Skip to content

Bump github.com/emmansun/gmsm from 0.41.1 to 0.42.0 in the gmsm-dependencies group#34

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gmsm-dependencies-87796d73a0
Open

Bump github.com/emmansun/gmsm from 0.41.1 to 0.42.0 in the gmsm-dependencies group#34
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gmsm-dependencies-87796d73a0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 21, 2026
edited
Loading

Bumps the gmsm-dependencies group with 1 update: github.com/emmansun/gmsm.

Updates github.com/emmansun/gmsm from 0.41.1 to 0.42.0

Release notes

Sourced from github.com/emmansun/gmsm's releases.

PQC Performance Improvement

This release focuses on platform‑specific performance improvements for our post‑quantum and symmetric implementations:

  • ML‑KEM / ML‑DSA benefit from significant speedups on common server platforms:
    • AMD64: new AVX2 vectorized paths (NTT and hot loops).
    • ARM64: new NEON vectorized paths (NTT and common primitives).
  • ARM64 SM4‑CTR performance has been improved with platform‑specific tuning (higher throughput on typical workloads).
  • No public API/ABI changes; just update the dependency version as usual.

Highlights

  • ML‑KEM / ML‑DSA vectorization
    • On AMD64, AVX2 support is detected and used automatically when available.
    • On ARM64, NEON support is detected and used automatically on most modern ARM64 servers and devices.
    • Affected packages: mlkem and mldsa (no change to slhdsa).
  • SM4‑CTR on ARM64 with SM4NI support
    • Platform‑specific tuning for SM4‑CTR on ARM64 to improve instruction scheduling and pipeline utilization.
    • Users of SM4 via cipher.BlockMode/Stream benefit transparently.

Compatibility and dependencies

  • Minimum Go version: unchanged (1.24+ by default).
  • No breaking changes; compatible with existing integrations (e.g., smx509/pkcs7 usage).

本版本主要对后量子密码算法与传统对称算法进行了面向生产环境的平台优化:

  • ML‑KEM / ML‑DSA(模块格)在常见服务器平台上获得显著的性能提升:
    • AMD64:新增 AVX2 向量化路径(NTT 与热点循环)。
    • ARM64:新增 NEON 向量化路径(NTT 与常用原语)。
  • ARM64 上的 SM4‑CTR 模式进行了专项性能优化(典型负载可获得更高的吞吐)。
  • 不含 ABI/公开 API 变更;升级方式为更新依赖版本即可。

优化点说明

  • ML‑KEM / ML‑DSA 的向量化
    • 在 AMD64 上检测 AVX2 特性并启用向量化实现(在支持 AVX2 的 CPU 上自动生效)。
    • 在 ARM64 上检测 NEON 特性并启用向量化实现(适用于绝大多数现代 ARM64 服务器与客户端设备)。
    • 涉及的包:mlkem、mldsa(与 slhdsa 无关)。
  • SM4‑CTR(ARM64,支持SM4NI扩展)
    • 针对 ARM64 平台的 SM4‑CTR 进行指令调度与流水线相关的性能优化。
    • 作为 SM4 的基础实现的一部分,支持在 Go 标准库的 cipher.BlockMode/Stream 等模式下透明受益。

兼容性与依赖

  • 最低 Go 版本要求:与上一版本保持一致(沿用 1.24+ 的要求)。
  • 不影响与 smx509/pkcs7 等包的兼容性。
Commits
  • d24f7c6 Merge pull request #476 from emmansun/develop
  • fb6f37f internal/sm4: fix encoding issue
  • 30e9df2 internal/sm4: still use VTBL but remove dependencies
  • a8a527c internal/sm4: optimize SM4_TAO_L1
  • 205acca ci: arm64 bench both sm4ni and no-sm4ni
  • a8ee833 ci: arm64 sm3 bench both sm3ni & no-sm3ni
  • a3f0e49 mldsa: remove useless code
  • e41597c mlkem: remove useless code
  • 29d7834 Merge pull request #475 from emmansun/main
  • 9aa165f mlkem: fix instruction opcode issue #465
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump github.com/emmansun/gmsm in the gmsm-dependencies group
bbbbb98 
Bumps the gmsm-dependencies group with 1 update: [github.com/emmansun/gmsm](https://github.com/emmansun/gmsm).


Updates `github.com/emmansun/gmsm` from 0.41.1 to 0.42.0
- [Release notes](https://github.com/emmansun/gmsm/releases)
- [Commits](emmansun/gmsm@v0.41.1...v0.42.0)

---
updated-dependencies:
- dependency-name: github.com/emmansun/gmsm
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gmsm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants