delta/go-git.git/src, branch dev.boringcrypto github.com: golang/go [dev.boringcrypto] cmd/compile: remove the awful boringcrypto kludge 2022-04-29T14:24:53+00:00 Russ Cox rsc@golang.org 2022-04-27T13:02:53+00:00 cdcb4b6ef37c1ce14637323dd00b5daad7e645c4 CL 60271 introduced this “AwfulBoringCryptoKludge.” iant approved that CL saying “As long as it stays out of master...” Now that the rsa and ecdsa code uses boring.Cache, the “boring unsafe.Pointer” fields are gone from the key structs, and this code is no longer needed. So delete it. With the kludge deleted, we are one step closer to being able to merge dev.boringcrypto into master. For #51940. Change-Id: Ie549db14b0b699c306dded2a2163f18f31d45530 Reviewed-on: https://go-review.googlesource.com/c/go/+/395884 Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> 
CL 60271 introduced this “AwfulBoringCryptoKludge.”
iant approved that CL saying “As long as it stays out of master...”

Now that the rsa and ecdsa code uses boring.Cache, the
“boring unsafe.Pointer” fields are gone from the key structs, and this
code is no longer needed. So delete it.

With the kludge deleted, we are one step closer to being able to merge
dev.boringcrypto into master.

For #51940.

Change-Id: Ie549db14b0b699c306dded2a2163f18f31d45530
Reviewed-on: https://go-review.googlesource.com/c/go/+/395884
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
[dev.boringcrypto] crypto/ecdsa, crypto/rsa: use boring.Cache 2022-04-29T14:23:32+00:00 Russ Cox rsc@golang.org 2022-04-27T13:02:53+00:00 e845f572ec6163fd3bad0267b5bb4f24d369bd93 In the original BoringCrypto port, ecdsa and rsa's public and private keys added a 'boring unsafe.Pointer' field to cache the BoringCrypto form of the key. This led to problems with code that “knew” the layout of those structs and in particular that they had no unexported fields. In response, as an awful kludge, I changed the compiler to pretend that field did not exist when laying out reflect data. Because we want to merge BoringCrypto in the main tree, we need a different solution. Using boring.Cache is that solution. For #51940. Change-Id: Ideb2b40b599a1dc223082eda35a5ea9abcc01e30 Reviewed-on: https://go-review.googlesource.com/c/go/+/395883 Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> 
In the original BoringCrypto port, ecdsa and rsa's public and private
keys added a 'boring unsafe.Pointer' field to cache the BoringCrypto
form of the key. This led to problems with code that “knew” the layout
of those structs and in particular that they had no unexported fields.

In response, as an awful kludge, I changed the compiler to pretend
that field did not exist when laying out reflect data. Because we want
to merge BoringCrypto in the main tree, we need a different solution.
Using boring.Cache is that solution.

For #51940.

Change-Id: Ideb2b40b599a1dc223082eda35a5ea9abcc01e30
Reviewed-on: https://go-review.googlesource.com/c/go/+/395883
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
[dev.boringcrypto] crypto/internal/boring: add GC-aware cache 2022-04-29T14:23:31+00:00 Russ Cox rsc@golang.org 2022-04-27T13:02:53+00:00 a840bf871e005d948ba6442948997eb3ef2e3c7f In the original BoringCrypto port, ecdsa and rsa's public and private keys added a 'boring unsafe.Pointer' field to cache the BoringCrypto form of the key. This led to problems with code that “knew” the layout of those structs and in particular that they had no unexported fields. In response, as an awful kludge, I changed the compiler to pretend that field did not exist when laying out reflect data. Because we want to merge BoringCrypto in the main tree, we need a different solution. The different solution is this CL's boring.Cache, which is a concurrent, GC-aware map from unsafe.Pointer to unsafe.Pointer (if generics were farther along we could use them nicely here, but I am afraid of breaking tools that aren't ready to see generics in the standard library yet). More complex approaches are possible, but a simple, fixed-size hash table is easy to make concurrent and should be fine. For #51940. Change-Id: I44062a8defbd87b705a787cffc64c6a9d0132785 Reviewed-on: https://go-review.googlesource.com/c/go/+/395882 Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> 
In the original BoringCrypto port, ecdsa and rsa's public and private
keys added a 'boring unsafe.Pointer' field to cache the BoringCrypto
form of the key. This led to problems with code that “knew” the layout
of those structs and in particular that they had no unexported fields.

In response, as an awful kludge, I changed the compiler to pretend
that field did not exist when laying out reflect data. Because we want
to merge BoringCrypto in the main tree, we need a different solution.

The different solution is this CL's boring.Cache, which is a
concurrent, GC-aware map from unsafe.Pointer to unsafe.Pointer (if
generics were farther along we could use them nicely here, but I am
afraid of breaking tools that aren't ready to see generics in the
standard library yet).

More complex approaches are possible, but a simple, fixed-size hash
table is easy to make concurrent and should be fine.

For #51940.

Change-Id: I44062a8defbd87b705a787cffc64c6a9d0132785
Reviewed-on: https://go-review.googlesource.com/c/go/+/395882
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
[dev.boringcrypto] crypto/x509: remove VerifyOptions.IsBoring 2022-04-29T14:23:29+00:00 Russ Cox rsc@golang.org 2022-04-27T13:02:53+00:00 0184fe5ece4f84fda9db04d2472b76efcaa8ef55 This API was added only for BoringCrypto, never shipped in standard Go. This API is also not compatible with the expected future evolution of crypto/x509, as we move closer to host verifiers on macOS and Windows. If we want to merge BoringCrypto into the main tree, it is best not to have differing API. So instead of a hook set by crypto/tls, move the actual check directly into crypto/x509, eliminating the need for exposed API. For #51940. Change-Id: Ia2ae98c745de818d39501777014ea8166cab0b03 Reviewed-on: https://go-review.googlesource.com/c/go/+/395878 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> 
This API was added only for BoringCrypto, never shipped in standard
Go. This API is also not compatible with the expected future evolution
of crypto/x509, as we move closer to host verifiers on macOS and Windows.

If we want to merge BoringCrypto into the main tree, it is best not to
have differing API. So instead of a hook set by crypto/tls, move the
actual check directly into crypto/x509, eliminating the need for
exposed API.

For #51940.

Change-Id: Ia2ae98c745de818d39501777014ea8166cab0b03
Reviewed-on: https://go-review.googlesource.com/c/go/+/395878
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
[dev.boringcrypto] crypto/..., go/build: align deps test with standard rules 2022-04-29T14:23:28+00:00 Russ Cox rsc@golang.org 2022-04-27T13:02:53+00:00 9e9c7a0aec0f821b54006681d4fdfba8a0cd6679 One annoying difference between dev.boringcrypto and master is that there is not a clear separation between low-level (math/big-free) crypto and high-level crypto, because crypto/internal/boring imports both encoding/asn1 and math/big. This CL removes both those problematic imports and aligns the dependency rules in the go/build test with the ones in the main branch. To remove encoding/asn1, the crypto/internal/boring APIs change to accepting and returning encoded ASN.1, leaving crypto/ecdsa to do the marshaling and unmarshaling, which it already contains code to do. To remove math/big, the crypto/internal/boring package defines type BigInt []uint, which is the same representation as a big.Int's internal storage. The new package crypto/internal/boring/bbig provides conversions between BigInt and *big.Int. The boring package can then be in the low-level crypto set, and any package needing to use bignum APIs (necessarily in the high-level crypto set) can import bbig to convert. To simplify everything we hide from the test the fact that crypto/internal/boring imports cgo. Better to pretend it doesn't and keep the prohibitions that other packages like crypto/aes must not use cgo (outside of BoringCrypto). $ git diff origin/master src/go/build/deps_test.go diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go index 6ce872e297..a63979cc93 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -402,9 +402,13 @@ var depsRules = ` NET, log < net/mail; + NONE < crypto/internal/boring/sig; + sync/atomic < crypto/internal/boring/fipstls; + crypto/internal/boring/sig, crypto/internal/boring/fipstls < crypto/tls/fipsonly; + # CRYPTO is core crypto algorithms - no cgo, fmt, net. # Unfortunately, stuck with reflect via encoding/binary. - encoding/binary, golang.org/x/sys/cpu, hash + crypto/internal/boring/sig, encoding/binary, golang.org/x/sys/cpu, hash < crypto < crypto/subtle < crypto/internal/subtle @@ -413,6 +417,8 @@ var depsRules = ` < crypto/ed25519/internal/edwards25519/field, golang.org/x/crypto/curve25519/internal/field < crypto/ed25519/internal/edwards25519 < crypto/cipher + < crypto/internal/boring + < crypto/boring < crypto/aes, crypto/des, crypto/hmac, crypto/md5, crypto/rc4, crypto/sha1, crypto/sha256, crypto/sha512 < CRYPTO; @@ -421,6 +427,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big, embed + < crypto/internal/boring/bbig < crypto/rand < crypto/internal/randutil < crypto/ed25519 @@ -443,7 +450,8 @@ var depsRules = ` < golang.org/x/crypto/hkdf < crypto/x509/internal/macos < crypto/x509/pkix - < crypto/x509 + < crypto/x509; + crypto/internal/boring/fipstls, crypto/x509 < crypto/tls; # crypto-aware packages @@ -653,6 +661,9 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} + if pkg == "crypto/internal/boring" { + haveImport["C"] = true // kludge: prevent C from appearing in crypto/internal/boring imports + } fset := token.NewFileSet() for _, file := range files { name := file.Name() For #51940. Change-Id: I26fc752484310d77d22adb06495120a361568d04 Reviewed-on: https://go-review.googlesource.com/c/go/+/395877 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> 
One annoying difference between dev.boringcrypto and master is that
there is not a clear separation between low-level (math/big-free)
crypto and high-level crypto, because crypto/internal/boring imports
both encoding/asn1 and math/big.

This CL removes both those problematic imports and aligns the
dependency rules in the go/build test with the ones in the main
branch.

To remove encoding/asn1, the crypto/internal/boring APIs change to
accepting and returning encoded ASN.1, leaving crypto/ecdsa to do the
marshaling and unmarshaling, which it already contains code to do.

To remove math/big, the crypto/internal/boring package defines
type BigInt []uint, which is the same representation as a big.Int's
internal storage. The new package crypto/internal/boring/bbig provides
conversions between BigInt and *big.Int. The boring package can then
be in the low-level crypto set, and any package needing to use bignum
APIs (necessarily in the high-level crypto set) can import bbig to
convert.

To simplify everything we hide from the test the fact that
crypto/internal/boring imports cgo. Better to pretend it doesn't and
keep the prohibitions that other packages like crypto/aes must not use
cgo (outside of BoringCrypto).

	$ git diff origin/master src/go/build/deps_test.go
	diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
	index 6ce872e297..a63979cc93 100644
	--- a/src/go/build/deps_test.go
	+++ b/src/go/build/deps_test.go
	@@ -402,9 +402,13 @@ var depsRules = `
	 	NET, log
	 	< net/mail;

	+	NONE < crypto/internal/boring/sig;
	+	sync/atomic < crypto/internal/boring/fipstls;
	+	crypto/internal/boring/sig, crypto/internal/boring/fipstls < crypto/tls/fipsonly;
	+
	 	# CRYPTO is core crypto algorithms - no cgo, fmt, net.
	 	# Unfortunately, stuck with reflect via encoding/binary.
	-	encoding/binary, golang.org/x/sys/cpu, hash
	+	crypto/internal/boring/sig, encoding/binary, golang.org/x/sys/cpu, hash
	 	< crypto
	 	< crypto/subtle
	 	< crypto/internal/subtle
	@@ -413,6 +417,8 @@ var depsRules = `
	 	< crypto/ed25519/internal/edwards25519/field, golang.org/x/crypto/curve25519/internal/field
	 	< crypto/ed25519/internal/edwards25519
	 	< crypto/cipher
	+	< crypto/internal/boring
	+	< crypto/boring
	 	< crypto/aes, crypto/des, crypto/hmac, crypto/md5, crypto/rc4,
	 	  crypto/sha1, crypto/sha256, crypto/sha512
	 	< CRYPTO;
	@@ -421,6 +427,7 @@ var depsRules = `

	 	# CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok.
	 	CRYPTO, FMT, math/big, embed
	+	< crypto/internal/boring/bbig
	 	< crypto/rand
	 	< crypto/internal/randutil
	 	< crypto/ed25519
	@@ -443,7 +450,8 @@ var depsRules = `
	 	< golang.org/x/crypto/hkdf
	 	< crypto/x509/internal/macos
	 	< crypto/x509/pkix
	-	< crypto/x509
	+	< crypto/x509;
	+	crypto/internal/boring/fipstls, crypto/x509
	 	< crypto/tls;

	 	# crypto-aware packages
	@@ -653,6 +661,9 @@ func findImports(pkg string) ([]string, error) {
	 	}
	 	var imports []string
	 	var haveImport = map[string]bool{}
	+	if pkg == "crypto/internal/boring" {
	+		haveImport["C"] = true // kludge: prevent C from appearing in crypto/internal/boring imports
	+	}
	 	fset := token.NewFileSet()
	 	for _, file := range files {
	 		name := file.Name()

For #51940.

Change-Id: I26fc752484310d77d22adb06495120a361568d04
Reviewed-on: https://go-review.googlesource.com/c/go/+/395877
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
[dev.boringcrypto] crypto/internal/boring: make SHA calls allocation-free 2022-04-29T14:23:27+00:00 Russ Cox rsc@golang.org 2022-04-27T13:02:53+00:00 0ec08283c8e3a673d9916c186f8d2f5428846862 The standard Go implementations are allocation-free. Making the BoringCrypto ones the same helps avoid surprises, including in some of our own tests. For #51940. Change-Id: Ic9c5dc46f5e29ca85f571244be2b380ec2cf89c9 Reviewed-on: https://go-review.googlesource.com/c/go/+/395876 Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> 
The standard Go implementations are allocation-free.
Making the BoringCrypto ones the same helps avoid
surprises, including in some of our own tests.

For #51940.

Change-Id: Ic9c5dc46f5e29ca85f571244be2b380ec2cf89c9
Reviewed-on: https://go-review.googlesource.com/c/go/+/395876
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
[dev.boringcrypto] crypto/internal/boring: avoid allocation in big.Int conversion 2022-04-29T14:23:26+00:00 Russ Cox rsc@golang.org 2022-04-27T13:02:53+00:00 3cb10d14b7671ceee374d90ae0d4c3d024838f8a The conversion via byte slices is inefficient; we can convert via word slices and avoid the copy entirely. For #51940. Change-Id: I06f747e0acffffae427d9706d43bdacf146c027d Reviewed-on: https://go-review.googlesource.com/c/go/+/395875 Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> 
The conversion via byte slices is inefficient; we can convert via word slices
and avoid the copy entirely.

For #51940.

Change-Id: I06f747e0acffffae427d9706d43bdacf146c027d
Reviewed-on: https://go-review.googlesource.com/c/go/+/395875
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
[dev.boringcrypto] cmd/dist: default to use of boringcrypto 2022-04-29T14:23:25+00:00 Russ Cox rsc@golang.org 2022-04-27T14:04:55+00:00 509776be5dca8d7ca47cc6ef2e4fc452eb99dc96 The dev.boringcrypto branch has historically forced use of boringcrypto with no additional configuration flags. The previous CL undid that. This CL redoes it, so that direct uses of dev.boringcrypto don't lapse unexpectedly into not having boringcrypto enabled. When dev.boringcrypto is merged into master, we will undo this change as part of the merge, so that the only final difference between master and dev.boringcrypto will be this CL. For #51940. Change-Id: I816593a0b30b4e71093a7da9451bae7807d7167e Reviewed-on: https://go-review.googlesource.com/c/go/+/402597 Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> 
The dev.boringcrypto branch has historically forced use of boringcrypto
with no additional configuration flags. The previous CL undid that.
This CL redoes it, so that direct uses of dev.boringcrypto don't lapse
unexpectedly into not having boringcrypto enabled.

When dev.boringcrypto is merged into master, we will undo this change
as part of the merge, so that the only final difference between master
and dev.boringcrypto will be this CL.

For #51940.

Change-Id: I816593a0b30b4e71093a7da9451bae7807d7167e
Reviewed-on: https://go-review.googlesource.com/c/go/+/402597
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
[dev.boringcrypto] all: add boringcrypto build tags 2022-04-29T14:23:22+00:00 Russ Cox rsc@golang.org 2022-04-27T13:02:52+00:00 f4c0f42f99476ed1621527f04364610ed2acf6bb A plain make.bash in this tree will produce a working, standard Go toolchain, not a BoringCrypto-enabled one. The BoringCrypto-enabled one will be created with: GOEXPERIMENT=boringcrypto ./make.bash For #51940. Change-Id: Ia9102ed993242eb1cb7f9b93eca97e81986a27b3 Reviewed-on: https://go-review.googlesource.com/c/go/+/395881 Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> 
A plain make.bash in this tree will produce a working,
standard Go toolchain, not a BoringCrypto-enabled one.

The BoringCrypto-enabled one will be created with:

	GOEXPERIMENT=boringcrypto ./make.bash

For #51940.

Change-Id: Ia9102ed993242eb1cb7f9b93eca97e81986a27b3
Reviewed-on: https://go-review.googlesource.com/c/go/+/395881
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
[dev.boringcrypto] cmd/go: pass dependency syso to cgo too 2022-04-29T14:23:21+00:00 Russ Cox rsc@golang.org 2022-04-27T13:02:52+00:00 1f0547c4ec4fe18d46192d8c670190111b1d3d79 Proposal #42477 asked for a way to apply conditional build tags to syso files (which have no source code to hold //go:build lines). We ended up suggesting that the standard answer should be to put the syso in its own package and then import that package from a source file that is itself conditionally compiled. A followup comment on that issue pointed out a problem that I did not understand until I tried to use this approach myself: the cgo build fails by default, because the link step only uses syso files from the current package. You have to override this explicitly by arranging to pass a “ignore unresolved symbols” flag to the host linker. Many users will not know how to do this. (I don't know how to do this off the top of my head.) If we want users to use this approach, we should make it work better. This CL does that, by including the syso files from dependencies of the current package in the link step. For #51940. Change-Id: I53a0371b2df17e39a000a645b7686daa6a98722d Reviewed-on: https://go-review.googlesource.com/c/go/+/402596 Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> 
Proposal #42477 asked for a way to apply conditional build tags
to syso files (which have no source code to hold //go:build lines).

We ended up suggesting that the standard answer should be to
put the syso in its own package and then import that package from
a source file that is itself conditionally compiled.

A followup comment on that issue pointed out a problem that I did
not understand until I tried to use this approach myself: the cgo
build fails by default, because the link step only uses syso files from
the current package. You have to override this explicitly by arranging
to pass a “ignore unresolved symbols” flag to the host linker.
Many users will not know how to do this.
(I don't know how to do this off the top of my head.)

If we want users to use this approach, we should make it work better.
This CL does that, by including the syso files from dependencies of
the current package in the link step.

For #51940.

Change-Id: I53a0371b2df17e39a000a645b7686daa6a98722d
Reviewed-on: https://go-review.googlesource.com/c/go/+/402596
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>