diff --git a/eng/doc/CrossPlatformCryptography.md b/eng/doc/CrossPlatformCryptography.md
index 2761a6c9f2..dbb6803375 100644
--- a/eng/doc/CrossPlatformCryptography.md
+++ b/eng/doc/CrossPlatformCryptography.md
@@ -97,7 +97,7 @@ This section includes the following packages:
| AES-CTR | ❌ | ✔️ | ❌ |
| AES-CFB | ❌ | ❌ | ❌ |
| AES-OFB | ❌ | ❌ | ❌ |
-| AES-GCM | ✔️ | ✔️ | ✔️ |
+| AES-GCM2 | ✔️ | ✔️ | ✔️ |
| DES-CBC | ✔️ | ⚠️1 | ✔️ |
| DES-ECB | ✔️ | ⚠️1 | ✔️ |
| 3DES-ECB | ✔️ | ✔️ | ✔️ |
@@ -106,7 +106,7 @@ This section includes the following packages:
1When using OpenSSL 3, requires the legacy provider to be enabled.
-### AES-GCM keys, nonces, and tags
+2AES-GCM supports specific keys, nonces, and tags:
- Key Sizes
@@ -136,15 +136,25 @@ This section includes the following packages:
- [crypto/rsa](https://pkg.go.dev/crypto/rsa)
+[rsa.GenerateKey](https://pkg.go.dev/crypto/rsa#GenerateKey) only supports the following key sizes (in bits): 2048, 3072, 4096.
+
+Multi-prime RSA keys are not supported.
+
+The RSA key size is subject to the limitations of the underlying cryptographic library.
+For example, on some Windows and SCOSSL configurations, the key size should be multiple of 8.
+Please refer to the documentation of the underlying cryptographic library for the specific limitations.
+
+Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader).
+
| Padding Mode | Windows | Linux | macOS |
| -------------------------------------- | -------------- | -------------- | -------------- |
-| OAEP (MD5) | ✔️ | ✔️ | ✔️3 |
-| OAEP (SHA-1) | ✔️ | ✔️ | ✔️3 |
-| OAEP (SHA-2)1 | ✔️ | ✔️ | ✔️3 |
+| OAEP (MD5) | ✔️ | ✔️ | ✔️5 |
+| OAEP (SHA-1) | ✔️ | ✔️ | ✔️5 |
+| OAEP (SHA-2)1 | ✔️ | ✔️ | ✔️5 |
| OAEP (SHA-3) | ❌ | ❌ | ❌ |
-| PSS (MD5) | ✔️ | ✔️ | ❌ |
-| PSS (SHA-1) | ✔️ | ✔️ | ✔️ |
-| PSS (SHA-2)1 | ✔️ | ✔️ | ✔️ |
+| PSS (MD5) | ✔️3 | ✔️ | ❌ |
+| PSS (SHA-1) | ✔️3 | ✔️ | ✔️4 |
+| PSS (SHA-2)1 | ✔️3 | ✔️ | ✔️4 |
| PSS (SHA-3) | ❌ | ❌ | ❌ |
| PKCS1v15 Signature (Unhashed) | ✔️ | ✔️ | ✔️ |
| PKCS1v15 Signature (RIPMED160) | ❌ | ✔️2 | ❌ |
@@ -159,27 +169,11 @@ This section includes the following packages:
2Available starting in Microsoft Go 1.24.
-3macOS doesn't support passing a custom label to OAEP functions.
-
-#### RSA key sizes
-
-[`rsa.GenerateKey`](https://pkg.go.dev/crypto/rsa#GenerateKey) only supports the following key sizes (in bits): 2048, 3072, 4096.
-
-Multi-prime RSA keys are not supported.
-
-The RSA key size is subject to the limitations of the underlying cryptographic library.
-For example, on some Windows and SCOSSL configurations, the key size should be multiple of 8.
-Please refer to the documentation of the underlying cryptographic library for the specific limitations.
+3On Windows, when verifying a PSS signature, [rsa.PSSSaltLengthAuto](https://pkg.go.dev/crypto/rsa#pkg-constants) is not supported.
-#### PSS salt length
+4On macOS, custom salt lengths are not supported. PSS always uses the [`rsa.PSSSaltLengthEqualsHash`](https://pkg.go.dev/crypto/rsa#pkg-constants).
-On Windows, when verifying a PSS signature, [`rsa.PSSSaltLengthAuto`](https://pkg.go.dev/crypto/rsa#pkg-constants) is not supported.
-
-On macOS, custom salt lengths are not supported, it always uses the [`rsa.PSSSaltLengthEqualsHash`](https://pkg.go.dev/crypto/rsa#pkg-constants).
-
-#### Random number generation
-
-Operations that require random numbers (rand io.Reader) only support [`rand.Reader`](https://pkg.go.dev/crypto/rand#Reader).
+5macOS doesn't support passing a custom label to OAEP functions.
### ECDSA
@@ -188,6 +182,8 @@ This section includes the following packages:
- [crypto/ecdsa](https://pkg.go.dev/crypto/ecdsa)
- [crypto/elliptic](https://pkg.go.dev/crypto/elliptic)
+Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader).
+
| Elliptic Curve | Windows | Linux | macOS |
| ---------------------- | ------- | ----- | ----- |
| NIST P-224 (secp224r1) | ✔️ | ✔️ | ❌ |
@@ -195,16 +191,14 @@ This section includes the following packages:
| NIST P-384 (secp384r1) | ✔️ | ✔️ | ✔️ |
| NIST P-521 (secp521r1) | ✔️ | ✔️ | ✔️ |
-#### Random number generation
-
-Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader).
-
### ECDH
This section includes the following packages:
- [crypto/ecdh](https://pkg.go.dev/crypto/ecdsa)
+Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader).
+
| Elliptic Curve | Windows | Linux | macOS |
| ---------------------- | ------- | ----- | ----- |
| NIST P-224 (secp224r1) | ✔️ | ✔️ | ❌ |
@@ -213,26 +207,20 @@ This section includes the following packages:
| NIST P-521 (secp521r1) | ✔️ | ✔️ | ✔️ |
| X25519 (curve25519) | ❌ | ❌ | ❌ |
-#### Random number generation
-
-Operations that require random numbers (rand io.Reader) only support [`rand.Reader`](https://pkg.go.dev/crypto/rand#Reader).
-
### Ed25519
This section includes the following packages:
- [crypto/ed25519](https://pkg.go.dev/crypto/ed25519)
+Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader).
+
| Schemes | Windows | Linux | macOS |
| ---------- | ------- | ----- | ----- |
| Ed25519 | ❌ | ✔️ | ✔️ |
| Ed25519ctx | ❌ | ❌ | ❌ |
| Ed25519ph | ❌ | ❌ | ❌ |
-#### Random number generation
-
-Operations that require random numbers (rand io.Reader) only support [`rand.Reader`](https://pkg.go.dev/crypto/rand#Reader).
-
### DSA
| Parameters | Windows | Linux | macOS |