Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/ooni/oocrypto
Fork of Go crypto/tls with extra patches from the OONI team
https://github.com/ooni/oocrypto
Updates #20164.
Change-Id: Ib900095e7885f25cd779750674a712c770603ca8
Reviewed-on: https://go-re...
Implements detection of x86 cpu features that
are used in the go standard library.
Changes all ...
3f0f83b29ee158b2174625696b0b84e556db898d authored over 7 years ago by Martin Möhrmann <[email protected]>Updates text from https://golang.org/cl/42511
Updates #14395
Change-Id: I711100525e074ab360e57...
b10c9a6746e42d7b8edd521808b047ca726bf5cf authored over 7 years ago by Brad Fitzpatrick <[email protected]>
This change explicitly documents that DES, MD5, RC4 and SHA-1 are
insecure / broken - at all or ...
Add the ability to override the default file and directory from
which certificates are loaded by...
This updates sha256.block and sha512.block to use vector instructions. While
each round must st...
There were a number of places in crypto/x509 that used hardcoded
representations of the ASN.1 NU...
Change-Id: I24c824edd8af6311a4eff44ef4bb28d73a91c68e
Reviewed-on: https://go-review.googlesource...
Patch from Vlad Krasnov and confirmed to be under CLA.
Fixes #20040.
Change-Id: Ieb8436c4dcb66...
24bb24070c0b7691064a73b983bc3bada6ed5ea8 authored over 7 years ago by Adam Langley <[email protected]>In the newest AES implementation in asm for ppc64le, this part
MOVW $·rcon(SB), PTR
should be
...
Users (like myself) may be tempted to think the higher-numbered curve
is somehow better or more ...
Change-Id: Ic9d65206ec27f6d54bb71395802929e9c769e80a
Reviewed-on: https://go-review.googlesource...
For consistency with the other named types in this package, this
change renames the unexported r...
Using GetClientCertificate with the http client is currently completely
broken because inside th...
Fixes golang/go#19060
Change-Id: I1844edc3dcccc8d83a11d1145b60b2b92f2658ca
Reviewed-on: https://...
The checkAVX2 test doesn't appear to be correct,
because it always returns the value of support_...
An io.Reader does not guarantee that it will read in the entire buffer.
To ensure that property,...
doEncryptKeyAsm is tail-called from other assembly routines.
Give it a proper prototype so that ...
name old time/op new time/op delta
Hash8Bytes-6 913ns ± 0% 667ns ± 0% ...
The code previously tested only whether DNS-name SANs were present in a
certificate which is onl...
This change contains a very minor tidy-up to a test.
Change-Id: I3a8c0168bcdcbf90cacbbac2566c84...
da705f20fc4d5bb6d9c67ef1da7b726b848069ba authored almost 8 years ago by Adam Langley <[email protected]>Recently, a commit (85ecc51c) changed the instruction from VORL to VOR.
Fixes #19014
Change-Id...
2be50947ae9e44cbe8f09c3441b7df8195447140 authored almost 8 years ago by Paulo Flabiano Smorigo <[email protected]>
Add asm implementation for AES in order to make use of VMX cryptographic
acceleration instructio...
There's no need to hold the handshake lock across this call and it can
lead to deadlocks if the ...
Change-Id: I67589cb9e728e6c7df5ef6e981189193154338d3
Reviewed-on: https://go-review.googlesource...
Fixes #18899.
Change-Id: I6a4bf0aad9cf1dbe6691ba4e4c478fcb33c44528
Reviewed-on: https://go-revi...
Change-Id: I20f4419ca377ee9428075e42db0bad46a75d983f
Reviewed-on: https://go-review.googlesource...
The AuthorityKeyId value from the template was used by
CreateCertificate, but that wasn't docume...
Link in the description of TLSUnique field of ConnectionState struct
leads to an article that is...
This change clarifies that only ticket-based resumption is supported by
crypto/tls. It's not cle...
We added CentOS 7's /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
to the list in response to...
Change-Id: Ib47e295e8646b769c30fd81e5c7f20f964df163e
Reviewed-on: https://go-review.googlesource...
For detailed explanation of the adopted (Eric Young's) algorithm,
see http://ftp.nluug.nl/securi...
SNI values may not include a trailing dot according to
https://tools.ietf.org/html/rfc6066#secti...
X.509v1 certificates are ancient and should be dead. (They are even
prohibited by the Baseline r...
ConnectionState.NegotiatedProtocol's documentation implies that it will
always be from Config.Ne...
Updates #18609
Change-Id: I8306135660f52cf625bed4c7f53f632e527617de
Reviewed-on: https://go-rev...
As is, they were fully vulnerable to the Lucky13 attack. The SHA1
variants implement limited cou...
Somehow this file didn't get gofmted after the last change, which
interferes with merges.
Chang...
3b3a3f95869d5964c103af77895dc0b28fec4a80 authored almost 8 years ago by Austin Clements <[email protected]>
The existing implementations on AMD64 only detects AVX2 usability,
when they also contains BMI (...
Also tweak one of the comment lines to fit in 80 characters.
Change-Id: I9c6d2028c29318ba926448...
432c05cfa49070b6f74ae224e1d08f51a1ad11c4 authored about 8 years ago by Kevin Burke <[email protected]>
Piping into security verify-cert only worked on macOS Sierra, and was
flaky for unknown reasons....
Change-Id: Id0044c45c23c12ee0bca362a9cdd25369ed7776c
Reviewed-on: https://go-review.googlesource...
Change-Id: I9e24a28b4daee5d6e1e4769547922a1a253b4ffc
Reviewed-on: https://go-review.googlesource...
This is required by RFC 5280.
Fixes #16686
Change-Id: I291c68dd97410a4f7ae7c4e524b91a2493ac50a...
7170a2edc98691272c7183d87e1ae06775226f25 authored about 8 years ago by Martin Kreichgauer <[email protected]>Fixes #17938
Change-Id: Iad12155f4976846bd4a9a53869f89e40e5b3deb3
Reviewed-on: https://go-revie...
150 is too high for some people.
Reports of 132, 145, 149 on OS X.
Fixes #18203
Change-Id: I5...
39dc3a361ba9e03c4df19c4a591e0b139c1486bc authored about 8 years ago by Brad Fitzpatrick <[email protected]>Fixes #16821.
Change-Id: I63d5f3d7cfba1c76259912d754025c5f3cbe4a56
Reviewed-on: https://go-revi...
Previously it was possible to craft a DSA private key that would cause
Sign() to loop forever be...
Darwin separately stores bits indicating whether a root certificate
should be trusted; this chan...
Some countermeasures were implemented in https://golang.org/cl/18130
Updates #13385
Change-Id:...
b0abfdb6d964708ebecc179e89a231dd6af8b8bb authored about 8 years ago by Brad Fitzpatrick <[email protected]>
After x.ProbablyPrime(n) passes the n Miller-Rabin rounds,
add a Baillie-PSW test before declari...
The SignedCertificateTimestampList[1] specifies that both the list and
each element must not be ...
When the CT extension is enabled but no SCTs are present, the existing
code calls "continue" whi...
For #13057.
Change-Id: Idbc50d5b08e055a23ab7cc9eb62dbc47b65b1815
Reviewed-on: https://go-review...
Fixes #17900.
Change-Id: I42cda6ac9cf48ed739d3a015a90b3cb15edf8ddf
Reviewed-on: https://go-revi...
The tree is inconsistent about single l vs double l in those
words in documentation, test messag...
Fix spelling of "original" and "occurred" in new gofmt docs. The same
misspelling of "occurred" ...
A paranoid go at constant time implementation of P256 curve.
This code relies on z13 SIMD instr...
8b4d84a71bc53677ede1a8c0675b2f16fbfa3889 authored about 8 years ago by Volodymyr Paprotski <[email protected]>
CL 32871 updated the default cipher suites to use AES-GCM in
preference to ChaCha20-Poly1305 on ...
Support for ChaCha20-Poly1305 ciphers was recently added to crypto/tls.
These ciphers are prefer...
Reportedly, -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1060
is problematic.
It ...
c543a9a2d24c5ab1a366afac755ec5b962b9efec authored about 8 years ago by Brad Fitzpatrick <[email protected]>Continuation of CL 20111.
Change-Id: Ie2f62237e6ec316989c021de9b267cc9d6ee6676
Reviewed-on: htt...
I used the slowtests.go tool as described in
https://golang.org/cl/32684 on packages that stood ...
This matches exposing CertificateInvalidError.Cert.
and (exposing but not the spelling of) Hostn...
No functional changes.
Change-Id: Ibf592c04be506a76577d48574e84ab20c3238b49
Reviewed-on: https:...
Adds an assembly implementation of sha256.block for ppc64le to improve its
performance. This im...
Adds an assembly implementation of sha512.block for ppc64le to improve its
performance. This im...
Currently, the selection of a client certificate done internally based
on the limitations given ...
The SignatureAndHashAlgorithm from TLS 1.2[1] is being changed to
SignatureScheme in TLS 1.3[2]....
Since a root certificate is self-signed, it's a valid child of itself.
If a root certificate app...
The CloseWrite method sends a close_notify alert record to the other
side of the connection. Thi...
By using these utility functions, the code can be made a little shorter.
Thanks to Omar Shafie f...
Fixes #17430
Change-Id: Ia1c25363d64e3091455ce00644438715aff30a0d
Reviewed-on: https://go-revie...
While we're here, use test[%d] in place of #%d.
Change-Id: Ie30afcab9673e78d3ea7ca80f5e662fbea8...
87dd83df42bcf0bfd803fb35b76cf36de49b2264 authored about 8 years ago by Josh Bleecher Snyder <[email protected]>
VerifyPeerCertificate returns an error if the peer should not be
trusted. It will be called afte...
Change-Id: I22f0f3e792052762499f632571155768b4052bc9
Reviewed-on: https://go-review.googlesource...
Now that we have the Clone method on tls.Config, net/http doesn't need
any custom functions to d...
This change enables the ChaCha20-Poly1305 cipher suites by default. This
changes the default Cli...
GetConfigForClient allows the tls.Config to be updated on a per-client
basis.
Fixes #16066.
Fix...
Although an AEAD, in general, can be used concurrently in both the seal
and open directions, TLS...
This reverts commit c6185aa63217c84a1a73c578c155e7d4dec6cec8. That
commit seems to be causing fl...
This change adds support for the ChaCha20-Poly1305 AEAD to crypto/tls,
as specified in https://t...
The CloseWrite method sends a close_notify alert record to the other
side of the connection. Thi...
Fixes #16736
Change-Id: I335d201e3f6738d838de3881087cb640fc7670e8
Reviewed-on: https://go-revie...
Adds a test to check that block cipher modes accept a zero-length
input.
Fixes #17435.
Change-...
1b0e1463755892f5940c19d5597d3a3bdba1b1cc authored about 8 years ago by Michael Munday <[email protected]>
Since this changes the offered curves in the ClientHello, all the test
data needs to be updated ...
X25519 (RFC 7748) is now commonly used for key agreement in TLS
connections, as specified in
htt...
When updating the test data against OpenSSL, the handshake can fail and
the stdout/stderr output...
We will need OpenSSL 1.1.0 in order to test some of the features
expected for Go 1.8. However, 1...
The Subject and Issuer names in a certificate look like they should be a
list of key-value pairs...
Fixes #14955.
Change-Id: I157432584bb51088bec565f6bb9e64348345cff9
Reviewed-on: https://go-revi...
RHEL 7 introduces a new tool, update-ca-trust(8), which places the
certificate bundle in a new l...
Also adds two tests: one to exercise the counter incrementing code
and one which checks the outp...
The aim is to make the decrypt() timing profile constant, irrespective of
the CBC padding length...
The code comment mixed up max and min. In this case, min is correct
because this entropy is only...
Currently, if a certificate contains no names (that we parsed),
verification will return the con...
This change brings the behaviour of X.509 name constraints into line
with NSS[1]. In this area, ...
Since there's no aspect of key logging that OpenSSL can check for us,
the tests for it might as ...
readRecord was not returning early if c.in.decrypt failed and ran
through the rest of the functi...