Padding(ctx, ch) != nil { ++ return false + } -+ -+ return expandedKey, nil -+} -+ -+func cryptoHashToSwift(hash crypto.Hash) (int32, error) { -+ switch hash { -+ case crypto.SHA1: -+ return 1, nil -+ case crypto.SHA256: -+ return 2, nil -+ case crypto.SHA384: -+ return 3, nil -+ case crypto.SHA512: -+ return 4, nil -+ default: -+ return 0, errors.New("unsupported hash function") ++ // In FIPS mode, setting the padding might succeed, but the actual signature will fail. ++ // So we need to try to sign something to be sure. ++ size := 1 ++ if ch != 0 { ++ size = ch.Size() + } ++ in := make([]byte, size, maxHashSize) ++ var outLen int ++ if _, err := ossl.EVP_PKEY_sign(ctx, nil, &outLen, in); err != nil { ++ return false ++ } ++ return true +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go -new file mode 100644 -index 00000000000000..80a951f8ea1a2a ---- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go -@@ -0,0 +1,119 @@ -+// Copyright (c) Microsoft Corporation. -+// Licensed under the MIT License. -+ -+//go:build darwin + -+package xcrypto -+ -+import ( -+ "hash" -+ "runtime" -+ "slices" -+ "unsafe" -+ -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) -+ -+var _ hash.Hash = (*cryptoKitHMAC)(nil) -+var _ HashCloner = (*cryptoKitHMAC)(nil) -+ -+type cryptoKitHMAC struct { -+ ptr unsafe.Pointer -+ -+ kind int32 -+ key []byte -+ -+ blockSize int -+ size int -+} ++var rsaPSSSupport sync.Map + -+// NewHMAC returns a new HMAC using xcrypto. -+// The function h must return a hash implemented by -+// CommonCrypto (for example, h could be xcrypto.NewSHA256). -+// If h is not recognized, NewHMAC returns nil. -+func NewHMAC(fh func() hash.Hash, key []byte) hash.Hash { -+ h := fh() -+ if h == nil { -+ return nil ++// SupportsRSAPSS returns true if the RSA PSS padding is supported for signatures with the given hash. ++func SupportsRSAPSS(ch crypto.Hash) (supported bool) { ++ v, ok := rsaPSSSupport.Load(ch) ++ if ok { ++ return v.(bool) + } ++ defer func() { ++ rsaPSSSupport.Store(ch, supported) ++ }() + -+ // copying the key here to ensure that it is not modified -+ // while this algorithm is using it. -+ key = slices.Clone(key) -+ kind := hashToHMACEnum(h) -+ if kind == 0 { -+ // The hash function is not supported by the HMAC implementation. -+ return nil ++ if !SupportsHash(ch) { ++ // Short-circuit if the hash itself is not supported. ++ return false + } + -+ hmac := &cryptoKitHMAC{ -+ ptr: cryptokit.InitHMAC(kind, key), -+ kind: kind, -+ key: key, -+ blockSize: h.BlockSize(), -+ size: h.Size(), ++ pkey := testRSAPrivateKey() ++ ctx, err := ossl.EVP_PKEY_CTX_new(pkey, nil) ++ if err != nil { ++ return false + } -+ -+ runtime.SetFinalizer(hmac, func(h *cryptoKitHMAC) { -+ cryptokit.FreeHMAC(h.kind, h.ptr) -+ }) -+ -+ return hmac -+} -+ -+func (h *cryptoKitHMAC) Write(p []byte) (n int, err error) { -+ cryptokit.UpdateHMAC(h.kind, h.ptr, p) -+ runtime.KeepAlive(h) -+ -+ return len(p), nil ++ defer ossl.EVP_PKEY_CTX_free(ctx) ++ if _, err := ossl.EVP_PKEY_sign_init(ctx); err != nil { ++ return false ++ } ++ if setPSSPadding(ctx, 0, ch) != nil { ++ return false ++ } ++ // In FIPS mode, setting the padding might succeed, but the actual signature will fail. ++ // So we need to try to sign something to be sure. ++ in := make([]byte, ch.Size(), maxHashSize) ++ var outLen int ++ if _, err := ossl.EVP_PKEY_sign(ctx, nil, &outLen, in); err != nil { ++ return false ++ } ++ return true +} + -+func (h *cryptoKitHMAC) Sum(b []byte) []byte { -+ hashSlice := make([]byte, h.size, 64) // explicit cap to allow stack allocation -+ cryptokit.FinalizeHMAC(h.kind, h.ptr, hashSlice) -+ runtime.KeepAlive(h) -+ -+ b = append(b, hashSlice...) ++var rsaOAEPSupport sync.Map + -+ return b ++type rsaOAEPSupportEntry struct { ++ ch crypto.Hash ++ mgfHash crypto.Hash +} + -+func (h *cryptoKitHMAC) Clone() (HashCloner, error) { -+ if h.ptr == nil { -+ panic("cryptokit: hash already finalized") ++// SupportsRSAOAEP returns true if the RSA OAEP padding is supported for encryption/decryption ++// with the given hash and MGF hash. ++func SupportsRSAOAEP(h, mgfHash hash.Hash) (supported bool) { ++ ch := hashToCryptoHash(h) ++ if ch == 0 { ++ return false + } ++ mgfCh := hashToCryptoHash(mgfHash) ++ if mgfCh == 0 { ++ return false ++ } ++ entry := rsaOAEPSupportEntry{ch, mgfCh} ++ v, ok := rsaOAEPSupport.Load(entry) ++ if ok { ++ return v.(bool) ++ } ++ defer func() { ++ rsaOAEPSupport.Store(entry, supported) ++ }() + -+ hmac := &cryptoKitHMAC{ptr: cryptokit.CopyHMAC(h.kind, h.ptr), kind: h.kind, key: slices.Clone(h.key), blockSize: h.blockSize, size: h.size} -+ -+ runtime.KeepAlive(h) ++ if !SupportsHash(ch) { ++ // Short-circuit if the hash itself is not supported. ++ return false ++ } + -+ runtime.SetFinalizer(hmac, func(h *cryptoKitHMAC) { -+ cryptokit.FreeHMAC(h.kind, h.ptr) -+ }) ++ pkey := testRSAPrivateKey() ++ ctx, err := ossl.EVP_PKEY_CTX_new(pkey, nil) ++ if err != nil { ++ return false ++ } ++ defer ossl.EVP_PKEY_CTX_free(ctx) + -+ return hmac, nil -+} ++ if _, err := ossl.EVP_PKEY_encrypt_init(ctx); err != nil { ++ return false ++ } + -+func (h *cryptoKitHMAC) Reset() { -+ cryptokit.FreeHMAC(h.kind, h.ptr) ++ if setOAEPPadding(ctx, h, mgfHash, nil) != nil { ++ return false ++ } + -+ h.ptr = cryptokit.InitHMAC(h.kind, h.key) -+ runtime.KeepAlive(h) ++ // In FIPS mode, setting the padding might succeed, but the actual encryption will fail. ++ // So we need to try to encrypt something to be sure. ++ in := []byte("test") ++ var outLen int ++ if _, err := ossl.EVP_PKEY_encrypt(ctx, nil, &outLen, in); err != nil { ++ return false ++ } ++ return true +} + -+func (h *cryptoKitHMAC) Size() int { -+ return h.size -+} ++// testRSAPrivateKey returns a test RSA private key for use in capability probing functions. ++// ++// The key is constructed from hard-coded parameters to avoid ++// spurious failures due to key generation issues and to avoid the speed cost of ++// key generation. ++var testRSAPrivateKey = sync.OnceValue(func() ossl.EVP_PKEY_PTR { ++ // RSA-2048 key "testRSA2048": ++ // https://www.rfc-editor.org/rfc/rfc9500.html#section-2.1 ++ N := []byte{ ++ 0xB0, 0xF9, 0xE8, 0x19, 0x43, 0xA7, 0xAE, 0x98, ++ 0x92, 0xAA, 0xDE, 0x17, 0xCA, 0x7C, 0x40, 0xF8, ++ 0x74, 0x4F, 0xED, 0x2F, 0x81, 0x48, 0xE6, 0xC8, ++ 0xEA, 0xA2, 0x7B, 0x7D, 0x00, 0x15, 0x48, 0xFB, ++ 0x51, 0x92, 0xAB, 0x28, 0xB5, 0x6C, 0x50, 0x60, ++ 0xB1, 0x18, 0xCC, 0xD1, 0x31, 0xE5, 0x94, 0x87, ++ 0x4C, 0x6C, 0xA9, 0x89, 0xB5, 0x6C, 0x27, 0x29, ++ 0x6F, 0x09, 0xFB, 0x93, 0xA0, 0x34, 0xDF, 0x32, ++ 0xE9, 0x7C, 0x6F, 0xF0, 0x99, 0x8C, 0xFD, 0x8E, ++ 0x6F, 0x42, 0xDD, 0xA5, 0x8A, 0xCD, 0x1F, 0xA9, ++ 0x79, 0x86, 0xF1, 0x44, 0xF3, 0xD1, 0x54, 0xD6, ++ 0x76, 0x50, 0x17, 0x5E, 0x68, 0x54, 0xB3, 0xA9, ++ 0x52, 0x00, 0x3B, 0xC0, 0x68, 0x87, 0xB8, 0x45, ++ 0x5A, 0xC2, 0xB1, 0x9F, 0x7B, 0x2F, 0x76, 0x50, ++ 0x4E, 0xBC, 0x98, 0xEC, 0x94, 0x55, 0x71, 0xB0, ++ 0x78, 0x92, 0x15, 0x0D, 0xDC, 0x6A, 0x74, 0xCA, ++ 0x0F, 0xBC, 0xD3, 0x54, 0x97, 0xCE, 0x81, 0x53, ++ 0x4D, 0xAF, 0x94, 0x18, 0x84, 0x4B, 0x13, 0xAE, ++ 0xA3, 0x1F, 0x9D, 0x5A, 0x6B, 0x95, 0x57, 0xBB, ++ 0xDF, 0x61, 0x9E, 0xFD, 0x4E, 0x88, 0x7F, 0x2D, ++ 0x42, 0xB8, 0xDD, 0x8B, 0xC9, 0x87, 0xEA, 0xE1, ++ 0xBF, 0x89, 0xCA, 0xB8, 0x5E, 0xE2, 0x1E, 0x35, ++ 0x63, 0x05, 0xDF, 0x6C, 0x07, 0xA8, 0x83, 0x8E, ++ 0x3E, 0xF4, 0x1C, 0x59, 0x5D, 0xCC, 0xE4, 0x3D, ++ 0xAF, 0xC4, 0x91, 0x23, 0xEF, 0x4D, 0x8A, 0xBB, ++ 0xA9, 0x3D, 0x39, 0x05, 0xE4, 0x02, 0x8D, 0x7B, ++ 0xA9, 0x14, 0x84, 0xA2, 0x75, 0x96, 0xE0, 0x7B, ++ 0x4B, 0x6E, 0xD9, 0x92, 0xF0, 0x77, 0xB5, 0x24, ++ 0xD3, 0xDC, 0xFE, 0x7D, 0xDD, 0x55, 0x49, 0xBE, ++ 0x7C, 0xCE, 0x8D, 0xA0, 0x35, 0xCF, 0xA0, 0xB3, ++ 0xFB, 0x8F, 0x9E, 0x46, 0xF7, 0x32, 0xB2, 0xA8, ++ 0x6B, 0x46, 0x01, 0x65, 0xC0, 0x8F, 0x53, 0x13} ++ E := []byte{0x01, 0x00, 0x01} ++ d := []byte{ ++ 0x41, 0x18, 0x8B, 0x20, 0xCF, 0xDB, 0xDB, 0xC2, ++ 0xCF, 0x1F, 0xFE, 0x75, 0x2D, 0xCB, 0xAA, 0x72, ++ 0x39, 0x06, 0x35, 0x2E, 0x26, 0x15, 0xD4, 0x9D, ++ 0xCE, 0x80, 0x59, 0x7F, 0xCF, 0x0A, 0x05, 0x40, ++ 0x3B, 0xEF, 0x00, 0xFA, 0x06, 0x51, 0x82, 0xF7, ++ 0x2D, 0xEC, 0xFB, 0x59, 0x6F, 0x4B, 0x0C, 0xE8, ++ 0xFF, 0x59, 0x70, 0xBA, 0xF0, 0x7A, 0x89, 0xA5, ++ 0x19, 0xEC, 0xC8, 0x16, 0xB2, 0xF4, 0xFF, 0xAC, ++ 0x50, 0x69, 0xAF, 0x1B, 0x06, 0xBF, 0xEF, 0x7B, ++ 0xF6, 0xBC, 0xD7, 0x9E, 0x4E, 0x81, 0xC8, 0xC5, ++ 0xA3, 0xA7, 0xD9, 0x13, 0x0D, 0xC3, 0xCF, 0xBA, ++ 0xDA, 0xE5, 0xF6, 0xD2, 0x88, 0xF9, 0xAE, 0xE3, ++ 0xF6, 0xFF, 0x92, 0xFA, 0xE0, 0xF8, 0x1A, 0xF5, ++ 0x97, 0xBE, 0xC9, 0x6A, 0xE9, 0xFA, 0xB9, 0x40, ++ 0x2C, 0xD5, 0xFE, 0x41, 0xF7, 0x05, 0xBE, 0xBD, ++ 0xB4, 0x7B, 0xB7, 0x36, 0xD3, 0xFE, 0x6C, 0x5A, ++ 0x51, 0xE0, 0xE2, 0x07, 0x32, 0xA9, 0x7B, 0x5E, ++ 0x46, 0xC1, 0xCB, 0xDB, 0x26, 0xD7, 0x48, 0x54, ++ 0xC6, 0xB6, 0x60, 0x4A, 0xED, 0x46, 0x37, 0x35, ++ 0xFF, 0x90, 0x76, 0x04, 0x65, 0x57, 0xCA, 0xF9, ++ 0x49, 0xBF, 0x44, 0x88, 0x95, 0xC2, 0x04, 0x32, ++ 0xC1, 0xE0, 0x9C, 0x01, 0x4E, 0xA7, 0x56, 0x60, ++ 0x43, 0x4F, 0x1A, 0x0F, 0x3B, 0xE2, 0x94, 0xBA, ++ 0xBC, 0x5D, 0x53, 0x0E, 0x6A, 0x10, 0x21, 0x3F, ++ 0x53, 0xB6, 0x03, 0x75, 0xFC, 0x84, 0xA7, 0x57, ++ 0x3F, 0x2A, 0xF1, 0x21, 0x55, 0x84, 0xF5, 0xB4, ++ 0xBD, 0xA6, 0xD4, 0xE8, 0xF9, 0xE1, 0x7A, 0x78, ++ 0xD9, 0x7E, 0x77, 0xB8, 0x6D, 0xA4, 0xA1, 0x84, ++ 0x64, 0x75, 0x31, 0x8A, 0x7A, 0x10, 0xA5, 0x61, ++ 0x01, 0x4E, 0xFF, 0xA2, 0x3A, 0x81, 0xEC, 0x56, ++ 0xE9, 0xE4, 0x10, 0x9D, 0xEF, 0x8C, 0xB3, 0xF7, ++ 0x97, 0x22, 0x3F, 0x7D, 0x8D, 0x0D, 0x43, 0x51} ++ p := []byte{ ++ 0xDD, 0x10, 0x57, 0x02, 0x38, 0x2F, 0x23, 0x2B, ++ 0x36, 0x81, 0xF5, 0x37, 0x91, 0xE2, 0x26, 0x17, ++ 0xC7, 0xBF, 0x4E, 0x9A, 0xCB, 0x81, 0xED, 0x48, ++ 0xDA, 0xF6, 0xD6, 0x99, 0x5D, 0xA3, 0xEA, 0xB6, ++ 0x42, 0x83, 0x9A, 0xFF, 0x01, 0x2D, 0x2E, 0xA6, ++ 0x28, 0xB9, 0x0A, 0xF2, 0x79, 0xFD, 0x3E, 0x6F, ++ 0x7C, 0x93, 0xCD, 0x80, 0xF0, 0x72, 0xF0, 0x1F, ++ 0xF2, 0x44, 0x3B, 0x3E, 0xE8, 0xF2, 0x4E, 0xD4, ++ 0x69, 0xA7, 0x96, 0x13, 0xA4, 0x1B, 0xD2, 0x40, ++ 0x20, 0xF9, 0x2F, 0xD1, 0x10, 0x59, 0xBD, 0x1D, ++ 0x0F, 0x30, 0x1B, 0x5B, 0xA7, 0xA9, 0xD3, 0x63, ++ 0x7C, 0xA8, 0xD6, 0x5C, 0x1A, 0x98, 0x15, 0x41, ++ 0x7D, 0x8E, 0xAB, 0x73, 0x4B, 0x0B, 0x4F, 0x3A, ++ 0x2C, 0x66, 0x1D, 0x9A, 0x1A, 0x82, 0xF3, 0xAC, ++ 0x73, 0x4C, 0x40, 0x53, 0x06, 0x69, 0xAB, 0x8E, ++ 0x47, 0x30, 0x45, 0xA5, 0x8E, 0x65, 0x53, 0x9D} ++ q := []byte{ ++ 0xCC, 0xF1, 0xE5, 0xBB, 0x90, 0xC8, 0xE9, 0x78, ++ 0x1E, 0xA7, 0x5B, 0xEB, 0xF1, 0x0B, 0xC2, 0x52, ++ 0xE1, 0x1E, 0xB0, 0x23, 0xA0, 0x26, 0x0F, 0x18, ++ 0x87, 0x55, 0x2A, 0x56, 0x86, 0x3F, 0x4A, 0x64, ++ 0x21, 0xE8, 0xC6, 0x00, 0xBF, 0x52, 0x3D, 0x6C, ++ 0xB1, 0xB0, 0xAD, 0xBD, 0xD6, 0x5B, 0xFE, 0xE4, ++ 0xA8, 0x8A, 0x03, 0x7E, 0x3D, 0x1A, 0x41, 0x5E, ++ 0x5B, 0xB9, 0x56, 0x48, 0xDA, 0x5A, 0x0C, 0xA2, ++ 0x6B, 0x54, 0xF4, 0xA6, 0x39, 0x48, 0x52, 0x2C, ++ 0x3D, 0x5F, 0x89, 0xB9, 0x4A, 0x72, 0xEF, 0xFF, ++ 0x95, 0x13, 0x4D, 0x59, 0x40, 0xCE, 0x45, 0x75, ++ 0x8F, 0x30, 0x89, 0x80, 0x90, 0x89, 0x56, 0x58, ++ 0x8E, 0xEF, 0x57, 0x5B, 0x3E, 0x4B, 0xC4, 0xC3, ++ 0x68, 0xCF, 0xE8, 0x13, 0xEE, 0x9C, 0x25, 0x2C, ++ 0x2B, 0x02, 0xE0, 0xDF, 0x91, 0xF1, 0xAA, 0x01, ++ 0x93, 0x8D, 0x38, 0x68, 0x5D, 0x60, 0xBA, 0x6F} ++ qInv := []byte{ ++ 0x0A, 0x81, 0xD8, 0xA6, 0x18, 0x31, 0x4A, 0x80, ++ 0x3A, 0xF6, 0x1C, 0x06, 0x71, 0x1F, 0x2C, 0x39, ++ 0xB2, 0x66, 0xFF, 0x41, 0x4D, 0x53, 0x47, 0x6D, ++ 0x1D, 0xA5, 0x2A, 0x43, 0x18, 0xAA, 0xFE, 0x4B, ++ 0x96, 0xF0, 0xDA, 0x07, 0x15, 0x5F, 0x8A, 0x51, ++ 0x34, 0xDA, 0xB8, 0x8E, 0xE2, 0x9E, 0x81, 0x68, ++ 0x07, 0x6F, 0xCD, 0x78, 0xCA, 0x79, 0x1A, 0xC6, ++ 0x34, 0x42, 0xA8, 0x1C, 0xD0, 0x69, 0x39, 0x27, ++ 0xD8, 0x08, 0xE3, 0x35, 0xE8, 0xD8, 0xCB, 0xF2, ++ 0x12, 0x19, 0x07, 0x50, 0x9A, 0x57, 0x75, 0x9B, ++ 0x4F, 0x9A, 0x18, 0xFA, 0x3A, 0x7B, 0x33, 0x37, ++ 0x79, 0xED, 0xDE, 0x7A, 0x45, 0x93, 0x84, 0xF8, ++ 0x44, 0x4A, 0xDA, 0xEC, 0xFF, 0xEC, 0x95, 0xFD, ++ 0x55, 0x2B, 0x0C, 0xFC, 0xB6, 0xC7, 0xF6, 0x92, ++ 0x62, 0x6D, 0xDE, 0x1E, 0xF2, 0x68, 0xA4, 0x0D, ++ 0x2F, 0x67, 0xB5, 0xC8, 0xAA, 0x38, 0x7F, 0xF7} ++ dP := []byte{ ++ 0x09, 0xED, 0x54, 0xEA, 0xED, 0x98, 0xF8, 0x4C, ++ 0x55, 0x7B, 0x4A, 0x86, 0xBF, 0x4F, 0x57, 0x84, ++ 0x93, 0xDC, 0xBC, 0x6B, 0xE9, 0x1D, 0xA1, 0x89, ++ 0x37, 0x04, 0x04, 0xA9, 0x08, 0x72, 0x76, 0xF4, ++ 0xCE, 0x51, 0xD8, 0xA1, 0x00, 0xED, 0x85, 0x7D, ++ 0xC2, 0xB0, 0x64, 0x94, 0x74, 0xF3, 0xF1, 0x5C, ++ 0xD2, 0x4C, 0x54, 0xDB, 0x28, 0x71, 0x10, 0xE5, ++ 0x6E, 0x5C, 0xB0, 0x08, 0x68, 0x2F, 0x91, 0x68, ++ 0xAA, 0x81, 0xF3, 0x14, 0x58, 0xB7, 0x43, 0x1E, ++ 0xCC, 0x1C, 0x44, 0x90, 0x6F, 0xDA, 0x87, 0xCA, ++ 0x89, 0x47, 0x10, 0xC3, 0x71, 0xE9, 0x07, 0x6C, ++ 0x1D, 0x49, 0xFB, 0xAE, 0x51, 0x27, 0x69, 0x34, ++ 0xF2, 0xAD, 0x78, 0x77, 0x89, 0xF4, 0x2D, 0x0F, ++ 0xA0, 0xB4, 0xC9, 0x39, 0x85, 0x5D, 0x42, 0x12, ++ 0x09, 0x6F, 0x70, 0x28, 0x0A, 0x4E, 0xAE, 0x7C, ++ 0x8A, 0x27, 0xD9, 0xC8, 0xD0, 0x77, 0x2E, 0x65} ++ dQ := []byte{ ++ 0x8C, 0xB6, 0x85, 0x7A, 0x7B, 0xD5, 0x46, 0x5F, ++ 0x80, 0x04, 0x7E, 0x9B, 0x87, 0xBC, 0x00, 0x27, ++ 0x31, 0x84, 0x05, 0x81, 0xE0, 0x62, 0x61, 0x39, ++ 0x01, 0x2A, 0x5B, 0x50, 0x5F, 0x0A, 0x33, 0x84, ++ 0x7E, 0xB7, 0xB8, 0xC3, 0x28, 0x99, 0x49, 0xAD, ++ 0x48, 0x6F, 0x3B, 0x4B, 0x3D, 0x53, 0x9A, 0xB5, ++ 0xDA, 0x76, 0x30, 0x21, 0xCB, 0xC8, 0x2C, 0x1B, ++ 0xA2, 0x34, 0xA5, 0x66, 0x8D, 0xED, 0x08, 0x01, ++ 0xB8, 0x59, 0xF3, 0x43, 0xF1, 0xCE, 0x93, 0x04, ++ 0xE6, 0xFA, 0xA2, 0xB0, 0x02, 0xCA, 0xD9, 0xB7, ++ 0x8C, 0xDE, 0x5C, 0xDC, 0x2C, 0x1F, 0xB4, 0x17, ++ 0x1C, 0x42, 0x42, 0x16, 0x70, 0xA6, 0xAB, 0x0F, ++ 0x50, 0xCC, 0x4A, 0x19, 0x4E, 0xB3, 0x6D, 0x1C, ++ 0x91, 0xE9, 0x35, 0xBA, 0x01, 0xB9, 0x59, 0xD8, ++ 0x72, 0x8B, 0x9E, 0x64, 0x42, 0x6B, 0x3F, 0xC3, ++ 0xA7, 0x50, 0x6D, 0xEB, 0x52, 0x39, 0xA8, 0xA7} + -+func (h *cryptoKitHMAC) BlockSize() int { -+ return h.blockSize -+} ++ // Convert []byte to BigInt using BN_bin2bn and bnToBig ++ bytesToBigInt := func(b []byte) BigInt { ++ bn, err := ossl.BN_bin2bn(b, nil) ++ if err != nil { ++ panic(err) ++ } ++ defer ossl.BN_free(bn) ++ return bnToBig(bn) ++ } + -+func hashToHMACEnum(h hash.Hash) int32 { -+ switch h := h.(type) { -+ case *Hash: -+ return h.alg.id -+ default: -+ return 0 ++ priv, err := NewPrivateKeyRSA( ++ bytesToBigInt(N), ++ bytesToBigInt(E), ++ bytesToBigInt(d), ++ bytesToBigInt(p), ++ bytesToBigInt(q), ++ bytesToBigInt(dP), ++ bytesToBigInt(dQ), ++ bytesToBigInt(qInv), ++ ) ++ if err != nil { ++ panic("failed to create test RSA private key: " + err.Error()) + } -+} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mldsa.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mldsa.go ++ // Prevent finalization to avoid freeing OpenSSL objects. ++ runtime.SetFinalizer(priv, nil) ++ return priv._pkey ++}) +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/tls1prf.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/tls1prf.go new file mode 100644 -index 00000000000000..136d81fe3c152e +index 00000000000000..87fe3879ab48d3 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mldsa.go -@@ -0,0 +1,222 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/tls1prf.go +@@ -0,0 +1,157 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+//go:build darwin -+ -+package xcrypto ++package openssl + +import ( ++ "crypto" + "errors" ++ "hash" ++ "sync" ++ "unsafe" + -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) -+ -+const ( -+ // privateKeySizeMLDSA is the size of an ML-DSA private key seed. -+ privateKeySizeMLDSA = 32 -+ -+ // publicKeySizeMLDSA65 is the size of an ML-DSA-65 public key encoding. -+ publicKeySizeMLDSA65 = 1952 -+ -+ // publicKeySizeMLDSA87 is the size of an ML-DSA-87 public key encoding. -+ publicKeySizeMLDSA87 = 2592 -+ -+ // signatureSizeMLDSA65 is the size of an ML-DSA-65 signature. -+ signatureSizeMLDSA65 = 3309 -+ -+ // signatureSizeMLDSA87 is the size of an ML-DSA-87 signature. -+ signatureSizeMLDSA87 = 4627 ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+// SupportsMLDSA returns true if the given ML-DSA parameter set is supported -+// on this platform. -+func SupportsMLDSA(params MLDSAParameters) bool { -+ switch params.publicKeySize { -+ case publicKeySizeMLDSA65, publicKeySizeMLDSA87: -+ return cryptokit.SupportsMLDSA() == 1 ++func SupportsTLS1PRF() bool { ++ switch major() { ++ case 1: ++ return minor() >= 1 ++ case 3, 4: ++ _, err := fetchTLS1PRF3() ++ return err == nil + default: -+ return false -+ } -+} -+ -+// MLDSAParameters represents one of the fixed ML-DSA parameter sets. -+type MLDSAParameters struct { -+ name string -+ publicKeySize int -+ signatureSize int -+ generateKey func(seed []uint8) int64 -+ derivePublic func(seed []uint8, publicKey []uint8) int64 -+ sign func(seed []uint8, message []uint8, context []uint8, signature []uint8, signatureLen *int64) int64 -+ verify func(publicKey []uint8, message []uint8, context []uint8, signature []uint8) int64 -+ validatePub func(publicKey []uint8) int64 -+} -+ -+var ( -+ mldsa65 = MLDSAParameters{ -+ name: "ML-DSA-65", -+ publicKeySize: publicKeySizeMLDSA65, -+ signatureSize: signatureSizeMLDSA65, -+ generateKey: cryptokit.GenerateKeyMLDSA65, -+ derivePublic: cryptokit.DerivePublicKeyMLDSA65, -+ sign: cryptokit.SignMLDSA65, -+ verify: cryptokit.VerifyMLDSA65, -+ validatePub: cryptokit.ValidatePublicKeyMLDSA65, -+ } -+ mldsa87 = MLDSAParameters{ -+ name: "ML-DSA-87", -+ publicKeySize: publicKeySizeMLDSA87, -+ signatureSize: signatureSizeMLDSA87, -+ generateKey: cryptokit.GenerateKeyMLDSA87, -+ derivePublic: cryptokit.DerivePublicKeyMLDSA87, -+ sign: cryptokit.SignMLDSA87, -+ verify: cryptokit.VerifyMLDSA87, -+ validatePub: cryptokit.ValidatePublicKeyMLDSA87, ++ panic(errUnsupportedVersion()) + } -+) -+ -+// MLDSA65 returns the ML-DSA-65 parameter set. -+func MLDSA65() MLDSAParameters { return mldsa65 } -+ -+// MLDSA87 returns the ML-DSA-87 parameter set. -+func MLDSA87() MLDSAParameters { return mldsa87 } -+ -+func (params MLDSAParameters) valid() bool { -+ return params.generateKey != nil -+} -+ -+// PublicKeySize returns the size of public keys for this parameter set, in bytes. -+func (params MLDSAParameters) PublicKeySize() int { return params.publicKeySize } -+ -+// SignatureSize returns the size of signatures for this parameter set, in bytes. -+func (params MLDSAParameters) SignatureSize() int { return params.signatureSize } -+ -+// String returns the name of the parameter set. -+func (params MLDSAParameters) String() string { return params.name } -+ -+var errInvalidMLDSAParameters = errors.New("mldsa: invalid parameters") -+ -+// PrivateKeyMLDSA is an ML-DSA private key seed. -+type PrivateKeyMLDSA struct { -+ params MLDSAParameters -+ seed [privateKeySizeMLDSA]byte +} + -+// GenerateKeyMLDSA generates a new ML-DSA private key. -+func GenerateKeyMLDSA(params MLDSAParameters) (*PrivateKeyMLDSA, error) { -+ if !params.valid() { -+ return nil, errInvalidMLDSAParameters ++// TLS1PRF implements the TLS 1.0/1.1 pseudo-random function if h is nil, ++// else it implements the TLS 1.2 pseudo-random function. ++// The pseudo-random number will be written to result and will be of length len(result). ++func TLS1PRF(result, secret, label, seed []byte, fh func() hash.Hash) error { ++ var md ossl.EVP_MD_PTR ++ if fh == nil { ++ // TLS 1.0/1.1 PRF doesn't allow to specify the hash function, ++ // it always uses MD5SHA1. If h is nil, then assume ++ // that the caller wants to use TLS 1.0/1.1 PRF. ++ // OpenSSL detects this case by checking if the hash ++ // function is MD5SHA1. ++ md = loadHash(crypto.MD5SHA1, false).md ++ } else { ++ h, err := hashFuncHash(fh) ++ if err != nil { ++ return err ++ } ++ md = hashToMD(h) + } -+ key := &PrivateKeyMLDSA{params: params} -+ if ret := params.generateKey(key.seed[:]); ret != 0 { -+ return nil, errors.New("mldsa: key generation failed") ++ if md == nil { ++ return errors.New("unsupported hash function") + } -+ return key, nil -+} + -+// NewPrivateKeyMLDSA constructs an ML-DSA private key from its seed. -+func NewPrivateKeyMLDSA(params MLDSAParameters, seed []byte) (*PrivateKeyMLDSA, error) { -+ if !params.valid() { -+ return nil, errInvalidMLDSAParameters -+ } -+ if len(seed) != privateKeySizeMLDSA { -+ return nil, errors.New("mldsa: invalid private key size") ++ switch major() { ++ case 1: ++ return tls1PRF1(result, secret, label, seed, md) ++ case 3, 4: ++ return tls1PRF3(result, secret, label, seed, md) ++ default: ++ return errUnsupportedVersion() + } -+ key := &PrivateKeyMLDSA{params: params} -+ copy(key.seed[:], seed) -+ return key, nil -+} -+ -+// Bytes returns the private key seed. -+func (key *PrivateKeyMLDSA) Bytes() []byte { -+ return key.seed[:] +} + -+// Parameters returns the parameters associated with this private key. -+func (key *PrivateKeyMLDSA) Parameters() MLDSAParameters { return key.params } ++// tls1PRF1 implements TLS1PRF for OpenSSL 1 using the EVP_PKEY API. ++func tls1PRF1(result, secret, label, seed []byte, md ossl.EVP_MD_PTR) error { ++ checkMajorVersion(1) + -+// PublicKey returns the corresponding public key. -+func (key *PrivateKeyMLDSA) PublicKey() *PublicKeyMLDSA { -+ publicKey := &PublicKeyMLDSA{params: key.params} -+ if ret := key.params.derivePublic(key.seed[:], publicKey.bytes[:key.params.publicKeySize]); ret != 0 { -+ panic("mldsa: failed to derive public key") ++ ctx, err := ossl.EVP_PKEY_CTX_new_id(ossl.EVP_PKEY_TLS1_PRF, nil) ++ if err != nil { ++ return err + } -+ return publicKey -+} ++ defer func() { ++ ossl.EVP_PKEY_CTX_free(ctx) ++ }() + -+// Sign signs message with context using ML-DSA. -+func (key *PrivateKeyMLDSA) Sign(message []byte, context string) ([]byte, error) { -+ if len(context) > 255 { -+ return nil, errors.New("mldsa: context too long") ++ if _, err := ossl.EVP_PKEY_derive_init(ctx); err != nil { ++ return err + } -+ signature := make([]byte, key.params.signatureSize) -+ sigLen := int64(key.params.signatureSize) -+ contextBytes := []byte(context) -+ if ret := key.params.sign(key.seed[:], message, contextBytes, signature, &sigLen); ret != 0 { -+ return nil, errors.New("mldsa: signing failed") ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ++ ossl.EVP_PKEY_OP_DERIVE, ++ ossl.EVP_PKEY_CTRL_TLS_MD, ++ 0, unsafe.Pointer(md)); err != nil { ++ return err + } -+ return signature[:sigLen], nil -+} -+ -+// SignExternalMu signs a pre-hashed mu message representative using ML-DSA. -+func (key *PrivateKeyMLDSA) SignExternalMu(mu []byte) ([]byte, error) { -+ if len(mu) != 64 { -+ return nil, errors.New("mldsa: invalid message hash length") ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ++ ossl.EVP_PKEY_OP_DERIVE, ++ ossl.EVP_PKEY_CTRL_TLS_SECRET, ++ int32(len(secret)), unsafe.Pointer(base(secret))); err != nil { ++ return err + } -+ return nil, errors.New("mldsa: external mu not supported") -+} -+ -+// PublicKeyMLDSA is an ML-DSA public key. -+type PublicKeyMLDSA struct { -+ params MLDSAParameters -+ bytes [publicKeySizeMLDSA87]byte -+} -+ -+// NewPublicKeyMLDSA constructs an ML-DSA public key from its encoding. -+func NewPublicKeyMLDSA(params MLDSAParameters, publicKey []byte) (*PublicKeyMLDSA, error) { -+ if !params.valid() { -+ return nil, errInvalidMLDSAParameters ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ++ ossl.EVP_PKEY_OP_DERIVE, ++ ossl.EVP_PKEY_CTRL_TLS_SEED, ++ int32(len(label)), unsafe.Pointer(base(label))); err != nil { ++ return err + } -+ if len(publicKey) != params.publicKeySize { -+ return nil, errors.New("mldsa: invalid public key size") ++ if _, err := ossl.EVP_PKEY_CTX_ctrl(ctx, -1, ++ ossl.EVP_PKEY_OP_DERIVE, ++ ossl.EVP_PKEY_CTRL_TLS_SEED, ++ int32(len(seed)), unsafe.Pointer(base(seed))); err != nil { ++ return err + } -+ if ret := params.validatePub(publicKey); ret != 0 { -+ return nil, errors.New("mldsa: invalid public key") ++ outLen := len(result) ++ if _, err := ossl.EVP_PKEY_derive(ctx, result, &outLen); err != nil { ++ return err + } -+ key := &PublicKeyMLDSA{params: params} -+ copy(key.bytes[:], publicKey) -+ return key, nil -+} -+ -+// Bytes returns the public key encoding. -+func (key *PublicKeyMLDSA) Bytes() []byte { -+ return key.bytes[:key.params.publicKeySize] ++ // The Go standard library expects TLS1PRF to return the requested number of bytes, ++ // fail if it doesn't. While there is no known situation where this will happen, ++ // EVP_PKEY_derive handles multiple algorithms and there could be a subtle mismatch ++ // after more code changes in the future. ++ if outLen != len(result) { ++ return errors.New("tls1-prf: derived less bytes than requested") ++ } ++ return nil +} + -+// Parameters returns the parameters associated with this public key. -+func (key *PublicKeyMLDSA) Parameters() MLDSAParameters { return key.params } ++// fetchTLS1PRF3 fetches the TLS1-PRF KDF algorithm. ++// It is safe to call this function concurrently. ++// The returned EVP_KDF_PTR shouldn't be freed. ++var fetchTLS1PRF3 = sync.OnceValues(func() (ossl.EVP_KDF_PTR, error) { ++ checkMajorVersion(3, 4) + -+// Verify verifies an ML-DSA signature. -+func (key *PublicKeyMLDSA) Verify(message, signature []byte, context string) error { -+ if len(signature) != key.params.signatureSize { -+ return errors.New("mldsa: invalid signature length") ++ kdf, err := ossl.EVP_KDF_fetch(nil, _OSSL_KDF_NAME_TLS1_PRF.ptr(), nil) ++ if err != nil { ++ return nil, err + } -+ if len(context) > 255 { -+ return errors.New("mldsa: context too long") ++ return kdf, nil ++}) ++ ++// tls1PRF3 implements TLS1PRF for OpenSSL 3 using the EVP_KDF API. ++func tls1PRF3(result, secret, label, seed []byte, md ossl.EVP_MD_PTR) error { ++ checkMajorVersion(3, 4) ++ ++ kdf, err := fetchTLS1PRF3() ++ if err != nil { ++ return err + } -+ contextBytes := []byte(context) -+ if ret := key.params.verify(key.bytes[:key.params.publicKeySize], message, contextBytes, signature); ret != 0 { -+ return errors.New("mldsa: verification failed") ++ ctx, err := ossl.EVP_KDF_CTX_new(kdf) ++ if err != nil { ++ return err + } -+ return nil -+} ++ defer ossl.EVP_KDF_CTX_free(ctx) + -+// VerifyExternalMu verifies an ML-DSA signature over a pre-hashed mu message representative. -+func (key *PublicKeyMLDSA) VerifyExternalMu(mu, signature []byte) error { -+ if len(mu) != 64 { -+ return errors.New("mldsa: invalid message hash length") ++ bld := newParamBuilder() ++ defer bld.finalize() ++ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) ++ bld.addOctetString(_OSSL_KDF_PARAM_SECRET, secret) ++ bld.addOctetString(_OSSL_KDF_PARAM_SEED, label) ++ bld.addOctetString(_OSSL_KDF_PARAM_SEED, seed) ++ params, err := bld.build() ++ if err != nil { ++ return err + } -+ if len(signature) != key.params.signatureSize { -+ return errors.New("mldsa: invalid signature length") ++ defer ossl.OSSL_PARAM_free(params) ++ ++ if _, err := ossl.EVP_KDF_derive(ctx, result, params); err != nil { ++ return err + } -+ return errors.New("mldsa: external mu not supported") ++ return nil +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mlkem.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mlkem.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/zaes.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/zaes.go new file mode 100644 -index 00000000000000..b5131703afdbcc +index 00000000000000..ac79a864271eee --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/mlkem.go -@@ -0,0 +1,261 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/zaes.go +@@ -0,0 +1,87 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+//go:build darwin -+ -+package xcrypto -+ -+import ( -+ "errors" ++// Code generated by cmd/genaesmodes. DO NOT EDIT. + -+ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" -+) ++package openssl + -+const ( -+ // sharedKeySizeMLKEM is the size of a shared key produced by ML-KEM. -+ sharedKeySizeMLKEM = 32 ++import "crypto/cipher" + -+ // seedSizeMLKEM is the size of a seed used to generate a decapsulation key. -+ seedSizeMLKEM = 64 ++type cipherWithCBC struct { ++ aesCipher ++} + -+ // ciphertextSizeMLKEM768 is the size of a ciphertext produced by ML-KEM-768. -+ ciphertextSizeMLKEM768 = 1088 ++type cipherWithCTR struct { ++ aesCipher ++} + -+ // encapsulationKeySizeMLKEM768 is the size of an ML-KEM-768 encapsulation key. -+ encapsulationKeySizeMLKEM768 = 1184 ++type cipherWithCBC_CTR struct { ++ aesCipher ++ cipherWithCBC ++ cipherWithCTR ++} + -+ // ciphertextSizeMLKEM1024 is the size of a ciphertext produced by ML-KEM-1024. -+ ciphertextSizeMLKEM1024 = 1568 ++type cipherWithGCM struct { ++ aesCipher ++} + -+ // encapsulationKeySizeMLKEM1024 is the size of an ML-KEM-1024 encapsulation key. -+ encapsulationKeySizeMLKEM1024 = 1568 -+) ++type cipherWithCBC_GCM struct { ++ aesCipher ++ cipherWithCBC ++ cipherWithGCM ++} + -+// SupportsMLKEM returns true if ML-KEM is supported on this platform. -+func SupportsMLKEM() bool { -+ return cryptokit.SupportsMLKEM() == 1 ++type cipherWithCTR_GCM struct { ++ aesCipher ++ cipherWithCTR ++ cipherWithGCM +} + -+// DecapsulationKeyMLKEM768 is the secret key used to decapsulate a shared key -+// from a ciphertext. It includes various precomputed values. -+type DecapsulationKeyMLKEM768 [seedSizeMLKEM]byte ++type cipherWithCBC_CTR_GCM struct { ++ aesCipher ++ cipherWithCBC ++ cipherWithCTR ++ cipherWithGCM ++} + -+// GenerateKeyMLKEM768 generates a new decapsulation key, drawing random bytes from -+// the default crypto/rand source. The decapsulation key must be kept secret. -+func GenerateKeyMLKEM768() (DecapsulationKeyMLKEM768, error) { -+ var dk DecapsulationKeyMLKEM768 -+ ret := cryptokit.GenerateKeyMLKEM768(dk[:]) -+ if ret != 0 { -+ return DecapsulationKeyMLKEM768{}, errors.New("mlkem: key generation failed") ++func newAESBlock(c *evpCipher, kind cipherKind) cipher.Block { ++ aes := aesCipher{c} ++ var block cipher.Block ++ supportsCBC := loadCipher(kind, cipherModeCBC) != nil ++ supportsCTR := loadCipher(kind, cipherModeCTR) != nil ++ supportsGCM := loadCipher(kind, cipherModeGCM) != nil ++ switch { ++ case !supportsCBC && !supportsCTR && !supportsGCM: ++ block = aes ++ case supportsCBC && !supportsCTR && !supportsGCM: ++ block = cipherWithCBC{aes} ++ case !supportsCBC && supportsCTR && !supportsGCM: ++ block = cipherWithCTR{aes} ++ case supportsCBC && supportsCTR && !supportsGCM: ++ block = cipherWithCBC_CTR{aes, ++ cipherWithCBC{aes}, ++ cipherWithCTR{aes}, ++ } ++ case !supportsCBC && !supportsCTR && supportsGCM: ++ block = cipherWithGCM{aes} ++ case supportsCBC && !supportsCTR && supportsGCM: ++ block = cipherWithCBC_GCM{aes, ++ cipherWithCBC{aes}, ++ cipherWithGCM{aes}, ++ } ++ case !supportsCBC && supportsCTR && supportsGCM: ++ block = cipherWithCTR_GCM{aes, ++ cipherWithCTR{aes}, ++ cipherWithGCM{aes}, ++ } ++ case supportsCBC && supportsCTR && supportsGCM: ++ block = cipherWithCBC_CTR_GCM{aes, ++ cipherWithCBC{aes}, ++ cipherWithCTR{aes}, ++ cipherWithGCM{aes}, ++ } ++ default: ++ panic("unreachable") + } -+ return dk, nil ++ return block +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/fips.go b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/fips.go +new file mode 100644 +index 00000000000000..2084b384b9f3a9 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/fips.go +@@ -0,0 +1,69 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+// NewDecapsulationKeyMLKEM768 expands a decapsulation key from a 64-byte seed in the -+// "d || z" form. The seed must be uniformly random. -+func NewDecapsulationKeyMLKEM768(seed []byte) (DecapsulationKeyMLKEM768, error) { -+ if len(seed) != seedSizeMLKEM { -+ return DecapsulationKeyMLKEM768{}, errors.New("mlkem: invalid seed size") -+ } ++package osslsetup + -+ var dk DecapsulationKeyMLKEM768 -+ copy(dk[:], seed) -+ return dk, nil -+} ++import ( ++ "unsafe" + -+// Bytes returns the decapsulation key as a 64-byte seed in the "d || z" form. -+// -+// The decapsulation key must be kept secret. -+func (dk DecapsulationKeyMLKEM768) Bytes() []byte { -+ return dk[:] -+} ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+// Decapsulate generates a shared key from a ciphertext and a decapsulation -+// key. If the ciphertext is not valid, Decapsulate returns an error. ++// cString is a null-terminated string, ++// akin to C's char*. ++type cString string ++ ++// ptr returns a pointer to the string data. ++// It panics if the string is not null-terminated. +// -+// The shared key must be kept secret. -+func (dk DecapsulationKeyMLKEM768) Decapsulate(ciphertext []byte) (sharedKey []byte, err error) { -+ if len(ciphertext) != ciphertextSizeMLKEM768 { -+ return nil, errors.New("mlkem: invalid ciphertext size") ++// The memory pointed to by the returned pointer should ++// not be modified and it must only be passed to ++// "const char*" parameters. Any attempt to modify it ++// will result in a runtime panic, as Go strings are ++// allocated in read-only memory. ++func (s cString) ptr() *byte { ++ if len(s) == 0 { ++ return nil + } -+ -+ sharedKey = make([]byte, sharedKeySizeMLKEM) -+ ret := cryptokit.DecapsulateMLKEM768( -+ dk[:], -+ ciphertext, -+ sharedKey, -+ ) -+ -+ if ret != 0 { -+ return nil, errors.New("mlkem: decapsulation failed") ++ if s[len(s)-1] != 0 { ++ panic("must be null-terminated") + } -+ return sharedKey, nil ++ return unsafe.StringData(string(s)) +} + -+// EncapsulationKey returns the public encapsulation key necessary to produce -+// ciphertexts. -+func (dk DecapsulationKeyMLKEM768) EncapsulationKey() EncapsulationKeyMLKEM768 { -+ var ek EncapsulationKeyMLKEM768 -+ ret := cryptokit.DeriveEncapsulationKeyMLKEM768( -+ dk[:], -+ ek[:], -+ ) ++const ( ++ _ProviderNameFips cString = "fips\x00" ++ _DigestNameSHA2_256 cString = "SHA2-256\x00" ++) + -+ if ret != 0 { -+ return EncapsulationKeyMLKEM768{} ++// FIPS returns true if the provider used by default matches the `fips=yes` query. ++// It is useful for checking whether OpenSSL is capable of running in FIPS mode regardless ++// of whether the `fips=yes` query is explicitly enabled. For example, Azure Linux 3 doesn't set the ++// `fips=yes` query in the default properties, but sets the default provider to be SCOSSL, ++// which is FIPS-capable. ++func FIPS() bool { ++ switch vMajor { ++ case 1: ++ return ossl.FIPS_mode() == 1 ++ default: ++ // Load the provider with and without the `fips=yes` query. ++ // If the providers are the same, then the default provider is FIPS-capable. ++ provFIPS := sha256Provider(_ProviderNameFips) ++ if provFIPS == nil { ++ return false ++ } ++ provDefault := sha256Provider("") ++ return provFIPS == provDefault + } -+ return ek +} + -+// An EncapsulationKeyMLKEM768 is the public key used to produce ciphertexts to be -+// decapsulated by the corresponding DecapsulationKeyMLKEM768. -+type EncapsulationKeyMLKEM768 [encapsulationKeySizeMLKEM768]byte -+ -+// NewEncapsulationKeyMLKEM768 parses an encapsulation key from its encoded form. If -+// the encapsulation key is not valid, NewEncapsulationKeyMLKEM768 returns an error. -+func NewEncapsulationKeyMLKEM768(encapsulationKey []byte) (EncapsulationKeyMLKEM768, error) { -+ if len(encapsulationKey) != encapsulationKeySizeMLKEM768 { -+ return EncapsulationKeyMLKEM768{}, errors.New("mlkem: invalid encapsulation key size") ++// sha256Provider returns the provider for the SHA-256 algorithm ++// using the given properties. ++func sha256Provider(props cString) ossl.OSSL_PROVIDER_PTR { ++ md, _ := ossl.EVP_MD_fetch(nil, _DigestNameSHA2_256.ptr(), props.ptr()) ++ if md == nil { ++ return nil + } -+ -+ var ek EncapsulationKeyMLKEM768 -+ copy(ek[:], encapsulationKey) -+ return ek, nil -+} -+ -+// Bytes returns the encapsulation key as a byte slice. -+func (ek EncapsulationKeyMLKEM768) Bytes() []byte { -+ return ek[:] ++ defer ossl.EVP_MD_free(md) ++ return ossl.EVP_MD_get0_provider(md) +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init.go b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init.go +new file mode 100644 +index 00000000000000..720a446838ea7d +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init.go +@@ -0,0 +1,170 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+// Encapsulate generates a shared key and an associated ciphertext from an -+// encapsulation key, drawing random bytes from the default crypto/rand source. -+// -+// The shared key must be kept secret. -+func (ek EncapsulationKeyMLKEM768) Encapsulate() (sharedKey, ciphertext []byte) { -+ sharedKey = make([]byte, sharedKeySizeMLKEM) -+ ciphertext = make([]byte, ciphertextSizeMLKEM768) ++package osslsetup + -+ ret := cryptokit.EncapsulateMLKEM768( -+ ek[:], -+ sharedKey, -+ ciphertext, -+ ) ++import ( ++ "errors" ++ "unsafe" + -+ if ret != 0 { -+ return nil, nil -+ } -+ return sharedKey, ciphertext -+} ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" ++) + -+// DecapsulationKeyMLKEM1024 is the secret key used to decapsulate a shared key -+// from a ciphertext. It includes various precomputed values. -+type DecapsulationKeyMLKEM1024 [seedSizeMLKEM]byte ++// osslHandle is the handle to the OpenSSL shared library loaded in the [Init] function. ++var osslHandle unsafe.Pointer + -+// GenerateKeyMLKEM1024 generates a new decapsulation key, drawing random bytes from -+// the default crypto/rand source. The decapsulation key must be kept secret. -+func GenerateKeyMLKEM1024() (DecapsulationKeyMLKEM1024, error) { -+ var dk DecapsulationKeyMLKEM1024 -+ ret := cryptokit.GenerateKeyMLKEM1024(dk[:]) -+ if ret != 0 { -+ return DecapsulationKeyMLKEM1024{}, errors.New("mlkem: key generation failed") ++// opensslInit loads and initializes OpenSSL. ++// ++// See [Init] for details about file. ++func opensslInit(file string) error { ++ // Load the OpenSSL shared library using dlopen. ++ handle, close, err := openLibrary(file) ++ if err != nil { ++ return err + } -+ return dk, nil -+} + -+// NewDecapsulationKeyMLKEM1024 expands a decapsulation key from a 64-byte seed in the -+// "d || z" form. The seed must be uniformly random. -+func NewDecapsulationKeyMLKEM1024(seed []byte) (DecapsulationKeyMLKEM1024, error) { -+ if len(seed) != seedSizeMLKEM { -+ return DecapsulationKeyMLKEM1024{}, errors.New("mlkem: invalid seed size") ++ ossl.MkcgoLoad_(handle) ++ if vMajor == 1 { ++ ossl.MkcgoLoad_legacy_1(handle) ++ } else { ++ ossl.MkcgoLoad_3(handle) ++ if vMajor > 3 || (vMajor == 3 && vMinor >= 3) { ++ ossl.MkcgoLoad_33(handle) ++ } + } + -+ var dk DecapsulationKeyMLKEM1024 -+ copy(dk[:], seed) -+ return dk, nil ++ // Initialize OpenSSL. ++ ossl.OPENSSL_init() ++ if _, err = ossl.OPENSSL_init_crypto( ++ ossl.OPENSSL_INIT_ADD_ALL_CIPHERS| ++ ossl.OPENSSL_INIT_ADD_ALL_DIGESTS| ++ ossl.OPENSSL_INIT_LOAD_CONFIG| ++ ossl.OPENSSL_INIT_LOAD_CRYPTO_STRINGS, ++ nil); err != nil { ++ close() ++ return err ++ } ++ osslHandle = handle ++ return nil +} + -+// Bytes returns the decapsulation key as a 64-byte seed in the "d || z" form. ++// initForCheckVersion loads and initialize only the ++// functions required in [CheckVersion]. ++// It returns a close function that must be called to release the resources. +// -+// The decapsulation key must be kept secret. -+func (dk DecapsulationKeyMLKEM1024) Bytes() []byte { -+ return dk[:] -+} -+ -+// Decapsulate generates a shared key from a ciphertext and a decapsulation -+// key. If the ciphertext is not valid, Decapsulate returns an error. ++// This function modifies the vMajor, vMinor, and vPatch global variables as ++// well as other internal global variables that facilitate OpenSSL calls. +// -+// The shared key must be kept secret. -+func (dk DecapsulationKeyMLKEM1024) Decapsulate(ciphertext []byte) (sharedKey []byte, err error) { -+ if len(ciphertext) != ciphertextSizeMLKEM1024 { -+ return nil, errors.New("mlkem: invalid ciphertext size") ++// If the function succeeds, calling the close function restores the previous ++// state of the global variables. If it fails, the global variables are restored ++// before returning. ++func initForCheckVersion(file string) (func(), error) { ++ prevMajor, prevMinor, prevPatch := vMajor, vMinor, vPatch ++ restoreVersion := func() { ++ vMajor, vMinor, vPatch = prevMajor, prevMinor, prevPatch + } -+ -+ sharedKey = make([]byte, sharedKeySizeMLKEM) -+ ret := cryptokit.DecapsulateMLKEM1024( -+ dk[:], -+ ciphertext, -+ sharedKey, -+ ) -+ -+ if ret != 0 { -+ return nil, errors.New("mlkem: decapsulation failed") ++ handle, close, err := openLibrary(file) ++ if err != nil { ++ restoreVersion() ++ return nil, err + } -+ return sharedKey, nil -+} -+ -+// EncapsulationKey returns the public encapsulation key necessary to produce -+// ciphertexts. -+func (dk DecapsulationKeyMLKEM1024) EncapsulationKey() EncapsulationKeyMLKEM1024 { -+ var ek EncapsulationKeyMLKEM1024 -+ ret := cryptokit.DeriveEncapsulationKeyMLKEM1024( -+ dk[:], -+ ek[:], -+ ) -+ -+ if ret != 0 { -+ return EncapsulationKeyMLKEM1024{} ++ initFuncs := func() (loadX func(unsafe.Pointer), unloadX func()) { ++ switch vMajor { ++ case 1: ++ loadX = ossl.MkcgoLoad_init_1 ++ unloadX = ossl.MkcgoUnload_init_1 ++ default: ++ if vMajor < 3 { ++ // openLibrary should have already rejected this. ++ panic(errUnsupportedVersion()) ++ } ++ // Any 3+ major uses the OpenSSL 3 init shim: 3+ guarantees ++ // ABI/API compatibility within the same major. ++ loadX = ossl.MkcgoLoad_init_3 ++ unloadX = ossl.MkcgoUnload_init_3 ++ } ++ return + } -+ return ek ++ loadX, unloadX := initFuncs() ++ loadX(handle) ++ return func() { ++ restoreVersion() ++ close() ++ unloadX() ++ if osslHandle != nil { ++ // If osslHandle is not nil, it means that the library was already loaded ++ // and initialized. In this case, we need to reload the functions from ++ // the original handle. ++ loadX, _ = initFuncs() ++ loadX(osslHandle) ++ } ++ }, nil +} + -+// An EncapsulationKeyMLKEM1024 is the public key used to produce ciphertexts to be -+// decapsulated by the corresponding DecapsulationKeyMLKEM1024. -+type EncapsulationKeyMLKEM1024 [encapsulationKeySizeMLKEM1024]byte -+ -+// NewEncapsulationKeyMLKEM1024 parses an encapsulation key from its encoded form. If -+// the encapsulation key is not valid, NewEncapsulationKeyMLKEM1024 returns an error. -+func NewEncapsulationKeyMLKEM1024(encapsulationKey []byte) (EncapsulationKeyMLKEM1024, error) { -+ if len(encapsulationKey) != encapsulationKeySizeMLKEM1024 { -+ return EncapsulationKeyMLKEM1024{}, errors.New("mlkem: invalid encapsulation key size") ++// openLibrary loads and initialize the version of OpenSSL. ++// It returns the handle to the OpenSSL shared library ++// and a function that can be called to release the resources. ++func openLibrary(file string) (handle unsafe.Pointer, close func(), err error) { ++ vMajor, vMinor, vPatch = 0, 0, 0 ++ handle, err = dlopen(file) ++ if err != nil { ++ return nil, nil, err + } ++ // Retrieve the loaded OpenSSL version and check if it is supported. ++ // Notice that major and minor could not match with the version parameter ++ // in case the name of the shared library file differs from the OpenSSL ++ // version it contains. ++ ossl.MkcgoLoad_version(handle) ++ close = func() { ++ dlclose(handle) ++ if osslHandle == nil { ++ ossl.MkcgoUnload_version() ++ } else { ++ ossl.MkcgoLoad_version(osslHandle) ++ } ++ } ++ defer func() { ++ if err != nil { ++ close() ++ } ++ }() + -+ var ek EncapsulationKeyMLKEM1024 -+ copy(ek[:], encapsulationKey) -+ return ek, nil -+} -+ -+// Bytes returns the encapsulation key as a byte slice. -+func (ek EncapsulationKeyMLKEM1024) Bytes() []byte { -+ return ek[:] -+} -+ -+// Encapsulate generates a shared key and an associated ciphertext from an -+// encapsulation key, drawing random bytes from the default crypto/rand source. -+// -+// The shared key must be kept secret. -+func (ek EncapsulationKeyMLKEM1024) Encapsulate() (sharedKey, ciphertext []byte) { -+ sharedKey = make([]byte, sharedKeySizeMLKEM) -+ ciphertext = make([]byte, ciphertextSizeMLKEM1024) -+ -+ ret := cryptokit.EncapsulateMLKEM1024( -+ ek[:], -+ sharedKey, -+ ciphertext, -+ ) -+ -+ if ret != 0 { -+ return nil, nil ++ if ossl.OPENSSL_version_major_Available() && ++ ossl.OPENSSL_version_minor_Available() && ++ ossl.OPENSSL_version_patch_Available() { ++ // Likely OpenSSL 3 or later. ++ vMajor = int(ossl.OPENSSL_version_major()) ++ vMinor = int(ossl.OPENSSL_version_minor()) ++ vPatch = int(ossl.OPENSSL_version_patch()) ++ } else if ossl.OpenSSL_version_num_Available() { ++ // Likely OpenSSL 1. ++ ver := ossl.OpenSSL_version_num() ++ vMajor = int(ver >> 28) ++ vMinor = int(ver >> 20 & 0xFF) ++ vPatch = int(ver >> 12 & 0xFF) ++ } else { ++ return handle, nil, errors.New("openssl: version not available") + } -+ return sharedKey, ciphertext ++ var supported bool ++ switch vMajor { ++ case 1: ++ supported = vMinor == 1 && vPatch >= 1 ++ default: ++ // 3+ guarantees ABI/API compatibility within the same major, ++ // so any tested major is supported. Untested 3+ majors require ++ // GODEBUG=ms_opensslallowuntested=1. ++ for _, m := range testedMajors { ++ if vMajor == m { ++ supported = true ++ break ++ } ++ } ++ if !supported && vMajor >= 3 && allowUntestedMajor() { ++ supported = true ++ } ++ } ++ if !supported { ++ return handle, nil, errUnsupportedVersion() ++ } ++ return handle, close, nil +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init_cgo_unix.go b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init_cgo_unix.go new file mode 100644 -index 00000000000000..b50fc17d0f8d66 +index 00000000000000..45903c12e802df --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go -@@ -0,0 +1,76 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init_cgo_unix.go +@@ -0,0 +1,34 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+//go:build darwin ++//go:build unix + -+package xcrypto ++package osslsetup + ++// #cgo LDFLAGS: -ldl ++// #include ++// #include ++import "C" +import ( -+ "crypto" + "errors" -+ "hash" -+ "math" -+ -+ "github.com/microsoft/go-crypto-darwin/internal/commoncrypto" ++ "unsafe" +) + -+func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { -+ // CommonCrypto's CCKeyDerivationPBKDF takes an unsigned 32-bit iteration -+ // count, so reject values that would overflow or wrap. In practice the -+ // recommended iteration count is around 300,000. -+ if iter <= 0 || iter > math.MaxUint32 { -+ return nil, errors.New("PBKDF2: invalid iteration count") -+ } -+ -+ // Map Go hash function to CommonCrypto hash constant -+ ccDigest, err := hashToCCDigestPBKDF2(fh()) -+ if err != nil { -+ return nil, err -+ } -+ -+ if len(password) == 0 { -+ // CommonCrypto requires a non-empty password -+ // Substitute empty password with placeholder -+ password = make([]byte, 1) -+ } -+ -+ // Allocate output buffer for the derived key -+ derivedKey := make([]byte, keyLen) -+ -+ // Call CommonCrypto's PBKDF2 implementation -+ status := commoncrypto.CCKeyDerivationPBKDF( -+ commoncrypto.KCCPBKDF2, // PBKDF2 algorithm -+ password, // Password -+ salt, // Salt -+ ccDigest, // Digest algorithm -+ uint32(iter), // Iteration count -+ derivedKey, // Output buffer for derived key -+ ) -+ -+ if status != commoncrypto.KCCSuccess { -+ return nil, errors.New("PBKDF2 key derivation failed") ++func dlopen(file string) (handle unsafe.Pointer, err error) { ++ cv := C.CString(file) ++ defer C.free(unsafe.Pointer(cv)) ++ handle = C.dlopen(cv, C.RTLD_LAZY|C.RTLD_LOCAL) ++ if handle == nil { ++ errstr := C.GoString(C.dlerror()) ++ return nil, errors.New("openssl: can't load " + file + ": " + errstr) + } -+ -+ return derivedKey, nil ++ return handle, nil +} + -+// Mapping Go hash functions to CommonCrypto hash constants -+func hashToCCDigestPBKDF2(hash hash.Hash) (commoncrypto.CCPseudoRandomAlgorithm, error) { -+ switch h := hash.(type) { -+ case *Hash: -+ switch h.alg.ch { -+ case crypto.SHA1: -+ return commoncrypto.KCCPRFHmacAlgSHA1, nil -+ case crypto.SHA256: -+ return commoncrypto.KCCPRFHmacAlgSHA256, nil -+ case crypto.SHA384: -+ return commoncrypto.KCCPRFHmacAlgSHA384, nil -+ case crypto.SHA512: -+ return commoncrypto.KCCPRFHmacAlgSHA512, nil -+ default: -+ return 0, errors.New("unsupported hash function") -+ } -+ default: -+ return 0, errors.New("unsupported hash function") ++func dlclose(handle unsafe.Pointer) error { ++ if C.dlclose(handle) != 0 { ++ errstr := C.GoString(C.dlerror()) ++ return errors.New("openssl: can't close libcrypto: " + errstr) + } ++ return nil +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init_nocgo_unix.go b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init_nocgo_unix.go new file mode 100644 -index 00000000000000..f8fc6ab81a3eb8 +index 00000000000000..e91d5df6b7685a --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go -@@ -0,0 +1,28 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init_nocgo_unix.go +@@ -0,0 +1,35 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+//go:build darwin ++//go:build unix && !cgo && (go1.27 || !s390x) + -+package xcrypto ++package osslsetup + +import ( + "errors" ++ "runtime" ++ "unsafe" + -+ "github.com/microsoft/go-crypto-darwin/internal/security" ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+type randReader int -+ -+func (randReader) Read(b []byte) (int, error) { -+ // Note: RAND_bytes should never fail; the return value exists only for historical reasons. -+ // We check it even so. -+ if len(b) == 0 { -+ return 0, nil ++func dlopen(file string) (handle unsafe.Pointer, err error) { ++ const RTLD_LAZY = 1 ++ var RTLD_LOCAL = 0 ++ if runtime.GOOS == "darwin" { ++ RTLD_LOCAL = 4 // darwin uses 4 as RTLD_LOCAL + } -+ if security.SecRandomCopyBytes(security.KSecRandomDefault, b) != 0 { -+ return 0, errors.New("crypto/rand: unable to read from source") ++ handle = ossl.Dlopen(unsafe.StringData(file+"\x00"), int32(RTLD_LAZY|RTLD_LOCAL)) ++ if handle == nil { ++ return nil, errors.New("openssl: can't load " + file + ": " + goString(ossl.Dlerror())) + } -+ return len(b), nil ++ return handle, nil +} + -+const RandReader = randReader(0) -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go ++func dlclose(handle unsafe.Pointer) error { ++ if ossl.Dlclose(handle) != 0 { ++ errstr := goString(ossl.Dlerror()) ++ return errors.New("openssl: can't close libcrypto: " + errstr) ++ } ++ return nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init_windows.go b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init_windows.go new file mode 100644 -index 00000000000000..01258b7f65a263 +index 00000000000000..312dfc88d7f311 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go -@@ -0,0 +1,81 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/init_windows.go +@@ -0,0 +1,37 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+//go:build darwin -+ -+package xcrypto ++package osslsetup + +import ( -+ "errors" -+ "runtime" -+ "slices" -+ -+ "github.com/microsoft/go-crypto-darwin/internal/commoncrypto" ++ "syscall" ++ "unsafe" +) + -+// RC4Cipher is an instance of RC4 using a particular key. -+type RC4Cipher struct { -+ ctx commoncrypto.CCCryptorRef ++type dlopenError struct { ++ file string ++ err error +} + -+// NewRC4Cipher creates and returns a new RC4 cipher with the given key. -+func NewRC4Cipher(key []byte) (*RC4Cipher, error) { -+ // Clone the key to prevent modification. -+ key = slices.Clone(key) -+ var ctx commoncrypto.CCCryptorRef -+ status := commoncrypto.CCCryptorCreate( -+ commoncrypto.KCCEncrypt, // Operation (RC4 stream) -+ commoncrypto.KCCAlgorithmRC4, // Algorithm -+ 0, // No padding or other options -+ key, // Key -+ nil, // No IV needed for RC4 -+ &ctx, // Output: CCCryptorRef -+ ) -+ if status != commoncrypto.KCCSuccess { -+ return nil, errors.New("failed to create RC4 cipher") -+ } -+ c := &RC4Cipher{ctx: ctx} -+ runtime.SetFinalizer(c, (*RC4Cipher).finalize) -+ return c, nil ++func (e *dlopenError) Error() string { ++ return "openssl: can't load " + e.file + ": " + e.err.Error() +} + -+// finalize releases the RC4 cipher context when no longer needed. -+func (c *RC4Cipher) finalize() { -+ if c.ctx != nil { -+ commoncrypto.CCCryptorRelease(c.ctx) -+ } ++func (e *dlopenError) Unwrap() error { ++ return e.err +} + -+// Reset zeros the key data and makes the cipher unusable. -+func (c *RC4Cipher) Reset() { -+ if c.ctx != nil { -+ commoncrypto.CCCryptorRelease(c.ctx) -+ c.ctx = nil ++func dlopen(file string) (handle unsafe.Pointer, err error) { ++ // As Windows generally does not ship with a system OpenSSL library, let ++ // alone a FIPS 140 certified one, use the default library search order so ++ // that we preferentially load the DLL bundled with the application. ++ h, err := syscall.LoadLibrary(file) ++ if err != nil { ++ return nil, &dlopenError{file: file, err: err} + } ++ return unsafe.Pointer(h), nil +} + -+// XORKeyStream sets dst to the result of XORing src with the key stream. -+func (c *RC4Cipher) XORKeyStream(dst, src []byte) { -+ if c.ctx == nil || len(src) == 0 { -+ return -+ } -+ if inexactOverlap(dst[:len(src)], src) { -+ panic("crypto/rc4: invalid buffer overlap") -+ } -+ // Ensures `dst` has sufficient space. -+ _ = dst[len(src)-1] -+ var outLen int -+ status := commoncrypto.CCCryptorUpdate( -+ c.ctx, -+ src, // Input -+ dst, // Output -+ &outLen, -+ ) -+ if status != commoncrypto.KCCSuccess { -+ panic("crypto/cipher: CCCryptorUpdate failed") -+ } -+ if int(outLen) != len(src) { -+ panic("crypto/rc4: src not fully XORed") -+ } -+ runtime.KeepAlive(c) ++func dlclose(handle unsafe.Pointer) error { ++ return syscall.FreeLibrary(syscall.Handle(handle)) +} -diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/osslsetup.go b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/osslsetup.go new file mode 100644 -index 00000000000000..8e25affa681753 +index 00000000000000..189335d93c80f8 --- /dev/null -+++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go -@@ -0,0 +1,208 @@ ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/osslsetup.go +@@ -0,0 +1,109 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + -+//go:build darwin -+ -+package xcrypto ++package osslsetup + +import ( -+ "crypto" + "errors" -+ "hash" -+ "runtime" + "strconv" -+ "unsafe" ++ "sync" ++ "syscall" + -+ "github.com/microsoft/go-crypto-darwin/internal/security" ++ "github.com/microsoft/go-crypto-openssl/internal/ossl" +) + -+// GenerateKeyRSA generates an RSA key pair on macOS. -+// asn1Data is encoded as PKCS#1 ASN1 DER. -+func GenerateKeyRSA(bits int) (asn1Data []byte, err error) { -+ privKeyDER, privKeyRef, err := createSecKeyRandom(security.KSecAttrKeyTypeRSA, bits) -+ if err != nil { -+ return nil, err -+ } -+ security.CFRelease(security.CFTypeRef(privKeyRef)) -+ return privKeyDER, nil -+} -+ -+type PublicKeyRSA struct { -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey security.SecKeyRef -+} -+ -+func (k *PublicKeyRSA) finalize() { -+ if k._pkey != nil { -+ security.CFRelease(security.CFTypeRef(k._pkey)) -+ } -+} -+ -+// NewPublicKeyRSA creates a new RSA public key from ASN1 DER encoded data. -+func NewPublicKeyRSA(asn1Data []byte) (*PublicKeyRSA, error) { -+ pubKeyRef, err := createSecKeyWithData(asn1Data, security.KSecAttrKeyTypeRSA, security.KSecAttrKeyClassPublic) -+ if err != nil { -+ return nil, err -+ } -+ -+ key := &PublicKeyRSA{_pkey: pubKeyRef} -+ runtime.SetFinalizer(key, (*PublicKeyRSA).finalize) -+ return key, nil -+} ++var ( ++ vMajor, vMinor, vPatch int ++) + -+func (k *PublicKeyRSA) withKey(f func(security.SecKeyRef) error) error { -+ // Because of the finalizer, any time key is passed to cgo, that call must -+ // be followed by a call to runtime.KeepAlive, to make sure k is not -+ // collected (and finalized) before the cgo call returns. -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) -+} ++// testedMajors lists the OpenSSL major versions this backend has been ++// tested against. [openLibrary] rejects majors not in this list unless ++// GODEBUG=ms_opensslallowuntested=1 is set. OpenSSL 1 is supported only ++// at 1.1.1+; that minor/patch constraint is enforced separately in ++// [openLibrary]. ++var testedMajors = [...]int{1, 3, 4} + -+type PrivateKeyRSA struct { -+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. -+ _pkey security.SecKeyRef -+} ++// allowUntestedMajor reports whether the user has set ++// GODEBUG=ms_opensslallowuntested=1. The "ms_" prefix marks this as a ++// Microsoft-defined GODEBUG so it will not collide with upstream Go. ++var allowUntestedMajor = sync.OnceValue(func() bool { ++ godebug, _ := syscall.Getenv("GODEBUG") ++ return godebugAllowUntested(godebug) ++}) + -+func (k *PrivateKeyRSA) finalize() { -+ if k._pkey != nil { -+ security.CFRelease(security.CFTypeRef(k._pkey)) ++// godebugAllowUntested reports whether the comma-separated GODEBUG string ++// contains ms_opensslallowuntested=1. Matches internal/godebug parsing: ++// no whitespace trimming. ++func godebugAllowUntested(godebug string) bool { ++ const key = "ms_opensslallowuntested=1" ++ var start int = 0 ++ for i := 0; i <= len(godebug); i++ { ++ if i < len(godebug) && godebug[i] != ',' { ++ continue ++ } ++ if godebug[start:i] == key { ++ return true ++ } ++ start = i + 1 + } ++ return false +} + -+// NewPrivateKeyRSA creates a new RSA private key from ASN1 DER encoded data. -+func NewPrivateKeyRSA(asn1Data []byte) (*PrivateKeyRSA, error) { -+ privKeyRef, err := createSecKeyWithData(asn1Data, security.KSecAttrKeyTypeRSA, security.KSecAttrKeyClassPrivate) -+ if err != nil { -+ return nil, err -+ } -+ -+ key := &PrivateKeyRSA{_pkey: privKeyRef} -+ runtime.SetFinalizer(key, (*PrivateKeyRSA).finalize) -+ return key, nil ++func VersionMajor() int { ++ return vMajor +} + -+func (k *PrivateKeyRSA) PublicKey() *PublicKeyRSA { -+ var pubKeyRef security.SecKeyRef -+ k.withKey(func(key security.SecKeyRef) error { -+ pubKeyRef = security.SecKeyCopyPublicKey(k._pkey) -+ return nil -+ }) -+ pubKey := &PublicKeyRSA{_pkey: pubKeyRef} -+ runtime.SetFinalizer(pubKey, (*PublicKeyRSA).finalize) -+ return pubKey ++func VersionMinor() int { ++ return vMinor +} + -+func (k *PrivateKeyRSA) withKey(f func(security.SecKeyRef) error) error { -+ // Because of the finalizer, any time _pkey is passed to cgo, that call must -+ // be followed by a call to runtime.KeepAlive, to make sure k is not -+ // collected (and finalized) before the cgo call returns. -+ defer runtime.KeepAlive(k) -+ return f(k._pkey) ++func VersionPatch() int { ++ return vPatch +} + -+// DecryptRSAOAEP decrypts data using RSA-OAEP. -+func DecryptRSAOAEP(h hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { -+ if len(label) > 0 { -+ // https://github.com/microsoft/go-crypto-darwin/issues/22 -+ panic("crypto/rsa: label is not supported on macOS") -+ } -+ return evpDecrypt(priv.withKey, algorithmTypeOAEP, ciphertext, h) ++func utoa(n int) string { ++ return strconv.FormatUint(uint64(n), 10) +} + -+// EncryptRSAOAEP encrypts data using RSA-OAEP. -+func EncryptRSAOAEP(h hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) { -+ if len(label) > 0 { -+ // https://github.com/microsoft/go-crypto-darwin/issues/22 -+ panic("crypto/rsa: label is not supported on macOS") -+ } -+ return evpEncrypt(pub.withKey, algorithmTypeOAEP, msg, h) ++func errUnsupportedVersion() error { ++ return errors.New("openssl: unsupported OpenSSL version: " + utoa(vMajor) + "." + utoa(vMinor) + "." + utoa(vPatch) + " (minimum supported version is 1.1.1)") +} + -+// SignRSAPSS signs data with RSA-PSS. -+func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { -+ return evpSign(priv.withKey, algorithmTypePSS, h, hashed) -+} ++var ( ++ initOnce sync.Once ++ initErr error ++) + -+// VerifyRSAPSS verifies data with RSA-PSS. -+func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { -+ return evpVerify(pub.withKey, algorithmTypePSS, h, hashed, sig) ++// Init loads and initializes OpenSSL from the shared library at path. ++// It must be called before any other OpenSSL call, except CheckVersion. ++// ++// Only the first call to Init is effective. ++// Subsequent calls will return the same error result as the one from the first call. ++// ++// The file is passed to dlopen() verbatim to load the OpenSSL shared library. ++// For example, `file=libcrypto.so.1.1.1k-fips` makes Init look for the shared ++// library libcrypto.so.1.1.1k-fips. ++func Init(file string) error { ++ initOnce.Do(func() { ++ initErr = opensslInit(file) ++ }) ++ return initErr +} + -+func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { -+ return evpSign(priv.withKey, algorithmTypePKCS1v15Sig, h, hashed) ++// VersionText returns the version text of the OpenSSL currently loaded. ++func VersionText() string { ++ return goString(ossl.OpenSSL_version(0)) +} + -+func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { -+ if pub.withKey(func(key security.SecKeyRef) error { -+ size := security.SecKeyGetBlockSize(key) -+ if len(sig) < int(size) { -+ return errors.New("crypto/rsa: signature too short") -+ } -+ return nil -+ }) != nil { -+ return errors.New("crypto/rsa: verification error") ++// CheckVersion checks if the OpenSSL version can be loaded ++// and if the FIPS mode is enabled. ++// This function can be called before Init. ++// All OpenSSL functions used in here should be tagged with "init_1" or "init_3" in shims.h. ++func CheckVersion(version string) (exists, fips bool) { ++ close, err := initForCheckVersion(version) ++ if err != nil { ++ return false, false + } -+ return evpVerify(pub.withKey, algorithmTypePKCS1v15Sig, h, hashed, sig) -+} -+ -+// DecryptRSAPKCS1 decrypts data using RSA PKCS#1 v1.5 padding. -+func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ return evpDecrypt(priv.withKey, algorithmTypePKCS1v15Enc, ciphertext, nil) ++ defer close() ++ return true, FIPS() +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/osslsetup_cgo.go b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/osslsetup_cgo.go +new file mode 100644 +index 00000000000000..079fbceb2cdc56 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/osslsetup_cgo.go +@@ -0,0 +1,12 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+// EncryptRSAPKCS1 encrypts data using RSA PKCS#1 v1.5 padding. -+func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) { -+ return evpEncrypt(pub.withKey, algorithmTypePKCS1v15Enc, msg, nil) -+} ++package osslsetup + -+func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ return evpDecrypt(priv.withKey, algorithmTypeRAW, ciphertext, nil) -+} ++import "C" ++import "unsafe" + -+func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) { -+ return evpEncrypt(pub.withKey, algorithmTypeRAW, msg, nil) ++// goString converts a C string pointer to a Go string for cgo mode ++func goString(ptr *byte) string { ++ return C.GoString((*C.char)(unsafe.Pointer(ptr))) +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/osslsetup_nocgo.go b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/osslsetup_nocgo.go +new file mode 100644 +index 00000000000000..fe075ff0822c29 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/osslsetup/osslsetup_nocgo.go +@@ -0,0 +1,24 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. + -+// Helper functions ++//go:build !cgo + -+type cfError struct { -+ code int -+ message string -+} ++package osslsetup + -+func (e *cfError) Error() string { -+ if e.message == "" { -+ return "CFError(" + strconv.Itoa(e.code) + "): unknown error" -+ } -+ return "CFError(" + strconv.Itoa(e.code) + "): " + e.message -+} ++import "unsafe" + -+func goCFErrorRef(ref security.CFErrorRef) error { -+ if ref == nil { -+ return nil ++// goString converts a C string pointer to a Go string for nocgo mode ++func goString(ptr *byte) string { ++ if ptr == nil { ++ return "" + } -+ var message string -+ if desc := security.CFErrorCopyDescription(ref); desc != nil { -+ defer security.CFRelease(security.CFTypeRef(desc)) -+ if cstr := security.CFStringGetCStringPtr(desc, security.KCFStringEncodingUTF8); cstr != nil { -+ message = string(cstrBytes(cstr)) ++ var result []byte ++ for i := 0; ; i++ { ++ b := *(*byte)(unsafe.Pointer(uintptr(unsafe.Pointer(ptr)) + uintptr(i))) ++ if b == 0 { ++ break + } ++ result = append(result, b) + } -+ return &cfError{ -+ code: int(security.CFErrorGetCode(ref)), -+ message: message, -+ } -+} -+ -+// cstrBytes returns a byte slice containing the contents of the C string -+// pointed to by p. The slice does not include the terminating null byte. -+func cstrBytes(p *byte) []byte { -+ if p == nil { -+ return nil -+ } -+ end := unsafe.Pointer(p) -+ for *(*byte)(end) != 0 { -+ end = unsafe.Add(end, 1) -+ } -+ return unsafe.Slice((*byte)(unsafe.Pointer(p)), uintptr(end)-uintptr(unsafe.Pointer(p))) ++ return string(result) +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/LICENSE b/src/vendor/github.com/microsoft/go-crypto-winnative/LICENSE new file mode 100644 @@ -39977,17 +39833,10 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index d72017d2a43c1e..f352d97e430e89 100644 +index d72017d2a43c1e..277d1992ac034f 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,26 @@ -+# github.com/golang-fips/openssl/v2 v2.0.4-0.20260514124455-0301bcb6ccce -+## explicit; go 1.25 -+github.com/golang-fips/openssl/v2 -+github.com/golang-fips/openssl/v2/bbig -+github.com/golang-fips/openssl/v2/internal/fakecgo -+github.com/golang-fips/openssl/v2/internal/ossl -+github.com/golang-fips/openssl/v2/osslsetup +# github.com/microsoft/go-crypto-darwin v0.0.3-0.20260512212935-d0ce8397e44b +## explicit; go 1.25 +github.com/microsoft/go-crypto-darwin/bbig @@ -39997,6 +39846,13 @@ index d72017d2a43c1e..f352d97e430e89 100644 +github.com/microsoft/go-crypto-darwin/internal/security +github.com/microsoft/go-crypto-darwin/internal/xsyscall +github.com/microsoft/go-crypto-darwin/xcrypto ++# github.com/microsoft/go-crypto-openssl v0.0.0-20260521090922-bd6798f35c69 ++## explicit; go 1.25 ++github.com/microsoft/go-crypto-openssl/bbig ++github.com/microsoft/go-crypto-openssl/internal/fakecgo ++github.com/microsoft/go-crypto-openssl/internal/ossl ++github.com/microsoft/go-crypto-openssl/openssl ++github.com/microsoft/go-crypto-openssl/osslsetup +# github.com/microsoft/go-crypto-winnative v0.0.0-20260512074019-00d811a4aefe +## explicit; go 1.25 +github.com/microsoft/go-crypto-winnative/cng diff --git a/patches/0003-Implement-crypto-internal-backend.patch b/patches/0003-Implement-crypto-internal-backend.patch index 722be26c37..64788cf88b 100644 --- a/patches/0003-Implement-crypto-internal-backend.patch +++ b/patches/0003-Implement-crypto-internal-backend.patch @@ -1187,7 +1187,7 @@ index 00000000000000..73830cae246cbd +} diff --git a/src/crypto/internal/backend/backend_linux.go b/src/crypto/internal/backend/backend_linux.go new file mode 100644 -index 00000000000000..7a832bd68754df +index 00000000000000..c9131d096ec32d --- /dev/null +++ b/src/crypto/internal/backend/backend_linux.go @@ -0,0 +1,434 @@ @@ -1212,7 +1212,7 @@ index 00000000000000..7a832bd68754df + "errors" + "hash" + -+ "github.com/golang-fips/openssl/v2" ++ "github.com/microsoft/go-crypto-openssl/openssl" +) + +// Enabled controls whether FIPS crypto is enabled. @@ -2178,7 +2178,7 @@ index 00000000000000..889f2ff7c703d8 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/bbig/big_linux.go b/src/crypto/internal/backend/bbig/big_linux.go new file mode 100644 -index 00000000000000..8a133422f20fa0 +index 00000000000000..1b515fe6244a52 --- /dev/null +++ b/src/crypto/internal/backend/bbig/big_linux.go @@ -0,0 +1,12 @@ @@ -2190,7 +2190,7 @@ index 00000000000000..8a133422f20fa0 + +package bbig + -+import "github.com/golang-fips/openssl/v2/bbig" ++import "github.com/microsoft/go-crypto-openssl/bbig" + +var Enc = bbig.Enc +var Dec = bbig.Dec @@ -2569,7 +2569,7 @@ index 00000000000000..606a2db4dd685f +} diff --git a/src/crypto/internal/backend/fips140/systemfips_linux.go b/src/crypto/internal/backend/fips140/systemfips_linux.go new file mode 100644 -index 00000000000000..19cafc156fbc5d +index 00000000000000..2c65c264dc84e1 --- /dev/null +++ b/src/crypto/internal/backend/fips140/systemfips_linux.go @@ -0,0 +1,59 @@ @@ -2585,7 +2585,7 @@ index 00000000000000..19cafc156fbc5d + _ "crypto/internal/backend/internal/opensslsetup" + "syscall" + -+ "github.com/golang-fips/openssl/v2/osslsetup" ++ "github.com/microsoft/go-crypto-openssl/osslsetup" +) + +const backendEnabled = true @@ -2675,7 +2675,7 @@ index 00000000000000..a705e7bc4fc536 +} diff --git a/src/crypto/internal/backend/internal/opensslsetup/opensslsetup_linux.go b/src/crypto/internal/backend/internal/opensslsetup/opensslsetup_linux.go new file mode 100644 -index 00000000000000..968cdf35985f80 +index 00000000000000..350c8ee7fa2bc6 --- /dev/null +++ b/src/crypto/internal/backend/internal/opensslsetup/opensslsetup_linux.go @@ -0,0 +1,68 @@ @@ -2693,7 +2693,7 @@ index 00000000000000..968cdf35985f80 +import ( + "syscall" + -+ "github.com/golang-fips/openssl/v2/osslsetup" ++ "github.com/microsoft/go-crypto-openssl/osslsetup" +) + +// knownVersions is a list of supported and well-known libcrypto.so suffixes in decreasing version order. @@ -3323,7 +3323,7 @@ index 02b52e2ab9c296..7794e12bc86890 100644 < github.com/microsoft/go-crypto-winnative/internal/sysdll < github.com/microsoft/go-crypto-winnative/internal/bcrypt; -+ github.com/golang-fips/openssl/v2/osslsetup ++ github.com/microsoft/go-crypto-openssl/osslsetup + < crypto/internal/backend/internal/opensslsetup + < crypto/internal/backend/fips140; + @@ -3334,7 +3334,7 @@ index 02b52e2ab9c296..7794e12bc86890 100644 github.com/microsoft/go-crypto-winnative/internal/bcrypt < github.com/microsoft/go-crypto-winnative/cng; -+ github.com/golang-fips/openssl/v2, ++ github.com/microsoft/go-crypto-openssl/openssl, + github.com/microsoft/go-crypto-winnative/cng, + github.com/microsoft/go-crypto-darwin/xcrypto, + crypto/internal/backend/fips140, @@ -3355,7 +3355,7 @@ index 02b52e2ab9c296..7794e12bc86890 100644 + + CRYPTO, FMT, math/big, internal/saferio, + crypto/internal/boring/bbig, -+ github.com/golang-fips/openssl/v2/bbig, ++ github.com/microsoft/go-crypto-openssl/bbig, + github.com/microsoft/go-crypto-darwin/bbig, + github.com/microsoft/go-crypto-winnative/cng/bbig + < crypto/internal/backend/bbig diff --git a/patches/0004-Use-crypto-backends.patch b/patches/0004-Use-crypto-backends.patch index 5e77f23aa5..4a2219ae21 100644 --- a/patches/0004-Use-crypto-backends.patch +++ b/patches/0004-Use-crypto-backends.patch @@ -245,7 +245,7 @@ index acbebf28598a9c..5f6d8a91ea384c 100644 *mode = BuildModePIE default: diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go -index 9cbc12919f1d00..f61d9515e4d3b0 100644 +index 9cbc12919f1d00..e64a9c5299e95a 100644 --- a/src/cmd/link/internal/ld/lib.go +++ b/src/cmd/link/internal/ld/lib.go @@ -1177,6 +1177,12 @@ var hostobj []Hostobj @@ -255,9 +255,9 @@ index 9cbc12919f1d00..f61d9515e4d3b0 100644 + "vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit", + "vendor/github.com/microsoft/go-crypto-darwin/internal/commoncrypto", + "vendor/github.com/microsoft/go-crypto-darwin/internal/security", -+ "vendor/github.com/golang-fips/openssl/v2/internal/ossl", -+ "vendor/github.com/golang-fips/openssl/v2/osslsetup", -+ "vendor/github.com/golang-fips/openssl/v2", ++ "vendor/github.com/microsoft/go-crypto-openssl/internal/ossl", ++ "vendor/github.com/microsoft/go-crypto-openssl/osslsetup", ++ "vendor/github.com/microsoft/go-crypto-openssl/openssl", "crypto/internal/boring", "crypto/internal/boring/syso", "crypto/x509", From f2e887d78ab780812af96c51a6c863315f151387 Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 21 May 2026 11:34:46 +0100 Subject: [PATCH 2/4] update docs references --- eng/doc/fips/README.md | 5 ++--- eng/doc/fips/UserGuide.md | 6 ++++-- ...03-Implement-crypto-internal-backend.patch | 19 ++++++++++--------- patches/0004-Use-crypto-backends.patch | 2 +- 4 files changed, 17 insertions(+), 15 deletions(-) diff --git a/eng/doc/fips/README.md b/eng/doc/fips/README.md index 837147e174..1514904a9f 100644 --- a/eng/doc/fips/README.md +++ b/eng/doc/fips/README.md @@ -36,7 +36,7 @@ The Microsoft build of Go modifies the Go runtime to call into a platform-provid Depending on the platform, this is done using cgo or syscalls. This allows Go programs to use a platform-provided FIPS 140 certified crypto library. -On Linux, the fork uses [OpenSSL](https://www.openssl.org/) through the [golang-fips/openssl] module. On Windows, [CNG](https://docs.microsoft.com/en-us/windows/win32/seccng/about-cng), using [go-crypto-winnative]. On macOS, [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) using [go-crypto-darwin]. Similar to BoringSSL, certain OpenSSL, CNG and CommonCrypto/CryptoKit versions are FIPS 140 certified. +On Linux, the fork uses [OpenSSL](https://www.openssl.org/) through the [golang-crypto-openssl] module. On Windows, [CNG](https://docs.microsoft.com/en-us/windows/win32/seccng/about-cng), using [go-crypto-winnative]. On macOS, [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) using [go-crypto-darwin]. Similar to BoringSSL, certain OpenSSL, CNG and CommonCrypto/CryptoKit versions are FIPS 140 certified. > [!IMPORTANT] > An application built with Microsoft's Go toolchain and running in FIPS compatible mode is not FIPS compliant _per-se_. @@ -385,7 +385,7 @@ On Linux, the Go runtime supports multiple OpenSSL versions. It discovers and pi Not all OpenSSL versions are supported. OpenSSL does not maintain ABI compatibility between different releases, even if only the patch version is increased, it needs specific attention to implement support. The relative importance of each version also results in a different amount of automated testing that has been implemented for various supported version. These are supported versions and the amount of automated validation for each one: - OpenSSL 1.1.1: the Microsoft CI builds official releases and runs the Go toolset test suite with this version. -- OpenSSL 1.1.0, 1.1.1, and 3.0.2: the [golang-fips/openssl] and [go-crypto-openssl] repository CI tests basic operation, but not the integration with the Go runtime. +- OpenSSL 1.1.0, 1.1.1, and 3.0.2: the [go-crypto-openssl] repository CI tests basic operation, but not the integration with the Go runtime. - Prior to Go 1.25, this list includes 1.0.2. Versions not listed above are not supported at all. @@ -560,7 +560,6 @@ See the [Microsoft build of Go 1.24 FIPS changes](https://devblogs.microsoft.com - For historical information about Go 1.16-1.18, see [the FIPS documentation in the 1.20 release branch](https://github.com/microsoft/go/tree/microsoft/release-branch.go1.20/eng/doc/fips). It includes details about FIPS in 1.18 and the changes in 1.19. [go-crypto-openssl]: https://github.com/microsoft/go-crypto-openssl -[golang-fips/openssl]: https://github.com/golang-fips/openssl [go-crypto-winnative]: https://github.com/microsoft/go-crypto-winnative [go-crypto-darwin]: https://github.com/microsoft/go-crypto-darwin [dlopen]: https://man7.org/linux/man-pages/man3/dlopen.3.html diff --git a/eng/doc/fips/UserGuide.md b/eng/doc/fips/UserGuide.md index be7efb77bf..34b845811a 100644 --- a/eng/doc/fips/UserGuide.md +++ b/eng/doc/fips/UserGuide.md @@ -97,12 +97,14 @@ The Go crypto documentation is available online at https://pkg.go.dev/crypto. ## The Microsoft build of Go crypto backends -The OpenSSL backend uses [golang-fips/openssl]. +The OpenSSL backend uses [go-crypto-openssl]. The CNG backend uses [go-crypto-winnative]. +The CommonCrypto/CryptoKit backend uses [go-crypto-darwin]. For more general information about the backends, such as how to enable them, see the [Microsoft build of Go FIPS README](./README.md). -[golang-fips/openssl]: https://github.com/golang-fips/openssl +[go-crypto-openssl]: https://github.com/microsoft/go-crypto-openssl [go-crypto-winnative]: https://github.com/microsoft/go-crypto-winnative +[go-crypto-darwin]: https://github.com/microsoft/go-crypto-darwin > [!NOTE] > The CNG backend uses a module called "bcrypt" to interact with CNG. diff --git a/patches/0003-Implement-crypto-internal-backend.patch b/patches/0003-Implement-crypto-internal-backend.patch index 64788cf88b..c353312ea7 100644 --- a/patches/0003-Implement-crypto-internal-backend.patch +++ b/patches/0003-Implement-crypto-internal-backend.patch @@ -25,7 +25,7 @@ desired goexperiments and build tags. src/cmd/link/internal/ld/main.go | 2 +- src/cmd/link/link_test.go | 8 + src/crypto/internal/backend/backend_darwin.go | 442 ++++++++++++++++++ - src/crypto/internal/backend/backend_linux.go | 434 +++++++++++++++++ + src/crypto/internal/backend/backend_linux.go | 435 +++++++++++++++++ src/crypto/internal/backend/backend_test.go | 56 +++ .../internal/backend/backend_windows.go | 442 ++++++++++++++++++ src/crypto/internal/backend/bbig/big.go | 17 + @@ -54,7 +54,7 @@ desired goexperiments and build tags. src/go/build/deps_test.go | 24 +- src/internal/buildcfg/exp.go | 48 +- src/runtime/runtime_boring.go | 5 + - 45 files changed, 2853 insertions(+), 27 deletions(-) + 45 files changed, 2854 insertions(+), 27 deletions(-) create mode 100644 src/cmd/go/systemcrypto_test.go create mode 100644 src/crypto/internal/backend/backend_darwin.go create mode 100644 src/crypto/internal/backend/backend_linux.go @@ -1187,10 +1187,10 @@ index 00000000000000..73830cae246cbd +} diff --git a/src/crypto/internal/backend/backend_linux.go b/src/crypto/internal/backend/backend_linux.go new file mode 100644 -index 00000000000000..c9131d096ec32d +index 00000000000000..a28f644c950f86 --- /dev/null +++ b/src/crypto/internal/backend/backend_linux.go -@@ -0,0 +1,434 @@ +@@ -0,0 +1,435 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -1213,6 +1213,7 @@ index 00000000000000..c9131d096ec32d + "hash" + + "github.com/microsoft/go-crypto-openssl/openssl" ++ "github.com/microsoft/go-crypto-openssl/osslsetup" +) + +// Enabled controls whether FIPS crypto is enabled. @@ -1225,13 +1226,13 @@ index 00000000000000..c9131d096ec32d + // but they configure OpenSSL to use a FIPS-compliant provider (in the case of Azure Linux 3, the SCOSSL provider). + // In this cases, openssl.FIPS would return `false` and openssl.FIPSCapable would return `true`. + // We don't care about the `fips=yes` property as long as the provider is FIPS-compliant, so use -+ // openssl.FIPSCapable to determine whether FIPS mode is enabled. -+ if err := fips140.Check(func() bool { return openssl.FIPSCapable() }); err != nil { ++ // osslsetup.FIPS to determine whether FIPS mode is enabled. ++ if err := fips140.Check(func() bool { return osslsetup.FIPS() }); err != nil { + // This path can be reached for the following reasons: + // - In OpenSSL 1, the active engine doesn't support FIPS mode. + // - In OpenSSL 1, the active engine supports FIPS mode, but it is not enabled. + // - In OpenSSL 3, the provider used by default doesn't match the `fips=yes` query. -+ panic("opensslcrypto: " + err.Error() + ": " + openssl.VersionText()) ++ panic("opensslcrypto: " + err.Error() + ": " + osslsetup.VersionText()) + } + sig.BoringCrypto() + fips140only.BackendApprovedHash = FIPSApprovedHash @@ -1444,7 +1445,7 @@ index 00000000000000..c9131d096ec32d +} + +func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { -+ return openssl.ExpandHKDFOneShot(h, pseudorandomKey, info, keyLength) ++ return openssl.ExpandHKDF(h, pseudorandomKey, info, keyLength) +} + +func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { @@ -3307,7 +3308,7 @@ index 00000000000000..7500bd3a86472b + ` +} diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 02b52e2ab9c296..7794e12bc86890 100644 +index 504426b5fe97f2..a8aee3a4bccda3 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -368,7 +368,7 @@ var depsRules = ` diff --git a/patches/0004-Use-crypto-backends.patch b/patches/0004-Use-crypto-backends.patch index 4a2219ae21..131d7d110a 100644 --- a/patches/0004-Use-crypto-backends.patch +++ b/patches/0004-Use-crypto-backends.patch @@ -207,7 +207,7 @@ index 4aaf46b5d0f0dc..ec58a217400caa 100644 env GO111MODULE=off +# Disable systemcrypto while evaluating test dependencies to avoid importing -+# vendored crypto module dependencies like golang-fips/openssl. This test script ++# vendored crypto module dependencies like go-crypto-openssl. This test script +# is not set up to handle any vendored libraries being imported other than +# golang.org/x/net/http2/hpack, so we must make sure it is the only one. +# From 17390259d3d31a76d62644b9407e584ad27ede5e Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 21 May 2026 12:16:36 +0100 Subject: [PATCH 3/4] fix deps test --- patches/0001-Vendor-external-dependencies.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/patches/0001-Vendor-external-dependencies.patch b/patches/0001-Vendor-external-dependencies.patch index 2ab87f5795..dcf188c836 100644 --- a/patches/0001-Vendor-external-dependencies.patch +++ b/patches/0001-Vendor-external-dependencies.patch @@ -2392,7 +2392,7 @@ index 25cb06182cae3d..02b52e2ab9c296 100644 var imports []string var haveImport = map[string]bool{} - if pkg == "crypto/internal/boring" { -+ if pkg == "crypto/internal/boring" || strings.HasPrefix(pkg, "github.com/microsoft/go-crypto-openssl/openssl") || strings.HasPrefix(pkg, "github.com/microsoft/go-crypto-darwin") { ++ if pkg == "crypto/internal/boring" || strings.HasPrefix(pkg, "github.com/microsoft/go-crypto-openssl") || strings.HasPrefix(pkg, "github.com/microsoft/go-crypto-darwin") { haveImport["C"] = true // kludge: prevent C from appearing in crypto/internal/boring imports } fset := token.NewFileSet() @@ -2404,7 +2404,7 @@ index 7f6237ffd59c11..8f68bc361081f1 100644 "github.com/google/pprof", "github.com/ianlancetaylor/demangle", "rsc.io/markdown", -+ "github.com/golang-fips/openssl", ++ "github.com/microsoft/go-crypto-openssl", + "github.com/microsoft/go-crypto-winnative", + "github.com/microsoft/go-crypto-darwin", + "github.com/microsoft/go-infra/telemetry", From 71a069f728e186689c05061f92137e10b85b6945 Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 21 May 2026 12:20:18 +0100 Subject: [PATCH 4/4] fix docs link --- eng/doc/fips/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/doc/fips/README.md b/eng/doc/fips/README.md index 1514904a9f..6f766e6f43 100644 --- a/eng/doc/fips/README.md +++ b/eng/doc/fips/README.md @@ -36,7 +36,7 @@ The Microsoft build of Go modifies the Go runtime to call into a platform-provid Depending on the platform, this is done using cgo or syscalls. This allows Go programs to use a platform-provided FIPS 140 certified crypto library. -On Linux, the fork uses [OpenSSL](https://www.openssl.org/) through the [golang-crypto-openssl] module. On Windows, [CNG](https://docs.microsoft.com/en-us/windows/win32/seccng/about-cng), using [go-crypto-winnative]. On macOS, [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) using [go-crypto-darwin]. Similar to BoringSSL, certain OpenSSL, CNG and CommonCrypto/CryptoKit versions are FIPS 140 certified. +On Linux, the fork uses [OpenSSL](https://www.openssl.org/) through the [go-crypto-openssl] module. On Windows, [CNG](https://docs.microsoft.com/en-us/windows/win32/seccng/about-cng), using [go-crypto-winnative]. On macOS, [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) using [go-crypto-darwin]. Similar to BoringSSL, certain OpenSSL, CNG and CommonCrypto/CryptoKit versions are FIPS 140 certified. > [!IMPORTANT] > An application built with Microsoft's Go toolchain and running in FIPS compatible mode is not FIPS compliant _per-se_.