Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/ooni/oocrypto
Fork of Go crypto/tls with extra patches from the OONI team
https://github.com/ooni/oocrypto
This specifically doesn't add support for X25519 certificates.
Refactored parsePublicKey not to ...
Fixes #56052
Change-Id: Icacba0ed0f77519bca2140c8af68407af97f9734
Reviewed-on: https://go-revie...
When PSSSaltLengthAuto is passed to SignPSS, and the key size is too
small to create a valid sal...
Should fix builds.
Change-Id: I309eccec8d08931b1ef8fee9327a08a97c6bf871
Reviewed-on: https://go...
Change-Id: I3fb4331c2b1b6adafbac3e76eaf66c79cd5ef56f
Reviewed-on: https://go-review.googlesource...
We already had some tests for special cases such as PSS with 513 bit
keys. The upcoming backend ...
Change-Id: Idee03a0c3e4bdb7d6b495f567db8bd644af480e5
Reviewed-on: https://go-review.googlesource...
As noticed in the review of the CRL RawIssuer updates (https://go-review.googlesource.com/c/go/+...
084e11956b5716c4cfd037043136dfbe28e2a6e2 authored about 2 years ago by Alexander Scheel <[email protected]>Fixes #26624
Change-Id: Ifab3fc2209d71b9a7de383eaa5786b7446de25fa
Reviewed-on: https://go-revie...
This loads the keys once per call, not once per block. This
has the effect of unrolling the inne...
We have been expanding our use of GODEBUG for compatibility,
and the current implementation forc...
FIPS-140 has been updated to allow 4096-bit RSA keys.
Allow them in certificate processing.
For...
fbb22d4adc26496841e0bc11238975747314b8ae authored about 2 years ago by Russ Cox <[email protected]>
Change-Id: Ib6ea1bd04d9b06542ed2b0f453c718115417c62c
Reviewed-on: https://go-review.googlesource...
Update crypto/ecdh to use boringcrypto when enabled.
Change-Id: Idd0ce06a22b1a62289b383c4689380...
29b25e98da0b109d7776c8d5fd2596e2ea031a8c authored about 2 years ago by Russ Cox <[email protected]>
This was the last piece of ref10 code, including the infamous "Christmas
tree" in scMulAdd, that...
crypto/rsa assumes RSA OAEP uses the same hash to be used for both the label
and the mask genera...
FIPS-140 has been updated to allow 4096-bit RSA keys.
Allow them in certificate processing.
Fix...
443f02a11285d74239e3e3cec48bd378421fae94 authored about 2 years ago by Russ Cox <[email protected]>
This allows programs that want SHA1 support to call os.Setenv at startup
instead of insisting th...
This allows programs that want SHA1 support to call os.Setenv at startup
instead of insisting th...
In verifyServerCertificate parse certificates using the global
certificate cache.
This should s...
61dc466b2508a3a5ecfeb855e9e2f1fb686629fb authored about 2 years ago by Roland Shoemaker <[email protected]>
Adds a BoringSSL CRYPTO_BUFFER_POOL style reference counted intern
table for x509.Certificates. ...
Change-Id: Ic16824482142d4de4d0b949459e36505ee944ff7
Reviewed-on: https://go-review.googlesource...
In following with Roland's TODO, switch TestDisableSHA1ForCertOnly to ParseRevocationList(...) o...
94a2bc9caf9482096781ee30c14dfc9bbc24d9bf authored about 2 years ago by Alexander Scheel <[email protected]>
Per discussion with Roland Shoemaker, this updates
x509.CreateRevocationList to mirror the behav...
Two edge cases that were mentioned in the docs are actually impossible:
* For NIST curves, EC...
4c06a6551abb5f1f5a17588704f382b9e4c7a06d authored about 2 years ago by Filippo Valsorda <[email protected]>
This allows programs that want SHA1 support to call os.Setenv at startup
instead of insisting th...
As of CL 443058, rand.Seed is not necessary to call,
nor is it a particular good idea.
For #548...
1cf66105811232b9eee4b0e7c34eb5965a104532 authored about 2 years ago by Russ Cox <[email protected]>
Change-Id: I73ace9f5b9481f3b88be0c5f6b9c5076d2f82c7f
Reviewed-on: https://go-review.googlesource...
Clarify documentation in cases where certificates returned from
various methods are not owned by...
Updates #31804
Change-Id: I5a48dfc57401576902674aff20b557e4a8ce8ab8
Reviewed-on: https://go-rev...
This minimizes addi usage inside vector heavy loops. This
results in a small performance uptick ...
The package doc included the copying header by mistake.
Change-Id: I37ac2d14b1b8a389e6b603fbb1c...
9ca1fd4d08af29a1483d4791d66172ce2e725f9e authored about 2 years ago by Park Zhou <[email protected]>
Change-Id: I375233dc700adbc58a6d4af995d07b352bf85b11
GitHub-Last-Rev: ef129205231b892f61b0135c87...
SecCreatePolicySSL returns null when called from a binary that has a
strange path. This seems to...
For #53821
Change-Id: I1b5c62288eca20ff50f6d8d979cf82df24d4545b
GitHub-Last-Rev: 266148570a6465...
Change-Id: I06f85f78c4c802142fc9207b100753decd568274
GitHub-Last-Rev: 4ad4c0f5e93df9ea83deb86b81...
Change-Id: I022a221e2d73cd8c70e8e04b7046c388748646a5
Reviewed-on: https://go-review.googlesource...
Change-Id: I92e110023739c6f8f7815c7e47ad7639c4e8812d
Reviewed-on: https://go-review.googlesource...
Fix the coversion between our sentinel salt length variables and the
BoringSSL versions in SignR...
Change-Id: I40fdfbd5cfb9f5ccb80d55bca28ff9ba1ec490f3
Reviewed-on: https://go-review.googlesource...
Change-Id: I5b063070a17bdeed57e73bfb76125b94268b3bc9
Reviewed-on: https://go-review.googlesource...
Replace custom append functions in the hash functions with the implementation of the encoding/bi...
1fefd91250a681ff5f96c490c03edab50e098230 authored over 2 years ago by Erik Pellizzon <[email protected]>
Change-Id: Ib6196f01b1927ea8a84c095f445320f03a514dd1
Reviewed-on: https://go-review.googlesource...
Merge go1.18.6
See https://github.com/ooni/probe/issues/2256
14b4317a64ecf67683f091e60d9285beac498ad3 authored over 2 years ago by Simone Basso <[email protected]>523b62a7a7d39da4c5f9966b1b0b73e4050d2bcb authored over 2 years ago by Simone Basso <[email protected]>
See https://github.com/ooni/probe/issues/2256
44b8006d3d7e31679c843ccc56e2231da28f36be authored over 2 years ago by Simone Basso <[email protected]>Updates #54854
Change-Id: I8a64a1176cbe16489e1fd21c66a7abc7d8b8e9b3
Reviewed-on: https://go-rev...
Change-Id: I73081b85e763122be1f5c0dbab25cecc9cf809df
Reviewed-on: https://go-review.googlesource...
This CL enable sha512 for arm64 and ~390% performance
improvement.
Contributed under the Go Lic...
18cdd811541743400ad2630bf791f8ace6877de8 authored over 2 years ago by Meng Zhuo <[email protected]>
Updates #49126
Fixes #54643
Change-Id: I9d6f6392b1a6748bdac1d2c6371b22d75829a2b6
Reviewed-on: h...
Updates #49126
Fixes #54642
Change-Id: I9d6f6392b1a6748bdac1d2c6371b22d75829a2b6
Reviewed-on: h...
MarshalPKIXPublicKey, CreateCertificate, CreateCertificateRequest,
MarshalECPrivateKey, and Mars...
MarshalPKIXPublicKey, CreateCertificate, CreateCertificateRequest,
MarshalECPrivateKey, and Mars...
Fixes #49126
Change-Id: I9d6f6392b1a6748bdac1d2c6371b22d75829a2b6
Reviewed-on: https://go-revie...
fix: backport darwin/arm64 patches from main
6c97dc749e7e88d7628ad46d8856aa9153bb93d0 authored over 2 years ago by Simone Basso <[email protected]>
This diff backports code to correctly handle darwin/arm64 from
`main` (see https://github.com/oo...
a495151f3aceb903d95e6bc48a42e1c823a0ae4d authored over 2 years ago by Simone Basso <[email protected]>
fix: ensure the conn we export implements NetConn
Part of https://github.com/ooni/probe/issue...
0e8e89ce27ca2329fc2b081441b1a0d9694f7674 authored over 2 years ago by Simone Basso <[email protected]>
I am not sure there's any issue in _building_ against the latest
stable release of oocrypto (and...
6cfeb2af1512038585f6f50c3ea935da2e56d91d authored over 2 years ago by Simone Basso <[email protected]>
Update the version of BoringCrypto to boringssl tag
fips-20210429, for which FIPS approval is "i...
This diff ensures we hardcode the capabilities of darwin/arm64.
While there, strive to make t...
d01c7ffbc56c63e73a2130a77d23f80ac1925881 authored over 2 years ago by Simone Basso <[email protected]>Merged go1.19 src/crypto into ooni/oocrypto
See https://github.com/ooni/probe/issues/2211
72b2086bdfdefcb2493bbfeae8a0eab99f33ce03 authored over 2 years ago by Simone Basso <[email protected]>9ebe843b1b77e05cd27013c0bfbc2aaba3b91693 authored over 2 years ago by Simone Basso <[email protected]>
762fd4f98fe0983887564822ce46dfa99fdb3d22 authored over 2 years ago by Simone Basso <[email protected]>
This merge has been interesting. It took quite some time and I
realized that I could further sim...
e8f43898d53e9aec484c406d1e2476343ab42697 authored over 2 years ago by Simone Basso <[email protected]>
Following CL 424454, using command
rg --multiline " the\s{1,}the " *
rg --multiline " the...
Generics lets us write Cache[K, V] instead of using unsafe.Pointer,
which lets us remove all the...
Export cipher.xorBytes as subtle.XORBytes, for proposal #53021,
to provide fast XOR to cryptogra...
This avoids an import conflict with crypto/subtle.
CL 424175 does the same for x/crypto.
Change...
376e9279ae294b5268cfd264c2d5182123d4560f authored over 2 years ago by Russ Cox <[email protected]>
Change-Id: I86af2508a31ea1e79d362c22ff4fac8900536761
GitHub-Last-Rev: d2a1ddccbd32499d7c379941da...
If a program only uses ecdh.P256(), the implementation of the other
curves shouldn't end up in t...
We use crypto/internal/edwards25519/field to implement X25519 directly,
so that golang.org/x/cry...
Change the type of Conn.handshakeStatus from an atomically
accessed uint32 to an atomic.Bool. Ch...
So we don't have to duplicate the logic to detect noopt builder in
multiple places.
Based on kh...
c5f70ebce0895e39b3799f768831d6b047099b98 authored over 2 years ago by Cuong Manh Le <[email protected]>As it can't appear in user package paths.
There is a hack for handling "go:buildid" and "type:*...
1e5f013b92b9cda6d671fa0fb118a93985a73685 authored over 2 years ago by Cuong Manh Le <[email protected]>Fixes #53198
Change-Id: I0c35fb278543bd487d19ae15c8175e88c45e2c1e
GitHub-Last-Rev: a3e29d2332ad...
Change-Id: I228a23754656b41843573bd4217de4df46c9df36
Reviewed-on: https://go-review.googlesource...
Similar to certificate serial numbers, RFC 5280 restricts the length of
the CRL number field to ...
When checking to see if a CRL entry has any extensions, attempt to read
them from the individual...
The x509.RevocationList type has two fields which correspond to
extensions, rather than native f...
There was a deprecation message on RevokedCertificate which was
intended to be on CertificateLis...
Adds documentation for a handful of RevocationList fields.
Updates #50674
Change-Id: I26b83855...
6a04ee42d561c2a1b6168fb37d6af8c2c7ff64af authored over 2 years ago by Roland Shoemaker <[email protected]>
Requested by the maintainers of the OpenSSL-based fork of Go+BoringCrypto,
to make maintaining t...
This CL addresses the comments on CL 403154.
For #51940.
Change-Id: I99bb3530916d469077bfbd530...
f7528990fd3a06e9cd73a8c9c09f6469bf523c8b authored over 2 years ago by Russ Cox <[email protected]>Upgrade to go1.18.3
d4b099ec0ed941eff5c5c24f32e541f1765c3d30 authored over 2 years ago by Simone Basso <[email protected]>
Conflicts:
rand/rand.go
rand/rand_batched.go
rand/rand_batched_test.go
rand/rand_getentropy....
bfe73a740c68dc7aa26dc85caad8b1d4b0833d8f authored over 2 years ago by Simone Basso <[email protected]>
The Read and Write methods of *tls.Conn call Handshake
unconditionally, every time they are call...
As required by RFC 8446, section 4.6.1, ticket_age_add now holds a
random 32-bit value. Before t...
Use the batched reader to chunk large Read calls on windows to a max of
1 << 31 - 1 bytes. This ...
feat(tls): NewClientConnStdlib should return oohttp.TLSConn like type
See https://github.com/...
5069b5e3bf80ba6bf06ee76c6587447b9c6eff5a authored over 2 years ago by Simone Basso <[email protected]>
By doing that, we can replace code in ooni/probe-cli that performs
the TLS handshake with code u...
feat(tls): add stdlib-aware Client-like factory
See https://github.com/ooni/probe/issues/2106
62ee696731f527048a95eec892569aec86b8d2a1 authored over 2 years ago by Simone Basso <[email protected]>
This commit adds a factory that works like tls.Client and, in
particular, takes in input a crypt...
5aefdc664f5f0af48a3f091b4f7b2e3abd899ac1 authored over 2 years ago by Simone Basso <[email protected]>
d8b8df1b715008cf028dfda726eddb08e619bfe9 authored over 2 years ago by Simone Basso <[email protected]>
chore: upgrade to go1.18.2
2cccb46294b1068772f86af2d877da04f6cbfaa9 authored over 2 years ago by Simone Basso <[email protected]>9a8fb473607fba0487446f007c7952df9f49fec3 authored over 2 years ago by Simone Basso <[email protected]>