]> Cypherpunks repositories - gostls13.git/log
gostls13.git
11 months agocmd/go: add GOFIPS140 snapshot support
Russ Cox [Sun, 17 Nov 2024 21:55:51 +0000 (16:55 -0500)]
cmd/go: add GOFIPS140 snapshot support

GOFIPS140 does two things: (1) control whether to build binaries that
run in FIPS-140 mode by default, and (2) control which version of the
crypto/internal/fips source tree to use during a build.

This CL implements part (2). The older snapshot source trees are
stored in GOROOT/lib/fips140 in module-formatted zip files,
even though crypto/internal/fips is not technically a module.
(Reusing the module packing and unpacking code avoids reinventing it.)

See cmd/go/internal/fips/fips.go for an overview.

The documentation for GOFIPS140 is in a follow-up CL.

For #70200.

Change-Id: I73a610fd2c9ff66d0cced37d51acd8053497238e
Reviewed-on: https://go-review.googlesource.com/c/go/+/629201
Reviewed-by: Michael Matloob <matloob@golang.org>
Auto-Submit: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agointernal/bytealg: optimize IndexByte for riscv64
Mark Ryan [Fri, 2 Feb 2024 14:02:05 +0000 (15:02 +0100)]
internal/bytealg: optimize IndexByte for riscv64

The existing implementations of IndexByte and IndexByteString for
riscv64 are very simplistic.  They load and compare a single byte at
a time in a tight loop.  It's possible to improve performance in the
general case by loading and checking 8 bytes at a time.  This is
achieved using the 'Determine if a word has a byte equal to n' bit
hack from https://graphics.stanford.edu/~seander/bithacks.html.

We broadcast the byte we're looking for across a 64 bit register,
let v be the result of xoring that register with 8 bytes loaded
from the buffer and then use the formula,

(((v) - 0x0101010101010101UL) & ~(v) & 0x8080808080808080UL)

which evaluates to true if any one of the bytes in v is 0, i.e,
matches the byte we're looking for.  We then just need to figure
out which byte out of the 8 it is to return the correct index.

This change generally improves performance when the byte we're
looking for is not in the first 24 bytes of the buffer and degrades
performance slightly when it is.

Some example benchmarks results from the bytes and strings package
are presented below.  These were generated on a VisionFive2 running
Ubuntu 24.04.

Subset of bytes Index benchmarks

IndexByte/10                   46.49n ± 0%   44.08n ± 0%   -5.19% (p=0.000 n=10)
IndexByte/32                   75.98n ± 0%   67.90n ± 0%  -10.63% (p=0.000 n=10)
IndexByte/4K                   5.512µ ± 0%   2.113µ ± 0%  -61.67% (p=0.000 n=10)
IndexByte/4M                   7.354m ± 0%   3.218m ± 0%  -56.24% (p=0.000 n=10)
IndexByte/64M                  90.15m ± 0%   33.86m ± 0%  -62.44% (p=0.000 n=10)
IndexBytePortable/10           50.41n ± 0%   54.92n ± 1%   +8.94% (p=0.000 n=10)
IndexBytePortable/32           111.9n ± 0%   115.5n ± 0%   +3.22% (p=0.000 n=10)
IndexBytePortable/4K           10.99µ ± 0%   10.99µ ± 0%   +0.04% (p=0.000 n=10)
IndexBytePortable/4M           11.24m ± 0%   11.24m ± 0%        ~ (p=0.218 n=10)
IndexBytePortable/64M          179.8m ± 0%   179.8m ± 0%   +0.01% (p=0.001 n=10)
IndexRune/10                   104.2n ± 0%   104.4n ± 0%   +0.19% (p=0.000 n=10)
IndexRune/32                   133.7n ± 0%   139.3n ± 0%   +4.23% (p=0.000 n=10)
IndexRune/4K                   5.573µ ± 0%   2.184µ ± 0%  -60.81% (p=0.000 n=10)
IndexRune/4M                   5.634m ± 0%   2.112m ± 0%  -62.51% (p=0.000 n=10)
IndexRune/64M                  90.19m ± 0%   33.87m ± 0%  -62.45% (p=0.000 n=10)
IndexRuneASCII/10              50.42n ± 2%   47.14n ± 0%   -6.52% (p=0.000 n=10)
IndexRuneASCII/32              79.64n ± 1%   70.39n ± 0%  -11.61% (p=0.000 n=10)
IndexRuneASCII/4K              5.516µ ± 0%   2.115µ ± 0%  -61.66% (p=0.000 n=10)
IndexRuneASCII/4M              5.634m ± 0%   2.112m ± 0%  -62.51% (p=0.000 n=10)
IndexRuneASCII/64M             90.16m ± 0%   33.86m ± 0%  -62.44% (p=0.000 n=10)
IndexRuneUnicode/Latin/10      82.14n ± 0%   82.07n ± 0%   -0.09% (p=0.000 n=10)
IndexRuneUnicode/Latin/32      111.6n ± 0%   117.1n ± 0%   +4.93% (p=0.000 n=10)
IndexRuneUnicode/Latin/4K      6.222µ ± 0%   3.429µ ± 0%  -44.89% (p=0.000 n=10)
IndexRuneUnicode/Latin/4M      8.189m ± 0%   4.706m ± 0%  -42.53% (p=0.000 n=10)
IndexRuneUnicode/Latin/64M     171.8m ± 2%   105.8m ± 0%  -38.44% (p=0.000 n=10)
IndexRuneUnicode/Cyrillic/10   89.69n ± 0%   89.67n ± 0%   -0.02% (p=0.000 n=10)
IndexRuneUnicode/Cyrillic/32   119.1n ± 0%   124.1n ± 0%   +4.20% (p=0.000 n=10)
IndexRuneUnicode/Cyrillic/4K   8.002µ ± 0%   6.232µ ± 0%  -22.12% (p=0.000 n=10)
IndexRuneUnicode/Cyrillic/4M   9.501m ± 0%   7.510m ± 0%  -20.95% (p=0.000 n=10)
IndexRuneUnicode/Cyrillic/64M  186.5m ± 0%   150.3m ± 0%  -19.41% (p=0.000 n=10)
IndexRuneUnicode/Han/10        117.8n ± 0%   118.1n ± 0%   +0.25% (p=0.000 n=10)
IndexRuneUnicode/Han/32        151.5n ± 0%   154.0n ± 0%   +1.65% (p=0.000 n=10)
IndexRuneUnicode/Han/4K        6.664µ ± 0%   4.125µ ± 0%  -38.11% (p=0.000 n=10)
IndexRuneUnicode/Han/4M        8.526m ± 0%   5.502m ± 0%  -35.46% (p=0.000 n=10)
IndexRuneUnicode/Han/64M       171.8m ± 1%   112.2m ± 0%  -34.68% (p=0.000 n=10)
Index/10                       199.3n ± 1%   199.4n ± 0%        ~ (p=1.000 n=10)
Index/32                       547.7n ± 0%   547.3n ± 0%   -0.08% (p=0.001 n=10)
Index/4K                       38.62µ ± 0%   38.62µ ± 0%   -0.01% (p=0.023 n=10)
Index/4M                       40.46m ± 0%   40.45m ± 0%        ~ (p=0.105 n=10)
Index/64M                      648.5m ± 0%   648.4m ± 0%        ~ (p=1.000 n=10)
IndexEasy/10                   70.25n ± 0%   70.92n ± 0%   +0.95% (p=0.000 n=10)
IndexEasy/32                  104.60n ± 0%   95.67n ± 0%   -8.54% (p=0.000 n=10)
IndexEasy/4K                   5.544µ ± 0%   2.142µ ± 0%  -61.36% (p=0.000 n=10)
IndexEasy/4M                   7.354m ± 0%   3.213m ± 0%  -56.32% (p=0.000 n=10)
IndexEasy/64M                 114.93m ± 2%   52.61m ± 0%  -54.22% (p=0.000 n=10)
IndexHard1                     10.09m ± 0%   10.09m ± 0%        ~ (p=0.393 n=10)
IndexHard2                     10.09m ± 0%   10.09m ± 0%        ~ (p=0.481 n=10)
IndexHard3                     10.09m ± 0%   10.09m ± 0%        ~ (p=1.000 n=10)
IndexHard4                     10.09m ± 0%   10.09m ± 0%        ~ (p=0.739 n=10)
LastIndexHard1                 10.71m ± 0%   10.71m ± 0%        ~ (p=0.052 n=10)
LastIndexHard2                 10.71m ± 0%   10.71m ± 0%        ~ (p=0.218 n=10)
LastIndexHard3                 10.71m ± 0%   10.71m ± 0%        ~ (p=0.739 n=10)
IndexAnyASCII/1:1              30.13n ± 0%   30.79n ± 0%   +2.19% (p=0.000 n=10)
IndexAnyASCII/1:2              31.49n ± 0%   32.16n ± 0%   +2.13% (p=0.000 n=10)
IndexAnyASCII/1:4              34.16n ± 0%   34.82n ± 0%   +1.93% (p=0.000 n=10)
IndexAnyASCII/1:8              39.50n ± 0%   40.16n ± 0%   +1.67% (p=0.000 n=10)
IndexAnyASCII/1:16             50.20n ± 0%   50.87n ± 0%   +1.33% (p=0.000 n=10)
IndexAnyASCII/1:32             81.04n ± 0%   50.29n ± 0%  -37.94% (p=0.000 n=10)
IndexAnyASCII/1:64            119.80n ± 0%   66.94n ± 0%  -44.13% (p=0.000 n=10)
IndexAnyASCII/16:1             54.86n ± 0%   55.53n ± 0%   +1.22% (p=0.000 n=10)
IndexAnyASCII/16:2             268.2n ± 0%   268.2n ± 0%        ~ (p=1.000 n=10)
IndexAnyASCII/16:4             288.1n ± 0%   288.1n ± 0%        ~ (p=1.000 n=10) ¹
IndexAnyASCII/16:8             328.3n ± 0%   328.2n ± 0%        ~ (p=0.370 n=10)
IndexAnyASCII/16:16            413.4n ± 0%   413.4n ± 0%        ~ (p=0.628 n=10)
IndexAnyASCII/16:32            574.0n ± 0%   573.9n ± 0%        ~ (p=0.141 n=10)
IndexAnyASCII/16:64            895.1n ± 0%   895.1n ± 0%        ~ (p=0.548 n=10)
IndexAnyASCII/256:1            381.4n ± 0%   175.4n ± 0%  -53.99% (p=0.000 n=10)
IndexAnyASCII/256:2            2.998µ ± 0%   2.998µ ± 0%        ~ (p=0.365 n=10)
IndexAnyASCII/256:4            3.018µ ± 0%   3.018µ ± 0%        ~ (p=0.650 n=10)
IndexAnyASCII/256:8            3.058µ ± 0%   3.064µ ± 0%   +0.20% (p=0.011 n=10)
IndexAnyASCII/256:16           3.143µ ± 0%   3.150µ ± 0%   +0.21% (p=0.000 n=10)
IndexAnyASCII/256:32           3.303µ ± 0%   3.307µ ± 0%   +0.12% (p=0.000 n=10)
IndexAnyASCII/256:64           3.625µ ± 0%   3.638µ ± 0%   +0.36% (p=0.000 n=10)
IndexAnyUTF8/1:1               30.13n ± 0%   30.94n ± 0%   +2.69% (p=0.000 n=10)
IndexAnyUTF8/1:2               31.49n ± 0%   32.30n ± 0%   +2.59% (p=0.000 n=10)
IndexAnyUTF8/1:4               34.16n ± 0%   35.03n ± 0%   +2.55% (p=0.000 n=10)
IndexAnyUTF8/1:8               39.50n ± 0%   40.16n ± 0%   +1.67% (p=0.000 n=10)
IndexAnyUTF8/1:16              50.20n ± 0%   50.84n ± 0%   +1.27% (p=0.000 n=10)
IndexAnyUTF8/1:32              81.02n ± 0%   61.55n ± 0%  -24.03% (p=0.000 n=10)
IndexAnyUTF8/1:64             119.80n ± 0%   80.04n ± 0%  -33.19% (p=0.000 n=10)
IndexAnyUTF8/16:1              489.0n ± 0%   489.0n ± 0%        ~ (p=1.000 n=10)
IndexAnyUTF8/16:2              361.9n ± 0%   372.6n ± 0%   +2.96% (p=0.000 n=10)
IndexAnyUTF8/16:4              404.7n ± 0%   415.4n ± 0%   +2.64% (p=0.000 n=10)
IndexAnyUTF8/16:8              489.9n ± 0%   500.7n ± 0%   +2.20% (p=0.000 n=10)
IndexAnyUTF8/16:16             661.2n ± 0%   671.9n ± 0%   +1.62% (p=0.000 n=10)
IndexAnyUTF8/16:32            1004.0n ± 0%   881.6n ± 0%  -12.19% (p=0.000 n=10)
IndexAnyUTF8/16:64             1.767µ ± 0%   1.129µ ± 0%  -36.11% (p=0.000 n=10)
IndexAnyUTF8/256:1             7.072µ ± 0%   7.072µ ± 0%        ~ (p=0.387 n=10)
IndexAnyUTF8/256:2             4.700µ ± 0%   4.872µ ± 0%   +3.66% (p=0.000 n=10)
IndexAnyUTF8/256:4             5.386µ ± 0%   5.557µ ± 0%   +3.18% (p=0.000 n=10)
IndexAnyUTF8/256:8             6.752µ ± 0%   6.923µ ± 0%   +2.53% (p=0.000 n=10)
IndexAnyUTF8/256:16            9.493µ ± 0%   9.664µ ± 0%   +1.80% (p=0.000 n=10)
IndexAnyUTF8/256:32            14.97µ ± 0%   12.93µ ± 0%  -13.64% (p=0.000 n=10)
IndexAnyUTF8/256:64            27.15µ ± 0%   16.89µ ± 0%  -37.80% (p=0.000 n=10)
LastIndexAnyASCII/1:1          30.78n ± 0%   31.45n ± 0%   +2.18% (p=0.000 n=10)
LastIndexAnyASCII/1:2          32.13n ± 0%   32.80n ± 0%   +2.07% (p=0.000 n=10)
LastIndexAnyASCII/1:4          34.81n ± 0%   35.48n ± 0%   +1.92% (p=0.000 n=10)
LastIndexAnyASCII/1:8          40.14n ± 0%   40.81n ± 0%   +1.67% (p=0.000 n=10)
LastIndexAnyASCII/1:16         50.85n ± 0%   51.51n ± 0%   +1.30% (p=0.000 n=10)
LastIndexAnyASCII/1:32         84.03n ± 0%   50.85n ± 0%  -39.49% (p=0.000 n=10)
LastIndexAnyASCII/1:64        121.50n ± 0%   68.16n ± 0%  -43.90% (p=0.000 n=10)
LastIndexAnyASCII/16:1         249.7n ± 0%   249.7n ± 0%        ~ (p=1.000 n=10) ¹
LastIndexAnyASCII/16:2         255.2n ± 0%   255.2n ± 0%        ~ (p=1.000 n=10) ¹
LastIndexAnyASCII/16:4         274.0n ± 0%   274.0n ± 0%        ~ (p=1.000 n=10) ¹
LastIndexAnyASCII/16:8         314.1n ± 0%   314.1n ± 0%        ~ (p=1.000 n=10)
LastIndexAnyASCII/16:16        403.8n ± 0%   403.8n ± 0%        ~ (p=1.000 n=10)
LastIndexAnyASCII/16:32        564.4n ± 0%   564.4n ± 0%        ~ (p=1.000 n=10)
LastIndexAnyASCII/16:64        885.5n ± 0%   885.5n ± 0%        ~ (p=0.474 n=10)
LastIndexAnyASCII/256:1        2.819µ ± 0%   2.819µ ± 0%        ~ (p=0.211 n=10)
LastIndexAnyASCII/256:2        2.824µ ± 0%   2.824µ ± 0%        ~ (p=1.000 n=10) ¹
LastIndexAnyASCII/256:4        2.843µ ± 0%   2.843µ ± 0%        ~ (p=1.000 n=10) ¹
LastIndexAnyASCII/256:8        2.883µ ± 0%   2.883µ ± 0%        ~ (p=1.000 n=10) ¹
LastIndexAnyASCII/256:16       2.973µ ± 0%   2.973µ ± 0%        ~ (p=1.000 n=10)
LastIndexAnyASCII/256:32       3.133µ ± 0%   3.133µ ± 0%        ~ (p=0.628 n=10)
LastIndexAnyASCII/256:64       3.454µ ± 0%   3.454µ ± 0%        ~ (p=1.000 n=10)
LastIndexAnyUTF8/1:1           30.78n ± 0%   31.45n ± 0%   +2.18% (p=0.000 n=10)
LastIndexAnyUTF8/1:2           32.13n ± 0%   32.80n ± 0%   +2.07% (p=0.000 n=10)
LastIndexAnyUTF8/1:4           34.81n ± 0%   35.48n ± 0%   +1.92% (p=0.000 n=10)
LastIndexAnyUTF8/1:8           40.14n ± 0%   40.81n ± 0%   +1.67% (p=0.000 n=10)
LastIndexAnyUTF8/1:16          50.84n ± 0%   51.52n ± 0%   +1.33% (p=0.000 n=10)
LastIndexAnyUTF8/1:32          83.87n ± 0%   62.90n ± 0%  -25.00% (p=0.000 n=10)
LastIndexAnyUTF8/1:64         121.50n ± 0%   81.67n ± 0%  -32.78% (p=0.000 n=10)
LastIndexAnyUTF8/16:1          330.0n ± 0%   330.0n ± 0%        ~ (p=1.000 n=10)
LastIndexAnyUTF8/16:2          365.4n ± 1%   376.1n ± 0%   +2.93% (p=0.000 n=10)
LastIndexAnyUTF8/16:4          399.9n ± 0%   410.6n ± 0%   +2.68% (p=0.000 n=10)
LastIndexAnyUTF8/16:8          485.5n ± 0%   496.2n ± 0%   +2.20% (p=0.000 n=10)
LastIndexAnyUTF8/16:16         656.8n ± 0%   667.5n ± 0%   +1.63% (p=0.000 n=10)
LastIndexAnyUTF8/16:32         999.3n ± 0%   882.6n ± 0%  -11.68% (p=0.000 n=10)
LastIndexAnyUTF8/16:64         1.744µ ± 0%   1.129µ ± 0%  -35.26% (p=0.000 n=10)
LastIndexAnyUTF8/256:1         4.023µ ± 0%   4.023µ ± 0%    0.00% (p=0.033 n=10)
LastIndexAnyUTF8/256:2         4.645µ ± 0%   4.816µ ± 0%   +3.68% (p=0.000 n=10)
LastIndexAnyUTF8/256:4         5.217µ ± 0%   5.388µ ± 0%   +3.28% (p=0.000 n=10)
LastIndexAnyUTF8/256:8         6.587µ ± 0%   6.758µ ± 0%   +2.60% (p=0.000 n=10)
LastIndexAnyUTF8/256:16        9.327µ ± 0%   9.498µ ± 0%   +1.83% (p=0.000 n=10)
LastIndexAnyUTF8/256:32        14.81µ ± 0%   12.92µ ± 0%  -12.73% (p=0.000 n=10)
LastIndexAnyUTF8/256:64        26.69µ ± 0%   16.84µ ± 0%  -36.92% (p=0.000 n=10)
IndexPeriodic/IndexPeriodic2   625.6µ ± 0%   625.6µ ± 0%        ~ (p=0.529 n=10)
IndexPeriodic/IndexPeriodic4   625.5µ ± 0%   625.6µ ± 0%   +0.01% (p=0.002 n=10)
IndexPeriodic/IndexPeriodic8   625.4µ ± 0%   625.4µ ± 0%   +0.01% (p=0.001 n=10)
IndexPeriodic/IndexPeriodic16  236.5µ ± 0%   225.4µ ± 0%   -4.69% (p=0.000 n=10)
IndexPeriodic/IndexPeriodic32  171.1µ ± 3%   133.4µ ± 0%  -22.05% (p=0.000 n=10)
IndexPeriodic/IndexPeriodic64 139.10µ ± 3%   89.28µ ± 0%  -35.82% (p=0.000 n=10)
geomean                        4.222µ        3.628µ       -14.0

Subset of strings Index benchmarks

IndexRune                      110.7n ± 0%   117.7n ± 0%   +6.32% (p=0.000 n=10)
IndexRuneLongString            246.6n ± 0%   187.4n ± 3%  -24.01% (p=0.000 n=10)
IndexRuneFastPath              46.82n ± 0%   46.06n ± 0%   -1.62% (p=0.000 n=10)
Index                          48.28n ± 0%   47.61n ± 0%   -1.39% (p=0.000 n=10)
LastIndex                      34.50n ± 0%   34.50n ± 0%        ~ (p=1.000 n=10) ¹
IndexByte                      41.72n ± 0%   40.83n ± 0%   -2.13% (p=0.000 n=10)
IndexHard1                     10.01m ± 0%   10.01m ± 0%   +0.02% (p=0.000 n=10)
IndexHard2                     10.01m ± 0%   10.01m ± 0%   +0.02% (p=0.000 n=10)
IndexHard3                     10.01m ± 0%   10.01m ± 0%   +0.02% (p=0.000 n=10)
IndexHard4                     10.01m ± 0%   10.01m ± 0%   +0.02% (p=0.000 n=10)
LastIndexHard1                 10.71m ± 0%   10.71m ± 0%   +0.03% (p=0.000 n=10)
LastIndexHard2                 10.71m ± 0%   10.71m ± 0%   +0.03% (p=0.000 n=10)
LastIndexHard3                 10.71m ± 0%   10.71m ± 0%   +0.03% (p=0.000 n=10)
IndexTorture                   71.33µ ± 0%   71.37µ ± 0%   +0.05% (p=0.000 n=10)
IndexAnyASCII/1:1              34.40n ± 0%   35.07n ± 0%   +1.95% (p=0.000 n=10)
IndexAnyASCII/1:2              46.87n ± 0%   47.54n ± 0%   +1.43% (p=0.000 n=10)
IndexAnyASCII/1:4              49.53n ± 0%   50.20n ± 0%   +1.35% (p=0.000 n=10)
IndexAnyASCII/1:8              54.86n ± 0%   55.53n ± 0%   +1.22% (p=0.000 n=10)
IndexAnyASCII/1:16             65.56n ± 0%   66.24n ± 0%   +1.04% (p=0.000 n=10)
IndexAnyASCII/1:32             86.97n ± 0%   77.82n ± 0%  -10.52% (p=0.000 n=10)
IndexAnyASCII/1:64            134.50n ± 0%   98.57n ± 0%  -26.71% (p=0.000 n=10)
IndexAnyASCII/16:1             54.19n ± 0%   54.86n ± 0%   +1.24% (p=0.000 n=10)
IndexAnyASCII/16:2             257.4n ± 0%   256.7n ± 0%   -0.27% (p=0.000 n=10)
IndexAnyASCII/16:4             275.3n ± 0%   275.3n ± 0%        ~ (p=1.000 n=10)
IndexAnyASCII/16:8             315.4n ± 0%   315.5n ± 0%   +0.03% (p=0.001 n=10)
IndexAnyASCII/16:16            405.4n ± 0%   405.4n ± 0%        ~ (p=1.000 n=10)
IndexAnyASCII/16:32            566.0n ± 0%   566.0n ± 0%        ~ (p=1.000 n=10)
IndexAnyASCII/16:64            887.0n ± 0%   887.1n ± 0%        ~ (p=0.181 n=10)
IndexAnyASCII/256:1            380.0n ± 0%   174.7n ± 0%  -54.03% (p=0.000 n=10)
IndexAnyASCII/256:2            2.826µ ± 0%   2.826µ ± 0%        ~ (p=1.000 n=10) ¹
IndexAnyASCII/256:4            2.844µ ± 0%   2.844µ ± 0%        ~ (p=1.000 n=10) ¹
IndexAnyASCII/256:8            2.884µ ± 0%   2.884µ ± 0%        ~ (p=0.087 n=10)
IndexAnyASCII/256:16           2.974µ ± 0%   2.974µ ± 0%        ~ (p=1.000 n=10)
IndexAnyASCII/256:32           3.135µ ± 0%   3.135µ ± 0%        ~ (p=1.000 n=10)
IndexAnyASCII/256:64           3.456µ ± 0%   3.456µ ± 0%        ~ (p=1.000 n=10) ¹
IndexAnyUTF8/1:1               38.13n ± 0%   38.13n ± 0%        ~ (p=1.000 n=10) ¹
IndexAnyUTF8/1:2               46.87n ± 0%   47.54n ± 0%   +1.43% (p=0.000 n=10)
IndexAnyUTF8/1:4               49.53n ± 0%   50.19n ± 0%   +1.33% (p=0.000 n=10)
IndexAnyUTF8/1:8               54.86n ± 0%   55.52n ± 0%   +1.20% (p=0.000 n=10)
IndexAnyUTF8/1:16              65.56n ± 0%   66.23n ± 0%   +1.02% (p=0.000 n=10)
IndexAnyUTF8/1:32              86.97n ± 0%   82.25n ± 0%   -5.42% (p=0.000 n=10)
IndexAnyUTF8/1:64             134.50n ± 0%   99.96n ± 0%  -25.68% (p=0.000 n=10)
IndexAnyUTF8/16:1              98.34n ± 0%   98.34n ± 0%        ~ (p=1.000 n=10)
IndexAnyUTF8/16:2              462.7n ± 0%   473.7n ± 0%   +2.38% (p=0.000 n=10)
IndexAnyUTF8/16:4              504.6n ± 0%   515.3n ± 0%   +2.11% (p=0.000 n=10)
IndexAnyUTF8/16:8              589.1n ± 0%   599.7n ± 0%   +1.80% (p=0.000 n=10)
IndexAnyUTF8/16:16             760.4n ± 0%   770.9n ± 0%   +1.38% (p=0.000 n=10)
IndexAnyUTF8/16:32             1.103µ ± 0%   1.023µ ± 0%   -7.25% (p=0.000 n=10)
IndexAnyUTF8/16:64             1.857µ ± 0%   1.294µ ± 0%  -30.32% (p=0.000 n=10)
IndexAnyUTF8/256:1             1.066µ ± 0%   1.066µ ± 0%        ~ (p=1.000 n=10) ¹
IndexAnyUTF8/256:2             6.106µ ± 0%   6.277µ ± 0%   +2.81% (p=0.000 n=10)
IndexAnyUTF8/256:4             6.787µ ± 0%   6.958µ ± 0%   +2.52% (p=0.000 n=10)
IndexAnyUTF8/256:8             8.136µ ± 0%   8.308µ ± 0%   +2.11% (p=0.000 n=10)
IndexAnyUTF8/256:16            10.88µ ± 0%   11.05µ ± 0%   +1.57% (p=0.000 n=10)
IndexAnyUTF8/256:32            16.36µ ± 0%   14.90µ ± 0%   -8.93% (p=0.000 n=10)
IndexAnyUTF8/256:64            28.51µ ± 0%   19.41µ ± 0%  -31.92% (p=0.000 n=10)
LastIndexAnyASCII/1:1          35.79n ± 0%   38.52n ± 0%   +7.63% (p=0.000 n=10)
LastIndexAnyASCII/1:2          37.12n ± 0%   39.85n ± 0%   +7.35% (p=0.000 n=10)
LastIndexAnyASCII/1:4          39.76n ± 0%   42.08n ± 0%   +5.84% (p=0.000 n=10)
LastIndexAnyASCII/1:8          44.82n ± 0%   47.22n ± 0%   +5.34% (p=0.000 n=10)
LastIndexAnyASCII/1:16         55.53n ± 0%   57.92n ± 3%   +4.30% (p=0.000 n=10)
LastIndexAnyASCII/1:32         76.94n ± 0%   70.16n ± 0%   -8.81% (p=0.000 n=10)
LastIndexAnyASCII/1:64        124.40n ± 0%   89.67n ± 0%  -27.92% (p=0.000 n=10)
LastIndexAnyASCII/16:1         245.9n ± 0%   245.9n ± 0%        ~ (p=1.000 n=10)
LastIndexAnyASCII/16:2         255.2n ± 0%   255.2n ± 0%        ~ (p=1.000 n=10) ¹
LastIndexAnyASCII/16:4         275.1n ± 0%   275.1n ± 0%        ~ (p=1.000 n=10) ¹
LastIndexAnyASCII/16:8         315.2n ± 0%   315.2n ± 0%        ~ (p=1.000 n=10)
LastIndexAnyASCII/16:16        400.4n ± 0%   400.4n ± 0%        ~ (p=0.087 n=10)
LastIndexAnyASCII/16:32        560.9n ± 0%   560.9n ± 0%        ~ (p=0.124 n=10)
LastIndexAnyASCII/16:64        882.1n ± 0%   882.0n ± 0%   -0.01% (p=0.003 n=10)
LastIndexAnyASCII/256:1        2.815µ ± 0%   2.815µ ± 0%        ~ (p=0.211 n=10)
LastIndexAnyASCII/256:2        2.824µ ± 0%   2.824µ ± 0%        ~ (p=1.000 n=10)
LastIndexAnyASCII/256:4        2.844µ ± 0%   2.844µ ± 0%        ~ (p=1.000 n=10) ¹
LastIndexAnyASCII/256:8        2.884µ ± 0%   2.884µ ± 0%        ~ (p=1.000 n=10) ¹
LastIndexAnyASCII/256:16       2.969µ ± 0%   2.969µ ± 0%        ~ (p=1.000 n=10)
LastIndexAnyASCII/256:32       3.130µ ± 0%   3.130µ ± 0%        ~ (p=1.000 n=10) ¹
LastIndexAnyASCII/256:64       3.451µ ± 0%   3.451µ ± 0%        ~ (p=0.474 n=10)
LastIndexAnyUTF8/1:1           35.79n ± 0%   36.13n ± 0%   +0.95% (p=0.000 n=10)
LastIndexAnyUTF8/1:2           37.11n ± 0%   37.47n ± 0%   +0.97% (p=0.000 n=10)
LastIndexAnyUTF8/1:4           39.75n ± 0%   40.14n ± 0%   +0.97% (p=0.000 n=10)
LastIndexAnyUTF8/1:8           44.82n ± 0%   45.49n ± 0%   +1.49% (p=0.000 n=10)
LastIndexAnyUTF8/1:16          55.52n ± 0%   56.20n ± 0%   +1.22% (p=0.000 n=10)
LastIndexAnyUTF8/1:32          76.93n ± 0%   74.25n ± 0%   -3.48% (p=0.000 n=10)
LastIndexAnyUTF8/1:64         124.40n ± 0%   91.15n ± 0%  -26.73% (p=0.000 n=10)
LastIndexAnyUTF8/16:1          322.5n ± 0%   322.5n ± 0%        ~ (p=0.087 n=10)
LastIndexAnyUTF8/16:2          634.2n ± 0%   616.4n ± 0%   -2.81% (p=0.000 n=10)
LastIndexAnyUTF8/16:4          674.5n ± 0%   657.9n ± 0%   -2.46% (p=0.000 n=10)
LastIndexAnyUTF8/16:8          758.3n ± 0%   741.0n ± 0%   -2.28% (p=0.000 n=10)
LastIndexAnyUTF8/16:16         929.6n ± 0%   912.3n ± 0%   -1.86% (p=0.000 n=10)
LastIndexAnyUTF8/16:32         1.272µ ± 0%   1.176µ ± 0%   -7.55% (p=0.000 n=10)
LastIndexAnyUTF8/16:64         2.018µ ± 0%   1.453µ ± 0%  -28.00% (p=0.000 n=10)
LastIndexAnyUTF8/256:1         4.015µ ± 0%   4.016µ ± 0%   +0.02% (p=0.000 n=10)
LastIndexAnyUTF8/256:2         8.896µ ± 0%   8.537µ ± 0%   -4.04% (p=0.000 n=10)
LastIndexAnyUTF8/256:4         9.553µ ± 0%   9.217µ ± 0%   -3.52% (p=0.000 n=10)
LastIndexAnyUTF8/256:8         10.90µ ± 0%   10.54µ ± 0%   -3.29% (p=0.000 n=10)
LastIndexAnyUTF8/256:16        13.64µ ± 0%   13.28µ ± 0%   -2.63% (p=0.000 n=10)
LastIndexAnyUTF8/256:32        19.12µ ± 0%   17.16µ ± 1%  -10.23% (p=0.000 n=10)
LastIndexAnyUTF8/256:64        31.11µ ± 0%   21.98µ ± 0%  -29.36% (p=0.000 n=10)
IndexPeriodic/IndexPeriodic2   625.5µ ± 0%   625.5µ ± 0%        ~ (p=0.955 n=10)
IndexPeriodic/IndexPeriodic4   625.4µ ± 0%   625.4µ ± 0%        ~ (p=0.838 n=10)
IndexPeriodic/IndexPeriodic8   625.3µ ± 0%   625.3µ ± 0%   +0.01% (p=0.009 n=10)
IndexPeriodic/IndexPeriodic16  229.8µ ± 0%   227.0µ ± 0%   -1.22% (p=0.000 n=10)
IndexPeriodic/IndexPeriodic32  168.9µ ± 3%   131.8µ ± 0%  -22.00% (p=0.000 n=10)
IndexPeriodic/IndexPeriodic64 126.36µ ± 0%   86.66µ ± 0%  -31.42% (p=0.000 n=10)
geomean                        1.361µ        1.302µ        -4.31%

As these functions are so heavily used this change impacts other
benchmarks.  I include the improvements in geomean for the all the
benchmarks in the strings and bytes packages, along with some
selected benchmarks to illustrate the impact of the change.

geomean for bytes              13.81µ          12.92µ         -6.44%
geomean for string             9.385µ          9.224µ         -1.72%

Note that when building for rva22u64 a single Zbb instruction is used
in the main loop.  This also helps to improve performance slightly.
The geomean for all the bytes benchmarks when building with
GORISCV64=rva22u64 with and without the patch is shown below.

geomean for bytes (rva22u64)   13.46µ          12.49µ         -7.21%

Examples of non-Index benchmarks affected by this commit.

ReadString uses IndexByte to search for a byte stored at the end of
32KB buffer, so we see a speed up.  SplitSingleByteSeparator searches
large buffers, but the byte being sought occurs within the first 15
bytes of the buffer, 76% of the time, hence the slowdown.  In
SplitMultiByteSeparator the first byte of the separator only occurs
in the first 15 bytes 33% of the time so we see a speed up.

ReadString               05.13µ ±  2%    74.67µ ±  0%  -28.97% (p=0.000 n=10)
SplitSingleByteSeparator 11.31m ±  2%    12.43m ±  1%   +9.83% (p=0.000 n=10)
SplitMultiByteSeparator  8.070m ±  1%    7.707m ±  1%   -4.49% (p=0.000 n=10)

Change-Id: I6210ea2f3decdc6d2e0609df72b1b66e6d6f5395
Reviewed-on: https://go-review.googlesource.com/c/go/+/561275
Reviewed-by: Joel Sing <joel@sing.id.au>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Meng Zhuo <mengzhuo1203@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocmd/compile, internal/runtime/atomic: add Xchg8 for loong64
Guoqi Chen [Wed, 30 Oct 2024 11:11:49 +0000 (19:11 +0800)]
cmd/compile, internal/runtime/atomic: add Xchg8 for loong64

In Loongson's new microstructure LA664 (Loongson-3A6000) and later, the atomic
instruction AMSWAP[DB]{B,H} [1] is supported. Therefore, the implementation of
the atomic operation exchange can be selected according to the CPUCFG flag LAM_BH:
AMSWAPDBB(full barrier) instruction is used on new microstructures, and traditional
LL-SC is used on LA464 (Loongson-3A5000) and older microstructures. This can
significantly improve the performance of Go programs on new microstructures.

Because Xchg8 implemented using traditional LL-SC uses too many temporary
registers, it is not suitable for intrinsics.

goos: linux
goarch: loong64
pkg: internal/runtime/atomic
cpu: Loongson-3A6000 @ 2500.00MHz
BenchmarkXchg8              100000000         10.41 ns/op
BenchmarkXchg8-2            100000000         10.41 ns/op
BenchmarkXchg8-4            100000000         10.41 ns/op
BenchmarkXchg8Parallel      96647592         12.41 ns/op
BenchmarkXchg8Parallel-2    58376136         20.60 ns/op
BenchmarkXchg8Parallel-4    78458899         17.97 ns/op

goos: linux
goarch: loong64
pkg: internal/runtime/atomic
cpu: Loongson-3A5000-HV @ 2500.00MHz
BenchmarkXchg8              38323825         31.23 ns/op
BenchmarkXchg8-2            38368219         31.23 ns/op
BenchmarkXchg8-4            37154156         31.26 ns/op
BenchmarkXchg8Parallel      37908301         31.63 ns/op
BenchmarkXchg8Parallel-2    30413440         39.42 ns/op
BenchmarkXchg8Parallel-4    30737626         39.03 ns/op

For #69735

[1]: https://loongson.github.io/LoongArch-Documentation/LoongArch-ELF-ABI-EN.html

Change-Id: I02ba68f66a2210b6902344fdc9975eb62de728ab
Reviewed-on: https://go-review.googlesource.com/c/go/+/623058
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: sophie zhao <zhaoxiaolin@loongson.cn>
Reviewed-by: Meidan Li <limeidan@loongson.cn>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Mauri de Souza Meneguzzo <mauri870@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
11 months agocrypto: trim module name of Avo generators
Filippo Valsorda [Tue, 19 Nov 2024 20:19:04 +0000 (21:19 +0100)]
crypto: trim module name of Avo generators

Change-Id: I29df173c2ba3bb37aff67e9872f0a5aa4c01ed87
Reviewed-on: https://go-review.googlesource.com/c/go/+/629835
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>

11 months agocrypto/internal/fips/nistec: remove P-256 from generate.go
Filippo Valsorda [Tue, 19 Nov 2024 21:02:59 +0000 (22:02 +0100)]
crypto/internal/fips/nistec: remove P-256 from generate.go

It's not been autogenerated since CL 627937.

Change-Id: I2d2e249c2bab673342ee42a48582b082c6958cdd
Reviewed-on: https://go-review.googlesource.com/c/go/+/629836
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto/internal/hpke: replace x/crypto/hkdf with crypto/internal/fips/hkdf
Filippo Valsorda [Mon, 18 Nov 2024 13:28:19 +0000 (14:28 +0100)]
crypto/internal/hpke: replace x/crypto/hkdf with crypto/internal/fips/hkdf

Change-Id: Id69e8e3a7dd61ca33489140eb76771b176a9ea4a
Reviewed-on: https://go-review.googlesource.com/c/go/+/629057
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Commit-Queue: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
11 months agocrypto/internal/fips: import crypto/internal/fips/check throughout
Filippo Valsorda [Mon, 18 Nov 2024 12:43:58 +0000 (13:43 +0100)]
crypto/internal/fips: import crypto/internal/fips/check throughout

The module must do the integrity self-check before any other operation
in FIPS mode.

For #69536

Change-Id: I8db52ea94e867812008a6e7a86ca2c648a0018c6
Reviewed-on: https://go-review.googlesource.com/c/go/+/629056
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
11 months agocrypto/ed25519: move implementation to crypto/internal/fips/ed25519
Filippo Valsorda [Sun, 17 Nov 2024 18:16:52 +0000 (19:16 +0100)]
crypto/ed25519: move implementation to crypto/internal/fips/ed25519

For #69536

Change-Id: Ifba3e2bcb03966f2ed576d3f88e2e09193215b4a
Reviewed-on: https://go-review.googlesource.com/c/go/+/628856
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>

11 months agocrypto/internal/edwards25519: move to crypto/internal/fips/edwards25519
Filippo Valsorda [Sun, 17 Nov 2024 14:18:25 +0000 (15:18 +0100)]
crypto/internal/edwards25519: move to crypto/internal/fips/edwards25519

Left most of the tests in for now as they are almost all internal and
hard to externalize.

String initialization in the FIPS module has some issues, so switched
field.TestSqrtRatio to storing decoded byte slices instead.

For #69536

Change-Id: If9e4a2bb780a37a8d102a22ffd13c5293d11a8a6
Reviewed-on: https://go-review.googlesource.com/c/go/+/628776
Reviewed-by: Russ Cox <rsc@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>

11 months agocrypto/internal/fips: handle the one possible PCT failure
Filippo Valsorda [Sun, 17 Nov 2024 17:38:29 +0000 (18:38 +0100)]
crypto/internal/fips: handle the one possible PCT failure

Since ECDSA private keys are irredeemably malleable, an application
could construct one where the public key doesn't match the private key.
They'd be very much on their own, but crashing the program feels a bit
harsh.

Add this one to the list of issues caused by exposing the ECDSA (and
RSA) key values as big.Ints.

For #69536

Change-Id: Iaa65c73d7145e74f860ca097fa9641448442fbf9
Reviewed-on: https://go-review.googlesource.com/c/go/+/628855
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto: centralize external test module fetches
Filippo Valsorda [Sun, 17 Nov 2024 11:04:24 +0000 (12:04 +0100)]
crypto: centralize external test module fetches

This has the important advantage of using the system GOMODCACHE when it
exists, avoiding the download on every "go test".

While at it, also consistently use testenv.Command.

Change-Id: Ic999ffa281f6da73fe601b0feba29e60982cce3d
Reviewed-on: https://go-review.googlesource.com/c/go/+/628755
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
11 months agocrypto/ecdsa: implement deterministic and hedged signatures
Filippo Valsorda [Sat, 16 Nov 2024 22:45:05 +0000 (23:45 +0100)]
crypto/ecdsa: implement deterministic and hedged signatures

For the future, some test vectors we should generate and then share
through Wycheproof or CCTV:
 - A private key with a leading zero byte.
 - A hash longer than the modulus.
 - A hash longer than the P-521 modulus by a few bits.
 - Reductions happening in hashToNat and bits2octets.

Fixes #64802

Change-Id: Ia0f89781b2c78eedd5103cf0e9720630711c37ad
Reviewed-on: https://go-review.googlesource.com/c/go/+/628681
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>

11 months agocrypto/internal/fips/ecdsa: add HMAC_DRBG
Filippo Valsorda [Sat, 16 Nov 2024 18:36:30 +0000 (19:36 +0100)]
crypto/internal/fips/ecdsa: add HMAC_DRBG

We'll use this for deterministic and hedged ECDSA.

For #69536

Change-Id: Ifb3d963a084fb4914536826250589ff8862add9f
Reviewed-on: https://go-review.googlesource.com/c/go/+/628680
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>

11 months agocrypto/internal/fips/ecdsa: add CAST, PCT, DRBG, and FIPS 186-5 references
Filippo Valsorda [Sat, 16 Nov 2024 16:44:17 +0000 (17:44 +0100)]
crypto/internal/fips/ecdsa: add CAST, PCT, DRBG, and FIPS 186-5 references

The previous CL focused on moving the implementation as-is, while this
makes it FIPS-compliant.

For #69536

Change-Id: I75fa56c7e13ba20246bacf9fda4599c9f25a1c63
Reviewed-on: https://go-review.googlesource.com/c/go/+/628678
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
11 months agocrypto/ecdsa: move s390x assembly to crypto/internal/fips/ecdsa
Filippo Valsorda [Sat, 16 Nov 2024 17:31:41 +0000 (18:31 +0100)]
crypto/ecdsa: move s390x assembly to crypto/internal/fips/ecdsa

For #69536

Change-Id: I85088acb3da788f688f78efff39320bd517e617d
Reviewed-on: https://go-review.googlesource.com/c/go/+/628679
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
11 months agocrypto/ecdsa: move implementation to crypto/internal/fips/ecdsa
Filippo Valsorda [Sat, 16 Nov 2024 15:38:07 +0000 (16:38 +0100)]
crypto/ecdsa: move implementation to crypto/internal/fips/ecdsa

For #69536

Change-Id: I8794d75c11cdadd91e420541b26af35e62006af4
Reviewed-on: https://go-review.googlesource.com/c/go/+/628677
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto/internal/bigmod: move to crypto/internal/fips/bigmod
Filippo Valsorda [Sat, 16 Nov 2024 13:14:21 +0000 (14:14 +0100)]
crypto/internal/bigmod: move to crypto/internal/fips/bigmod

For #69536

Change-Id: Ic096282c521958083d0ba816d62d908f6fcf7dbe
Reviewed-on: https://go-review.googlesource.com/c/go/+/628676
Reviewed-by: Russ Cox <rsc@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
11 months agocrypto/internal/bigmod: drop math/big dependency
Filippo Valsorda [Sat, 16 Nov 2024 13:10:02 +0000 (14:10 +0100)]
crypto/internal/bigmod: drop math/big dependency

If when the dust settles the Bytes and SetBytes round-trip is visible in
profiles (only plausible in RSA), then we can add a SetBits method like
in CL 511375.

Change-Id: I3e6677e849d7a3786fa7297437b119a47715225f
Reviewed-on: https://go-review.googlesource.com/c/go/+/628675
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
11 months agocrypto/ecdh: move implementation to crypto/internal/fips/ecdh
Filippo Valsorda [Thu, 14 Nov 2024 21:02:02 +0000 (22:02 +0100)]
crypto/ecdh: move implementation to crypto/internal/fips/ecdh

This intentionally gives up on the property of not computing the public
key until requested. It was nice, but it was making the code too
complex. The average use case is to call PublicKey immediately after
GenerateKey anyway.

Added support in the module for P-224, just in case we'd ever want to
support it in crypto/ecdh.

Tried various ways to fix test/fixedbugs/issue52193.go to be meaningful,
but crypto/ecdh is pretty complex and all the solutions would end up
locking in crypto/ecdh structure rather than compiler behavior. The rest
of that test is good enough on its own anyway. If we do the work in the
future of making crypto/ecdh zero-allocations using the affordances of
the compiler, we can add a more robust TestAllocations on our side.

For #69536

Change-Id: I68ac3955180cb31f6f96a0ef57604aaed88ab311
Reviewed-on: https://go-review.googlesource.com/c/go/+/628315
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto/internal/nistec: move to crypto/internal/fips/nistec
Filippo Valsorda [Thu, 14 Nov 2024 14:27:28 +0000 (15:27 +0100)]
crypto/internal/nistec: move to crypto/internal/fips/nistec

For #69536

Change-Id: Id9d76aefbbe1f7c957973380c6eaeb5bfb9de967
Reviewed-on: https://go-review.googlesource.com/c/go/+/627957
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Commit-Queue: Filippo Valsorda <filippo@golang.org>

11 months agocrypto/internal/nistec: don't use go:embed
Filippo Valsorda [Sun, 17 Nov 2024 12:03:16 +0000 (13:03 +0100)]
crypto/internal/nistec: don't use go:embed

For #69536

Change-Id: I8ff3fdd70f540559d83abe006985bcee11ffde91
Reviewed-on: https://go-review.googlesource.com/c/go/+/628775
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
11 months agocrypto/internal/nistec: port cleanups and docs from p256_asm.go to purego
Filippo Valsorda [Sat, 27 Jul 2024 21:40:15 +0000 (23:40 +0200)]
crypto/internal/nistec: port cleanups and docs from p256_asm.go to purego

Change-Id: Ieaad0692f4301cc301a0dd2eadca2f2f9e96bff0
Reviewed-on: https://go-review.googlesource.com/c/go/+/627942
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
11 months agocrypto/internal/nistec: use precomputed P-256 generators in purego
Filippo Valsorda [Sat, 27 Jul 2024 13:39:07 +0000 (15:39 +0200)]
crypto/internal/nistec: use precomputed P-256 generators in purego

Change-Id: I73cd2ff857512a90585b860906061b71d1c19e41
Reviewed-on: https://go-review.googlesource.com/c/go/+/627941
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto/internal/nistec: put elements directly in point struct in purego P-256
Filippo Valsorda [Sat, 27 Jul 2024 13:33:47 +0000 (15:33 +0200)]
crypto/internal/nistec: put elements directly in point struct in purego P-256

Mostly done to make loading the affine table easier, but has a bit of
performance advantage.

goos: darwin
goarch: arm64
pkg: crypto/internal/nistec
cpu: Apple M2
                      │ edeef4a9d6  │            c85d3a55d6             │
                      │   sec/op    │   sec/op     vs base              │
ScalarMult/P256-8       98.80µ ± 1%   97.40µ ± 0%  -1.41% (p=0.002 n=6)
ScalarBaseMult/P256-8   20.69µ ± 0%   19.29µ ± 1%  -6.75% (p=0.002 n=6)

Change-Id: Iaee927650e64d0ed4cd3053f32132de8dd7d771d
Reviewed-on: https://go-review.googlesource.com/c/go/+/627940
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
11 months agocrypto/internal/nistec: drop endianness swap assembly
Filippo Valsorda [Sat, 27 Jul 2024 11:58:25 +0000 (13:58 +0200)]
crypto/internal/nistec: drop endianness swap assembly

It has negligible performance impact now that we have compiler
intrinsics, and removing it helps slightly narrow the gap between
the assembly and Go implementations.

Change-Id: Ia02807a973b567952c659bb4868632a73ff3c143
Reviewed-on: https://go-review.googlesource.com/c/go/+/627939
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto/internal/nistec: use mixed addition in purego ScalarBaseMult
Filippo Valsorda [Fri, 26 Jul 2024 21:34:12 +0000 (23:34 +0200)]
crypto/internal/nistec: use mixed addition in purego ScalarBaseMult

The affine addition formula is significantly faster, and sets us up to
reuse the precomputed table from the assembly implementation.

This is an incremental step towards converging the purego and assembly
implementations, with the goal of eventually merging them.

Very proud of how the conditional AddAffine avoids the whole zero/sel
cmov dance, compared to the same logic in the assembly implementation.

Change-Id: Iab008e81869cf8c1565b938e4dd392dd4d5787fd
Reviewed-on: https://go-review.googlesource.com/c/go/+/627938
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
11 months agocrypto/internal/nistec: use Booth multiplication in purego P-256
Filippo Valsorda [Fri, 26 Jul 2024 20:35:50 +0000 (22:35 +0200)]
crypto/internal/nistec: use Booth multiplication in purego P-256

Brings ScalarMult from 71 adds/op + 259 doubles/op to 58 adds/op + 263
doubles/op and ScalarBaseMult from 64 adds/op to 42 adds/op, matching
the assembly scalar multiplication algorithm.

Change-Id: I6603b52d1c3b2c25ace471bd36044149f6e8cfab
Reviewed-on: https://go-review.googlesource.com/c/go/+/627937
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
11 months agocrypto/internal/fips: wrap and lock internal dependencies
Filippo Valsorda [Thu, 14 Nov 2024 13:47:55 +0000 (14:47 +0100)]
crypto/internal/fips: wrap and lock internal dependencies

The changes below src/crypto/internal/fips/ are mechanical.

See fipsdeps.go and fipsdeps_test.go for the rationale.

For #69536

Change-Id: I292ce65237cd8d2fd87fab99814514dd0e69c4a7
Reviewed-on: https://go-review.googlesource.com/c/go/+/627956
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
11 months agocrypto/internal/fips: move most tests to crypto/internal/fipstest
Filippo Valsorda [Thu, 14 Nov 2024 11:41:47 +0000 (12:41 +0100)]
crypto/internal/fips: move most tests to crypto/internal/fipstest

As explained in fips_test.go, we generally want to minimize tests inside
the FIPS module. When there is a relevant calling package, the tests
should go there, otherwise in fipstest.

This required redoing a bit the CAST failure tests, but the new version
is actually more robust because it will fail if a _ import is missing.

Since TestCAST doesn't print a line for each passed CAST anymore, made
GODEBUG=fips140=debug do that, in case we need to show it to the lab.

For #69536

Change-Id: I0c1b82a4e9ee39e8df9bbe95bebb0527753f51c8
Reviewed-on: https://go-review.googlesource.com/c/go/+/627955
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto/aes: add optimized AES-CTR for ppc64le
Paul E. Murphy [Tue, 5 Nov 2024 19:50:46 +0000 (13:50 -0600)]
crypto/aes: add optimized AES-CTR for ppc64le

This should be a relatively trivial implementation for PPC64
with minor optimizations depending on GOPPC64 value.
GOPPC64=power9 showed about 5% improvement on power10.

Performance is substantially improved on power10 (compiled
with GOPPC64=power9)

          │   p10.old    │                p10.new                │
          │     B/s      │      B/s       vs base                │
AESCTR/50   632.9Mi ± 0%   1022.4Mi ± 1%   +61.54% (p=0.002 n=6)
AESCTR/1K   798.8Mi ± 0%   4327.3Mi ± 0%  +441.72% (p=0.002 n=6)
AESCTR/8K   828.8Mi ± 0%   5799.6Mi ± 0%  +599.77% (p=0.002 n=6)

And power8:

          │    p8.old    │                p8.new                 │
          │     B/s      │      B/s       vs base                │
AESCTR/50   291.6Mi ± 0%    452.4Mi ± 0%   +55.17% (p=0.002 n=6)
AESCTR/1K   380.8Mi ± 0%   2291.6Mi ± 0%  +501.71% (p=0.002 n=6)
AESCTR/8K   389.4Mi ± 0%   3028.1Mi ± 0%  +677.56% (p=0.002 n=6)

Change-Id: Icc977e0a844a5b73a47a218f33dbee54b72edf4b
Reviewed-on: https://go-review.googlesource.com/c/go/+/626176
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Archana Ravindar <aravinda@redhat.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
11 months agocmd/go/internal/modfetch: export new func Unzip
Russ Cox [Sun, 17 Nov 2024 21:54:11 +0000 (16:54 -0500)]
cmd/go/internal/modfetch: export new func Unzip

Add new func Unzip, which is Download (= download+unzip)
without the download. This will be used for unpacking the
FIPS module zips, which are part of the Go distribution,
not downloaded.

Change-Id: Ia04f8c376db8cb1cf27acb5567dd256afb10f410
Reviewed-on: https://go-review.googlesource.com/c/go/+/629200
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Michael Matloob <matloob@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocmd/go: add basic GOFIPS140 support
Russ Cox [Thu, 14 Nov 2024 19:09:54 +0000 (14:09 -0500)]
cmd/go: add basic GOFIPS140 support

GOFIPS140 does two things: (1) control whether to build binaries that
run in FIPS-140 mode by default, and (2) control which version of the
crypto/internal/fips source tree to use during a build.

This CL implements part (1). It recognizes the GOFIPS140 settings
"off" and "latest" and uses them to set the default GODEBUG=fips140
setting to "off" or "on" accordingly.

The documentation for GOFIPS140 is in a follow-up CL.

See cmd/go/internal/fips/fips.go for an overview.

For #70200.

Change-Id: I045f8ae0f19778a1e72a5cd2b6a7b0c88934fc30
Reviewed-on: https://go-review.googlesource.com/c/go/+/629198
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Michael Matloob <matloob@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agointernal/runtime/maps: hash copy of key instead of key itself
Keith Randall [Tue, 19 Nov 2024 00:37:59 +0000 (16:37 -0800)]
internal/runtime/maps: hash copy of key instead of key itself

Hashing the key means we have to take the address of it. That inhibits
subsequent optimizations on the key variable.

By hashing a copy, we incur an extra store at the hash callsite, but
we no longer need a load of the key in the inner loop. It can live
in a register throughout. (Technically, it gets spilled around
the call to the hasher, but it gets restored outside the loop.)

Maybe one day we can have special hash functions that take
int64/int32/string instead of *int64/*int32/*string.

Change-Id: Iba3133f6e82328f53c0abcb5eec13ee47c4969d1
Reviewed-on: https://go-review.googlesource.com/c/go/+/629419
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
11 months agointernal/runtime/maps: assume constant elem offset with int64 and string keys
Keith Randall [Tue, 19 Nov 2024 00:23:43 +0000 (16:23 -0800)]
internal/runtime/maps: assume constant elem offset with int64 and string keys

Note this doesn't work with int32 keys because alignment padding can change
the offset of the element.

Change-Id: I27804d3cfc7cc1b7f995f7e29630f0824f0ee899
Reviewed-on: https://go-review.googlesource.com/c/go/+/629418
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
11 months agointernal/runtime/maps: use simpler calculation for slot element
Keith Randall [Tue, 19 Nov 2024 00:12:48 +0000 (16:12 -0800)]
internal/runtime/maps: use simpler calculation for slot element

This reduces the adds required at the return point from 3 to 1.
(The multiply inside g.elem() does get CSE'd with the one inside
g.key(), but the rest of the adds don't.)

Instead, compute the element as just a fixed offset from the key.

Change-Id: Ia4d7664efafcdca5e9daeb77d270651bb186232c
Reviewed-on: https://go-review.googlesource.com/c/go/+/629535
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
11 months agocrypto/internal/fips/aes/gcm: skip TestAllocations on PPC64
Paul E. Murphy [Tue, 19 Nov 2024 18:31:08 +0000 (12:31 -0600)]
crypto/internal/fips/aes/gcm: skip TestAllocations on PPC64

TestAllocations is failing on PPC64 causing all PPC64 CI to fail.

Skip the test until it can be debugged.

For #70448

Change-Id: Ic18e402f4af5939a90eba2e1f2b182699013ed55
Reviewed-on: https://go-review.googlesource.com/c/go/+/629697
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
11 months agocrypto/internal/fips/mlkem: implement CAST, PCT, and service indicator
Filippo Valsorda [Sun, 10 Nov 2024 14:22:00 +0000 (15:22 +0100)]
crypto/internal/fips/mlkem: implement CAST, PCT, and service indicator

For #69536

Change-Id: Id9d2f6553ab006d0d26986d22a4a756b9cf1bf71
Reviewed-on: https://go-review.googlesource.com/c/go/+/626936
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
11 months agocrypto/internal/fips: disable CASTs if FIPS mode is not enabled
Filippo Valsorda [Sun, 10 Nov 2024 14:04:48 +0000 (15:04 +0100)]
crypto/internal/fips: disable CASTs if FIPS mode is not enabled

Change-Id: Idabfe29e16d9ae6da7fbb078f9738bb4a7c5347b
Reviewed-on: https://go-review.googlesource.com/c/go/+/626935
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
11 months agocrypto/internal/fips/mlkem: implement ML-KEM-1024
Filippo Valsorda [Wed, 23 Oct 2024 09:36:56 +0000 (11:36 +0200)]
crypto/internal/fips/mlkem: implement ML-KEM-1024

Decided to automatically duplicate the high-level code to avoid growing
the ML-KEM-768 data structures.

For #70122

Change-Id: I5c705b71ee1e23adba9113d5cf6b6e505c028967
Reviewed-on: https://go-review.googlesource.com/c/go/+/621983
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
11 months agointernal/syscall/unix, os: add and use Waitid syscall wrapper on linux
Tobias Klauser [Tue, 19 Nov 2024 12:38:42 +0000 (13:38 +0100)]
internal/syscall/unix, os: add and use Waitid syscall wrapper on linux

Instead of open-coding the waitid syscall wrapper add it to
internal/syscall/unix. As the syscall is currently only used on Linux,
switch the implementation in os.(*Process).blockUntilWaitable to use the
128-byte unix.SiginfoChild type instead of a plain 128-byte buffer.

Also use ignoringEINTR for the waitid calls instead of open-coding it.

Change-Id: I8dc47e361faa1f5e912d5de021f119c91c9f12f5
Reviewed-on: https://go-review.googlesource.com/c/go/+/629655
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>

11 months agocmd/dist: add FIPS snapshot build tests
Russ Cox [Thu, 14 Nov 2024 07:32:25 +0000 (02:32 -0500)]
cmd/dist: add FIPS snapshot build tests

Check that all the FIPS zips build.

Change-Id: Iec22d9295178f95862060e57a8ac9ed657f69943
Reviewed-on: https://go-review.googlesource.com/c/go/+/629197
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
11 months agocmd/go: make vet work with -overlay
Russ Cox [Sun, 17 Nov 2024 21:52:25 +0000 (16:52 -0500)]
cmd/go: make vet work with -overlay

It never worked before, an apparent oversight.
This will also make tests work, since tests run vet.

The new FIPS mode will use overlays, so this was
keeping go test from working in that mode.

Fixes #44957.

Change-Id: I3a77846b3b3f9a3a53118aaece93ee93214a36a6
Reviewed-on: https://go-review.googlesource.com/c/go/+/629199
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
11 months agointernal/synctest: new package for testing concurrent code
Damien Neil [Tue, 11 Jun 2024 18:02:18 +0000 (11:02 -0700)]
internal/synctest: new package for testing concurrent code

Add an internal (for now) implementation of testing/synctest.

The synctest.Run function executes a tree of goroutines in an
isolated environment using a fake clock. The synctest.Wait function
allows a test to wait for all other goroutines within the test
to reach a blocking point.

For #67434
For #69687

Change-Id: Icb39e54c54cece96517e58ef9cfb18bf68506cfc
Reviewed-on: https://go-review.googlesource.com/c/go/+/591997
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agoruntime: use indirect call in adjustSignalStack to avoid nosplit overflow
Damien Neil [Tue, 19 Nov 2024 17:04:11 +0000 (09:04 -0800)]
runtime: use indirect call in adjustSignalStack to avoid nosplit overflow

Avoids a nosplit stack overflow on OpenBSD after CL 591997
increases the adjustSignalStack stack by 16 bytes.

Change-Id: I2c990de6c7cd8d2aca6e6b98133da120c8a4174b
Reviewed-on: https://go-review.googlesource.com/c/go/+/629696
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto/internal/mlkem768: move to crypto/internal/fips/mlkem
Filippo Valsorda [Wed, 23 Oct 2024 09:41:42 +0000 (11:41 +0200)]
crypto/internal/mlkem768: move to crypto/internal/fips/mlkem

In the process, replace out-of-module imports with their FIPS versions.

For #69536

Change-Id: I83e900b7c38ecf760382e5dca7fd0b1eaa5a5589
Reviewed-on: https://go-review.googlesource.com/c/go/+/626879
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
11 months agocrypto/internal/mlkem768: add -768 suffix to all exported identifiers
Filippo Valsorda [Mon, 21 Oct 2024 14:29:23 +0000 (16:29 +0200)]
crypto/internal/mlkem768: add -768 suffix to all exported identifiers

In preparation for introducing ML-KEM-1024.

Aside from the constants at the top, all other changes were automated.

Change-Id: I0fafce9a776c7b0b9179be1c858709cabf60e80f
Reviewed-on: https://go-review.googlesource.com/c/go/+/621981
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto/internal/mlkem768: add EncapsulationKey type
Filippo Valsorda [Mon, 21 Oct 2024 12:30:46 +0000 (14:30 +0200)]
crypto/internal/mlkem768: add EncapsulationKey type

Change-Id: I3feacb044caa15ac9bbfc11f5d90bebf8a505510
Reviewed-on: https://go-review.googlesource.com/c/go/+/621980
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Russ Cox <rsc@golang.org>
11 months agocrypto/internal/mlkem768: remove crypto/rand.Read error checking
Filippo Valsorda [Mon, 21 Oct 2024 10:08:53 +0000 (12:08 +0200)]
crypto/internal/mlkem768: remove crypto/rand.Read error checking

After #66821 crypto/rand.Read can't return an error.

Change-Id: I185063a25ef70986448f2a300e5578de17f6e61e
Reviewed-on: https://go-review.googlesource.com/c/go/+/621979
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
11 months agocrypto/internal/mlkem768: move field implementation to its own file
Filippo Valsorda [Wed, 16 Oct 2024 12:50:22 +0000 (14:50 +0200)]
crypto/internal/mlkem768: move field implementation to its own file

Change-Id: Id2676f1fd446feda506a3f1d4fbdadffe87ecc95
Reviewed-on: https://go-review.googlesource.com/c/go/+/621978
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
11 months agocrypto/internal/mlkem768: make Decapsulate a method
Filippo Valsorda [Wed, 16 Oct 2024 12:31:44 +0000 (14:31 +0200)]
crypto/internal/mlkem768: make Decapsulate a method

This will make it easier to support multiple sizes if needed.

Change-Id: I47495559fdbbf678fd98421ad6cb28172e5c810d
Reviewed-on: https://go-review.googlesource.com/c/go/+/621977
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
11 months agocrypto/internal/mlkem768: unexport encryptionKey.A
Filippo Valsorda [Mon, 21 Oct 2024 13:29:32 +0000 (15:29 +0200)]
crypto/internal/mlkem768: unexport encryptionKey.A

Change-Id: I001e48dbb476e590cd84194f386bf5ea4cc1a1b3
Reviewed-on: https://go-review.googlesource.com/c/go/+/621976
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
11 months agocrypto/internal/mlkem768: update to final FIPS 203
Filippo Valsorda [Sat, 12 Oct 2024 18:22:44 +0000 (20:22 +0200)]
crypto/internal/mlkem768: update to final FIPS 203

Main changes are the domain separator in KeyGen, dropping support for
the extended decapsulation key encoding in favor of seeds (see
https://words.filippo.io/ml-kem-seeds/), and documentation changes.

Change-Id: I8773034929094b3242aa39ac6e9d007c2bc94e63
Reviewed-on: https://go-review.googlesource.com/c/go/+/621975
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agoencoding/json: check exact structure of local error types in tests
Joe Tsai [Tue, 19 Nov 2024 01:34:06 +0000 (17:34 -0800)]
encoding/json: check exact structure of local error types in tests

During the development of error wrapping (#29934),
the tests were modified to stop using reflect.DeepEqual
since the prototype for error wrapping at the time included
frame information of where the error was created.

However, that change diminished the fidelity of the test
so that it is no longer as strict, which affects the endeavor
to implement v1 in terms of the v2 prototype.

For locally declared error types, use reflect.DeepEqual
to check that the exact structure of the error value matches.

Change-Id: I443d418533866ab8d533bca3785fdc741e2c140e
Reviewed-on: https://go-review.googlesource.com/c/go/+/629517
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocmd/dist: add GOFIPS140 setting
Russ Cox [Thu, 14 Nov 2024 07:31:46 +0000 (02:31 -0500)]
cmd/dist: add GOFIPS140 setting

GOFIPS140 will be used to control whether to build binaries that
run in FIPS-140 mode by default, as well as which version of
crypto/internal/fips is used during a given build.
It is a target configuration variable analogous to
GOOS, GOARCH, CGO_ENABLED, and the like, so the
default value is recorded in the toolchain during make.bash.

This CL adds the GOFIPS140 setting to the build process
and records the default for use by cmd/go.

For #70200.

Change-Id: Iafcb5a4207f00fae8bcd93e0184a63c72526abea
Reviewed-on: https://go-review.googlesource.com/c/go/+/629196
Reviewed-by: Michael Matloob <matloob@golang.org>
Auto-Submit: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocmd/go/internal/fsys: add Bind to add bind mounts
Russ Cox [Sun, 17 Nov 2024 00:40:42 +0000 (19:40 -0500)]
cmd/go/internal/fsys: add Bind to add bind mounts

fsys.Bind(repl, dir) makes the virtual file system
redirect any references to dir to use repl instead.
In Plan 9 terms, it binds repl onto dir.
In Linux terms, it does a mount --bind of repl onto dir.
Or think of it as being like a symlink dir -> repl being
added to the virtual file system.

This is a separate layer from the overlay so that editors
working in the replacement directory can still apply
their own replacements within that tree, and also so
that editors working in the original dir do not have any
effect at all.

(If the binds and the overlay were in the same sorted list,
we'd have problems with keeping the relative priorities
of individual entries correct.)

Change-Id: Ibc88021cc95a3b8574efd5f37772ccb723aa8f7b
Reviewed-on: https://go-review.googlesource.com/c/go/+/628702
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Michael Matloob <matloob@golang.org>
11 months agocrypto/internal/fips/aes/gcm: fix PPC64 gcm debug option logic
Paul E. Murphy [Tue, 19 Nov 2024 17:28:49 +0000 (11:28 -0600)]
crypto/internal/fips/aes/gcm: fix PPC64 gcm debug option logic

AES-GCM is always supported, unless the debug option explicitly
turns it off.

Change-Id: Iac17fd8429307d48daa601249a2505bcd1b1f892
Reviewed-on: https://go-review.googlesource.com/c/go/+/629695
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Archana Ravindar <aravinda@redhat.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
11 months agocrypto/internal/fips/aes: add CAST
Filippo Valsorda [Fri, 8 Nov 2024 12:43:07 +0000 (13:43 +0100)]
crypto/internal/fips/aes: add CAST

For #69536

Change-Id: I6ecbe8b05f9f01afe2aa32c59fc56c9e1c6ea6b4
Reviewed-on: https://go-review.googlesource.com/c/go/+/626437
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocmd/internal/obj/arm64: recognize FIPS static temps as unaligned
Russ Cox [Sun, 17 Nov 2024 16:51:52 +0000 (11:51 -0500)]
cmd/internal/obj/arm64: recognize FIPS static temps as unaligned

Code like x := [12]byte{1,2,3,4,5,6,7,8,9,10,11,12} stores x in
a pair of registers and uses MOVD/MOVWU to load the values
from RODATA. The code generator needs to understand not
to use the aligned PC-relative relocation for that sequence.

In non-FIPS modes, more statictemp optimizations can be applied
and this problematic sequence doesn't happen.

Fix the decision about whether to assume alignment to match
the code used by the linker when deciding what to align.

Fixes the linker failure in CL 626437 patch set 5.

Change-Id: Iedad862c6faee758d4a2c5120cab2d329265b134
Reviewed-on: https://go-review.googlesource.com/c/go/+/628835
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Bypass: Russ Cox <rsc@golang.org>

11 months agocrypto/md5,crypto/sha512: fix AppendBinary -> BinaryAppender docs typo
Filippo Valsorda [Sun, 10 Nov 2024 10:07:25 +0000 (11:07 +0100)]
crypto/md5,crypto/sha512: fix AppendBinary -> BinaryAppender docs typo

Change-Id: Ia2caecd0a54e1100ad523f0dc76f17babcd0ffca
Reviewed-on: https://go-review.googlesource.com/c/go/+/626878
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto/internal/fips/hkdf: correctly set the service indicator for short salts
Filippo Valsorda [Sun, 10 Nov 2024 10:02:44 +0000 (11:02 +0100)]
crypto/internal/fips/hkdf: correctly set the service indicator for short salts

For #69536

Change-Id: Ibe2623311c8be5fb3e7411b33e61bf66d026e14d
Reviewed-on: https://go-review.googlesource.com/c/go/+/626877
Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
11 months agocrypto/internal/fips/ssh: implement SSH KDF
Filippo Valsorda [Sat, 9 Nov 2024 17:25:19 +0000 (18:25 +0100)]
crypto/internal/fips/ssh: implement SSH KDF

For #69536

Change-Id: I0788469400de6a39cb22a6936a74d71066c476b1
Reviewed-on: https://go-review.googlesource.com/c/go/+/626875
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>

11 months agocrypto/internal/fips/tls12: implement TLS 1.2 KDF
Filippo Valsorda [Sat, 9 Nov 2024 16:21:42 +0000 (17:21 +0100)]
crypto/internal/fips/tls12: implement TLS 1.2 KDF

For #69536

Change-Id: If2477c5249a7c7db45c1af05e715ae0b61e7d940
Reviewed-on: https://go-review.googlesource.com/c/go/+/626837
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
11 months agocrypto/internal/fips/tls13: implement TLS 1.3 KDF
Filippo Valsorda [Sat, 9 Nov 2024 15:23:22 +0000 (16:23 +0100)]
crypto/internal/fips/tls13: implement TLS 1.3 KDF

The new implementation encodes the key schedule into the type system,
which is actually nicer than what we had before.

For #69536

Change-Id: Iddab62c2aae40bc2425a155443576bb9b7aafe03
Reviewed-on: https://go-review.googlesource.com/c/go/+/626836
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Commit-Queue: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
11 months agoRevert "os: check for valid Windows path when creating files"
George Adams [Tue, 19 Nov 2024 10:05:27 +0000 (10:05 +0000)]
Revert "os: check for valid Windows path when creating files"

This reverts commit CL 618496.

Reason for revert: https://github.com/golang/go/issues/54040#issuecomment-2485151973

Change-Id: I3bf27f7fdd475a005cb6aa190994153504e96fb5
Reviewed-on: https://go-review.googlesource.com/c/go/+/629595
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Quim Muntal <quimmuntal@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
11 months agoos/user: fix race detector failure
qmuntal [Mon, 18 Nov 2024 08:31:59 +0000 (09:31 +0100)]
os/user: fix race detector failure

The race detector doesn't like that windows.GetSid* functions return
pointers to the SID structure. This change makes these functions return
values instead and mark them with nocheckptr.

Fixes #70378

Cq-Include-Trybots: luci.golang.try:gotip-windows-amd64-race
Change-Id: Iba39d75bb31679d25a5ee43b51e4abb0c435dbac
Reviewed-on: https://go-review.googlesource.com/c/go/+/628995
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto/internal/hpke: add Recipient role
Roland Shoemaker [Sun, 11 Aug 2024 01:19:09 +0000 (18:19 -0700)]
crypto/internal/hpke: add Recipient role

Adds the Recipient role, alongside the existing Sender role. Also factor
out all of the shared underlying bits and pieces into a shared type that
is embedded in the Sender/Recipient roles.

Change-Id: I7640d8732aa0dd5cc9e38b8c26f0cfa7856170f6
Reviewed-on: https://go-review.googlesource.com/c/go/+/623575
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
11 months agocrypto/subtle: add DIT closure
Roland Shoemaker [Mon, 15 Jul 2024 17:05:37 +0000 (10:05 -0700)]
crypto/subtle: add DIT closure

Add a new function, WithDataIndependentTiming, which takes a function as
an argument, and encloses it with calls to set/unset the DIT PSTATE bit
on Arm64.

Since DIT is OS thread-local, for the duration of the execution of
WithDataIndependentTiming, we lock the goroutine to the OS thread, using
LockOSThread. For long running operations, this is likely to not be
performant, but we expect this to be tightly scoped around cryptographic
operations that have bounded execution times.

If locking to the OS thread turns out to be too slow, another option is
to add a bit to the g state indicating if a goroutine has DIT enabled,
and then have the scheduler enable/disable DIT when scheduling a g.

Additionally, we add a new GODEBUG, dataindependenttiming, which allows
setting DIT for an entire program. Running a program with
dataindependenttiming=1 enables DIT for the program during
initialization. In an ideal world PSTATE.DIT would be inherited from
the parent thread, so we'd only need to set it in the main thread and
then all subsequent threads would inherit the value. While this does
happen in the Linux kernel [0], it is not the case for darwin [1].
Rather than add complex logic to only set it on darwin for each new
thread, we just unconditionally set it in mstart1 and cgocallbackg1
regardless of the OS. DIT will already impose some overhead, and the
cost of setting the bit is only ~two instructions (CALL, MSR), so it
should be cheap enough.

Fixes #66450
Updates #49702

[0] https://github.com/torvalds/linux/blob/e8bdb3c8be08c9a3edc0a373c0aa8729355a0705/arch/arm64/kernel/process.c#L373
[1] https://github.com/apple-oss-distributions/xnu/blob/8d741a5de7ff4191bf97d57b9f54c2f6d4a15585/osfmk/arm64/status.c#L1666

Change-Id: I78eda691ff9254b0415f2b54770e5850a0179749
Reviewed-on: https://go-review.googlesource.com/c/go/+/598336
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocmd/go/internal/fsys: replace file tree with sorted list
Russ Cox [Tue, 19 Nov 2024 13:34:07 +0000 (08:34 -0500)]
cmd/go/internal/fsys: replace file tree with sorted list

Replace the tree of nodes with a sorted list of file replacements.
The most important property of this representation is that it
allows replacing directories: a replacement x -> y where y is
a directory could not be implemented before, because it would
require making a node for every file in the tree rooted at y,
or else it would require unsuccessful lookups for files like
x/a/b/c/d/e/f/g/h/i/j/k to try every possible parent in order
to discover the x -> y mapping.

The sorted list makes it easy to find the x -> y mapping:
when you do the binary search for x/a/b/c/d/e/f/g/h/i/j/k,
you end up immediately after the x -> y mapping, so stepping
backward one entry provides the mapping we need, if it exists.

This CL does not allow overlay files to include directories,
but now it is possible. This is at least useful for other kinds
of experiments (like FIPS).

Change-Id: Ief0afaee82e644dab8ae4eafeec20440afee2e36
Reviewed-on: https://go-review.googlesource.com/c/go/+/628701
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
11 months agocrypto/internal/fips/hkdf: new package
Filippo Valsorda [Sun, 20 Oct 2024 15:29:58 +0000 (17:29 +0200)]
crypto/internal/fips/hkdf: new package

Tests imported from x/crypto, but the actual implementation was simpler
to implement ex-novo with a #61477-like API.

Updates #61477
For #69536

Change-Id: I5a9e8a71d8abd5b2aa6b74e73bf7f631ed0115cd
Reviewed-on: https://go-review.googlesource.com/c/go/+/621275
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Russ Cox <rsc@golang.org>
11 months agocrypto/cipher: add NewGCMWithRandomNonce
Filippo Valsorda [Mon, 18 Nov 2024 15:19:12 +0000 (16:19 +0100)]
crypto/cipher: add NewGCMWithRandomNonce

Fixes #69981

Change-Id: I0cad11f5d7673304c5a6d85fc598ddc27ab93738
Reviewed-on: https://go-review.googlesource.com/c/go/+/629175
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
11 months agocrypto/internal/fips/aes/gcm: add GCMForSSH
Filippo Valsorda [Mon, 18 Nov 2024 14:07:37 +0000 (15:07 +0100)]
crypto/internal/fips/aes/gcm: add GCMForSSH

For #69536

Change-Id: Ia368f515893a95e176149e23239a8e253fc5272f
Reviewed-on: https://go-review.googlesource.com/c/go/+/629095
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
11 months agocrypto: check all cpu.X86 flags for features used in assembly
Filippo Valsorda [Sat, 9 Nov 2024 18:16:13 +0000 (19:16 +0100)]
crypto: check all cpu.X86 flags for features used in assembly

These are most likely redundant, but cmd/compile/internal/amd64's
TestGoAMD64v1 turns them off when clobbering those instructions, so we
need to know to skip the assembly in those cases.

Thankfully we have Avo now that adds a helpful comment with the list of
features used by each generated function!

Also improve the error output of TestGoAMD64v1. It had broken before in
#49402 and had required the exact same patch.

Change-Id: I7fab8f36042cdff630f806723aa1d8124c294f60
Reviewed-on: https://go-review.googlesource.com/c/go/+/626876
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Keith Randall <khr@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto/internal/fips/aes: add service indicators
Filippo Valsorda [Sat, 9 Nov 2024 10:09:19 +0000 (11:09 +0100)]
crypto/internal/fips/aes: add service indicators

For #69536

Change-Id: I485c165b1d9fcd7b09ff151bbeebc57d8908bcb8
Reviewed-on: https://go-review.googlesource.com/c/go/+/626835
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
11 months agocmd/go/internal/fsys: refactor overlay consistency checks
Russ Cox [Sat, 16 Nov 2024 21:49:00 +0000 (16:49 -0500)]
cmd/go/internal/fsys: refactor overlay consistency checks

Do the overlay consistency checks separate from constructing
the overlay data structure. This makes sure that the data structure
can be changed without worrying about losing the checks.

Change-Id: I9ff50cc366b5362adc5570f94e6caf646ddf5046
Reviewed-on: https://go-review.googlesource.com/c/go/+/628700
Auto-Submit: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
11 months agocmd/go/internal/fsys: refactor vfs lookup
Russ Cox [Fri, 15 Nov 2024 19:42:27 +0000 (14:42 -0500)]
cmd/go/internal/fsys: refactor vfs lookup

Refactor vfs lookup into 'func stat', which knows the internal
data structures for the vfs and returns information about a
given path. The callers can then all use stat and avoid direct
knowledge of the internal data structures.

This is setting up for a different internal data structure.

Change-Id: I496b7b3fb686cdde81b14687f65eb0bf51ec62be
Reviewed-on: https://go-review.googlesource.com/c/go/+/628699
Auto-Submit: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Matloob <matloob@golang.org>
11 months agocmd/go/internal/fsys: convert to proper ReadDir
Russ Cox [Fri, 15 Nov 2024 18:49:28 +0000 (13:49 -0500)]
cmd/go/internal/fsys: convert to proper ReadDir

Many releases ago we migrated
from ioutil.ReadDir, which returned []os.FileInfo,
to os.ReadDir, which returns []fs.DirEntry.
The latter is faster, but the former is expected by go/build.Context.

Convert fsys to use the new ReadDir signature.
This should make the go command faster when scanning
source trees, and it brings cmd/go up to date with the rest
of the tree.

Similarly, convert Walk to WalkDir.

Change-Id: I767a8548d7ca7cc3c05f2ff073d18070a4e8a0da
Reviewed-on: https://go-review.googlesource.com/c/go/+/628698
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Michael Matloob <matloob@golang.org>
TryBot-Bypass: Russ Cox <rsc@golang.org>
Reviewed-by: Sam Thanawalla <samthanawalla@google.com>
11 months agocmd/go/internal/fsys: minor cleanup
Russ Cox [Fri, 15 Nov 2024 17:54:37 +0000 (12:54 -0500)]
cmd/go/internal/fsys: minor cleanup

Rename canonicalize to abs.
Rename IsDirWithGoFiles to IsGoDir.
Remove Init argument.
Split OverlayPath into Actual and Renamed.
Clean up doc comments.
Other minor cleanups.

Preparation for larger changes.

Change-Id: Ida022588149a1618a63acc91e3800b09df873b6e
Reviewed-on: https://go-review.googlesource.com/c/go/+/628697
TryBot-Bypass: Russ Cox <rsc@golang.org>
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Michael Matloob <matloob@golang.org>
11 months agocmd/go/internal/fsys: move glob, walk code into new files
Russ Cox [Fri, 15 Nov 2024 17:52:10 +0000 (12:52 -0500)]
cmd/go/internal/fsys: move glob, walk code into new files

The Glob and Walk code does not depend on any of the fsys internals;
it simply uses ReadDir as an opaque abstraction.
Move it to separate files so that when working on the
actual overlay abstraction, it is out of sight, out of mind.

Change-Id: Ifa98feaaaafe5c1d8d8edce82de4fd0c78f599c4
Reviewed-on: https://go-review.googlesource.com/c/go/+/628696
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Sam Thanawalla <samthanawalla@google.com>
TryBot-Bypass: Russ Cox <rsc@golang.org>
Reviewed-by: Michael Matloob <matloob@golang.org>
11 months agodoc/godebug: document that unrecognized GODEBUG entries are ignored
Ian Lance Taylor [Tue, 19 Nov 2024 03:27:22 +0000 (19:27 -0800)]
doc/godebug: document that unrecognized GODEBUG entries are ignored

Change-Id: I6debc82913ae9fa02bee55dc87d35574f5265008
Reviewed-on: https://go-review.googlesource.com/c/go/+/629576
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Commit-Queue: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>

11 months agodoc/godebug: fix tipo
Ian Lance Taylor [Tue, 19 Nov 2024 03:26:38 +0000 (19:26 -0800)]
doc/godebug: fix tipo

Change-Id: Ib67d81d8e3aa33c6a506813194cc5710b3d5cdd0
Reviewed-on: https://go-review.googlesource.com/c/go/+/629575
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>

11 months agomime: disable TestLookupMallocs with ASAN
Michael Anthony Knyszek [Mon, 18 Nov 2024 22:16:57 +0000 (22:16 +0000)]
mime: disable TestLookupMallocs with ASAN

With the synchashtriemap GOEXPERIMENT, this allocates now, but just
under ASAN. That's OK, just skip the test under ASAN.

Fixes #70428.

Change-Id: I1ab4f7c06505c84309946358643715085f0db506
Reviewed-on: https://go-review.googlesource.com/c/go/+/629456
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>

11 months agocmd/go: re-enable build JSON from go test -json, now with GODEBUG
Austin Clements [Mon, 18 Nov 2024 19:56:43 +0000 (14:56 -0500)]
cmd/go: re-enable build JSON from go test -json, now with GODEBUG

This re-enables the behavior of CL 536399 (by effectively reverting CL
628955), so now go test -json again includes build output and failures
as JSON rather than text.

However, since this behavior is clearly enough to trip up some build
systems, this CL includes a GODEBUG=gotestjsonbuildtext that can be
set to 1 to revert to the old behavior.

Fixes #70402.
Updates #62067.

Cq-Include-Trybots: luci.golang.try:gotip-darwin-arm64_13,gotip-linux-amd64-longtest,gotip-windows-amd64-longtest
Change-Id: I84e778cd844783dacfc83433e391b5ccb5925127
Reviewed-on: https://go-review.googlesource.com/c/go/+/629335
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Austin Clements <austin@google.com>

11 months agocmd/compiler,internal/runtime/atomic: optimize Cas{64,32} on loong64
Guoqi Chen [Fri, 20 Sep 2024 03:06:18 +0000 (11:06 +0800)]
cmd/compiler,internal/runtime/atomic: optimize Cas{64,32} on loong64

In Loongson's new microstructure LA664 (Loongson-3A6000) and later, the atomic
compare-and-exchange instruction AMCAS[DB]{B,W,H,V} [1] is supported. Therefore,
the implementation of the atomic operation compare-and-swap can be selected according
to the CPUCFG flag LAMCAS: AMCASDB(full barrier) instruction is used on new
microstructures, and traditional LL-SC is used on LA464 (Loongson-3A5000) and older
microstructures. This can significantly improve the performance of Go programs on
new microstructures.

goos: linux
goarch: loong64
pkg: internal/runtime/atomic
cpu: Loongson-3A6000 @ 2500.00MHz
         |  bench.old   |  bench.new                           |
         |   sec/op     |   sec/op       vs base               |
Cas        46.84n ±  0%   22.82n ±  0%  -51.28% (p=0.000 n=20)
Cas-2      47.58n ±  0%   29.57n ±  0%  -37.85% (p=0.000 n=20)
Cas-4      43.27n ± 20%   25.31n ± 13%  -41.50% (p=0.000 n=20)
Cas64      46.85n ±  0%   22.82n ±  0%  -51.29% (p=0.000 n=20)
Cas64-2    47.43n ±  0%   29.53n ±  0%  -37.74% (p=0.002 n=20)
Cas64-4    43.18n ±  0%   25.28n ±  2%  -41.46% (p=0.000 n=20)
geomean    45.82n         25.74n        -43.82%

goos: linux
goarch: loong64
pkg: internal/runtime/atomic
cpu: Loongson-3A5000 @ 2500.00MHz
         |  bench.old  |  bench.new                         |
         |   sec/op    |   sec/op      vs base              |
Cas        50.05n ± 0%   51.26n ± 0%  +2.42% (p=0.000 n=20)
Cas-2      52.80n ± 0%   53.11n ± 0%  +0.59% (p=0.000 n=20)
Cas-4      55.97n ± 0%   57.31n ± 0%  +2.39% (p=0.000 n=20)
Cas64      50.05n ± 0%   51.26n ± 0%  +2.42% (p=0.000 n=20)
Cas64-2    52.68n ± 0%   53.11n ± 0%  +0.82% (p=0.000 n=20)
Cas64-4    55.96n ± 0%   57.26n ± 0%  +2.33% (p=0.000 n=20)
geomean    52.86n        53.83n       +1.82%

[1]: https://loongson.github.io/LoongArch-Documentation/LoongArch-ELF-ABI-EN.html

Change-Id: I9b777c63c124fb492f61c903f77061fa2b4e5322
Reviewed-on: https://go-review.googlesource.com/c/go/+/613396
Reviewed-by: Meidan Li <limeidan@loongson.cn>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Qiqi Huang <huangqiqi@loongson.cn>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocmd/go: disable fuzz instrumentation for internal/godebug
Michael Anthony Knyszek [Mon, 18 Nov 2024 22:23:43 +0000 (22:23 +0000)]
cmd/go: disable fuzz instrumentation for internal/godebug

This is thought to be the cause of certain recent longtest failures.
Let's try it out.

This appears to fix the longtests fuzz failures. I suspect that the
sync.Map in internal/godebug is at fault with the implementation
changing. I'm not sure yet exactly why this is a problem, maybe inlining
that didn't happen before? I don't know exactly when coverage
instrumentation happens in the compiler, but this is definitely the
problem.

For good measure, let's add internal/sync. If sync is on the list,
internal/sync should be, too.

Fixes #70429.
Fixes #70430.
Fixes #70431.

Change-Id: Ic9f49daa0956e3a50192bcc7778983682b5d12b8
Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest
Reviewed-on: https://go-review.googlesource.com/c/go/+/629475
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto/internal/fips/aes/gcm: add GCMForTLS12 and GCMForTLS13
Filippo Valsorda [Fri, 8 Nov 2024 18:56:50 +0000 (19:56 +0100)]
crypto/internal/fips/aes/gcm: add GCMForTLS12 and GCMForTLS13

For #69536

Change-Id: I2d7b6e7b9932d0f0f582a5ab0bb871395dc2a1e8
Reviewed-on: https://go-review.googlesource.com/c/go/+/626675
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>

11 months agocrypto/internal/fips/aes/gcm: add SealWithRandomNonce
Filippo Valsorda [Sun, 3 Nov 2024 21:30:43 +0000 (22:30 +0100)]
crypto/internal/fips/aes/gcm: add SealWithRandomNonce

We don't expose it as an AEAD yet because the logic for that is complex
due to overlap issues. For #69981 we will make a cipher.AEAD wrapper
outside the FIPS module, but maybe a v2 interface will make it easier,
and then we'll be able to use this method more directly.

Updates #69981
For #69536

Change-Id: Id88191c01443b0dec89ff0d6c4a6289f519369d1
Reviewed-on: https://go-review.googlesource.com/c/go/+/624916
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
11 months agocrypto/internal/fips/aes/gcm: add CounterKDF
Filippo Valsorda [Thu, 7 Nov 2024 12:32:13 +0000 (13:32 +0100)]
crypto/internal/fips/aes/gcm: add CounterKDF

Change-Id: I236f9d8c4637793c1bda39f69573481356f8e362
Reviewed-on: https://go-review.googlesource.com/c/go/+/626436
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
11 months agocrypto/internal/fips/aes/gcm: add CMAC
Filippo Valsorda [Wed, 6 Nov 2024 13:03:58 +0000 (14:03 +0100)]
crypto/internal/fips/aes/gcm: add CMAC

Change-Id: I5602dbf485c5c8a221e71c79961588e33f90452d
Reviewed-on: https://go-review.googlesource.com/c/go/+/626435
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
11 months agocrypto/aes,crypto/cipher: test all available implementations
Filippo Valsorda [Sun, 3 Nov 2024 12:10:33 +0000 (13:10 +0100)]
crypto/aes,crypto/cipher: test all available implementations

TestEmptyPlaintext and TestCryptBlocks were folded into cryptotest.

Change-Id: I6131ab8582eb0e6d3a1b24bab1147a145d9766ac
Reviewed-on: https://go-review.googlesource.com/c/go/+/624738
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto/internal/fips/aes: move GCM to its own package
Filippo Valsorda [Sun, 3 Nov 2024 09:03:21 +0000 (10:03 +0100)]
crypto/internal/fips/aes: move GCM to its own package

For #69536

Change-Id: Idcef2411c1fd4da302412609f28e438839e8aa4b
Reviewed-on: https://go-review.googlesource.com/c/go/+/624736
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>

11 months agocrypto/internal/cryptotest: add SkipTestAllocations
Filippo Valsorda [Fri, 8 Nov 2024 13:41:06 +0000 (14:41 +0100)]
crypto/internal/cryptotest: add SkipTestAllocations

[                                                                     ]
[    It has been [ 0 ] days since Filippo broke a TestAllocations.    ]
[                                                                     ]

Concentrate all the skips in one place, so we don't have to re-discover
always the same ones via trial and error.

This might over-skip fixable allocations, but all these targets are not
fast anyway, so they are not worth going back for.

Removed the sysrand TestAllocations because it causes an import loop
with cryptotest and it's covered by TestAllocations in crypto/rand.

Change-Id: Icd40e97f9128e037f567147f8c9dafa758a47fac
Reviewed-on: https://go-review.googlesource.com/c/go/+/626438
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>

11 months agocrypto/internal/fips/drbg: add CAST and service indicator
Filippo Valsorda [Tue, 5 Nov 2024 13:07:21 +0000 (14:07 +0100)]
crypto/internal/fips/drbg: add CAST and service indicator

For #69536

Change-Id: If216a7537013bd9bbe90026ffe983a6bf50029c8
Reviewed-on: https://go-review.googlesource.com/c/go/+/625435
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agocrypto/internal/fips/drbg: implement FIPS-mode randomness generation
Filippo Valsorda [Mon, 4 Nov 2024 14:33:00 +0000 (15:33 +0100)]
crypto/internal/fips/drbg: implement FIPS-mode randomness generation

For #69536

Change-Id: I5bc83360fcd9114cc76314c3570977e9811fd1c6
Reviewed-on: https://go-review.googlesource.com/c/go/+/624978
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
11 months agocrypto/internal/fips/drbg: implement CTR_DRBG
Filippo Valsorda [Mon, 4 Nov 2024 13:02:58 +0000 (14:02 +0100)]
crypto/internal/fips/drbg: implement CTR_DRBG

For #69536

Change-Id: I016bb723841acbda50f013db46f9d2dda200e1fd
Reviewed-on: https://go-review.googlesource.com/c/go/+/624977
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>

11 months agocrypto/rand: move OS interaction to crypto/internal/sysrand
Filippo Valsorda [Mon, 4 Nov 2024 11:56:04 +0000 (12:56 +0100)]
crypto/rand: move OS interaction to crypto/internal/sysrand

We're going to use that package as the passive entropy source for the
FIPS module, and we need to import it from a package that will be
imported by crypto/rand.

Since there is no overridable Reader now, introduced a mechanism to test
the otherwise impossible failure of the OS entropy source.

For #69536

Change-Id: I558687ed1ec896dba05b99b937970bb809de3fe7
Reviewed-on: https://go-review.googlesource.com/c/go/+/624976
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
11 months agocrypto/rand: replace crypto/aes with internal/chacha8rand for plan9
Filippo Valsorda [Mon, 4 Nov 2024 12:05:46 +0000 (13:05 +0100)]
crypto/rand: replace crypto/aes with internal/chacha8rand for plan9

We will need to import this functionality from the FIPS module, and we
can't import AES from there. Plan 9 is not going to be FIPS validated
anyway, so we can use non-approved cryptography.

For #69536

Change-Id: I7921ec0829b576de2e80f3a7d0a9a776ff387684
Reviewed-on: https://go-review.googlesource.com/c/go/+/624975
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
11 months agocrypto/aes: move to crypto/internal/fips/aes
Filippo Valsorda [Fri, 1 Nov 2024 10:46:34 +0000 (11:46 +0100)]
crypto/aes: move to crypto/internal/fips/aes

The crypto/aes <-> crypto/cipher interfaces and the hardware support
upgrades were layered over the years, and had grown unwieldily.

Before: conditionally wrap the private crypto/aes type in private types
that implement an interface that's interface-upgraded by crypto/cipher
to replace the generic implementation in crypto/cipher.

crypto/aes depended on crypto/cipher, which is backwards.

After: provide concrete exported implementations of modes in
crypto/internal/fips/aes that crypto/cipher returns if the input Block
is the crypto/internal/fips/aes concrete implementation.

crypto/aes and crypto/cipher both depend on crypto/internal/fips/aes.

Also, made everything follow go.dev/wiki/TargetSpecific by only putting
the minimal code necessary and no exported functions in build-tagged
files.

The GCM integration still uses an interface upgrade, because the generic
implementation is complex enough that it was not trivial to duplicate.
This will be fixed in a future CL to make review easier.

For #69536

Change-Id: I21c2b93a498edb31c562b1aca824e21e8457fdff
Reviewed-on: https://go-review.googlesource.com/c/go/+/624395
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>

11 months agocrypto/aes: speedup CTR mode on AMD64 and ARM64
Boris Nagaev [Thu, 8 Feb 2024 01:27:16 +0000 (01:27 +0000)]
crypto/aes: speedup CTR mode on AMD64 and ARM64

The implementation runs up to 8 AES instructions in different registers
one after another in ASM code. Because CPU has instruction pipelining
and the instructions do not depend on each other, they can run in
parallel with this layout of code. This results in significant speedup
compared to the regular implementation in which blocks are processed in
the same registers so AES instructions do not run in parallel.

GCM mode already utilizes the approach.

The ASM implementation of ctrAble has most of its code in XORKeyStreamAt
method which has an additional argument, offset. It allows to use it
in a stateless way and to jump to any location in the stream. The method
does not exist in pure Go and boringcrypto implementations.

[ Mailed as CL 413594, then edited by filippo@ to manage the counter
with bits.Add64, remove bounds checks, make the assembly interface more
explicit, and to port the amd64 to Avo. Squeezed another -6.38% out. ]

goos: linux
goarch: amd64
pkg: crypto/cipher
cpu: AMD Ryzen 7 PRO 8700GE w/ Radeon 780M Graphics
            │  19df80d792  │             c8b0409d40              │
            │    sec/op    │   sec/op     vs base                │
AESCTR/50-8    64.68n ± 0%   26.89n ± 0%  -58.42% (p=0.000 n=10)
AESCTR/1K-8   1145.0n ± 0%   135.8n ± 0%  -88.14% (p=0.000 n=10)
AESCTR/8K-8   9145.0n ± 0%   917.5n ± 0%  -89.97% (p=0.000 n=10)
geomean        878.2n        149.6n       -82.96%

            │  19df80d792  │               c8b0409d40               │
            │     B/s      │      B/s       vs base                 │
AESCTR/50-8   737.2Mi ± 0%   1773.3Mi ± 0%  +140.54% (p=0.000 n=10)
AESCTR/1K-8   848.5Mi ± 0%   7156.6Mi ± 0%  +743.40% (p=0.000 n=10)
AESCTR/8K-8   853.8Mi ± 0%   8509.9Mi ± 0%  +896.70% (p=0.000 n=10)
geomean       811.4Mi         4.651Gi       +486.94%

Fixes #20967
Updates #39365
Updates #26673

Co-authored-by: Filippo Valsorda <filippo@golang.org>
Change-Id: Iaeea29fb93a56456f2e54507bc25196edb31b84b
Reviewed-on: https://go-review.googlesource.com/c/go/+/621958
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
11 months agocmd/compile: strongly favor closure inlining
David Chase [Fri, 15 Nov 2024 22:08:34 +0000 (17:08 -0500)]
cmd/compile: strongly favor closure inlining

This tweaks the inlining cost knob for closures
specifically, they receive a doubled budget.  The
rationale for this is that closures have a lot of
"crud" in their IR that will disappear after inlining,
so the standard budget penalizes them unnecessarily.

This is also the cause of these bugs -- looking at the
code involved, these closures "should" be inlineable,
therefore tweak the parameters until behavior matches
expectations.  It's not costly in binary size, because
the only-called-from-one-site case is common (especially
for rangefunc iterators).

I can imagine better fixes and I am going to try to
get that done, but this one is small and makes things
better.

Fixes #69411, #69539.

Change-Id: I8a892c40323173a723799e0ddad69dcc2724a8f9
Reviewed-on: https://go-review.googlesource.com/c/go/+/629195
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
Reviewed-by: Robert Griesemer <gri@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

11 months agoos: correctly handle errno==0 in (*Process).blockUntilWaitable
Damien Neil [Mon, 18 Nov 2024 22:39:20 +0000 (14:39 -0800)]
os: correctly handle errno==0 in (*Process).blockUntilWaitable

CL 627478 inadvertently returns a non-nil error
containing a syscall.Errno(0).

Change-Id: I1d6a9d0575d3ed651ddc02f30505437d0d266bb3
Reviewed-on: https://go-review.googlesource.com/c/go/+/629515
Auto-Submit: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Commit-Queue: Ian Lance Taylor <iant@google.com>