chore: sync fork with upstream #30
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Since CL 402595, the Go compiler no longer uses any package under crypto, so there is no need to explicitly exclude boring from the go bootstrap build. Change-Id: Ib71349fffaab151c6e1fb42a9684151439b70cc8 Reviewed-on: https://go-review.googlesource.com/c/go/+/508402 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com> Run-TryBot: Quim Muntal <quimmuntal@gmail.com> Reviewed-by: Bryan Mills <bcmills@google.com>
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Thanks to Mateusz Poliwczak for reporting this issue. Fixes #61460 Fixes CVE-2023-29409 Change-Id: Ie35038515a649199a36a12fc2c5df3af855dca6c Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1912161 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Roland Shoemaker <bracewell@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/515257 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: David Chase <drchase@google.com> Run-TryBot: David Chase <drchase@google.com>
To allow for future evolution of the API, make QUICConn.SendSessionTicket take a QUICSessionTicketOptions rather than a single bool. For #60107 Change-Id: I798fd0feec5c7581e3c3574e2de99611c81df47f Reviewed-on: https://go-review.googlesource.com/c/go/+/514997 Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Marten Seemann <martenseemann@gmail.com>
This CL add's the following instructions,useful for cipher and message digest operations: * KM - cipher message * KMC - cipher message with chaining * KLMD - compute last message digest * KIMD - compute intermediate message digest Fixes #61163 Change-Id: Ib0636430c3e4888ed61b86c5acae45ee596463ff Reviewed-on: https://go-review.googlesource.com/c/go/+/509075 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Run-TryBot: Cherry Mui <cherryyz@google.com> Reviewed-by: Keith Randall <khr@golang.org>
* Use two ADDL instead of LEAL * Keep ones in R11 * Use XORL with lower latency instead of NOTL * Remove loads and load the correct value in the previous round * Reduce dependency chain in round 2. * Remove MOVL in round 3. name old time/op new time/op delta Hash8Bytes-32 104ns ± 0% 96ns ± 1% -7.83% (p=0.000 n=9+10) Hash64-32 169ns ± 0% 155ns ± 0% -7.97% (p=0.000 n=10+10) Hash128-32 244ns ± 0% 224ns ± 0% -8.16% (p=0.000 n=9+10) Hash256-32 396ns ± 0% 360ns ± 1% -9.01% (p=0.000 n=10+10) Hash512-32 700ns ± 1% 634ns ± 1% -9.43% (p=0.000 n=10+10) Hash1K-32 1.30µs ± 0% 1.18µs ± 1% -9.32% (p=0.000 n=9+10) Hash8K-32 9.77µs ± 0% 8.81µs ± 0% -9.78% (p=0.000 n=9+10) Hash1M-32 1.24ms ± 1% 1.12ms ± 1% -9.54% (p=0.000 n=10+10) Hash8M-32 10.0ms ± 1% 9.0ms ± 1% -10.04% (p=0.000 n=10+10) Hash8BytesUnaligned-32 104ns ± 0% 96ns ± 0% -7.50% (p=0.000 n=10+10) Hash1KUnaligned-32 1.32µs ± 1% 1.18µs ± 1% -10.42% (p=0.000 n=10+10) Hash8KUnaligned-32 9.80µs ± 0% 8.79µs ± 1% -10.29% (p=0.000 n=10+10) name old speed new speed delta Hash8Bytes-32 77.1MB/s ± 0% 83.6MB/s ± 1% +8.49% (p=0.000 n=9+10) Hash64-32 379MB/s ± 0% 412MB/s ± 0% +8.66% (p=0.000 n=10+10) Hash128-32 525MB/s ± 0% 572MB/s ± 0% +8.89% (p=0.000 n=9+10) Hash256-32 646MB/s ± 0% 710MB/s ± 1% +9.90% (p=0.000 n=10+10) Hash512-32 732MB/s ± 1% 808MB/s ± 1% +10.41% (p=0.000 n=10+10) Hash1K-32 786MB/s ± 0% 866MB/s ± 1% +10.30% (p=0.000 n=9+10) Hash8K-32 839MB/s ± 0% 930MB/s ± 0% +10.79% (p=0.000 n=10+10) Hash1M-32 849MB/s ± 1% 938MB/s ± 1% +10.54% (p=0.000 n=10+10) Hash8M-32 841MB/s ± 1% 935MB/s ± 1% +11.16% (p=0.000 n=10+10) Hash8BytesUnaligned-32 77.1MB/s ± 0% 83.4MB/s ± 0% +8.12% (p=0.000 n=10+10) Hash1KUnaligned-32 778MB/s ± 1% 869MB/s ± 1% +11.64% (p=0.000 n=10+10) Hash8KUnaligned-32 836MB/s ± 0% 932MB/s ± 1% +11.47% (p=0.000 n=10+10) Change-Id: I02b31229b857e9257dc9d36538883eb3af4ad993 This PR will be imported into Gerrit with the title and first comment (this text) used to generate the subject and body of the Gerrit change. Change-Id: I02b31229b857e9257dc9d36538883eb3af4ad993 GitHub-Last-Rev: ec8b15d789181d0dac57bf0ba5041ee7aeb305c9 GitHub-Pull-Request: golang/go#43690 Reviewed-on: https://go-review.googlesource.com/c/go/+/283538 Run-TryBot: Joel Sing <joel@sing.id.au> Reviewed-by: Matthew Dempsky <mdempsky@google.com> Reviewed-by: David Chase <drchase@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Joel Sing <joel@sing.id.au>
sysctl kern.arandom has been supported since NetBSD 4.0, works inside a chroot, has no confusing bells and whistles like Linux getrandom, requires no complicated querying to avoid SIGSYS traps, and is what NetBSD 10 will usee for the getentropy(3) library routine soon to appear in POSIX. Change-Id: I23bd84ecd5ff3e33e8958c60896db842c44667ba GitHub-Last-Rev: 5db094c85ae14bbd9f80247d46d90e00061187cc GitHub-Pull-Request: golang/go#61441 Reviewed-on: https://go-review.googlesource.com/c/go/+/511036 Run-TryBot: Ian Lance Taylor <iant@golang.org> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com>
Add a new GODEBUG setting, tlsmaxrsasize, which allows controlling the maximum RSA key size we will accept during TLS handshakes. Change-Id: I52f060be132014d219f4cd438f59990011a35c96 Reviewed-on: https://go-review.googlesource.com/c/go/+/517495 Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Russ Cox <rsc@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
KDSA(Compute Digital Signature Authentication) instruction provides support for the signing and verification of elliptic curves Change-Id: I19996a307162dd4f476a1cfe4f8d1a74a609e6c1 Reviewed-on: https://go-review.googlesource.com/c/go/+/503215 Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: David Chase <drchase@google.com> Run-TryBot: Cherry Mui <cherryyz@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
This provides an assembly implementation of addMulVVW* for riscv64,
processing four words per loop, resulting in a performance gain
of 23%+ for RSA decryption/signing on a StarFive VisionFive 2:
│ rsa1 │ rsa2 │
│ sec/op │ sec/op vs base │
DecryptPKCS1v15/2048-4 24.29m ± 0% 18.65m ± 0% -23.24% (p=0.000 n=10)
DecryptPKCS1v15/3072-4 73.28m ± 0% 54.08m ± 0% -26.20% (p=0.000 n=10)
DecryptPKCS1v15/4096-4 163.5m ± 0% 119.1m ± 0% -27.17% (p=0.000 n=10)
EncryptPKCS1v15/2048-4 1.505m ± 0% 1.446m ± 0% -3.93% (p=0.000 n=10)
DecryptOAEP/2048-4 24.37m ± 0% 18.72m ± 0% -23.17% (p=0.000 n=10)
EncryptOAEP/2048-4 1.570m ± 0% 1.510m ± 0% -3.84% (p=0.000 n=10)
SignPKCS1v15/2048-4 24.52m ± 0% 18.80m ± 0% -23.36% (p=0.000 n=10)
VerifyPKCS1v15/2048-4 1.491m ± 0% 1.431m ± 0% -4.00% (p=0.000 n=10)
SignPSS/2048-4 24.60m ± 0% 18.89m ± 0% -23.21% (p=0.000 n=10)
VerifyPSS/2048-4 1.565m ± 0% 1.504m ± 0% -3.87% (p=0.000 n=10)
geomean 10.90m 9.066m -16.79%
Change-Id: I8414ba0028b0781a945610abe02c285d2387aef3
Reviewed-on: https://go-review.googlesource.com/c/go/+/516536
Reviewed-by: Mark Ryan <markdryan@rivosinc.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: M Zhuo <mzh@golangcn.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Run-TryBot: Joel Sing <joel@sing.id.au>
TryBot-Result: Gopher Robot <gobot@golang.org>
Change-Id: I603051a3174b139ffb81d20d42979c7f3f04a09a Reviewed-on: https://go-review.googlesource.com/c/go/+/521136 Run-TryBot: Filippo Valsorda <filippo@golang.org> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Bryan Mills <bcmills@google.com> Run-TryBot: shuang cui <imcusg@gmail.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
The check for fragmentary post-handshake messages in QUICConn.HandleData was reversed, resulting in a potential panic when HandleData receives a partial message. In addition, HandleData wasn't checking the size of buffered post-handshake messages. Produce an error when a post-handshake message is larger than maxHandshake. TestQUICConnectionState was using an onHandleCryptoData hook in runTestQUICConnection that was never being called. (I think it was inadvertently removed at some point while the CL was in review.) Fix this test while making the hook more general. Fixes #62266 Change-Id: I210b70634e50beb456ab3977eb11272b8724c241 Reviewed-on: https://go-review.googlesource.com/c/go/+/522595 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Marten Seemann <martenseemann@gmail.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
The edwards25519 tests can be quite slow on platforms without a well-optimized implementation, especially if the race detector is also enabled. Since these tests aren't checking for specific inputs anyway, the extra coverage of a more aggressive quick.Config does not seem worth wasting extra time on slow CI builders and TryBots. For #60109. Change-Id: I530e75a0b76725585df5a2f5ded6705ab1b9da51 Reviewed-on: https://go-review.googlesource.com/c/go/+/522715 Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Bryan Mills <bcmills@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Bryan Mills <bcmills@google.com> Reviewed-by: Joedian Reid <joedian@golang.org>
Several of the tests in crypto/des were using the unexported desCipher type and other unexported functions to test the package, leaving desCipher.Encrypt and desCipher.Decrypt only partially tested. This CL changes the tests to use the public API, except for TestInitialPermute and TestFinalPermute, which are testing implementation details on purpose. Change-Id: I0bc13cea06b79b29425412b9bf36b997871518ac Reviewed-on: https://go-review.googlesource.com/c/go/+/520495 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Quim Muntal <quimmuntal@gmail.com> Reviewed-by: Bryan Mills <bcmills@google.com>
This CL is to add assembly instruction mnemonics for the following instructions, mainly used in crypto packages. * KMA - cipher message with authentication * KMCTR - cipher message with counter Fixes #61163 Change-Id: Iff9a69911aeb4fab4bca8755b23a106eaebb2332 Reviewed-on: https://go-review.googlesource.com/c/go/+/515195 Reviewed-by: Carlos Amedee <carlos@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Run-TryBot: Cherry Mui <cherryyz@google.com>
Change-Id: Id2079f7012392dea8dfe2386bb9fb1ea3f487a4a Reviewed-on: https://go-review.googlesource.com/c/go/+/526015 Reviewed-by: Matthew Dempsky <mdempsky@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: qiulaidongfeng <2645477756@qq.com>
Change-Id: I8787458f9ccd3b5cdcdda820d8a45deb4f77eade GitHub-Last-Rev: be865d67ef68815b8c1c2a9ad222fff594620e66 GitHub-Pull-Request: golang/go#63165 Reviewed-on: https://go-review.googlesource.com/c/go/+/530120 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Than McIntosh <thanm@google.com>
When running crypto/tls tests with GOEXPERIMENT=boringcrypto, some tests are embedded with unreadable hexadecimal values: === RUN TestBoringServerSignatureAndHash/5053...3536 This corresponds to a string representation of SignatureScheme as it implements fmt.Stringer. With this change, the above will be printed as: === RUN TestBoringServerSignatureAndHash/PSSWithSHA256 Change-Id: I953c0bb35c68e77a7f01e7f1fceda203c272faf7 GitHub-Last-Rev: 19700d53a8578d335dc803ac94cc7c6c72e9920a GitHub-Pull-Request: golang/go#63175 Reviewed-on: https://go-review.googlesource.com/c/go/+/530715 Reviewed-by: Heschi Kreinick <heschi@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Than McIntosh <thanm@google.com>
This is a follow up of CL 530120. Change-Id: Ifa0bd1c3bb9bb1202568eaae27500bcea376f56b GitHub-Last-Rev: b4154fa1fc205a6a1af050ab49a4738f73b3c32a GitHub-Pull-Request: golang/go#63228 Reviewed-on: https://go-review.googlesource.com/c/go/+/531136 Auto-Submit: Bryan Mills <bcmills@google.com> Reviewed-by: Bryan Mills <bcmills@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
User can trust new CA on android but it seems that go build package are not able to use it. This PR will add the folder where user CA trusted certificate is added to. Change-Id: I9ea7801b35847ea3eb4eedd875227743ba99af00 GitHub-Last-Rev: c49ffd270b6483b750d97e422b76237b112e508c GitHub-Pull-Request: golang/go#50240 Reviewed-on: https://go-review.googlesource.com/c/go/+/473035 Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Reviewed-by: Than McIntosh <thanm@google.com> Run-TryBot: Emmanuel Odeke <emmanuel@orijtech.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
Updates #58922 Change-Id: I0eb2c97babb05b2d9bc36ed8af03579094bc02ac Reviewed-on: https://go-review.googlesource.com/c/go/+/531878 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Ingo Oeser <nightlyone@googlemail.com>
This makes some improvements to the xorBytes assembler implementation for PPC64 targets. The loops to process large streams of bytes has been changed to do 64 bytes at a time. Other changes were made to prevent degradations in some of the common sizes like 8, 16. The case for < 8 bytes on power10 has been modified to use the LXVL and STXVL instructions. Change-Id: I7477d12d5375d484af8c274443d595ccdafbda7c Reviewed-on: https://go-review.googlesource.com/c/go/+/530877 Reviewed-by: Paul Murphy <murp@ibm.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Jayanth Krishnamurthy <jayanth.krishnamurthy@ibm.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Benny Siegert <bsiegert@gmail.com> Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
This adds more variations for sizes of the input text to the gcm tests. Change-Id: I39dba5f08c77f04f94278200c3ce9234f977506f Reviewed-on: https://go-review.googlesource.com/c/go/+/532635 Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com> Reviewed-by: Than McIntosh <thanm@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
This improves performance for AES-GCM. The function
counterCrypt is written in assembler so the loop can
be unrolled and the stitched approach used for the
encryption.
This implementation works on ppc64le and ppc64. The use
of GOPPC64=power9 generates the best performance,
goos: linux
goarch: ppc64le
pkg: crypto/cipher
cpu: POWER10
│ gcmx8.cpu1.out │ gcmx8.new.cpu1.out │
│ sec/op │ sec/op vs base │
AESGCM/Open-128-64 180.5n ± 0% 152.7n ± 1% -15.43% (p=0.000 n=8)
AESGCM/Seal-128-64 166.8n ± 0% 147.2n ± 0% -11.72% (p=0.000 n=8)
AESGCM/Open-256-64 194.9n ± 0% 156.6n ± 1% -19.65% (p=0.000 n=8)
AESGCM/Seal-256-64 183.7n ± 0% 157.0n ± 0% -14.51% (p=0.000 n=8)
AESGCM/Open-128-1350 1769.5n ± 0% 454.5n ± 0% -74.31% (p=0.000 n=8)
AESGCM/Seal-128-1350 1759.0n ± 0% 453.7n ± 0% -74.21% (p=0.000 n=8)
AESGCM/Open-256-1350 2104.0n ± 0% 504.4n ± 1% -76.03% (p=0.000 n=8)
AESGCM/Seal-256-1350 2092.0n ± 0% 503.0n ± 0% -75.96% (p=0.000 n=8)
AESGCM/Open-128-8192 10.054µ ± 0% 1.961µ ± 0% -80.50% (p=0.000 n=8)
AESGCM/Seal-128-8192 10.050µ ± 0% 1.965µ ± 0% -80.45% (p=0.000 n=8)
AESGCM/Open-256-8192 12.080µ ± 0% 2.232µ ± 0% -81.52% (p=0.000 n=8)
AESGCM/Seal-256-8192 12.069µ ± 0% 2.238µ ± 0% -81.46% (p=0.000 n=8)
geomean 1.566µ 535.5n -65.80%
│ gcmx8.cpu1.out │ gcmx8.new.cpu1.out │
│ B/s │ B/s vs base │
AESGCM/Open-128-64 338.1Mi ± 0% 399.8Mi ± 1% +18.27% (p=0.000 n=8)
AESGCM/Seal-128-64 366.1Mi ± 0% 414.6Mi ± 0% +13.28% (p=0.000 n=8)
AESGCM/Open-256-64 313.1Mi ± 0% 389.7Mi ± 0% +24.47% (p=0.000 n=8)
AESGCM/Seal-256-64 332.3Mi ± 0% 388.5Mi ± 0% +16.93% (p=0.000 n=8)
AESGCM/Open-128-1350 727.6Mi ± 0% 2832.8Mi ± 0% +289.33% (p=0.000 n=8)
AESGCM/Seal-128-1350 732.0Mi ± 0% 2837.8Mi ± 0% +287.70% (p=0.000 n=8)
AESGCM/Open-256-1350 611.9Mi ± 0% 2552.6Mi ± 0% +317.18% (p=0.000 n=8)
AESGCM/Seal-256-1350 615.3Mi ± 0% 2559.6Mi ± 0% +315.97% (p=0.000 n=8)
AESGCM/Open-128-8192 777.1Mi ± 0% 3983.5Mi ± 0% +412.63% (p=0.000 n=8)
AESGCM/Seal-128-8192 777.3Mi ± 0% 3975.9Mi ± 0% +411.47% (p=0.000 n=8)
AESGCM/Open-256-8192 646.7Mi ± 0% 3500.6Mi ± 0% +441.27% (p=0.000 n=8)
AESGCM/Seal-256-8192 647.3Mi ± 0% 3491.1Mi ± 0% +439.30% (p=0.000 n=8)
geomean 542.7Mi 1.550Gi +192.42%
Change-Id: I3600831a263ec8a99b5e3bdd495eb36e966d8075
Reviewed-on: https://go-review.googlesource.com/c/go/+/484575
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
Reviewed-by: Paul Murphy <murp@ibm.com>
Reviewed-by: Than McIntosh <thanm@google.com>
Change-Id: Ifc669399dde7d6229c6ccdbe29611ed1f8698fb1 Reviewed-on: https://go-review.googlesource.com/c/go/+/534778 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: shuang cui <imcusg@gmail.com> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Ian Lance Taylor <iant@google.com>
Running 'go fix' on the cmd+std packages handled much of this change. Also update code generators to use only the new go:build lines, not the old +build ones. For #41184. For #60268. Change-Id: If35532abe3012e7357b02c79d5992ff5ac37ca23 Cq-Include-Trybots: luci.golang.try:gotip-linux-386-longtest,gotip-linux-amd64-longtest,gotip-windows-amd64-longtest Reviewed-on: https://go-review.googlesource.com/c/go/+/536237 Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
RtlGenRandom is a semi-undocumented API, also known as SystemFunction036, which we use to generate random data on Windows. It's definition, in cryptbase.dll, is an opaque wrapper for the documented API ProcessPrng. Instead of using RtlGenRandom, switch to using ProcessPrng, since the former is simply a wrapper for the latter, there should be no practical change on the user side, other than a minor change in the DLLs we load. Change-Id: Ie6891bf97b1d47f5368cccbe92f374dba2c2672a Reviewed-on: https://go-review.googlesource.com/c/go/+/536235 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Quim Muntal <quimmuntal@gmail.com> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
The new noescape and nocallback directives can be used instead of the C wrapper functions that are there just to avoid some parameters being escaped to the heap. This CL also helps demonstrate the use of the new directives in real code. I've added some benchmarks to demonstrate that this CL doesn't introduce new heap allocations when using boringcrypto: ``` goos: linux goarch: amd64 pkg: crypto/aes cpu: AMD EPYC 7763 64-Core Processor BenchmarkGCMSeal-32 8378692 143.3 ns/op 111.65 MB/s 0 B/op 0 allocs/op BenchmarkGCMOpen-32 8383038 142.7 ns/op 112.11 MB/s 0 B/op 0 allocs/op ``` Change-Id: Ifd775484eb9a105afc5c3d4e75a6c6655cbadc53 Reviewed-on: https://go-review.googlesource.com/c/go/+/525035 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Bryan Mills <bcmills@google.com> Run-TryBot: Quim Muntal <quimmuntal@gmail.com> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
…tives" This reverts CL 525035. Reason for revert: breaks many Google-internal tests (#63739), suspected miscompilation Change-Id: I8cbebca0a187d12e16c405b2373c754e4a397ef4 Reviewed-on: https://go-review.googlesource.com/c/go/+/537598 Reviewed-by: Bryan Mills <bcmills@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Bryan Mills <bcmills@google.com>
goos: linux
goarch: amd64
pkg: crypto/subtle
cpu: Intel(R) Core(TM) i5-8350U CPU @ 1.70GHz
│ master │ HEAD │
│ sec/op │ sec/op vs base │
XORBytes/8Bytes-8 10.90n ± 1% 10.96n ± 5% ~ (p=0.617 n=10)
XORBytes/128Bytes-8 14.85n ± 2% 12.05n ± 2% -18.82% (p=0.000 n=10)
XORBytes/2048Bytes-8 88.30n ± 2% 72.64n ± 1% -17.73% (p=0.000 n=10)
XORBytes/32768Bytes-8 1.489µ ± 2% 1.442µ ± 1% -3.12% (p=0.000 n=10)
geomean 67.91n 60.99n -10.19%
│ master │ HEAD │
│ B/s │ B/s vs base │
XORBytes/8Bytes-8 700.5Mi ± 1% 696.5Mi ± 5% ~ (p=0.631 n=10)
XORBytes/128Bytes-8 8.026Gi ± 2% 9.890Gi ± 2% +23.22% (p=0.000 n=10)
XORBytes/2048Bytes-8 21.60Gi ± 2% 26.26Gi ± 1% +21.55% (p=0.000 n=10)
XORBytes/32768Bytes-8 20.50Gi ± 2% 21.16Gi ± 1% +3.21% (p=0.000 n=10)
geomean 7.022Gi 7.819Gi +11.34%
For #63678
Change-Id: I3996873773748a6f78acc6575e70e09bb6aea979
GitHub-Last-Rev: d9129cb8eae363792b6a6236d597465fcf8d4d6b
GitHub-Pull-Request: golang/go#63754
Reviewed-on: https://go-review.googlesource.com/c/go/+/537856
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Keith Randall <khr@google.com>
Auto-Submit: Keith Randall <khr@golang.org>
Reviewed-by: Keith Randall <khr@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fixes #60665 Change-Id: I814b7d4b26b964f74443584fb2048b3e27e3b675 GitHub-Last-Rev: 693c741c76e6369e36aa2a599ee6242d632573c7 GitHub-Pull-Request: golang/go#62096 Reviewed-on: https://go-review.googlesource.com/c/go/+/520535 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Mateusz Poliwczak <mpoliwczak34@gmail.com> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com>
The loop should be terminated immediately when `algo` has been found Fixes #52955 Change-Id: Ib3865c4616a0c1af9b72daea45f5a1750f84562f GitHub-Last-Rev: 721322725fb2d3a3ea410d09fd8320dfef865d8d GitHub-Pull-Request: golang/go#52987 Reviewed-on: https://go-review.googlesource.com/c/go/+/407215 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org>
CL 520535 added the new OID type, and the Certificate field Policies to
replace PolicyIdentifiers. During review I missed three problems: (1)
the marshaling of Certificate didn't take into account the case where
both fields were populated with the same OIDs (which would be the case
if you parsed a certificate and used it as a template), (2)
buildCertExtensions only generated the certificate policies extension if
PolicyIdentifiers was populated, and (3) how we would marshal an empty
OID (i.e. OID{}).
This change makes marshaling a certificate with an empty OID an error,
and only adds a single copy of any OID that appears in both Policies and
PolicyIdentifiers to the certificate policies extension. This should
make the round trip behavior for certificates reasonable.
Additionally this change documents that CreateCertificate uses the
Policies field from the template, and fixes buildCertExtensions to
populate the certificate policies extension if _either_
PolicyIdentifiers or Policies is populated, not just PolicyIdentifiers.
Fixes #63909
Change-Id: I0fcbd3ceaab7a376e7e991ff8b37e2145ffb4a61
Reviewed-on: https://go-review.googlesource.com/c/go/+/539297
Reviewed-by: Mateusz Poliwczak <mpoliwczak34@gmail.com>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Support for boring has been extended to include linux/arm64. This change updates the docs to reflect that. Fixes #63920 Change-Id: If8d6eca713e8245dcc222c3e38d140874d48725d Reviewed-on: https://go-review.googlesource.com/c/go/+/539298 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Use ADD with constants, instead of ADDI. Also use SUB with a positive constant rather than ADD with a negative constant. The resulting assembly is still the same. Change-Id: Ife10bf5ae4122e525f0e7d41b5e463e748236a9c Reviewed-on: https://go-review.googlesource.com/c/go/+/540136 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: M Zhuo <mzh@golangcn.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Mark Ryan <markdryan@rivosinc.com> Reviewed-by: Heschi Kreinick <heschi@google.com> Run-TryBot: Joel Sing <joel@sing.id.au>
Adds the CertPool method AddCertWithConstraint, which allows adding a certificate to a pool with an arbitrary constraint which cannot be otherwise expressed in the certificate. Fixes #57178 Change-Id: Ic5b0a22a66aefa5ba5d8ed5ef11389996b59862b Reviewed-on: https://go-review.googlesource.com/c/go/+/519315 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org>
Updates the default from 1.0 -> 1.2 for servers, bringing it in line with clients. Add a GODEBUG setting, tls10server, which lets users revert this change. Fixes #62459 Change-Id: I2b82f85b1c2d527df1f9afefae4ab30a8f0ceb41 Reviewed-on: https://go-review.googlesource.com/c/go/+/541516 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
Removes the RSA KEX based ciphers from the default list. This can be reverted using the tlsrsakex GODEBUG. Fixes #63413 Change-Id: Id221be3eb2f6c24b91039d380313f0c87d339f98 Reviewed-on: https://go-review.googlesource.com/c/go/+/541517 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
Fixes #43922 Change-Id: Idaad7daa6784807ae3a5e4d944e88e13d01fd0b2 Reviewed-on: https://go-review.googlesource.com/c/go/+/544155 Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Filippo Valsorda <filippo@golang.org>
According to RFC 9001 Section 4.2, the client MUST NOT offer any TLS version older than 1.3. Fixes #63723. Change-Id: Ia92f98274ca784e2bc151faf236380af51f699c1 Reviewed-on: https://go-review.googlesource.com/c/go/+/537576 Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
We should call Value as late as possible to allow programs to set GODEBUG with os.Setenv, and IncNonDefault only when (and every time) the GODEBUG has an effect on a connection (that we'd have regularly rejected). Change-Id: If7a1446de407db7ca2d904d41dda13558b684dda Reviewed-on: https://go-review.googlesource.com/c/go/+/544335 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: David Chase <drchase@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org>
Updates #63413 Change-Id: I31fc2f9728582524cac5d101d0011093dbd05ed3 Reviewed-on: https://go-review.googlesource.com/c/go/+/544336 Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
KMCTR encoding arguments incorrect way, which leading illegal instruction wherver we call KMCTR instruction.IBM z13 machine test's TestAESGCM test using gcmASM implementation, which uses KMCTR instruction to encrypt using AES in counter mode and the KIMD instruction for GHASH. z14+ machines onwards uses gcmKMA implementation for the same. Fixes #63387 Change-Id: I86aeb99573c3f636a71908c99e06a9530655aa5d Reviewed-on: https://go-review.googlesource.com/c/go/+/535675 Reviewed-by: Vishwanatha HD <vishwanatha.hd@ibm.com> Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Keith Randall <khr@golang.org>
Don't marshal Policies field. Updates #64248 Change-Id: I7e6d8b9ff1b3698bb4f585fa82fc4050eff3ae4d Reviewed-on: https://go-review.googlesource.com/c/go/+/546915 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
Use a GODEBUG to choose which certificate policy field to use. If x509usepolicies=1 is set, use the Policies field, otherwise use the PolicyIdentifiers field. Fixes #64248 Change-Id: I3f0b56102e0bac4ebe800497717c61c58ef3f092 Reviewed-on: https://go-review.googlesource.com/c/go/+/546916 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fixes the gating of TestIssue51759 by shelling out to sw_vers to check what version of macOS we are on. Fixes #64677 Change-Id: I5eef4fa39e5449e7b2aa73864625c3abf002aef8 Reviewed-on: https://go-review.googlesource.com/c/go/+/549195 Reviewed-by: Bryan Mills <bcmills@google.com> Auto-Submit: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Also, add EVP_aead_aes_*_gcm_tls13 to the build, which we will need in a following CL, to avoid rebuilding the syso twice. Updates #64717 Updates #62372 Change-Id: Ie4d853ad9b914c1095cad60694a1ae6f77dc22ce Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-boringcrypto Reviewed-on: https://go-review.googlesource.com/c/go/+/549695 Reviewed-by: Than McIntosh <thanm@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
This enables TLS 1.3, disables P-521, and disables non-ECDHE suites. Fixes #64717 Updates #62372 Change-Id: I3a65b239ef0198bbdbe5e55e0810e7128f90a091 Reviewed-on: https://go-review.googlesource.com/c/go/+/549975 Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Than McIntosh <thanm@google.com>
Now, this is embarrassing. For the whole Go 1.20 and Go 1.21 cycles, we based RSA public key operation (verification and decryption) benchmarks on the keys in rsa_test.go, which had E = 3. Most keys in use, including all those generated by GenerateKey, have E = 65537. This significantly skewed even relative benchmarks, because the new constant-time algorithms would incur a larger slowdown for larger exponents. I noticed this only because I got a production profile for an application that does a lot of RSA verifications, saw ExpShort show up, made ExpShort faster, and the crypto/rsa profiles didn't move. We were measuring the wrong thing, and the slowdown was worse than we thought. My apologies. (If E had not been parametrized, it would have avoided issues like this one, too. Grumble. https://words.filippo.io/parameters/#fn9) goos: darwin goarch: arm64 pkg: crypto/rsa │ g35222eeb78 │ new │ │ sec/op │ sec/op vs base │ DecryptPKCS1v15/2048-8 1.414m ± 2% 1.417m ± 1% ~ (p=0.971 n=10) DecryptPKCS1v15/3072-8 4.107m ± 0% 4.160m ± 1% +1.29% (p=0.000 n=10) DecryptPKCS1v15/4096-8 9.363m ± 1% 9.305m ± 1% ~ (p=0.143 n=10) EncryptPKCS1v15/2048-8 162.8µ ± 2% 212.1µ ± 0% +30.34% (p=0.000 n=10) DecryptOAEP/2048-8 1.460m ± 4% 1.413m ± 1% ~ (p=0.105 n=10) EncryptOAEP/2048-8 161.7µ ± 0% 213.4µ ± 0% +31.99% (p=0.000 n=10) SignPKCS1v15/2048-8 1.419m ± 1% 1.476m ± 1% +4.05% (p=0.000 n=10) VerifyPKCS1v15/2048-8 160.6µ ± 0% 212.6µ ± 3% +32.38% (p=0.000 n=10) SignPSS/2048-8 1.419m ± 0% 1.477m ± 2% +4.07% (p=0.000 n=10) VerifyPSS/2048-8 163.9µ ± 8% 212.3µ ± 0% +29.50% (p=0.000 n=10) geomean 802.5µ 899.1µ +12.04% Updates #63516 Change-Id: Iab4a0684d8101ae07dac8462908d8058fe5e9f3d Reviewed-on: https://go-review.googlesource.com/c/go/+/552895 Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Than McIntosh <thanm@google.com>
Most libraries don't consider N secret, but it's arguably useful for
privacy applications. However, E should generally be fixed, and there is
a lot of performance to be gained by using variable-time exponentiation.
The threshold trick is from BoringSSL.
goos: linux
goarch: amd64
pkg: crypto/rsa
cpu: Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
│ old │ new │
│ sec/op │ sec/op vs base │
DecryptPKCS1v15/2048-4 1.398m ± 0% 1.396m ± 4% ~ (p=0.853 n=10)
DecryptPKCS1v15/3072-4 3.640m ± 0% 3.652m ± 1% ~ (p=0.063 n=10)
DecryptPKCS1v15/4096-4 7.756m ± 0% 7.764m ± 0% ~ (p=0.853 n=10)
EncryptPKCS1v15/2048-4 175.50µ ± 0% 39.37µ ± 0% -77.57% (p=0.000 n=10)
DecryptOAEP/2048-4 1.375m ± 0% 1.371m ± 1% ~ (p=0.089 n=10)
EncryptOAEP/2048-4 177.64µ ± 0% 41.17µ ± 1% -76.82% (p=0.000 n=10)
SignPKCS1v15/2048-4 1.419m ± 0% 1.393m ± 1% -1.84% (p=0.000 n=10)
VerifyPKCS1v15/2048-4 173.70µ ± 1% 38.28µ ± 2% -77.96% (p=0.000 n=10)
SignPSS/2048-4 1.437m ± 1% 1.413m ± 0% -1.64% (p=0.000 n=10)
VerifyPSS/2048-4 176.83µ ± 1% 43.08µ ± 5% -75.64% (p=0.000 n=10)
This finally makes everything in crypto/rsa faster than it was in Go 1.19.
goos: linux
goarch: amd64
pkg: crypto/rsa
cpu: Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
│ go1.19.txt │ go1.20.txt │ go1.21.txt │ new.txt │
│ sec/op │ sec/op vs base │ sec/op vs base │ sec/op vs base │
DecryptPKCS1v15/2048-4 1.458m ± 0% 1.597m ± 1% +9.50% (p=0.000 n=10) 1.395m ± 1% -4.30% (p=0.000 n=10) 1.396m ± 4% -4.25% (p=0.002 n=10)
DecryptPKCS1v15/3072-4 4.023m ± 1% 5.332m ± 1% +32.53% (p=0.000 n=10) 3.649m ± 1% -9.30% (p=0.000 n=10) 3.652m ± 1% -9.23% (p=0.000 n=10)
DecryptPKCS1v15/4096-4 8.710m ± 1% 11.937m ± 1% +37.05% (p=0.000 n=10) 7.564m ± 1% -13.16% (p=0.000 n=10) 7.764m ± 0% -10.86% (p=0.000 n=10)
EncryptPKCS1v15/2048-4 51.79µ ± 0% 267.68µ ± 0% +416.90% (p=0.000 n=10) 176.42µ ± 0% +240.67% (p=0.000 n=10) 39.37µ ± 0% -23.98% (p=0.000 n=10)
DecryptOAEP/2048-4 1.461m ± 0% 1.613m ± 1% +10.37% (p=0.000 n=10) 1.415m ± 0% -3.13% (p=0.000 n=10) 1.371m ± 1% -6.18% (p=0.000 n=10)
EncryptOAEP/2048-4 54.24µ ± 0% 269.19µ ± 0% +396.28% (p=0.000 n=10) 177.31µ ± 0% +226.89% (p=0.000 n=10) 41.17µ ± 1% -24.10% (p=0.000 n=10)
SignPKCS1v15/2048-4 1.510m ± 0% 1.705m ± 0% +12.93% (p=0.000 n=10) 1.423m ± 1% -5.78% (p=0.000 n=10) 1.393m ± 1% -7.76% (p=0.000 n=10)
VerifyPKCS1v15/2048-4 50.87µ ± 0% 266.41µ ± 1% +423.71% (p=0.000 n=10) 174.38µ ± 0% +242.79% (p=0.000 n=10) 38.28µ ± 2% -24.75% (p=0.000 n=10)
SignPSS/2048-4 1.513m ± 1% 1.709m ± 0% +12.97% (p=0.000 n=10) 1.461m ± 0% -3.42% (p=0.000 n=10) 1.413m ± 0% -6.58% (p=0.000 n=10)
VerifyPSS/2048-4 53.45µ ± 1% 268.56µ ± 0% +402.48% (p=0.000 n=10) 177.29µ ± 0% +231.72% (p=0.000 n=10) 43.08µ ± 5% -19.39% (p=0.000 n=10)
geomean 514.6µ 1.094m +112.65% 801.6µ +55.77% 442.1µ -14.08%
Fixes #63516
Change-Id: If40e596a2e4b3ab7a202ff34591cf9cffecfcc1b
Reviewed-on: https://go-review.googlesource.com/c/go/+/552935
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
…e to fips-20220613" +1
This reverts commit 7383b2a4db5dc93c9b875b42d5add73d27cc4b9f
("crypto/internal/boring: upgrade module to fips-20220613") and commit
4106de901a8efe914cda6f6c4e8d45ff8c115da4 ("crypto/tls: align FIPS-only
mode with BoringSSL policy").
Fixes #65324
Updates #65321
Updates #64717
Updates #62372
Change-Id: I0938b97e5b4904e6532448b8ae76e920d03d0508
Reviewed-on: https://go-review.googlesource.com/c/go/+/558796
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 09b5de48e64e67db92b31eaca054c5d096e3c057)
Reviewed-on: https://go-review.googlesource.com/c/go/+/558797
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
…ore interface conversion alreadyInChain assumes all keys fit a interface which contains the Equal method (which they do), but this ignores that certificates may have a nil key when PublicKeyAlgorithm is UnknownPublicKeyAlgorithm. In this case alreadyInChain panics. Check that the key is non-nil as part of considerCandidate (we are never going to build a chain containing UnknownPublicKeyAlgorithm anyway). For #65390 Fixes #65831 Fixes CVE-2024-24783 Change-Id: Ibdccc0a487e3368b6812be35daad2512220243f3 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2137282 Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Roland Shoemaker <bracewell@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2174343 Reviewed-by: Carlos Amedee <amedee@google.com> Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/569235 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Michael Knyszek <mknyszek@google.com> Reviewed-by: Carlos Amedee <carlos@golang.org>
…le again The OID type is not exported data like most of the other x509 structs. Using it in x509.Certificate made Certificate not gob-compatible anymore, which breaks real-world code. As a temporary fix, make gob ignore that field, making it work as well as it did in Go 1.21. For Go 1.23, we anticipate adding a proper fix and removing the gob workaround. See #65633 and #66249 for more details. For #66249. For #65633. Fixes #66273. Change-Id: Idd1431d15063b3009e15d0565cd3120b9fa13f61 Reviewed-on: https://go-review.googlesource.com/c/go/+/571095 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Rob Pike <r@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-on: https://go-review.googlesource.com/c/go/+/571715 Reviewed-by: David Chase <drchase@google.com>
36 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This diff syncs the oohttp fork with go1.22.2 upstream. Here's the diff between us and upstream.