This is optimized to be cheap in terms of extra code and complexity,
rather than performance, so we reuse the GCD we have for inverting d.
Recovers most of the performance loss since CL 630516, although
benchmarking key generation is by nature extremely noisy.
goos: darwin
goarch: arm64
pkg: crypto/rsa
cpu: Apple M2
│ 3b42687c56 │ b3d018a1e8-dirty │
│ sec/op │ sec/op vs base │
GenerateKey/2048-8 104.1m ± 7% 139.7m ± 20% +34.10% (p=0.000 n=20)
Updates #69799
For #69536
Change-Id: I00347610935db8feb0597529a301ad7ace5b2f22
Reviewed-on: https://go-review.googlesource.com/c/go/+/632479
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Turns out that recomputing them (and qInv in particular) in constant
time is expensive, so let's not throw them away when they are available.
They are much faster to check, so we now do that on precompute.
Also, thanks to the opaque crypto/internal/fips140/rsa.PrivateKey type,
we now have some assurance that the values we use are always ones we
checked.
Recovers most of the performance loss since CL 630516 in the happy path.
Also, since now we always use the CRT, if necessary by running a
throwaway Precompute, which is now cheap if PrecomputedValues is filled
out, we effectively fixed the JSON round-trip slowdown (#59695).
goos: darwin
goarch: arm64
pkg: crypto/rsa
cpu: Apple M2
│ 3b42687c56 │ f017604bc6-dirty │
│ sec/op │ sec/op vs base │
ParsePKCS8PrivateKey/2048-8 26.76µ ± 1% 65.99µ ± 1% +146.64% (p=0.002 n=6)
Fixes#59695
Updates #69799
For #69536
Change-Id: I507f8c5a32e69ab28990a3bf78959836b9b08cc9
Reviewed-on: https://go-review.googlesource.com/c/go/+/632478
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
It's about 2x slower, but we'll recover that by implementing trial
divisions in a follow-up CL.
Updates #69799
For #69536
Change-Id: Icc02f5a268b658d629bbe7fdaf2a42ad3b259e2c
Reviewed-on: https://go-review.googlesource.com/c/go/+/632477
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
We are severely limited by the crypto/rsa API in a few ways:
- Precompute doesn't return an error, but is the only function allowed
to modify a PrivateKey.
- Clients presumably expect the PrecomputedValues big.Ints to be
populated after Precompute.
- MarshalPKCS1PrivateKey requires the precomputed values, and doesn't
have an error return.
- PrivateKeys with only N, e, and D have worked so far, so they might
have to keep working.
To move precomputation to the FIPS module, we focus on the happy path of
a PrivateKey with two primes where Precompute is called before anything
else, which match ParsePKCS1PrivateKey and GenerateKey.
There is a significant slowdown in the Parse benchmark due to the
constant-time inversion of qInv. This will be addressed in a follow-up
CL that will use (and check) the value in the ASN.1.
Note that the prime product check now moved to checkPrivateKey is broken
(Π should start at 1 not 0) and fixed in CL 632478.
Updates #69799
For #69536
Change-Id: I95a8bc1244755c6d15d7c4eb179135a15608ddd6
Reviewed-on: https://go-review.googlesource.com/c/go/+/632476
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
N needs to be odd or we can't call Nat.Exp with it. This was previously
enforced at the Modulus level, but was relaxed in CL 630515.
While at it, also assert that e is odd. If it's even, there is no
possible corresponding private key, and we might as well error out.
Change-Id: I43a6c6e5789683854e4aece650fbf85166b6c318
Reviewed-on: https://go-review.googlesource.com/c/go/+/632475
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Will be needed for RSA key generation.
We now require Modulus to be > 1 because we don't want to worry about 1
being out of range. There is no use for a Modulus of 1 anyway, and we
already return an error from NewModulus.
Ported from https://cs.opensource.google/boringssl/boringssl/+/master:crypto/fipsmodule/bn/gcd_extra.cc.inc;drc=5813c2c10c73d800f1b0d890a7d74ff973abbffc.
Updates #69799
For #69536
Change-Id: I9850bcc461565b23fa7186a09c65355f7da3e5ba
Reviewed-on: https://go-review.googlesource.com/c/go/+/632415
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
A following CL will move key generation to crypto/internal/fips140/rsa.
Updates #69799
For #69536
Change-Id: Icdf9b8424da20453939c6587af7dc922aad9e0ca
Reviewed-on: https://go-review.googlesource.com/c/go/+/632215
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Most items that need to be done are tracked in release-blocking issues,
but a few are not. Make it easier to understand and track their status.
For #68545.
Change-Id: I1cb31e67d2d868a82ee592c9adb31bc5dd558d67
Reviewed-on: https://go-review.googlesource.com/c/go/+/632195
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Fixes#64127
Change-Id: I1562953caa3b1b2bc5dd3b7692671e0f3d5d2b9b
Reviewed-on: https://go-review.googlesource.com/c/go/+/632355
Commit-Queue: Tim King <taking@google.com>
Reviewed-by: Alan Donovan <adonovan@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fixes#66387
Change-Id: Ida9381d1ea83bcceaba460014fac3d0c13ccdbff
Reviewed-on: https://go-review.googlesource.com/c/go/+/632315
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Commit-Queue: Tim King <taking@google.com>
Reviewed-by: Alan Donovan <adonovan@google.com>
For #66821
Change-Id: Id9b640a57b9d4d1f9114769f607480b14961e7b3
Reviewed-on: https://go-review.googlesource.com/c/go/+/632036
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Ian Lance Taylor <iant@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Distinguish between variadic signatures and argument lists to
(possibly variadic) functions and place `...` before or after
the last type in the list of types.
Fixes a panic.
Fixes#70526.
Change-Id: I77aba8f50984a21ebcdb62582030f2d0fe0eb097
Reviewed-on: https://go-review.googlesource.com/c/go/+/632275
Reviewed-by: Alan Donovan <adonovan@google.com>
Auto-Submit: Robert Griesemer <gri@google.com>
Reviewed-by: Robert Findley <rfindley@google.com>
Reviewed-by: Robert Griesemer <gri@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Static symbols don't have the package prefix, so we need to identify
them specially.
Change-Id: Iaa0456de802478f6a257164e9703f18f8dc7eb50
Reviewed-on: https://go-review.googlesource.com/c/go/+/631975
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
No test case because the problem can only happen for invalid data.
Let the fuzzer find cases like this.
For #47653Fixes#70584
Change-Id: I8a69a27dcb5b258b88f8e01ebaf0ec20cfcd489b
Reviewed-on: https://go-review.googlesource.com/c/go/+/632035
Reviewed-by: Veronica Silina <veronicasilina@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Auto-Submit: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
This is the result of running relnote todo today and reviewing its
output. Most of the remaining items that still need to be added to
Go 1.24 release notes are now tracked in release blocking issues.
For a few where it's less clear, I opted to comment on issues.
A good number of items were proposals that affect golang.org/x repos
and don't need to be mentioned in Go 1.24 release notes; they're now
annotated as such.
For #68545.
Change-Id: I4dc7f6d2cf5ab9e68bce83d01413224f80384e2f
Reviewed-on: https://go-review.googlesource.com/c/go/+/631684
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Update comment to remove link formatting that doesn't turn into a link, because the target field is not a top-level member of the package. Re-word comment slightly.
Change-Id: I43ebd8fb105b772a4362c0c763e6464321a92747
Reviewed-on: https://go-review.googlesource.com/c/go/+/631856
Reviewed-by: Veronica Silina <veronicasilina@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fix a regression that appeared in 1.23 when it comes to the stack traces
shown in the trace viewer. In 1.22 and earlier, the viewer was always
showing end stack traces. In 1.23 and later the viewer started to
exclusively show start stack traces.
Showing only the start stack traces made it impossible to see the last
stack trace produced by a goroutine. It also made it hard to understand
why a goroutine went off-cpu, as one had to hunt down the next running
slice of the same goroutine.
Emit end stack traces in addition to start stack traces to fix the
issue.
Fixes#70570
Change-Id: Ib22ea61388c1d94cdbc99fae2d207c4dce011a59
Reviewed-on: https://go-review.googlesource.com/c/go/+/631895
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Felix Geisendörfer <felix.geisendoerfer@datadoghq.com>
Reviewed-by: Nick Ripley <nick.ripley@datadoghq.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
For #46477.
For #68545.
Change-Id: I54a36f24167a1f909a865f8f6cf416d7378faa4e
Reviewed-on: https://go-review.googlesource.com/c/go/+/632055
Reviewed-by: Robert Griesemer <gri@google.com>
TryBot-Bypass: Robert Griesemer <gri@google.com>
Auto-Submit: Robert Griesemer <gri@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Fixes#56378
Change-Id: Ibeaa5aa67e017be0da8797e4c87abf2ee0249db8
Reviewed-on: https://go-review.googlesource.com/c/go/+/632015
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Commit-Queue: Ian Lance Taylor <iant@google.com>
TestTransportRemovesH2ConnsAfterIdle is experiencing flaky
failures due to a bug in idle connection handling.
Upon inspection, TestTransportRemovesH2ConnsAfterIdle
is slow and (I think) not currently testing the condition
that it was added to test.
Using the new synctest package, this CL:
- Adds a test for the failure causing flakes in this test.
- Rewrites the existing test to use synctest to avoid sleeps.
- Adds a new test that covers the condition the test was
intended to examine.
The new TestTransportIdleConnRacesRequest exercises the
scenario where a never-used connection is closed by the
idle-conn timer at the same time as a new request attempts
to use it. In this race, the new request should either
successfully use the old connection (superseding the
idle timer) or should use a new connection; it should not
use the closing connection and fail.
TestTransportRemovesConnsAfterIdle verifies that
a connection is reused before the idle timer expires,
and not reused after.
TestTransportRemovesConnsAfterBroken verifies
that a connection is not reused after it encounters
an error. This exercises the bug fixed in CL 196665,
which introduced TestTransportRemovesH2ConnsAfterIdle.
For #70515
Change-Id: Id23026d2903fb15ef9a831b2df71177ea177b096
Reviewed-on: https://go-review.googlesource.com/c/go/+/631795
Reviewed-by: Jonathan Amsterdam <jba@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com>
Previously, we'd skip installing the bundled HTTP/2 support
if Transport.TLSNextProto is non-nil.
With the addition of the Transport.Protocols field, we'll
install HTTP/2 if Protocols contains HTTP2, even if TLSNextProto
is non-nil. However, we shouldn't do so if it already contains an
"h2" entry.
Change-Id: Ib086473bb52f1b76d83b1df961d41360c605832c
Reviewed-on: https://go-review.googlesource.com/c/go/+/631395
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
Return a *CTR from an always-inlineable function, so the allocation
can be lifted to the callsite.
Put the potentially uninlineable code in a separate function that returns a CTR.
Fixes#70499
Change-Id: I2531a2516e4c00aba65407f3bc24a7c21dd8f842
Reviewed-on: https://go-review.googlesource.com/c/go/+/631317
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Don't fallthrough to the hardware version if we used the generic version.
Missed one case of this in CL 631315.
(Originally broken on CL 624738.)
Change-Id: I5bf485ac8b0007769e4e935794defe2a3592376e
Reviewed-on: https://go-review.googlesource.com/c/go/+/631136
Reviewed-by: Keith Randall <khr@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Fixes#70509
Change-Id: I62952c0ac5de456742b7bee3552a0d90238bfde5
Reviewed-on: https://go-review.googlesource.com/c/go/+/631075
Reviewed-by: Michael Matloob <matloob@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Ian Lance Taylor <iant@golang.org>
The Go 1.24 code freeze has recently started. This is a time to update
all golang.org/x/... module versions that contribute packages to the
std and cmd modules in the standard library to latest master versions.
For #36905.
[git-generate]
go install golang.org/x/build/cmd/updatestd@latest
go install golang.org/x/tools/cmd/bundle@latest
updatestd -goroot=$(pwd) -branch=master
Change-Id: I1b2e3b63ccc1137256d80c882b99ed26a66cbf6b
Reviewed-on: https://go-review.googlesource.com/c/go/+/631336
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
Don't fallthrough to the hardware version if we used the generic version.
This might fix the s390x build on the dashboard.
(Originally broken on CL 624738.)
Change-Id: Idad1f1973a34fc64550ecf0d012651f62bcd6272
Reviewed-on: https://go-review.googlesource.com/c/go/+/631315
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Keith Randall <khr@golang.org>
This change modifies the logic which searches for existing cleanups.
The existing search logic sets the next node to the current node
in certain conditions. This would cause future searches to loop
endlessly. The existing loop could convert non-cleanup specials into
cleanups and cause data corruption.
This also changes where we release the m while we are adding a
cleanup. We are currently holding onto an p-specific gcwork after
releasing the m.
Change-Id: I0ac0b304f40910549c8df114e523c89d9f0d7a75
Reviewed-on: https://go-review.googlesource.com/c/go/+/630278
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Carlos Amedee <carlos@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
This vendors the vectors (generated using [0], derived from the
BoringSSL script which generates their test headers) and all of the
certs, but only runs the subset of the suite that is focused on policy
validation.
In the future we may want to run more of the suite, since it is focused
on path validation, not path building, the way it interacts with our
hybrid path builder/validator is kind of complicated.
Updates #68484
Updates #45857
[0] https://gist.github.com/rolandshoemaker/a4efa9d65c2cef74a46ea40f47f0729e
Change-Id: Ic04323dcd76aa5cbd6372c8cb1c44ccb91ccbca4
Reviewed-on: https://go-review.googlesource.com/c/go/+/618415
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
1. In cmd/internal/obj, only apply the exclusion list to data symbols.
Text symbols are always fine since they can use PC-relative relocations.
2. In cmd/link, only skip trampolines for text symbols in the same package
with the same type. Before, all text symbols had type STEXT, but now that
there are different sections of STEXT, we can only rely on symbols in the
same package in the same section being close enough not to need
trampolines.
Fixes#70379.
Change-Id: Ifad2bdd6001ad3b5b23e641127554e9ec374715e
Reviewed-on: https://go-review.googlesource.com/c/go/+/631036
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
CL 627603 added a clear error that FIPS+ASAN doesn't work, and
disabled a test in check_test.go. The :gofips140 test variants
in cmd/dist need to be disabled as well.
Remove a return after testing.T.Skipf since it's unreachable.
For #70321.
Fixes#70496.
Change-Id: Ia53830db1260a817aff1a82cbd91b725e0791437
Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-asan-clang15
Reviewed-on: https://go-review.googlesource.com/c/go/+/631095
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
This makes three related changes that work particularly well together
and would require significant extra work to do separately: it replaces
X25519Kyber768Draft00 with X25519MLKEM768, it makes CurvePreferences
ordering crypto/tls-selected, and applies a preference to PQ key
exchange methods over key shares (to mitigate downgrades).
TestHandshakeServerUnsupportedKeyShare was removed because we are not
rejecting unsupported key shares anymore (nor do we select them, and
rejecting them actively is a MAY). It would have been nice to keep the
test to check we still continue successfully, but testClientHelloFailure
is broken in the face of any server-side behavior which requires writing
any other messages back to the client, or reading them.
Updates #69985Fixes#69393
Change-Id: I58de76f5b8742a9bd4543fd7907c48e038507b19
Reviewed-on: https://go-review.googlesource.com/c/go/+/630775
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
The h2_bundle.go update was done in CL 631035,
and the test now passes.
Fixes#67816.
Change-Id: Icd54c2774a9e2781e7dc9342ae70c3034eb9bab9
Reviewed-on: https://go-review.googlesource.com/c/go/+/631037
Auto-Submit: Damien Neil <dneil@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Running the test suite in this mode is definitely not an option. Testing
this will probably look like a very long test that tries all functions.
Filed #70514 to track the tests.
For #70123
Change-Id: I6f67de83da37dd1e94e620b7f4f4f6aabe040c41
Reviewed-on: https://go-review.googlesource.com/c/go/+/631018
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This commit exposes the crypto/internal/mlkem package as a public crypto
package based on the linked proposal. Since we've already implemented
this internal to the FIPS boundary this largely defers to that
implementation.
Updates #70122
Change-Id: I5ec9c2783c4d44583244c6d16597704a51e9b738
Reviewed-on: https://go-review.googlesource.com/c/go/+/630240
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
This package holds only the Enabled() function.
Updates #70123
Change-Id: If0e731724d9997001fa52002fa6ae72df4eb16ff
Reviewed-on: https://go-review.googlesource.com/c/go/+/631017
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Switch from Certificate.PolicyIdentifiers to Certificate.Policies when
marshalling.
Fixes#67620
Change-Id: Ib627135a569f53d344b4ee2f892ba139506ce0d1
Reviewed-on: https://go-review.googlesource.com/c/go/+/629855
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
This makes it more similar to the ECDSA API, introducing proper key
types that can correctly "cache" the key check.
The new API also has a better compliance profile. Note how the old
ECDHPnnn functions were not doing the PCT, instead delegating to the
caller an invocation of ImportKeyPnnn.
Change-Id: Ic6cf834427fd790324919b4d92bdaa2aac840016
Reviewed-on: https://go-review.googlesource.com/c/go/+/630098
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
This should make it much more likely that rangefunc
iterators become "plain inline code".
Change-Id: I8026603afdc5249f60cc663c4bc15cb1d26d1c83
Reviewed-on: https://go-review.googlesource.com/c/go/+/630696
Reviewed-by: Keith Randall <khr@golang.org>
Auto-Submit: David Chase <drchase@google.com>
Reviewed-by: Keith Randall <khr@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Implement the SHA-3 hash algorithms and the SHAKE extendable output
functions defined in FIPS 202.
This is a wrapper for crypto/internal/fips/sha3 which in turn was ported
from x/crypto/sha3 in CL 616717 as part of #65269.
Fixes#69982
Change-Id: I64ce7f362c1a773f7f5b05f7e0acb4110e52a329
Reviewed-on: https://go-review.googlesource.com/c/go/+/629176
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
This is quite a bit slower (almost entirely in the e * d reductions,
which could be optimized), but the slowdown is only 12% of a signature
operation.
Also, call Validate at the end of GenerateKey as a backstop. Key
generation is so incredibly slow that the extra time is negligible.
goos: darwin
goarch: arm64
pkg: crypto/rsa
cpu: Apple M2
│ ec9643bbed │ ec9643bbed-dirty │
│ sec/op │ sec/op vs base │
SignPSS/2048-8 869.8µ ± 1% 870.2µ ± 0% ~ (p=0.937 n=6)
GenerateKey/2048-8 104.2m ± 17% 106.9m ± 10% ~ (p=0.589 n=6)
ParsePKCS8PrivateKey/2048-8 28.54µ ± 2% 136.78µ ± 8% +379.23% (p=0.002 n=6)
Fixes#57751
Co-authored-by: Derek Parker <parkerderek86@gmail.com>
Change-Id: Ifb476859207925a018b433c16dd62fb767afd2d5
Reviewed-on: https://go-review.googlesource.com/c/go/+/630517
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Filippo Valsorda
Dmitri Shuralyov
Tim King
Ian Lance Taylor
zhangjian
Robert Griesemer
Russ Cox
Adam Bender
Hiroaki Sano
Felix Geisendörfer
Roland Shoemaker
Alan Donovan
Damien Neil
Meng Zhuo
Keith Randall
Conrad Irwin
Carlos Amedee
Sean Liao
Daniel McCarney
David Chase