revert changes in the root package

Author: qmuntal

.github/workflows/test.yml

@@ -5,135 +5,103 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        go-version: [1.24.x, 1.25.x]
-        openssl-version:
-          [1.1.0, 1.1.1, 3.0.1, 3.0.13, 3.1.5, 3.2.1, 3.3.0, 3.3.1]
+        go-version: [1.23.x, 1.24.x]
+        openssl-version: [1.1.0, 1.1.1, 3.0.1, 3.0.13, 3.1.5, 3.2.1, 3.3.0, 3.3.1]
     runs-on: ubuntu-22.04
     steps:
-      - name: Install build tools
-        run: sudo apt-get install -y build-essential
-      - name: Install Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Verify go generate leaves no changes
-        run: |
-          go generate ./...
-          git diff --exit-code
-      - name: Install OpenSSL
-        run: sudo sh ./scripts/openssl.sh ${{ matrix.openssl-version }}
-      - name: Check headers
-        working-directory: ./cmd/checkheader
-        run: |
-          go run . --ossl-include /usr/local/src/openssl-${{ matrix.openssl-version }}/include -shim ../../internal/ossl/shims.h
-      - name: Set OpenSSL config and prove FIPS
-        run: |
-          sudo cp ./scripts/openssl-3.cnf /usr/local/ssl/openssl.cnf
-          go test -v -count 0 . | grep -q "FIPS enabled: true"
-        if: ${{ matrix.openssl-version == '3.0.1' }}
-        env:
-          GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
-      - name: Run Test
-        # Run each test 10 times so the garbage collector chimes in
-        # and exercises the multiple finalizers we use.
-        # This can detect use-after-free and double-free issues.
-        run: go test -gcflags=all=-d=checkptr -count 10 -v ./...
-        env:
-          GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
-          CGO_ENABLED: 0
-          GOFLAGS: -tags=goexperiment.ms_go_nocgo_opensslcrypto
-      - name: Run Test CGO disabled
-        run: go test -count 10 -v ./...
-        env:
-          GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
-      - name: Run Test with address sanitizer
-        run: |
-          ok=true
-          for t in $(go test ./... -list=. | grep '^Test'); do
-            go test ./... -gcflags=all=-d=checkptr -asan -run ^$t$ -v || ok=false
-          done
-          $ok
-        env:
-          GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
-
+    - name: Install build tools
+      run: sudo apt-get install -y build-essential
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ matrix.go-version }}
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Verify go generate leaves no changes
+      run: |
+        go generate ./...
+        git diff --exit-code
+    - name: Install OpenSSL
+      run: sudo sh ./scripts/openssl.sh ${{ matrix.openssl-version }}
+    - name: Check headers
+      working-directory: ./cmd/checkheader
+      run: |
+        go run . --ossl-include /usr/local/src/openssl-${{ matrix.openssl-version }}/include -shim ../../internal/ossl/shims.h
+    - name: Set OpenSSL config and prove FIPS
+      run: |
+        sudo cp ./scripts/openssl-3.cnf /usr/local/ssl/openssl.cnf
+        go test -v -count 0 . | grep -q "FIPS enabled: true"
+      if: ${{ matrix.openssl-version == '3.0.1' }}
+      env:
+        GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
+    - name: Run Test
+      # Run each test 10 times so the garbage collector chimes in 
+      # and exercises the multiple finalizers we use.
+      # This can detect use-after-free and double-free issues.
+      run: go test -gcflags=all=-d=checkptr -count 10 -v ./...
+      env:
+        GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
+    - name: Run Test with address sanitizer
+      run: |
+        ok=true
+        for t in $(go test ./... -list=. | grep '^Test'); do
+          go test ./... -gcflags=all=-d=checkptr -asan -run ^$t$ -v || ok=false
+        done
+        $ok
+      env:
+        GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
   wintest:
     runs-on: windows-2022
     strategy:
       fail-fast: false
       matrix:
-        go-version: [1.24.x, 1.25.x]
+        go-version: [1.22.x, 1.23.x]
         openssl-version: [libcrypto-1_1-x64.dll, libcrypto-3-x64.dll]
     steps:
-      - name: Install Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Run Test
-        run: go test -gcflags=all=-d=checkptr -count 10 -v ./...
-        env:
-          GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
-          CGO_ENABLED: 1
-      - name: Run Test CGO disabled
-        run: go test -count 10 -v ./...
-        env:
-          GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
-          CGO_ENABLED: 0
-          GOFLAGS: -tags=goexperiment.ms_go_nocgo_opensslcrypto
-
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ matrix.go-version }}
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Run Test
+      run: go test -gcflags=all=-d=checkptr -count 10 -v ./...
+      env:
+        GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
   mactest:
     strategy:
       fail-fast: false
       matrix:
-        go-version: [1.24.x, 1.25.x]
+        go-version: [1.22.x, 1.23.x]
         openssl-version: [/usr/local/opt/openssl@3/lib/libcrypto.3.dylib]
     runs-on: macos-13
     steps:
-      - name: Install Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Run Test
-        run: go test -gcflags=all=-d=checkptr -count 10 -v ./...
-        env:
-          GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
-      - name: Run Test CGO disabled
-        run: go test -count 10 -v ./...
-        env:
-          GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
-          CGO_ENABLED: 0
-          GOFLAGS: -tags=goexperiment.ms_go_nocgo_opensslcrypto
-
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ matrix.go-version }}
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Run Test
+      run: go test -gcflags=all=-d=checkptr -count 10 -v ./...
+      env:
+        GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
   azurelinux:
     runs-on: ubuntu-latest
     container: mcr.microsoft.com/oss/go/microsoft/golang:1.23-azurelinux3.0
     steps:
-      - name: Checkout code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Run Test
-        run: go test -v ./...
-      - name: Run Test CGO disabled
-        run: go test -v ./...
-        env:
-          CGO_ENABLED: 0
-          GOFLAGS: -tags=goexperiment.ms_go_nocgo_opensslcrypto
-
+    - name: Checkout code
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - name: Run Test
+      run: go test -v ./...
   mariner2:
     runs-on: ubuntu-latest
     container: mcr.microsoft.com/oss/go/microsoft/golang:1.23.1-3-cbl-mariner2.0
     steps:
-      - name: Checkout code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Run Test  CGO disabled
-        run: go test -v ./...
-        env:
-          CGO_ENABLED: 0
-          GOFLAGS: -tags=goexperiment.ms_go_nocgo_opensslcrypto
+    - name: Checkout code
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - name: Run Test
+      run: go test -v ./...
 
   # Verify that golang-fips/openssl builds successfully without cgo enabled.
   #
@@ -147,8 +115,6 @@ jobs:
   #
   # The golang-fips/openssl module can't do any crypto when built without cgo,
   # but it exports a few simple functions and types.
-  #
-  # TODO: Remove once ms_go_nocgo_opensslcrypto is enabled by default.
   cgolessbuild:
     runs-on: ubuntu-latest
     steps:

aes.go

@@ -2,6 +2,7 @@
 
 package openssl
 
+import "C"
 import (
 	"crypto/cipher"
 	"errors"

cipher.go

@@ -2,6 +2,8 @@
 
 package openssl
 
+import "C"
+
 import (
 	"crypto/cipher"
 	"errors"

cmd/genaesmodes/main.go

@@ -39,7 +39,7 @@ func main() {
 	if gopackage := os.Getenv("GOPACKAGE"); gopackage != "" {
 		pkg = gopackage
 	}
-	fmt.Fprint(&b, "//go:build !cmd_go_bootstrap\n\n")
+	fmt.Fprint(&b, "//go:build cgo && !cmd_go_bootstrap\n\n")
 	fmt.Fprintf(&b, "package %s\n\n", pkg)
 	fmt.Fprint(&b, `import "crypto/cipher"`+"\n\n")
 

const.go

@@ -1,5 +1,6 @@
 package openssl
 
+import "C"
 import "unsafe"
 
 // cString is a null-terminated string,

des.go

@@ -2,6 +2,7 @@
 
 package openssl
 
+import "C"
 import (
 	"crypto/cipher"
 	"errors"

des_test.go

@@ -5,8 +5,8 @@ import (
 	"crypto/cipher"
 	"testing"
 
-	"github.com/golang-fips/openssl/v2"
 	"github.com/golang-fips/openssl/v2/internal/cryptotest"
+	"github.com/golang-fips/openssl/v2"
 )
 
 type CryptTest struct {

dsa.go

@@ -2,6 +2,7 @@
 
 package openssl
 
+import "C"
 import (
 	"runtime"
 	"unsafe"

ec.go

@@ -2,6 +2,7 @@
 
 package openssl
 
+import "C"
 import "github.com/golang-fips/openssl/v2/internal/ossl"
 
 func curveNID(curve string) int32 {

ecdh.go

@@ -2,6 +2,7 @@
 
 package openssl
 
+import "C"
 import (
 	"errors"
 	"runtime"
@@ -95,7 +96,7 @@ func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) {
 		if err != nil {
 			return nil, err
 		}
-		bytes = goBytes(unsafe.Pointer(cbytes), int(n))
+		bytes = C.GoBytes(unsafe.Pointer(cbytes), C.int(n))
 		cryptoFree(unsafe.Pointer(cbytes))
 	default:
 		panic(errUnsupportedVersion())