From 798f80154102616f34492a1e339de7ed8652fbe7 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Fri, 23 Jan 2026 10:51:22 -0800 Subject: [PATCH] Copilot result: add any data in user guide missing from summary doc --- eng/_util/cmd/updatecryptodocs/docs.go | 33 +++++++++- eng/doc/CrossPlatformCryptography.md | 90 +++++++++++++++----------- 2 files changed, 86 insertions(+), 37 deletions(-) diff --git a/eng/_util/cmd/updatecryptodocs/docs.go b/eng/_util/cmd/updatecryptodocs/docs.go index 35545d2e36a..7679c83d3f7 100644 --- a/eng/_util/cmd/updatecryptodocs/docs.go +++ b/eng/_util/cmd/updatecryptodocs/docs.go @@ -181,6 +181,13 @@ var doc = Document{ Notes: []string{ "Supports only hash algorithms that are supported as standalone hash functions.", }, + Platforms: Platforms{ + Windows: PlatformStatus{ + Notes: []string{ + "The CNG backend does not support sha224.", + }, + }, + }, }, }, }, @@ -232,6 +239,7 @@ var doc = Document{ Linux: PlatformStatus{ Supported: Warn, Notes: []string{ + "OpenSSL does not provide DES implementations in FIPS mode.", "When using OpenSSL 3, requires the legacy provider to be enabled.", }, }, @@ -243,6 +251,7 @@ var doc = Document{ Linux: PlatformStatus{ Supported: Warn, Notes: []string{ + "OpenSSL does not provide DES implementations in FIPS mode.", "When using OpenSSL 3, requires the legacy provider to be enabled.", }, }, @@ -256,6 +265,7 @@ var doc = Document{ Linux: PlatformStatus{ Supported: Warn, Notes: []string{ + "Some OpenSSL distributions don't implement RC4 (e.g., OpenSSL 1.x with -DOPENSSL_NO_RC4).", "When using OpenSSL 3, requires the legacy provider to be enabled.", }, }, @@ -304,6 +314,7 @@ var doc = Document{ Name: "OAEP (SHA-2)", Notes: []string{ "Supports only hash algorithms that are [supported as standalone hash functions](#hash-and-message-authentication-algorithms).", + "Requires OAEPOptions.Hash to match OAEPOptions.MGFHash.", }, Platforms: Platforms{ MacOS: PlatformStatus{ @@ -317,6 +328,7 @@ var doc = Document{ Name: "OAEP (SHA-3)", Notes: []string{ "Supports only hash algorithms that are [supported as standalone hash functions](#hash-and-message-authentication-algorithms).", + "Requires OAEPOptions.Hash to match OAEPOptions.MGFHash.", }, MinGoVersion: "1.26", Platforms: Platforms{ @@ -462,16 +474,28 @@ var doc = Document{ Title: "Ed25519", ColumnHeader: "Schemes", Packages: []string{"crypto/ed25519"}, - Description: "Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader).", + DescriptionParagraphs: []string{ + "Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader).", + "The CNG backend and some old OpenSSL distributions don't support Ed25519.", + }, Items: []Item{ { Name: "Ed25519", Platforms: Platforms{ Windows: PlatformStatus{Supported: NotSupported}, + Linux: PlatformStatus{ + MinVersion: "1.1.1b", + Notes: []string{ + "Verify requires OpenSSL 1.1.1b or higher.", + }, + }, }, }, { Name: "Ed25519ctx", + Notes: []string{ + "Only opts.Hash == nil && opts.Context == \"\" is implemented using the OpenSSL backend.", + }, Platforms: Platforms{ Windows: PlatformStatus{Supported: NotSupported}, Linux: PlatformStatus{Supported: NotSupported}, @@ -480,6 +504,9 @@ var doc = Document{ }, { Name: "Ed25519ph", + Notes: []string{ + "Only opts.Hash == nil && opts.Context == \"\" is implemented using the OpenSSL backend.", + }, Platforms: Platforms{ Windows: PlatformStatus{Supported: NotSupported}, Linux: PlatformStatus{Supported: NotSupported}, @@ -671,6 +698,10 @@ var doc = Document{ "TLS Signature Schemes", "crypto/tls", }, + DescriptionParagraphs: []string{ + "Package tls will automatically use FIPS compliant primitives implemented in other crypto packages.", + "Since Go 1.22, the Microsoft build of Go runtime automatically enforces that tls only uses FIPS-approved settings when running in FIPS mode. Prior to Go 1.22, a program using tls must import the `crypto/tls/fipsonly` package to be compliant with these restrictions.", + }, Subsections: []Section{ { Title: "TLS Versions", diff --git a/eng/doc/CrossPlatformCryptography.md b/eng/doc/CrossPlatformCryptography.md index 17b727ccb1c..9d2a4b40196 100644 --- a/eng/doc/CrossPlatformCryptography.md +++ b/eng/doc/CrossPlatformCryptography.md @@ -75,7 +75,7 @@ This section includes the following packages: | SHAKE-256 | ✔️ | ✔️6 | ❌️ | | CSHAKE-128 | ✔️ | ❌️ | ❌️ | | CSHAKE-256 | ✔️ | ❌️ | ❌️ | -| HMAC7 | ✔️ | ✔️ | ✔️ | +| HMAC7 | ✔️8 | ✔️ | ✔️ | 1Available starting in the Microsoft build of Go 1.24. @@ -91,6 +91,8 @@ This section includes the following packages: 7Supports only hash algorithms that are supported as standalone hash functions. +8The CNG backend does not support sha224. + ## Symmetric encryption This section includes the following packages: @@ -100,23 +102,27 @@ This section includes the following packages: - [crypto/des](https://pkg.go.dev/crypto/des) - [crypto/rc4](https://pkg.go.dev/crypto/rc4) -| Cipher + Mode | Windows | Linux | macOS | -| ------------------- | ------- | -------------- | ----- | -| AES-ECB | ✔️ | ✔️ | ✔️ | -| AES-CBC | ✔️ | ✔️ | ✔️ | -| AES-CTR | ❌️ | ✔️ | ❌️ | -| AES-CFB | ❌️ | ❌️ | ❌️ | -| AES-OFB | ❌️ | ❌️ | ❌️ | -| AES-GCM1 | ✔️ | ✔️ | ✔️ | -| DES-CBC | ✔️ | ⚠️2 | ✔️ | -| DES-ECB | ✔️ | ⚠️2 | ✔️ | -| 3DES-ECB | ✔️ | ✔️ | ✔️ | -| 3DES-CBC | ✔️ | ✔️ | ✔️ | -| RC4 | ✔️ | ⚠️2 | ✔️ | +| Cipher + Mode | Windows | Linux | macOS | +| ------------------- | ------- | ---------------- | ----- | +| AES-ECB | ✔️ | ✔️ | ✔️ | +| AES-CBC | ✔️ | ✔️ | ✔️ | +| AES-CTR | ❌️ | ✔️ | ❌️ | +| AES-CFB | ❌️ | ❌️ | ❌️ | +| AES-OFB | ❌️ | ❌️ | ❌️ | +| AES-GCM1 | ✔️ | ✔️ | ✔️ | +| DES-CBC | ✔️ | ⚠️2,3 | ✔️ | +| DES-ECB | ✔️ | ⚠️2,3 | ✔️ | +| 3DES-ECB | ✔️ | ✔️ | ✔️ | +| 3DES-CBC | ✔️ | ✔️ | ✔️ | +| RC4 | ✔️ | ⚠️3,4 | ✔️ | 1AES-GCM supports specific keys, nonces, and tags: -2When using OpenSSL 3, requires the legacy provider to be enabled. +2OpenSSL does not provide DES implementations in FIPS mode. + +3When using OpenSSL 3, requires the legacy provider to be enabled. + +4Some OpenSSL distributions don't implement RC4 (e.g., OpenSSL 1.x with -DOPENSSL_NO_RC4). - Key Sizes @@ -158,35 +164,37 @@ Operations that require random numbers (rand io.Reader) only support [rand.Reade | -------------------------------------- | ---------------- | -------------- | -------------- | | OAEP (MD5) | ✔️ | ✔️ | ✔️1 | | OAEP (SHA-1) | ✔️ | ✔️ | ✔️1 | -| OAEP (SHA-2)2 | ✔️ | ✔️ | ✔️1 | -| OAEP (SHA-3)2,3 | ✔️ | ✔️ | ❌️ | -| PSS (MD5) | ✔️4 | ✔️ | ❌️ | -| PSS (SHA-1) | ✔️4 | ✔️ | ✔️5 | -| PSS (SHA-2)2 | ✔️4 | ✔️ | ✔️5 | -| PSS (SHA-3)2 | ✔️3 | ✔️ | ❌️ | +| OAEP (SHA-2)2,3 | ✔️ | ✔️ | ✔️1 | +| OAEP (SHA-3)2,3,4 | ✔️ | ✔️ | ❌️ | +| PSS (MD5) | ✔️5 | ✔️ | ❌️ | +| PSS (SHA-1) | ✔️5 | ✔️ | ✔️6 | +| PSS (SHA-2)2 | ✔️5 | ✔️ | ✔️6 | +| PSS (SHA-3)2 | ✔️4 | ✔️ | ❌️ | | PKCS1v15 Signature (Unhashed) | ✔️ | ✔️ | ✔️ | -| PKCS1v15 Signature (RIPMED160) | ❌️ | ✔️6 | ❌️ | +| PKCS1v15 Signature (RIPMED160) | ❌️ | ✔️7 | ❌️ | | PKCS1v15 Signature (MD5) | ✔️ | ✔️ | ❌️ | -| PKCS1v15 Signature (MD5-SHA1) | ✔️6 | ✔️6 | ❌️ | +| PKCS1v15 Signature (MD5-SHA1) | ✔️7 | ✔️7 | ❌️ | | PKCS1v15 Signature (SHA-1) | ✔️ | ✔️ | ✔️ | | PKCS1v15 Signature (SHA-2)2 | ✔️ | ✔️ | ✔️ | -| PKCS1v15 Signature (SHA-3) | ✔️3,7 | ✔️8 | ❌️ | +| PKCS1v15 Signature (SHA-3) | ✔️4,8 | ✔️9 | ❌️ | 1macOS doesn't support passing a custom label to OAEP functions. 2Supports only hash algorithms that are [supported as standalone hash functions](#hash-and-message-authentication-algorithms). -3Available starting in the Microsoft build of Go 1.26. +3Requires OAEPOptions.Hash to match OAEPOptions.MGFHash. + +4Available starting in the Microsoft build of Go 1.26. -4Verifying PSS signatures with [rsa.PSSSaltLengthAuto](https://pkg.go.dev/crypto/rsa#pkg-constants) is not supported. +5Verifying PSS signatures with [rsa.PSSSaltLengthAuto](https://pkg.go.dev/crypto/rsa#pkg-constants) is not supported. -5Custom salt lengths are not supported. PSS always uses the [`rsa.PSSSaltLengthEqualsHash`](https://pkg.go.dev/crypto/rsa#pkg-constants). +6Custom salt lengths are not supported. PSS always uses the [`rsa.PSSSaltLengthEqualsHash`](https://pkg.go.dev/crypto/rsa#pkg-constants). -6Available starting in the Microsoft build of Go 1.24. +7Available starting in the Microsoft build of Go 1.24. -7Requires Windows 11 (24H2) or later. +8Requires Windows 11 (24H2) or later. -8Requires OpenSSL 1.1.1 or later. +9Requires OpenSSL 1.1.1 or later. ### ECDSA @@ -232,11 +240,19 @@ This section includes the following packages: Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader). -| Schemes | Windows | Linux | macOS | -| ---------- | ------- | ----- | ----- | -| Ed25519 | ❌️ | ✔️ | ✔️ | -| Ed25519ctx | ❌️ | ❌️ | ❌️ | -| Ed25519ph | ❌️ | ❌️ | ❌️ | +The CNG backend and some old OpenSSL distributions don't support Ed25519. + +| Schemes | Windows | Linux | macOS | +| ---------------------- | ------- | ---------------- | ----- | +| Ed25519 | ❌️ | ✔️1,2 | ✔️ | +| Ed25519ctx3 | ❌️ | ❌️ | ❌️ | +| Ed25519ph3 | ❌️ | ❌️ | ❌️ | + +1Requires OpenSSL 1.1.1b or later. + +2Verify requires OpenSSL 1.1.1b or higher. + +3Only opts.Hash == nil && opts.Context == "" is implemented using the OpenSSL backend. ### DSA @@ -353,7 +369,9 @@ This section includes the following packages: - [crypto/tls](https://pkg.go.dev/crypto/tls) -This section includes the following subsections: +Package tls will automatically use FIPS compliant primitives implemented in other crypto packages. + +Since Go 1.22, the Microsoft build of Go runtime automatically enforces that tls only uses FIPS-approved settings when running in FIPS mode. Prior to Go 1.22, a program using tls must import the `crypto/tls/fipsonly` package to be compliant with these restrictions. - [TLS Versions](#tls-versions) - [TLS Cipher Suites](#tls-cipher-suites)