Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/ooni/oocrypto
Fork of Go crypto/tls with extra patches from the OONI team
https://github.com/ooni/oocrypto
Fixes #41398
Change-Id: Ib47b8ec43bb11d8cd13c24f833532434127c7532
Reviewed-on: https://go-revie...
Updates dave/dst#45.
Change-Id: I165e6b3d002407a33908bf90a66ad01f8003b260
Reviewed-on: https://...
BP should be callee-save. It will be saved automatically if
there is a nonzero frame size. Other...
This reverts CL 202578 and CL 230677 which added an optimization
to use KDSA when available on s...
When using the platform verifier on Windows (because Roots is nil) we
were always enforcing serv...
Change-Id: I61d6a6d4959fdea8339b9d666385bf6b4ed49d03
8031a1a82690994fb6f91058d7688dd6ebc978c4 authored over 4 years ago by Dmitri Shuralyov <[email protected]>Change-Id: I948e086e11e1da571e2be23bb08a7bbd6618dc2f
5e63744a22cc1bc31b7f991fe92d0d2fb05529da authored over 4 years ago by Dmitri Shuralyov <[email protected]>Also add a test to lock in this policy.
Fixes #40065
Change-Id: Iedc4586f2f5598046d84132a8f3bb...
250da8e56e2dd80819bcb1a18227736940abf28b authored over 4 years ago by Filippo Valsorda <[email protected]>
Change-Id: Iee53acb963a889410f8c6daaa9a7841f1b12c6fb
Reviewed-on: https://go-review.googlesource...
Fixes #39074
Change-Id: I72ec95f4b190253bb82d52a03a769b0399170b93
Reviewed-on: https://go-revie...
This doesn't change how ExtraNames are printed, so as not to cause
unnecessary churn of current ...
Summary
The crypto/tls/generate_cert.go utility should only set the template
x509.Certificate's...
Fixes #37907
Change-Id: Ia077de6dcc74ed761d278eab4efbf45e151429b8
Reviewed-on: https://go-revie...
Look at how much better it is!
Updates #36736
Change-Id: I53a314a103a42dd869c05823fa50f37d70f9...
b1ba0adfe89a876cb7a2cef6c44008a7243a284a authored over 4 years ago by Filippo Valsorda <[email protected]>Fixes #37572
Change-Id: I493392f535a979ee16609861041da2ecfe21cf77
Reviewed-on: https://go-revie...
Change-Id: I58e3febbf63049bebb4f8ed8893288183c8aaccd
Reviewed-on: https://go-review.googlesource...
Fixes #38710
Change-Id: I9b210e95fd997ff53ec704c5f61110045aaa94bb
Reviewed-on: https://go-revie...
Switched the generator to using the open source releases of the root
store rather than HTML pars...
This also implies it can't be passed to Marshal.
Fixes #37294
Change-Id: I1e6b6abd87ff31f32348...
e862dc01de3d89b7c95be5d970e01d61bf10cce4 authored over 4 years ago by Filippo Valsorda <[email protected]>
Restore previously sent SCTs and stapled OCSP response during session
resumption for both TLS 1....
Rather than hashing the encoding of the SPKI structure, hash the
bytes of the public key itself....
This change makes the direct call darwin loadSystemRoots implementation
match the existing cgo i...
The ConnectionState's CipherSuite was not set prior
to the VerifyConnection callback in TLS 1.2 ...
Updates #25256
Change-Id: If16c42581f1cf3500fd7fd01c915e487f8025e55
Reviewed-on: https://go-rev...
Also add a test that could reproduce this error and
ensure it doesn't occur in other configurati...
This change adds a comment to the Verify documentation that indicates
that you can use URI and e...
This fixes a bug in CL 228777 which disallowed
a MaxPathLen of -1 without IsCA, even though the
...
In CL 231958, TempDir was changed to create a new temp directory on
each allocation, on the theo...
This was causing issues when fuzzing with
TestMarshalUnmarshal since the test would
occassionall...
Change-Id: I33fcde2d544943fb04c2599810cf7fb773aeba1f
Reviewed-on: https://go-review.googlesource...
Change-Id: I083d1e4e997b30d9fab10940401eaf160e36f6c1
1818cac1f67592d20d0ab3805fe1c9ea8754c8c3 authored over 4 years ago by Dmitri Shuralyov <[email protected]>
Since the ConnectionState will now be available during
verification, some code was moved around ...
Automatically rotate session ticket keys for servers
that don't already have sessionTicketKeys a...
Colons are port separators, so it's risky to allow them in hostnames.
Per the CL 231377 rule, if...
Trailing dots are not allowed in certificate fields like CN and SANs
(while they are allowed and...
Common Name has been deprecated for 20 years, and has horrible
interactions with Name Constraint...
When the input or SAN dNSNames are not valid hostnames, the specs don't
define what should happe...
Fixes #34105
Co-authored-by: Filippo Valsorda <[email protected]>
Change-Id: I3470343ec9ce9a0b...
Change-Id: Idd59c37d2fd759b0f73d2ee01b30f72ef4e9aee8
702a6d79d837d5e531ffec200a1026b9d034fae2 authored over 4 years ago by Dmitri Shuralyov <[email protected]>
+----------------------------------------------------------------------+
| Hello, if you are rea...
Also encode the certificates in a way that's more
consistent with TLS 1.3 (with a 24 byte length...
This matches the new crypto/rsa behavior introduced in CL 226203.
Updates #21896
Change-Id: If...
ef5a29229b4bed02da026fca7cadc608ec58547f authored over 4 years ago by Filippo Valsorda <[email protected]>
Speed up repeated HMAC operations with the same key by not recomputing
the first block of the in...
Change-Id: I2910f322256c521dd03b1dc23d117defdcd0aa54
Reviewed-on: https://go-review.googlesource...
Before going around making changes, surface the current behavior in the
docs as a starting point...
Clients have to reject any HelloRetryRequest message that doesn't lead
to a change in the Client...
Change-Id: I95a60b837e19d0c4bf45ea74baa5843a8244a186
Reviewed-on: https://go-review.googlesource...
Fixes #38190
Change-Id: I10766068ee18974e81b3bd78ee0b4d83cc9d1a8c
Reviewed-on: https://go-revie...
Fixes #37763
Change-Id: Ic6bcc9af0d164966f4ae31087998e5b546540038
Reviewed-on: https://go-revie...
On Linux distros at least, it's common for cert directories to have
symlinks pointing to other c...
Replaced almost every use of Bytes with FillBytes.
Note that the approved proposal was for
...
b51a577b0351c416de3aeae9b1a8b4ec24985abc authored over 4 years ago by Filippo Valsorda <[email protected]>
Previously, non-standard attributes in Name.Names were being
omitted when printed using Name.Str...
Per suggestion in CL 202578, this CL drops the purego build tag used
within this package.
Chang...
5461a44f6303f412ea260b25bb8f68b0afca9651 authored over 4 years ago by Ruixin Bao <[email protected]>This CL revives CL 174437(also IBM CLA) and adds benchmarks and some simplifications.
The origi...
2fa601a926998c6bd330953d87f9f4b49c8ef815 authored over 4 years ago by Ruixin Bao <[email protected]>
This CL allows the usage of KDSA instruction when it is available. The
instruction is designed ...
On darwin/arm64, the copy of the system roots takes 256 KiB of disk
and 560 KiB of memory after ...
Fixes #38216
Change-Id: I3222abe2153abb4cbfa65a4825c153ce128f56a0
Reviewed-on: https://go-revie...
Fixes #18482
Change-Id: I99d65dc5d824c00093ea61e7445fc121314af87f
Reviewed-on: https://go-revie...
Fixes #35313
Change-Id: I7be3c40f338de6b1808358ea01e729db8b533ce5
Reviewed-on: https://go-revie...
This saves 166 KiB for a tls.Dial hello world program (5382441 to
5212356 to bytes), by permitti...
Change-Id: I9e6a11c7d8c61d0182467438b35eb6756db7aa89
Reviewed-on: https://go-review.googlesource...
Fixes #26676
Change-Id: I5bc91d4a8161bc6ff25effcf93f551f735fef115
Reviewed-on: https://go-revie...
Fixes #29971
Change-Id: I2f1653640c88fafe0ec17a75dcf41d5896c4cb8e
Reviewed-on: https://go-revie...
Change-Id: I2dcec316fd08d91db4183fb9d3b9afde65cc248f
125e06611b5cad1f183e177ee4f935aed45ee1bb authored almost 5 years ago by Filippo Valsorda <[email protected]>
The cgo build tag is not necessary for root_darwin_arm64.go. We can't
build for darwin/arm64 wit...
This removes all conditions and conditional code (that I could find)
that depended on darwin/arm...
This removes all files that are only used on darwin/arm and cleans up
build tags in files that a...
The function 'block' called indirectly via function literal 'blockGeneric' prevents
'gc' perform...
Cleaned up for readability and consistency.
There is one tiny behavioral change: when PSSSaltLe...
8d1f8c40d97eb695aa61598c301514a8ac60a657 authored almost 5 years ago by Filippo Valsorda <[email protected]>Fixes #35911
Change-Id: I093d25aa169963769b51c37d2481bce71bd0fd2f
Reviewed-on: https://go-revie...
Per RFC 8017, reject signatures which are not the same length as the RSA
modulus. This matches t...
Change-Id: Ie2d605ca8cc3bde2e26c6865642ff4e6412cd075
GitHub-Last-Rev: ce5c3ba369b2ef476e7c63e440...
This makes all modern public keys in the standard library implement a
common interface (below) t...
Fixes #33430
Change-Id: I323323b3136dd7b408005c3bb5ea05e3b566bd38
Reviewed-on: https://go-revie...
This reverts CL 223754.
Reason for revert: new tests are failing on all longtest builders.
Cha...
e6629c5428eebd16b3f9cb5a9d2bc32ce2c9329e authored almost 5 years ago by Bryan C. Mills <[email protected]>
This makes all modern public keys in the standard library implement a
common interface (below) t...
The existing Certificate.CreateCRL method generates non-conformant CRLs and
as such cannot be us...
The minimum macOS supported version is 10.11 as of Go 1.14, see #23011.
Thus, bump macosx-versio...
Changing "man-in-the-middle" references to "machine-in-the-middle",
it's a more inclusive term a...
Fixes #35499
Change-Id: Ieb487782f389f6d80e8f68ee980e584d906cb4da
Reviewed-on: https://go-revie...
RSA key types have a finalizer that will free the underlying C value
when the Go one is garbage ...
Use OPENSSL_malloc for set0 functions as OPENSSL_free now catches us
using the libc malloc and a...
This CL changes some unit test functions, making sure that these tests (and goroutines spawned d...
32a61ad38aa54f9fceea70f8e25ab32ec0037096 authored almost 5 years ago by Ziheng Liu <[email protected]>
Change-Id: I2a233190bda78ca022ff4074b4553788847d7583
Reviewed-on: https://go-review.googlesource...
Change-Id: Ia4f77d2965e34454e8dd3f2d8bf9c4f3065a9fbc
Reviewed-on: https://go-review.googlesource...
"SSL_CERT_DIR" is meant to hold more than one directory, when a colon
is used as a delimiter. Ho...
Also fix typo in crypto/cipher/gcm_test.go.
Fixes #37118
Change-Id: I8544d1eeeb1f0336cebb977b8...
e13276a73f4ccded428c8c30603d38b8ee0fb79c authored almost 5 years ago by Katie Hockman <[email protected]>
When run as a separate program, the code in ExampleDial panicked due to
an expired certificate. ...
This CL should not change the logic at all, but it took me a while to
figure out why we use thes...
Update the Example in the crypto/ecdsa package for signing
and verifying signatures to use these...
The error message for trailing data after the X.509 issuer should
correctly state "issuer" inste...
See https://tools.ietf.org/html/rfc8422#appendix-A for a helpful table.
Also, commit to keeping...
89410e23e398649d5184bb87ab2d059f6ca3e351 authored almost 5 years ago by Filippo Valsorda <[email protected]>Fixes #36735
Change-Id: I93f005d78f4bfac773272995b165172461bae92f
Reviewed-on: https://go-revie...
An attacker can trick the Windows system verifier to use a poisoned set
of elliptic curve parame...
I noticed this leak while writing CL 214977.
Change-Id: I7566952b8e4bc58939d23435aea86576fc58dd...
d529b36ad5d6849cc9add6891b4b09e051d5e8b6 authored almost 5 years ago by Brad Fitzpatrick <[email protected]>
Change-Id: Ic7997d1f747152afec78e8e439770166029f34ec
GitHub-Last-Rev: 6a07f25056c960dc8684cd6eac...
After golang.org/cl/210124, I wondered if the same error had gone
unnoticed elsewhere. I quickly...
Fix a minor typo in the TLS handshake comment.
Change-Id: I0fd243e5440f6c77c97e844e6669a7974a2c...
5aca8729c30c62b747c174a3d5c492eb4a507585 authored about 5 years ago by Alex Harford <[email protected]>NPN was removed in CL 174329.
Change-Id: Ic63ad53e7e24872e28673d590727e0300f435619
Reviewed-on:...
Move the import in cipher_suites.go up where it's less likely to ever
conflict again, and remove...