| Age | Commit message (Collapse) | Author |
|---|
|
Change-Id: I6a6a6964c0e8269305804dc2bb57f13f94f08ed5
Reviewed-on: https://go-review.googlesource.com/c/go/+/685236
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
|
|
Fixes #63963
Change-Id: I6a6a4656a729b6211171aca46bdc13fed5fc5643
Reviewed-on: https://go-review.googlesource.com/c/go/+/674475
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
All private keys need to go through a slow PCT in FIPS-140 mode.
ECDH and RSA keys have places to hide a precomputed value without
causing races, but Ed25519 and ECDSA keys might be constructed by the
application and then used with concurrent Sign calls.
For these, implement an equivalent to crypto/internal/boring/bcache
using weak.Pointer and runtime.AddCleanup.
fips140: latest
goos: linux
goarch: amd64
pkg: crypto/ed25519
cpu: AMD Ryzen 7 PRO 8700GE w/ Radeon 780M Graphics
│ 1a93e4a2cf │ 78a819ea78 │
│ sec/op │ sec/op vs base │
Signing-16 72.72µ ± 0% 16.93µ ± 1% -76.72% (p=0.002 n=6)
fips140: off
goos: linux
goarch: amd64
pkg: crypto/ed25519
cpu: AMD Ryzen 7 PRO 8700GE w/ Radeon 780M Graphics
│ 310bad31e5 │ 310bad31e5-dirty │
│ sec/op │ sec/op vs base │
Signing-16 17.18µ ± 1% 16.95µ ± 1% -1.36% (p=0.002 n=6)
fips140: latest
goos: linux
goarch: amd64
pkg: crypto/ecdsa
cpu: AMD Ryzen 7 PRO 8700GE w/ Radeon 780M Graphics
│ 1a93e4a2cf │ 78a819ea78 │
│ sec/op │ sec/op vs base │
Sign/P256-16 90.97µ ± 0% 21.04µ ± 0% -76.87% (p=0.002 n=6)
Sign/P384-16 701.6µ ± 1% 142.0µ ± 0% -79.75% (p=0.002 n=6)
Sign/P521-16 2943.5µ ± 1% 491.9µ ± 0% -83.29% (p=0.002 n=6)
fips140: off
goos: linux
goarch: amd64
pkg: crypto/ecdsa
cpu: AMD Ryzen 7 PRO 8700GE w/ Radeon 780M Graphics
│ 1a93e4a2cf │ 78a819ea78 │
│ sec/op │ sec/op vs base │
Sign/P256-16 21.27µ ± 0% 21.13µ ± 0% -0.65% (p=0.002 n=6)
Sign/P384-16 143.3µ ± 0% 142.4µ ± 0% -0.63% (p=0.009 n=6)
Sign/P521-16 525.3µ ± 0% 462.1µ ± 0% -12.04% (p=0.002 n=6)
This unavoidably introduces allocations in the very first use of Ed25519
private keys, but usually that's not in the hot path.
Change-Id: I6a6a465640a5dff64edd73ee5dda5f2ad1b476b9
Reviewed-on: https://go-review.googlesource.com/c/go/+/654096
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Both fips140only and the service indicator checks in
crypto/internal/fips140/... expect to type assert to
crypto/internal/fips140/{sha256,sha512,sha3}.Digest.
However, crypto/sha3 returns a wrapper concrete type around sha3.Digest.
Add a new fips140hash.Unwrap function to turn the wrapper into the
underlying sha3.Digest, and use it consistently before calling into
fips140only or the FIPS 140-3 module.
In crypto/rsa, also made the fips140only checks apply consistently after
the Go+BoringCrypto shims, so we can instantiate the hash, and avoid
having to wrap the New function. Note that fips140=only is incompatible
with Go+BoringCrypto.
Fixes #70879
Change-Id: I6a6a4656ec55c3e13f6cbfadb9cf89c0f9183bdc
Reviewed-on: https://go-review.googlesource.com/c/go/+/640855
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Change-Id: I6a6a46567b1eaaef080ac0994afa83db2624a75a
Reviewed-on: https://go-review.googlesource.com/c/go/+/641316
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
FIPS 186-4 used to defer to ANSI X9.62-2005, which is not freely
available, so we were referring to SEC 1 instead. Our new reference,
FIPS 186-5, actually specifies the full algorithm, so there is no need
to refer to SEC 1 anymore.
Change-Id: Ief499d0f7778f3221547993e9e8951ae873aacef
Reviewed-on: https://go-review.googlesource.com/c/go/+/640115
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Fixes #70894
Change-Id: I78c9f2e46006ffc5f1d2886218f8aaaf3f1b59eb
GitHub-Last-Rev: 11f0b452f57aacc40139eab557a8bed1386ad07b
GitHub-Pull-Request: golang/go#70904
Reviewed-on: https://go-review.googlesource.com/c/go/+/637455
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: David Chase <drchase@google.com>
|
|
This removes the difference in behavior between FIPS mode on and off.
Instead of the sentinel type we could have moved the Reader to the
drbg package and checked for equality, but then we would have locked the
crypto/rand.Reader implementation to the one in the FIPS module (which
we might have to support for years).
In internal/ed25519.GenerateKey we remove the random parameter entirely,
since that function is not actually used by crypto/ed25519.GenerateKey,
which instead commits to being deterministic.
Fixes #70772
Change-Id: Ic1c7ca2c1cd59eb9cd090a8b235c0ce218921ac5
Reviewed-on: https://go-review.googlesource.com/c/go/+/635195
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Running the test suite in this mode is definitely not an option. Testing
this will probably look like a very long test that tries all functions.
Filed #70514 to track the tests.
For #70123
Change-Id: I6f67de83da37dd1e94e620b7f4f4f6aabe040c41
Reviewed-on: https://go-review.googlesource.com/c/go/+/631018
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Sometimes we've used the 140 suffix (GOFIPS140, crypto/fips140)
and sometimes not (crypto/internal/fips, cmd/go/internal/fips).
Use it always, to avoid having to remember which is which.
Also, there are other FIPS standards, like AES (FIPS 197), SHA-2 (FIPS 180),
and so on, which have nothing to do with FIPS 140. Best to be clear.
For #70123.
Change-Id: I33b29dabd9e8b2703d2af25e428f88bc81c7c307
Reviewed-on: https://go-review.googlesource.com/c/go/+/630115
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
For the future, some test vectors we should generate and then share
through Wycheproof or CCTV:
- A private key with a leading zero byte.
- A hash longer than the modulus.
- A hash longer than the P-521 modulus by a few bits.
- Reductions happening in hashToNat and bits2octets.
Fixes #64802
Change-Id: Ia0f89781b2c78eedd5103cf0e9720630711c37ad
Reviewed-on: https://go-review.googlesource.com/c/go/+/628681
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
|
|
The previous CL focused on moving the implementation as-is, while this
makes it FIPS-compliant.
For #69536
Change-Id: I75fa56c7e13ba20246bacf9fda4599c9f25a1c63
Reviewed-on: https://go-review.googlesource.com/c/go/+/628678
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
For #69536
Change-Id: I85088acb3da788f688f78efff39320bd517e617d
Reviewed-on: https://go-review.googlesource.com/c/go/+/628679
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
|
|
For #69536
Change-Id: I8794d75c11cdadd91e420541b26af35e62006af4
Reviewed-on: https://go-review.googlesource.com/c/go/+/628677
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
For #69536
Change-Id: Ic096282c521958083d0ba816d62d908f6fcf7dbe
Reviewed-on: https://go-review.googlesource.com/c/go/+/628676
Reviewed-by: Russ Cox <rsc@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
If when the dust settles the Bytes and SetBytes round-trip is visible in
profiles (only plausible in RSA), then we can add a SetBits method like
in CL 511375.
Change-Id: I3e6677e849d7a3786fa7297437b119a47715225f
Reviewed-on: https://go-review.googlesource.com/c/go/+/628675
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
|
|
For #69536
Change-Id: Id9d76aefbbe1f7c957973380c6eaeb5bfb9de967
Reviewed-on: https://go-review.googlesource.com/c/go/+/627957
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Commit-Queue: Filippo Valsorda <filippo@golang.org>
|
|
Fixes #67043
Closes #67044
Closes #67214
Change-Id: I6ad2838864d82b32a75f7b85804c894357ad57d4
Reviewed-on: https://go-review.googlesource.com/c/go/+/587277
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Change-Id: I1df0685c75fc1044ba46003a69ecc7dfc53bbc2b
Reviewed-on: https://go-review.googlesource.com/c/go/+/574675
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
|
|
Fixes #58636
Updates #23172
Change-Id: I578a5597f467be45a7d6fb7582b24855b2e6512b
Reviewed-on: https://go-review.googlesource.com/c/go/+/561935
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Change-Id: I32580ffb31ffad05a7c8d3aa0c491aff9f55ea6a
GitHub-Last-Rev: 67516eaa18923f0f59a69e82b74ecba74af387d4
GitHub-Pull-Request: golang/go#65565
Reviewed-on: https://go-review.googlesource.com/c/go/+/562316
Auto-Submit: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
Change-Id: Ifc669399dde7d6229c6ccdbe29611ed1f8698fb1
Reviewed-on: https://go-review.googlesource.com/c/go/+/534778
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: shuang cui <imcusg@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Ian Lance Taylor <iant@google.com>
|
|
KDSA(Compute Digital Signature Authentication) instruction provides
support for the signing and verification of elliptic curves
Change-Id: I19996a307162dd4f476a1cfe4f8d1a74a609e6c1
Reviewed-on: https://go-review.googlesource.com/c/go/+/503215
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: David Chase <drchase@google.com>
Run-TryBot: Cherry Mui <cherryyz@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
Fixes #58637
Change-Id: I9eb3905d5b35ea22e22e1d8eb8c33594eac487fc
Reviewed-on: https://go-review.googlesource.com/c/go/+/505155
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
|
|
Before, if a hash was exactly 66 bytes long, we weren't truncating it
for use with P-521, because the byte length was not overflowing.
However, the bit length could still overflow.
Fixes #60741
Change-Id: I37a0ee210add0eb566e6dc1c141e83e992983eb6
Reviewed-on: https://go-review.googlesource.com/c/go/+/502478
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
|
|
Return an error instead. Makes usages of NewModulusFromBig a bit more
verbose, but better than returning nil or something and just moving the
panic down the road.
Fixes #60411
Change-Id: I10732c6ce56ccd9e4769281cea049dd4beb60a6e
Reviewed-on: https://go-review.googlesource.com/c/go/+/498035
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
|
|
CL 353849 removed validation of signature parameters being passed to
Verify which led to two distinct problems. If passed a R or S == 0,
encodeSignature would panic since it expects them to be non-zero.
encodeSignature would also normalize (i.e. make non-negative) parameters
by zero padding them, which would result in a signature being passed to
VerifyASN1 which did not match the input signature, resulting in success
in cases where it should've failed. This change re-adds the verification
that 0 < r,s < N before calling ecnodeSignature.
This was caught because tink runs the wycheproof ECDSA vectors against
Verify, where we only run the vectors against VerifyASN1. We should be
doing both.
Change-Id: I1dcf41626b4df2b43296e8b878dc607ff316a892
Reviewed-on: https://go-review.googlesource.com/c/go/+/453675
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
|
|
Ignoring custom curves, this makes the whole package constant-time.
There is a slight loss in performance for P-384 and P-521 because bigmod
is slower than math/big (but P-256 has an assembly scalar field
inversion, so doesn't use bigmod for anything big).
name old time/op new time/op delta
Sign/P256-8 19.2µs ± 2% 19.1µs ± 2% ~ (p=0.268 n=9+10)
Sign/P384-8 166µs ± 3% 188µs ± 2% +13.52% (p=0.000 n=10+10)
Sign/P521-8 337µs ± 2% 359µs ± 2% +6.46% (p=0.000 n=10+10)
Verify/P256-8 58.1µs ± 2% 58.1µs ± 2% ~ (p=0.971 n=10+10)
Verify/P384-8 484µs ± 2% 569µs ±12% +17.65% (p=0.000 n=10+10)
Verify/P521-8 1.03ms ± 4% 1.14ms ± 2% +11.02% (p=0.000 n=10+10)
GenerateKey/P256-8 12.4µs ±12% 12.0µs ± 2% ~ (p=0.063 n=10+10)
GenerateKey/P384-8 129µs ±18% 119µs ± 2% ~ (p=0.190 n=10+10)
GenerateKey/P521-8 241µs ± 2% 240µs ± 2% ~ (p=0.436 n=10+10)
name old alloc/op new alloc/op delta
Sign/P256-8 3.08kB ± 0% 2.47kB ± 0% -19.77% (p=0.000 n=10+10)
Sign/P384-8 6.16kB ± 0% 2.64kB ± 0% -57.16% (p=0.000 n=10+10)
Sign/P521-8 7.87kB ± 0% 3.01kB ± 0% -61.80% (p=0.000 n=10+10)
Verify/P256-8 1.29kB ± 1% 0.48kB ± 0% -62.69% (p=0.000 n=10+10)
Verify/P384-8 2.49kB ± 1% 0.64kB ± 0% -74.25% (p=0.000 n=10+10)
Verify/P521-8 3.31kB ± 0% 0.96kB ± 0% -71.02% (p=0.000 n=7+10)
GenerateKey/P256-8 720B ± 0% 920B ± 0% +27.78% (p=0.000 n=10+10)
GenerateKey/P384-8 921B ± 0% 1120B ± 0% +21.61% (p=0.000 n=9+10)
GenerateKey/P521-8 1.30kB ± 0% 1.44kB ± 0% +10.45% (p=0.000 n=10+10)
name old allocs/op new allocs/op delta
Sign/P256-8 45.0 ± 0% 33.0 ± 0% -26.67% (p=0.000 n=10+10)
Sign/P384-8 69.0 ± 0% 34.0 ± 0% -50.72% (p=0.000 n=10+10)
Sign/P521-8 71.0 ± 0% 35.0 ± 0% -50.70% (p=0.000 n=10+10)
Verify/P256-8 23.0 ± 0% 10.0 ± 0% -56.52% (p=0.000 n=10+10)
Verify/P384-8 43.0 ± 0% 14.0 ± 0% -67.44% (p=0.000 n=10+10)
Verify/P521-8 45.0 ± 0% 14.0 ± 0% -68.89% (p=0.000 n=7+10)
GenerateKey/P256-8 13.0 ± 0% 14.0 ± 0% +7.69% (p=0.000 n=10+10)
GenerateKey/P384-8 16.0 ± 0% 17.0 ± 0% +6.25% (p=0.000 n=10+10)
GenerateKey/P521-8 16.5 ± 3% 17.0 ± 0% +3.03% (p=0.033 n=10+10)
Change-Id: I4e074ef039b0f7ffbc436a4cdbe4ef90c647018d
Reviewed-on: https://go-review.googlesource.com/c/go/+/353849
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: David Chase <drchase@google.com>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Fixes #56088
Updates #52221
Change-Id: Id2f806a116100a160be7daafc3e4c0be2acdd6a9
Reviewed-on: https://go-review.googlesource.com/c/go/+/450816
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Joedian Reid <joedian@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
While at it, drop P-224 benchmarks. Nobody cares about P-224.
Change-Id: I31db6fedde6026deff36de963690275dacf5fda1
Reviewed-on: https://go-review.googlesource.com/c/go/+/451196
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Joedian Reid <joedian@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
|
|
Generics lets us write Cache[K, V] instead of using unsafe.Pointer,
which lets us remove all the uses of package unsafe around the
uses of the cache.
I tried to do Cache[*K, *V] instead of Cache[K, V] but that was not possible.
Change-Id: If3b54cf4c8d2a44879a5f343fd91ecff096537e9
Reviewed-on: https://go-review.googlesource.com/c/go/+/423357
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Russ Cox <rsc@golang.org>
|
|
Requested by the maintainers of the OpenSSL-based fork of Go+BoringCrypto,
to make maintaining that fork easier.
Change-Id: I770e70ecc12b589034da31edecf59c73b2c6e1dd
Reviewed-on: https://go-review.googlesource.com/c/go/+/407135
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Russ Cox <rsc@golang.org>
|
|
This CL addresses the comments on CL 403154.
For #51940.
Change-Id: I99bb3530916d469077bfbd53095bfcd1d2aa82ef
Reviewed-on: https://go-review.googlesource.com/c/go/+/403976
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
This commit is a REVERSE MERGE.
It merges dev.boringcrypto back into its parent branch, master.
This marks the end of development on dev.boringcrypto.
Manual Changes:
- git rm README.boringcrypto.md
- git rm -r misc/boring
- git rm src/cmd/internal/notsha256/sha256block_arm64.s
- git cherry-pick -n 5856aa74 # remove GOEXPERIMENT=boringcrypto forcing in cmd/dist
There are some minor cleanups like merging import statements
that I will apply in a follow-up CL.
Merge List:
+ 2022-04-29 cdcb4b6ef3 [dev.boringcrypto] cmd/compile: remove the awful boringcrypto kludge
+ 2022-04-29 e845f572ec [dev.boringcrypto] crypto/ecdsa, crypto/rsa: use boring.Cache
+ 2022-04-29 a840bf871e [dev.boringcrypto] crypto/internal/boring: add GC-aware cache
+ 2022-04-29 0184fe5ece [dev.boringcrypto] crypto/x509: remove VerifyOptions.IsBoring
+ 2022-04-29 9e9c7a0aec [dev.boringcrypto] crypto/..., go/build: align deps test with standard rules
+ 2022-04-29 0ec08283c8 [dev.boringcrypto] crypto/internal/boring: make SHA calls allocation-free
+ 2022-04-29 3cb10d14b7 [dev.boringcrypto] crypto/internal/boring: avoid allocation in big.Int conversion
+ 2022-04-29 509776be5d [dev.boringcrypto] cmd/dist: default to use of boringcrypto
+ 2022-04-29 f4c0f42f99 [dev.boringcrypto] all: add boringcrypto build tags
+ 2022-04-29 1f0547c4ec [dev.boringcrypto] cmd/go: pass dependency syso to cgo too
+ 2022-04-29 e5407501cb [dev.boringcrypto] cmd: use notsha256 instead of md5, sha1, sha256
+ 2022-04-29 fe006d6410 [dev.boringcrypto] cmd/internal/notsha256: add new package
+ 2022-04-27 ec7f5165dd [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2022-04-22 ca6fd39cf6 [dev.boringcrypto] misc/boring: skip long tests during build.release
+ 2022-04-21 19e4b10f2f [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2022-04-20 e07d63964b [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2022-04-13 1f11660f54 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2022-04-13 bc3e5d0ab7 [dev.boringcrypto] misc/boring: remove -trust and individual reviewers
+ 2022-04-05 4739b353bb [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2022-03-30 9d6ab825f6 [dev.boringcrypto] make.bash: disable GOEXPERIMENT when using bootstrap toolchain
+ 2022-03-30 d1405d7410 [dev.boringcrypto] crypto/internal/boring: update build instructions to use podman
+ 2022-03-29 50b8f490e1 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2022-03-15 0af0e19368 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2022-03-07 f492793839 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2022-03-07 768804dfdd [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2022-02-11 8521d1ea34 [dev.boringcrypto] misc/boring: use go install cmd@latest for installing command
+ 2022-02-11 b75258fdd8 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2022-02-08 74d25c624c [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2022-02-03 e14fee553a [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2022-01-14 d382493a20 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-12-09 069bbf5434 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-12-06 21fa0b2199 [dev.boringcrypto] crypto/internal/boring: add -pthread linker flag
+ 2021-12-03 a38b43e4ab [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-11-09 16215e5340 [dev.boringcrypto] cmd/compile: disable version test on boringcrypto
+ 2021-11-08 c9858c7bdc [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2021-11-05 ed07c49cb6 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2021-11-05 dc2658558d [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-10-28 69d5e469a4 [dev.boringcrypto] all: convert +build to //go:build lines in boring-specific files
+ 2021-10-08 2840ccbc05 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-10-08 114aa69932 [dev.boringcrypto] misc/boring: fix Docker Hub references
+ 2021-10-08 7d26add6d5 [dev.boringcrypto] misc/boring: publish to Artifact Registry
+ 2021-08-27 5ae200d526 [dev.boringcrypto] crypto/tls: permit P-521 in FIPS mode
+ 2021-08-26 083811d079 [dev.boringcrypto] crypto/tls: use correct config in TestBoringClientHello
+ 2021-08-16 c7e7ce5ec1 [dev.boringcrypto] all: merge commit 57c115e1 into dev.boringcrypto
+ 2021-08-10 1fb58d6cad [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-07-14 934db9f0d6 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-06-08 a890a4de30 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-05-13 ed1f812cef [dev.boringcrypto] all: merge commit 9d0819b27c (CL 314609) into dev.boringcrypto
+ 2021-05-10 ad1b6f3ee0 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-04-21 11061407d6 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-03-23 b397e0c028 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-03-15 128cecc70b [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-03-10 5e2f5a38c4 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-02-26 42089e72fd [dev.boringcrypto] api: add crypto/boring.Enabled
+ 2021-02-24 03cd666173 [dev.boringcrypto] all: merge master (5b76343) into dev.boringcrypto
+ 2021-02-17 0f210b75f9 [dev.boringcrypto] all: merge master (2f0da6d) into dev.boringcrypto
+ 2021-02-12 1aea1b199f [dev.boringcrypto] misc/boring: support codereview.cfg in merge.sh
+ 2021-02-07 0d34d85dee [dev.boringcrypto] crypto/internal/boring: remove .llvm_addrsig section
+ 2021-02-07 325e03a64f [dev.boringcrypto] all: add codereview.cfg
+ 2021-02-05 d4f73546c8 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-01-20 cf8ed7cca4 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2021-01-20 f22137d785 [dev.boringcrypto] misc/boring: add -trust and roland@ to merge.sh and release.sh
+ 2020-12-12 e5c7bd0efa [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2020-12-02 5934c434c1 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2020-12-01 dea96ada17 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2020-11-18 906d6e362b [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2020-11-18 95ceba18d3 [dev.boringcrypto] crypto/hmac: merge up to 2a206c7 and skip test
+ 2020-11-17 0985c1bd2d [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2020-11-16 af814af6e7 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2020-11-05 f42bd50779 [dev.boringcrypto] crypto/internal/boring: update BoringCrypto module to certificate 3678
+ 2020-10-19 ceda58bfd0 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2020-09-29 af85c47233 [dev.boringcrypto] misc/boring: bump version to b6
+ 2020-09-29 f9b86a6562 [dev.boringcrypto] go/build: satisfy the boringcrypto build tag
+ 2020-09-29 ef2b318974 [dev.boringcrypto] crypto/boring: expose boring.Enabled()
+ 2020-09-14 3782421230 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2020-08-18 6bbe47ccb6 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2020-07-21 6e6e0b73d6 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2020-07-09 d85ef2b979 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2020-07-09 a91ad4250c [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2020-06-10 5beb39baf8 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2020-05-07 dd98c0ca3f [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2020-05-07 a9d2e3abf7 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2020-05-07 c19c0a047b [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2020-05-07 36c94f8421 [dev.boringcrypto] crypto/internal/boring: reject short signatures in VerifyRSAPKCS1v15
+ 2020-05-07 ee159d2f35 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2020-04-08 e067ce5225 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2020-03-03 79284c2873 [dev.boringcrypto] crypto/internal/boring: make accesses to RSA types with finalizers safer
+ 2020-03-02 6c64b188a5 [dev.boringcrypto] crypto/internal/boring: update BoringCrypto module to certificate 3318
+ 2020-02-28 13355c78ff [dev.boringcrypto] misc/boring: add go1.14b4 to RELEASES file
+ 2020-02-28 4980c6b317 [dev.boringcrypto] misc/boring: x/build/cmd/release doesn't take subrepo flags anymore
+ 2020-02-28 601da81916 [dev.boringcrypto] misc/boring: make merge.sh and release.sh a little more robust
+ 2020-02-14 09bc5e8723 [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2020-02-06 f96dfe6b73 [dev.boringcrypto] misc/boring: add go1.13.7b4 and go1.12.16b4 releases to RELEASES file
+ 2020-02-05 2f9b2e75c4 [dev.boringcrypto] misc/docker: update Dockerfile to match recent Buster based golang images
+ 2020-02-05 527880d05c [dev.boringcrypto] misc/boring: update default CL reviewer to katie@golang.org
+ 2019-11-25 50ada481fb [dev.boringcrypto] misc/boring: add new releases to RELEASES file
+ 2019-11-20 6657395adf [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2019-11-20 ab0a649d44 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2019-11-19 62ce702c77 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2019-10-25 e8f14494a0 [dev.boringcrypto] misc/boring: add go1.13.3b4 and go1.12.12b4 to RELEASES file
+ 2019-10-17 988e4d832e [dev.boringcrypto] misc/boring: add go1.13.2b4 and go1.12.11b4 to RELEASES file
+ 2019-10-11 974fd1301a [dev.boringcrypto] misc/boring: publish to Docker Hub all releases, not only the latest
+ 2019-09-27 62ce8cd3ad [dev.boringcrypto] misc/boring: add go1.13.1b4 and go1.12.10b4 to RELEASES file
+ 2019-09-10 489d268683 [dev.boringcrypto] misc/boring: add Go+BoringCrypto 1.13b4 to RELEASES file
+ 2019-09-04 e0ee09095c [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2019-09-03 ff197f326f [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2019-08-21 5a1705286e [dev.boringcrypto] misc/boring: add go1.12.9b4 to RELEASES
+ 2019-08-15 1ebc594b3c [dev.boringcrypto] misc/boring: add go1.12.8b4 and go1.11.13b4 to RELEASES
+ 2019-08-13 9417029290 [dev.boringcrypto] misc/boring: remove download of releaselet.go in build.release
+ 2019-08-05 2691091a4a misc/boring: add Go 1.11.12b4 and 1.12.7b4 to RELEASES
+ 2019-07-19 6eccf6a6cd [dev.boringcrypto] misc/boring: add scripts to automate merges and releases
+ 2019-06-27 98188f3001 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2019-06-13 5c354e66d1 [dev.boringcrypto] misc/boring: add go1.12.6b4 and go1.11.11b4 releases
+ 2019-06-09 9bf9e7d4b2 [dev.boringcrypto] crypto: move crypto/internal/boring imports to reduce merge conflicts
+ 2019-06-05 324f8365be [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2019-05-28 e48f228c9b [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2019-05-14 42e353245c [dev.boringcrypto] misc/boring: add go1.12.5b4 release
+ 2019-03-29 211a13fd44 [dev.boringcrypto] misc/boring: add go1.11.6b4 to RELEASES
+ 2019-03-28 347af7f060 [dev.boringcrypto] misc/boring: add go1.12.1b4 and update build scripts
+ 2019-02-27 a10558f870 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2019-02-08 4ed8ad4d69 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2019-01-24 14c64dbc4a [dev.boringcrypto] misc/boring: add go1.10.8b4 and go1.11.5b4
+ 2018-12-15 3f9e53f346 [dev.boringcrypto] misc/boring: add go1.10.7b4 and go1.11.4b4 releases
+ 2018-12-14 92d975e906 [dev.boringcrypto] misc/boring: add go1.11.2b4 release
+ 2018-11-14 c524da4917 [dev.boringcrypto] crypto/tls: test for TLS 1.3 to be disabled in FIPS mode
+ 2018-11-14 bfd6d30118 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-11-14 0007017f96 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-11-14 3169778c15 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-11-14 ab37582eb0 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-11-14 e8b3500d5c [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-11-14 de153ac2a1 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-11-14 0cbb11c720 [dev.boringcrypto] cmd/compile: by default accept any language
+ 2018-11-13 11e916773e [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-11-13 af07f7734b [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-10-25 13bf5b80e8 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-10-15 623650b27a [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-10-01 36c789b1fd [dev.boringcrypto] misc/boring: add go1.10.4b4 and go1.11b4 releases
+ 2018-09-07 693875e3f2 [dev.boringcrypto] crypto/internal/boring: avoid an allocation in AES-GCM Seal and Open
+ 2018-09-06 4d1aa482b8 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-08-04 7eb1677c01 [dev.boringcrypto] crypto/internal/boring: fix aesCipher implementation of gcmAble
+ 2018-07-11 eaa3e94eb8 [dev.boringcrypto] misc/boring: add go1.9.7b4 and go1.10.3b4 releases
+ 2018-07-11 5f0402a26b [dev.boringcrypto] misc/boring: support build.release on macOS
+ 2018-07-03 77db076129 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-06-13 b77f5e4c85 [dev.boringcrypto] crypto/rsa: drop random source reading emulation
+ 2018-06-08 a4b7722ffa [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-05-29 18db93d7e6 [dev.boringcrypto] crypto/tls: restore AES-GCM priority when BoringCrypto is enabled
+ 2018-05-25 3d9a6ac709 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-05-18 019a994e32 [dev.boringcrypto] crypto/rsa: fix boringFakeRandomBlind to work with (*big.Int).ModInverse
+ 2018-05-17 a3f9ce3313 [dev.boringcrypto] all: merge master into dev.boringcrypto
+ 2018-02-09 528dad8c72 [dev.cryptoboring] misc/boring: update README for Bazel
+ 2018-02-06 c3d83ee31c [dev.boringcrypto] misc/boring: add go1.9.3b4 to RELEASES
+ 2017-12-13 f62a24349d [dev.boringcrypto] all: merge go1.10beta1 into dev.boringcrypto
+ 2017-12-06 3e52f22ece [dev.boringcrypto] crypto/internal/boring: add MarshalBinary/UnmarshalBinary to hashes
+ 2017-12-06 5379f7847f [dev.boringcrypto] all: merge master (more nearly Go 1.10 beta 1) into dev.boringcrypto
+ 2017-12-06 185e6094fd [dev.boringcrypto] all: merge master (nearly Go 1.10 beta 1) into dev.boringcrypto
+ 2017-11-20 c36033a379 [dev.boringcrypto] misc/boring: add go1.9.2b4 release
+ 2017-11-20 cda3c6f91d [dev.boringcrypto] all: merge go1.9.2 into dev.boringcrypto
+ 2017-10-25 2ea7d3461b [release-branch.go1.9] go1.9.2
+ 2017-10-25 d93cb46280 [release-branch.go1.9] runtime: use simple, more robust fastrandn
+ 2017-10-25 78952c06c5 [release-branch.go1.9] cmd/compile: fix sign-extension merging rules
+ 2017-10-25 79996e4a1d [release-branch.go1.9] cmd/compile: avoid generating large offsets
+ 2017-10-25 f36b12657c [release-branch.go1.9] runtime: in cpuProfile.addExtra, set p.lostExtra to 0 after flush
+ 2017-10-25 dffc9319f1 [release-branch.go1.9] cmd/cgo: support large unsigned macro again
+ 2017-10-25 33ce1682c7 [release-branch.go1.9] cmd/cgo: avoid using common names for sniffing
+ 2017-10-25 f69668e1d0 [release-branch.go1.9] os: skip TestPipeThreads as flaky for 1.9
+ 2017-10-25 9be38a15e4 [release-branch.go1.9] runtime: avoid monotonic time zero on systems with low-res timers
+ 2017-10-25 8bb333a9c0 [release-branch.go1.9] doc: document Go 1.9.2
+ 2017-10-25 0758d2b9da [release-branch.go1.9] cmd/go: clean up x.exe properly in TestImportMain
+ 2017-10-25 d487b15a61 [release-branch.go1.9] cmd/compile: omit ICE diagnostics after normal error messages
+ 2017-10-25 fd17253587 [release-branch.go1.9] database/sql: prevent race in driver by locking dc in Next
+ 2017-10-25 7e7cb30475 [release-branch.go1.9] internal/poll: only call SetFileCompletionNotificationModes for sockets
+ 2017-10-25 f259aed082 [release-branch.go1.9] internal/poll: do not call SetFileCompletionNotificationModes if it is broken
+ 2017-10-25 39d4bb9c0f [release-branch.go1.9] cmd/go: correct directory used in checkNestedVCS test
+ 2017-10-25 bfc22319aa [release-branch.go1.9] crypto/x509: reject intermediates with unknown critical extensions.
+ 2017-10-25 a1e34abfb3 [release-branch.go1.9] net/smtp: NewClient: set tls field to true when already using a TLS connection
+ 2017-10-25 7dadd8d517 [release-branch.go1.9] net: increase expected time to dial a closed port on all Darwin ports
+ 2017-10-25 d80889341c [release-branch.go1.9] cmd/compile: fix merge rules for panic calls
+ 2017-10-25 87b3a27839 [release-branch.go1.9] net: bump TestDialerDualStackFDLeak timeout on iOS
+ 2017-10-25 ebfcdef901 [release-branch.go1.9] runtime: make runtime.GC() trigger GC even if GOGC=off
+ 2017-10-25 0ab99b396d [release-branch.go1.9] cmd/compile: fix regression in PPC64.rules move zero
+ 2017-10-25 8d4279c111 [release-branch.go1.9] internal/poll: be explicit when using runtime netpoller
+ 2017-10-25 1ded8334f7 [release-branch.go1.9] cmd/compile/internal/syntax: fix source buffer refilling
+ 2017-10-25 ff8289f879 [release-branch.go1.9] reflect: fix pointer past-the-end in Call with zero-sized return value
+ 2017-10-25 bd34e74134 [release-branch.go1.9] log: fix data race on log.Output
+ 2017-10-25 0b55d8dbfc [release-branch.go1.9] cmd/compile: replace GOROOT in //line directives
+ 2017-10-25 5c48811aec [release-branch.go1.9] cmd/compile: limit the number of simultaneously opened files to avoid EMFILE/ENFILE errors
+ 2017-10-25 8c7fa95ad3 [release-branch.go1.9] expvar: make (*Map).Init clear existing keys
+ 2017-10-25 ccd5abc105 [release-branch.go1.9] cmd/compile: simplify "missing function body" error message
+ 2017-10-25 2e4358c960 [release-branch.go1.9] time: fix documentation of Round, Truncate behavior for d <= 0
+ 2017-10-25 c6388d381e [release-branch.go1.9] runtime: capture runtimeInitTime after nanotime is initialized
+ 2017-10-25 724638c9d8 [release-branch.go1.9] crypto/x509: skip TestSystemRoots
+ 2017-10-25 ed3b0d63b7 [release-branch.go1.9] internal/poll: add tests for Windows file and serial ports
+ 2017-10-04 93322a5b3d [release-branch.go1.9] doc: add missing "Minor revisions" header for 1.9
+ 2017-10-04 7f40c1214d [release-branch.go1.9] go1.9.1
+ 2017-10-04 598433b17a [release-branch.go1.9] doc: document go1.9.1 and go1.8.4
+ 2017-10-04 815cad3ed0 [release-branch.go1.9] doc/1.9: add mention of net/http.LocalAddrContextKey
+ 2017-10-04 1900d34a10 [release-branch.go1.9] net/smtp: fix PlainAuth to refuse to send passwords to non-TLS servers
+ 2017-10-04 a39bcecea6 [release-branch.go1.9] cmd/go: reject update of VCS inside VCS
+ 2017-10-04 d9e64910af [release-branch.go1.9] runtime: deflake TestPeriodicGC
+ 2017-09-28 adc1f587ac [dev.boringcrypto] misc/boring: add src releases
+ 2017-09-25 4038503543 [dev.boringcrypto] misc/boring: add go1.8.3b4
+ 2017-09-25 d724c60b4d [dev.boringcrypto] misc/boring: update README
+ 2017-09-22 70bada9db3 [dev.boringcrypto] misc/boring: add go1.9b4 release
+ 2017-09-22 e6ad24cde7 [dev.boringcrypto] all: merge go1.9 into dev.boringcrypto
+ 2017-09-22 431e071eed [dev.boringcrypto] misc/boring: add go1.9rc2b4 release
+ 2017-09-22 cc6e26b2e1 [dev.boringcrypto] api: add crypto/x509.VerifyOptions.IsBoring to make release builder happy
+ 2017-09-22 bac02b14b5 [dev.boringcrypto] misc/boring: update VERSION
+ 2017-09-22 3ed08db261 [dev.boringcrypto] crypto/tls/fipsonly: new package to force FIPS-allowed TLS settings
+ 2017-09-20 2ba76155cd [dev.boringcrypto] crypto/internal/boring: fix finalizer-induced crashes
+ 2017-09-18 32dc9b247f [dev.boringcrypto] cmd/go: exclude SysoFiles when using -msan
+ 2017-09-18 9f025cbdeb [dev.boringcrypto] crypto/internal/boring: fall back to standard crypto when using -msan
+ 2017-09-18 89ba9e3541 [dev.boringcrypto] crypto/aes: panic on invalid dst, src overlap
+ 2017-09-18 a929f3a04d [dev.boringcrypto] crypto/rsa: fix boring GenerateKey to set non-nil Precomputed.CRTValues
+ 2017-09-18 aa4a4a80ff [dev.boringcrypto] crypto/internal/boring: fix detection of tests to allow *.test and *_test
+ 2017-09-18 c9e2d9eb06 [dev.boringcrypto] crypto/rsa: add test for, fix observable reads from custom randomness
+ 2017-09-18 e773ea9aa3 [dev.boringcrypto] crypto/hmac: add test for Write/Sum after Sum
+ 2017-09-18 8fa8f42cb3 [dev.boringcrypto] crypto/internal/boring: allow hmac operations after Sum
+ 2017-09-18 07f6ce9d39 [dev.boringcrypto] crypto/internal/boring: handle RSA verification of short signatures
+ 2017-09-14 e8eec3fbdb [dev.boringcrypto] cmd/compile: refine BoringCrypto kludge
+ 2017-08-30 7b49445d0f [dev.boringcrypto] cmd/compile: hide new boring fields from reflection
+ 2017-08-30 81b9d733b0 [dev.boringcrypto] crypto/hmac: test empty key
+ 2017-08-30 f6358bdb6c [dev.boringcrypto] crypto/internal/boring: fix NewHMAC with empty key
+ 2017-08-30 9c307d8039 [dev.boringcrypto] crypto/internal/cipherhw: fix AESGCMSupport for BoringCrypto
+ 2017-08-26 f48a9fb815 [dev.boringcrypto] misc/boring: release packaging
+ 2017-08-25 94fb8224b2 [dev.boringcrypto] crypto/internal/boring: disable for android & non-cgo builds
+ 2017-08-25 7ff9fcafbd [dev.boringcrypto] crypto/internal/boring: clear "executable stack" bit from syso
+ 2017-08-24 c8aec4095e [release-branch.go1.9] go1.9
+ 2017-08-24 b8c9ef9f09 [release-branch.go1.9] doc: add go1.9 to golang.org/project
+ 2017-08-24 136f4a6b2a [release-branch.go1.9] doc: document go1.9
+ 2017-08-24 867be4c60c [release-branch.go1.9] doc/go1.9: fix typo in Moved GOROOT
+ 2017-08-24 d1351fbc31 [dev.boringcrypto] cmd/link: allow internal linking for crypto/internal/boring
+ 2017-08-24 991652dcf0 [dev.boringcrypto] cmd/link: work around DWARF symbol bug
+ 2017-08-22 9a4e7942ea [release-branch.go1.9] cmd/compile: remove gc.Sysfunc calls from 387 backend
+ 2017-08-22 ff38035a62 [release-branch.go1.9] doc/go1.9: fix typo in crypto/x509 of "Minor changes to the library".
+ 2017-08-19 7e9e3a06cb [dev.boringcrypto] crypto/rsa: use BoringCrypto
+ 2017-08-19 bc38fda367 [dev.boringcrypto] crypto/ecdsa: use unsafe.Pointer instead of atomic.Value
+ 2017-08-18 42046e8989 [release-branch.go1.9] runtime: fix false positive race in profile label reading
+ 2017-08-18 fbf7e1f295 [release-branch.go1.9] testing: don't fail all tests after racy test failure
+ 2017-08-18 21312a4b5e [release-branch.go1.9] cmd/dist: update deps.go for current dependencies
+ 2017-08-18 5927854f7d [release-branch.go1.9] cmd/compile: add rules handling unsigned div/mod by constant 1<<63
+ 2017-08-18 65717b2dca [release-branch.go1.9] runtime: fix usleep by correctly setting nanoseconds parameter for pselect6
+ 2017-08-17 b1f201e951 [dev.boringcrypto] crypto/ecdsa: use BoringCrypto
+ 2017-08-17 2efded1cd2 [dev.boringcrypto] crypto/tls: use TLS-specific AES-GCM mode if available
+ 2017-08-17 335a0f87bf [dev.boringcrypto] crypto/aes: implement TLS-specific AES-GCM mode from BoringCrypto
+ 2017-08-17 8d05ec9e58 [dev.boringcrypto] crypto/aes: use BoringCrypto
+ 2017-08-17 74e33c43e9 [dev.boringcrypto] crypto/hmac: use BoringCrypto
+ 2017-08-17 96d6718e4f [dev.boringcrypto] crypto/sha1,sha256,sha512: use BoringCrypto
+ 2017-08-17 e0e2bbdd00 [dev.boringcrypto] runtime/race: move TestRaceIssue5567 from sha1 to crc32
+ 2017-08-17 fe02ba30f1 [dev.boringcrypto] crypto/rand: use BoringCrypto
+ 2017-08-17 6e70f88f84 [dev.boringcrypto] crypto/internal/boring: add initial BoringCrypto access
+ 2017-08-16 dcdcc38440 [dev.boringcrypto] add README.boringcrypto.md, update VERSION
+ 2017-08-16 19b89a22df [dev.boringcrypto] cmd/link: implement R_X86_64_PC64 relocations
+ 2017-08-07 048c9cfaac [release-branch.go1.9] go1.9rc2
+ 2017-08-07 cff0de3da3 [release-branch.go1.9] all: merge master into release-branch.go1.9
+ 2017-07-31 196492a299 [release-branch.go1.9] runtime: map bitmap and spans during heap initialization
+ 2017-07-31 1a6d87d4bf [release-branch.go1.9] runtime: fall back to small mmaps if we fail to grow reservation
+ 2017-07-27 7320506bc5 [release-branch.go1.9] cmd/dist: skip moved GOROOT on Go's Windows builders when not sharding tests
+ 2017-07-24 65c6c88a94 [release-branch.go1.9] go1.9rc1
+ 2017-07-24 fbc9b49790 [release-branch.go1.9] cmd/compile: consider exported flag in namedata
Change-Id: I5344e8e4813a9a0900f6633499a3ddf22895a4d5
|
|
Reserve 't' for type *testing.T variables.
Change-Id: I037328df59d3af1aa28714f9efe15695b6fd62a9
Reviewed-on: https://go-review.googlesource.com/c/go/+/400826
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
In the original BoringCrypto port, ecdsa and rsa's public and private
keys added a 'boring unsafe.Pointer' field to cache the BoringCrypto
form of the key. This led to problems with code that “knew” the layout
of those structs and in particular that they had no unexported fields.
In response, as an awful kludge, I changed the compiler to pretend
that field did not exist when laying out reflect data. Because we want
to merge BoringCrypto in the main tree, we need a different solution.
Using boring.Cache is that solution.
For #51940.
Change-Id: Ideb2b40b599a1dc223082eda35a5ea9abcc01e30
Reviewed-on: https://go-review.googlesource.com/c/go/+/395883
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
One annoying difference between dev.boringcrypto and master is that
there is not a clear separation between low-level (math/big-free)
crypto and high-level crypto, because crypto/internal/boring imports
both encoding/asn1 and math/big.
This CL removes both those problematic imports and aligns the
dependency rules in the go/build test with the ones in the main
branch.
To remove encoding/asn1, the crypto/internal/boring APIs change to
accepting and returning encoded ASN.1, leaving crypto/ecdsa to do the
marshaling and unmarshaling, which it already contains code to do.
To remove math/big, the crypto/internal/boring package defines
type BigInt []uint, which is the same representation as a big.Int's
internal storage. The new package crypto/internal/boring/bbig provides
conversions between BigInt and *big.Int. The boring package can then
be in the low-level crypto set, and any package needing to use bignum
APIs (necessarily in the high-level crypto set) can import bbig to
convert.
To simplify everything we hide from the test the fact that
crypto/internal/boring imports cgo. Better to pretend it doesn't and
keep the prohibitions that other packages like crypto/aes must not use
cgo (outside of BoringCrypto).
$ git diff origin/master src/go/build/deps_test.go
diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
index 6ce872e297..a63979cc93 100644
--- a/src/go/build/deps_test.go
+++ b/src/go/build/deps_test.go
@@ -402,9 +402,13 @@ var depsRules = `
NET, log
< net/mail;
+ NONE < crypto/internal/boring/sig;
+ sync/atomic < crypto/internal/boring/fipstls;
+ crypto/internal/boring/sig, crypto/internal/boring/fipstls < crypto/tls/fipsonly;
+
# CRYPTO is core crypto algorithms - no cgo, fmt, net.
# Unfortunately, stuck with reflect via encoding/binary.
- encoding/binary, golang.org/x/sys/cpu, hash
+ crypto/internal/boring/sig, encoding/binary, golang.org/x/sys/cpu, hash
< crypto
< crypto/subtle
< crypto/internal/subtle
@@ -413,6 +417,8 @@ var depsRules = `
< crypto/ed25519/internal/edwards25519/field, golang.org/x/crypto/curve25519/internal/field
< crypto/ed25519/internal/edwards25519
< crypto/cipher
+ < crypto/internal/boring
+ < crypto/boring
< crypto/aes, crypto/des, crypto/hmac, crypto/md5, crypto/rc4,
crypto/sha1, crypto/sha256, crypto/sha512
< CRYPTO;
@@ -421,6 +427,7 @@ var depsRules = `
# CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok.
CRYPTO, FMT, math/big, embed
+ < crypto/internal/boring/bbig
< crypto/rand
< crypto/internal/randutil
< crypto/ed25519
@@ -443,7 +450,8 @@ var depsRules = `
< golang.org/x/crypto/hkdf
< crypto/x509/internal/macos
< crypto/x509/pkix
- < crypto/x509
+ < crypto/x509;
+ crypto/internal/boring/fipstls, crypto/x509
< crypto/tls;
# crypto-aware packages
@@ -653,6 +661,9 @@ func findImports(pkg string) ([]string, error) {
}
var imports []string
var haveImport = map[string]bool{}
+ if pkg == "crypto/internal/boring" {
+ haveImport["C"] = true // kludge: prevent C from appearing in crypto/internal/boring imports
+ }
fset := token.NewFileSet()
for _, file := range files {
name := file.Name()
For #51940.
Change-Id: I26fc752484310d77d22adb06495120a361568d04
Reviewed-on: https://go-review.googlesource.com/c/go/+/395877
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
|
|
A plain make.bash in this tree will produce a working,
standard Go toolchain, not a BoringCrypto-enabled one.
The BoringCrypto-enabled one will be created with:
GOEXPERIMENT=boringcrypto ./make.bash
For #51940.
Change-Id: Ia9102ed993242eb1cb7f9b93eca97e81986a27b3
Reviewed-on: https://go-review.googlesource.com/c/go/+/395881
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
Change-Id: Ic5f71c04f08c03319c043f35be501875adb0a3b0
|
|
Not quite golang.org/wiki/TargetSpecific compliant, but almost.
The only substantial code change is in randFieldElement: it used to use
Params().BitSize instead of Params().N.BitLen(), which is semantically
incorrect, even if the two values are the same for all named curves.
For #52182
Change-Id: Ibc47450552afe23ea74fcf55d1d799d5d7e5487c
Reviewed-on: https://go-review.googlesource.com/c/go/+/315273
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
|
|
Change-Id: I52009bf809dda4fbcff03aa82d0ea8aa2a978fa2
|
|
A future change to gofmt will rewrite
// Doc comment.
//go:foo
to
// Doc comment.
//
//go:foo
Apply that change preemptively to all comments (not necessarily just doc comments).
For #51082.
Change-Id: Iffe0285418d1e79d34526af3520b415a12203ca9
Reviewed-on: https://go-review.googlesource.com/c/go/+/384260
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
Change-Id: I18dbf4f9fa7e2334fccedd862a523126cf38164e
|
|
crypto/ecdsa was long overdue a cleanup. Bump the FIPS 186 version, and
make sure we consistently reference that and SEC 1, not the paywalled
ANSI standard.
Change-Id: Idd90bd6c14b334941fdcd829d89b796a60a8b174
Reviewed-on: https://go-review.googlesource.com/c/go/+/352529
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Change-Id: I1aa33cabd0c55fe64994b08f8a3f7b6bbfb3282c
|
|
The current code, introduced in CL 2422, mixes K bits of entropy with
the private key and message digest to generate the signature nonce,
where K is half the bit size of the curve. While the ECDLP complexity
(and hence security level) of a curve is half its bit size, the birthday
bound on K bits is only K/2. For P-224, this means we should expect a
collision after 2^56 signatures over the same message with the same key.
A collision, which is unlikely, would still not be a major practical
concern, because the scheme would fall back to a secure deterministic
signature scheme, and simply leak the fact that the two signed messages
are the same (which is presumably already public).
Still, we can simplify the code and remove the eventuality by always
drawing 256 bits of entropy.
Change-Id: I58097bd3cfc9283503e38751c924c53d271af92b
Reviewed-on: https://go-review.googlesource.com/c/go/+/352530
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
When these packages are released as part of Go 1.18,
Go 1.16 will no longer be supported, so we can remove
the +build tags in these files.
Ran go fix -fix=buildtag std cmd and then reverted the bootstrapDirs
as defined in src/cmd/dist/buildtool.go, which need to continue
to build with Go 1.4 for now.
Also reverted src/vendor and src/cmd/vendor, which will need
to be updated in their own repos first.
Manual changes in runtime/pprof/mprof_test.go to adjust line numbers.
For #41184.
Change-Id: Ic0f93f7091295b6abc76ed5cd6e6746e1280861e
Reviewed-on: https://go-review.googlesource.com/c/go/+/344955
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
|
|
Many uses of Index/IndexByte/IndexRune/Split/SplitN
can be written more clearly using the new Cut functions.
Do that. Also rewrite to other functions if that's clearer.
For #46336.
Change-Id: I68d024716ace41a57a8bf74455c62279bde0f448
Reviewed-on: https://go-review.googlesource.com/c/go/+/351711
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
dev.boringcrypto
There used to be two BoringCrypto-specific behaviors related to cipher
suites in crypto/tls:
1. in FIPS-only mode, only a restricted set of AES ciphers is allowed
2. NOT in FIPS-only mode, AES would be prioritized over ChaCha20 even if
AES hardware was not available
The motivation of (2) is unclear, and BoringSSL doesn't have equivalent
logic. This merge drops (2), and keeps (1). Note that the list of
FIPS-only ciphers does not have priority semantics anymore, but the
default logic still sorts them the same way as they used to be.
Change-Id: I50544011085cfa2b087f323aebf5338c0bd2dd33
|
|
Ensured all tests and benchmarks run over all curves.
Change-Id: Idcbe14a50c60ff6c2cd56793bced6b428d049c39
Reviewed-on: https://go-review.googlesource.com/c/go/+/315272
Trust: Filippo Valsorda <filippo@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
