Change-Id: Iadb3c5de8ae9ea45855013997ed70f7929a88661
GitHub-Last-Rev: ae85bcf82be8fee533e2b9901c...

The unexported field is hidden from reflect based marshalers, which
would break otherwise. Also,...

Since the 12.x branch, the getrandom syscall had been introduced
with similar interface as Linux...

This CL removes the RC4 assembler implementations.
RC4 is broken and should not be used for encr...

Use the binary.{Big,Little}Endian integer encoding methods rather
than unsafe or local implement...

Avoid using package specific variables when there is a one to one
correspondance to cpu feature ...

In CL 48510 the gcmAble interface was changed to include the tag size.
The BoringCrypto aesCiphe...

Change-Id: I4063d5ec4ac45561b94472b528583be564981912
Reviewed-on: https://go-review.googlesource...

cgo and non-cgo code paths can disagree
on the number of root certificates:
=== RUN TestSystem...

The existing implementation of TLS connection has a deadlock. It occurs
when client connects to ...

Use the dedicated AES* and PMULL* instructions to accelerate AES-GCM

name old time...

This patch ports the existing optimized P256 implementation to arm64.

name old time/...

When x509ignoreCN=1 is present in GODEBUG, ignore the deprecated Common
Name field. This will le...

The Common Name is used as a hostname when there are no Subject
Alternative Names, but it is not...

Also, remove some test code that was trying to work on XP and fix up
some comments referencing X...

Add a couple of skips for slow js/wasm tests.

Change-Id: Ic95256b1d3c6e5e2f0cc536fad51e914d31cda9e

Now that pkix.Name offers String() we should use that as some CN's are blank.

Updates #24084

C...

This reverts commit 0246915fbfcc41870173b7f016dc7fa9437bbc13.

Reason for revert: Broke darwin/a...

This adds support for RSASSA-PSS signatures in handshake messages as
required by TLS 1.3. Even i...

The new function js.TypedArrayOf returns a JavaScript typed array for
a given slice.
https://dev...

This patch ports the existing optimized P256 implementation to arm64.

name old time/...

This is so the values can not be changed and the type is easy to see.

Requested on https://go-r...

ServerKeyExchange and CertificateVerify can share the same logic for
picking a signature algorit...

Updates #25959

Change-Id: I9ae64b216ab5807718db0db98b32de1dc5fa4bec
Reviewed-on: https://go-rev...

Normalized all panic checks and added inexact aliasing panics across
Stream, Block, BlockMode an...

It was apparently waiting on CL 36942, which was submitted.

Fixes #21416

Change-Id: I8f4ccc5a3...

Now that the standard library behavior in reading from the randomness
source is not reliable tha...

Hardware AES support in Go on s390x currently requires ECB, CBC
and CTR modes be available. It a...

Conflicts due to randutil.MaybeReadByte (kept at the top for patch
maintainability and consisten...

Users are sometimes confused why session tickets are not enabled even if
SessionTicketsDisabled ...

Code has ended up depending on things like RSA's key generation being
deterministic given a fixe...

This function was added during the Go 1.11 dev cycle and isn't part of
the API compatibility pro...

SecKeychainItemExport is deprecated as of macOS 10.7. The minimum
supported version is macOS 10....

Each URL was manually verified to ensure it did not serve up incorrect
content.

Change-Id: I4dc...

Updates #23122

Change-Id: I4c12ec5cb1a1f15d7858f3deab636710c0660e26
Reviewed-on: https://go-rev...

This patch used to be in crypto/internal/cipherhw.AESGCMSupport which
was removed from the tree....

* Fix typos in the comments in the assembly code for the crypto package.

Change-Id: Iac146a7d8b...

Conflicts due to crypto/internal/cipherhw removal:
src/crypto/aes/cipher_amd64.go
src/crypto/i...

When the internal/cpu package was introduced, the AES package still used
the custom crypto/inter...

The added fields are used in buildExtensions so
should be documented too.

Fixes #21363

Change-...

It's easier to skim a list of items visually when the
items are each on a separate line. Separat...

This change brings back the EKU checking from 1.9. In 1.10, we checked
EKU nesting independent o...

http://golang.org/cl/108996 removed the local modInverse and its call in
decrypt in favor of (*b...

Conflicts due to simple variable renames (d <-> d0):
src/crypto/sha1/sha1.go
src/crypto/...

CL 74410 added rules to combine consecutive byte loads and
stores when the byte order was little...

This commit adds the js/wasm architecture to the crypto packages.

Updates #18892

Change-Id: Id...

Currently, the behavior of z.ModInverse(g, n) is undefined
when g and n are not relatively prime...

I was confused about how to start an HTTP server if the server
cert/key are in memory, not on di...

Current optab entries are unordered, because the new instructions
are added at the end of the op...

Fixes go lint warning.

Change-Id: I5a7485a4c8316b81e6aa50b95fe75e424f2fcedc
Reviewed-on: https:...

Fixes go lint warning.

Change-Id: I63950e7c70bf431e88a04f32befd50be9beacadf
Reviewed-on: https:...

Fixes go lint warning.

Change-Id: I2d73208c6841f35d7a21a1fb4cfafbbd4250228f
Reviewed-on: https:...

Some syscall structures used by crypto/x509 have uintptr
fields that store pointers. These point...

If there are no certs, return an empty pool, not nil.

Fixes #21405

Change-Id: Ib4ac9d5c4a8cef8...

Minor modifications to the optimized amd64 implememntation.

* Reduce window size: reduces size ...

Change-Id: Ic507cb740395e76d1d011a5a2f395b96c3d172a2
Reviewed-on: https://go-review.googlesource...

The go/printer (and thus gofmt) uses a heuristic to determine
whether to break alignment between...

If in.Mutex is never locked by Handshake when c.handshakeComplete is
true, and since c.handshake...

Provide the fixed size from the key pair.

Change-Id: I365c8d0f7d915229ef089e46458d4c83273fc648
...

This change improves the performance of the block
function used within crypto/md5 on arm64. The...

When parsing an ECDSA certificate, improve the error message upon
failing to parse the curve as ...

parsePrivateKey can't return useful error messages because it does trial
decoding of multiple fo...

Fixes #24540

Change-Id: I65e9f2f99403e22d25ea64cc26701bf62a31d070
Reviewed-on: https://go-revie...

The documentation was unclear here and I misremembered the behaviour and
changed it in 1.10: it ...

The compiler can't currently figure out that it can eliminate both c.s
loads (using store to loa...

I don't know if I got lost in the old PKCS documents, or whether this is
a case where reality di...

This change implement keying material export as described in:

https://tools.ietf.org/html/rfc57...

It serialises optional parameters as empty rather than NULL. It's
probably technically correct, ...

Fixes #24425

Change-Id: I2aacbced8cd14da67fe9a4cbd62b434c18b5fce2
Reviewed-on: https://go-revie...

Fixes #24413.

Change-Id: I265088c9ddc624cb3b3132087cc3d4baf95d2777
Reviewed-on: https://go-revi...

I found files to change with this command:

git grep 'DO NOT EDIT' | grep -v 'Code generated...

This patch makes use of arm64 AES instructions to accelerate AES computation
and only supports o...

Replace BYTE.. encodings with asm. This is possible due to asm
implementing more instructions an...

Go 1.10 requires that SANs in certificates are valid. However, a
non-trivial number of (generall...

There are, sadly, many exceptions to EKU checking to reflect mistakes
that CAs have made in prac...

Similar to https://golang.org/cl/54391, but for sha512
name old time/op new time/op ...

Similar to https://golang.org/cl/54391, but for sha256
name old time/op new time/op ...

GitHub-Last-Rev: 468df242d07419c228656985702325aa78952d99
GitHub-Pull-Request: golang/go#23935
C...

GCM allows using tag sizes smaller than the block size. This adds a
NewGCMWithNonceAndTagSize fu...

Fixes #23736

Change-Id: I850d91a512394c4292927d51c475064bfa4e3053
Reviewed-on: https://go-revie...

iana.org, www.iana.org and data.iana.org all present a valid TLS
certificate, so let's use it wh...

I don't expect these to hit often, but we should still alert users if
we fail to write the corre...

This change expands the documentation for Verify to mention the name
constraints and EKU behavio...

Previously we would only extract a single URL from a given CRLDP, but
https://tools.ietf.org/htm...

and that they are covered by the CRYPTOGAMS license.

Fixes #22637

Change-Id: I75b8e08d3a8b569e...

Apple changed the format of its support page, so we need to
restructure the HTML parser. The HTM...

Follows the wording in RFC4366 more precisely which allows a server
to optionally return a "cert...

Change-Id: I3ff478912a5a178492d544d2f4ee9cc7570d9acc
Reviewed-on: https://go-review.googlesource...

The current implementation ignores certs wherein the
Subject does not match the Issuer. An examp...

Go 1.10 expects hash.Hash implementations to have these. Make it so.

Tested by src/hash/marshal...

This merge picks up the new marshal tests in package hash.

Change-Id: I50136ad4953c64d776d28f13...

There are some basic tests in the packages implementing the hashes,
but this one is meant to be ...

This is a git merge of master into dev.boringcrypto.

The branch was previously based on release...

String method comments should explain what they do,
not that they are attempting to implement fm...

Go 1.10 is adding new API MarshalPKCS1PublicKey and
ParsePKCS1PublicKey for converting rsa.Publi...

This is inspired by
https://blog.cloudflare.com/go-dont-collect-my-garbage/
This CL adds allocat...

Fixes #21029

Change-Id: I308e2a2977870d8554a629f8ce38876598dba2a8
Reviewed-on: https://go-revie...

Fixes #21593

Change-Id: I5d6c644ed1d60ae4610712155bae5cf13ee1f886
Reviewed-on: https://go-revie...

Change-Id: I695e804ad8bbb6d90a28108bcf8623fc2bfab659

Some C types are declared as pointers, but C code
stores non-pointers in them. When the Go garb...