Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/ooni/oocrypto

Fork of Go crypto/tls with extra patches from the OONI team
https://github.com/ooni/oocrypto

[dev.ssa] Merge remote-tracking branch 'origin/master' into ssamerge

(Last?) Semi-regular merge from tip to dev.ssa.

Conflicts:
src/cmd/compile/internal/gc/closure...

2ea7501a752f88dfc02830d8ae66e50de0fd9d62 authored almost 9 years ago by Keith Randall <[email protected]>
all: remove public named return values when useless

Named returned values should only be used on public funcs and methods
when it contributes to the...

b9bb12bf56383cd40ebaa33868df1e227097208b authored almost 9 years ago by Brad Fitzpatrick <[email protected]>
crypto/tls: don't log expected errors in test

This is minor cleanup that reduces test output noise.

Change-Id: Ib6db4daf8cb67b7784b2d5b222fa3...

1e4b852c122dce6fb76378b3c64599f16a369078 authored almost 9 years ago by Tamir Duberstein <[email protected]>
crypto/tls: tests prefer constants to opaque literals

This is minor cleanup that makes the tests more readable.

Change-Id: I9f1f98f0f035096c284bdf350...

0a2b9ffbb446632f63493c8fc9f3ca0580996621 authored almost 9 years ago by Tamir Duberstein <[email protected]>
crypto/tls: don't send IPv6 literals and absolute FQDNs as SNI values

This is a followup change to #13111 for filtering out IPv6 literals and
absolute FQDNs from bein...

476b23af368766847ab8ea3655526b9d2f3cabee authored almost 9 years ago by Mikio Hara <[email protected]>
crypto/rand: use the getentropy syscall on OpenBSD

Go already supports Linux's getrandom, which is a slightly modified
version of getentropy.

gete...

51de5f251b55e7ee948579c7db4b424c9fba831c authored almost 9 years ago by Michael McConville <[email protected]>
crypto/x509: better documentation for ParsePKIXPublicKey

The existing documentation for ParsePKIXPublicKey is difficult to understand
and the return type...

bfac56a0ca2c8b57375270217423a9b21c458f09 authored almost 9 years ago by Datong Sun <[email protected]>
all: fix typos and spelling

Change-Id: Icd06d99c42b8299fd931c7da821e1f418684d913
Reviewed-on: https://go-review.googlesource...

59efbc5d5ae25efcd82fe6aefa3548f8fe2aac65 authored almost 9 years ago by Martin Möhrmann <[email protected]>
[dev.ssa] Merge remote-tracking branch 'origin/master' into mergebranch

Semi-regular merge from tip to dev.ssa.

Change-Id: If7d2269f267bcbc0ecd3a483d349951044470e3f

787d7bf2eec1d976dae471ff447bbd06ec4927dd authored almost 9 years ago by Keith Randall <[email protected]>
all: fix typos

Change-Id: I6035941df8b0de6aeaf6c05df7257bcf6e9191fe
Reviewed-on: https://go-review.googlesource...

9b1396e0461026ad6baa70780ba33593385d7c67 authored almost 9 years ago by Shawn Smith <[email protected]>
crypto/tls: Improve ambiguous comment in cipher_suites.go

A comment existed referencing RC4 coming before AES because of it's
vulnerability to the Lucky 1...

1694d08f2191be45b6e7a9bf66dd67fe6180f72c authored almost 9 years ago by Brady Sullivan <[email protected]>
[dev.ssa] Merge remote-tracking branch 'origin/master' into mergebranch

Semi-regular merge from tip to dev.ssa.

Two fixes:
1) Mark selectgo as not returning. This cau...

ad92a2bfb85580f309935e080be54b0d99de1c64 authored almost 9 years ago by Keith Randall <[email protected]>
crypto/rsa: expand on documentation and add some examples.

In some cases the documentation for functions in this package was
lacking from the beginning and...

25ac18e8521c010ad58bb83c74f6ca720413d0c2 authored almost 9 years ago by Adam Langley <[email protected]>
crypto: document that Signer.Sign does not hash

Fixes #13938.

Change-Id: I0b4842b8bc22dc79323d6894c123cde638f52d3f
Reviewed-on: https://go-revi...

a98aca134c3127e832a5b4c2841f0098c784f705 authored almost 9 years ago by Russ Cox <[email protected]>
crypto/cipher: Add AES-GCM encryption and decryption example

Add example of how to use the aes package to
implement AES encryption and decryption
within an a...

e112dd57d0b0ee9df9f139778fbd0423f9cb291f authored almost 9 years ago by Kevin Kirsche <[email protected]>
crypto/tls: note in comment that Certificate.Leaf is nil after parsing.

LoadX509KeyPair and X509KeyPair don't retain the parsed form of
certificates in their return val...

6732c45e95e946ce4f4a57d0b61f90dd7628dec3 authored almost 9 years ago by Adam Langley <[email protected]>
[dev.ssa] Merge remote-tracking branch 'origin/master' into mergebranch

Semi-regular merge from tip to dev.ssa.

Conflicts:
src/runtime/sys_windows_amd64.s

Change-Id:...

9c4082cf54c9346a6944d5b02eb7d00f29647bb1 authored almost 9 years ago by Keith Randall <[email protected]>
cmd/internal/obj/x86: add new instructions, cleanup.

Add several instructions that were used via BYTE and use them.
Instructions added: PEXTRB, PEXTR...

f71b8aae41fd5e69ac965a982e3c81ce4c34d90b authored almost 9 years ago by Ilya Tocar <[email protected]>
crypto/tls: don't block in Conn.Close if Writes are in-flight

Conn.Close sends an encrypted "close notify" to signal secure EOF.
But writing that involves acq...

24c9dc219e6b857498af0fc5f6c9896f4b75c422 authored almost 9 years ago by Brad Fitzpatrick <[email protected]>
crypto/cipher: always zero dst buffer on GCM authentication failure.

The AESNI GCM code decrypts and authenticates concurrently and so
overwrites the destination buf...

0d40c91b38098df45b7116b2853ff7ae93703589 authored almost 9 years ago by Adam Langley <[email protected]>
[dev.ssa] Merge remote-tracking branch 'origin/master' into mergebranch

Semi-regular merge from tip into dev.ssa.

Change-Id: I1627d7c7e6892cd4f1f5da5f3e07389ff1d677ce

9464238a0b9628081b6ac102e1ce6ae645889ca4 authored almost 9 years ago by Keith Randall <[email protected]>
crypto/dsa: adjust GenerateParameters comment

Fixes #13725.

Change-Id: I5fe46851b238fc9ab301da8f8fc37bd1b7871748
Reviewed-on: https://go-revi...

74759306f9983b3d8e8777b04821b7cc482b03cb authored almost 9 years ago by Russ Cox <[email protected]>
crypto/hmac: update link to FIPS HMAC spec

Thanks to Kevin Kirsche (github kkirsche).

Change-Id: Ia0017371f56065a5e88d1ebb800a6489136ee9b1...

4cbcdd3b958601eaddbf81c81650b0d7e923a39e authored almost 9 years ago by Brad Fitzpatrick <[email protected]>
crypto/x509: handle ECC private keys with the wrong length.

SEC-1 says: “The component privateKey is the private key defined to be
the octet string of lengt...

1717af6abde59ae410588d6688ed90a8feb68230 authored almost 9 years ago by Adam Langley <[email protected]>
crypto/cipher: fix typo from last change

s/encrypt/decrypt/

The text is unsafe to cut and paste...

Change-Id: Iab19ddf8182d087e9a4b4d34...

c2c4d723e305d09ee02b56a99abedd4f2b9a3cfb authored about 9 years ago by Rob Pike <[email protected]>
crypto/cipher: improve documentation for AEAD

Give a link to the wikipedia page describing the mechanism and
explain better how to use the sam...

5335ebfcb8170a49997db83a53edf9af4f3d2ea8 authored about 9 years ago by Rob Pike <[email protected]>
crypto/x509: handle CRLDistributionPoints without FullNames

Fixes #12910.

Change-Id: If446e5dce236483bbb898cc5959baf8371f05142
Reviewed-on: https://go-revi...

abc89ab0d02ae2c884b90b71d08ee4833052e610 authored about 9 years ago by Russ Cox <[email protected]>
crypto/rsa: check CRT result.

This change adds a check after computing an RSA signature that the
signature is correct. This pr...

24d8945871cb84e1de508ebbf2e5c9016d33f8b1 authored about 9 years ago by Adam Langley <[email protected]>
crypto/tls: document lack of Lucky13 hardening

Updates #13385

Change-Id: I9c2edf8c02adc388c48760b29e63dfa2966262d6
Reviewed-on: https://go-rev...

3ba15e5fa797558f74c1edeaf31c7bb4f4affcb3 authored about 9 years ago by Brad Fitzpatrick <[email protected]>
crypto/elliptic: resample private keys if out of range.

The orders of the curves in crypto/elliptic are all very close to a
power of two. None the less,...

9bac5af94403ac6ed8dabe09d20fb9fe99a1c66a authored about 9 years ago by Adam Langley <[email protected]>
crypto/x509: convert ErrInsecureAlgorithm into a type

Change-Id: I411aeaf0cf75eb8b1c9005b622f664e9f25e4a68
Reviewed-on: https://go-review.googlesource...

a036dfcf4ec90cca7390028d56273ff635543689 authored about 9 years ago by Brad Fitzpatrick <[email protected]>
crypto/x509: introduce ErrInsecureAlgorithm for insecure algorithms

Until now we've used ErrUnknownAlgorithm but that's a bit confusing
when it is returned for obvi...

f77f56ff43c7ce9ae0f241882b83f6dc5df7e982 authored about 9 years ago by Russ Cox <[email protected]>
crypto/x509: permit serial numbers to be negative.

Some software that produces certificates doesn't encode integers
correctly and, about half the t...

e764ca0cf3839b343ba6c6c7556e83d6f10c7e54 authored about 9 years ago by Adam Langley <[email protected]>
crypto/tls: Server can specify an unadvertised cipher suite

During the TLS handshake, check the cipher suite the server selects is
one of those offered in t...

624423805ce7e6f7bc7548d1ac98e013e6f18ab7 authored about 9 years ago by Ralph Corderoy <[email protected]>
[dev.ssa] Merge remote-tracking branch 'origin/master' into mergebranch

Conflicts:
src/cmd/compile/internal/gc/racewalk.go
src/cmd/internal/obj/stack.go
src/cmd/inte...

6a4f138d8945e504dd71886527d6876bf723d2ce authored about 9 years ago by Keith Randall <[email protected]>
crypto/tls: return a typed error on invalid record headers

The user can inspect the record data to detect that the other side is
not using the TLS protocol...

c1ea2c9fed5e1c459822a68ab2f0afaa818dc4c5 authored about 9 years ago by Caleb Spare <[email protected]>
crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites

Fixes #9894.

Change-Id: I9c7ce771df2e2d1c99a06f800dce63c4e1875993
Reviewed-on: https://go-revie...

e1ec48d12665004fec995d669f5c2f3b878a80ee authored about 9 years ago by Shenghou Ma <[email protected]>
crypto/tls, crypto/aes: remove allocations when Writing & Reading

benchmark old ns/op new ns/op delta
BenchmarkTLS-4 8571 7938 ...

62c383948d7ad937b53fa44a7a3686d96681a708 authored about 9 years ago by Brad Fitzpatrick <[email protected]>
crypto/tls: len(clientRandom) used for serverRandom source

In keysFromMasterSecret(), don't copy from serverRandom into
seed[:len(clientRandom)]. Actually...

f2801f91c613c243a0e053256ef98151b9dc27aa authored about 9 years ago by Ralph Corderoy <[email protected]>
crypto/tls: don't send IP literals as SNI values.

(This relands commit a4dcc692011bf1ceca9b1a363fd83f3e59e399ee.)

https://tools.ietf.org/html/rfc...

7166fb335570a834e5c1cad51612f70c20ba7a03 authored about 9 years ago by Adam Langley <[email protected]>
crypto/elliptic,crypto/ecdsa: P256 amd64 assembly

This is based on the implementation used in OpenSSL, from a
submission by Shay Gueron and myself...

7262bf4f675b0e76bfff3604153f4c5dc68d5c47 authored about 9 years ago by Vlad Krasnov <[email protected]>
Revert "crypto/tls: don't send IP literals as SNI values."

This reverts commit a4dcc692011bf1ceca9b1a363fd83f3e59e399ee.

Change-Id: Ib55fd349a604d6b5220da...

5e5c68af077f581e05c8cc95a26dd70cd911a964 authored about 9 years ago by Adam Langley <[email protected]>
crypto/tls: don't send IP literals as SNI values.

https://tools.ietf.org/html/rfc6066#section-3 states:

“Literal IPv4 and IPv6 addresses are no...

8dbae50cf3c4eefdde3e04f946870099d2e4ea1e authored about 9 years ago by Adam Langley <[email protected]>
crypto/x509: add /etc/ssl/certs to certificate directories

Fixes #12139.

Change-Id: Ied760ac37e2fc21ef951ae872136dc3bfd49bf9f
Reviewed-on: https://go-revi...

69b5b258be294846fe7be58c85e11252faafabd5 authored about 9 years ago by Shenghou Ma <[email protected]>
crypto/md5: uniform Write func

Unification of implementation of existing md5.Write function
with other implementations (sha1, s...

8eb7c31bcb073d95047f17216dcf61adb817610f authored about 9 years ago by unknown <[email protected]>
crypto/cipher: fix CTR infinite loop with large block sizes

Additionally, add a test for CTR mode to cover a range of block sizes.

Fixes #12975

Change-Id:...

38c567e22178af5411a12d8f9e5485a8ce66ddb7 authored about 9 years ago by Caleb Spare <[email protected]>
[dev.ssa] Merge remote-tracking branch 'origin/master' into mergebranch

The only major fixup is that duffzero changed from
8-byte writes to 16-byte writes.

Change-Id: ...

e32e230be3d3db5e093ef59d39ac21769d26f418 authored about 9 years ago by Keith Randall <[email protected]>
crypto/x509: parse CSRs with a critical flag in the requested extensions.

The format for a CSR is horribly underspecified and we had a mistake.
The code was parsing the a...

2c98d4c556bc604775610c51d28a4b0d8e6c6784 authored about 9 years ago by Adam Langley <[email protected]>
crypto/x509: make verification of an empty certificate consistent across platforms.

Platform-specific verification needs the ASN.1 contents of a certificate
but that might not be p...

82f60b6712a0afbb5ab0b6a0a29ea1c5d8873a4b authored about 9 years ago by Adam Langley <[email protected]>
crypto/tls: better error messages when PEM inputs are switched.

This change causes the types of skipped PEM blocks to be recorded when
no certificate or private...

4ee177e18467b4659b77f633ae5639ba1a746f99 authored about 9 years ago by Adam Langley <[email protected]>
crypto/x509: return err if marshalPublicKey fails to marshal an rsa public key

Change-Id: I9bd5c1b66fd90f0b54bd1a8f3e57b6830d2b7733
Reviewed-on: https://go-review.googlesource...

000c4e9543dc03415b9f76ed149c9a76f3e0e6ab authored over 9 years ago by Tarmigan Casebolt <[email protected]>
crypto/x509: map/slice literals janitoring

Simplify slice/map literal expression.
Caught with gofmt -d -s, fixed with gofmt -w -s

Change-I...

069506d95b0232271276731a244bea8b5e9eebcc authored over 9 years ago by Didier Spezia <[email protected]>
crypto/x509: emit PKIX names in a more standard order.

(See referenced bug for details.)

Fixes #11966.

Change-Id: I91f9c95594cf4fd6d25d9a81f155a643c7...

dccef0e2c838ee29319c8159e2203ec425b00c02 authored over 9 years ago by Adam Langley <[email protected]>
crypto/tls: reject ServerHellos with empty ALPN protocols.

https://tools.ietf.org/html/rfc7301#section-3.1 specifies that a
ProtocolName may not be empty. ...

4b63ea2d28d7fc82a7d55ee9ebb329445e2b5700 authored over 9 years ago by Adam Langley <[email protected]>
crypto/tls: note in comments that setting GetCertificate is now sufficient.

In Go 1.5, Config.Certificates is no longer required if
Config.GetCertificate has been set. This...

129c38fdc9a0c8a858376910d1d4bff693b6abe1 authored over 9 years ago by aubble <[email protected]>
crypto/aes: dedicated asm version of AES-GCM

The existing implementation didn't use the CLMUL instructions for fast
and constant time binary-...

325da0ca9ae1c9121caa4280587f3d987a14521a authored over 9 years ago by Vlad Krasnov <[email protected]>
crypto/tls: allow tls.Listen when only GetCertificate is provided.

Go 1.5 allowed TLS connections where Config.Certificates was nil as long
as the GetCertificate c...

38263c8dca514a646b1185c7972d8693080d6d39 authored over 9 years ago by aubble <[email protected]>
all: fix some vet-caught formatting errors, mostly but not only in tests

Could go in 1.5, although not critical.
See also #12107

Change-Id: I7f1608b58581d21df4db58f0db6...

4f1a6add0a177fc73b9c6a75aeba60b1153cd5f3 authored over 9 years ago by Rob Pike <[email protected]>
crypto/tls: fix ConnectionState().VerifiedChains for resumed connection

Strengthening VerifyHostname exposed the fact that for resumed
connections, ConnectionState().Ve...

61212edd0113311762eefc035ac40497c021065a authored over 9 years ago by Russ Cox <[email protected]>
crypto/tls: update testing certificates.

This change alters the certificate used in many tests so that it's no
longer self-signed. This a...

9f388c090ae0bf0ec75d0faef0b4ddca0de73ef1 authored over 9 years ago by Adam Langley <[email protected]>
crypto/x509: mark root_darwin_armx.go as cgo-only

This allows running a cross-compile like
GOOS=darwin GOARCH=arm go build std
to check that ever...

d781fa8e7e58d525a33aaa4a0a94af23c7d460e3 authored over 9 years ago by Russ Cox <[email protected]>
crypt/rand: update docs for Linux

Update the docs to explain the code added in
commit 67e1d400.

Fixes #11831.

Change-Id: I8fe72e...

272d24afe9bca9ddb9e879bb7521d3d27313ea8d authored over 9 years ago by Jeff R. Allen <[email protected]>
crypto/elliptic: call IsOnCurve via the interface.

https://go-review.googlesource.com/#/c/2421/ contains an unfortunate
slip where IsOnCurve is cal...

1c841ce54f4cd29e2cd7ae3569b3d5480770f496 authored over 9 years ago by Adam Langley <[email protected]>
crypto/x509: disable sha2 test with system APIs

Fixes #11730.

Change-Id: I5bc60779a87dc07899dd70659a830996bf7812ca
Reviewed-on: https://go-revi...

d02236c1cd63e6bb24f0aa1bc040e52ba8724ce6 authored over 9 years ago by Russ Cox <[email protected]>
crypto/tls: check cert chain during VerifyHostname

Fixes #9063.

Change-Id: I536ef1f0b30c94c1ebf7922d84cb2f701b7d8a1a
Reviewed-on: https://go-revie...

656e94be7469e2c3ee84a8de197215468bc0f39c authored over 9 years ago by Russ Cox <[email protected]>
crypto/x509: iOS build tag

The iOS simulator compiles with GOOS=darwin GOARCH=386, and x509
sets the inappropriate flag -mm...

93fe344b2265d9b4783a3db5464c4706627cbcf9 authored over 9 years ago by David Crawshaw <[email protected]>
crypto/x509: add /etc/ssl/cacert.pem to OmniOS cert search list

Fixes #9146.

Change-Id: If5cb5ae92a201825b9ff32b3d0edfa032b9a0965
Reviewed-on: https://go-revie...

7c932ec461bf55e7964b74aee003371129c9a4e2 authored over 9 years ago by Russ Cox <[email protected]>
crypto: add SHA-512/224 and SHA-512/256 as described in FIPS 180-4

Change-Id: Ifbab8203dea1eb0df4c834df22e12cb7c37c14fd
Reviewed-on: https://go-review.googlesource...

0c1dae7775e764a520e0efcf393d0fcca6ef3a51 authored over 9 years ago by Nevins Bartolomeo <[email protected]>
all: link to https instead of http

The one in misc/makerelease/makerelease.go is particularly bad and
probably warrants rotating ou...

e57e30a12160d31a92b430d09d9757935e4a5410 authored over 9 years ago by Brad Fitzpatrick <[email protected]>
crypto: fix non-sentence in documentation for Decrypter

Comment change only.

Change-Id: I2e32c2b34d5a5659ead6d6082b06e1b039bf1147
Reviewed-on: https://...

ed60b23bc57a68e2b92bbc178bb61b647d02af49 authored over 9 years ago by Rob Pike <[email protected]>
crypto/rsa: check for primes ≤ 1 in Validate

Change 7c7126cfeb82894229b9c3d5109e4b04e6cfde0c removed the primality
checking in Validate to sa...

84defd8a6e3f7c9f01ba1a60f1a0cbbaf058e587 authored over 9 years ago by Adam Langley <[email protected]>
crypto/x509: don't panic when decrypting invalid PEM data.

If an encrypted PEM block contained ciphertext that was not a multiple
of the block size then th...

4571dd2d39d09173fd358ec382dd5e6ea666e092 authored over 9 years ago by Adam Langley <[email protected]>
crypto/ecdsa, crypto/x509: update SEC1 ECC link in comments

Updated the document URL in comments to avoid dead link
Old: http://www.secg.org/download/aid-78...

5d501e8a9919db91416c88afe6319c97f521b8cf authored over 9 years ago by Dmitry Savintsev <[email protected]>
all: extract "can I exec?" check from tests into internal/testenv

Change-Id: I7b54be9d8b50b39e01c6be21f310ae9a10404e9d
Reviewed-on: https://go-review.googlesource...

c54fb681504149715493e1ed023ae77845ce6f25 authored over 9 years ago by Russ Cox <[email protected]>
crypto/tls: fix parsing of SNI extension.

The previous code had a brain fart: it took one of the length prefixes
as an element count, not ...

c74ffc0835ef375c2389391776b28c73470e9ebb authored over 9 years ago by Adam Langley <[email protected]>
all: fix misprints in comments

These were found by grepping the comments from the go code and feeding
the output to aspell.

Ch...

b4b0d1291ceede90b2e0309c9dcaa571496952ea authored over 9 years ago by Ainar Garipov <[email protected]>
crypto/cipher: Support unusual GCM nonce lengths

GCM is traditionally used with a 96-bit nonce, but the standard allows
for nonces of any size. N...

08e31775d566cd1c10c34e6655811315d23c2d0a authored over 9 years ago by Carl Jackson <[email protected]>
crypto/tls: don't require an explicit client-auth EKU.

Previously we enforced both that the extended key usages of a client
certificate chain allowed f...

ff4027f2793abb353df462a9a8846da075939906 authored over 9 years ago by Adam Langley <[email protected]>
crypto/x509: be strict about trailing data.

The X.509 parser was allowing trailing data after a number of structures
in certificates and pub...

66b9abcf6579c49db61ef3b2f32f9154de56a988 authored over 9 years ago by Adam Langley <[email protected]>
crypto/tls: update the supported signature algorithms.

This is the second in a two-part change. See https://golang.org/cl/9415
for details of the overa...

635f7d162b8eaed4b8695886db60c172ef9f0cbc authored over 9 years ago by Adam Langley <[email protected]>
crypto/tls: decouple handshake signatures from the handshake hash.

Prior to TLS 1.2, the handshake had a pleasing property that one could
incrementally hash it and...

780a776413451ce3f6ba19be1b21b24d3ace5865 authored over 9 years ago by Adam Langley <[email protected]>
crypto/x509: allow parsing of certificates with unknown critical extensions.

Previously, unknown critical extensions were a parse error. However, for
some cases one wishes t...

cf204aca07ebbda2d131efa926903af812ac7923 authored over 9 years ago by Adam Langley <[email protected]>
crypto/tls: call GetCertificate if Certificates is empty.

This change causes the GetCertificate callback to be called if
Certificates is empty. Previously...

2b601f6f1aeabfbb653b140c89a8e166abeb4f30 authored over 9 years ago by Adam Langley <[email protected]>
crypto/tls: add OCSP response to ConnectionState

The OCSP response is currently only exposed via a method on Conn,
which makes it inaccessible wh...

32760e79034274418d744e28de4ff1241394e8a7 authored over 9 years ago by Jonathan Rudenberg <[email protected]>
crypto/elliptic: don't unmarshal points that are off the curve

At present, Unmarshal does not check that the point it unmarshals
is actually *on* the curve. (I...

ce1a262dbccd5d8d47f2c3f96ecece375ebb1c4a authored over 9 years ago by David Leon Gil <[email protected]>
crypto/x509: CertificateRequest signature verification

This implements a method for x509.CertificateRequest to prevent
certain attacks and to allow a C...

91b95f8185aa00b25c76232a2b594eb37a12bc2d authored over 9 years ago by Paul van Brouwershaven <[email protected]>
crypto/tls: add support for session ticket key rotation

This change adds a new method to tls.Config, SetSessionTicketKeys, that
changes the key used to ...

1d5d505f157707661131a4fe9ee8cb00b8ed9dfb authored over 9 years ago by Jonathan Rudenberg <[email protected]>
crypto/tls: add support for Certificate Transparency

This change adds support for serving and receiving Signed Certificate
Timestamps as described in...

68e143deaa2de4a02243124c97dec4e6cdaa54bc authored over 9 years ago by Jonathan Rudenberg <[email protected]>
crypto/tls: fix test data generation

- Multiple GetCertificate tests shared the same name and were
overwriting each other, each tes...

1a0eab537817ed356ec224cde86eab7be2512968 authored over 9 years ago by Jonathan Rudenberg <[email protected]>
crypto/x509: build the builtin root certs also for darwin/arm64

Change-Id: I3b3f80791a1db4c2b7318f81a115972cd2237f06
Signed-off-by: Shenghou Ma <[email protected]...

0dcb92a3ec3e987258663d9735b6814cf5414694 authored over 9 years ago by Shenghou Ma <[email protected]>
internal/syscall: move to unix subdirectory

Move the single file from internal/syscall to internal/syscall/unix,
to match the golang.org/x/s...

cd5c8fe9b796d073dadbc45e9dbbf7b9e9f308a7 authored over 9 years ago by Ian Lance Taylor <[email protected]>
crypto/x509: skip arm64 tests limited by iOS

Just like darwin/arm.

Change-Id: Ib0438021bfe9eb105222b93e5bb375c282cc7b8c
Reviewed-on: https:/...

5b6e2ff53906b7919672c9231cac8e9d09ec9a78 authored over 9 years ago by David Crawshaw <[email protected]>
crypto/tls: tidy up a little and add test.

This is a follow on to 28f33b4a which removes one of the boolean flags
and adds a test for the k...

dc66b7f26b9879283b7f5310cafa2d365651a91f authored over 9 years ago by Adam Langley <[email protected]>
crypto/x509: Fix parsing bug in uncommon CSR Attributes.

A CSR containing challengePassword or unstructuredName Attributes
(included in default OpenSSL p...

8fd402a7a6a0f38fb2cab48455a16ea7fad3a081 authored over 9 years ago by Jacob H. Haven <[email protected]>
crypto/tls: make use of crypto.Signer and crypto.Decrypter

This change replaces all direct ECDSA/RSA sign and decrypt operations
with calls through the cry...

e71edf24202bd0a9948bf619d727d8f70b517442 authored over 9 years ago by Jacob H. Haven <[email protected]>
crypto/x509: use syscall.GetVersion instead of internal/syscall/windows.GetVersion

cl8167 introduced internal/syscall/windows.GetVersion, but we already
have that function in sysc...

d5e8d8ccf249f68bb210b8e3972b316d1257f98e authored over 9 years ago by Alex Brainman <[email protected]>
crypto/x509: skip SHA2 system verify test if not supported.

Windows XP SP2 and Windows 2003 do not support SHA2.

Change-Id: Ica5faed040e9ced8b79fe78d512586...

d7aeef6564941e1f4bdc5c1e3c16531f6a94eb65 authored over 9 years ago by Daniel Theophanes <[email protected]>
crypto/tls: Correct minimum version in comment

Commit 604fa4d5 made TLS 1.0 the default minimum version. This commit
amends a comment to reflec...

d08327d61dcad66f85e1396fff25f383bec74492 authored over 9 years ago by Matt Bostock <[email protected]>
crypto/x509: document that DecryptPEMBlock cannot detect all cases of incorrect password

Fixes #10171.

Change-Id: I1b2e30ebbb2b9d66680008674baa96e550efe1f2
Reviewed-on: https://go-revi...

ea5abd5ebeb025948cc74df9263ed15fe3560b70 authored almost 10 years ago by Shenghou Ma <[email protected]>
all: use "reports whether" in place of "returns true if(f)"

Comment changes only.

Change-Id: I56848814564c4aa0988b451df18bebdfc88d6d94
Reviewed-on: https:/...

6aab73b11daae71b42413d8bfb01edcc1df49210 authored almost 10 years ago by Josh Bleecher Snyder <[email protected]>