crypto/x509: rewrite the parser to use x/crypto/cryptobyte #44299
Labels
early-in-cycle
A change that should be done early in the 3 month dev cycle.
FrozenDueToAge
NeedsFix
The path to resolution is known, but the work has not been done.
Milestone
A x/crypto/cryptobyte parser has two advantages over an encoding/asn1 based parser: significant performance improvement due to avoiding reflection, and a much stricter profile/narrower security surface by only needing to support the X.509 profile rather than supporting all of the generic ASN.1 features.
https://go-review.googlesource.com/c/go/+/274234 contains a WIP rewrite which shows around 65% performance improvement and 70% reduction in memory allocations when parsing a typical web PKI certificate.
The text was updated successfully, but these errors were encountered: