Filippo Valsorda [Wed, 29 Jan 2025 02:18:01 +0000 (03:18 +0100)]
cmd/link/internal/loader: fix linknames from FIPS 140 frozen tree
blockedLinknames was updated in CL 635676 after the lib/fips140 zip
mechanism was last tested. linknames from crypto/internal/fips140/v1.0.0
need to be allowed if they'd be allowed from crypto/internal/fips140.
Change-Id: I6a6a4656022118d4739ae14831f2ad721951c192
Reviewed-on: https://go-review.googlesource.com/c/go/+/645195 Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
Michael Pratt [Mon, 27 Jan 2025 22:05:22 +0000 (14:05 -0800)]
Revert "os: employ sendfile(2) for file-to-file copying on Linux when needed"
This reverts CL 603295.
Reason for revert: can cause child exit_group to hang.
This is not a clean revert. CL 603098 did a major refactoring of the
tests. That refactor is kept, just the sendfile-specific tests are
dropped from the linux tests.
Fixes #71375.
Change-Id: Ic4d6535759667c69a44bd9281bbb33d5b559f591
Reviewed-on: https://go-review.googlesource.com/c/go/+/644895
Auto-Submit: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Andy Pan <panjf2000@gmail.com>
Ian Lance Taylor [Thu, 23 Jan 2025 23:50:32 +0000 (15:50 -0800)]
crypto/hkdf: check error in TestFIPSServiceIndicator
I don't know why this code calls panic(err) rather than
t.Fatal(err), but I didn't change it.
Change-Id: I9aa7503c604bd8d4f27cc295e2ec742446906df9
Reviewed-on: https://go-review.googlesource.com/c/go/+/643995 Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Filippo Valsorda <filippo@golang.org>
Filippo Valsorda [Thu, 9 Jan 2025 23:06:43 +0000 (00:06 +0100)]
crypto/internal/sysrand: skip TestNoGetrandom without cgo
crypto/internal/sysrand/internal/seccomp needs cgo to disable getrandom.
Before this change, "CGO_ENABLED=0 go test crypto/internal/sysrand"
would fail on Linux.
Change-Id: I6a6a465685b480c846e5479da0659e90ab7f3a65
Reviewed-on: https://go-review.googlesource.com/c/go/+/642737 Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>
Than McIntosh [Tue, 12 Nov 2024 17:32:39 +0000 (12:32 -0500)]
internal/coverage: fix bug in text-format coverage output with multiple packages
In ProcessCoverTestDir pass the selected set of packages to
EmitTextual in addition to EmitPercent, so that when we have runs with
multiple packages selected but without -coverpkg, text format output
for package P was incorrectly including output for P's covered
dependencies. This is in effect an extension of the fix for issue
65570.
Includes a cmd/go script test to verify correct behavior; ideally it
would be nice to locate this test in .../internal/coverage somewhere
but at the moment script tests are only supported for
cmd/{go,compile,link}.
Updates #65570.
Fixes #70244.
Change-Id: Ia0bb10155353aa0f2ead46e81a2aaa71bde4ef82
Reviewed-on: https://go-review.googlesource.com/c/go/+/627316 Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Than McIntosh <thanm@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Ian Lance Taylor [Fri, 24 Jan 2025 01:37:29 +0000 (17:37 -0800)]
internal/godebug: check error from os.ReadFile in test
Change-Id: I4770443c8eaa12add2e04cbf9d18ebfbbd851162
Reviewed-on: https://go-review.googlesource.com/c/go/+/643259 Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Commit-Queue: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Michael Pratt [Fri, 24 Jan 2025 21:29:13 +0000 (16:29 -0500)]
runtime: mapiter linkname compatibility layer
This CL reintroduces the various mapiter* linkname functions with a
compatibility layer that is careful to maintain compatibility with users
of the linkname.
The wrappers are straightforward. Callers of these APIs get an extra
layer of indirection, with their hiter containing a pointer to the real
maps.Iter. These users will take a minor performance hit from the extra
allocation, but this approach should have good long-term
maintainability.
Fixes #71408.
Change-Id: I6a6a636c7574bbd670ff5243dfeb63dfba6dc611
Reviewed-on: https://go-review.googlesource.com/c/go/+/643899
Auto-Submit: Michael Pratt <mpratt@google.com> Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Keith Randall <khr@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Michael Pratt [Fri, 24 Jan 2025 18:34:26 +0000 (13:34 -0500)]
runtime: rename mapiterinit and mapiternext
mapiterinit allows external linkname. These users must allocate their
own iter struct for initialization by mapiterinit. Since the type is
unexported, they also must define the struct themselves. As a result,
they of course define the struct matching the old hiter definition (in
map_noswiss.go).
The old definition is smaller on 32-bit platforms. On those platforms,
mapiternext will clobber memory outside of the caller's allocation.
On all platforms, the pointer layout between the old hiter and new
maps.Iter does not match. Thus the GC may miss pointers and free
reachable objects early, or it may see non-pointers that look like heap
pointers and throw due to invalid references to free objects.
To avoid these issues, we must keep mapiterinit and mapiternext with the
old hiter definition. The most straightforward way to do this is to use
mapiterinit and mapiternext as a compatibility layer between the old and
new iter types.
The first step to that is to move normal map use off of these functions,
which is what this CL does.
Introduce new mapIterStart and mapIterNext functions that replace the
former functions everywhere in the toolchain. These have the same
behavior as the old functions.
This CL temporarily makes the old functions throw to ensure we don't
have hidden dependencies on them. We cannot remove them entirely because
GOEXPERIMENT=noswissmap still uses the old names, and internal/goobj
requires all builtins to exist regardless of GOEXPERIMENT. The next CL
will introduce the compatibility layer.
I want to avoid using linkname between runtime and reflect, as that
would also allow external linknames. So mapIterStart and mapIterNext are
duplicated in reflect, which can be done trivially, as it imports
internal/runtime/maps.
For #71408.
Change-Id: I6a6a636c6d4bd1392618c67ca648d3f061afe669
Reviewed-on: https://go-review.googlesource.com/c/go/+/643898
Auto-Submit: Michael Pratt <mpratt@google.com> Reviewed-by: Keith Randall <khr@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Keith Randall <khr@golang.org>
Ian Lance Taylor [Tue, 28 Jan 2025 04:41:55 +0000 (20:41 -0800)]
internal/goexperiment: update location of baseline experiment in comment
It moved in CL 310731.
Change-Id: I97340848b55e327d3b25949ec3850aec33448bbe
Reviewed-on: https://go-review.googlesource.com/c/go/+/644955 Reviewed-by: Carlos Amedee <carlos@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Ian Lance Taylor <iant@golang.org>
yincong [Wed, 22 Jan 2025 02:23:08 +0000 (02:23 +0000)]
archive/zip, archive/tar: writer appends slash to directory names
Fixes #71235
Change-Id: I62aebb9d421db0e4b57ad5cae25c70f47aa5f8f9
GitHub-Last-Rev: 6e0fba07dd128e20e32a3a6258edf80ee91d4690
GitHub-Pull-Request: golang/go#71239
Reviewed-on: https://go-review.googlesource.com/c/go/+/642375 Reviewed-by: Jonathan Amsterdam <jba@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Commit-Queue: Ian Lance Taylor <iant@google.com>
Ian Lance Taylor [Mon, 13 Jan 2025 18:28:19 +0000 (10:28 -0800)]
strconv: adjust comment so that gofmt doesn't mung it
Change-Id: I7fe5c6a0521d3c597eae0f3568942df1db9370b1
Reviewed-on: https://go-review.googlesource.com/c/go/+/642497
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Robert Griesemer <gri@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
Filippo Valsorda [Mon, 27 Jan 2025 13:21:43 +0000 (14:21 +0100)]
crypto/internal/fips140/rsa: avoid CAST unsetting the service indicator
Without fipsApproved set, when the CAST runs it sets the service
indicator to false for the whole span.
This is a very late Go 1.24 change, but it is necessary for the frozen
FIPS module, and doesn't impact anything else than the FIPS status
indicator value.
Change-Id: I6a6a46567818135158c3c252b5480431a190572b
Reviewed-on: https://go-review.googlesource.com/c/go/+/644636
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Filippo Valsorda [Mon, 27 Jan 2025 13:18:02 +0000 (14:18 +0100)]
crypto/internal/fips140/aes: set FIPS 140 service indicator for CTR and CBC
This is a very late Go 1.24 change, but it is necessary for the frozen
FIPS module, and doesn't impact anything else than the FIPS status
indicator value.
Change-Id: I6a6a4656f1ac94ac46d631c90a206ac8b6ddcf4c
Reviewed-on: https://go-review.googlesource.com/c/go/+/644635
Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Cherry Mui [Mon, 27 Jan 2025 17:11:36 +0000 (09:11 -0800)]
Revert "runtime: Check LSE support on ARM64 at runtime init"
This reverts CL 610195.
Reason for revert: SIGILL on macOS. See issue #71411.
Updates #69124, #60905.
Fixes #71411.
Change-Id: Ie0624e516dfb32fb13563327bcd7f557e5cba940
Reviewed-on: https://go-review.googlesource.com/c/go/+/644695
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Mauri de Souza Meneguzzo <mauri870@gmail.com>
Carlos Amedee [Fri, 3 Jan 2025 21:53:32 +0000 (16:53 -0500)]
os: force a goroutine to be scheduled on WASM
The TestRootConcurrentClose test can fail when GOARCH=WASM because of
goroutine starvation. The spawned goroutine will sometimes run in a
loop and never have the main goroutine be scheduled. This causes the
test to fail due to a timeout. This change forces the goroutine to be
scheduled with each iteration of the loop when GOARCH=WASM.
For #71134
Fixes #71117
Change-Id: I4fb68907c9ac3b33bd0572d5e5db2974a3379191
Reviewed-on: https://go-review.googlesource.com/c/go/+/640195 Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Carlos Amedee <carlos@golang.org>
Pull in x/net CL 642606 and CL 643256 and regenerate h2_bundle.go:
http2: disable extended CONNECT by default
http2: encode :protocol pseudo-header before regular headers
For #36905.
Fixes #70728.
Fixes #71128.
[git-generate]
go install golang.org/x/build/cmd/updatestd@latest
go install golang.org/x/tools/cmd/bundle@latest
updatestd -goroot=$(pwd) -branch=internal-branch.go1.24-vendor
Change-Id: Id853cb96f8fc410956666f5c3ab4c5889c703503
Reviewed-on: https://go-review.googlesource.com/c/go/+/642398 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Kir Kolyshkin [Tue, 21 Jan 2025 01:38:26 +0000 (17:38 -0800)]
testing: fix reference to B.N in docstring
Currently, a documentation reference to a struct member (such as [B.N])
does not result in it being rendered as a link, and thus the square
brackets remain in the rendered documentation which is mildly confusing.
The issue can be seen at
https://pkg.go.dev/testing@master#hdr-b_N_style_benchmarks
Remove the square brackets to fix.
Change-Id: Id374fd2085bd511018220c5d663650f89672302e
Reviewed-on: https://go-review.googlesource.com/c/go/+/643496 Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Alan Donovan <adonovan@google.com>
Than McIntosh [Tue, 12 Nov 2024 17:12:44 +0000 (12:12 -0500)]
internal/coverage: refactor EmitTextual in preparation for bugfix
Refactor cformat.EmitTextual to accept a package filter (list of
packages to report). This is a no-op in terms of exposed coverage
functionality, but we will need this feature in a subsequent patch.
Updates #70244.
Change-Id: I1e6bcbfb5e68187d4d69d54b667e97bc1fdfa2d4
Reviewed-on: https://go-review.googlesource.com/c/go/+/627315 Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Remove an assertion that was overly restrictive and hard to get
correct under all circumstances (i.e., in the presence of incorrect)
code. This matches the code for *Named types in that specific switch.
Fixes #71284.
Change-Id: Ifccf8b73dc70cac9cb1c8b24946d16851d511454
Reviewed-on: https://go-review.googlesource.com/c/go/+/643255 Reviewed-by: Robert Findley <rfindley@google.com>
Auto-Submit: Robert Griesemer <gri@google.com> Reviewed-by: Robert Griesemer <gri@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Cherry Mui [Thu, 16 Jan 2025 18:56:15 +0000 (13:56 -0500)]
cmd/internal/obj/wasm, runtime: detect wasmexport call before runtime initialization
If a wasmexport function is called from the host before
initializing the Go Wasm module, currently it will likely fail
with a bounds error, because the uninitialized SP is 0, and any
SP decrement will make it out of bounds.
As at least some Wasm runtime doesn't call _initialize by default,
This error can be common. And the bounds error looks confusing to
the users. Therefore, we detect this case and emit a clearer error.
Fixes #71240.
Updates #65199.
Change-Id: I107095f08c76cdceb7781ab0304218eab7029ab6
Reviewed-on: https://go-review.googlesource.com/c/go/+/643115
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Knyszek <mknyszek@google.com>
Sam Thanawalla [Wed, 8 Jan 2025 20:38:32 +0000 (20:38 +0000)]
cmd/go: restore netrc preferences for GOAUTH and fix domain lookup
Store netrc lines into the credential map backward so that earlier lines
take priority over later lines. This matches Go 1.23 netrc lookup which
stopped at the first match it found.
Additionally, this fixes a security issue related to domain parsing
which could have allowed servers to read credentials belonging to other
servers. The fix was to switch from using path.Dir(currentPrefix) to
strings.Cut(currentPrefix, "/")
Thanks to Juho Forsén of Mattermost for reporting this issue.
Fixes #71249
Fixes CVE-2024-45340
Change-Id: I175a00d6d7f4d31c9e4d79b7cf1c2a0ad35b2781
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1781 Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Commit-Queue: Roland Shoemaker <bracewell@google.com> Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/643097 Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Roland Shoemaker [Mon, 9 Dec 2024 19:31:22 +0000 (11:31 -0800)]
crypto/x509: properly check for IPv6 hosts in URIs
When checking URI constraints, use netip.ParseAddr, which understands
zones, unlike net.ParseIP which chokes on them. This prevents zone IDs
from mistakenly satisfying URI constraints.
Thanks to Juho Forsén of Mattermost for reporting this issue.
Fixes #71156
Fixes CVE-2024-45341
Change-Id: Iecac2529f3605382d257996e0fb6d6983547e400
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1700 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/643096 Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Damien Neil [Fri, 22 Nov 2024 20:34:11 +0000 (12:34 -0800)]
net/http: persist header stripping across repeated redirects
When an HTTP redirect changes the host of a request, we drop
sensitive headers such as Authorization from the redirected request.
Fix a bug where a chain of redirects could result in sensitive
headers being sent to the wrong host:
1. request to a.tld with Authorization header
2. a.tld redirects to b.tld
3. request to b.tld with no Authorization header
4. b.tld redirects to b.tld
3. request to b.tld with Authorization header restored
Thanks to Kyle Seely for reporting this issue.
For #70530
Fixes CVE-2024-45336
Change-Id: Ia58a2e10d33d6b0cc7220935e771450e5c34de72
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1641 Reviewed-by: Roland Shoemaker <bracewell@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Commit-Queue: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/643095
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Joe Tsai [Tue, 14 Jan 2025 20:43:27 +0000 (12:43 -0800)]
encoding/json: cleanup tests
Perform minor cleanups in tests to improve printout of diffs
and/or follow modern coding style.
This reduces the amount of diffs between v1 and the v2 prototype.
Change-Id: I019bb9642e2135f2fa3eac6abfa6df91c397aa82
Reviewed-on: https://go-review.googlesource.com/c/go/+/642257 Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Joseph Tsai <joetsai@digital-static.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
Russ Cox [Tue, 14 Jan 2025 04:00:14 +0000 (23:00 -0500)]
cmd/go/internal/modfetch: do not trust server to send all tags in shallow fetch
Newer git versions (at least git 2.47.1) do not send all the matching tags
for a shallow fetch of a specific hash anymore. The go command assumes
that git servers do this. Since that assumption is broken, use the local
copy of the remote refs list to augment the tags sent by the server.
This makes the cmd/go/internal/modfetch tests pass again with newer git.
Fixes #71261.
Change-Id: I9fd4f3fd7beeb68a522938599f8f3acd887d0b26
Reviewed-on: https://go-review.googlesource.com/c/go/+/642437 Reviewed-by: Michael Matloob <matloob@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Russ Cox <rsc@golang.org>
So import_ must have returned an error, making pkg nil. Show that error.
Also do the same at the other calls to import_.
Change-Id: Ie782571c4bda3334a86b303f61969cf1cc7d3c32
Reviewed-on: https://go-review.googlesource.com/c/go/+/642438
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Keith Randall [Tue, 14 Jan 2025 00:21:29 +0000 (16:21 -0800)]
internal/runtime/maps: re-enable some tests
Re-enable tests for stack-allocated maps and fast map accessors.
Those are implemented now.
Update #54766
Change-Id: I8c019702bd9fb077b2fe3f7c78e8e9e10d2263a6
Reviewed-on: https://go-review.googlesource.com/c/go/+/642376
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Keith Randall <khr@golang.org>
cuishuang [Mon, 13 Jan 2025 17:11:22 +0000 (01:11 +0800)]
testing/fstest: fix function name and comment
Change-Id: I17bc68a2e3a96d0dc3d9ddcad40149df37fc4839
Reviewed-on: https://go-review.googlesource.com/c/go/+/642198 Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
Ian Lance Taylor [Tue, 14 Jan 2025 14:58:32 +0000 (06:58 -0800)]
cmd/dist: ignore packages with no Go files in BenchmarkAll
This case recently started happening on the builders.
The synctest experiment was recently enabled for some targets (CL 642422).
This caused the list of standard packages to include testing/synctest.
However, BenchmarkAll tests for all configurations;
some did not include testing/synctest. That caused the test to crash.
Change-Id: Icade10af147c2e2bcbac25bf744919083db3e70f
Reviewed-on: https://go-review.googlesource.com/c/go/+/642397
Auto-Submit: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Russ Cox <rsc@golang.org>
Ian Lance Taylor [Mon, 13 Jan 2025 17:56:13 +0000 (09:56 -0800)]
syscall/js: adjust comments to that gofmt does not change them
Change-Id: Ic410375987c0f376d0a975e5a6284de10f08b741
Reviewed-on: https://go-review.googlesource.com/c/go/+/642495
Auto-Submit: Ian Lance Taylor <iant@golang.org> Reviewed-by: Alan Donovan <adonovan@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Robert Griesemer [Thu, 9 Jan 2025 23:01:03 +0000 (15:01 -0800)]
go/types, types2: don't panic when instantiating generic alias with wrong number of type arguments
The existing code assumed the type argument count check in
Checker.instance couldn't fail for generic alias types
(matching the code for generic signatures), but it actually
can.
Adjust the code accordingly and document that the result of
Checker.instance may be invalid.
Review all call sites of Checker.instance and make sure we
handle the failure case, or document the code accordingly
(in the case of generic signatures).
When reporting an type argument count error, use the alias
name rather than the alias string representation to match
the error we get for a non-alias type.
While at it, update the manual.go template for ease of use.
Fixes #71198.
Change-Id: I6d19ec6418440e9b49574a2d7dd9825e0af6c2fc
Reviewed-on: https://go-review.googlesource.com/c/go/+/641857 Reviewed-by: Robert Findley <rfindley@google.com> Reviewed-by: Robert Griesemer <gri@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Robert Griesemer <gri@google.com>
Oleksandr Redko [Fri, 10 Jan 2025 15:00:24 +0000 (17:00 +0200)]
spec: fix grammar issue
Change-Id: If4d3b3965762c8979d304a82493c9eb1068ee13c
Reviewed-on: https://go-review.googlesource.com/c/go/+/642037 Reviewed-by: Robert Griesemer <gri@google.com>
TryBot-Bypass: Robert Griesemer <gri@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Robert Griesemer <gri@google.com>
Joe Tsai [Sat, 11 Jan 2025 20:48:33 +0000 (12:48 -0800)]
encoding/json: add cases to TestUnmarshal for fatal syntactic errors
The presence of a syntax error in the input immediately unmarshaling
before unmarshaling into the underlying value.
Otherwise, semantic errors are generally lazily reported and
allow unmarshaling to continue on.
Change-Id: Icf1cfc684e415312d9c8bf739c396ede15299d7d
Reviewed-on: https://go-review.googlesource.com/c/go/+/642295
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Joseph Tsai <joetsai@digital-static.net> Reviewed-by: Michael Knyszek <mknyszek@google.com>
Joe Tsai [Fri, 10 Jan 2025 19:49:07 +0000 (11:49 -0800)]
encoding/json: always check resulting Go value for unmarshaling
Even if an error occurs during unmarshal, check the resulting Go value.
The documented API specifies no guarantees on how much of a Go value
will be populated when an error occurs and the "json" package
is technically not bounded by the Go compatibility agreement
to ensure this behavior never changes.
However, there is still value in running checks for
what exactly what is partially mutated in the event of an error
even if this is not guaranteed behavior.
Change-Id: I6e923a31f77768a14c4adfb0d37dbeee5807a4a2
Reviewed-on: https://go-review.googlesource.com/c/go/+/642275
Auto-Submit: Joseph Tsai <joetsai@digital-static.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
Adds ACVP test coverage for the hmacDRBG algorithm based on the NIST
spec:
https://pages.nist.gov/ACVP/draft-vassilev-acvp-drbg.html#section-7.2
The HMAC DRBG algorithm in our fips module is a minimal implementation
tailored for use for generating ECDSA nonces and so lives in
crypto/internal/fips140/ecdsa.
In order to be testable by crypto/internal/fips140test this changeset
exports a ecdsa.TestingOnlyNewDrbg() constructor to support the ACVP use-case.
All FIPS-compatible SHA2 and SHA3 digests are tested.
The ACVP capability registration is customized to match the limited
capabilities of our ecdsa-focused impl. Most notably:
* reseedImplemented is false - we expect this impl to be invoked
only once or twice per instantiation and do not support explicit
reseeding.
* predResistanceEnabled is false - this requires reseeding.
* Per mode:
* derFuncEnabled is always false - this is only used by ctrDRBG.
* additionalInputLen is 0 for all modes - this is only used with
preResistanceEnabled.
The other capability values are chosen based on Table 4:
https://pages.nist.gov/ACVP/draft-vassilev-acvp-drbg.html#section-7.4
Updates #69642
Change-Id: Ia58979d691f912e2ed739a05efb719f580fbbf89
Reviewed-on: https://go-review.googlesource.com/c/go/+/639775 Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org>
Notably we need to update the BoringSSL module version because the
acvptool was only recently updated to support testing ML-KEM.
A few non-test updates are also required for the
crypto/internal/fips140/mlkem package:
* For keyGen tests a new ExpandedBytes768() function is added that
converts a DecapsualtionKey768 struct into the expanded NIST
serialization. The existing Bytes() function returns the
key's seed, while ACVP testing requires the more cumbersome format.
* For decap tests a new TestingOnlyNewDecapsulationKey768()
constructor is added to produce a DecapsulationKey768 struct from the
expanded FIPS 203 serialization provided by the ACVP test vector. The
pre-existing NewDecapsulationKey768() function expects a seed as
input.
The generate1024.go helper is updated to translate the above changes to
the generated mlkem1024.go implementation.
Both of these new functions are exclusively for ACVP usage and so not
present in the public mlkem API. End users should always prefer to work
with seeds.
Updates #69642
Change-Id: I79784f8a8db00a2ddefdcece4b8de50b033c8f69
Reviewed-on: https://go-review.googlesource.com/c/go/+/637439 Reviewed-by: Carlos Amedee <carlos@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Filippo Valsorda [Thu, 9 Jan 2025 14:12:49 +0000 (15:12 +0100)]
crypto/rsa: fix GenerateKey flakes for toy-sized keys
Could have fixed this some other ways, including inside the FIPS 140-3
module, but this is small and self-contained, clearly not affecting
production non-toy key sizes. This late in the freeze, a surgical fix
felt best.
Fixes #71185
Change-Id: I6a6a465641357c9d6b076c8a520b221be4210ed5
Reviewed-on: https://go-review.googlesource.com/c/go/+/641755
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Russ Cox <rsc@golang.org>
Michael Pratt [Thu, 9 Jan 2025 17:22:53 +0000 (12:22 -0500)]
runtime/pprof: hide map runtime frames from heap profiles
Heap profiles hide "runtime" frames like runtime.mapassign. This broke
in 1.24 because the map implementation moved to internal/runtime/maps,
and runtime/pprof only considered literal "runtime." when looking for
runtime frames.
It would be nice to use cmd/internal/objabi.PkgSpecial to find runtime
packages, but that is hidden away in cmd.
Fixes #71174.
Change-Id: I6a6a636cb42aa17539e47da16854bd3fd8cb1bfe
Reviewed-on: https://go-review.googlesource.com/c/go/+/641775
Auto-Submit: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Knyszek <mknyszek@google.com>
Michael Matloob [Fri, 3 Jan 2025 20:06:42 +0000 (15:06 -0500)]
cmd/go/internal/mmap: reslice to file size on Windows
The Mmap function returns a Data struct containing a slice with the
mapped contents of the file. Before this change, on Windows, the slice
contained the contents of all the pages of the mapping, including past
the end of the file. Re-slice the slice to the length of the file (if
if the slice is longer) so that the slice contains only the data in the
file.
Filippo Valsorda [Mon, 6 Jan 2025 17:52:35 +0000 (18:52 +0100)]
crypto: fix fips140=only detection of SHA-3
Both fips140only and the service indicator checks in
crypto/internal/fips140/... expect to type assert to
crypto/internal/fips140/{sha256,sha512,sha3}.Digest.
However, crypto/sha3 returns a wrapper concrete type around sha3.Digest.
Add a new fips140hash.Unwrap function to turn the wrapper into the
underlying sha3.Digest, and use it consistently before calling into
fips140only or the FIPS 140-3 module.
In crypto/rsa, also made the fips140only checks apply consistently after
the Go+BoringCrypto shims, so we can instantiate the hash, and avoid
having to wrap the New function. Note that fips140=only is incompatible
with Go+BoringCrypto.
Fixes #70879
Change-Id: I6a6a4656ec55c3e13f6cbfadb9cf89c0f9183bdc
Reviewed-on: https://go-review.googlesource.com/c/go/+/640855
Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Joe Tsai [Wed, 8 Jan 2025 20:30:01 +0000 (12:30 -0800)]
encoding/json: improve fidelity of TestUnmarshal for Numbers
In particular, cover the behavior of unmarshaling a JSON string
into a Number type regardless of whether the `string` option
is specified or not.
Change-Id: Ibc55f16860442240bcfeea1fd51aaa76f7e50f67
Reviewed-on: https://go-review.googlesource.com/c/go/+/641416
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Joseph Tsai <joetsai@digital-static.net> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Robert Griesemer [Tue, 7 Jan 2025 23:06:05 +0000 (15:06 -0800)]
go/types, types2: require iterator yield to return bool (work-around)
The original implementation of the type checkers accepted any boolean
result type for yield, but the compiler's front-end had a problem with
it (#71131).
As a temporary fix (for 1.24), adjust the type checkers to insist on the
spec's literal wording and avoid the compiler panic.
Fixes #71131.
For #71164.
Change-Id: Ie25f9a892e58b5e489d399b0bce2d0af55dc3c48
Reviewed-on: https://go-review.googlesource.com/c/go/+/640599 Reviewed-by: Robert Griesemer <gri@google.com>
Auto-Submit: Robert Griesemer <gri@google.com> Reviewed-by: Tim King <taking@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Russ Cox [Tue, 7 Jan 2025 17:07:07 +0000 (12:07 -0500)]
crypto/internal/fips140/drbg: avoid global lock on rand state
Having a global lock on the random state (used only in FIPS-140 mode)
introduces contention in concurrent programs. Use an approximately
per-P random state instead, using sync.Pool to manage per-P state.
This code is important to land for the Go 1.24 release because it is
part of the FIPS-140 module that will be validated and certified,
so it will live for a long time. We otherwise wouldn't be able to
correct this contention for at least a year, perhaps more.
At the same time, the code is only used in the FIPS-140 mode,
so there is no risk to normal programs.
Fixes #71155.
Change-Id: I6b779f15ddfdf232f608f5cda08f75906e58114f
Reviewed-on: https://go-review.googlesource.com/c/go/+/641097 Reviewed-by: Austin Clements <austin@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Michael Matloob [Wed, 8 Jan 2025 16:19:05 +0000 (11:19 -0500)]
cmd/go/testdata/script: fix TestScript/env_gocacheprog on Windows
The backslashes on the windows paths will be escaped, so when checking
for them in the regular expression we'd have to have quadruple
backslashes '\\\\'. Since it's difficult to escape $GOCACHEPROG properly
for both json and regexp, just check for a string that ends in
cacheprog$GOEXE. We already check that the proper value is reported in
go env and go env -changed, and the json test case is mostly useful to
verify that GOCACHEPROG shows up in the json output.
For #71059
Change-Id: I52d49de61f2309a139f84c4d232b4cd94546ec8c
Cq-Include-Trybots: luci.golang.try:gotip-windows-amd64-longtest,gotip-linux-amd64-longtest
Reviewed-on: https://go-review.googlesource.com/c/go/+/641375 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Sam Thanawalla <samthanawalla@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Michael Anthony Knyszek [Mon, 23 Dec 2024 17:21:07 +0000 (17:21 +0000)]
runtime: hold traceAcquire across casgstatus in injectglist
Currently injectglist emits all the trace events before actually calling
casgstatus on each goroutine. This is a problem, since tracing can
observe an inconsistent state (gstatus does not match tracer's 'emitted
an event' state).
This change fixes the problem by having injectglist do what every other
scheduler function does, and that's wrap each call to casgstatus in
traceAcquire/traceRelease.
Fixes #70883.
Change-Id: I857e96cec01688013597e8efc0c4c3d0b72d3a70
Reviewed-on: https://go-review.googlesource.com/c/go/+/638558 Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Koichi Shiraishi [Sat, 28 Dec 2024 04:56:04 +0000 (13:56 +0900)]
internal/sync: fix typo of panic message
Change-Id: I3e7a8498514da1d278acd566d526fdf6278f7d41
Reviewed-on: https://go-review.googlesource.com/c/go/+/638916 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Damien Neil [Tue, 7 Jan 2025 22:29:23 +0000 (14:29 -0800)]
testing/synctest: add some examples
For #67434
Change-Id: Iebcfc2559a62405fea7e3ceff8cf6c2f50b61def
Reviewed-on: https://go-review.googlesource.com/c/go/+/641176 Reviewed-by: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com>
Michael Matloob [Mon, 6 Jan 2025 16:10:02 +0000 (11:10 -0500)]
cmd/go/internal/modindex: don't write index entry if file open
On Windows, we can't open a file that's already been opened. Before this
change, we'd try to write an index entry if mmapping the entry failed.
But that could happen either if the file doesn't exist or if there was a
problem mmapping an already opened file. Pass through information about
whether the file was actually opened so that we don't try to write to an
already opened file.
For #71059
Change-Id: I6adabe1093fed9ec37e7fafb13384c102786cbce
Reviewed-on: https://go-review.googlesource.com/c/go/+/640577 Reviewed-by: Sam Thanawalla <samthanawalla@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Russ Cox [Tue, 7 Jan 2025 16:20:07 +0000 (11:20 -0500)]
cmd/internal/hash: stop using md5, sha1
These break if the tools are run with GODEBUG=fips140=only,
which happens if someone sets that during 'go test' (and a test
binary must be built).
The easiest fix is to make the tools compatible with this GODEBUG
by just using sha256 as the underlying hash always. Just in case,
I made the wrappers select different sections of the hash, but
none of the call sites really care.
This CL is for the Go 1.24 release, but a follow-up during the Go 1.25
dev cycle could change all the usage sites to only use Sum32/New32.
For #70514
Fixes #70878
Change-Id: Id5fea779c83df51d1680dbe561e0949c56e8d1e5
Reviewed-on: https://go-review.googlesource.com/c/go/+/641096 Reviewed-by: Keith Randall <khr@golang.org>
Auto-Submit: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Keith Randall <khr@google.com>
Michael Matloob [Mon, 6 Jan 2025 21:02:38 +0000 (16:02 -0500)]
cmd/go/internal/cache: handle cacheprog not responding to close
Allow a gocacheprog to not respond to close. The intention of the code
is that after we send the close message we'd ignore errors reading from
the cacheprog's stdout. But before this change if a cacheprog
did not respond to close and we got an EOF reading from the cacheprog's
stdout we'd just ignore all pending requests. The send operation would
then block forever waiting for a response. With this change, we close
all response channels for pending responses if there's an error reading
from the cacheprog's stdout while we're closing. The receives from the
response channels would then proceed (but now have to handle a nil
value). Then the send operation would return and the (*ProgCache).Close
function can proceed.
Fixes #70848
Change-Id: I6631d317ba7aea3f25f714f31cd2aeef0f4d4e3e
Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest,gotip-windows-amd64-longtest
Reviewed-on: https://go-review.googlesource.com/c/go/+/640516 Reviewed-by: Austin Clements <austin@google.com> Reviewed-by: Sam Thanawalla <samthanawalla@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Michael Anthony Knyszek [Tue, 7 Jan 2025 16:01:46 +0000 (16:01 +0000)]
weak: don't panic when calling Value on a zero Pointer
Currently weak.Pointer.Value will panic if the weak.Pointer is
uninitialized (zero value) which goes against it's documentation. Fix
this and add a test. While we're here, also add a test to ensure
weak.Make[T](nil) is equivalent to the zero value of weak.Pointer[T].
Fixes #71153.
Change-Id: I4d9196026360bc42a5bfcb33ce449131ec251dba
Reviewed-on: https://go-review.googlesource.com/c/go/+/641095 Reviewed-by: David Finkel <david.finkel@gmail.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Carlos Amedee <carlos@golang.org>
Robert Griesemer [Tue, 7 Jan 2025 00:22:10 +0000 (16:22 -0800)]
cmd/compile/internal/syntax: add test case for invalid label use
This case is not properly handled by the type checkers (see issue)
but the compiler uses the parser's label checking so it works as
expected.
For #70974.
Change-Id: I0849376bf7514a9a7730846649c3fe28c91f44ca
Reviewed-on: https://go-review.googlesource.com/c/go/+/640895
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Alan Donovan <adonovan@google.com> Reviewed-by: Robert Griesemer <gri@google.com>
Auto-Submit: Robert Griesemer <gri@google.com>
Robert Griesemer [Mon, 6 Jan 2025 21:25:08 +0000 (13:25 -0800)]
go/types, types2: expand documentation for Info.Types map
Function types for function (and method) declarations do not
appear in Info.Types maps, only Info.Defs maps, because the
function type is implicit in the declaration and not a proper
(function) type expression. This is true even though the AST
represents these types via an (artificial) FuncType node.
Document this explicitly in the API.
No functional code changes.
Fixes #70908.
Change-Id: I2aa897daed04e7ad0fa8b625d9adc7b423c57387
Reviewed-on: https://go-review.googlesource.com/c/go/+/640776 Reviewed-by: Alan Donovan <adonovan@google.com>
Auto-Submit: Robert Griesemer <gri@google.com> Reviewed-by: Robert Griesemer <gri@google.com> Reviewed-by: Robert Findley <rfindley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
thekuwayama [Mon, 30 Dec 2024 19:28:35 +0000 (19:28 +0000)]
crypto/tls: send illegal_parameter on invalid ECHClientHello.type
The spec indicates that if a client sends an invalid ECHClientHello.type
in ClientHelloOuter, the server will abort the handshake with a
decode_error alert.
Define errInvalidECHExt for invalid ECHClientHello.type. If parseECHExt
returns an errInvalidECHExt error, Conn now sends an illegal_parameter
alert.
Fixes #71061.
Change-Id: I240241fe8bbe3e77d6ad1af989794647bfa2ff87
GitHub-Last-Rev: 3d6c233ccd401453bfb1a4fc97fa5deeb5b2fbc8
GitHub-Pull-Request: golang/go#71062
Reviewed-on: https://go-review.googlesource.com/c/go/+/639235 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
Filippo Valsorda [Mon, 16 Dec 2024 16:20:46 +0000 (17:20 +0100)]
crypto/internal/fips140: zeroise integrity test temporary values
There is no point to zeroise anything here because there are no secrets,
but there is a strict FIPS 140-3 test requirement for it.
> TE05.08.02 (Levels 1, 2, 3, and 4): verify that any temporary values
> generated during the integrity test are zeroised upon completion of
> the integrity test
Change-Id: I7b0db075dae9910f8e825a22ca2caa2b4c918980
Reviewed-on: https://go-review.googlesource.com/c/go/+/636556
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Joel Sing [Fri, 3 Jan 2025 16:44:40 +0000 (03:44 +1100)]
cmd/internal/disasm: correct instruction length handling for riscv64
disasm_riscv64 currently always returns an instruction length of four,
which is not correct if compressed instructions are in use. Return the
length of the decoded instruction, defaulting to two bytes if the
instruction is unknown.
With this change it is possible to correctly objdump a binary that is
written in C and includes compressed instructions:
Filippo Valsorda [Sat, 28 Dec 2024 21:32:59 +0000 (22:32 +0100)]
crypto/rsa: use λ(N) instead of φ(N)
This has no practical advantage, and requires extra variable time code,
but is an explicit FIPS 186-5 requirement.
Note that the new behavior is consistent with Go+BoringCrypto, but not
with Go 1.23. The resulting keys are essentially interchangeable, but
it's not impossible for applications to notice (google/go-tpm#383).
gcd_lcm_tests.txt is from BoringSSL.
Change-Id: I6a6a4656fd5e92912c87bedc667456d0e8787023
Reviewed-on: https://go-review.googlesource.com/c/go/+/639936 Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Michael Anthony Knyszek [Mon, 6 Jan 2025 18:23:21 +0000 (18:23 +0000)]
internal/sync: add test from issue 70970
This test checks a use-case of sync.Map that's expected to be more
common in Go 1.24 and beyond, as a concurrent weak cache.
The test will also fail if CompareAndSwap is not properly atomic with
CompareAndDelete, which is what #70970 is actually about. We should have
more explicit tests checking mutual atomicity of operations, but
for now this is OK, and still useful.
For #70970.
Change-Id: I6db508660691586a8af9ad511c9a96432d333343
Reviewed-on: https://go-review.googlesource.com/c/go/+/640737 Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
yincong [Mon, 6 Jan 2025 02:10:08 +0000 (02:10 +0000)]
net/http: update NewRequestWithContext wrong link to NewRequest
Fixes #70874
Change-Id: Icbcfc95e6b45521880287dcc3bc8609461a3b401
GitHub-Last-Rev: 05276c56b019d8774e8eee881101509cf83c0f3d
GitHub-Pull-Request: golang/go#70877
Reviewed-on: https://go-review.googlesource.com/c/go/+/637035 Reviewed-by: qiu laidongfeng2 <2645477756@qq.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Ian Lance Taylor <iant@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
Michael Knyszek [Tue, 24 Dec 2024 01:59:28 +0000 (17:59 -0800)]
Revert "internal/sync: optimize CompareAndSwap and Swap"
This reverts CL 606462.
Reason for revert: Breaks atomicity between operations. See #70970.
Change-Id: I1a899f2784da5a0f9da3193e3267275c23aea661
Reviewed-on: https://go-review.googlesource.com/c/go/+/638615
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Commit-Queue: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com>
Filippo Valsorda [Wed, 24 Aug 2022 10:32:51 +0000 (12:32 +0200)]
crypto/ecdsa: drop SEC 1 reference from package doc
FIPS 186-4 used to defer to ANSI X9.62-2005, which is not freely
available, so we were referring to SEC 1 instead. Our new reference,
FIPS 186-5, actually specifies the full algorithm, so there is no need
to refer to SEC 1 anymore.
Change-Id: Ief499d0f7778f3221547993e9e8951ae873aacef
Reviewed-on: https://go-review.googlesource.com/c/go/+/640115 Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
Damien Neil [Fri, 3 Jan 2025 19:47:39 +0000 (11:47 -0800)]
context: use "canceled" in docs to refer to timed-out contexts
In documentation, we've usually but not always referred to a
context with a closed Done channel as "done" rather than
"canceled", to avoid ambiguity between a context canceled
by calling a CancelFunc and one past its deadline.
This actually adds ambiguity, however, since it's common to
see references to a "canceled context" that are intended to
cover contexts past their deadline. If you see "function F
returns if its context is canceled", you can reasonably
assume that F will return if its context passes its
deadline, unless something says otherwise.
Update the context package docs to explicitly state that
a context is canceled when its deadline passes. Drop references
to contexts becoming "done" and just use "canceled" throughout.
Fixes #70945
Change-Id: I99fbd800c6049deaa37015a304f7f9d9a84100e1
Reviewed-on: https://go-review.googlesource.com/c/go/+/640095 Reviewed-by: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com>
Ian Lance Taylor [Fri, 3 Jan 2025 21:49:20 +0000 (13:49 -0800)]
cmd/go/internal/vcweb: close the .access file
For #71112
Change-Id: Ifda4fc8de148c42a2154da54b53d7215b9a6faa0
Reviewed-on: https://go-review.googlesource.com/c/go/+/640175
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Ian Lance Taylor <iant@golang.org>
Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Michael Matloob <matloob@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com>
Filippo Valsorda [Wed, 1 Jan 2025 14:08:28 +0000 (15:08 +0100)]
crypto/internal/fips140: mark OpenBSD unsupported
Since OpenBSD 7.3, external linking uses -fexecute-only, which breaks
the integrity check. Since we are not validating on OpenBSD anyway,
mark it as unsupported at least for now.
Fixes #70880
Change-Id: I6a6a4656b6c7a97c0962b4158d920f9e6b19678e
Reviewed-on: https://go-review.googlesource.com/c/go/+/639337
Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Joel Sing <joel@sing.id.au> Reviewed-by: صادق <sadq04724@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Jakub Ciolek [Fri, 3 Jan 2025 16:23:05 +0000 (17:23 +0100)]
internal/fuzz: remove the exp2 method
It's not being used anywhere, remove it.
Change-Id: I9c3eecacd4e5d44b18243bdec24ad88bc38c82bf
Reviewed-on: https://go-review.googlesource.com/c/go/+/639957 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Mateusz Poliwczak [Thu, 2 Jan 2025 18:22:34 +0000 (18:22 +0000)]
internal/exportdata: add missing return
Change-Id: I9703c6a4a2ae4a608d33cf706106c92e9bd2aef7
GitHub-Last-Rev: 3eee41957d8a2d9908519c798f30d5ccc90c53fb
GitHub-Pull-Request: golang/go#71096
Reviewed-on: https://go-review.googlesource.com/c/go/+/637962 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
linmaolin [Thu, 2 Jan 2025 21:05:21 +0000 (21:05 +0000)]
cmd/go: fix two typos in helpdoc.go
Change-Id: Ib750438107db6c82020cfb4abbab52435012b7fc
GitHub-Last-Rev: 3fa9b8c7bc70965c1ec9082b00c9b5a7af9751ef
GitHub-Pull-Request: golang/go#71082
Reviewed-on: https://go-review.googlesource.com/c/go/+/639217
Auto-Submit: Ian Lance Taylor <iant@golang.org> Reviewed-by: Michael Matloob <matloob@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Sam Thanawalla <samthanawalla@google.com>
Austin Clements [Fri, 27 Dec 2024 18:11:02 +0000 (13:11 -0500)]
cmd/go: document GOCACHEPROG in go help environment
This adds GOCACHEPROG to the list of environment variables in "go help
environment" and points to the cacheprog package documentation for
details of the protocol.
Fixes #71032
Updates #59719
Change-Id: Ib8f5804926a8fa59237661076d129c2852665ac3
Reviewed-on: https://go-review.googlesource.com/c/go/+/638997
Auto-Submit: Austin Clements <austin@google.com> Reviewed-by: Mauri de Souza Meneguzzo <mauri870@gmail.com> Reviewed-by: Michael Matloob <matloob@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Austin Clements [Fri, 27 Dec 2024 18:27:21 +0000 (13:27 -0500)]
cmd/go: move GOCACHEPROG protocol types to their own package
This is a step toward making it easy to point to them in
documentation. The other option is that we copy-paste all of these
type definitions wholesale, which seems ridiculous.
Updates #71032
Updates #59719
Change-Id: I7117e03308ae0adc721ed7a57792c33ba68ce827
Reviewed-on: https://go-review.googlesource.com/c/go/+/638995
Auto-Submit: Austin Clements <austin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Matloob <matloob@golang.org>
Sean Liao [Sat, 28 Dec 2024 19:25:08 +0000 (14:25 -0500)]
cmd/go: remove references to gopath-get
Fixes #70912
Change-Id: Id87a13f7c9bf972502d14c9674a27f743b849715
Reviewed-on: https://go-review.googlesource.com/c/go/+/639155 Reviewed-by: Sam Thanawalla <samthanawalla@google.com> Reviewed-by: Michael Matloob <matloob@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Sam Thanawalla <samthanawalla@google.com>
Filippo Valsorda [Thu, 2 Jan 2025 00:34:40 +0000 (01:34 +0100)]
crypto/tls: fix Config.Time in tests using expired certificates
Fixes #71077
Change-Id: I6a6a465685f3bd50a5bb35a160f87b59b74fa6af
Reviewed-on: https://go-review.googlesource.com/c/go/+/639655
Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Joel Sing <joel@sing.id.au> Reviewed-by: Ian Lance Taylor <iant@google.com>
Ian Lance Taylor [Mon, 30 Dec 2024 22:35:24 +0000 (14:35 -0800)]
cmd/go: document default GOARM value
For #24904
For #58884
Change-Id: I0fc61f1a0bc6ebb22bdfd7a7b13ef36c68879384
Reviewed-on: https://go-review.googlesource.com/c/go/+/639276 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Commit-Queue: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Shulhan [Mon, 30 Dec 2024 10:10:57 +0000 (17:10 +0700)]
builtin: use list instead of indentation for comments in cap, len, and make
Using list make the document more readable in HTML and CLI.
Change-Id: Ib84c84656f32806e8612b1ca13938d93f618e27f
Reviewed-on: https://go-review.googlesource.com/c/go/+/639315 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>