golang-fips
diff --git a/‎.github/workflows/test.yml
Lines changed: 36 additions & 0 deletions b/‎.github/workflows/test.yml
Lines changed: 36 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 1 addition & 3 deletions b/‎README.md
Lines changed: 1 addition & 3 deletions
diff --git a/‎aes.go
Lines changed: 1 addition & 1 deletion b/‎aes.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎aes_test.go
Lines changed: 0 additions & 2 deletions b/‎aes_test.go
Lines changed: 0 additions & 2 deletions
diff --git a/‎ec.go
Lines changed: 1 addition & 1 deletion b/‎ec.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎ecdh.go
Lines changed: 4 additions & 4 deletions b/‎ecdh.go
Lines changed: 4 additions & 4 deletions
diff --git a/‎ecdh_test.go
Lines changed: 0 additions & 2 deletions b/‎ecdh_test.go
Lines changed: 0 additions & 2 deletions
diff --git a/‎ecdsa.go
Lines changed: 1 addition & 1 deletion b/‎ecdsa.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎ecdsa_test.go
Lines changed: 0 additions & 2 deletions b/‎ecdsa_test.go
Lines changed: 0 additions & 2 deletions
diff --git a/‎evp.go
Lines changed: 4 additions & 5 deletions b/‎evp.go
Lines changed: 4 additions & 5 deletions
@@ -45,3 +45,39 @@ jobs:
         $ok
       env:
         GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
+  wintest:
+    runs-on: windows-2022
+    strategy:
+      fail-fast: false
+      matrix:
+        go-version: [1.20.x]
+        openssl-version: [libcrypto-1_1-x64.dll, libcrypto-3-x64.dll]
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: ${{ matrix.go-version }}
+    - name: Checkout code
+      uses: actions/checkout@v3
+    - name: Run Test
+      run: go test -gcflags=all=-d=checkptr -count 10 -v ./...
+      env:
+        GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
+  mactest:
+    strategy:
+      fail-fast: false
+      matrix:
+        go-version: [1.20.x]
+        openssl-version: [libcrypto.3.dylib]
+    runs-on: macos-12
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: ${{ matrix.go-version }}
+    - name: Checkout code
+      uses: actions/checkout@v3
+    - name: Run Test
+      run: go test -gcflags=all=-d=checkptr -count 10 -v ./...
+      env:
+        GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
@@ -50,9 +50,7 @@ This feature does not require any additional configuration, but it only works wi
 
 ## Limitations
 
-OpenSSL is used for a given build only in limited circumstances:
-
-- The platform must be `GOOS=linux`.
+- Only Unix, Unix-like and Windows platforms are supported.
 - The build must set `CGO_ENABLED=1`.
 
 ## Acknowledgements
 
@@ -1,4 +1,4 @@
-//go:build linux && !cmd_go_bootstrap
+//go:build !cmd_go_bootstrap
 
 package openssl
 
 
@@ -1,5 +1,3 @@
-//go:build linux
-
 package openssl
 
 import (
 
@@ -1,4 +1,4 @@
-//go:build linux && !cmd_go_bootstrap
+//go:build !cmd_go_bootstrap
 
 package openssl
 
 
@@ -1,4 +1,4 @@
-//go:build linux && !cmd_go_bootstrap
+//go:build !cmd_go_bootstrap
 
 package openssl
 
@@ -101,7 +101,7 @@ func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) {
 			return nil, newOpenSSLError("EVP_PKEY_get_octet_string_param")
 		}
 		bytes = C.GoBytes(unsafe.Pointer(cbytes), C.int(n))
-		C.free(unsafe.Pointer(cbytes))
+		cryptoFree(unsafe.Pointer(cbytes))
 	default:
 		panic(errUnsupportedVersion())
 	}
@@ -314,8 +314,8 @@ func GenerateKeyECDH(curve string) (*PrivateKeyECDH, []byte, error) {
 	// generating a private ECDH key.
 	bits := C.go_openssl_EVP_PKEY_get_bits(pkey)
 	bytes := make([]byte, (bits+7)/8)
-	if C.go_openssl_BN_bn2binpad(priv, base(bytes), C.int(len(bytes))) == 0 {
-		return nil, nil, newOpenSSLError("BN_bn2binpad")
+	if err := bnToBinPad(priv, bytes); err != nil {
+		return nil, nil, err
 	}
 	k = &PrivateKeyECDH{pkey, curve, true}
 	runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize)
 
@@ -1,5 +1,3 @@
-//go:build linux
-
 package openssl_test
 
 import (
 
@@ -1,4 +1,4 @@
-//go:build linux && !cmd_go_bootstrap
+//go:build !cmd_go_bootstrap
 
 package openssl
 
 
@@ -1,5 +1,3 @@
-//go:build linux
-
 package openssl_test
 
 import (
 
@@ -1,4 +1,4 @@
-//go:build linux && !cmd_go_bootstrap
+//go:build !cmd_go_bootstrap
 
 package openssl
 
@@ -197,12 +197,11 @@ func setupEVP(withKey withKeyFunc, padding C.int,
 			}
 		}
 		// ctx takes ownership of label, so malloc a copy for OpenSSL to free.
-		// OpenSSL 1.1.1 and higher does not take ownership of the label if the length is zero,
+		// OpenSSL does not take ownership of the label if the length is zero,
 		// so better avoid the allocation.
 		var clabel *C.uchar
 		if len(label) > 0 {
-			// Go guarantees C.malloc never returns nil.
-			clabel = (*C.uchar)(C.malloc(C.size_t(len(label))))
+			clabel = (*C.uchar)(cryptoMalloc(len(label)))
 			copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label)
 		}
 		var ret C.int
@@ -212,7 +211,7 @@ func setupEVP(withKey withKeyFunc, padding C.int,
 			ret = C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, C.GO_EVP_PKEY_RSA, -1, C.GO_EVP_PKEY_CTRL_RSA_OAEP_LABEL, C.int(len(label)), unsafe.Pointer(clabel))
 		}
 		if ret != 1 {
-			C.free(unsafe.Pointer(clabel))
+			cryptoFree(unsafe.Pointer(clabel))
 			return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl failed")
 		}
 	case C.GO_RSA_PKCS1_PSS_PADDING:
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-//go:build linux && !cmd_go_bootstrap`
	`1`	`+//go:build !cmd_go_bootstrap`
`2`	`2`
`3`	`3`	`package openssl`
`4`	`4`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,3 @@`
`1`		`-//go:build linux`
`2`		`-`
`3`	`1`	`package openssl`
`4`	`2`
`5`	`3`	`import (`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,3 @@`
`1`		`-//go:build linux`
`2`		`-`
`3`	`1`	`package openssl_test`
`4`	`2`
`5`	`3`	`import (`