The go/build package already recognizes
system-specific file names like
mycode_darwin.go
mycode_darwin_386.go
mycode_386.s
However, it is also common to write files that
apply to multiple architectures, so a recent CL added
to go/build the ability to process comments
listing a set of conditions for building. For example:
// +build darwin freebsd openbsd/386
says that this file should be compiled only on
OS X, FreeBSD, or 32-bit x86 OpenBSD systems.
These conventions are not yet documented
(hence this long CL description).
This CL adds build comments to the multi-system
files in the core library, a step toward making it
possible to use go/build to build them.
With this change go/build can handle crypto/rand,
exec, net, path/filepath, os/user, and time.
os and syscall need additional adjustments.
R=golang-dev, r, gri, r, gustavo
CC=golang-dev
https://golang.org/cl/5011046
It would be nice not to have to support this since all the clients
that we care about support TLSv1 by now. However, due to buggy
implementations of SSLv3 on the Internet which can't do version
negotiation correctly, browsers will sometimes switch to SSLv3. Since
there's no good way for a browser tell a network problem from a buggy
server, this downgrade can occur even if the server in question is
actually working correctly.
So we need to support SSLv3 for robustness :(
Fixes#1703.
R=bradfitz
CC=golang-dev
https://golang.org/cl/5018045
Weekday is redundant information for a Time structure.
When parsing a time with a weekday specified, it can create an
incorrect Time value.
When parsing a time without a weekday specified, people
expect the weekday to be set.
Fix all three problems by computing the weekday on demand.
This is hard to gofix, since we must change the type of the node.
Since uses are rare and existing code will be caught by the compiler,
there is no gofix module here.
Fixes#2245.
R=golang-dev, bradfitz, rsc
CC=golang-dev
https://golang.org/cl/4974077
It's possible to include a self-signed root certificate as an
intermediate and push Verify into a loop.
I already had a test for this so I thought that it was ok, but it
turns out that the test was void because the Verisign root certificate
doesn't contain the "IsCA" flag and so it wasn't an acceptable
intermediate certificate for that reason.
R=bradfitz
CC=golang-dev
https://golang.org/cl/4657080
In function readSignedMessage a pointer to for loop variable 'key' was incorrectly being assigned
to md.SignedBy. Changed so that md.SignedBy is pointing to the 'more correct' memory position.
R=golang-dev, r, agl
CC=golang-dev
https://golang.org/cl/4631088
This changes Signature so that parsed signatures can be reserialized
exactly. With this ability we can add Serialize to Entity and also the
ability to sign other public keys.
R=bradfitz
CC=golang-dev
https://golang.org/cl/4627084
Each package using struct field tags assumes that
it is the only package storing data in the tag.
This CL adds support in package reflect for sharing
tags between multiple packages. In this scheme, the
tags must be of the form
key:"value" key2:"value2"
(raw strings help when writing that tag in Go source).
reflect.StructField's Tag field now has type StructTag
(a string type), which has method Get(key string) string
that returns the associated value.
Clients of json and xml will need to be updated.
Code that says
type T struct {
X int "name"
}
should become
type T struct {
X int `json:"name"` // or `xml:"name"`
}
Use govet to identify struct tags that need to be changed
to use the new syntax.
R=r, r, dsymonds, bradfitz, kevlar, fvbommel, n13m3y3r
CC=golang-dev
https://golang.org/cl/4645069
Change the signature of Split to have no count,
assuming a full split, and rename the existing
Split with a count to SplitN.
Do the same to package bytes.
Add a gofix module.
R=adg, dsymonds, alex.brainman, rsc
CC=golang-dev
https://golang.org/cl/4661051
Documentation mentioned the obsolete package "crypto/block",
which has been replaced with "crypto/cipher".
R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/4654064
This is a core API change.
1) gofix misc src
2) Manual adjustments to the following files under src/pkg:
gob/decode.go
rpc/client.go
os/error.go
io/io.go
bufio/bufio.go
http/request.go
websocket/client.go
as well as:
src/cmd/gofix/testdata/*.go.in (reverted)
test/fixedbugs/bug243.go
3) Implemented gofix patch (oserrorstring.go) and test case (oserrorstring_test.go)
Compiles and runs all tests.
R=r, rsc, gri
CC=golang-dev
https://golang.org/cl/4607052
This change moves a number of common PKIX structures into
crypto/x509/pkix, from where x509, and ocsp can reference
them, saving duplication. It also removes x509/crl and merges it into
x509 and x509/pkix.
x509 is changed to take advantage of the big.Int support that now
exists in asn1. Because of this, the public/private key pair in
http/httptest/server.go had to be updated because it was serialised
with an old version of the code that didn't zero pad ASN.1 INTEGERs.
R=bradfitz, rsc
CC=golang-dev
https://golang.org/cl/4532115
This mostly adds the infrastructure for writing various forms of
packets as well as reading them. Adding symmetric encryption support
was simply an easy motivation.
There's also one brown-paper-bag fix in here. Previously I had the
conditional for the MDC hash check backwards: the code was checking
that the hash was *incorrect*. This was neatly counteracted by another
bug: it was hashing the ciphertext of the OCFB prefix, not the
plaintext.
R=bradfitz
CC=golang-dev
https://golang.org/cl/4564046
This change adds a function for generating new Entities and inchoate
support for reserialising Entities.
R=bradfitz, r, bradfitz
CC=golang-dev
https://golang.org/cl/4551044
crl parses CRLs and exposes their details. In the future, Verify
should be able to use this for revocation checking.
R=bradfitz
CC=golang-dev
https://golang.org/cl/4485045
I ran the new verification code against a large number of certificates
with a huge (>1000) number of intermediates.
I had previously convinced myself that a cycle in the certificate
graph implied a cycle in the hash graph (and thus, a contradiction).
This is bogus because the signatures don't cover each other.
Secondly, I managed to drive the verification into a time explosion
with a fully connected graph of certificates. The code would try to
walk the factorial number of paths.
This change switches the CertPool to dealing with indexes of
certificates rather than pointers: this makes equality easy. (I didn't
want to compare pointers because a reasonable gc could move objects
around over time.)
Secondly, verification now memorizes the chains from a given
certificate. This is dynamic programming for the lazy, but there's a
solid reason behind it: dynamic programming would ignore the Issuer
hints that we can exploit by walking up the chain rather than down.
R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4439070
The unexported version returns a sensible default when the user hasn't
set a value. The exported version crashes in that case.
R=bradfitzgo, rsc1
CC=golang-dev
https://golang.org/cl/4435070
With full multi-prime support we can support version 1 PKCS#1 private
keys. This means exporting all the members of rsa.PrivateKey, thus
making the API a little messy. However there has already been another
request to export this so it seems to be something that's needed.
Over time, rsa.GenerateMultiPrimeKey will replace rsa.GenerateKey, but
I need to work on the prime balance first because we're no longer
generating primes which are a multiples of 8 bits.
Fixes#987.
R=rsc
CC=golang-dev
https://golang.org/cl/4378046
* Accept armored private key blocks
* If an armored block is missing, return an InvalidArgumentError,
rather than ignoring it.
* If every key in a block is skipped due to being unsupported,
return the last unsupported error.
* Include the numeric type of unsupported public keys.
* Don't assume that the self-signature comes immediately after the
user id packet.
R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4434048
This pulls in changes that should have been in 3faf9d0c10c0, but
weren't because x509.go was part of another changelist.
TBR=bradfitzgo
R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4433056
People have a need to verify certificates in situations other than TLS
client handshaking. Thus this CL moves certificate verification into
x509 and expands its abilities.
R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4407046
