v%.rm:
	rm -f v$*.zip
	chmod -R u+w $$(go env GOMODCACHE)/golang.org/fips140@v$* 2>/dev/null || true
	rm -rf $$(go env GOMODCACHE)/golang.org/fips140@v$*

# make v1.2.3.test runs the crypto tests using that snapshot.
v%.test:
	GOFIPS140=v$* go test -short crypto...

# make updatesum updates the fips140.sum file.
updatesum:

		New: func() *[]byte {
			buf := make([]byte, base64BufferSize)
			return &buf
		},
	}

	hmacSigners = []*SigningMethodHMAC{
		{Name: "HS256", Hash: crypto.SHA256},
		{Name: "HS384", Hash: crypto.SHA384},
		{Name: "HS512", Hash: crypto.SHA512},
	}
	for i := range hmacSigners {
		h := hmacSigners[i].Hash
		hmacSigners[i].HasherPool.New = func() hash.Hash {
			return h.New()
		}
	}
}

pkg cmp, func Or[$0 comparable](...$0) $0 #60204
pkg crypto/x509, func OIDFromInts([]uint64) (OID, error) #60665
pkg crypto/x509, method (*CertPool) AddCertWithConstraint(*Certificate, func([]*Certificate) error) #57178
pkg crypto/x509, method (OID) Equal(OID) bool #60665
pkg crypto/x509, method (OID) EqualASN1OID(asn1.ObjectIdentifier) bool #60665
pkg crypto/x509, method (OID) String() string #60665
pkg crypto/x509, type Certificate struct, Policies []OID #60665

	}
}

// KafkaSHA256 is a function that returns a crypto/sha256 hasher and should be used
// to create Client objects configured for SHA-256 hashing.
var KafkaSHA256 scram.HashGeneratorFcn = sha256.New

// KafkaSHA512 is a function that returns a crypto/sha512 hasher and should be used
// to create Client objects configured for SHA-512 hashing.

	fanOutOpts := fanOutOptions{Checksum: checksum}
	if crypto.Requested(formValues) {
		if crypto.SSECopy.IsRequested(r.Header) {
			writeErrorResponse(ctx, w, toAPIError(ctx, errInvalidEncryptionParameters), r.URL)
			return
		}

		if crypto.SSEC.IsRequested(r.Header) && crypto.S3.IsRequested(r.Header) {
			writeErrorResponse(ctx, w, toAPIError(ctx, crypto.ErrIncompatibleEncryptionMethod), r.URL)
			return
		}

func (api objectAPIHandlers) getObjectInArchiveFileHandler(ctx context.Context, objectAPI ObjectLayer, bucket, object string, w http.ResponseWriter, r *http.Request) {
	if crypto.S3.IsRequested(r.Header) || crypto.S3KMS.IsRequested(r.Header) { // If SSE-S3 or SSE-KMS present -> AWS fails with undefined error
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrBadRequest), r.URL)
		return
	}

	"maps"
	"sync"

	"github.com/minio/minio-go/v7"
	"github.com/minio/minio-go/v7/pkg/tags"
	"github.com/minio/minio/internal/crypto"
	"github.com/minio/minio/internal/hash"
	xhttp "github.com/minio/minio/internal/http"
	"github.com/minio/minio/internal/kms"
)

type fanOutOptions struct {
	Kind     crypto.Type
	KeyID    string
	Key      []byte
	KmsCtx   kms.Context
	Checksum *hash.Checksum
	MD5Hex   string
}

//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package main

import (
	"crypto/rsa"
	"crypto/x509"
	"encoding/base64"
	"encoding/pem"
	"log"
)

func bytesToPrivateKey(priv []byte) (*rsa.PrivateKey, error) {
	// Try PEM
	if block, _ := pem.Decode(priv); block != nil {

pkg crypto/tls, const TLS_AES_128_GCM_SHA256 = 4865
pkg crypto/tls, const TLS_AES_128_GCM_SHA256 uint16
pkg crypto/tls, const TLS_AES_256_GCM_SHA384 = 4866
pkg crypto/tls, const TLS_AES_256_GCM_SHA384 uint16
pkg crypto/tls, const TLS_CHACHA20_POLY1305_SHA256 = 4867
pkg crypto/tls, const TLS_CHACHA20_POLY1305_SHA256 uint16
pkg crypto/tls, const VersionTLS13 = 772
pkg crypto/tls, const VersionTLS13 ideal-int

@SuppressWarnings("module")
module okhttp3.modules.test {
  requires okhttp3;
  requires okhttp3.logging;
  requires mockwebserver3;
  requires mockwebserver3.junit5;
  requires jdk.crypto.ec;
  requires org.junit.jupiter.api;
  requires okhttp3.modules;
  opens okhttp3.modules.test to org.junit.platform.commons;