Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: rewrite the parser to use x/crypto/cryptobyte #44299

Open
rolandshoemaker opened this issue Feb 16, 2021 · 2 comments
Open

crypto/x509: rewrite the parser to use x/crypto/cryptobyte #44299

rolandshoemaker opened this issue Feb 16, 2021 · 2 comments

Comments

@rolandshoemaker
Copy link
Member

@rolandshoemaker rolandshoemaker commented Feb 16, 2021

A x/crypto/cryptobyte parser has two advantages over an encoding/asn1 based parser: significant performance improvement due to avoiding reflection, and a much stricter profile/narrower security surface by only needing to support the X.509 profile rather than supporting all of the generic ASN.1 features.

https://go-review.googlesource.com/c/go/+/274234 contains a WIP rewrite which shows around 65% performance improvement and 70% reduction in memory allocations when parsing a typical web PKI certificate.

@rolandshoemaker
Copy link
Member Author

@rolandshoemaker rolandshoemaker commented Feb 16, 2021

Improving the performance of the parser could also address #35504, and if not exposing the cryptobyte based SAN parser to the tls package could also be a viable solution.

@gopherbot
Copy link

@gopherbot gopherbot commented Feb 24, 2021

This issue is currently labeled as early-in-cycle for Go 1.17.
That time is now, so a friendly reminder to look at it again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants