| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Updates #77113
Updates #77217
Updates CVE-2025-68121
Change-Id: Ia47904a9ed001275aad0243a6a0ce57e6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/740240
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
|
|
Load constant keys from a static memory table rather than loading immediates into registers on loong64.
Benchmark for Loongson-3A5000:
goos: linux
goarch: loong64
pkg: crypto/sha1
cpu: Loongson-3A5000-HV @ 2500.00MHz
│ old │ new │
│ sec/op │ sec/op vs base │
Hash8Bytes/New-4 235.9n ± 0% 229.1n ± 0% -2.88% (p=0.000 n=8)
Hash8Bytes/Sum-4 1.892µ ± 0% 1.882µ ± 0% -0.50% (p=0.000 n=8)
Hash320Bytes/New-4 1022.0n ± 0% 963.8n ± 0% -5.70% (p=0.000 n=8)
Hash320Bytes/Sum-4 1037.0n ± 0% 981.1n ± 0% -5.39% (p=0.000 n=8)
Hash1K/New-4 2.760µ ± 0% 2.594µ ± 0% -6.01% (p=0.000 n=8)
Hash1K/Sum-4 2.775µ ± 0% 2.610µ ± 0% -5.95% (p=0.000 n=8)
Hash8K/New-4 20.46µ ± 0% 19.20µ ± 0% -6.17% (p=0.000 n=8)
Hash8K/Sum-4 20.49µ ± 0% 19.22µ ± 0% -6.17% (p=0.000 n=8)
geomean 2.498µ 2.377µ -4.87%
│ old │ new │
│ B/s │ B/s vs base │
Hash8Bytes/New-4 32.34Mi ± 0% 33.30Mi ± 0% +2.98% (p=0.000 n=8)
Hash8Bytes/Sum-4 4.034Mi ± 0% 4.053Mi ± 0% +0.47% (p=0.000 n=8)
Hash320Bytes/New-4 298.7Mi ± 0% 316.7Mi ± 0% +6.02% (p=0.000 n=8)
Hash320Bytes/Sum-4 294.3Mi ± 0% 311.0Mi ± 0% +5.69% (p=0.000 n=8)
Hash1K/New-4 353.8Mi ± 0% 376.5Mi ± 0% +6.41% (p=0.000 n=8)
Hash1K/Sum-4 351.9Mi ± 0% 374.1Mi ± 0% +6.31% (p=0.000 n=8)
Hash8K/New-4 381.8Mi ± 0% 406.9Mi ± 0% +6.57% (p=0.000 n=8)
Hash8K/Sum-4 381.4Mi ± 0% 406.4Mi ± 0% +6.58% (p=0.000 n=8)
geomean 146.1Mi 153.6Mi +5.11%
Change-Id: I7305caefa1434ab2bb4ce94a1c789d4ee5b7ccf3
Reviewed-on: https://go-review.googlesource.com/c/go/+/732580
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: abner chenc <chenguoqi@loongson.cn>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
|
|
tautological/impossible nil conditions
Change-Id: I3cdc599ebc93f5c9be5645e7ef7ce167242d9c1b
Reviewed-on: https://go-review.googlesource.com/c/go/+/739800
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
When resuming TLS sessions, on the server and client verify that the
chains stored in the session state (verifiedChains) are still acceptable
with regards to the Config by checking for the inclusion of the root in
either ClientCAs (server) or RootCAs (client). This prevents resuming
a session with a certificate chain that would be rejected during a full
handshake due to an untrusted root.
Updates #77113
Updates #77217
Updates CVE-2025-68121
Change-Id: I11fe00909ef1961c24ecf80bf5b97f7b1121d359
Reviewed-on: https://go-review.googlesource.com/c/go/+/737700
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Coia Prant <coiaprant@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
When resuming a session, check that the verifiedChains contain at least
one chain that is still valid at the time of resumption. If not, trigger
a new handshake.
Updates #77113
Updates #77217
Updates CVE-2025-68121
Change-Id: I14f585c43da17802513cbdd5b10c552d7a38b34e
Reviewed-on: https://go-review.googlesource.com/c/go/+/739321
Reviewed-by: Coia Prant <coiaprant@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
This reverts CL 736709 (commit bba24719a4cad5cc8d771fc9cfff5a38019d554a).
Updates #77113
Updates CVE-2025-68121
Change-Id: I0261cb75e9adf9d0ac9890dc91ae8476b8988ba0
Reviewed-on: https://go-review.googlesource.com/c/go/+/739320
Reviewed-by: Coia Prant <coiaprant@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
On a Banana Pi F3:
│ subtle.1 │ subtle.2 │
│ sec/op │ sec/op vs base │
ConstantTimeSelect-8 4.391n ± 1% 4.390n ± 0% ~ (p=0.500 n=10)
ConstantTimeByteEq-8 3.763n ± 0% 3.764n ± 0% ~ (p=0.549 n=10)
ConstantTimeEq-8 3.767n ± 1% 3.764n ± 0% -0.08% (p=0.002 n=10)
ConstantTimeLessOrEq-8 3.136n ± 0% 3.138n ± 0% +0.06% (p=0.002 n=10)
XORBytes/8Bytes-8 53.42n ± 0% 52.28n ± 0% -2.13% (p=0.000 n=10)
XORBytes/128Bytes-8 64.79n ± 0% 64.12n ± 0% -1.03% (p=0.000 n=10)
XORBytes/2048Bytes-8 479.3n ± 0% 322.0n ± 0% -32.84% (p=0.000 n=10)
XORBytes/8192Bytes-8 8.897µ ± 26% 7.734µ ± 12% ~ (p=0.165 n=10)
XORBytes/32768Bytes-8 39.17µ ± 17% 35.40µ ± 24% -9.63% (p=0.029 n=10)
XORBytesAlignment/8Bytes0Offset-8 51.74n ± 0% 54.18n ± 0% +4.72% (p=0.000 n=10)
XORBytesAlignment/8Bytes1Offset-8 51.51n ± 1% 53.52n ± 0% +3.92% (p=0.000 n=10)
XORBytesAlignment/8Bytes2Offset-8 51.35n ± 1% 53.58n ± 0% +4.34% (p=0.000 n=10)
XORBytesAlignment/8Bytes3Offset-8 50.86n ± 0% 53.56n ± 0% +5.31% (p=0.000 n=10)
XORBytesAlignment/8Bytes4Offset-8 51.62n ± 0% 54.20n ± 0% +4.98% (p=0.000 n=10)
XORBytesAlignment/8Bytes5Offset-8 51.42n ± 1% 53.48n ± 0% +4.02% (p=0.000 n=10)
XORBytesAlignment/8Bytes6Offset-8 51.08n ± 1% 53.46n ± 0% +4.67% (p=0.000 n=10)
XORBytesAlignment/8Bytes7Offset-8 50.83n ± 0% 53.54n ± 0% +5.33% (p=0.000 n=10)
XORBytesAlignment/128Bytes0Offset-8 63.67n ± 0% 66.04n ± 0% +3.72% (p=0.000 n=10)
XORBytesAlignment/128Bytes1Offset-8 114.40n ± 0% 67.42n ± 0% -41.07% (p=0.000 n=10)
XORBytesAlignment/128Bytes2Offset-8 113.85n ± 0% 67.43n ± 0% -40.78% (p=0.000 n=10)
XORBytesAlignment/128Bytes3Offset-8 114.60n ± 0% 67.31n ± 0% -41.27% (p=0.000 n=10)
XORBytesAlignment/128Bytes4Offset-8 109.30n ± 0% 67.45n ± 0% -38.29% (p=0.000 n=10)
XORBytesAlignment/128Bytes5Offset-8 110.70n ± 0% 67.32n ± 1% -39.19% (p=0.000 n=10)
XORBytesAlignment/128Bytes6Offset-8 110.05n ± 0% 67.45n ± 1% -38.71% (p=0.000 n=10)
XORBytesAlignment/128Bytes7Offset-8 110.60n ± 0% 67.43n ± 0% -39.04% (p=0.000 n=10)
XORBytesAlignment/2048Bytes0Offset-8 478.4n ± 0% 335.6n ± 0% -29.85% (p=0.000 n=10)
XORBytesAlignment/2048Bytes1Offset-8 529.7n ± 0% 349.3n ± 0% -34.05% (p=0.000 n=10)
XORBytesAlignment/2048Bytes2Offset-8 529.3n ± 0% 349.8n ± 0% -33.91% (p=0.000 n=10)
XORBytesAlignment/2048Bytes3Offset-8 529.8n ± 0% 349.5n ± 0% -34.02% (p=0.000 n=10)
XORBytesAlignment/2048Bytes4Offset-8 524.7n ± 0% 349.6n ± 0% -33.38% (p=0.000 n=10)
XORBytesAlignment/2048Bytes5Offset-8 525.9n ± 0% 349.6n ± 0% -33.52% (p=0.000 n=10)
XORBytesAlignment/2048Bytes6Offset-8 525.1n ± 0% 349.8n ± 0% -33.39% (p=0.000 n=10)
XORBytesAlignment/2048Bytes7Offset-8 526.0n ± 0% 349.8n ± 0% -33.51% (p=0.000 n=10)
geomean 120.0n 96.92n -19.23%
│ subtle.1 │ subtle.2 │
│ B/s │ B/s vs base │
XORBytes/8Bytes-8 142.8Mi ± 0% 145.9Mi ± 0% +2.19% (p=0.000 n=10)
XORBytes/128Bytes-8 1.840Gi ± 0% 1.859Gi ± 0% +1.05% (p=0.000 n=10)
XORBytes/2048Bytes-8 3.979Gi ± 0% 5.925Gi ± 0% +48.89% (p=0.000 n=10)
XORBytes/8192Bytes-8 879.1Mi ± 35% 1010.2Mi ± 13% ~ (p=0.165 n=10)
XORBytes/32768Bytes-8 797.9Mi ± 21% 882.8Mi ± 31% +10.64% (p=0.029 n=10)
XORBytesAlignment/8Bytes0Offset-8 147.5Mi ± 0% 140.8Mi ± 0% -4.50% (p=0.000 n=10)
XORBytesAlignment/8Bytes1Offset-8 148.1Mi ± 1% 142.5Mi ± 0% -3.77% (p=0.000 n=10)
XORBytesAlignment/8Bytes2Offset-8 148.6Mi ± 1% 142.4Mi ± 0% -4.15% (p=0.000 n=10)
XORBytesAlignment/8Bytes3Offset-8 150.0Mi ± 0% 142.4Mi ± 0% -5.04% (p=0.000 n=10)
XORBytesAlignment/8Bytes4Offset-8 147.8Mi ± 0% 140.8Mi ± 0% -4.75% (p=0.000 n=10)
XORBytesAlignment/8Bytes5Offset-8 148.4Mi ± 1% 142.6Mi ± 0% -3.87% (p=0.000 n=10)
XORBytesAlignment/8Bytes6Offset-8 149.4Mi ± 1% 142.7Mi ± 0% -4.45% (p=0.000 n=10)
XORBytesAlignment/8Bytes7Offset-8 150.1Mi ± 0% 142.5Mi ± 0% -5.05% (p=0.000 n=10)
XORBytesAlignment/128Bytes0Offset-8 1.872Gi ± 0% 1.805Gi ± 0% -3.59% (p=0.000 n=10)
XORBytesAlignment/128Bytes1Offset-8 1.042Gi ± 0% 1.768Gi ± 0% +69.65% (p=0.000 n=10)
XORBytesAlignment/128Bytes2Offset-8 1.047Gi ± 0% 1.768Gi ± 0% +68.80% (p=0.000 n=10)
XORBytesAlignment/128Bytes3Offset-8 1.040Gi ± 0% 1.771Gi ± 0% +70.27% (p=0.000 n=10)
XORBytesAlignment/128Bytes4Offset-8 1.090Gi ± 0% 1.767Gi ± 0% +62.08% (p=0.000 n=10)
XORBytesAlignment/128Bytes5Offset-8 1.077Gi ± 0% 1.771Gi ± 1% +64.41% (p=0.000 n=10)
XORBytesAlignment/128Bytes6Offset-8 1.083Gi ± 0% 1.767Gi ± 1% +63.17% (p=0.000 n=10)
XORBytesAlignment/128Bytes7Offset-8 1.078Gi ± 0% 1.768Gi ± 0% +64.07% (p=0.000 n=10)
XORBytesAlignment/2048Bytes0Offset-8 3.987Gi ± 0% 5.684Gi ± 0% +42.55% (p=0.000 n=10)
XORBytesAlignment/2048Bytes1Offset-8 3.601Gi ± 0% 5.459Gi ± 0% +51.61% (p=0.000 n=10)
XORBytesAlignment/2048Bytes2Offset-8 3.604Gi ± 0% 5.453Gi ± 0% +51.31% (p=0.000 n=10)
XORBytesAlignment/2048Bytes3Offset-8 3.600Gi ± 0% 5.457Gi ± 0% +51.56% (p=0.000 n=10)
XORBytesAlignment/2048Bytes4Offset-8 3.635Gi ± 0% 5.456Gi ± 0% +50.10% (p=0.000 n=10)
XORBytesAlignment/2048Bytes5Offset-8 3.627Gi ± 0% 5.455Gi ± 0% +50.39% (p=0.000 n=10)
XORBytesAlignment/2048Bytes6Offset-8 3.632Gi ± 0% 5.454Gi ± 0% +50.14% (p=0.000 n=10)
XORBytesAlignment/2048Bytes7Offset-8 3.626Gi ± 0% 5.453Gi ± 0% +50.39% (p=0.000 n=10)
geomean 881.0Mi 1.097Gi +27.51%
Change-Id: Id7f9d87fe1ea39aa91ea7d3fd1ba20737f0dda3c
Reviewed-on: https://go-review.googlesource.com/c/go/+/649657
Reviewed-by: Julian Zhu <jz531210@gmail.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Once a tls.Config is used, it is not safe to mutate. We provide the
Clone method in order to allow users to copy and modify a Config that
is in use.
If Config.SessionTicketKey is not populated, and if
Config.SetSessionTicketKeys has not been called, we automatically
populate and rotate session ticket keys. Clone was previously copying
these keys into the new Config, meaning that two Configs could share
the same auto-rotated session ticket keys. This could allow sessions to
be resumed across different Configs, which may have completely different
configurations.
This change updates Clone to not copy the auto-rotated session ticket
keys.
Additionally, when resuming a session, check that not just that the leaf
certificate is unexpired, but that the entire certificate chain is still
unexpired.
Fixes #77113
Fixes CVE-2025-68121
Change-Id: I011df7329de83068d11b3f0c793763692d018a98
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3300
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/736709
Auto-Submit: Michael Pratt <mpratt@google.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Change-Id: I568d28d27d2bc55bbadcc678a2fcf9d36a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/731540
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Change-Id: Ib0ec1f05e51a4295a9369d6e8c6b61976a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/735260
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
|
|
For #74326
Change-Id: If1e61db22c9e7192e5dd56cd36141e5b6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/734640
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
|
|
Turns out we can't use non-v1 versions for the FIPS 140-3 module, so we
decided to match the versioning of the Go release the module is frozen
from.
Change-Id: Ib5c13511a51f9930fcde86cd7e8bd39c6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/730740
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
|
|
Fixes #70514
Updates #70878
Change-Id: I6a6a46561d872c8f7e9ea333ff208064b0bd44c1
Reviewed-on: https://go-review.googlesource.com/c/go/+/728506
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
|
|
For TLS 1.3, after procesesing the server/client hello, if there isn't a
CCS message, reject the trailing messages which were appended to the
hello messages. This prevents an on-path attacker from injecting
plaintext messages into the handshake.
Additionally, check that we don't have any buffered messages before we
switch the read traffic secret regardless, since any buffered messages
would have been under an old key which is no longer appropriate.
We also invert the ordering of setting the read/write secrets so that if
we fail when changing the read secret we send the alert using the
correct write secret.
Fixes #76443
Fixes CVE-2025-61730
Change-Id: If6ba8ad16f48d5cd5db5574824062ad4244a5b52
Reviewed-on: https://go-review.googlesource.com/c/go/+/724120
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Coia Prant <coiaprant@gmail.com>
|
|
When we first implemented DIT (crypto/subtle.WithDataIndependentTiming),
we made it so that enabling DIT on a goroutine would lock that goroutine
to its current OS thread. This was done to ensure that the DIT state
(which is per-thread) would not leak to other goroutines. We also did
not make goroutines inherit the DIT state.
This change makes goroutines inherit the DIT state from their parent
at creation time. It also removes the OS thread locking when enabling
DIT on a goroutine. Instead, we now set the DIT state on the OS thread
in the scheduler whenever we switch to a goroutine that has DIT enabled,
and we unset it when switching to a goroutine that has DIT disabled.
We add a new field to G and M, ditEnabled, to track whether the G wants
DIT enabled, and whether the M currently has DIT enabled, respectively.
When the scheduler executes a goroutine, it checks these fields and
enables/disables DIT on the thread as needed.
Additionally, cgocallbackg is updated to check if DIT is enabled when
being called from C, and sets the G and M fields accordingly. This
ensures that if DIT was enabled/disabled in C, the correct state will be
reflected in the Go runtime.
The behavior as it currently stands is as follows:
- The function passed to crypto/subtle.WithDataIndependentTiming
will have DIT enabled.
- Any goroutine created within that function will inherit DIT enabled
for its lifetime. Any goroutine created from subquent goroutines will
also inherit DIT enabled for their lifetimes.
- Calling into a C function within from a goroutine with DIT enabled
will have DIT enabled.
- If the C code disables DIT, the goroutine will have DIT re-enabled
when returning to Go.
- If the C code enables DIT, the goroutine will have DIT disabled
when returning to Go if it was not previously enabled.
- Calling back into Go code from C will have DIT enabled if it was
enabled when calling into C, or if the C code enabled it.
Change-Id: I8e91e6df13bb88e56e1036e0e0e5f04efd8eebd3
Reviewed-on: https://go-review.googlesource.com/c/go/+/726382
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
|
|
Consistently use testenv.Command and testenv.Executable, avoid redundant
testenv.Must, use testenv.CleanCmdEnv where the output is parsed, always
log the output with a preceding newline, invoke tests with -v, and
always use cmd.Environ() to preserve existing env.
Change-Id: I647ff1a8b7d162e5e8df9424030fac446a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/728641
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Since it uses an Approved KEM (ML-KEM), the overall hybrid KEM is
Approved, even if X25519 is not.
Updates #70514
Updates #74630
Change-Id: I2bb60c36fcf570baa3c389e2daa3698e6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/728505
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Updates #70514
Change-Id: I1d1a0b4a2c7ee4cb6e8e0700dd3463a46a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/728502
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Caught because the one-shop APIs put the ciphertext after enc in a
single slice, so Recipient.Open would corrupt the ciphertext.
Change-Id: I15fe1dfcc05a5a7f5cd0b4ada21661e66a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/728500
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
|
|
mode
The enforcement is good beyond compliance if it is correct, but I am
more nervous about accidental DoS due to mismatches between how the
caller calculates a nonce and how the enforcement expects it to be
calculated.
We need to have this enforcement in FIPS 140-3 mode, but no need to blow
ourselves up when it's off.
If all goes well, this code is unreachable anyway.
Change-Id: If73ec59ebbd283b0e5506354961a87a06a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/728504
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: David Chase <drchase@google.com>
|
|
It does the exact same thing, but we can document it as an allowed and
enforced nonce scheme in the Security Policy.
Change-Id: I9d95ba53354e5c8112cde24101570d4b6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/728503
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
|
|
The cpu/go-acvp repository holding trimmed ACVP test server vectors and
validated expected results was always meant to be a temporary home. It
has now been migrated to geomys/acvp-testdata where it will continue to
be maintained by Geomys along with the FIPS module.
This commit updates acvp_test.go to use the new module location.
Change-Id: I888b125356afd0b4073cb38645486c258dea3c54
Reviewed-on: https://go-review.googlesource.com/c/go/+/725620
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Change-Id: I5dec35b1432705b3a52859c38e758220282226af
Reviewed-on: https://go-review.googlesource.com/c/go/+/726700
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Several crypto functions accepting a rand parameter skip calling
boringcrypto when the rand is not boring.RandReader.
The new crypto/internal/rand package currently defines its own Reader
that wraps boring.RandReader. That will unintentionally bypass
boringcrypto when used with the aforementioned functions.
Fixes #76672
Change-Id: Ie0c1345530c734a23815f9593590b5d32604f54d
Reviewed-on: https://go-review.googlesource.com/c/go/+/726220
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
hybridKEM.pqGenerateKey is not used anywhere. Having it around
is confusing, as it suggests that the mlkem seed is generated within
the mlkem package, when it is not.
Change-Id: Ie0bdb79d6b774db7b21dfff2b966452463f1ce08
Reviewed-on: https://go-review.googlesource.com/c/go/+/726260
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Constructing HostnameError.Error() takes O(N^2) runtime due to using a
string concatenation in a loop. Additionally, there is no limit on how
many names are included in the error message. As a result, a malicious
attacker could craft a certificate with an infinite amount of names to
unfairly consume resource.
To remediate this, we will now use strings.Builder to construct the
error message, preventing O(N^2) runtime. When a certificate has 100 or
more names, we will also not print each name individually.
Thanks to Philippe Antoine (Catena cyber) for reporting this issue.
Fixes #76445
Fixes CVE-2025-61729
Change-Id: I6343776ec3289577abc76dad71766c491c1a7c81
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3000
Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/725920
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
|
|
First, we centralize all random bytes generation through drbg.Read. The
rest of the FIPS 140-3 module can't use external functions anyway, so
drbg.Read needs to have all the logic.
Then, make sure that the crypto/... tree uses drbg.Read (or the new
crypto/internal/rand.Reader wrapper) instead of crypto/rand, so it is
unaffected by applications setting crypto/rand.Reader.
Next, pass all unspecified random io.Reader parameters through the new
crypto/internal/rand.CustomReader, which just redirects to drbg.Read
unless GODEBUG=cryptocustomrand=1 is set. Move all the calls to
MaybeReadByte there, since it's only needed for these custom Readers.
Finally, add testing/cryptotest.SetGlobalRandom which sets
crypto/rand.Reader to a locked deterministic source and overrides
drbg.Read. This way SetGlobalRandom should affect all cryptographic
randomness in the standard library.
Fixes #70942
Co-authored-by: qiulaidongfeng <2645477756@qq.com>
Change-Id: I6a6a69641311d9fac318abcc6d79677f0e406100
Reviewed-on: https://go-review.googlesource.com/c/go/+/724480
Reviewed-by: Nicholas Husin <nsh@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Fixes #75656
Change-Id: I6bc71c80973765ef995d17b1450ea2026a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/724820
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
|
|
WithoutEnforcement lets programs running under GODEBUG=fips140=only
selectively opt out of strict enforcement. This is especially helpful
for non-critical uses of cryptography routines like SHA-1 for content
addressable storage backends (E.g. git).
Fixes #74630
Change-Id: Iabba1f5eb63498db98047aca45e09c5dccf2fbdf
Reviewed-on: https://go-review.googlesource.com/c/go/+/723720
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
And OIDFromASN1OID for converting between asn1.ObjectIdentifier and OID.
Fixes #75325
Change-Id: I3b84dce54346d88aab731ffe30d0fef07b014f04
Reviewed-on: https://go-review.googlesource.com/c/go/+/724761
Reviewed-by: Neal Patel <nealpatel@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Commit-Queue: Neal Patel <nealpatel@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Implement overflow-aware optimization in ctrBlocks8Asm: make a fast branch
in case when there is no overflow. One branch per 8 blocks is faster than
7 increments in general purpose registers and transfers from them to XMM.
Added AES-192 and AES-256 modes to the AES-CTR benchmark.
Added a correctness test in ctr_test.go for the overflow optimization.
This improves performance, especially in AES-128 mode.
goos: windows
goarch: amd64
pkg: crypto/cipher
cpu: AMD Ryzen 7 5800H with Radeon Graphics
│ B/s │ B/s vs base
AESCTR/128/50-16 1.377Gi ± 0% 1.384Gi ± 0% +0.51% (p=0.028 n=20)
AESCTR/128/1K-16 6.164Gi ± 0% 6.892Gi ± 1% +11.81% (p=0.000 n=20)
AESCTR/128/8K-16 7.372Gi ± 0% 8.768Gi ± 1% +18.95% (p=0.000 n=20)
AESCTR/192/50-16 1.289Gi ± 0% 1.279Gi ± 0% -0.75% (p=0.001 n=20)
AESCTR/192/1K-16 5.734Gi ± 0% 6.011Gi ± 0% +4.83% (p=0.000 n=20)
AESCTR/192/8K-16 6.889Gi ± 1% 7.437Gi ± 0% +7.96% (p=0.000 n=20)
AESCTR/256/50-16 1.170Gi ± 0% 1.163Gi ± 0% -0.54% (p=0.005 n=20)
AESCTR/256/1K-16 5.235Gi ± 0% 5.391Gi ± 0% +2.98% (p=0.000 n=20)
AESCTR/256/8K-16 6.361Gi ± 0% 6.676Gi ± 0% +4.94% (p=0.000 n=20)
geomean 3.681Gi 3.882Gi +5.46%
The slight slowdown on 50-byte workloads is unrelated to this change,
because such workloads never use ctrBlocks8Asm.
Updates #76061
Change-Id: Idfd628ac8bb282d9c73c6adf048eb12274a41379
GitHub-Last-Rev: 5aadd39351806fbbf5201e07511aac05bdcb0529
GitHub-Pull-Request: golang/go#76059
Reviewed-on: https://go-review.googlesource.com/c/go/+/714361
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: AHMAD ابو وليد <mizommz@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
|
|
First, this adds a GCM mode for QUIC, and a generic TLS 1.3/QUIC-like
XOR'd counter mode. QUIC constructs nonces exactly like TLS 1.3, but the
counter does not reset to zero on a key update, so the mask must be
provided explicitly (or we will panic well before running out of
counters because the wrong value is XOR'd out). See the analysis at
https://github.com/quic-go/quic-go/issues/5077#issuecomment-3570352683
for the details of QUIC and FIPS 140-3 compliance (including a
workaround for the key update issue).
Second, this coalesces all the compliance modes around two schemes:
fixed || counter, and fixed XOR counter. The former is used in TLS 1.2
and SSH, and the latter is used in TLS 1.3 and QUIC.
This would not be a backwards compatible change if these were public
APIs, but we only need different versions of the FIPS 140-3 module to be
source-compatible with the standard library, and the callers of these
NewGCMFor* functions only care that the return value implements
cipher.AEAD, at least for now.
This exposes no new public APIs, but lets us get started validating
these functions in v2.0.0 of the FIPS 140-3 module.
Updates #73110
Change-Id: I3d86cf8a3c4a96caf361c29f0db5f9706a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/723760
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Fixes #71206
Change-Id: If3cf75261c56828b87ae6805bd2913f56a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/722140
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Change-Id: I71d63b0b78a9fc4895574f6df465e22c9585e77c
Reviewed-on: https://go-review.googlesource.com/c/go/+/710196
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
speed-up
goos: linux
goarch: amd64
pkg: crypto/sha512
cpu: AMD EPYC 7B13
│ before │ after │
│ sec/op │ sec/op vs base │
Hash8Bytes/New 486.7n ± 1% 440.3n ± 0% -9.53% (p=0.001 n=7)
Hash8Bytes/New-2 487.3n ± 1% 442.6n ± 1% -9.17% (p=0.001 n=7)
Hash8Bytes/New-4 488.0n ± 1% 442.3n ± 0% -9.36% (p=0.001 n=7)
Hash8Bytes/Sum384 495.1n ± 0% 451.2n ± 1% -8.87% (p=0.001 n=7)
Hash8Bytes/Sum384-2 495.0n ± 1% 450.8n ± 1% -8.93% (p=0.001 n=7)
Hash8Bytes/Sum384-4 500.2n ± 2% 453.6n ± 2% -9.32% (p=0.001 n=7)
Hash8Bytes/Sum512 497.3n ± 1% 452.1n ± 0% -9.09% (p=0.001 n=7)
Hash8Bytes/Sum512-2 496.0n ± 1% 453.5n ± 0% -8.57% (p=0.001 n=7)
Hash8Bytes/Sum512-4 498.5n ± 0% 452.3n ± 1% -9.27% (p=0.001 n=7)
Hash1K/New 3.985µ ± 1% 3.543µ ± 1% -11.09% (p=0.001 n=7)
Hash1K/New-2 4.004µ ± 2% 3.558µ ± 1% -11.14% (p=0.001 n=7)
Hash1K/New-4 3.997µ ± 0% 3.563µ ± 1% -10.86% (p=0.001 n=7)
Hash1K/Sum384 3.996µ ± 1% 3.560µ ± 1% -10.91% (p=0.001 n=7)
Hash1K/Sum384-2 4.011µ ± 1% 3.576µ ± 1% -10.85% (p=0.001 n=7)
Hash1K/Sum384-4 4.004µ ± 0% 3.564µ ± 0% -10.99% (p=0.001 n=7)
Hash1K/Sum512 3.998µ ± 1% 3.555µ ± 1% -11.08% (p=0.001 n=7)
Hash1K/Sum512-2 3.996µ ± 0% 3.560µ ± 1% -10.91% (p=0.001 n=7)
Hash1K/Sum512-4 4.004µ ± 1% 3.573µ ± 1% -10.76% (p=0.001 n=7)
Hash8K/New 28.34µ ± 1% 25.29µ ± 1% -10.77% (p=0.001 n=7)
Hash8K/New-2 28.45µ ± 1% 25.48µ ± 1% -10.44% (p=0.001 n=7)
Hash8K/New-4 28.42µ ± 1% 25.37µ ± 1% -10.71% (p=0.001 n=7)
Hash8K/Sum384 28.38µ ± 0% 25.18µ ± 0% -11.28% (p=0.001 n=7)
Hash8K/Sum384-2 28.50µ ± 1% 25.35µ ± 1% -11.07% (p=0.001 n=7)
Hash8K/Sum384-4 28.51µ ± 1% 25.35µ ± 0% -11.07% (p=0.001 n=7)
Hash8K/Sum512 28.34µ ± 1% 25.23µ ± 0% -10.96% (p=0.001 n=7)
Hash8K/Sum512-2 28.33µ ± 1% 25.23µ ± 1% -10.95% (p=0.001 n=7)
Hash8K/Sum512-4 28.48µ ± 1% 25.31µ ± 1% -11.13% (p=0.001 n=7)
geomean 3.828µ 3.433µ -10.34%
│ before │ after │
│ B/s │ B/s vs base │
Hash8Bytes/New 15.68Mi ± 1% 17.33Mi ± 0% +10.52% (p=0.001 n=7)
Hash8Bytes/New-2 15.66Mi ± 1% 17.23Mi ± 1% +10.05% (p=0.001 n=7)
Hash8Bytes/New-4 15.63Mi ± 0% 17.25Mi ± 0% +10.37% (p=0.001 n=7)
Hash8Bytes/Sum384 15.41Mi ± 0% 16.91Mi ± 1% +9.72% (p=0.001 n=7)
Hash8Bytes/Sum384-2 15.41Mi ± 1% 16.93Mi ± 1% +9.84% (p=0.001 n=7)
Hash8Bytes/Sum384-4 15.25Mi ± 2% 16.82Mi ± 2% +10.32% (p=0.001 n=7)
Hash8Bytes/Sum512 15.34Mi ± 1% 16.87Mi ± 0% +9.94% (p=0.001 n=7)
Hash8Bytes/Sum512-2 15.38Mi ± 1% 16.82Mi ± 0% +9.36% (p=0.001 n=7)
Hash8Bytes/Sum512-4 15.31Mi ± 0% 16.87Mi ± 1% +10.22% (p=0.001 n=7)
Hash1K/New 245.0Mi ± 1% 275.6Mi ± 1% +12.47% (p=0.001 n=7)
Hash1K/New-2 243.9Mi ± 2% 274.5Mi ± 1% +12.55% (p=0.001 n=7)
Hash1K/New-4 244.3Mi ± 0% 274.1Mi ± 1% +12.21% (p=0.001 n=7)
Hash1K/Sum384 244.4Mi ± 0% 274.3Mi ± 1% +12.24% (p=0.001 n=7)
Hash1K/Sum384-2 243.5Mi ± 1% 273.1Mi ± 1% +12.16% (p=0.001 n=7)
Hash1K/Sum384-4 243.9Mi ± 0% 274.0Mi ± 0% +12.35% (p=0.001 n=7)
Hash1K/Sum512 244.3Mi ± 1% 274.7Mi ± 1% +12.46% (p=0.001 n=7)
Hash1K/Sum512-2 244.4Mi ± 0% 274.3Mi ± 1% +12.25% (p=0.001 n=7)
Hash1K/Sum512-4 243.9Mi ± 1% 273.3Mi ± 1% +12.08% (p=0.001 n=7)
Hash8K/New 275.7Mi ± 1% 309.0Mi ± 1% +12.07% (p=0.001 n=7)
Hash8K/New-2 274.6Mi ± 1% 306.6Mi ± 1% +11.67% (p=0.001 n=7)
Hash8K/New-4 274.9Mi ± 1% 307.9Mi ± 1% +11.99% (p=0.001 n=7)
Hash8K/Sum384 275.3Mi ± 0% 310.3Mi ± 0% +12.71% (p=0.001 n=7)
Hash8K/Sum384-2 274.1Mi ± 1% 308.2Mi ± 1% +12.45% (p=0.001 n=7)
Hash8K/Sum384-4 274.1Mi ± 1% 308.2Mi ± 0% +12.44% (p=0.001 n=7)
Hash8K/Sum512 275.7Mi ± 1% 309.6Mi ± 0% +12.31% (p=0.001 n=7)
Hash8K/Sum512-2 275.8Mi ± 1% 309.7Mi ± 1% +12.29% (p=0.001 n=7)
Hash8K/Sum512-4 274.3Mi ± 1% 308.7Mi ± 1% +12.52% (p=0.001 n=7)
geomean 101.2Mi 112.9Mi +11.53%
│ before │ after │
│ B/op │ B/op vs base │
Hash8Bytes/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum384 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum384-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum384-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum512 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum512-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum512-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum384 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum384-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum384-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum512 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum512-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum512-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum384 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum384-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum384-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum512 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum512-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum512-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
geomean ² +0.00% ²
¹ all samples are equal
² summaries must be >0 to compute geomean
│ before │ after │
│ allocs/op │ allocs/op vs base │
Hash8Bytes/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum384 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum384-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum384-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum512 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum512-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum512-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum384 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum384-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum384-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum512 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum512-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum512-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum384 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum384-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum384-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum512 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum512-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum512-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
geomean ² +0.00% ²
¹ all samples are equal
² summaries must be >0 to compute geomean
Change-Id: I3791244b3f69e093203f6aa46dc59428afcb9223
Reviewed-on: https://go-review.googlesource.com/c/go/+/711844
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
speed-up
goos: linux
goarch: amd64
pkg: crypto/sha256
cpu: AMD EPYC 7B13
│ before │ after │
│ sec/op │ sec/op vs base │
Hash8Bytes/New 384.4n ± 2% 347.2n ± 0% -9.68% (p=0.001 n=7)
Hash8Bytes/New-2 386.3n ± 2% 348.3n ± 1% -9.84% (p=0.001 n=7)
Hash8Bytes/New-4 386.7n ± 1% 347.9n ± 1% -10.03% (p=0.001 n=7)
Hash8Bytes/Sum224 406.9n ± 2% 358.8n ± 3% -11.82% (p=0.001 n=7)
Hash8Bytes/Sum224-2 404.1n ± 1% 359.8n ± 1% -10.96% (p=0.001 n=7)
Hash8Bytes/Sum224-4 409.5n ± 1% 360.9n ± 1% -11.87% (p=0.001 n=7)
Hash8Bytes/Sum256 401.3n ± 1% 352.4n ± 0% -12.19% (p=0.001 n=7)
Hash8Bytes/Sum256-2 402.0n ± 1% 354.2n ± 1% -11.89% (p=0.001 n=7)
Hash8Bytes/Sum256-4 403.7n ± 1% 353.5n ± 1% -12.43% (p=0.001 n=7)
Hash1K/New 5.836µ ± 1% 5.180µ ± 2% -11.24% (p=0.001 n=7)
Hash1K/New-2 5.855µ ± 1% 5.177µ ± 5% -11.58% (p=0.001 n=7)
Hash1K/New-4 5.878µ ± 0% 5.215µ ± 3% -11.28% (p=0.001 n=7)
Hash1K/Sum224 5.860µ ± 1% 5.225µ ± 1% -10.84% (p=0.001 n=7)
Hash1K/Sum224-2 5.852µ ± 1% 5.198µ ± 1% -11.18% (p=0.001 n=7)
Hash1K/Sum224-4 5.867µ ± 1% 5.226µ ± 4% -10.93% (p=0.001 n=7)
Hash1K/Sum256 5.851µ ± 0% 5.246µ ± 1% -10.34% (p=0.001 n=7)
Hash1K/Sum256-2 5.863µ ± 1% 5.237µ ± 2% -10.68% (p=0.001 n=7)
Hash1K/Sum256-4 5.873µ ± 1% 5.191µ ± 1% -11.61% (p=0.001 n=7)
Hash8K/New 44.06µ ± 0% 38.93µ ± 1% -11.63% (p=0.001 n=7)
Hash8K/New-2 44.23µ ± 0% 39.14µ ± 1% -11.50% (p=0.001 n=7)
Hash8K/New-4 44.25µ ± 1% 39.04µ ± 1% -11.77% (p=0.001 n=7)
Hash8K/Sum224 43.98µ ± 1% 40.47µ ± 2% -7.98% (p=0.001 n=7)
Hash8K/Sum224-2 44.31µ ± 1% 39.54µ ± 3% -10.76% (p=0.001 n=7)
Hash8K/Sum224-4 44.45µ ± 1% 39.04µ ± 2% -12.16% (p=0.001 n=7)
Hash8K/Sum256 43.95µ ± 0% 39.23µ ± 0% -10.75% (p=0.001 n=7)
Hash8K/Sum256-2 44.19µ ± 1% 39.39µ ± 2% -10.87% (p=0.001 n=7)
Hash8K/Sum256-4 44.19µ ± 1% 39.27µ ± 1% -11.13% (p=0.001 n=7)
Hash256K/New 1.397m ± 1% 1.238m ± 1% -11.39% (p=0.001 n=7)
Hash256K/New-2 1.404m ± 1% 1.242m ± 1% -11.53% (p=0.001 n=7)
Hash256K/New-4 1.402m ± 1% 1.243m ± 1% -11.31% (p=0.001 n=7)
Hash256K/Sum224 1.398m ± 0% 1.237m ± 1% -11.48% (p=0.001 n=7)
Hash256K/Sum224-2 1.402m ± 1% 1.239m ± 1% -11.59% (p=0.001 n=7)
Hash256K/Sum224-4 1.409m ± 1% 1.245m ± 1% -11.61% (p=0.001 n=7)
Hash256K/Sum256 1.402m ± 1% 1.242m ± 1% -11.38% (p=0.001 n=7)
Hash256K/Sum256-2 1.397m ± 1% 1.240m ± 1% -11.22% (p=0.001 n=7)
Hash256K/Sum256-4 1.404m ± 1% 1.250m ± 1% -10.97% (p=0.001 n=7)
Hash1M/New 5.584m ± 2% 4.944m ± 1% -11.46% (p=0.001 n=7)
Hash1M/New-2 5.609m ± 1% 4.974m ± 1% -11.33% (p=0.001 n=7)
Hash1M/New-4 5.625m ± 2% 4.984m ± 2% -11.40% (p=0.001 n=7)
Hash1M/Sum224 5.578m ± 0% 4.949m ± 0% -11.28% (p=0.001 n=7)
Hash1M/Sum224-2 5.603m ± 1% 4.985m ± 1% -11.02% (p=0.001 n=7)
Hash1M/Sum224-4 5.619m ± 1% 4.976m ± 1% -11.44% (p=0.001 n=7)
Hash1M/Sum256 5.589m ± 1% 4.940m ± 0% -11.61% (p=0.001 n=7)
Hash1M/Sum256-2 5.581m ± 1% 4.981m ± 1% -10.75% (p=0.001 n=7)
Hash1M/Sum256-4 5.618m ± 3% 4.966m ± 1% -11.59% (p=0.001 n=7)
geomean 60.48µ 53.71µ -11.19%
│ before │ after │
│ B/s │ B/s vs base │
Hash8Bytes/New 19.85Mi ± 2% 21.97Mi ± 0% +10.72% (p=0.001 n=7)
Hash8Bytes/New-2 19.75Mi ± 2% 21.91Mi ± 1% +10.91% (p=0.001 n=7)
Hash8Bytes/New-4 19.73Mi ± 1% 21.93Mi ± 1% +11.16% (p=0.001 n=7)
Hash8Bytes/Sum224 18.75Mi ± 2% 21.27Mi ± 3% +13.43% (p=0.001 n=7)
Hash8Bytes/Sum224-2 18.88Mi ± 1% 21.20Mi ± 1% +12.27% (p=0.001 n=7)
Hash8Bytes/Sum224-4 18.63Mi ± 1% 21.14Mi ± 1% +13.46% (p=0.001 n=7)
Hash8Bytes/Sum256 19.01Mi ± 1% 21.65Mi ± 0% +13.90% (p=0.001 n=7)
Hash8Bytes/Sum256-2 18.98Mi ± 1% 21.54Mi ± 1% +13.52% (p=0.001 n=7)
Hash8Bytes/Sum256-4 18.90Mi ± 1% 21.58Mi ± 1% +14.18% (p=0.001 n=7)
Hash1K/New 167.4Mi ± 1% 188.5Mi ± 2% +12.65% (p=0.001 n=7)
Hash1K/New-2 166.8Mi ± 1% 188.6Mi ± 5% +13.11% (p=0.001 n=7)
Hash1K/New-4 166.1Mi ± 0% 187.3Mi ± 3% +12.71% (p=0.001 n=7)
Hash1K/Sum224 166.7Mi ± 1% 186.9Mi ± 1% +12.14% (p=0.001 n=7)
Hash1K/Sum224-2 166.9Mi ± 1% 187.9Mi ± 1% +12.59% (p=0.001 n=7)
Hash1K/Sum224-4 166.5Mi ± 1% 186.9Mi ± 4% +12.27% (p=0.001 n=7)
Hash1K/Sum256 166.9Mi ± 0% 186.1Mi ± 1% +11.51% (p=0.001 n=7)
Hash1K/Sum256-2 166.6Mi ± 1% 186.5Mi ± 2% +11.94% (p=0.001 n=7)
Hash1K/Sum256-4 166.3Mi ± 1% 188.1Mi ± 1% +13.15% (p=0.001 n=7)
Hash8K/New 177.3Mi ± 0% 200.7Mi ± 1% +13.17% (p=0.001 n=7)
Hash8K/New-2 176.6Mi ± 0% 199.6Mi ± 1% +13.00% (p=0.001 n=7)
Hash8K/New-4 176.6Mi ± 1% 200.1Mi ± 1% +13.34% (p=0.001 n=7)
Hash8K/Sum224 177.6Mi ± 1% 193.0Mi ± 2% +8.67% (p=0.001 n=7)
Hash8K/Sum224-2 176.3Mi ± 1% 197.6Mi ± 3% +12.06% (p=0.001 n=7)
Hash8K/Sum224-4 175.8Mi ± 1% 200.1Mi ± 2% +13.84% (p=0.001 n=7)
Hash8K/Sum256 177.8Mi ± 0% 199.2Mi ± 0% +12.04% (p=0.001 n=7)
Hash8K/Sum256-2 176.8Mi ± 1% 198.4Mi ± 2% +12.20% (p=0.001 n=7)
Hash8K/Sum256-4 176.8Mi ± 1% 198.9Mi ± 1% +12.52% (p=0.001 n=7)
Hash256K/New 179.0Mi ± 1% 202.0Mi ± 1% +12.86% (p=0.001 n=7)
Hash256K/New-2 178.1Mi ± 1% 201.3Mi ± 1% +13.03% (p=0.001 n=7)
Hash256K/New-4 178.4Mi ± 1% 201.1Mi ± 1% +12.76% (p=0.001 n=7)
Hash256K/Sum224 178.8Mi ± 0% 202.0Mi ± 1% +12.97% (p=0.001 n=7)
Hash256K/Sum224-2 178.3Mi ± 1% 201.7Mi ± 1% +13.11% (p=0.001 n=7)
Hash256K/Sum224-4 177.5Mi ± 1% 200.8Mi ± 1% +13.13% (p=0.001 n=7)
Hash256K/Sum256 178.3Mi ± 1% 201.2Mi ± 1% +12.83% (p=0.001 n=7)
Hash256K/Sum256-2 179.0Mi ± 1% 201.6Mi ± 1% +12.64% (p=0.001 n=7)
Hash256K/Sum256-4 178.0Mi ± 1% 200.0Mi ± 1% +12.33% (p=0.001 n=7)
Hash1M/New 179.1Mi ± 2% 202.3Mi ± 1% +12.94% (p=0.001 n=7)
Hash1M/New-2 178.3Mi ± 1% 201.1Mi ± 1% +12.78% (p=0.001 n=7)
Hash1M/New-4 177.8Mi ± 2% 200.6Mi ± 2% +12.87% (p=0.001 n=7)
Hash1M/Sum224 179.3Mi ± 0% 202.1Mi ± 0% +12.71% (p=0.001 n=7)
Hash1M/Sum224-2 178.5Mi ± 1% 200.6Mi ± 1% +12.39% (p=0.001 n=7)
Hash1M/Sum224-4 178.0Mi ± 1% 201.0Mi ± 1% +12.92% (p=0.001 n=7)
Hash1M/Sum256 178.9Mi ± 1% 202.4Mi ± 0% +13.13% (p=0.001 n=7)
Hash1M/Sum256-2 179.2Mi ± 1% 200.8Mi ± 1% +12.04% (p=0.001 n=7)
Hash1M/Sum256-4 178.0Mi ± 3% 201.3Mi ± 1% +13.12% (p=0.001 n=7)
geomean 112.5Mi 126.6Mi +12.60%
│ before │ after │
│ B/op │ B/op vs base │
Hash8Bytes/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum224 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum224-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum224-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum256 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum256-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum256-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum224 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum224-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum224-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum256 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum256-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum256-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum224 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum224-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum224-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum256 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum256-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum256-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/Sum224 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/Sum224-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/Sum224-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/Sum256 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/Sum256-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/Sum256-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/Sum224 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/Sum224-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/Sum224-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/Sum256 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/Sum256-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/Sum256-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
geomean ² +0.00% ²
¹ all samples are equal
² summaries must be >0 to compute geomean
│ before │ after │
│ allocs/op │ allocs/op vs base │
Hash8Bytes/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum224 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum224-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum224-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum256 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum256-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8Bytes/Sum256-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum224 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum224-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum224-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum256 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum256-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1K/Sum256-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum224 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum224-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum224-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum256 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum256-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash8K/Sum256-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/Sum224 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/Sum224-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/Sum224-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/Sum256 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/Sum256-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash256K/Sum256-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/New 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/New-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/New-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/Sum224 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/Sum224-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/Sum224-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/Sum256 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/Sum256-2 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
Hash1M/Sum256-4 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=7) ¹
geomean ² +0.00% ²
¹ all samples are equal
² summaries must be >0 to compute geomean
Change-Id: I705f024221690532b2e891ab8e508d07eefe295b
Reviewed-on: https://go-review.googlesource.com/c/go/+/711843
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
addMulVVWx assembly routine is used to multiply bignum multiplicand with a 64-bit multiplier.
The new implementation for s390x architecture uses an algorithm based on vector instructions,
with a significant performance improvement.
Note: z13 is the minimum architecture for Go, which already has VX support.
The performance improvement is as below:
goos: linux
goarch: s390x
pkg: crypto/internal/fips140/bigmod
Orig.txt Vector_Patch.txt
sec/op sec/op vs base
ModAdd 164.1n ± 0% 159.7n ± 0% -2.7% (p=0.000 n=10)
ModSub 152.3n ± 1% 147.3n ± 0% -3.25 (p=0.000 n=10)
MontgomeryRepr 4.806µ ± 3% 1.829µ ± 0% -61.94% (p=0.000 n=10)
MontgomeryMul 4.812µ ± 5% 1.834µ ± 0% -61.90% (p=0.000 n=10)
ModMul 9.646µ ± 3% 3.698µ ± 0% -61.67% (p=0.000 n=10)
ExpBig 11.28m ± 0% 11.28m ± 0% +0.04 (p=0.035 n=10)
Exp 12.284m ± 5% 5.004m ± 1% -59.26 (p=0.000 n=10)
geomean 18.61µ 10.74µ -42.2
Change-Id: I679944c9dac9f43f1626b018f72efa6da0d2442d
Cq-Include-Trybots: luci.golang.try:gotip-linux-s390x
Reviewed-on: https://go-review.googlesource.com/c/go/+/716480
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Vishwanatha HD <vishwanatha.hd@ibm.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Srinivas Pokala <Pokala.Srinivas@ibm.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Consider a hypothetical SumCSHAKE256 function:
func SumCSHAKE256(N, S, data []byte, length int) []byte {
out := make([]byte, 64)
return sumCSHAKE256(out, N, S, data, length)
}
func sumCSHAKE256(out, N, S, data []byte, length int) []byte {
if len(out) < length {
out = make([]byte, length)
} else {
out = out[:length]
}
h := sha3.NewCSHAKE256(N, S)
h.Write(data)
h.Read(out)
return out
}
Currently this has 4 allocations:
- one for out (unless stack allocated),
- one for the SHAKE result of crypto/internal/fips140/sha3.newCShake,
- one for the initBlock allocation in crypto/internal/fips140/sha3.newCShake,
- one for the result of crypto/internal/fips140/sha3.bytepad.
We eliminate the SHAKE allocation by outlining the SHAKE allocation in
crypto/internal/fips140/sha3.NewCSHAKE128 and NewCSHAKE256. As
crypto/sha3.NewCSHAKE128 and NewCSHAKE256 immediately de-reference this
result, this allocation is eliminated.
We eliminate the bytepad allocation by instead writing the various
values directly with SHAKE.Write. Values passed to Write don't escape
and, with the exception of data (which is initBlock), all our Writes are
of fixed size allocations. We can't simply modify bytepad to return a
fixed size byte-slice as the length of data is not constant nor does it
have a reasonable upper bound.
We're stuck with the initBlock allocation because of the API (Reset and
the various marshallers), but we still net a substantial improvement.
benchstat output using the following benchmark:
func BenchmarkSumCSHAKE256(b *testing.B) {
N := []byte("N")
S := []byte("S")
data := []byte("testdata")
b.SetBytes(64)
for b.Loop() {
SumCSHAKE256(N, S, data, 64)
}
}
name old time/op new time/op delta
SumCSHAKE256-12 1.09µs ±20% 0.79µs ± 1% -27.41% (p=0.000 n=10+9)
name old speed new speed delta
SumCSHAKE256-12 59.8MB/s ±18% 81.0MB/s ± 1% +35.33% (p=0.000 n=10+9)
name old alloc/op new alloc/op delta
SumCSHAKE256-12 536B ± 0% 88B ± 0% -83.58% (p=0.000 n=10+10)
name old allocs/op new allocs/op delta
SumCSHAKE256-12 4.00 ± 0% 2.00 ± 0% -50.00% (p=0.000 n=10+10)
Updates #69982
Change-Id: If426ea8127c58f5ef062cf74712ec70fd26a7372
Reviewed-on: https://go-review.googlesource.com/c/go/+/636255
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Fixes #75300
Change-Id: I6a83e0d040dba3366819d2afff704f886a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/723560
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Check for invalid encodings and keys more systematically in
ParseRawPrivateKey/PrivateKey.Bytes,
ParseUncompressedPublicKey/PublicKey.Bytes, and
fips140/ecdsa.NewPrivateKey/NewPublicKey.
Also, use these functions throughout the codebase.
This should not change any observable behavior, because there were
multiple layers of checks and every path would hit at least one.
Change-Id: I6a6a46566c95de871a5a37996835a0e51495f1d8
Reviewed-on: https://go-review.googlesource.com/c/go/+/724000
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
|
|
Previously, we implemented ~quadratic name constraint checking, wherein
we would check every SAN against every respective constraint in the
chain. This is the technique _basically everyone_ implements, because
it's easy, but it requires also capping the total number of constraint
checking operations to prevent denial of service.
Instead, this change implements a log-linear checking technique, as
originally described by davidben@google.com with some minor
modifications. The comment at the top of crypto/x509/constraints.go
describes this technique in detail.
This technique is faster than the existing quadratic approach in all but
one specific case, where there are a large number of constraints but
only a single name, since our previous algorithm resolves to linear in
that case.
Change-Id: Icb761f5f9898c04e266c0d0c2b07ab2637f03418
Reviewed-on: https://go-review.googlesource.com/c/go/+/711421
Reviewed-by: Nicholas Husin <nsh@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
|
|
Make TestConstraintCases a bit clearer by adding actual subtest names,
mostly taken from the old comments. Also add a handful of extra test
cases.
Change-Id: Ie759d1ea85a353aeacab267bb6e175a90f20702c
Reviewed-on: https://go-review.googlesource.com/c/go/+/722481
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
|
|
Co-authored-by: Filippo Valsorda <filippo@golang.org>
Change-Id: I78968794d609a7b343e5affc141d8ba96a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/722260
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
|
|
This commit adds fields to the ClientHelloInfo and ConnectionState
structures to represent hello retry request state information.
ClientHelloInfo gains a new HelloRetryRequest bool field that indicates
if the client hello was sent in response to a TLS 1.3 hello retry
request message previously emitted by the server.
ConnectionState gains a new HelloRetryRequest bool field that indicates
(depending on the connection role) whether the client received a TLS 1.3
hello retry request message from the server, or whether the server sent
such a message to a client.
Fixes #74425
Change-Id: Ic1a5290b8a4ba1568da1d2c2cf9f148150955fa5
Reviewed-on: https://go-review.googlesource.com/c/go/+/717440
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
|
|
Fixes #75301
Change-Id: If953b4382499570d5437491036f91cbe4fec7c01
Reviewed-on: https://go-review.googlesource.com/c/go/+/723101
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Fixes #56866
Change-Id: Icc8f067820f5d74e0d5073bce160429e6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/723360
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
This commit integrates ML-DSA ACVP test coverage, describing the
capabilities of the crypto/internal/fips140/mldsa package and
adding the required command handlers to our ACVP module wrapper.
Change-Id: I2aee6f169752a6c6fec3a68591dde33e4f308081
Reviewed-on: https://go-review.googlesource.com/c/go/+/719703
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
I don't think we have good QUIC ECH tests. BoGo has some for this, but
I'm not sure how easy it would be to enable those for QUIC.
Fixes #76283
Change-Id: I0ffa535fd89a624b7f9bfd73441ce2a1683e0549
Reviewed-on: https://go-review.googlesource.com/c/go/+/720920
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
|
|
For #75154
Change-Id: Iee5a11ebea8c74b9abab4c077dc7990fe8f562dd
Reviewed-on: https://go-review.googlesource.com/c/go/+/718521
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: Mark Freeman <markfreeman@google.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
