Updated TestBoringServerSignatureAndHash to expect RSA-PSS to work with
TLS 1.2, and hence with ...

Change-Id: Ia65bac00fe8600f50620ce0583455eb33f06ff95
Reviewed-on: https://go-review.googlesource...

Signing-side signature algorithm selection moved to
selectSignatureScheme, so add FIPS logic the...

Change-Id: I5b909df0fd048cd66c5a27fca1b06466d3bcaac7
GitHub-Last-Rev: 778c5d21311abee09a5fbda2e4...

Change-Id: Icd5006e37861d892a5f3d4397c3826179c1b12ad
Reviewed-on: https://go-review.googlesource...

Fixes #29583

Change-Id: Ia89433bddd4c9f67ec1f0150b730cde8a7e973ee
Reviewed-on: https://go-revie...

Fixes #29793

Change-Id: I6e389d166c2d9a2ba8664a41f4b9569f2481b27f
Reviewed-on: https://go-revie...

Fixes #30325

Change-Id: I497110224bb73ecfcc4655698a794e7aa4a66925
Reviewed-on: https://go-revie...

The cipher suites were apparently renamed late in the standardization
process, and we picked up ...

TLS 1.3, which requires RSA-PSS, is now enabled without a GODEBUG
opt-out, and with the introduc...

This will let applications stop crypto/tls from using a certificate key
with an algorithm that i...

Now that we have a full implementation of the logic to check certificate
compatibility, we can l...

Also, add Version to CertificateRequestInfo, as the semantics of
SignatureSchemes change based o...

We'll also use this function for a better selection logic from
Config.Certificates in a later CL...

This refactors a lot of the certificate support logic to make it cleaner
and reusable where poss...

This makes Ed25519 certificates work for CreateCRL(). This previously
failed (panic: crypto: req...

Setting InsecureSkipVerify and VerifyPeerCertificate is the recommended
way to customize and ove...

dsa.Verify might currently use a nil s inverse in a
multiplication if the public key contains a ...

Change-Id: Ie68fd4fe2879e6b5417a1a4240971e3d837bf115
Reviewed-on: https://go-review.googlesource...

Replace

buf := [HUGE_CONST]*T)(unsafe.Pointer(p))[:]

with

buf := [HUGE_CONST]*T)(unsafe.Point...

Even though bitwise operations may be slightly more
performant, the readability improvement of a...

Follow the recommandation from RFC 8422, section 5.1.2 of sending back the
ec_points_format exte...

Also, fix the alert value sent when a signature by a client certificate
is invalid in TLS 1.0-1....

As suggested by comments from the review of CL 168478, this adds
Go code to do reverse bytes and...

This adds an asm implementation of the p256 functions used
in crypto/elliptic, utilizing VMX, VS...

Rhys Hiltner noted in #14939 that this defer was
syntactically inside a loop, but was only ever
...

Fixes #35052

Change-Id: Ie7c52f39203cf16d8b53a333b591cffccdf7446a
Reviewed-on: https://go-revie...

localPipe currently flakes in various crypto/tls tests. Since that
function doesn't seem to flak...

This a revert of CL 174437 and follow up fix CL 201317.

The s390x assembly in this package make...

I used too small a size for buffers, which can cause a panic in some testing.
The new buffer siz...

We should keep a consistent way of formatting errors
in this file.

Fixes #34848

Change-Id: Ibb...

Part 1: CL 199499 (GOOS nacl)
Part 2: CL 200077 (amd64p32 files, toolchain)
Part 3: stuff that a...

This is part two if the nacl removal. Part 1 was CL 199499.

This CL removes amd64p32 support, w...

You were a useful port and you've served your purpose.
Thanks for all the play.

A subsequent CL...

RELNOTE=yes

Fixes #28362

Change-Id: I43813c0c17bbe6c4cbb4d1f121518c434b3f5aa8
Reviewed-on: htt...

According to spec, the hash must be truncated, but crypto/dsa
does not do it. We can't fix it in...

Because errors like:

certificate has expired or is not yet valid

make it difficult to dist...

Change-Id: Ifbdf33ee4e413c3edba59b7dbed00ab90698cd35
GitHub-Last-Rev: c3bd33c4cf9c4f4a1e6724c93b...

This improves the performance of xorBytesVSX in crypto/cipher by
unrolling the loop that does th...

This adds an asm implementation for aes-gcm on ppc64le to improve
performance.

Results on power...

This allows the returned key/signature to be stack-allocated where possible.

name ...

Currently if type of public key is unsupported, error message is "only
RSA and ECDSA public keys...

Change-Id: I56d7eeaf777ac30886ee77428ca1ac72b77fbf7d
Reviewed-on: https://go-review.googlesource...

Use the following (suboptimal) script to obtain a list of possible
typos:

#!/usr/bin/env sh

...

Change-Id: Iae3a3e1ab8819967548e91edc5ba4e8fb07ec856

The exception allowed a specific intermediate [1] to chain up to a
broken root that lacked the C...

Change-Id: I3cd94be655e5374b52494f756ff087352705da6d

The current implementation panics on nil certificates,
so introduce a nil check and early return...

Include references in the package-level comment block, expand
the obscure IRO acronym, and add a...

Fixes #30055

Change-Id: If757c43b52fc7bf62b0afb1c720615329fb5569d
Reviewed-on: https://go-revie...

SSLv3 has been irreparably broken since the POODLE attack 5 years ago
and RFC 7568 (f.k.a. draft...

It was mistakenly re-enabled in CL 146217.

Fixes #33837

Change-Id: I8c0e1787114c6232df5888e51e...

ParsePKIXPublicKey gained Ed25519 support in CL 175478.

Change-Id: I11ffe0a62743292367b3adb1039...

Change-Id: I932de9bb061a8ba3332ef03207983e8b98d6f1e5
Reviewed-on: https://go-review.googlesource...

Updates #32716

Change-Id: Ia0c03918e8f2da4d9824c49c6d4cfca1b0787b0a
Reviewed-on: https://go-rev...

Session resumption is not a reliable TLS behavior: the server can decide
to reject a session tic...

The localPipe implementation assumes that every successful net.Dial
results in exactly one succe...

Change-Id: Ic1d89215bb3e37a722d3d3bc7698edea940a83d9

Change-Id: I8f0e109053bbbd8bde4fa64059fd070d8f4acef2
Reviewed-on: https://go-review.googlesource...

The RFC recommends checking the X25519 output to ensure it's not the
zero value, to guard agains...

Removed cross-dependencies between handshake_server_test.go and
handshake_client_test.go; moved ...

Signing with RSA-PSS can uncover faulty crypto.Signer implementations,
and it can fail for (brok...

As suggested by dmitshur@, move them to their own block so they don't
conflict with changes in t...

Change-Id: I29cf70cab6b4c28891dce2a3ccf18b690ff568a0

Change-Id: I0f610a900fcd5575ca12b34bc74fa63c2146b10b

The typed arrays returned by TypedArrayOf were backed by WebAssembly
memory. They became invalid...

Utilize KDSA when available. This guarantees constant time operation on all three curves mention...

Replaces putUint{32,64} functions in crypto/sha* packages with the
equivalent functions encoding...

To a fifth reading of the relevant docs, it looks like

1) a constraint dictionary with no polic...

Note how untrustedData is never NULL, so loadSystemRoots was checking
the wrong thing.

Also, re...

CFDictionaryGetValueIfPresent does not take ownership of the value, so
releasing the properties ...

Shorten some of the longest tests that run during all.bash.
Removes 7r 50u 21s from all.bash.

A...

Gerrit is complaining about pushes that affect these files
and forcing people to use -o nokeyche...

In TLS 1.3 session tickets are delivered after the handshake, and it
looks like now the Google s...

Support for Ed25519 certificates was added in CL 175478, this wires them
up into the TLS stack a...

Based on RFC 8410.

Updates #25355

Change-Id: If7abb7eeb0ede10a9bb3d2004f2116e587c6207a
Reviewe...

Working toward making the tree vet-safe instead of having
so many exceptions in cmd/vet/all/whit...

Change-Id: I8563a20a4ba43cee7d4b73377c405a6ff12636e5
GitHub-Last-Rev: 0dae408845c7cf42667a65fff6...

The crypto/tls and crypto/x509 APIs leak PublicKey and PrivateKey types,
so in order to add supp...

Most changes are removing redundant declaration of type when direct
instantiating value of map o...

Updates #31812

Change-Id: Id9898f89205c116009e25033afb5b9026594e80f
Reviewed-on: https://go-rev...

I recently modified tabwriter to reduce the number of defers due to
flush calls. However, I forg...

The CBC mode ciphers in TLS are a disaster. By ordering authentication
and encryption wrong, the...

Per https://golang.org/wiki/Spelling and CL 33017.

Change-Id: Ia813a81d25603883114c4e4b6997eb56...

Improves readability of the generic implementation.

Updates #31456.

Benchmarks (i7-4980HQ CPU)...

This makes code more readable and idiomatic and slightly increase performance.

Updates #31456

...

This makes code more idiomatic and shows small performance gains of generic benchmarks.

Updates...

Change-Id: I209b75dc8dc4da881b68e5c5d98cbf08c1032dfc
Reviewed-on: https://go-review.googlesource...

Assembly files with "/vendor/" or "testdata" in their paths were ignored.

Change-Id: I3882ff07e...

The certificates argument to verifyServerCertificate must contain
at least one certificate. Simp...

The first biggest offender was crypto/des.init at ~1%. It's
cryptographically broken and the ini...

Alpine Linux uses /etc/ssl/cert.pem as default ca-bundle which
is preinstalled since 3.7 and was...

Standard output is reserved for actual program output.
Debug print should be limited in general ...

This also updates the vendored-in versions of several packages: 'go
mod vendor' selects a consis...

It turns out not to be necessary. Russ expressed a preference for
avoiding module fetches over m...

Args were duplicated by a mistake. Found using static analysis tools.

Change-Id: I2f61e09844bc4...

Updates #30228
Updates #30240
Updates #30241

Change-Id: Idc311ba77e99909318b5b86f8ef82d4878f73e...

This CL changes the internal/cpu API to more closely match the
public version in x/sys/cpu (adde...

Change-Id: I50668a4c943ecab91b2b33370f6cfb3784afafd1
GitHub-Last-Rev: c8223adfc8b7d3fc712089bb9c...

This effectively reverts the golang.org/cl/161699 merge.

Change-Id: I7c982a97f3ae0015e2e148d483...