Improve error messages if ParsePKCS8PrivateKey/ParseECPrivateKey
/ParsePKCS1PrivateKey or ParseP...

Updates #30055

Change-Id: I3e79dd7592673c5d76568b0bcded6c391c3be6b3
Reviewed-on: https://go-rev...

In Go 1.13 we will enable RSA-PSS in TLS 1.2 at the same time as we make
TLS 1.3 enabled by defa...

Change-Id: If9332bae87449c94fc14710133614fcd84d2815c
Reviewed-on: https://go-review.googlesource...

Comparing err variable to be not nil is redundant in this case.
The code above ensures that it i...

Change-Id: I8ea3043fcbaf7a5f73b2a796171a7f1cb3cb3693
Reviewed-on: https://go-review.googlesource...

Nothing in Go can truly guarantee a key will be gone from memory (see
#21865), so remove that cl...

Change-Id: I6801676335924414ce50249df2b7bea08886b203
Reviewed-on: https://go-review.googlesource...

Change-Id: I9246c8228d38559c40e69fa403fa946ac1b31dbe

Most of the issues that led to the decision on #30055 were related to
incompatibility with or fa...

Updates #30055

Change-Id: If68615c8e9daa4226125dcc6a6866f29f3cfeef1
Reviewed-on: https://go-rev...

If a certificate somehow has an AKID, it should still chain successfully
to a parent without a S...

Change-Id: If3bab2dd5278ebc621235164e9d6ff710ba326ee
Reviewed-on: https://go-review.googlesource...

Change-Id: Ib0a0d04aaaaa3c213fdb8646bd9b7dfdadae40d4
Reviewed-on: https://go-review.googlesource...

If beta8 is unusually large, the addition loop might take a very long
time to bring x3-beta8 bac...

ConstantTimeCompare is fairly useless if you can't rely on it being zero
when the slices are dif...

Fixes #29779

Change-Id: I7eb8b4db187597e07d8ec7d3ff651f008e2ca433
Reviewed-on: https://go-revie...

Fixes #29349

Change-Id: Iec16eb2b20b43250249ec85c3d78fd64d1b6e3f3
Reviewed-on: https://go-revie...

Fixes #29545

Change-Id: Ida98c23b8fc5c676d8bf0b3daad8320e495ebf64
GitHub-Last-Rev: d38e8a90c75f...

Fixes #29543

Change-Id: Ib7f3c32cc1e57c583ee52c486673a5b9568c2df8
GitHub-Last-Rev: 0cb3dc536245...

The no-cgo validation hack lets in certificates from the root store that
are not marked as roots...

On macOS 10.11, but not 10.10 and 10.12, the C API returns 5 old root
CAs which are not in Syste...

Fixes #29541

Change-Id: I006915b020b6e710298c32c05e3de77a7f9b54f3
GitHub-Last-Rev: c7a90a4bbe17...

Fixes #29517

Change-Id: I7e741d82bb9f8e6ab39b6d9ab37ba6163176a097
GitHub-Last-Rev: 764d0bd9579c...

That number grows quadratically with the number of intermediate
certificates in certain patholog...

Change-Id: I34877ac1d6d7fe9ffa7eabe46b4032af84d33794
Reviewed-on: https://go-review.googlesource...

After CL 128056 the build fails on darwin/386 with

src/crypto/x509/root_cgo_darwin.go:218:55:...

Now that the cgo and no-cgo paths should be correct and equivalent,
re-enable the TestSystemRoot...

Certificates without any trust settings might still be in the keychain
(for example if they used...

The cgo path was not taking policies into account, using the last
security setting in the array ...

In the s390x assembly implementation of NIST P-256 curve, utilize faster multiply/square
instruc...

Follow-up for CL 147037 and after Brad noticed the "returns whether"
pattern during the review o...

Fixes #28960

Change-Id: I0d049d4776dc42ef165a1da15f63de08677fbb85
Reviewed-on: https://go-revie...

signatureSchemesForCertificate was written to be used with TLS 1.3, but
ended up used for TLS 1....

Packages in vendor/ directories have a "vendor/" path prefix in GOPATH
mode, but intentionally d...

Since they are sent after the handshake in TLS 1.3, the client was not
actually consuming them, ...

UserHomeDir used to return an empty string if the corresponding
environment variable was not set...

Procedure names should reflect what they do; function names
should reflect what they return. Fun...

Change-Id: I32b3e29a3e34f20cccc51666905fd36744ef00b2
Reviewed-on: https://go-review.googlesource...

Change-Id: I429a190472368dd88a2bf2f1be5adefa459d3087

Change-Id: I81b64fe503bf07b4d7bd823286b83e663b5c0f76

Change-Id: If37221a68951890d817a85b68bd4a35903a36ceb

Change-Id: I78c733872cb99657ebe5c48fe0ea6b316a4b5380

Change-Id: Ia068dac1677bfc44c41e35d1f46e6499911cfae0

Change-Id: I64346fbdbee03e28297ec202d5c8292d7fd60c2c

Merge at CL 144340, in order to cherry-pick CL 149459 next to it, which
fixes a BoringCrypto spe...

Change-Id: Ice4172e2058a45b1a24da561fd420244ab2a97bd

The Config does not own the memory pointed to by the Certificate slice.
Instead, opportunistical...

To disable TLS 1.3, simply remove VersionTLS13 from supportedVersions,
as tested by TestEscapeRo...

Fix a couple overlooked ConnectionState fields noticed by net/http
tests, and add a test in cryp...

TLS_FALLBACK_SCSV is extremely fragile in the presence of sparse
supported_version, but gave it ...

Note that the SignatureSchemes passed to GetClientCertificate in TLS 1.2
are now filtered by the...

Added some assertions to testHandshake, but avoided checking the error
of one of the Close() bec...

Also check original certificate validity when resuming TLS 1.0–1.2. Will
refuse to resume a sess...

Looks like the introduction of CCS records in the client second flight
gave time to s_server to ...

Since TLS 1.3 delivers handshake messages (including KeyUpdate) after
the handshake, the want ar...

Also, add support for the SSLKEYLOGFILE environment variable to the
tests, to simplify debugging...

This handles a TODO in the md5block_ppc64le.s file to
make use of byte reverse loads so the func...

Now, this is embarrassing. While preparing CL 142818, I noticed a
possible vulnerability in the ...

Go documentation style for boolean funcs is to say:

// Foo reports whether ...
func Foo...

Implement a basic TLS 1.3 server handshake, only enabled if explicitly
requested with MaxVersion...

Implement a basic TLS 1.3 client handshake, only enabled if explicitly
requested with MaxVersion...

crypto/x509 already supports PSS signatures (with rsaEncryption OID),
and crypto/tls support was...

RFC 8446 recommends using the supported_versions extension to negotiate
lower versions as well, ...

Note that there is significant code duplication due to extensions with
the same format appearing...

Vendors golang.org/x/crypto/hkdf at e84da0312774c21d64ee2317962ef669b27ffb41

Updates #9671

Cha...

Updates #9671

Change-Id: I1ea7b724975c0841d01f4536eebb23956b30d5ea
Reviewed-on: https://go-revi...

Updates #9671

Change-Id: Ia68224aca866dc3c98af1fccbe56bfb3f22da9f6
Reviewed-on: https://go-revi...

This change uses library functions such as bits.RotateLeft32 to
reduce the amount of code needed...

This change adds asm implementations of xorBytes for ppc64x that
takes advantage of VSX register...

I am working on a TLS server program, which issues new TLS certificates
on demand. The new certi...

cpu: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz

Benchmark: xor

name old time/...

Updates #9679

Change-Id: I53412cf0142364de5f76e8affc15d607bfa2ad23
Reviewed-on: https://go-revi...

This change will aid users to make less mistakes where you, for example, define both HTTP/1.1 an...

Updates #28269

Change-Id: Iae765f85e6ae49f4b581161ed489b2f5ee27cdba
Reviewed-on: https://go-rev...

As a first round, rewrite those handshake message types which can be
reused in TLS 1.3 with gola...

The arm5 and mips builders are can't-send-a-packet-to-localhost-in-1s
slow apparently. 1m is les...

Change-Id: Ia661c871e14445672b7d36a443455302e47cc2a1

The equal methods were only there for testing, and I remember regularly
getting them wrong while...

If something causes the recorded tests to deviate from the expected
flows, they might wait forev...

This adds a crypto/tls.RecordHeaderError.Conn field containing the TLS
underlying net.Conn for n...

The crypto/tls record layer used a custom buffer implementation with its
own semantics, freelist...

crypto/tls is meant to work over network connections with buffering, not
synchronous connections...

Use the format "RFC XXXX, Section X.X" (or "Appendix Y.X") as it fits
more properly in prose tha...

Change-Id: I8cc4b5efe798e74b6daabd64fc2dd5486dcb7c5e
GitHub-Last-Rev: 694509e33df7c5729ec0bf7b05...

Change-Id: I218ba1b89a2df6e4335c6a5846889d9a04affe5d

This commit adds AIX operating system to crypto package for ppc64
architecture.

Updates: #25893...

According to https://tools.ietf.org/html/rfc6962#section-3.3, the SCT
must be at least one byte ...

Change-Id: Ic7fce53c6264107c15b127d9c9ca0bec11a888ff
Reviewed-on: https://go-review.googlesource...

As pointed out in https://github.com/golang/go/issues/26463,
HOME (or equivalent) environment va...

Fixes #22614

Change-Id: I220afbaaeab4dec6d59eeeef12107234a77f1587
Reviewed-on: https://go-revie...

Don't worry, this patch just remove trailing whitespace from
assembly files, and does not touch ...

A simple grep over the codebase for "the the" which is often
missed by humans.

Change-Id: Ie4b4...

I omitted vendor directories and anything necessary for bootstrapping.
(Tested by bootstrapping ...

Some parallelizable cipher modes may achieve peak performance for larger
block sizes. For this r...

name old time/op new time/op delta
AESGCMSeal1K-8 668ns ± 1% 643ns ± 1%...

At least one popular service puts a hostname which contains a ":"
in the Common Name field. On t...

Change-Id: Ia8ddd4e52dcfe87f9daef2edd37c8155fcae7f5a

The words 'the returned' were changed to 'a returned' in
8201b92aae7ba51ed2e2645c1f7815bfe845db7...

The sentence in the docs for SystemCertPool that states that mutations
to a returned pool do not...