This should make it much more likely that rangefunc
iterators become "plain inline code".
Change-Id: I8026603afdc5249f60cc663c4bc15cb1d26d1c83
Reviewed-on: https://go-review.googlesource.com/c/go/+/630696
Reviewed-by: Keith Randall <khr@golang.org>
Auto-Submit: David Chase <drchase@google.com>
Reviewed-by: Keith Randall <khr@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Implement the SHA-3 hash algorithms and the SHAKE extendable output
functions defined in FIPS 202.
This is a wrapper for crypto/internal/fips/sha3 which in turn was ported
from x/crypto/sha3 in CL 616717 as part of #65269.
Fixes#69982
Change-Id: I64ce7f362c1a773f7f5b05f7e0acb4110e52a329
Reviewed-on: https://go-review.googlesource.com/c/go/+/629176
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
This is quite a bit slower (almost entirely in the e * d reductions,
which could be optimized), but the slowdown is only 12% of a signature
operation.
Also, call Validate at the end of GenerateKey as a backstop. Key
generation is so incredibly slow that the extra time is negligible.
goos: darwin
goarch: arm64
pkg: crypto/rsa
cpu: Apple M2
│ ec9643bbed │ ec9643bbed-dirty │
│ sec/op │ sec/op vs base │
SignPSS/2048-8 869.8µ ± 1% 870.2µ ± 0% ~ (p=0.937 n=6)
GenerateKey/2048-8 104.2m ± 17% 106.9m ± 10% ~ (p=0.589 n=6)
ParsePKCS8PrivateKey/2048-8 28.54µ ± 2% 136.78µ ± 8% +379.23% (p=0.002 n=6)
Fixes#57751
Co-authored-by: Derek Parker <parkerderek86@gmail.com>
Change-Id: Ifb476859207925a018b433c16dd62fb767afd2d5
Reviewed-on: https://go-review.googlesource.com/c/go/+/630517
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
BenchmarkParsePKCS8PrivateKey is a useful high-level measure of the
performance of Validate + Precompute.
Change-Id: Ibc32bf7006cd6669019dc3c697566614ee348d0f
Reviewed-on: https://go-review.googlesource.com/c/go/+/630516
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
It doesn't need to be fast because we will only use it for RSA key
generation / precomputation / validation.
Change-Id: If4f5d0d4ac350939b69561e75dec5791db77f68c
Reviewed-on: https://go-review.googlesource.com/c/go/+/630515
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
A part of the keeping Go's vendored dependencies and generated code
up to date.
This updates h2_bundle.go with unencrypted HTTP/2 support.
For #36905.
For #67816.
[git-generate]
cd src
go get golang.org/x/net@v0.31.0
go mod tidy
go mod vendor
cd cmd
go get golang.org/x/net@v0.31.0
go mod tidy
go mod vendor
go generate -run=bundle std
Change-Id: I2b77f651b990f260fbe7d551c7a819518f1c983f
Reviewed-on: https://go-review.googlesource.com/c/go/+/631035
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Implement support for parsing the various policy related extensions,
and for validating the policy graph for chains.
Policy validation is only run if VerifyOptions.CertificatePolicies is
set. Policy validation is run after chains are built. If the computed
policy graph for a chain is invalid, the chain is removed from the set
of returned chains.
This implements the RFC 5280 algorithm as updated by
RFC 9618 [0].
Fixes#68484
[0] https://www.rfc-editor.org/rfc/rfc9618.html
Change-Id: I576432a47ddc404cba966c2b1995365944b8bd26
Reviewed-on: https://go-review.googlesource.com/c/go/+/628616
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Different Plan 9 file servers may return different error strings
on an attempt to open a directory for writing: EISDIR, EACCES or
EPERM. TestOpenError allows for the first two, but it needs to
allow for EPERM as well.
Fixes#70440
Change-Id: I705cc086e21630ca254499ca922ede78c9901b11
Reviewed-on: https://go-review.googlesource.com/c/go/+/629635
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
We might or might not want to expose it, but it makes the internal API
symmetrical, and lets us decide to do it in the future without changing
the FIPS module.
Updates #65716
Change-Id: Iea431a527ab17b9f00dee4da25761cedb2c2eba0
Reviewed-on: https://go-review.googlesource.com/c/go/+/630655
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
For #67816
Change-Id: I9ba3a245d6b18758944ca5e206a15892b2aa6028
Reviewed-on: https://go-review.googlesource.com/c/go/+/630976
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Damien Neil <dneil@google.com>
Remove the OpLocalAddrs that are unnecessary in the CSE pass, so the
following passes like DSE and memcombine can do its work better.
Fixes#70300
Change-Id: I600025d49eeadb3ca4f092d614428399750f69bc
Reviewed-on: https://go-review.googlesource.com/c/go/+/628075
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Keith Randall <khr@golang.org>
Unify how go/types, types2, and noder read in unified export data from
GC-created files.
This splits FindExportData into smaller pieces for improved code
sharing.
- FindPackageDefinition finds the package definition file in the ar
archive.
- ReadObjectHeaders reads the object headers.
- ReadExportDataHeader reads the export data format header.
There is a new convenience wrapper ReadUnified that combines all of
these. This documents the expected archive contents.
Updates noder and the importers to use these.
This also adjusts when end-of-section marker ("\n$$\n") checking happens.
Change-Id: Iec2179b0a1ae7f69eb12d077018f731116a77f13
Reviewed-on: https://go-review.googlesource.com/c/go/+/628155
Reviewed-by: Robert Griesemer <gri@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Commit-Queue: Tim King <taking@google.com>
For tests that are interested in testing the difference between TLS in
FIPS 140-3 required mode or otherwise two new helpers are introduced,
runWithFIPSEnabled and runWithFIPSDisabled. They take care of forcing
the correct TLS FIPS 140-3 state regardless of the overal GODEBUG=fips
state, and restoring it afterwards.
For the tests that use features or test data not appropriate for
TLS in FIPS 140-3 required mode we add skips. For some tests we can make
them appropriate for both TLS FIPS 140-3 required or not by tweaking some
parameters that weren't important to the subject under test, but would
otherwise preclude TLS FIPS 140-3 required mode (e.g. because they used
TLS 1.0 when the test could use TLS 1.2 instead). For others, switching
test certificates to a RSA 2048 hierarchy is sufficient. We avoid
regenerating the existing RSA 1024 certs as 2048 since it would
invalidate recorded static flow data.
Tests that rely on static message flows (primarily the client and server
handshake) tests are skipped due to FIPS mode being non-deterministic
and inappropriate for this style of testing.
Change-Id: I311f3828dac890bb3ff8ebda6ed73d50f0797110
Reviewed-on: https://go-review.googlesource.com/c/go/+/629736
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Per IG 10 3.A a module implementing PBKDF2 must perform a CAST
on the derivation of a master key. This commit adds the required CAST
test.
The salt length (16 bytes), and output length (14 bytes) for the test
are selected to meet FIPS requirements. The iteration count must be
at least 2 so we use that value exactly for the fastest self-test
allowable.
We test all underlying prerequisite algorithms (HMAC, digest algorithms)
separately.
For #69536
Change-Id: Iba9e87ab89eeec1c73adc7e56016674ac8065c39
Reviewed-on: https://go-review.googlesource.com/c/go/+/623195
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
This commit extends the acvp_test.go module wrapper and its described
capabilities to included test coverage for PBKDF vectors.
Notably this requires using an updated boringssl version to pick up
support for PBKDF vectors in acvptool.
Updates #69642
Change-Id: I17dcf2c19c38773fa9123d8e9b2172522e218a8b
Reviewed-on: https://go-review.googlesource.com/c/go/+/619755
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
This commit lifts the internals of crypto/pbkdf2 into
crypto/internal/fips140/pbkdf2, in the FIPS module. The code
remains unchanged except for the following adjustments:
* The hash and hmac imports now come from the FIPS equivalents.
* The FIPS service indicator status is set based on the SP 800-132
requirements for PBKDF2.
For #69536
Change-Id: I61f47a652cef10505a5b40a70be5240b161a97ba
Reviewed-on: https://go-review.googlesource.com/c/go/+/619236
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Derek Parker <parkerderek86@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Fixes#70507
Change-Id: I2ab1f221ebd45fedc70d1fded29b084147eadd28
Reviewed-on: https://go-review.googlesource.com/c/go/+/630815
Auto-Submit: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Tim King <taking@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Add an UnencryptedHTTP2 protocol value.
Both Server and Transport implement "HTTP/2 with prior knowledge"
as described in RFC 9113, section 3.3. Neither supports the
deprecated HTTP/2 upgrade mechanism (RFC 7540, section 3.2 "h2c").
For Server, UnencryptedHTTP2 controls whether the server
will accept HTTP/2 connections on unencrypted ports.
When enabled, the server checks new connections for
the HTTP/2 preface and routes them appropriately.
For Transport, enabling UnencryptedHTTP2 and disabling HTTP1
causes http:// requests to be made over unencrypted HTTP/2
connections.
For #67816
Change-Id: I2763c4cdec1c2bc6bb8157edb93b94377de8a59b
Reviewed-on: https://go-review.googlesource.com/c/go/+/622976
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Change-Id: Ia79c7c8c4245b1ff8221296bc47bcba257e153e2
Reviewed-on: https://go-review.googlesource.com/c/go/+/630895
Reviewed-by: Tim King <taking@google.com>
Reviewed-by: Robert Griesemer <gri@google.com>
Auto-Submit: Robert Griesemer <gri@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This is intended to simplify future experiments/changes.
It does slightly change the fixedpoint order (across all
functions in a func+closures set or recursive set, but
that seems not to affect tests or benchmarks).
Change-Id: I80bcaabf277b317523e538f5fd4d2ff6dc08c033
Reviewed-on: https://go-review.googlesource.com/c/go/+/630595
Reviewed-by: Keith Randall <khr@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Keith Randall <khr@golang.org>
This finds the bug fixed in CL 630279.
reflect mutates the SwissMapType of a map[unsafe.Pointer]unsafe.Pointer,
which happened to already have the correct GroupSize for all of the maps
used in the reflect tests.
For #54766.
Change-Id: If4428e1e799598e7512edceb3cefb2ad00cfa712
Reviewed-on: https://go-review.googlesource.com/c/go/+/630676
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Keith Randall <khr@golang.org>
Reviewed-by: Keith Randall <khr@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
This came up in some swissmap code.
Change-Id: I3c6705a5cafec8cb4953dfa9535cf0b45255cc83
Reviewed-on: https://go-review.googlesource.com/c/go/+/629516
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: David Chase <drchase@google.com>
This commit imports the x/crypto/hkdf package as a public crypto package
based on the linked proposal. Since we've already implemented this
internal to the FIPS boundary (mod some small changes based on the
proposal discussion) this largely defers to that implementation.
Updates #61477
Change-Id: Ie3dcee75314dfbe22eec8b31c43c926fe80637bb
Reviewed-on: https://go-review.googlesource.com/c/go/+/630296
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Setting GODEBUG=multipathtcp= [1] has no effects on apps using
ListenTCP or DialTCP directly.
According to the documentation, these functions are supposed to act like
Listen and Dial respectively:
ListenTCP acts like Listen for TCP networks.
DialTCP acts like Dial for TCP networks.
So when reading this, I think we should expect GODEBUG=multipathtcp= to
act on these functions as well.
Also, since #69016, MPTCP is used by default (if supported) with TCP
listeners. Similarly, when ListenTCP is used directly, MPTCP is
unexpectedly not used. It is strange to have a different behaviour.
So now, ListenTCP and DialTCP also check for MPTCP. Those are the exact
same checks that are done in dial.go, see Listen and dialSingle.
[1] https://pkg.go.dev/net#Dialer.SetMultipathTCPFixes#70500
Change-Id: I646431a74571668e505493fa8c1b2206bf30ed09
GitHub-Last-Rev: 69a31a1b03
GitHub-Pull-Request: golang/go#70501
Reviewed-on: https://go-review.googlesource.com/c/go/+/630715
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Adds support for server-side ECH.
We make a couple of implementation decisions that are not completely
in-line with the spec. In particular, we don't enforce that the SNI
matches the ECHConfig public_name, and we implement a hybrid
shared/backend mode (rather than shared or split mode, as described in
Section 7). Both of these match the behavior of BoringSSL.
The hybrid server mode will either act as a shared mode server, where-in
the server accepts "outer" client hellos and unwraps them before
processing the "inner" hello, or accepts bare "inner" hellos initially.
This lets the server operate either transparently as a shared mode
server, or a backend server, in Section 7 terminology. This seems like
the best implementation choice for a TLS library.
Fixes#68500
Change-Id: Ife69db7c1886610742e95e76b0ca92587e6d7ed4
Reviewed-on: https://go-review.googlesource.com/c/go/+/623576
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Using filepath.SkipDir without confirming that d is a directory makes
it prone to taking unintended action if a file (not a directory) with
the same name gets added.
This isn't a problem today, but we shouldn't spend human code review
time checking that this doesn't somehow happen in the future, either.
Change-Id: I29bf203ddef175c3ad23c9ddc10fa934126ac853
Reviewed-on: https://go-review.googlesource.com/c/go/+/630635
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
Currently, instruction encoding is a slice of encoding types, which
is indexed by a masked version of the riscv64 opcode. Additional
information about some instructions (for example, if an instruction
has a ternary form and if there is an immediate form for an instruction)
is manually specified in other parts of the assembler code.
Rework the instruction encoding information so that we use a table
driven form, providing additional data for each instruction where
relevant. This means that we can simplify other parts of the code
by simply looking up the instruction data and reusing minimal logic.
Change-Id: I7b3b6c61a4868647edf28bd7dbae2150e043ae00
Cq-Include-Trybots: luci.golang.try:gotip-linux-riscv64
Reviewed-on: https://go-review.googlesource.com/c/go/+/622535
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Meng Zhuo <mengzhuo1203@gmail.com>
Reviewed-by: Mark Ryan <markdryan@rivosinc.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Adjust splitPathInRoot to match its documented behavior
of dropping . path components except at the end of the path.
This function takes a prefix, path, and suffix; previously
it would preserve a trailing . at the end of the path
even when joining to a suffix.
The practical effect of this change is that we we'll skip
a pointless open of . when following a symlink under some
circumstances:
- open "a/target"
- "a" is a symlink to "b/."
- previously: we rewrite our path to "b/./target"
- now: we rewrite our path to "b/target"
This is a fairly unimportant edge case, and our observable
behavior isn't changing. The main motivation for this change is
that the overall behavior is more comprehensible if splitPathInRoot
follows its documentation.
Change-Id: I96c6a5e3f489cdac991ba1bd702180d69625bc64
Reviewed-on: https://go-review.googlesource.com/c/go/+/630615
Reviewed-by: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Change-Id: I07e7c8eaa5bd4bac0d576b2f2f4cd3f81b0b77a4
Reviewed-on: https://go-review.googlesource.com/c/go/+/630055
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Commit-Queue: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Ian Lance Taylor <iant@google.com>
This is fixing some the missing logic of CL 627755.
Change-Id: I35acffef7299331fce21da4a80a26185b2e909f4
Reviewed-on: https://go-review.googlesource.com/c/go/+/630455
Commit-Queue: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fixes#70484
Change-Id: I609834aca3e97bf494565da513cd2b8a83123c89
Reviewed-on: https://go-review.googlesource.com/c/go/+/630216
Reviewed-by: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Commands run:
cd $GOROOT/src/cmd
go get golang.org/x/tools@v0.27.0
go mod tidy
go mod vendor
Needed for CL 623475. Introduced ABIInternal syscall support.
Change-Id: I03d7576747826243c25658f360b24ef9b84f0f04
Reviewed-on: https://go-review.googlesource.com/c/go/+/620738
Reviewed-by: Meidan Li <limeidan@loongson.cn>
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: David Chase <drchase@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: abner chenc <chenguoqi@loongson.cn>
Use internal/goarch.PtrSize, instead of unsafe.Sizeof(uintptr(0)).
Change-Id: If501ae9853ed384c4b9485e2c3b0aeba03c17685
Reviewed-on: https://go-review.googlesource.com/c/go/+/630795
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Cherry Mui <cherryyz@google.com>
After tools CL 612038, the package astutil stops being vendored, but
_gen/rulegen.go needs to import this package.
In particular, after update golang.org/x/tools, the package astutil
is deleted from the vendor directory, and got error when run TestStdlib
in longtest. So in this CL, we make _gen an actual submodule and
skip it in TestStdlib.
Change-Id: I76f77b66427f6490b4746698711a6e307ad2ba79
Reviewed-on: https://go-review.googlesource.com/c/go/+/629015
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: abner chenc <chenguoqi@loongson.cn>
This commit imports the x/crypto/pbkdf2 package as described in the
linked proposal. The code is unchanged with the exception of a few
small updates to reflect feedback from the proposal comment period:
* the Key function is made generic over a hash.Hash
* the h function is moved to be the first argument
* keyLen is renamed to keyLength
* an error return is added
* the unit tests were moved to the pbkdf2_test package
Updates #69488
Change-Id: If72f854daeb65a5c7fbe45ebd341e63a33340624
Reviewed-on: https://go-review.googlesource.com/c/go/+/628135
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
While the cached name of an executable is set based on the base name of
the package path, the executable produced as the output of link doesn't
have ExeName set on it and is just called a.out (with a .exe suffix on
Windows). Set ExeName so that the first time the binary is run, from the
directory link is run in, it has the right name for ps.
For #48429
Change-Id: Ic049304ec6fd5b23c2f5aaaf91aa58d79fe5a7ba
Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest,gotip-windows-amd64-longtest
Reviewed-on: https://go-review.googlesource.com/c/go/+/630695
Reviewed-by: Conrad Irwin <conrad.irwin@gmail.com>
Reviewed-by: Hongxiang Jiang <hxjiang@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This will be re-enabled by an in-progress CR. For now, ignore this test
process to prevent build breakage.
Change-Id: Ica1cb1c4f9844164ab32767ce2a499021d40b997
Reviewed-on: https://go-review.googlesource.com/c/go/+/630237
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
1. Support for decimal arithmetic quad instructions of powerpc: DADDQ, DSUBQ, DMULQ
and DDIVQ.
2. Support for decimal compare ordered, unordered, quad instructions of powerpc:
DCMPU, DCMPO, DCMPUQ, and DCMPOQ.
Change-Id: I32a15a7f0a127b022b1f43d376e0ab0f7e9dd108
Cq-Include-Trybots: luci.golang.try:gotip-linux-ppc64_power10,gotip-linux-ppc64_power8,gotip-linux-ppc64le_power8,gotip-linux-ppc64le_power9,gotip-linux-ppc64le_power10
Reviewed-on: https://go-review.googlesource.com/c/go/+/623036
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Paul Murphy <murp@ibm.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Paul Murphy <murp@ibm.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
I left this behind accidentally.
Change-Id: I70f97b8214775e89c612890aead26431c9a443a4
Reviewed-on: https://go-review.googlesource.com/c/go/+/630575
Auto-Submit: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
See https://github.com/golang/go/issues/70200#issuecomment-2468562595,
GOFIPS140 value when building the toolchain (off when not set)
is the default value for GOFIPS140,
it is buildcfg.defaultGOFIPS140,
export as buildcfg.DefaultGOFIPS140 that can be used in the cmd/go.
For #70200
Change-Id: I5a4873a718eeefda8e65bfab51d9d3d5ad2c21b6
Reviewed-on: https://go-review.googlesource.com/c/go/+/629996
Reviewed-by: Michael Matloob <matloob@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Consolidates handling of FIPS 140-3 considerations for the tls package.
Considerations specific to certificates are now handled in tls instead
of x509 to limit the area-of-effect of FIPS as much as possible.
Boringcrypto specific prefixes are renamed as appropriate.
For #69536
Co-authored-by: Filippo Valsorda <filippo@golang.org>
Change-Id: I1b1fef83c3599e4c9b98ad81db582ac93253030b
Reviewed-on: https://go-review.googlesource.com/c/go/+/629675
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Re-work kqueue_event wakeup logic to use one-shot events. In an
event of waking up a wrong thread, simply re-post the event.
This saves close to 1 system call per wakeup on average, since
chances of non-blocking poller picking it up is pretty low.
Change-Id: I202d0d57a31d91ac5354ea075215f647c65790d3
GitHub-Last-Rev: e707d47326
GitHub-Pull-Request: golang/go#70408
Reviewed-on: https://go-review.googlesource.com/c/go/+/628975
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
We shouldn't spend human code review time checking this.
Let the computer check.
Change-Id: I6de9d733c128d833b958b0e43a52b564e8f82dd3
Reviewed-on: https://go-review.googlesource.com/c/go/+/630417
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sam Thanawalla <samthanawalla@google.com>
The code takes care to print test results during "go test ./..."
in the package order, delaying prints until it's that package's
turn, even when tests run in parallel. For some reason, the
prints about the test not running were not included in that,
making them print out of order. Fix that, printing that result
with the usual result printer.
This is particularly noticeable during all.bash when we start
letting cmd/dist vet packages without tests.
Change-Id: If07f9fe5a6fac2b57b24d599126b451357a164e2
Reviewed-on: https://go-review.googlesource.com/c/go/+/630416
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sam Thanawalla <samthanawalla@google.com>
Pass all packages to go test, even if they don't have test files,
so that go test can still run vet.
I just got burned by a vet error in a package without a test
showing up when I added an (unrelated) test.
There are not enough packages without tests to be worth
the "savings" of not letting the go command vet those packages.
For #60463.
Change-Id: Ib9258655151144dce6a51deeae73d651aa46cb2c
Reviewed-on: https://go-review.googlesource.com/c/go/+/630015
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
An earlier CL moved the actual test from crypto/internal/fips/check
to crypto/internal/fipstest (now crypto/internal/fips140test),
so this cmd/dist check has been doing nothing for a little while.
Fix it to do what it intends.
Also run the actual crypto package tests in FIPS mode in long mode.
Change-Id: Iea8113376b95ec068a459cb8f3d0e77d3e2340f6
Reviewed-on: https://go-review.googlesource.com/c/go/+/630116
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
This was missed in CL 627716.
For #54766.
Change-Id: Ib987efa8abe6e89367e2e1b71a33b64ac6b01b1f
Reviewed-on: https://go-review.googlesource.com/c/go/+/630279
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
Auto-Submit: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
David Chase
Filippo Valsorda
Dmitri Shuralyov
Roland Shoemaker
Richard Miller
Damien Neil
Youlin Feng
Tim King
Daniel McCarney
Ian Lance Taylor
Robert Griesemer
Michael Pratt
Keith Randall
Matthieu Baerts (NGI0)
Sean Liao
Joel Sing
cuishuang
Junyang Shao
Xiaolin Zhao
Cherry Mui
Michael Matloob
Jayanth Krishnamurthy jayanth.krishnamurthy@ibm.com
Russ Cox
qiulaidongfeng
Maksym Sobolyev