sync: merge changes from go 1.24.0

2025-04-03 20:17:36 +03:00 · 2025-03-01 00:13:08 -07:00 · 2025-03-01 00:13:08 -07:00 · a99feacec2
commit a99feacec2
parent 8bcf883680 51c7999d81
50 changed files with 2505 additions and 2734 deletions
--- a/cipher_suites.go
+++ b/cipher_suites.go
@ -10,8 +10,6 @@ import (
 	"crypto/cipher"
 	"crypto/des"
 	"crypto/hmac"
-
-	// "crypto/internal/boring"
 	"crypto/rc4"
 	"crypto/sha1"
 	"crypto/sha256"
@ -236,7 +234,7 @@ var cipherSuitesTLS13 = []*cipherSuiteTLS13{ // TODO: replace with a map.
 //   - Anything else comes before CBC_SHA256
 //
 //     SHA-256 variants of the CBC ciphersuites don't implement any Lucky13
-//     countermeasures. See http://www.isg.rhul.ac.uk/tls/Lucky13.html and
+//     countermeasures. See https://www.isg.rhul.ac.uk/tls/Lucky13.html and
 //     https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
 //
 //   - Anything else comes before 3DES
@ -368,15 +366,13 @@ var tdesCiphers = map[uint16]bool{
 }

 var (
-	hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ
+	// Keep in sync with crypto/internal/fips140/aes/gcm.supportsAESGCM.
+	hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ && cpu.X86.HasSSE41 && cpu.X86.HasSSSE3
 	hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
-	// Keep in sync with crypto/aes/cipher_s390x.go.
-	hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR &&
-		(cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM)
+	hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCTR && cpu.S390X.HasGHASH
+	hasGCMAsmPPC64 = runtime.GOARCH == "ppc64" || runtime.GOARCH == "ppc64le"

-	hasAESGCMHardwareSupport = runtime.GOARCH == "amd64" && hasGCMAsmAMD64 ||
-		runtime.GOARCH == "arm64" && hasGCMAsmARM64 ||
-		runtime.GOARCH == "s390x" && hasGCMAsmS390X
+	hasAESGCMHardwareSupport = hasGCMAsmAMD64 || hasGCMAsmARM64 || hasGCMAsmS390X || hasGCMAsmPPC64
 )

 var aesgcmCiphers = map[uint16]bool{
@ -526,7 +522,10 @@ func aeadAESGCM(key, noncePrefix []byte) aead {
 		aead, err = boring.NewGCMTLS(aes)
 	} else {
 		boring.Unreachable()
+		// [uTLS] SECTION BEGIN
+		// aead, err = gcm.NewGCMForTLS12(aes.(*fipsaes.Block))
 		aead, err = cipher.NewGCM(aes)
+		// [uTLS] SECTION END
 	}
 	if err != nil {
 		panic(err)
@ -555,7 +554,16 @@ func aeadAESGCMTLS13(key, nonceMask []byte) aead {
 	if err != nil {
 		panic(err)
 	}
-	aead, err := cipher.NewGCM(aes)
+	var aead cipher.AEAD
+	if boring.Enabled {
+		aead, err = boring.NewGCMTLS13(aes)
+	} else {
+		boring.Unreachable()
+		// [uTLS] SECTION BEGIN
+		// aead, err = gcm.NewGCMForTLS13(aes.(*fipsaes.Block))
+		aead, err = cipher.NewGCM(aes)
+		// [uTLS] SECTION END
+	}
 	if err != nil {
 		panic(err)
 	}