Comparing v0.27.0...v0.31.0 · golang/crypto (original) (raw)
Commits on Sep 10, 2024
- bn256: add missing symbols in comment
Change-Id: Ibd48a070bd8ce35ef5795a8b73bc4ecac43a993e
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/611735
Run-TryBot: shuang cui imcusg@gmail.com
Commit-Queue: Ian Lance Taylor iant@google.com
LUCI-TryBot-Result: Go LUCI golang-scoped@luci-project-accounts.iam.gserviceaccount.com
Auto-Submit: Ian Lance Taylor iant@google.com
Reviewed-by: Roland Shoemaker roland@golang.org
TryBot-Result: Gopher Robot gobot@golang.org
Reviewed-by: Ian Lance Taylor iant@google.com
authored andgopherbot committed
Sep 10, 2024
Configuration menu
Browse the repository at this point in the history
Commits on Sep 16, 2024
- ssh: return ServerAuthError after too many auth failures
if a client is disconnected due to too many authentication attempts
we should return a ServerAuthError instead of a generic error.
Some users check the error returned by NewServerConn to determine
whether or not a client attempted to authenticate.
Fixes golang/go#69191
Change-Id: If68fcecdefd6c810fe9df8256b1216e320d8a916
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/566398
Reviewed-by: Filippo Valsorda filippo@golang.org
Reviewed-by: Tim King taking@google.com
Auto-Submit: Nicola Murino nicola.murino@gmail.com
LUCI-TryBot-Result: Go LUCI golang-scoped@luci-project-accounts.iam.gserviceaccount.com
Reviewed-by: Carlos Amedee carlos@golang.org
Configuration menu
Browse the repository at this point in the history
Commits on Sep 30, 2024
- sha3: fix cSHAKE initialization for extremely large N and or S
While both impractical and unlikely, the multiplication could overflow
on 32-bit architectures.
The 64-bit architecture case is unaffected by both the maximum length
of Go slices being too small to trigger the overflow (everything except
s390), and it being safe to assume no machine has more than 2 EiB of
memory.
Fixes golang/go#66232
Change-Id: I19c15d42d2d6af35e296697159d43d02f513e614
GitHub-Last-Rev: 503e180
GitHub-Pull-Request: #286
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/570876
LUCI-TryBot-Result: Go LUCI golang-scoped@luci-project-accounts.iam.gserviceaccount.com
Reviewed-by: David Chase drchase@google.com
Reviewed-by: Filippo Valsorda filippo@golang.org
Auto-Submit: Filippo Valsorda filippo@golang.org
Reviewed-by: Michael Knyszek mknyszek@google.com
Configuration menu
Browse the repository at this point in the history
Commits on Oct 4, 2024
- Configuration menu
Browse the repository at this point in the history - internal/poly1305: extend ppc64le support to ppc64
The cipher needs to load the stream in LE order. Use the byte
reversing loads on BE.
Also, remove the unused variable poly1305Mask in the PPC64
asm file too.
Change-Id: Ie90fe7bb0ea7a3bcb76583e0cf9c1e4133499541
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/614298
Reviewed-by: Michael Knyszek mknyszek@google.com
Reviewed-by: Archana Ravindar aravinda@redhat.com
LUCI-TryBot-Result: Go LUCI golang-scoped@luci-project-accounts.iam.gserviceaccount.com
Reviewed-by: David Chase drchase@google.com
pmur committed
Oct 4, 2024
Configuration menu
Browse the repository at this point in the history
Commits on Oct 11, 2024
- chacha20: extend ppc64le support to ppc64
This requires fixing an incorrect save of the counter. It is a word
value. It happens to work on LE because length is limited to u32.
Refactor the constant table to load correctly independent of byte
ordering.
Add byte order swapping where output needs converted to LE
ordering for storage.
Change-Id: Ic7e09bd1c769bb77dd6e817f5a8639ba765f4c0f
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/614297
Reviewed-by: Cherry Mui cherryyz@google.com
Reviewed-by: Michael Knyszek mknyszek@google.com
Reviewed-by: Archana Ravindar aravinda@redhat.com
LUCI-TryBot-Result: Go LUCI golang-scoped@luci-project-accounts.iam.gserviceaccount.com
pmur committed
Oct 11, 2024
Configuration menu
Browse the repository at this point in the history
Commits on Oct 16, 2024
- ssh: return unexpected msg error when server fails keyboard-interacti…
…ve auth early
Seems the OpenSSH server running on windows fails keyboard-interactive
auth this way without sending any prompt to client. In such case the
golang ssh client should not retry keyboard-interactive auth when the
auth method is wrapped in a RetryableAuthMethod(). Rather the auth
method should be immediately marked as tried&failed and the client auth
process should move on to next available and acceptable auth method.
Fixes golang/go#67855
Change-Id: I6c64ae58ff8325774e37af716601b112f8833d8f
GitHub-Last-Rev: 7fafc4d
GitHub-Pull-Request: #297
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/590956
LUCI-TryBot-Result: Go LUCI golang-scoped@luci-project-accounts.iam.gserviceaccount.com
Reviewed-by: Dmitri Shuralyov dmitshur@google.com
Reviewed-by: Ian Lance Taylor iant@google.com
Auto-Submit: Nicola Murino nicola.murino@gmail.com
Reviewed-by: Nicola Murino nicola.murino@gmail.com
Configuration menu
Browse the repository at this point in the history
Commits on Oct 21, 2024
- sha3: avoid buffer copy
Previously, the package worked by copying the input (or the output) into
a buffer, and then XOR'ing (or copying) it into (or out of) the state.
(Except for an input fast path.) There's no need for that! We can XOR
straight into the state, and copy straight out of it, at least on little
endian machines. This is a bit faster, almost halves the state size, and
will make it easier to implement marshaling, but most importantly look
at how much simpler it makes the code!
go: go1.23.0
goos: linux
goarch: amd64
pkg: golang.org/x/crypto/sha3
cpu: AMD Ryzen 7 PRO 8700GE w/ Radeon 780M Graphics
│ v0.27.0-2-g42ee18b9637 │ v0.27.0-2-g42ee18b9637-dirty │
│ sec/op │ sec/op vs base │
PermutationFunction-8 270.8n ± 0% 270.4n ± 0% ~ (p=0.099 n=10)
Sha3_512_MTU-8 5.762µ ± 0% 5.658µ ± 0% -1.80% (p=0.000 n=10)
Sha3_384_MTU-8 4.179µ ± 0% 4.070µ ± 0% -2.60% (p=0.000 n=10)
Sha3_256_MTU-8 3.316µ ± 0% 3.214µ ± 0% -3.08% (p=0.000 n=10)
Sha3_224_MTU-8 3.175µ ± 0% 3.061µ ± 0% -3.61% (p=0.000 n=10)
Shake128_MTU-8 2.779µ ± 0% 2.681µ ± 0% -3.51% (p=0.000 n=10)
Shake256_MTU-8 2.947µ ± 0% 2.957µ ± 0% +0.32% (p=0.000 n=10)
Shake256_16x-8 44.15µ ± 0% 44.45µ ± 0% +0.67% (p=0.000 n=10)
Shake256_1MiB-8 2.319m ± 0% 2.274m ± 0% -1.93% (p=0.000 n=10)
Sha3_512_1MiB-8 4.204m ± 0% 4.219m ± 0% +0.34% (p=0.000 n=10)
geomean 13.75µ 13.54µ -1.55%
│ v0.27.0-2-g42ee18b9637 │ v0.27.0-2-g42ee18b9637-dirty │
│ B/s │ B/s vs base │
PermutationFunction-8 704.3Mi ± 0% 705.4Mi ± 0% ~ (p=0.105 n=10)
Sha3_512_MTU-8 223.5Mi ± 0% 227.6Mi ± 0% +1.83% (p=0.000 n=10)
Sha3_384_MTU-8 308.1Mi ± 0% 316.4Mi ± 0% +2.67% (p=0.000 n=10)
Sha3_256_MTU-8 388.2Mi ± 0% 400.5Mi ± 0% +3.17% (p=0.000 n=10)
Sha3_224_MTU-8 405.5Mi ± 0% 420.7Mi ± 0% +3.73% (p=0.000 n=10)
Shake128_MTU-8 463.4Mi ± 0% 480.2Mi ± 0% +3.64% (p=0.000 n=10)
Shake256_MTU-8 436.9Mi ± 0% 435.5Mi ± 0% -0.32% (p=0.000 n=10)
Shake256_16x-8 353.9Mi ± 0% 351.5Mi ± 0% -0.66% (p=0.000 n=10)
Shake256_1MiB-8 431.2Mi ± 0% 439.7Mi ± 0% +1.97% (p=0.000 n=10)
Sha3_512_1MiB-8 237.8Mi ± 0% 237.1Mi ± 0% -0.33% (p=0.000 n=10)
geomean 375.7Mi 381.6Mi +1.57%
Even stronger effect when patched on top of CL 616555 (forced on).
go: go1.23.0
goos: darwin
goarch: arm64
pkg: golang.org/x/crypto/sha3
cpu: Apple M2
│ old │ new │
│ sec/op │ sec/op vs base │
PermutationFunction-8 154.7n ± 2% 153.8n ± 1% ~ (p=0.469 n=10)
Sha3_512_MTU-8 3.260µ ± 2% 3.143µ ± 2% -3.60% (p=0.000 n=10)
Sha3_384_MTU-8 2.389µ ± 2% 2.244µ ± 2% -6.07% (p=0.000 n=10)
Sha3_256_MTU-8 1.950µ ± 2% 1.758µ ± 1% -9.87% (p=0.000 n=10)
Sha3_224_MTU-8 1.874µ ± 2% 1.686µ ± 1% -10.06% (p=0.000 n=10)
Shake128_MTU-8 1.827µ ± 3% 1.447µ ± 1% -20.80% (p=0.000 n=10)
Shake256_MTU-8 1.665µ ± 3% 1.604µ ± 3% -3.63% (p=0.003 n=10)
Shake256_16x-8 25.14µ ± 1% 25.23µ ± 2% ~ (p=0.912 n=10)
Shake256_1MiB-8 1.236m ± 2% 1.243m ± 2% ~ (p=0.631 n=10)
Sha3_512_1MiB-8 2.296m ± 2% 2.305m ± 1% ~ (p=0.315 n=10)
geomean 7.906µ 7.467µ -5.56%
│ old │ new │
│ B/op │ B/op vs base │
PermutationFunction-8 1.204Gi ± 2% 1.212Gi ± 1% ~ (p=0.529 n=10)
Sha3_512_MTU-8 394.9Mi ± 2% 409.7Mi ± 2% +3.73% (p=0.000 n=10)
Sha3_384_MTU-8 539.0Mi ± 2% 573.8Mi ± 2% +6.45% (p=0.000 n=10)
Sha3_256_MTU-8 660.3Mi ± 2% 732.6Mi ± 1% +10.95% (p=0.000 n=10)
Sha3_224_MTU-8 687.1Mi ± 2% 763.9Mi ± 1% +11.17% (p=0.000 n=10)
Shake128_MTU-8 704.7Mi ± 2% 889.6Mi ± 2% +26.24% (p=0.000 n=10)
Shake256_MTU-8 773.4Mi ± 3% 802.5Mi ± 3% +3.76% (p=0.004 n=10)
Shake256_16x-8 621.6Mi ± 1% 619.3Mi ± 2% ~ (p=0.912 n=10)
Shake256_1MiB-8 809.1Mi ± 2% 804.7Mi ± 2% ~ (p=0.631 n=10)
Sha3_512_1MiB-8 435.6Mi ± 2% 433.9Mi ± 1% ~ (p=0.315 n=10)
geomean 653.6Mi 692.0Mi +5.88%
Change-Id: I33a0a1ddf305c395f99bf17f81473e2f42c5ce42
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/616575
Reviewed-by: Daniel McCarney daniel@binaryparadox.net
Reviewed-by: Michael Pratt mpratt@google.com
Reviewed-by: Roland Shoemaker roland@golang.org
LUCI-TryBot-Result: Go LUCI golang-scoped@luci-project-accounts.iam.gserviceaccount.com
Auto-Submit: Filippo Valsorda filippo@golang.org
Reviewed-by: Andrew Ekstedt andrew.ekstedt@gmail.com
Configuration menu
Browse the repository at this point in the history
Commits on Oct 22, 2024
- sha3: fix padding for long cSHAKE parameters
We used to compute the incorrect value if len(initBlock) % rate == 0.
Also, add a test vector for golang/go#66232, confirmed to fail on
GOARCH=386 without CL 570876.
Fixes golang/go#69169
Change-Id: I3f2400926fca111dd0ca1327d6b5975e51b28f96
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/616576
Reviewed-by: Andrew Ekstedt andrew.ekstedt@gmail.com
Reviewed-by: Daniel McCarney daniel@binaryparadox.net
Reviewed-by: Michael Pratt mpratt@google.com
LUCI-TryBot-Result: Go LUCI golang-scoped@luci-project-accounts.iam.gserviceaccount.com
Auto-Submit: Filippo Valsorda filippo@golang.org
Reviewed-by: Roland Shoemaker roland@golang.org
Configuration menu
Browse the repository at this point in the history - sha3: avoid trailing permutation
If you read a multiple of the rate, and then stop, there is no point in
running the final permutation.
Change-Id: Ic95e70f78b6e139aca1d3e3c11e09d2bbcf54f6c
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/620555
Reviewed-by: Daniel McCarney daniel@binaryparadox.net
Reviewed-by: Roland Shoemaker roland@golang.org
LUCI-TryBot-Result: Go LUCI golang-scoped@luci-project-accounts.iam.gserviceaccount.com
Reviewed-by: Michael Pratt mpratt@google.com
Auto-Submit: Filippo Valsorda filippo@golang.org
Configuration menu
Browse the repository at this point in the history - Configuration menu
Browse the repository at this point in the history
Commits on Nov 4, 2024
- README: don't recommend go get
These days people will just import the packages and the go tool will
do the right thing. We don't need to explain it.
Add a pointer to the git repo, though.
For golang/go#62645
Change-Id: I8b1e4a877bd83fe6891688a44d27a6c7902c8979
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/624155
LUCI-TryBot-Result: Go LUCI golang-scoped@luci-project-accounts.iam.gserviceaccount.com
Commit-Queue: Ian Lance Taylor iant@google.com
Reviewed-by: Ian Lance Taylor iant@google.com
Auto-Submit: Ian Lance Taylor iant@google.com
Reviewed-by: Roland Shoemaker roland@golang.org
Configuration menu
Browse the repository at this point in the history
Commits on Nov 7, 2024
Commits on Nov 27, 2024
- x509roots/fallback: update bundle
This is an automated CL which updates the NSS root bundle.
Change-Id: Ic5267bf9d66b676e1cfc5fc2ae153afb8f33b29c
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/631635
Auto-Submit: Gopher Robot gobot@golang.org
Reviewed-by: Dmitri Shuralyov dmitshur@google.com
Reviewed-by: Roland Shoemaker roland@golang.org
LUCI-TryBot-Result: Go LUCI golang-scoped@luci-project-accounts.iam.gserviceaccount.com
Configuration menu
Browse the repository at this point in the history
Commits on Dec 4, 2024
- Configuration menu
Browse the repository at this point in the history - Configuration menu
Browse the repository at this point in the history
Commits on Dec 11, 2024
- ssh: make the public key cache a 1-entry FIFO cache
Users of the the ssh package seem to extremely commonly misuse the
PublicKeyCallback API, assuming that the key passed in the last call
before a connection is established is the key used for authentication.
Some users then make authorization decisions based on this key. This
property is not documented, and may not be correct, due to the caching
behavior of the package, resulting in users making incorrect
authorization decisions about the connection.
This change makes the cache a one entry FIFO cache, making the assumed
property, that the last call to PublicKeyCallback represents the key
actually used for authentication, actually hold.
Thanks to Damien Tournoud, Patrick Dawkins, Vince Parker, and
Jules Duvivier from the Platform.sh / Upsun engineering team
for reporting this issue.
Fixes golang/go#70779
Fixes CVE-2024-45337
Change-Id: Ife7c7b4045d8b6bcd7e3a417bdfae370c709797f
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/635315
Reviewed-by: Roland Shoemaker roland@golang.org
Auto-Submit: Gopher Robot gobot@golang.org
Reviewed-by: Damien Neil dneil@google.com
Reviewed-by: Nicola Murino nicola.murino@gmail.com
LUCI-TryBot-Result: Go LUCI golang-scoped@luci-project-accounts.iam.gserviceaccount.com
Configuration menu
Browse the repository at this point in the history
