Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/ooni/oocrypto
Fork of Go crypto/tls with extra patches from the OONI team
https://github.com/ooni/oocrypto
(Last?) Semi-regular merge from tip to dev.ssa.
Conflicts:
src/cmd/compile/internal/gc/closure...
Named returned values should only be used on public funcs and methods
when it contributes to the...
This is minor cleanup that reduces test output noise.
Change-Id: Ib6db4daf8cb67b7784b2d5b222fa3...
1e4b852c122dce6fb76378b3c64599f16a369078 authored almost 9 years ago by Tamir Duberstein <[email protected]>This is minor cleanup that makes the tests more readable.
Change-Id: I9f1f98f0f035096c284bdf350...
0a2b9ffbb446632f63493c8fc9f3ca0580996621 authored almost 9 years ago by Tamir Duberstein <[email protected]>
This is a followup change to #13111 for filtering out IPv6 literals and
absolute FQDNs from bein...
Go already supports Linux's getrandom, which is a slightly modified
version of getentropy.
gete...
51de5f251b55e7ee948579c7db4b424c9fba831c authored almost 9 years ago by Michael McConville <[email protected]>
The existing documentation for ParsePKIXPublicKey is difficult to understand
and the return type...
Change-Id: Icd06d99c42b8299fd931c7da821e1f418684d913
Reviewed-on: https://go-review.googlesource...
Semi-regular merge from tip to dev.ssa.
Change-Id: If7d2269f267bcbc0ecd3a483d349951044470e3f
787d7bf2eec1d976dae471ff447bbd06ec4927dd authored almost 9 years ago by Keith Randall <[email protected]>
Change-Id: I6035941df8b0de6aeaf6c05df7257bcf6e9191fe
Reviewed-on: https://go-review.googlesource...
A comment existed referencing RC4 coming before AES because of it's
vulnerability to the Lucky 1...
Semi-regular merge from tip to dev.ssa.
Two fixes:
1) Mark selectgo as not returning. This cau...
In some cases the documentation for functions in this package was
lacking from the beginning and...
Fixes #13938.
Change-Id: I0b4842b8bc22dc79323d6894c123cde638f52d3f
Reviewed-on: https://go-revi...
Add example of how to use the aes package to
implement AES encryption and decryption
within an a...
LoadX509KeyPair and X509KeyPair don't retain the parsed form of
certificates in their return val...
Semi-regular merge from tip to dev.ssa.
Conflicts:
src/runtime/sys_windows_amd64.s
Change-Id:...
9c4082cf54c9346a6944d5b02eb7d00f29647bb1 authored almost 9 years ago by Keith Randall <[email protected]>
Add several instructions that were used via BYTE and use them.
Instructions added: PEXTRB, PEXTR...
Conn.Close sends an encrypted "close notify" to signal secure EOF.
But writing that involves acq...
The AESNI GCM code decrypts and authenticates concurrently and so
overwrites the destination buf...
Semi-regular merge from tip into dev.ssa.
Change-Id: I1627d7c7e6892cd4f1f5da5f3e07389ff1d677ce
9464238a0b9628081b6ac102e1ce6ae645889ca4 authored almost 9 years ago by Keith Randall <[email protected]>Fixes #13725.
Change-Id: I5fe46851b238fc9ab301da8f8fc37bd1b7871748
Reviewed-on: https://go-revi...
Thanks to Kevin Kirsche (github kkirsche).
Change-Id: Ia0017371f56065a5e88d1ebb800a6489136ee9b1...
4cbcdd3b958601eaddbf81c81650b0d7e923a39e authored almost 9 years ago by Brad Fitzpatrick <[email protected]>
SEC-1 says: “The component privateKey is the private key defined to be
the octet string of lengt...
s/encrypt/decrypt/
The text is unsafe to cut and paste...
Change-Id: Iab19ddf8182d087e9a4b4d34...
c2c4d723e305d09ee02b56a99abedd4f2b9a3cfb authored about 9 years ago by Rob Pike <[email protected]>
Give a link to the wikipedia page describing the mechanism and
explain better how to use the sam...
Fixes #12910.
Change-Id: If446e5dce236483bbb898cc5959baf8371f05142
Reviewed-on: https://go-revi...
This change adds a check after computing an RSA signature that the
signature is correct. This pr...
Updates #13385
Change-Id: I9c2edf8c02adc388c48760b29e63dfa2966262d6
Reviewed-on: https://go-rev...
The orders of the curves in crypto/elliptic are all very close to a
power of two. None the less,...
Change-Id: I411aeaf0cf75eb8b1c9005b622f664e9f25e4a68
Reviewed-on: https://go-review.googlesource...
Until now we've used ErrUnknownAlgorithm but that's a bit confusing
when it is returned for obvi...
Some software that produces certificates doesn't encode integers
correctly and, about half the t...
During the TLS handshake, check the cipher suite the server selects is
one of those offered in t...
Conflicts:
src/cmd/compile/internal/gc/racewalk.go
src/cmd/internal/obj/stack.go
src/cmd/inte...
The user can inspect the record data to detect that the other side is
not using the TLS protocol...
Fixes #9894.
Change-Id: I9c7ce771df2e2d1c99a06f800dce63c4e1875993
Reviewed-on: https://go-revie...
benchmark old ns/op new ns/op delta
BenchmarkTLS-4 8571 7938 ...
In keysFromMasterSecret(), don't copy from serverRandom into
seed[:len(clientRandom)]. Actually...
(This relands commit a4dcc692011bf1ceca9b1a363fd83f3e59e399ee.)
https://tools.ietf.org/html/rfc...
7166fb335570a834e5c1cad51612f70c20ba7a03 authored about 9 years ago by Adam Langley <[email protected]>
This is based on the implementation used in OpenSSL, from a
submission by Shay Gueron and myself...
This reverts commit a4dcc692011bf1ceca9b1a363fd83f3e59e399ee.
Change-Id: Ib55fd349a604d6b5220da...
5e5c68af077f581e05c8cc95a26dd70cd911a964 authored about 9 years ago by Adam Langley <[email protected]>https://tools.ietf.org/html/rfc6066#section-3 states:
“Literal IPv4 and IPv6 addresses are no...
8dbae50cf3c4eefdde3e04f946870099d2e4ea1e authored about 9 years ago by Adam Langley <[email protected]>Fixes #12139.
Change-Id: Ied760ac37e2fc21ef951ae872136dc3bfd49bf9f
Reviewed-on: https://go-revi...
Unification of implementation of existing md5.Write function
with other implementations (sha1, s...
Additionally, add a test for CTR mode to cover a range of block sizes.
Fixes #12975
Change-Id:...
38c567e22178af5411a12d8f9e5485a8ce66ddb7 authored about 9 years ago by Caleb Spare <[email protected]>
The only major fixup is that duffzero changed from
8-byte writes to 16-byte writes.
Change-Id: ...
e32e230be3d3db5e093ef59d39ac21769d26f418 authored about 9 years ago by Keith Randall <[email protected]>
The format for a CSR is horribly underspecified and we had a mistake.
The code was parsing the a...
Platform-specific verification needs the ASN.1 contents of a certificate
but that might not be p...
This change causes the types of skipped PEM blocks to be recorded when
no certificate or private...
Change-Id: I9bd5c1b66fd90f0b54bd1a8f3e57b6830d2b7733
Reviewed-on: https://go-review.googlesource...
Simplify slice/map literal expression.
Caught with gofmt -d -s, fixed with gofmt -w -s
Change-I...
069506d95b0232271276731a244bea8b5e9eebcc authored over 9 years ago by Didier Spezia <[email protected]>(See referenced bug for details.)
Fixes #11966.
Change-Id: I91f9c95594cf4fd6d25d9a81f155a643c7...
dccef0e2c838ee29319c8159e2203ec425b00c02 authored over 9 years ago by Adam Langley <[email protected]>
https://tools.ietf.org/html/rfc7301#section-3.1 specifies that a
ProtocolName may not be empty. ...
In Go 1.5, Config.Certificates is no longer required if
Config.GetCertificate has been set. This...
The existing implementation didn't use the CLMUL instructions for fast
and constant time binary-...
Go 1.5 allowed TLS connections where Config.Certificates was nil as long
as the GetCertificate c...
Could go in 1.5, although not critical.
See also #12107
Change-Id: I7f1608b58581d21df4db58f0db6...
4f1a6add0a177fc73b9c6a75aeba60b1153cd5f3 authored over 9 years ago by Rob Pike <[email protected]>
Strengthening VerifyHostname exposed the fact that for resumed
connections, ConnectionState().Ve...
This change alters the certificate used in many tests so that it's no
longer self-signed. This a...
This allows running a cross-compile like
GOOS=darwin GOARCH=arm go build std
to check that ever...
Update the docs to explain the code added in
commit 67e1d400.
Fixes #11831.
Change-Id: I8fe72e...
272d24afe9bca9ddb9e879bb7521d3d27313ea8d authored over 9 years ago by Jeff R. Allen <[email protected]>
https://go-review.googlesource.com/#/c/2421/ contains an unfortunate
slip where IsOnCurve is cal...
Fixes #11730.
Change-Id: I5bc60779a87dc07899dd70659a830996bf7812ca
Reviewed-on: https://go-revi...
Fixes #9063.
Change-Id: I536ef1f0b30c94c1ebf7922d84cb2f701b7d8a1a
Reviewed-on: https://go-revie...
The iOS simulator compiles with GOOS=darwin GOARCH=386, and x509
sets the inappropriate flag -mm...
Fixes #9146.
Change-Id: If5cb5ae92a201825b9ff32b3d0edfa032b9a0965
Reviewed-on: https://go-revie...
Change-Id: Ifbab8203dea1eb0df4c834df22e12cb7c37c14fd
Reviewed-on: https://go-review.googlesource...
The one in misc/makerelease/makerelease.go is particularly bad and
probably warrants rotating ou...
Comment change only.
Change-Id: I2e32c2b34d5a5659ead6d6082b06e1b039bf1147
Reviewed-on: https://...
Change 7c7126cfeb82894229b9c3d5109e4b04e6cfde0c removed the primality
checking in Validate to sa...
If an encrypted PEM block contained ciphertext that was not a multiple
of the block size then th...
Updated the document URL in comments to avoid dead link
Old: http://www.secg.org/download/aid-78...
Change-Id: I7b54be9d8b50b39e01c6be21f310ae9a10404e9d
Reviewed-on: https://go-review.googlesource...
The previous code had a brain fart: it took one of the length prefixes
as an element count, not ...
These were found by grepping the comments from the go code and feeding
the output to aspell.
Ch...
b4b0d1291ceede90b2e0309c9dcaa571496952ea authored over 9 years ago by Ainar Garipov <[email protected]>
GCM is traditionally used with a 96-bit nonce, but the standard allows
for nonces of any size. N...
Previously we enforced both that the extended key usages of a client
certificate chain allowed f...
The X.509 parser was allowing trailing data after a number of structures
in certificates and pub...
This is the second in a two-part change. See https://golang.org/cl/9415
for details of the overa...
Prior to TLS 1.2, the handshake had a pleasing property that one could
incrementally hash it and...
Previously, unknown critical extensions were a parse error. However, for
some cases one wishes t...
This change causes the GetCertificate callback to be called if
Certificates is empty. Previously...
The OCSP response is currently only exposed via a method on Conn,
which makes it inaccessible wh...
At present, Unmarshal does not check that the point it unmarshals
is actually *on* the curve. (I...
This implements a method for x509.CertificateRequest to prevent
certain attacks and to allow a C...
This change adds a new method to tls.Config, SetSessionTicketKeys, that
changes the key used to ...
This change adds support for serving and receiving Signed Certificate
Timestamps as described in...
- Multiple GetCertificate tests shared the same name and were
overwriting each other, each tes...
Change-Id: I3b3f80791a1db4c2b7318f81a115972cd2237f06
Signed-off-by: Shenghou Ma <[email protected]...
Move the single file from internal/syscall to internal/syscall/unix,
to match the golang.org/x/s...
Just like darwin/arm.
Change-Id: Ib0438021bfe9eb105222b93e5bb375c282cc7b8c
Reviewed-on: https:/...
This is a follow on to 28f33b4a which removes one of the boolean flags
and adds a test for the k...
A CSR containing challengePassword or unstructuredName Attributes
(included in default OpenSSL p...
This change replaces all direct ECDSA/RSA sign and decrypt operations
with calls through the cry...
cl8167 introduced internal/syscall/windows.GetVersion, but we already
have that function in sysc...
Windows XP SP2 and Windows 2003 do not support SHA2.
Change-Id: Ica5faed040e9ced8b79fe78d512586...
d7aeef6564941e1f4bdc5c1e3c16531f6a94eb65 authored over 9 years ago by Daniel Theophanes <[email protected]>
Commit 604fa4d5 made TLS 1.0 the default minimum version. This commit
amends a comment to reflec...
Fixes #10171.
Change-Id: I1b2e30ebbb2b9d66680008674baa96e550efe1f2
Reviewed-on: https://go-revi...
Comment changes only.
Change-Id: I56848814564c4aa0988b451df18bebdfc88d6d94
Reviewed-on: https:/...