Update submodule to latest master in microsoft/main

[microsoft-golang-bot]

Hi! I'm a bot, and this is an automatically generated upstream sync PR. 🔃

After submitting the PR, I will attempt to enable auto-merge in the "merge commit" configuration.

For more information, visit sync documentation in microsoft/go-infra.

[microsoft-golang-review-bot]

Thanks! Auto-approving.

[dagood]

Some test failures with the opensslcrypto and cngcrypto backends.

Note that oddly, linux-amd64 test (ubuntu) [opensslcrypto] didn't fail, even though it's configured to use opensslcrypto.

golang/go@650abbc

[karianna]

Some test failures with the opensslcrypto and cngcrypto backends.

Note that oddly, linux-amd64 test (ubuntu) [opensslcrypto] didn't fail, even though it's configured to use opensslcrypto.

golang/go@650abbc

Should we be concerned about this drift or do we reconcile closer to a release?

[dagood]

On July 23, the upstream master branch opened for 1.24 development, and branch reopening generally seems to cause a small spike in commits that have higher amounts of incompatibilities than usual. This PR opened after that, July 31, so this seems expected. This is also the furthest away we'll be from the next major version, so it works out. 😄

Going after conflicts/errors as soon as possible is always better overall. The only potential waste that can happen often is if there's an upstream issue, someone finds it and fixes it, but we spent time investigating without realizing that.

Quim normally deals with resolving test issues, so I might not have a full picture historically.

I do have a submodule update PR open that gets a bit further and runs into a known issue(/missing feature) that will need to be done: #1289. I think it can wait until Quim is available. (Even if I implement it, to review.) /cc @gdams

[qmuntal]

Note that upstream added TLS1.3 support when TLS FIPS-only mode is enabled: https://go-review.googlesource.com/c/go/+/603376. This means that we can drop the 0010-Support-TLS-1.3-in-fipstls-mode patch.

On the other hand, upstream doesn't support the P-521 curve because it is not a recommended curve to be used with TLS 1.3, although it is allowed. We have historically allowed it to be aligned with Windows and OpenSSL supported curves. Now we have another data point to support this stance: the SymCrypt provider for OpenSSL also allows P-521 (see here).

Back to this PR: I'll remove the aforementioned patch so we don't conflict with the incoming changes. I'll then submit a follow up PR that reenables P-521.

[dagood]

Restored 07e4fd0. (git fetch msft 07e4fd05bb4c3deb46641f055a573d7f8a729d49; git push msft 07e4fd05bb4c3deb46641f055a573d7f8a729d49:refs/heads/dev/auto-sync/microsoft/main -f.)

• I'll take a look at Auto-sync script shouldn't overwrite ongoing fixup work #68 today. (Particularly because I've been working with the GitHub API recently.) A lot of CI progress has been wiped out over time. 🙁

[qmuntal]

I'll take a look at #68 today.

That would be very much appreciated!