feat: upgrade to go1.20.4 #17
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes #53198 Change-Id: I0c35fb278543bd487d19ae15c8175e88c45e2c1e GitHub-Last-Rev: a3e29d2332ad444cfa83c3412857952203738a2c GitHub-Pull-Request: golang/go#54216 Reviewed-on: https://go-review.googlesource.com/c/go/+/420935 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Keith Randall <khr@google.com> Run-TryBot: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
As it can't appear in user package paths. There is a hack for handling "go:buildid" and "type:*" on windows/386. Previously, windows/386 requires underscore prefix on external symbols, but that's only applied for SHOSTOBJ/SUNDEFEXT or cgo export symbols. "go.buildid" is STEXT, "type.*" is STYPE, thus they are not prefixed with underscore. In external linking mode, the external linker can't resolve them as external symbols. But we are lucky that they have "." in their name, so the external linker see them as Forwarder RVA exports. See: - https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#export-address-table - https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=ld/pe-dll.c;h=e7b82ba6ffadf74dc1b9ee71dc13d48336941e51;hb=HEAD#l972) This CL changes "." to ":" in symbols name, so theses symbols can not be found by external linker anymore. So a hacky way is adding the underscore prefix for these 2 symbols. I don't have enough knowledge to verify whether adding the underscore for all STEXT/STYPE symbols are fine, even if it could be, that would be done in future CL. Fixes #37762 Change-Id: I92eaaf24c0820926a36e0530fdb07b07af1fcc35 Reviewed-on: https://go-review.googlesource.com/c/go/+/317917 Reviewed-by: Than McIntosh <thanm@google.com> Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com> Reviewed-by: Cherry Mui <cherryyz@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
So we don't have to duplicate the logic to detect noopt builder in multiple places. Based on khr@'s suggestion in CL 422037. Change-Id: Idb338e8bc08cdf00460574bfc0d2f7018c79bbd5 Reviewed-on: https://go-review.googlesource.com/c/go/+/422038 Reviewed-by: Than McIntosh <thanm@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Keith Randall <khr@golang.org> Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Change the type of Conn.handshakeStatus from an atomically accessed uint32 to an atomic.Bool. Change its name to Conn.isHandshakeComplete to indicate it is a boolean value. Eliminate the handshakeComplete() helper function, which checks for equality with 1, in favor of the simpler c.isHandshakeComplete.Load(). Change-Id: I084c83956fff266e2145847e8645372bef6ae9df Reviewed-on: https://go-review.googlesource.com/c/go/+/422296 Auto-Submit: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org>
We use crypto/internal/edwards25519/field to implement X25519 directly, so that golang.org/x/crypto/curve25519 can be dropped from the src module dependencies, and eventually replaced with a crypto/ecdh wrapper, removing the need to keep golang.org/x/crypto/curve25519/internal/field in sync with crypto/internal/edwards25519/field. In crypto/internal/nistec, we add BytesX to serialize only the x coordinate, which we'll need for the horrible ECDSA x-coord-to-scalar operation, too. In crypto/tls, we replace the ECDHE implementation with crypto/ecdh, dropping the X25519 special cases and related scaffolding. Finally, FINALLY, we deprecate the ~white whale~ big.Int-based APIs of the crypto/elliptic package. •_•) ( •_•)>⌐■-■ (⌐■_■) Fixes #52182 Fixes #34648 Fixes #52221 Change-Id: Iccdda210319cc892e96bb28a0e7b7123551982c7 Reviewed-on: https://go-review.googlesource.com/c/go/+/398914 Reviewed-by: Fernando Lobato Meeser <felobato@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
If a program only uses ecdh.P256(), the implementation of the other curves shouldn't end up in the binary. This mostly required moving some operations from init() time. Small performance hit in uncompressed Bytes/SetBytes, but not big enough to show up in higher-level benchmarks. If it becomes a problem, we can fix it by pregenerating the p-1 bytes representation in generate.go. For #52182 Updates #52221 Change-Id: I64460973b59ee3df787d7e967a6c2bcbc114ba65 Reviewed-on: https://go-review.googlesource.com/c/go/+/402555 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Fernando Lobato Meeser <felobato@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org>
Change-Id: I86af2508a31ea1e79d362c22ff4fac8900536761 GitHub-Last-Rev: d2a1ddccbd32499d7c379941daff528e7f2017c3 GitHub-Pull-Request: golang/go#52328 Reviewed-on: https://go-review.googlesource.com/c/go/+/399829 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Daniel Martí <mvdan@mvdan.cc> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
This avoids an import conflict with crypto/subtle. CL 424175 does the same for x/crypto. Change-Id: Id4a319b3283b8affaaf769062388325b31fe1715 Reviewed-on: https://go-review.googlesource.com/c/go/+/424194 Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Auto-Submit: Russ Cox <rsc@golang.org>
Export cipher.xorBytes as subtle.XORBytes, for proposal #53021, to provide fast XOR to cryptography libraries outside crypto/cipher. Along with the move, implement the alignment check TODO in xor_generic.go, so that systems with neither unaligned accesses nor custom assembly can still XOR a word at a time in word-based algorithms like GCM. This removes the need for the separate cipher.xorWords. Fixes #53021. Change-Id: I58f80a922f1cff671b5ebc6168eb046e702b5a4c Reviewed-on: https://go-review.googlesource.com/c/go/+/421435 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Russ Cox <rsc@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Alan Donovan <adonovan@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org>
Generics lets us write Cache[K, V] instead of using unsafe.Pointer, which lets us remove all the uses of package unsafe around the uses of the cache. I tried to do Cache[*K, *V] instead of Cache[K, V] but that was not possible. Change-Id: If3b54cf4c8d2a44879a5f343fd91ecff096537e9 Reviewed-on: https://go-review.googlesource.com/c/go/+/423357 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Auto-Submit: Russ Cox <rsc@golang.org>
Following CL 424454, using command
rg --multiline " the\s{1,}the " *
rg --multiline " the\s{1,}//\s{1,}the " *
all the words "the" that are repeated in comments are found.
Change-Id: I60b769b98f04c927b4c228e10f37faf190964069
Reviewed-on: https://go-review.googlesource.com/c/go/+/423836
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Update the version of BoringCrypto to boringssl tag fips-20210429, for which FIPS approval is "in process". Add GOARCH=arm64 BoringCrypto support. Shuffle build to run as distinct steps in Docker so that we can rerun later parts like build-goboring.sh without rerunning all the setup. Strip unnecessary parts of the syso using --strip-unneeded, which cuts the amd64 syso from 10MB to 2.5MB. The new arm64 syso is 2MB, so even though we added a new architecture, we have half as much syso to distribute. Change-Id: I0f7327389a3a485b82577abea9153d006418298f Reviewed-on: https://go-review.googlesource.com/c/go/+/423362 Reviewed-by: Cherry Mui <cherryyz@google.com> Auto-Submit: Russ Cox <rsc@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Russ Cox <rsc@golang.org>
Fixes #49126 Change-Id: I9d6f6392b1a6748bdac1d2c6371b22d75829a2b6 Reviewed-on: https://go-review.googlesource.com/c/go/+/425295 Run-TryBot: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Alex Scheel <alex.scheel@hashicorp.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: David Chase <drchase@google.com>
MarshalPKIXPublicKey, CreateCertificate, CreateCertificateRequest, MarshalECPrivateKey, and MarshalPKCS8PrivateKey started raising a panic when encoding an invalid ECDSA key in Go 1.19. Since they have an error return value, they should return an error instead. Fixes #54288 Change-Id: Iba132cd2f890ece36bb7d0396eb9a9a77bdb81df Reviewed-on: https://go-review.googlesource.com/c/go/+/422298 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: David Chase <drchase@google.com>
This CL enable sha512 for arm64 and ~390% performance improvement. Contributed under the Go License with permission of Linaro by Carlos Eduardo Seo <carlos.seo@linaro.org> https://perf.golang.org/search?q=upload:20220526.18 Hash8Bytes/New 16.0MB/s ± 0% 61.3MB/s ± 0% +283.97% (p=0.000 n=9+9) Hash8Bytes/Sum384 16.4MB/s ± 0% 64.8MB/s ± 0% +295.31% (p=0.000 n=8+9) Hash8Bytes/Sum512 16.3MB/s ± 0% 64.2MB/s ± 0% +293.37% (p=0.000 n=10+10) Hash1K/New 252MB/s ± 0% 1217MB/s ± 0% +383.00% (p=0.000 n=9+10) Hash1K/Sum384 253MB/s ± 0% 1237MB/s ± 0% +389.25% (p=0.000 n=10+10) Hash1K/Sum512 253MB/s ± 0% 1231MB/s ± 0% +387.37% (p=0.000 n=10+8) Hash8K/New 284MB/s ± 0% 1405MB/s ± 2% +395.19% (p=0.000 n=9+8) Hash8K/Sum384 284MB/s ± 0% 1413MB/s ± 0% +397.76% (p=0.000 n=10+8) Hash8K/Sum512 284MB/s ± 0% 1411MB/s ± 0% +397.19% (p=0.000 n=10+10) Change-Id: I4476da23d8cd376bf1f75d946d6b0c58470df1b8 Reviewed-on: https://go-review.googlesource.com/c/go/+/180257 Reviewed-by: Carlos Eduardo Seo <carlos.seo@linaro.org> Reviewed-by: Ard Biesheuvel <ardb@google.com> Reviewed-by: Heschi Kreinick <heschi@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Meng Zhuo <mzh@golangcn.org> TryBot-Result: Gopher Robot <gobot@golang.org>
Change-Id: I73081b85e763122be1f5c0dbab25cecc9cf809df Reviewed-on: https://go-review.googlesource.com/c/go/+/426087 Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: xie cui <523516579@qq.com> Reviewed-by: Benny Siegert <bsiegert@gmail.com>
…ingData} Updates #54854 Change-Id: I8a64a1176cbe16489e1fd21c66a7abc7d8b8e9b3 Reviewed-on: https://go-review.googlesource.com/c/go/+/428154 Run-TryBot: Bryan Mills <bcmills@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Bryan Mills <bcmills@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com>
Change-Id: Ib6196f01b1927ea8a84c095f445320f03a514dd1 Reviewed-on: https://go-review.googlesource.com/c/go/+/429796 Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com>
Replace custom append functions in the hash functions with the implementation of the encoding/binary package that do the same thing. The binary bigendian functions are already used in other parts of the code in the crypto package. Change-Id: I76d2dbe143fc72a3b4ac06be312caf72bd71378a GitHub-Last-Rev: 1c6c68279efbe2c5835d82db900f607c7bf36836 GitHub-Pull-Request: golang/go#55085 Reviewed-on: https://go-review.googlesource.com/c/go/+/431035 Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Keith Randall <khr@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com>
Change-Id: I5b063070a17bdeed57e73bfb76125b94268b3bc9 Reviewed-on: https://go-review.googlesource.com/c/go/+/426088 Run-TryBot: Michael Pratt <mpratt@google.com> Auto-Submit: Michael Pratt <mpratt@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Change-Id: I40fdfbd5cfb9f5ccb80d55bca28ff9ba1ec490f3 Reviewed-on: https://go-review.googlesource.com/c/go/+/435285 Run-TryBot: Ian Lance Taylor <iant@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
Fix the coversion between our sentinel salt length variables and the BoringSSL versions in SignRSAPSS. We previously set -1 (hash length equals salt length) when 0 was passed when we should've been setting -2. This now matches the conversion that happens in VerifyRSAPSS. Also adds a note documenting why we do this. Additionally in non-Boring mode, properly handle passing of salt lengths with a negative value which aren't one of the magic constants, returning an error instead of panicking. See https://commondatastorage.googleapis.com/chromium-boringssl-docs/rsa.h.html#RSA_sign_pss_mgf1 for the BoringSSL docs. Fixes #54803 Change-Id: Id1bd14dcf0ef4733867367257830ed43e25ef882 Reviewed-on: https://go-review.googlesource.com/c/go/+/426659 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Roland Shoemaker <roland@golang.org>
Change-Id: I92e110023739c6f8f7815c7e47ad7639c4e8812d Reviewed-on: https://go-review.googlesource.com/c/go/+/435279 Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: xie cui <523516579@qq.com>
Change-Id: I022a221e2d73cd8c70e8e04b7046c388748646a5 Reviewed-on: https://go-review.googlesource.com/c/go/+/435696 Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Robert Griesemer <gri@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Robert Griesemer <gri@google.com> Run-TryBot: Robert Griesemer <gri@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
Change-Id: I06f85f78c4c802142fc9207b100753decd568274 GitHub-Last-Rev: 4ad4c0f5e93df9ea83deb86b814167e661bba0ff GitHub-Pull-Request: golang/go#55945 Reviewed-on: https://go-review.googlesource.com/c/go/+/436639 Run-TryBot: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
For #53821 Change-Id: I1b5c62288eca20ff50f6d8d979cf82df24d4545b GitHub-Last-Rev: 266148570a6465b8a43e04b39b1ebf85d80fcc76 GitHub-Pull-Request: golang/go#54884 Reviewed-on: https://go-review.googlesource.com/c/go/+/428477 Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@google.com> Run-TryBot: Cherry Mui <cherryyz@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
SecCreatePolicySSL returns null when called from a binary that has a strange path. This seems to be a weirdo macos bug, but we should be properly handling those null returns anyway. Also add handling for SecTrustGetCertificateAtIndex. Fixes #54590 Change-Id: I251e74f3b0bf65890a80b094b3e88718e13fd3db Reviewed-on: https://go-review.googlesource.com/c/go/+/438135 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Roland Shoemaker <roland@golang.org>
Change-Id: I375233dc700adbc58a6d4af995d07b352bf85b11 GitHub-Last-Rev: ef129205231b892f61b0135c87bb791a5e1a126c GitHub-Pull-Request: golang/go#55994 Reviewed-on: https://go-review.googlesource.com/c/go/+/437715 Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Keith Randall <khr@google.com>
The package doc included the copying header by mistake. Change-Id: I37ac2d14b1b8a389e6b603fbb1c6a3a33b1d80d6 Reviewed-on: https://go-review.googlesource.com/c/go/+/440456 Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Joedian Reid <joedian@golang.org>
This minimizes addi usage inside vector heavy loops. This results in a small performance uptick on P9 ppc64le/linux. Likewise, cleanup some minor whitespace issues around comments. The implementation from crypto/sha256 is also shared with notsha256. It is copied, but preserves notsha256's go:build directives. They are otherwise identical now. Previously, bootstrap restrictions required workarounds to support XXLOR on older toolchains. This is not needed anymore as the minimum bootstrap (1.17) compiler will support XXLOR. name old speed new speed delta Hash8Bytes/New 28.8MB/s ± 0% 30.5MB/s ± 0% +5.98% Hash8Bytes/Sum224 29.5MB/s ± 0% 31.3MB/s ± 0% +6.17% Hash8Bytes/Sum256 29.5MB/s ± 0% 31.2MB/s ± 0% +5.80% Hash1K/New 287MB/s ± 0% 312MB/s ± 0% +8.60% Hash1K/Sum224 289MB/s ± 0% 312MB/s ± 0% +7.99% Hash1K/Sum256 289MB/s ± 0% 312MB/s ± 0% +7.98% Hash8K/New 313MB/s ± 0% 338MB/s ± 0% +8.12% Hash8K/Sum224 313MB/s ± 0% 338MB/s ± 0% +8.20% Hash8K/Sum256 313MB/s ± 0% 338MB/s ± 0% +8.12% Change-Id: Ib386d6306673b4e6553ee745ec2e1b53a9722df1 Reviewed-on: https://go-review.googlesource.com/c/go/+/441815 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: Lynn Boger <laboger@linux.vnet.ibm.com> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Archana Ravindar <aravind5@in.ibm.com> Run-TryBot: Paul Murphy <murp@ibm.com>
With this change, we are down to 1.2x the running time of the previous variable time implementation. name old time/op new time/op delta DecryptPKCS1v15/2048-4 1.37ms ± 0% 1.61ms ± 0% +17.54% (p=0.000 n=18+10) DecryptPKCS1v15/3072-4 3.99ms ± 1% 5.46ms ± 1% +36.64% (p=0.000 n=20+10) DecryptPKCS1v15/4096-4 8.95ms ± 1% 12.04ms ± 0% +34.53% (p=0.000 n=20+10) EncryptPKCS1v15/2048-4 9.24µs ± 7% 223.34µs ± 0% +2317.67% (p=0.000 n=20+9) DecryptOAEP/2048-4 1.38ms ± 1% 1.62ms ± 0% +17.31% (p=0.000 n=20+10) EncryptOAEP/2048-4 11.5µs ± 6% 225.4µs ± 0% +1851.82% (p=0.000 n=20+10) SignPKCS1v15/2048-4 1.38ms ± 0% 1.68ms ± 0% +21.25% (p=0.000 n=20+9) VerifyPKCS1v15/2048-4 8.75µs ±11% 221.94µs ± 0% +2435.02% (p=0.000 n=20+9) SignPSS/2048-4 1.39ms ± 1% 1.68ms ± 0% +21.18% (p=0.000 n=20+10) VerifyPSS/2048-4 11.1µs ± 8% 224.7µs ± 0% +1917.03% (p=0.000 n=20+8) Change-Id: I2a91ba99fcd0f86f2b5191d17170da755d7c4690 Reviewed-on: https://go-review.googlesource.com/c/go/+/452095 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>
crypto/sha512:
name old time/op new time/op delta
Hash8Bytes/New-32 297ns ± 1% 288ns ± 1% -3.09% (p=0.000 n=10+10)
Hash8Bytes/Sum384-32 288ns ± 1% 282ns ± 1% -2.16% (p=0.000 n=10+9)
Hash8Bytes/Sum512-32 287ns ± 1% 278ns ± 1% -3.18% (p=0.000 n=9+10)
Hash1K/New-32 2.12µs ± 0% 2.11µs ± 1% ~ (p=0.189 n=9+10)
Hash1K/Sum384-32 2.13µs ± 1% 2.11µs ± 1% -1.07% (p=0.006 n=10+10)
Hash1K/Sum512-32 2.12µs ± 1% 2.11µs ± 1% ~ (p=0.209 n=10+10)
Hash8K/New-32 14.9µs ± 1% 14.9µs ± 1% ~ (p=0.469 n=10+10)
Hash8K/Sum384-32 15.0µs ± 1% 14.9µs ± 1% ~ (p=0.725 n=10+10)
Hash8K/Sum512-32 14.9µs ± 1% 15.0µs ± 1% ~ (p=0.684 n=10+10)
crypto/sha256:
name old time/op new time/op delta
Hash8Bytes/New-32 190ns ± 1% 188ns ± 2% -1.23% (p=0.002 n=10+10)
Hash8Bytes/Sum224-32 198ns ± 1% 190ns ± 1% -4.07% (p=0.000 n=10+10)
Hash8Bytes/Sum256-32 196ns ± 1% 183ns ± 1% -6.33% (p=0.000 n=10+10)
Hash1K/New-32 2.35µs ± 1% 2.35µs ± 2% ~ (p=0.897 n=10+10)
Hash1K/Sum224-32 2.38µs ± 1% 2.38µs ± 2% ~ (p=0.363 n=10+10)
Hash1K/Sum256-32 2.38µs ± 1% 2.37µs ± 1% ~ (p=0.203 n=10+9)
Hash8K/New-32 17.3µs ± 1% 17.3µs ± 1% ~ (p=0.971 n=10+10)
Hash8K/Sum224-32 17.6µs ± 1% 17.6µs ± 1% ~ (p=0.726 n=10+10)
Hash8K/Sum256-32 17.6µs ± 2% 17.6µs ± 1% ~ (p=0.541 n=10+10)
crypto/sha1:
name old time/op new time/op delta
Hash8Bytes/New-32 140ns ± 2% 134ns ± 1% -4.26% (p=0.000 n=10+10)
Hash8Bytes/Sum-32 136ns ± 1% 132ns ± 1% -2.41% (p=0.000 n=10+10)
Hash320Bytes/New-32 552ns ± 1% 550ns ± 1% ~ (p=0.211 n=10+9)
Hash320Bytes/Sum-32 559ns ± 1% 560ns ± 2% ~ (p=0.477 n=9+9)
Hash1K/New-32 1.15µs ± 1% 1.15µs ± 1% ~ (p=0.588 n=9+10)
Hash1K/Sum-32 1.16µs ± 2% 1.15µs ± 1% ~ (p=0.078 n=10+10)
Hash8K/New-32 7.53µs ± 1% 7.58µs ± 3% ~ (p=0.382 n=10+10)
Hash8K/Sum-32 7.54µs ± 1% 7.55µs ± 1% ~ (p=0.404 n=10+10)
Change-Id: I3fc06c9009f2eabc739102c14648ef93ea6783b4
Reviewed-on: https://go-review.googlesource.com/c/go/+/436917
Reviewed-by: Cherry Mui <cherryyz@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
VerifyASN1 became directly reachable without encoding/decoding in CL 353849, so it's now possible for the signature to be empty. Change-Id: I37d6400945ab541120180bf73335e0ec93322947 Reviewed-on: https://go-review.googlesource.com/c/go/+/452635 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Bryan Mills <bcmills@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
These should be marked deprecated, but that needs a (likely quick) proposal review. The proposal is #56921. Change-Id: I013a913a7f5196a341e2dd5f49c2687c26ee8331 Reviewed-on: https://go-review.googlesource.com/c/go/+/453257 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Russ Cox <rsc@golang.org>
These should be deprecated, but per go.dev/wiki/Deprecated, that should only happen two releases after the replacement is available (so Go 1.22). The deprecation of this package was part of the discussion of proposal #52221. All that remains is waiting for the new package to be widely available. Change-Id: I580a4af6514eb77d7ec31b443d07259a4a2cf030 Reviewed-on: https://go-review.googlesource.com/c/go/+/453256 Reviewed-by: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Russ Cox <rsc@golang.org>
CL 353849 removed validation of signature parameters being passed to Verify which led to two distinct problems. If passed a R or S == 0, encodeSignature would panic since it expects them to be non-zero. encodeSignature would also normalize (i.e. make non-negative) parameters by zero padding them, which would result in a signature being passed to VerifyASN1 which did not match the input signature, resulting in success in cases where it should've failed. This change re-adds the verification that 0 < r,s < N before calling ecnodeSignature. This was caught because tink runs the wycheproof ECDSA vectors against Verify, where we only run the vectors against VerifyASN1. We should be doing both. Change-Id: I1dcf41626b4df2b43296e8b878dc607ff316a892 Reviewed-on: https://go-review.googlesource.com/c/go/+/453675 Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Than McIntosh <thanm@google.com> Run-TryBot: Roland Shoemaker <roland@golang.org>
Include hint from isValid, as well as CheckSignatureFrom. Change-Id: I408f73fc5f12572f1937da50be7fa3e1109164b0 Reviewed-on: https://go-review.googlesource.com/c/go/+/454477 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com>
The comment copy pasted from the permuteInitialBlock and should be fixed. Change-Id: I101f1deceadf9b0480e5b679e4e237bda601950b GitHub-Last-Rev: 7662df772e4ac171c79467678861ac4d7547da78 GitHub-Pull-Request: golang/go#56982 Reviewed-on: https://go-review.googlesource.com/c/go/+/453995 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Russ Cox <rsc@golang.org>
On macOS return the error code from SecTrustEvaluateWithError, and use it to create typed errors that can be returned from Verify. Fixes #56891 Change-Id: Ib597ce202abb60702f730e75da583894422e4c14 Reviewed-on: https://go-review.googlesource.com/c/go/+/452620 Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Add the text from dev.boringcrypto's README making clear what this code is and that it is unsupported. Change-Id: Ie49e8ccff10436f5d27ed422f159b4899193c9a5 Reviewed-on: https://go-review.googlesource.com/c/go/+/460515 Reviewed-by: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Than McIntosh <thanm@google.com> Run-TryBot: Russ Cox <rsc@golang.org>
Change-Id: Idcea184a5b0c205efd3c91c60b5d954424f37679 Reviewed-on: https://go-review.googlesource.com/c/go/+/460540 Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Heschi Kreinick <heschi@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
…ow-level APIs In particular, CheckSignatureFrom just can't check the path length limit, because it might be enforced above the parent. We don't need to document the supported signature algorithms for CheckSignatureFrom, since we document at the constants in what contexts they are allowed and not. That does leave CheckSignature ambiguous, though, because that function doesn't have an explicit context. Change-Id: I4c107440a93f60bc0de07df2b7efeb1a4a766da0 Reviewed-on: https://go-review.googlesource.com/c/go/+/460537 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
Change-Id: Ic215a90d1e1daa5805dbab1dc56480281e53b341 Reviewed-on: https://go-review.googlesource.com/c/go/+/459975 Auto-Submit: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
Message marshalling makes use of BytesOrPanic a lot, under the assumption that it will never panic. This assumption was incorrect, and specifically crafted handshakes could trigger panics. Rather than just surgically replacing the usages of BytesOrPanic in paths that could panic, replace all usages of it with proper error returns in case there are other ways of triggering panics which we didn't find. In one specific case, the tree routed by expandLabel, we replace the usage of BytesOrPanic, but retain a panic. This function already explicitly panicked elsewhere, and returning an error from it becomes rather painful because it requires changing a large number of APIs. The marshalling is unlikely to ever panic, as the inputs are all either fixed length, or already limited to the sizes required. If it were to panic, it'd likely only be during development. A close inspection shows no paths for a user to cause a panic currently. This patches ends up being rather large, since it requires routing errors back through functions which previously had no error returns. Where possible I've tried to use helpers that reduce the verbosity of frequently repeated stanzas, and to make the diffs as minimal as possible. Thanks to Marten Seemann for reporting this issue. Updates #58001 Fixes #58359 Fixes CVE-2022-41724 Change-Id: Ieb55867ef0a3e1e867b33f09421932510cb58851 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1679436 Reviewed-by: Julie Qiu <julieqiu@google.com> TryBot-Result: Security TryBots <security-trybots@go-security-trybots.iam.gserviceaccount.com> Run-TryBot: Roland Shoemaker <bracewell@google.com> Reviewed-by: Damien Neil <dneil@google.com> (cherry picked from commit 1d4e6ca9454f6cf81d30c5361146fb5988f1b5f6) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1728205 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/468121 Reviewed-by: Than McIntosh <thanm@google.com> Auto-Submit: Michael Pratt <mpratt@google.com> TryBot-Bypass: Michael Pratt <mpratt@google.com> Run-TryBot: Michael Pratt <mpratt@google.com>
Unlike the rest of nistec, the P-256 assembly doesn't use complete addition formulas, meaning that p256PointAdd[Affine]Asm won't return the correct value if the two inputs are equal. This was (undocumentedly) ignored in the scalar multiplication loops because as long as the input point is not the identity and the scalar is lower than the order of the group, the addition inputs can't be the same. As part of the math/big rewrite, we went however from always reducing the scalar to only checking its length, under the incorrect assumption that the scalar multiplication loop didn't require reduction. Added a reduction, and while at it added it in P256OrdInverse, too, to enforce a universal reduction invariant on p256OrdElement values. Note that if the input point is the infinity, the code currently still relies on undefined behavior, but that's easily tested to behave acceptably, and will be addressed in a future CL. Updates #58647 Fixes #58720 Fixes CVE-2023-24532 (Filed with the "safe APIs like complete addition formulas are good" dept.) Change-Id: I7b2c75238440e6852be2710fad66ff1fdc4e2b24 Reviewed-on: https://go-review.googlesource.com/c/go/+/471255 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Damien Neil <dneil@google.com> (cherry picked from commit 203e59ad41bd288e1d92b6f617c2f55e70d3c8e3) Reviewed-on: https://go-review.googlesource.com/c/go/+/471695 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org>
…ves in ECDH Return an explicit error when PrivateKey.ECDH is called with a PublicKey which uses a different Curve. Also document this requirement, even though it is perhaps obvious. Updates #58131. Fixes #58498. Change-Id: I739181a3f1283bed14fb5ee7eb78658b854d28d8 Reviewed-on: https://go-review.googlesource.com/c/go/+/464335 Reviewed-by: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Auto-Submit: Roland Shoemaker <roland@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> (cherry picked from commit 67d8916d551d22f5376e0be71d3922c9d63eaa6a) Reviewed-on: https://go-review.googlesource.com/c/go/+/471602 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
…s noescape I had forgotten, which caused amd64 allocations to go back up significantly. Added an allocations test. name old time/op new time/op delta DecryptPKCS1v15/2048-8 1.50ms ± 0% 1.48ms ± 0% -0.95% (p=0.000 n=9+10) DecryptPKCS1v15/3072-8 4.64ms ± 1% 4.60ms ± 0% -0.82% (p=0.000 n=8+10) DecryptPKCS1v15/4096-8 10.7ms ± 0% 10.6ms ± 1% -0.99% (p=0.000 n=10+10) EncryptPKCS1v15/2048-8 158µs ± 0% 157µs ± 0% -0.63% (p=0.000 n=10+10) DecryptOAEP/2048-8 1.50ms ± 0% 1.48ms ± 0% -1.09% (p=0.000 n=9+10) EncryptOAEP/2048-8 161µs ± 0% 160µs ± 0% -0.34% (p=0.000 n=9+10) SignPKCS1v15/2048-8 1.55ms ± 0% 1.53ms ± 1% -1.32% (p=0.000 n=10+10) VerifyPKCS1v15/2048-8 157µs ± 0% 157µs ± 0% -0.33% (p=0.004 n=9+10) SignPSS/2048-8 1.55ms ± 0% 1.54ms ± 0% -1.14% (p=0.000 n=10+10) VerifyPSS/2048-8 160µs ± 0% 160µs ± 0% -0.32% (p=0.000 n=10+10) name old alloc/op new alloc/op delta DecryptPKCS1v15/2048-8 15.0kB ± 0% 0.6kB ± 0% -95.74% (p=0.000 n=10+10) DecryptPKCS1v15/3072-8 17.9kB ± 0% 3.5kB ± 0% -80.65% (p=0.000 n=10+10) DecryptPKCS1v15/4096-8 19.1kB ± 0% 4.7kB ± 0% -75.25% (p=0.000 n=10+10) EncryptPKCS1v15/2048-8 7.51kB ± 0% 1.17kB ± 0% -84.39% (p=0.000 n=10+10) DecryptOAEP/2048-8 15.3kB ± 0% 0.9kB ± 0% -94.29% (p=0.000 n=10+10) EncryptOAEP/2048-8 7.74kB ± 0% 1.40kB ± 0% -81.86% (p=0.000 n=10+10) SignPKCS1v15/2048-8 21.6kB ± 0% 0.9kB ± 0% -95.86% (p=0.000 n=10+10) VerifyPKCS1v15/2048-8 7.25kB ± 0% 0.91kB ± 0% -87.42% (p=0.000 n=10+10) SignPSS/2048-8 22.0kB ± 0% 1.3kB ± 0% -94.12% (p=0.000 n=10+10) VerifyPSS/2048-8 7.46kB ± 0% 1.12kB ± 0% -84.98% (p=0.000 n=10+10) name old allocs/op new allocs/op delta DecryptPKCS1v15/2048-8 54.0 ± 0% 4.0 ± 0% -92.59% (p=0.000 n=10+10) DecryptPKCS1v15/3072-8 60.0 ± 0% 10.0 ± 0% -83.33% (p=0.000 n=10+10) DecryptPKCS1v15/4096-8 60.0 ± 0% 10.0 ± 0% -83.33% (p=0.000 n=10+10) EncryptPKCS1v15/2048-8 29.0 ± 0% 7.0 ± 0% -75.86% (p=0.000 n=10+10) DecryptOAEP/2048-8 60.0 ± 0% 10.0 ± 0% -83.33% (p=0.000 n=10+10) EncryptOAEP/2048-8 35.0 ± 0% 13.0 ± 0% -62.86% (p=0.000 n=10+10) SignPKCS1v15/2048-8 77.0 ± 0% 5.0 ± 0% -93.51% (p=0.000 n=10+10) VerifyPKCS1v15/2048-8 28.0 ± 0% 6.0 ± 0% -78.57% (p=0.000 n=10+10) SignPSS/2048-8 82.0 ± 0% 10.0 ± 0% -87.80% (p=0.000 n=10+10) VerifyPSS/2048-8 33.0 ± 0% 11.0 ± 0% -66.67% (p=0.000 n=10+10) Updates #58501. Fixes #58505. Change-Id: I418c5152833787b80220b556336ec284674c2493 Reviewed-on: https://go-review.googlesource.com/c/go/+/460542 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Michael Pratt <mpratt@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> (cherry picked from commit ed370d8720750ad670564079b1e0bcf74f75dd3a) Reviewed-on: https://go-review.googlesource.com/c/go/+/471855 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Updates #58789. Fixes #58793. Change-Id: I91cdd20c6d4f05baaacd6a38717aa7bed6682573 Reviewed-on: https://go-review.googlesource.com/c/go/+/472155 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com> (cherry picked from commit ec26277aecfba112089b1bb54b522bf062059e22) Reviewed-on: https://go-review.googlesource.com/c/go/+/472415 Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
…ntermediate handling On Windows, replace tests which rely on a root that expired last year. On Darwin fix an test which wasn't testing the expected behavior, and fix the behavior which was broken. Updates #58791 Fixes #58811 Change-Id: I771175b9e123b8bb0e4efdf58cc2bb93aa94fbae Reviewed-on: https://go-review.googlesource.com/c/go/+/472295 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Bryan Mills <bcmills@google.com> Run-TryBot: Roland Shoemaker <roland@golang.org> (cherry picked from commit bb8f9a6ae66d742cb67b4ad444179905a537de00) Reviewed-on: https://go-review.googlesource.com/c/go/+/472616 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Convert TestUnknownAuthorityError to use subtests, avoiding continuing the test after an unrecoverable failure. Skip TestIssue51759 on pre-macOS 11 builders, which don't enforce the behavior we were testing for. Also only enable the test on builders. Updates #58791 Updates #58812 Fixes #58811 Change-Id: I4e3e5bc371aa139d38052184c8232f8cb564138f Reviewed-on: https://go-review.googlesource.com/c/go/+/472496 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> (cherry picked from commit cf3d0655f8ca2de555549f6e8a91bf8654da7e6c) Reviewed-on: https://go-review.googlesource.com/c/go/+/472618 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
…rd size is 0 Casting to a *uintptr is not ok if there isn't at least 8 bytes of data backing that pointer (on 64-bit archs). So although we end up making a slice of 0 length with that pointer, the cast itself doesn't know that. Instead, bail early if the result is going to be 0 length. Fixes #59336 Change-Id: Id3c0e09d341d838835c0382cccfb0f71dc3dc7e6 Reviewed-on: https://go-review.googlesource.com/c/go/+/480575 Run-TryBot: Keith Randall <khr@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Matthew Dempsky <mdempsky@google.com> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Bryan Mills <bcmills@google.com> (cherry picked from commit 297cf6dd31bd99fc4ccda320aa3d4faf290ab278) Reviewed-on: https://go-review.googlesource.com/c/go/+/481238 Reviewed-by: Keith Randall <khr@google.com> Auto-Submit: Michael Knyszek <mknyszek@google.com> Run-TryBot: Michael Knyszek <mknyszek@google.com>
When server and client have mismatch in curve preference, the server will send HelloRetryRequest during TLSv1.3 PSK resumption. There was a bug introduced by Go1.19.6 or later and Go1.20.1 or later, that makes the client calculate the PSK binder hash incorrectly. Server will reject the TLS handshake by sending alert: invalid PSK binder. For #59424. Fixes #59540. Change-Id: I2ca8948474275740a36d991c057b62a13392dbb9 GitHub-Last-Rev: 1aad9bcf27f563449c1a7ed6d0dd1d247cc65713 GitHub-Pull-Request: golang/go#59425 Reviewed-on: https://go-review.googlesource.com/c/go/+/481955 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> (cherry picked from commit 2c70690451f1484607a9172a4c24f78ae832dcb0) Reviewed-on: https://go-review.googlesource.com/c/go/+/488055 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
bassosimone
commented
May 29, 2023
| @@ -1483,3 +1493,18 @@ func isSupportedSignatureAlgorithm(sigAlg SignatureScheme, supportedSignatureAlg | |||
| } | |||
| return false | |||
| } | |||
|
|
|||
| // CertificateVerificationError is returned when certificate verification fails during the handshake. | |||
There was a problem hiding this comment.
I am wondering whether this means we could simplify how we handle TLS handshake certificate errors.
OTOH, the current code allows us to distinguish why the verification failed and there's Unwrap, so the current code is most likely fine.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request updates oocrypto to use go1.20.4. After this pull request is merged, one must use go1.20.x (preferably go1.20.4) to build oocrypto. The diff between our tree and upstream is provided below.
golang-1.20.4-vs-oocrypto.patch
I have also read each commit that I am about to merge and I think it's safe to merge and go ahead.
Part of ooni/probe#2478 and ooni/probe#2417.