build(deps): bump github.com/emmansun/gmsm from 0.42.0 to 0.43.0

[dependabot]

Bumps github.com/emmansun/gmsm from 0.42.0 to 0.43.0.

Release notes

Sourced from github.com/emmansun/gmsm's releases.

v0.43.0 (2026-05-19)

v0.43.0

This release delivers major performance improvements across ML-KEM (arm64/amd64), ML-DSA (arm64/amd64), SM9 pairing, ZUC, and SM4, alongside two new packages (rand and tls13), an enhanced DRBG strategy mode, and internal API refinements.

Highlights

• New rand package: cryptographically secure random number generator backed by GM/T 0105-2021 Hash-DRBG, with multi-source entropy hardening (OS, CPU jitter, and hash loop noise) and on-startup self-test
• New tls13 package: TLS 1.3 key exchange primitives (including SM2/ECDH/X25519/Hybrid ECDH + ML-KEM support)
• SM9 pairing speedup: G2 precomputation reduces Miller loop cost by ~27% and full pairing cost by ~15% when the G2 point (private/public key) is fixed
• ML-KEM arm64 NEON optimizations: compress/encode (4/5/10/11-bit), decompress/decode, rejUniform, sampleNTT, ringCompressAndEncode1
• ML-KEM amd64 AVX2 optimizations: compress/encode (10/11-bit), sampleNTT with precomputed twiddles
• ML-DSA arm64 NEON optimizations: bitUnpack (signed 2^17/2^19), vectorMakeHint, nttMatRowVecMul
• ML-DSA amd64 AVX2 optimizations: batch 2 (second wave of functions)
• DRBG strategy mode (DrbgMode interface): separates GM/T 0105-2021 from NIST SP 800-90A behaviour without modifying core DRBG logic
• DRBG API refinement: Generate now returns (reseedRequired bool, err error) instead of conflating a control-flow signal with an error value
• SM4 ppc64 fixes: test case correctness fixes for big-endian ppc64 GCM
• ZUC asm improvements: amd64/arm64 LFSR restore optimized for readability and performance
• s390x bigmod: vector addMulVVWy implementation

New Packages

rand

A drop-in replacement for crypto/rand backed by a per-CPU GM/T 0105-2021 Hash-DRBG pool. Key properties:

• Entropy hardening: OS, CPU jitter, and hash loop noise entropy source
• On-startup DRBG known-answer self-test (GM/T 0105-2021 test vectors)
• Automatic reseed on counter/time interval expiry
• rand.Reader and rand.Read as the primary API surface

tls13

Key exchange primitives for TLS 1.3, including SM2, ECDH (P-256/P-384/P-521), X25519 and Hybrid ECDH + ML-KEM.

Performance

SM9 (internal/sm9/bn256)

G2 precomputation (PrecomputeG2 / PairPrecomp) caches all 77 line evaluation coefficients for a fixed G2 twist point, eliminating G2 point arithmetic from the Miller loop at pairing time.

Benchmark	Before	After	Δ
BenchmarkMiller	158,340 ns	115,918 ns	-27%
BenchmarkPairing (full)	300,079 ns	254,992 ns	-15%
PrecomputeG2	—	46,131 ns	one-time cost

Applied automatically to EncryptPrivateKey (lazy-init on first use via sync.Once) and gen2Precomp (package-level precomputed Gen2).

GT.ScalarMult / GT.ScalarBaseMult now delegate to ScalarMultGT (4-bit window + Cyclo6Squares), replacing the previous binary gfP12.Exp with general squaring.

... (truncated)

Commits

• b3b6fe1 Merge pull request #495 from emmansun/develop
• fd8af7d doc: pqc en version and copilot instructiions
• 43d238f doc: pqc
• 7821693 doc: zuc add GXM and MUR
• 9a4ba23 Merge pull request #494 from emmansun/develop
• ed7d7bc dbrg: deprecated ErrReseedRequired
• 9138546 drbg: refactor setZero method
• d52488c internal/sm9: G2 precomputation
• 98eb6ad doc: align workflow name
• 8ab0fb7 internal/sm4: fix ppc64be issue
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)