Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/ooni/oocrypto

Fork of Go crypto/tls with extra patches from the OONI team
https://github.com/ooni/oocrypto

crypto/tls: disable RC4 by default.

RC4 is frowned upon[1] at this point and major providers are disabling it
by default[2].

Those ...

b007a3d57c75aca7b4604b2d1845a3829754ed16 authored almost 10 years ago by Adam Langley <[email protected]>
crypto/tls: panic with unknown hash functions.

Just so that we notice in the future if another hash function is added
without updating this uti...

0b120b898120c5c157981bd3fa856a75ecf21d1c authored almost 10 years ago by Adam Langley <[email protected]>
crypto/{ecdsa,rsa}: always use io.ReadFull with crypto/rand.Reader.

crypto/rand.Reader doesn't ensure that short reads don't happen. This
change contains a couple o...

7658afbce8067955ab28e51643bb122ecccc22b7 authored almost 10 years ago by Adam Langley <[email protected]>
crypto/tls: return correct hash function when using client certificates in handshake

Commit f1d669aee994b28e1afcfe974680565932d25b70 added support for
AES_256_GCM_SHA384 cipher suit...

8ecaa19372223d8938718915ae539a96e4ca50b4 authored almost 10 years ago by Joël Stemmer <[email protected]>
crypto/rsa: implement crypto.Decrypter

Decrypter is an interface to support opaque private keys that perform
decryption operations. Thi...

dd82efb52c03000b7ee5dbeaf341641fa45b86d0 authored almost 10 years ago by Nick Sullivan <[email protected]>
crypto/tls: fix typo in tls handshake error

Change-Id: Ia9f39250619ea6e94157efceddfb2e02d35f3ae2
Reviewed-on: https://go-review.googlesource...

ea6c852096c139fff20d3022dc7a37dbd6b61a66 authored almost 10 years ago by Joël Stemmer <[email protected]>
crypto/x509: skip tests not made for darwin/arm

Change-Id: I8b18dc840425b72d7172a35cb0ba004bd156492d
Reviewed-on: https://go-review.googlesource...

23a72200055d7ea1ca42f010c743fed7f02d8912 authored almost 10 years ago by David Crawshaw <[email protected]>
crypto/x509: make behaviour of absolute DNS names match Chromium.

Previously, we didn't handle absolute DNS names in certificates the same
way as Chromium, and we...

126e6aff54aa86083c555bc6d7c7f317931d6610 authored almost 10 years ago by Adam Langley <[email protected]>
crypto/x509: allow wildcards only as the first label.

RFC 6125 now specifies that wildcards are only allowed for the leftmost
label in a pattern: http...

4999a4b26729c1ecfb65b4f67c613afb5582963b authored almost 10 years ago by Adam Langley <[email protected]>
crypto/tls: allow larger initial records.

Some servers which misunderstood the point of the CertificateRequest
message send huge reply rec...

590c002fa4c33254ebb22c2d5ed99f0263682434 authored almost 10 years ago by Adam Langley <[email protected]>
crypto/x509: don't reject certs with critical policy extensions.

There was a missing continue that caused certificates with critical
certificate-policy extension...

91387f81f5d18ef9450112d9a922e0fba9251633 authored almost 10 years ago by Adam Langley <[email protected]>
crypto/rsa: drop the primality check in crypto/rsa.Validate.

This check is expensive and adversely impacts startup times for some
servers with several, large...

1e13f57c1c28f8732d0ca44d19be20537a0657f2 authored almost 10 years ago by Adam Langley <[email protected]>
[dev.cc] crypto/md5, crypto/sha1: restore a few SP references

Applying my post-submit comments from CL 5120.
The rewrite there changed the code from writing t...

2a7d1bf498dfe538df3777d8048aef22111df2e6 authored almost 10 years ago by Russ Cox <[email protected]>
[dev.cc] all: merge master (5868ce3) into dev.cc

This time for sure!

Change-Id: I7e7ea24edb7c2f711489e162fb97237a87533089

6dcf0cf48a27c699ebf8ef4ddf9654af85771ebd authored almost 10 years ago by Russ Cox <[email protected]>
crypto/x509: embed certificates on darwin/arm

Change-Id: Ia6b06f19e5ac424f01a1b90b78b507363b0c4577
Reviewed-on: https://go-review.googlesource...

e70440fddc19339f599c50116d2cefc1206c61b9 authored almost 10 years ago by David Crawshaw <[email protected]>
[dev.cc] cmd/asm: make 4(SP) illegal except on 386

Require a name to be specified when referencing the pseudo-stack.
If you want a real stack offse...

701d79dd80961c2eddbd8c3cf5a2fdff4a992f5f authored almost 10 years ago by Rob Pike <[email protected]>
[dev.cc] crypto/md5: fix arm assembler in md5block_arm.s

The mechanical edit in the last round managed to miss ROUND1, among
other indgnities.

Change-Id...

0f67bb0582270e1bbcddafe1201f2993404bb165 authored almost 10 years ago by Rob Pike <[email protected]>
[dev.cc] all: edit assembly source for ARM to be more regular

Several .s files for ARM had several properties the new assembler will not support.
These includ...

109c21b8943fc401ba5422eda0e623627a9f94c4 authored almost 10 years ago by Rob Pike <[email protected]>
crypto/x509: allow matchHostnames to work with absolute domain names

If an absolute domain name (i.e. ends in a '.' like "example.com.") is used
with ssl/tls, the ce...

b39171b98302e2cd47a08e1d21219c77927b535c authored almost 10 years ago by rubyist <[email protected]>
all: don't refer to code.google.com/p/go{,-wiki}/

Only documentation / comment changes. Update references to
point to golang.org permalinks or go....

3be0f3cd57e8b3cccdcc4bd779b74a38bf0df879 authored almost 10 years ago by Péter Surányi <[email protected]>
crypto/tls: add support for AES_256_GCM_SHA384 cipher suites specified in RFC5289

Generalizes PRF calculation for TLS 1.2 to support arbitrary hashes (SHA-384 instead of SHA-256)...

a788f6b48db2a60ef0a95e0ba5a784cfe9812528 authored almost 10 years ago by Jacob H. Haven <[email protected]>
crypto/x509/pkix: Parse and add additional elements in a DN

Additional elements in a DN can be added in via ExtraNames. This
option can also be used for sor...

62e19c3e4de504d62b00000b1339d2c6fa103661 authored almost 10 years ago by Paul van Brouwershaven <[email protected]>
crypto/ecdsa: make Sign safe with broken entropy sources

ECDSA is unsafe to use if an entropy source produces predictable
output for the ephemeral nonces...

a9181426e24787ef2861d080e63fd8be6067e580 authored almost 10 years ago by David Leon Gil <[email protected]>
Revert "crypto/ecdsa: make Sign safe with broken entropy sources"

This reverts commit 8d7bf2291b095d3a2ecaa2609e1101be46d80deb.

Change-Id: Iad2c74a504d64bcf7ca70...

7769ae6ae6acc7c8d6781ffe162dd38f62de9cc8 authored almost 10 years ago by Adam Langley <[email protected]>
crypto/ecdsa: make Sign safe with broken entropy sources

ECDSA is unsafe to use if an entropy source produces predictable
output for the ephemeral nonces...

01a0a16fd09788dd57eafe3a94d9f7ad327373e1 authored almost 10 years ago by David Leon Gil <[email protected]>
crypto/x509: implement crypto.Signer

Signer is an interface to support opaque private keys.
These keys typically result from being ke...

932d7ec9f66da7f58626ddf18cadfebc89aebd67 authored almost 10 years ago by Paul van Brouwershaven <[email protected]>
Revert "crypto/x509: implement crypto.Signer"

This reverts commit cef15faafe5d15ba6242bad3504a52d287f78b88.

Change-Id: I6df3e9ea48cd588938925...

e2d303c5041f046e6980e0dafbee3fe22ca826cb authored almost 10 years ago by Adam Langley <[email protected]>
crypto/x509: Authority Key Identifier must be included in all CRLs issued

According to RFC5280 the authority key identifier extension MUST included in all
CRLs issued. Th...

52f7283203169240ce13a999c11975f4a4abd462 authored almost 10 years ago by Paul van Brouwershaven <[email protected]>
crypto/x509: implement crypto.Signer

Signer is an interface to support opaque private keys.
These keys typically result from being ke...

e50b282007587e0030bfda9895b42a1dd7472137 authored almost 10 years ago by Paul van Brouwershaven <[email protected]>
crypto/x509: write exact BitLength in ASN.1 encoding for certificate KeyUsage

The encoded value of the certificate KeyUsage did contain additonal padding
that was not present...

8cb2196aede0a55bc12505177801f10c27e1e021 authored almost 10 years ago by Adam Langley <[email protected]>
crypto/x509: add cert SmartOS cert path

Fix SmartOS build that was broken in 682922908f7.

SmartOS pretends to be Ubuntu/Debian with res...

a5acfd69138325797035da2a517816b04e0e4e84 authored almost 10 years ago by Dave Cheney <[email protected]>
crypto/tls: remove return parameter stutter

Per https://golang.org/s/style#named-result-parameters

Change-Id: If69d3e6d3dbef385a0f41e743fa4...

bf7d5fade0779692b1c724f1abdf7069ce1eed97 authored almost 10 years ago by Brad Fitzpatrick <[email protected]>
crypto/x509: Correction of incrorrect default version number in TBSCertificateList and Certificate.CreateCRL

RFC5280 states:

"This optional field describes the version of the encoded CRL. When
extension...

3acb3aaa868a26c4f7a96fa3dfcb09d29a838969 authored almost 10 years ago by Paul van Brouwershaven <[email protected]>
crypto/elliptic: add Name field to CurveParams struct

And add names for the curve implemented in crypto/elliptic.

This permits a safer alternative to...

b491821b1e0b3aaa4863b9ab285370662a14213b authored almost 10 years ago by David Leon Gil <[email protected]>
crypto/x509: NULL parameter MUST be present in the Signature Algorithm (RSA)

According to RFC4055 a NULL parameter MUST be present in the signature
algorithm. This patch add...

dd2c2a1c101aaaacd3642c5e1bd6f44bf106213f authored almost 10 years ago by Paul van Brouwershaven <[email protected]>
crypto/tls: fix renegotiation extension.

There are two methods by which TLS clients signal the renegotiation
extension: either a special ...

de5c0ef4317134b0259da4b6acfaa465eae7452b authored almost 10 years ago by Adam Langley <[email protected]>
crypto/rsa: rsa.SignPSS with opts=nil shouldn't crash.

SignPSS is documented as allowing opts to be nil, but actually
crashes in that case. This change...

e3c400dbe3dc2b231604e786e829f9c716b2cee1 authored almost 10 years ago by Adam Langley <[email protected]>
crypto/x509: add missing copyright

Change-Id: Ida3b431a06527f6cd604ab4af5ce517959c8619b
Reviewed-on: https://go-review.googlesource...

941efa1443f12c060fc5ccb22719d21c52fd5e0e authored almost 10 years ago by Mikio Hara <[email protected]>
crypto/x509: fix nacl build

Change-Id: Ie47c6460c1749aef3cf6d7c6ba44d43305d7ca7b
Reviewed-on: https://go-review.googlesource...

af01a32f1b7757c0e39c7a51bafd5b87dd8587e5 authored almost 10 years ago by Mikio Hara <[email protected]>
crypto/x509: split certFiles definition by GOOS

This CL splits the (ever growing) list of ca cert locations by major unix
platforms (darwin, win...

cb52f23202a559cdb18f30e506741376742791b8 authored almost 10 years ago by Dave Cheney <[email protected]>
crypto/cipher: update docs for the Stream interface

Specify what will happen if len(dst) != len(src).

Change-Id: I66afa3730f637753b825189687418f14d...

705037d8cc5e8e0d6b92f397685f4f9a2474c756 authored almost 10 years ago by Shenghou Ma <[email protected]>
crypto/tls: change default minimum version to TLS 1.0.

SSLv3 (the old minimum) is still supported and can be enabled via the
tls.Config, but this chang...

325b6ab692c8c7c59191335b24dea27426cb30de authored about 10 years ago by Adam Langley <[email protected]>
crypto/tls: enable TLS_FALLBACK_SCSV in server with default max version

Fix TLS_FALLBACK_SCSV check when comparing the client version to the
default max version. This e...

d17352d097c468ad68f560344f4baaf2f2d1a393 authored about 10 years ago by Ben Burkert <[email protected]>
crypto/rand: handle EAGAIN reads from /dev/urandom

Fixes #9205

Change-Id: Iacd608ba43332008984aa8ece17dcb5757f27b3f
Reviewed-on: https://go-review...

00b2ba0878b9435f6a5c6b3ac481c58c6f46c26d authored about 10 years ago by Brad Fitzpatrick <[email protected]>
crypto/x509: add Solaris certificate file location

Fixes #9078.

LGTM=adg
R=golang-codereviews, adg
CC=golang-codereviews
https://golang.org/cl/172...

262b0d6cf3d08eb6b8ca43314bc2155c4cd81dbe authored about 10 years ago by Ian Lance Taylor <[email protected]>
all: use golang.org/x/... import paths

LGTM=rsc, r
R=r, rsc
CC=golang-codereview, golang-codereviews
https://golang.org/cl/168050043

7f73d614fb079afabdc82857a8b699d3e856676f authored about 10 years ago by Andrew Gerrand <[email protected]>
crypto/tls: support TLS_FALLBACK_SCSV as a server.

A new attack on CBC padding in SSLv3 was released yesterday[1]. Go only
supports SSLv3 as a serv...

57d719c4dd8bfdcb3c0559246f785da7bcc35f7b authored about 10 years ago by Adam Langley <[email protected]>
crypto/x509: correct field name in comment

Fixes #8936.

LGTM=bradfitz
R=agl, bradfitz
CC=golang-codereviews
https://golang.org/cl/152590043

6babc0c7f1110bf4370f0a91a52add86b6dbfc75 authored about 10 years ago by Ian Lance Taylor <[email protected]>
crypto/x509: continue to recognise MaxPathLen of zero as "no value".

In [1] the behaviour of encoding/asn1 with respect to marshaling
optional integers was changed. ...

1e24e09a1554d158000fd66580808afa84d13f53 authored about 10 years ago by Adam Langley <[email protected]>
crypto/x509: add OpenELEC system root location.

Fixes #8349.

LGTM=rsc
R=rsc
CC=golang-codereviews
https://golang.org/cl/147320043

118c62daf32a2b928980afca602151994337cc4c authored about 10 years ago by Dave Cheney <[email protected]>
x509: Fixed ASN.1 encoding in CRL Distribution Points extension

The ASN.1 encoding of the CRL Distribution Points extension showed an invalid false 'IsCompound'...

454e398fedf1a3a1409eebd5a8e05d92a5019b5e authored about 10 years ago by Paul van Brouwershaven <[email protected]>
x509: add root certs for android.

On android, root certificates appear to be stored in the folder
/system/etc/security/cacerts, wh...

066ef05b95451f21518e7a8c875c376a4728a7c2 authored about 10 years ago by Tom Linford <[email protected]>
crypto/x509: accept CRLs without an expiry.

RFC5280 says that the nextUpdate field is optional.

Fixes #8085.

R=bradfitz
CC=golang-coderevi...

e6591d4a40d32d764e20f8a38d91fc9712c73527 authored about 10 years ago by Adam Langley <[email protected]>
crypto/tls: ensure that we don't resume when tickets are disabled.

LGTM=r
R=r, adg, rsc
https://golang.org/cl/148080043

5dce04efdde4d51cdc002b1f97b4ac4a1888d93e authored about 10 years ago by Adam Langley <[email protected]>
build: move package sources from src/pkg to src

Preparation was in CL 134570043.
This CL contains only the effect of 'hg mv src/pkg/* src'.
For ...

b8b9a5ad0536c04e5828a796250d7cabba0d7b9d authored over 10 years ago by Russ Cox <[email protected]>