From eb478bd5ec763be6fba5aefeb2d904aaa28f9c24 Mon Sep 17 00:00:00 2001
From: Davis Goodin <dagood@microsoft.com>
Date: Wed, 5 Jul 2023 17:31:33 -0500
Subject: [PATCH 1/2] Add the active crypto backend to build info

---
 .../0001-Add-systemcrypto-GOEXPERIMENT.patch  | 51 +++++++++++++++++--
 1 file changed, 48 insertions(+), 3 deletions(-)

diff --git a/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch b/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch
index 1c2e50368f3..d50ee37aa93 100644
--- a/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch
+++ b/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch
@@ -8,12 +8,18 @@ goexperiment.systemcrypto behave as an alias that enables the recommended
 backend for the target GOOS. See src/internal/goexperiment/flags.go for more
 information about the behavior.
 
+Includes active crypto backend in the build info accessible in the
+binary, for example by "go version -m". This makes it easy to determine
+which backend is being used by a compiled Go program no matter which
+GOEXPERIMENT or build tag was used to enable it.
+
 Includes new tests in "build_test.go" and "buildbackend_test.go" to help
 maintain this feature. For more information, see the test files.
 ---
+ src/cmd/go/internal/load/pkg.go               |  5 ++
  src/cmd/go/internal/modindex/build.go         | 54 ++++++++++++++
  src/cmd/go/internal/modindex/build_test.go    | 73 +++++++++++++++++++
- src/go/build/build.go                         | 54 ++++++++++++++
+ src/go/build/build.go                         | 70 ++++++++++++++++++
  src/go/build/buildbackend_test.go             | 66 +++++++++++++++++
  .../testdata/backendtags_openssl/main.go      |  3 +
  .../testdata/backendtags_openssl/openssl.go   |  3 +
@@ -22,7 +28,7 @@ maintain this feature. For more information, see the test files.
  .../goexperiment/exp_systemcrypto_off.go      |  9 +++
  .../goexperiment/exp_systemcrypto_on.go       |  9 +++
  src/internal/goexperiment/flags.go            | 15 ++++
- 11 files changed, 292 insertions(+)
+ 12 files changed, 313 insertions(+)
  create mode 100644 src/cmd/go/internal/modindex/build_test.go
  create mode 100644 src/go/build/buildbackend_test.go
  create mode 100644 src/go/build/testdata/backendtags_openssl/main.go
@@ -32,6 +38,22 @@ maintain this feature. For more information, see the test files.
  create mode 100644 src/internal/goexperiment/exp_systemcrypto_off.go
  create mode 100644 src/internal/goexperiment/exp_systemcrypto_on.go
 
+diff --git a/src/cmd/go/internal/load/pkg.go b/src/cmd/go/internal/load/pkg.go
+index c0e6265e29d065..7b55a393d20ef4 100644
+--- a/src/cmd/go/internal/load/pkg.go
++++ b/src/cmd/go/internal/load/pkg.go
+@@ -2430,6 +2430,11 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) {
+ 	if key, val := cfg.GetArchEnv(); key != "" && val != "" {
+ 		appendSetting(key, val)
+ 	}
++	if backends := cfg.BuildContext.CryptoBackends(); len(backends) > 0 {
++		// It is an error to specify multiple backends, but this is reported by
++		// a source file with a build condition, not here.
++		appendSetting("cryptobackend", strings.Join(backends, ","))
++	}
+ 
+ 	// Add VCS status if all conditions are true:
+ 	//
 diff --git a/src/cmd/go/internal/modindex/build.go b/src/cmd/go/internal/modindex/build.go
 index b57f2f6368f0fe..9ddde1ce9a2286 100644
 --- a/src/cmd/go/internal/modindex/build.go
@@ -184,7 +206,7 @@ index 00000000000000..1756c5d027fee0
 +	}
 +}
 diff --git a/src/go/build/build.go b/src/go/build/build.go
-index dd6cdc903a21a8..48adcfed5cf3cb 100644
+index dd6cdc903a21a8..bd10b3b62dd833 100644
 --- a/src/go/build/build.go
 +++ b/src/go/build/build.go
 @@ -1947,13 +1947,67 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool {
@@ -255,6 +277,29 @@ index dd6cdc903a21a8..48adcfed5cf3cb 100644
  		if tag == name {
  			return true
  		}
+@@ -1967,6 +2021,22 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool {
+ 	return false
+ }
+ 
++// CryptoBackends returns the name of each crypto backend that is enabled in
++// this build context, e.g. "openssl", based on the active tags.
++// Only includes actual backends, not the "systemcrypto" alias.
++func (ctxt *Context) CryptoBackends() []string {
++	var tags []string
++	check := func(backend string) {
++		if ctxt.matchTag("goexperiment."+backend+"crypto", nil) {
++			tags = append(tags, backend)
++		}
++	}
++	check("openssl")
++	check("cng")
++	check("boring")
++	return tags
++}
++
+ // goodOSArchFile returns false if the name contains a $GOOS or $GOARCH
+ // suffix which does not match the current system.
+ // The recognized name formats are:
 diff --git a/src/go/build/buildbackend_test.go b/src/go/build/buildbackend_test.go
 new file mode 100644
 index 00000000000000..a22abbb42e37c0

From 5d3779794958bc6e3c99c25dfcfce799854ea5d7 Mon Sep 17 00:00:00 2001
From: Davis Goodin <dagood@microsoft.com>
Date: Thu, 6 Jul 2023 18:44:22 -0500
Subject: [PATCH 2/2] Revert added build API, use MatchFile

---
 .../0001-Add-systemcrypto-GOEXPERIMENT.patch  | 68 +++++++++----------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch b/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch
index d50ee37aa93..4fccc316eb3 100644
--- a/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch
+++ b/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch
@@ -16,10 +16,10 @@ GOEXPERIMENT or build tag was used to enable it.
 Includes new tests in "build_test.go" and "buildbackend_test.go" to help
 maintain this feature. For more information, see the test files.
 ---
- src/cmd/go/internal/load/pkg.go               |  5 ++
+ src/cmd/go/internal/load/pkg.go               | 21 ++++++
  src/cmd/go/internal/modindex/build.go         | 54 ++++++++++++++
  src/cmd/go/internal/modindex/build_test.go    | 73 +++++++++++++++++++
- src/go/build/build.go                         | 70 ++++++++++++++++++
+ src/go/build/build.go                         | 54 ++++++++++++++
  src/go/build/buildbackend_test.go             | 66 +++++++++++++++++
  .../testdata/backendtags_openssl/main.go      |  3 +
  .../testdata/backendtags_openssl/openssl.go   |  3 +
@@ -39,21 +39,44 @@ maintain this feature. For more information, see the test files.
  create mode 100644 src/internal/goexperiment/exp_systemcrypto_on.go
 
 diff --git a/src/cmd/go/internal/load/pkg.go b/src/cmd/go/internal/load/pkg.go
-index c0e6265e29d065..7b55a393d20ef4 100644
+index c0e6265e29d065..12e6ab92363024 100644
 --- a/src/cmd/go/internal/load/pkg.go
 +++ b/src/cmd/go/internal/load/pkg.go
-@@ -2430,6 +2430,11 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) {
- 	if key, val := cfg.GetArchEnv(); key != "" && val != "" {
+@@ -16,6 +16,7 @@ import (
+ 	"go/scanner"
+ 	"go/token"
+ 	"internal/platform"
++	"io"
+ 	"io/fs"
+ 	"os"
+ 	"os/exec"
+@@ -2431,6 +2432,26 @@ func (p *Package) setBuildInfo(ctx context.Context, autoVCS bool) {
  		appendSetting(key, val)
  	}
-+	if backends := cfg.BuildContext.CryptoBackends(); len(backends) > 0 {
-+		// It is an error to specify multiple backends, but this is reported by
-+		// a source file with a build condition, not here.
-+		appendSetting("cryptobackend", strings.Join(backends, ","))
-+	}
  
++	// Use build constraint evaluation to find which crypto backend is enabled
++	// in this build context (e.g. "openssl"). Only includes actual backends,
++	// not the "systemcrypto" alias. Test build constraints by copying the build
++	// context and assigning OpenFile to avoid reading actual files.
++	backendCheckContext := cfg.BuildContext
++	for _, b := range []string{"openssl", "cng", "boring"} {
++		backendCheckContext.OpenFile = func(path string) (io.ReadCloser, error) {
++			source := "//go:build goexperiment." + b + "crypto"
++			return io.NopCloser(strings.NewReader(source)), nil
++		}
++		if match, err := backendCheckContext.MatchFile("", "backendcheck.go"); err != nil {
++			setPkgErrorf("error checking for crypto backend %q: %v", b, err)
++			return
++		} else if match {
++			// It is an error to specify multiple backends, but this is reported
++			// by a source file with a build constraint, not detected here.
++			appendSetting("cryptobackend", b)
++		}
++	}
++
  	// Add VCS status if all conditions are true:
  	//
+ 	// - -buildvcs is enabled.
 diff --git a/src/cmd/go/internal/modindex/build.go b/src/cmd/go/internal/modindex/build.go
 index b57f2f6368f0fe..9ddde1ce9a2286 100644
 --- a/src/cmd/go/internal/modindex/build.go
@@ -206,7 +229,7 @@ index 00000000000000..1756c5d027fee0
 +	}
 +}
 diff --git a/src/go/build/build.go b/src/go/build/build.go
-index dd6cdc903a21a8..bd10b3b62dd833 100644
+index dd6cdc903a21a8..48adcfed5cf3cb 100644
 --- a/src/go/build/build.go
 +++ b/src/go/build/build.go
 @@ -1947,13 +1947,67 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool {
@@ -277,29 +300,6 @@ index dd6cdc903a21a8..bd10b3b62dd833 100644
  		if tag == name {
  			return true
  		}
-@@ -1967,6 +2021,22 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool {
- 	return false
- }
- 
-+// CryptoBackends returns the name of each crypto backend that is enabled in
-+// this build context, e.g. "openssl", based on the active tags.
-+// Only includes actual backends, not the "systemcrypto" alias.
-+func (ctxt *Context) CryptoBackends() []string {
-+	var tags []string
-+	check := func(backend string) {
-+		if ctxt.matchTag("goexperiment."+backend+"crypto", nil) {
-+			tags = append(tags, backend)
-+		}
-+	}
-+	check("openssl")
-+	check("cng")
-+	check("boring")
-+	return tags
-+}
-+
- // goodOSArchFile returns false if the name contains a $GOOS or $GOARCH
- // suffix which does not match the current system.
- // The recognized name formats are:
 diff --git a/src/go/build/buildbackend_test.go b/src/go/build/buildbackend_test.go
 new file mode 100644
 index 00000000000000..a22abbb42e37c0