diff options
| author | Cherry Mui <cherryyz@google.com> | 2025-12-11 12:28:02 -0500 |
|---|---|---|
| committer | Cherry Mui <cherryyz@google.com> | 2025-12-11 10:59:23 -0800 |
| commit | a21c9d43536f58ad6c895e4c5ac8d5fc07768d7e (patch) | |
| tree | 09dff4b3fe6da342f79eae55b1661aa7538806b7 | |
| parent | b63cff6ad80a511ea949adafdec39c16f2e3e95d (diff) | |
| download | go-x-website-a21c9d43536f58ad6c895e4c5ac8d5fc07768d7e.tar.xz | |
_content/doc/go1.26: minor edit of runtime/secret release notes
This is experimental, so move it later after the non-experimental
one. Mention it available only on Linux AMD64 and ARM64. And some
minor wording edits.
For golang/go#75005.
Change-Id: Ie4a5b9f5a3a72142062b1612cb3ff685ef3af931
Reviewed-on: https://go-review.googlesource.com/c/website/+/729300
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
| -rw-r--r-- | _content/doc/go1.26.md | 43 |
1 files changed, 21 insertions, 22 deletions
diff --git a/_content/doc/go1.26.md b/_content/doc/go1.26.md index 478e59c1..dd387395 100644 --- a/_content/doc/go1.26.md +++ b/_content/doc/go1.26.md @@ -216,28 +216,7 @@ We expect that Go 1.28 will require a minor release of Go 1.26 or later for boot ## Standard library {#library} -### New secret package - -<!-- https://go.dev/issue/21865 ---> - -The new [secret](/pkg/runtime/secret) package is available as an experiment. -It provides a facility for securely erasing temporaries used in -code that manipulates secret information, typically cryptographic in nature. -Users can access it by passing `GOEXPERIMENT=runtimesecret` at build time. - -<!-- if we land any code that uses runtimesecret for forward secrecy -like crypto/tls, mention them here too --> - -The secret.Do function runs its function argument and then erases all -temporary storage (registers, stack, new heap allocations) used by -that function argument. Heap storage is not erased until that storage -is deemed unreachable by the garbage collector, which might take some -time after secret.Do completes. - -This package is intended to make it easier to ensure [forward -secrecy](https://en.wikipedia.org/wiki/Forward_secrecy). - -### crypto/hpke +### New crypto/hpke package The new [`crypto/hpke`](/pkg/crypto/hpke) package implements Hybrid Public Key Encryption (HPKE) as specified in [RFC 9180](https://rfc-editor.org/rfc/rfc9180.html), including support for post-quantum @@ -254,6 +233,26 @@ It is currently available on the AMD64 architecture, supporting See the [proposal issue](/issue/73787) for more details. +### New experimental runtime/secret package + +<!-- https://go.dev/issue/21865 ---> + +The new [`runtime/secret`](/pkg/runtime/secret) package is available as an experiment, +which can be enabled by setting the environment variable +`GOEXPERIMENT=runtimesecret` at build time. +It provides a facility for securely erasing temporaries used in +code that manipulates secret information, typically cryptographic in nature. +It currently supports the AMD64 and ARM64 architectures on Linux. + +The [`secret.Do`](/pkg/runtime/secret#Do) function runs its function argument and then erases all +temporary storage (registers, stack, new heap allocations) used by +that function argument. Heap storage is not erased until that storage +is deemed unreachable by the garbage collector, which might take some +time after `secret.Do` completes. + +This package is intended to make it easier to ensure [forward +secrecy](https://en.wikipedia.org/wiki/Forward_secrecy). + ### Minor changes to the library {#minor_library_changes} #### [`bytes`](/pkg/bytes/) |