After renegotiation support was added (af125a5193c) it's possible for a
Write to block on a Read...

See https://groups.google.com/d/topic/golang-nuts/stbum5gZbAc/discussion

Change-Id: I2e78e8d0da...

Updates #16360.

Change-Id: I75714d2b5f095fe39fd81edfa6dd9e44d7c44da1
Reviewed-on: https://go-re...

If there are too few primes of the given length then it can be
impossible to generate an RSA key...

Change-Id: I70beb844cd6928dbfbfd8de365e0cb708e54f71e
Reviewed-on: https://go-review.googlesource...

Since 2a8c81ff handshake messages are not written directly to wire but
buffered. If an error ha...

Concurrent use of tls.Config is allowed, and may lead to
KeyLogWriter being written to concurren...

The maximum input plaintext for GCM is 64GiB - 64. Since the GCM
interface is one-shot, it's ver...

In Go 1.0, the Config struct consisted only of exported fields.

In Go 1.1, it started to grow p...

The goal for these examples is to show how to mirror the
functionality of the sha256sum Unix uti...

Fix bug in UnknownAuthorityError.Error that would never allow Org
Name to be inserted into error...

This change makes sure that tests are run with the correct
version of the go tool. The correct ...

Updates #14595

Change-Id: Idf60b3004c7a0ebb59dd48389ab62c854069e09f
Reviewed-on: https://go-rev...

The existing implementation used a pure go implementation, leading to slow
cryptographic perform...

Add support for writing TLS client random and master secret
in NSS key log format.

https://deve...

Add missing function prototypes.
Fix function prototypes.
Use FP references instead of SP refere...

Found by vet.

Updates #11041

Change-Id: I5217b3e20c6af435d7500d6bb487b9895efe6605
Reviewed-on:...

In other systems, putting a leaf certificate in the root store works to
express that exactly tha...

For some reason, ISO decided to duplicate the OID for RSA+SHA1. Most
pertinantly, the makecert.e...

If SetSessionTicketKeys was called on a fresh tls.Config, the configured
keys would be overridde...

This was pointed out in https://go-review.googlesource.com/#/c/27315/1
but I changed and uploade...

These were new with TLS 1.2 and, reportedly, some servers require it.
Since it's easy, this chan...

Although the term “RSA” is almost synonymous with PKCS#1 v1.5, that
standard is quite flawed, cr...

The RFC is clear that the Parameters in an AlgorithmIdentifer for an RSA
public key must be NULL...

subtle.ConstantTimeCompare now tests the length of the inputs (although
it didn't when this code...

If the SerialNumber is nil in the template then the resulting panic is
rather deep in encoding/a...

Moves the state.ServerName assignment to outside the if
statement that checks for handshakeCompl...

Fixes (legit) vet warnings.
Fix some verb tenses while we're here.

Updates #11041

Change-Id: I...

Give *recordingConn the correct WriteTo signature
to be an io.WriterTo. This makes vet happy.
It...

Change-Id: Iedf9000e3bb1fa73b4c3669eae846e85f1f5fdfe
Reviewed-on: https://go-review.googlesource...

VPSHUFD should take an unsigned argument to be consistent with
PSHUFD. Also fix all usage.

Fixe...

https://golang.org/cl/25233 was detecting the OS X release at compile
time, not run time. Detect...

Conservative fix for the OS X 10.8 crash. We can unify them back together
during the Go 1.8 dev ...

Change-Id: I2b7a81cb809d109f10d5f0db957c614f466d6bfd
Reviewed-on: https://go-review.googlesource...

I believe it's necessary to use a buffer size smaller than 64KB because
(at least some versions ...

This fixes some 40 warnings from go vet.

Fixes #16134.

Change-Id: Ib9fcba275fe692f027a2a07b581...

I don't see how the call could fail, so, no test. Just a code cleanup in
case it can fail in the...

Change-Id: I68d66fccf9cc8f7137c92b94820ce7d6f478a185
Reviewed-on: https://go-review.googlesource...

This change causes TLS handshake messages to be buffered and written in
a single Write to the un...

This fixes `go test go/types`.

https://golang.org/cl/23487/ introduced this code which contains...

The Windows builders run the throughput benchmarks really slowly with a
64kb buffer. Lowering it...

Commit fa3543e introduced formatting errors.

Change-Id: I4b921f391a9b463cefca4318ad63b70ae6ce68...

Fixes #15864.

Change-Id: Ic12aa3654bf0b7e4a26df20ea92d07d7efe7339c
Reviewed-on: https://go-revi...

The current code, introduced after Go 1.6 to improve latency on
low-bandwidth connections, sends...

AVX2 variant reads next blocks while calculating current block.
Avoid reading past the end of da...

Instead, decline the session and do a full handshake. The semantics of
cross-version resume are ...

in root_cgo_darwin.go only certificates from the System Domain
were being used in FetchPEMRoots....

The fact that crypto/ecdsa.Verify didn't reject negative inputs was a
mistake on my part: I had ...

Update the doc for CreateCertificateRequest
to state that it creates a
`new certificate reques...

Fixes #15348

Change-Id: I9e0e1e3a26fa4cd697d2c613e6b4952188b7c7e1
Reviewed-on: https://go-revie...

Updates #15617

Change-Id: I2104776f8e789d987b4f2f7f08f2ebe979b747a1
Reviewed-on: https://go-rev...

The decryption example for AES-GCM was not executed, hiding the fact
that the provided ciphertex...

name old time/op new time/op delta
Hash8Bytes-48 271ns ± 8% 273ns ± ...

name old time/op new time/op delta
Hash8Bytes-4 376ns ± 0% 246ns ± 0% -3...

This commit adds the new 'ctrAble' interface to the crypto/cipher
package. The role of ctrAble i...

This commit adds the cbcEncAble and cbcDecAble interfaces that
can be implemented by block ciphe...

This change adds Config.Renegotiation which controls whether a TLS
client will accept renegotiat...

Adapted from md5block_amd64.s.

name old speed new speed delta
Hash8By...

Renames block to blockGeneric so that it can be called when the
assembly feature check fails. Th...

Renames block to blockGeneric so that it can be called when the
assembly feature check fails. Th...

This reverses the change to this benchmark made in 9b6bf20.

Change-Id: I79ab88286c3028d3be56195...

Use the compute intermediate message digest (KIMD) instruction
when possible. Adds test to check...

This change improves the performance of the block
function used within crypto/md5 on ppc64le. T...

Adds support for single block encryption using the cipher message
(KM) instruction. KM handles k...

Fixes #15371

Change-Id: Iff8d36e1bd9b5641f6b577a30ac6e967f973c939
Reviewed-on: https://go-revie...

There is currently only one assembly implementation of AES
(amd64). While it is possible to fit ...

The encryptBlock and decryptBlock functions are already tested
(via the public API) by TestCiphe...

Change-Id: I05659a836612f958083fea9a27805eb9f0ac0836
Reviewed-on: https://go-review.googlesource...

cmd and runtime were handled separately, and I'm intentionally skipped
syscall. This is the rest...

Notably, this fixes two incorrect argument sizes.

Update #11041

Change-Id: Ie4a3b1a59cd6a6707f...

s390x can handle unaligned loads and stores of 64-bit values.

Change-Id: Iae5621781e3ba56e27b4a...

The AuthorityKeyId is optional for self-signed certificates, generally
useless, and takes up spa...

Error strings in this package were all over the place: some were
prefixed with “tls:”, some with...

Standardize on space between "RFC" and number. Additionally change
the couple "a RFC" instances ...

Fixes #14776

Change-Id: I55423ac643f18542b9fd1386ed98dec47fb678aa
Reviewed-on: https://go-revie...

Per RFC 5246, 7.4.1.3:

cipher_suite
The single cipher suite selected by the server fro...

Change-Id: Ia6ed49d5ef3a256a55e6d4eaa1b4d9f0fc447013
Reviewed-on: https://go-review.googlesource...

For PublicKey.P == 0, Verify will fail. Don't even try.

Change-Id: I1009f2b3dead8d0041626c94663...

Signed-off-by: Eric Engestrom <[email protected]>

Change-Id: I91873aaebf79bdf1c00d38aacc1a1fb8d...

Change-Id: Iba82a5bd3846f7ab038cc10ec72ff6bcd2c0b484
Reviewed-on: https://go-review.googlesource...

Fix build error on darwin/{arm,arm64} caused by a62ae9f6.

Change-Id: I7da4d147a529b11b3e71352a9...

This exports the system cert pool.

The system cert loading was refactored to let it be run mult...

This is a change improving consistency in the source tree.
The pattern foo &= ^bar, was only use...

It's RFC 7507 now.

Change-Id: Iccd6c65f9d4b1f4d17ee068dee4576a512ba8405
Reviewed-on: https://go...

This change removes a lot of dead code. Some of the code has never been
used, not even when it w...

Store already padded keys instead of storing key and padding it during
Reset and Sum. This simpl...

This deletes unused code and helpers from tests.

Change-Id: Ie31d46115f558ceb8da6efbf90c3c204e0...

Change-Id: I93e73f16474b4b31f7097af2f9479822dfc34c5c
Reviewed-on: https://go-review.googlesource...

Currently, if a client of crypto/tls (e.g., net/http, http2) calls
tls.Conn.Write with a 33KB bu...

Fixes #14370.

Change-Id: Ieb95ee3494f592fb5fc74aa4b803479671816927
Reviewed-on: https://go-revi...

I copied this down incorrectly. See
https://tools.ietf.org/html/rfc5758#section-3.1.

Thankfully...

This change improves the error message when encountering a TLS handshake
message that is larger ...

PKIX versions are off-by-one, so v1 is actually a zero on the wire, v2
is a one, and so on.

The...

The default version of an X.509 certificate is v1, which is encoded on
the wire as a zero.

Fixe...

Don't do a substring search to test for a timeout error.

Fixes #14722 (maybe)

Change-Id: I4e18...

Update supportsUnaligned in xor.go to be true for
GOARCH values ppc64le and ppc64. This allows ...

This promotes a connection hang during TLS handshake to a proper error.
This doesn't fully addre...

The tree's pretty inconsistent about single space vs double space
after a period in documentatio...

This is a subset of https://golang.org/cl/20022 with only the copyright
header lines, so the nex...

Merge dev.ssa branch back into master.

Change-Id: Ie6fac3f8d355ab164f934415fe4fc7fcb8c3db16