1
0
mirror of https://github.com/golang/go synced 2024-11-13 20:20:30 -07:00
Commit Graph

390 Commits

Author SHA1 Message Date
Marvin Stenger
f22ba1f247 all: prefer strings.IndexByte over strings.Index
strings.IndexByte was introduced in go1.2 and it can be used
effectively wherever the second argument to strings.Index is
exactly one byte long.

This avoids generating unnecessary string symbols and saves
a few calls to strings.Index.

Change-Id: I1ab5edb7c4ee9058084cfa57cbcc267c2597e793
Reviewed-on: https://go-review.googlesource.com/65930
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-09-25 17:35:41 +00:00
Michael Munday
28aaa0bd1b crypto/elliptic: gofmt
Change-Id: Ia4b49736d3b33cddf58905c6b19febbca45b2ad2
Reviewed-on: https://go-review.googlesource.com/64270
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-09-22 11:43:45 +00:00
Kunpei Sakai
5a986eca86 all: fix article typos
a -> an

Change-Id: I7362bdc199e83073a712be657f5d9ba16df3077e
Reviewed-on: https://go-review.googlesource.com/63850
Reviewed-by: Rob Pike <r@golang.org>
2017-09-15 02:39:16 +00:00
Ilya Tocar
80b2ae5878 crypto: simplify amd64 asm for sha{1,256,512} a bit
Use constants directly, instead of loading address to e. g. AX
and using (AX). Shouldn't affect performance, but makes code a bit
nicer.

Change-Id: Ifa138e54d3d2b2f4ad71e4ef4b9368ea79eb30f4
Reviewed-on: https://go-review.googlesource.com/62010
Reviewed-by: Adam Langley <agl@golang.org>
2017-09-12 18:06:37 +00:00
Ilya Tocar
dc3b8a193c crypto/sha1: speed up sha1 for very small blocks
For very small blocks significant time is spent in checkSum function,
adding necessary padding. Instead of writing it byte by byte, copy
encoding/binary PutUint functions, which are compiled into single mov.

name            old time/op    new time/op    delta
Hash8Bytes-6       344ns ± 0%     310ns ± 0%   -9.78%  (p=0.000 n=10+9)
Hash320Bytes-6    1.28µs ± 0%    1.25µs ± 0%   -2.58%  (p=0.000 n=10+10)
Hash1K-6          2.51µs ± 0%    2.47µs ± 0%   -1.67%  (p=0.000 n=10+10)
Hash8K-6          15.8µs ± 0%    15.7µs ± 1%   -0.21%  (p=0.023 n=10+10)

name            old speed      new speed      delta
Hash8Bytes-6    23.2MB/s ± 0%  25.7MB/s ± 0%  +10.77%  (p=0.000 n=10+9)
Hash320Bytes-6   249MB/s ± 0%   256MB/s ± 0%   +2.65%  (p=0.000 n=10+10)
Hash1K-6         408MB/s ± 0%   414MB/s ± 0%   +1.70%  (p=0.000 n=10+10)

Change-Id: I3975ee929465c7dd137d0ca757ad3792a004e1a3
Reviewed-on: https://go-review.googlesource.com/54391
Run-TryBot: Ilya Tocar <ilya.tocar@intel.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Giovanni Bajo <rasky@develer.com>
Reviewed-by: Filippo Valsorda <hi@filippo.io>
2017-09-11 21:17:07 +00:00
Adam Langley
2d69e9e259 crypto/elliptic: fix incomplete addition used in CombinedMult.
The optimised P-256 includes a CombinedMult function, which doesn't do
dual-scalar multiplication, but does avoid an affine conversion for
ECDSA verification.

However, it currently uses an assembly point addition function that
doesn't handle exceptional cases.

Fixes #20215.

Change-Id: I4ba2ca1a546d883364a9bb6bf0bdbc7f7b44c94a
Reviewed-on: https://go-review.googlesource.com/42611
Run-TryBot: Adam Langley <agl@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
2017-09-11 18:44:58 +00:00
Michael Munday
818353022e crypto/elliptic: temporarily disable s390x assembly
This disables the s390x assembly. It will be re-enabled when #20215
is resolved on s390x.

Change-Id: I789eca2dd478004956107359fae98ed012f04abb
Reviewed-on: https://go-review.googlesource.com/62292
Run-TryBot: Michael Munday <mike.munday@ibm.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-09-11 17:26:17 +00:00
Adam Langley
4933da68b5 crypto/x509: store names in signatureAlgorithmDetails.
There is already a table of signature algorithm details so the code
should use it for the name too. This avoids mismatches.

Change-Id: I0d4befbae721ec43db9f87cd93173ec12749e4c8
Reviewed-on: https://go-review.googlesource.com/57210
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2017-09-09 19:36:51 +00:00
Adam Langley
083ad28622 crypto/x509: get hash information from signatureAlgorithmDetails and check that it matches
signatureAlgorithmDetails already knows the hash function for each
signature algorithm so there's no point in duplicating that. Also, check
that the public key type of the signature algorithm actually matches the
given public key.

Change-Id: I7aab4ea71691fb815d67ba790b721ce02de11b85
Reviewed-on: https://go-review.googlesource.com/57211
Reviewed-by: Adam Langley <agl@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2017-09-09 19:36:07 +00:00
EKR
0f9a2cf2c4 crypto/tls: fix clientHelloMsg fuzzer not to generate the RI SCSV
It was causing mysterious fuzzing failure because it affects the
unmarshaling of the secureNegotiationSupported field.

Change-Id: Id396b84eab90a3b22fb6e306b10bdd7e39707012
Reviewed-on: https://go-review.googlesource.com/60912
Run-TryBot: Filippo Valsorda <hi@filippo.io>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
2017-09-09 19:24:12 +00:00
Filippo Valsorda
e7d46cee2f crypto/tls: fix and expand TestVerifyPeerCertificate and TestGetClientCertificate
TestGetClientCertificate had disabled verification, and was only passing
because it was mistakenly checking for empty verifiedChains.

Change-Id: Iea0ddbdbbdf8ac34b499569820a2e4ce543a69c7
Reviewed-on: https://go-review.googlesource.com/47430
Run-TryBot: Filippo Valsorda <hi@filippo.io>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
2017-09-09 19:23:45 +00:00
Joe Kyo
16edf0b1f7 crypto/cipher: panic when IV length does not equal block size in NewOFB
Functions like NewCBCDecrypter, NewCBCEncrypter, NewCFBDecrypter,
NewCFBEncrypter and NewCTR all panic when IV length does not equal block size.
This commit changes NewOFB to panic too, instead of returning nil silently.

Change-Id: Ic4d3ebfad79bb0cf4759fa1c1a400c1a8d043490
Reviewed-on: https://go-review.googlesource.com/61850
Reviewed-by: Filippo Valsorda <hi@filippo.io>
Run-TryBot: Filippo Valsorda <hi@filippo.io>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-09-06 14:53:44 +00:00
Filippo Valsorda
44e86bef06 crypto/cipher: extend the docs of BlockMode and Stream
Change-Id: Iebb5b67c8defec22edd482d587edaf399a7ba82a
Reviewed-on: https://go-review.googlesource.com/37418
Reviewed-by: Adam Langley <agl@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-09-01 00:13:43 +00:00
Daniel Martí
fbc8973a6b all: join some chained ifs to unindent code
Found with mvdan.cc/unindent. It skipped the cases where parentheses
would need to be added, where comments would have to be moved elsewhere,
or where actions and simple logic would mix.

One of them was of the form "err != nil && err == io.EOF", so the first
part was removed.

Change-Id: Ie504c2b03a2c87d10ecbca1b9270069be1171b91
Reviewed-on: https://go-review.googlesource.com/57690
Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-08-29 20:57:41 +00:00
Ulrich Kunitz
eb07028289 crypto/rsa: fix URL for the PKCS #1 v2.2 document in pss.go
The PKCS #1 v2.2 document has been moved to an EMC
website with a new URL. This CL updates the reference to the document to
the new URL.

The new URL is referenced under https://en.wikipedia.org/wiki/PKCS_1

Fixes #21642

Change-Id: Ib8738b0c4c3bb9ec427bebea20c4aacd607ba0db
Reviewed-on: https://go-review.googlesource.com/59351
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-08-28 05:26:59 +00:00
Artyom Pervukhin
85deaf6077 crypto/tls: fix docstring of Config.ClientSessionCache
Closes #21519

Change-Id: I1247e9435de93aae7e4db2b6e8e5be1b010c296b
Reviewed-on: https://go-review.googlesource.com/56832
Reviewed-by: Avelino <t@avelino.xxx>
Reviewed-by: Adam Langley <agl@golang.org>
2017-08-25 22:37:26 +00:00
Martin Möhrmann
0fb0f575bc crypto/x509: skip TestSystemRoots
golang.org/cl/36941 enabled loading of all trusted certs on darwin
for the non-cgo execSecurityRoots.

The corresponding cgo version golang.org/cl/36942 for systemRootsPool
has not been merged yet.

This tests fails reliably on some darwin systems:
--- FAIL: TestSystemRoots (1.28s)
        root_darwin_test.go:31:     cgo sys roots: 353.552363ms
        root_darwin_test.go:32: non-cgo sys roots: 921.85297ms
        root_darwin_test.go:44: got 169 roots
        root_darwin_test.go:44: got 455 roots
        root_darwin_test.go:73: insufficient overlap between cgo and non-cgo roots; want at least 227, have 168
FAIL
FAIL    crypto/x509     2.445s

Updates #16532
Updates #21416

Change-Id: I52c2c847651fb3621fdb6ab858ebe8e28894c201
Reviewed-on: https://go-review.googlesource.com/57830
Run-TryBot: Martin Möhrmann <moehrmann@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com>
2017-08-22 19:54:08 +00:00
Vlad Krasnov
b2174a16c0 crypto/aes: make the GHASH part of AES-GCM faster
By processing 8 blocks in parallel GHASH achieves higher throughput on amd64

Results on Skylake i7:

benchmark                   old ns/op     new ns/op     delta
BenchmarkAESGCMSeal1K-8     316           314           -0.63%
BenchmarkAESGCMOpen1K-8     282           281           -0.35%
BenchmarkAESGCMSign8K-8     5611          1099          -80.41%
BenchmarkAESGCMSeal8K-8     1869          1922          +2.84%
BenchmarkAESGCMOpen8K-8     1718          1724          +0.35%

benchmark                   old MB/s     new MB/s     speedup
BenchmarkAESGCMSeal1K-8     3237.10      3260.94      1.01x
BenchmarkAESGCMOpen1K-8     3629.74      3638.10      1.00x
BenchmarkAESGCMSign8K-8     1459.82      7452.99      5.11x
BenchmarkAESGCMSeal8K-8     4382.45      4260.93      0.97x
BenchmarkAESGCMOpen8K-8     4766.41      4750.54      1.00x

Change-Id: I479f2a791a968caa1c516115b0b6b96a791a20d2
Reviewed-on: https://go-review.googlesource.com/57150
Reviewed-by: Adam Langley <agl@golang.org>
2017-08-18 21:40:57 +00:00
Filippo Valsorda
4a5f85babb crypto/tls: disallow handshake messages fragmented across CCS
Detected by BoGo test FragmentAcrossChangeCipherSpec-Server-Packed.

Change-Id: I9a76697b9cdeb010642766041971de5c7e533481
Reviewed-on: https://go-review.googlesource.com/48811
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
2017-08-15 18:45:06 +00:00
Martins Sipenko
34920b8713 crypto/x509: add PublicKeyAlgorithm.String()
Change-Id: I77d9c77875519d77bac49cc8870c2e0c4563fe55
Reviewed-on: https://go-review.googlesource.com/44313
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
2017-08-15 18:44:54 +00:00
Filippo Valsorda
b3465646ff crypto/tls: add BenchmarkHandshakeServer
name                                       time/op
HandshakeServer/RSA-4                      1.10ms ± 0%
HandshakeServer/ECDHE-P256-RSA-4           1.23ms ± 1%
HandshakeServer/ECDHE-P256-ECDSA-P256-4     178µs ± 1%
HandshakeServer/ECDHE-X25519-ECDSA-P256-4   180µs ± 2%
HandshakeServer/ECDHE-P521-ECDSA-P521-4    19.8ms ± 1%

Change-Id: I6b2c79392995d259cfdfc5199be44cc7cc40e155
Reviewed-on: https://go-review.googlesource.com/44730
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
2017-08-15 18:44:38 +00:00
Andreas Auernhammer
d38d357c78 crypto/tls: don't check whether an ec point is on a curve twice
The processClientKeyExchange and processServerKeyExchange functions unmarshal an
encoded EC point and explicitly check whether the point is on the curve. The explicit
check can be omitted because elliptic.Unmarshal fails if the point is not on the curve
and the returned error would always be the same.

Fixes #20496

Change-Id: I5231a655eace79acee2737dd036a0c255ed42dbb
Reviewed-on: https://go-review.googlesource.com/44311
Reviewed-by: Adam Langley <agl@golang.org>
Reviewed-by: Avelino <t@avelino.xxx>
Run-TryBot: Adam Langley <agl@golang.org>
2017-08-15 18:44:20 +00:00
James Hartig
0a1a65c9ce crypto/x509: add MarshalPKCS8PrivateKey
asn1.NullRawValue was used according to RFC 3279 2.2.1. Without this tag,
the output didn't match openssl.

Fixes #19972

Change-Id: Ia52ddb810888837f913dbd65c4e1328f6c8084bb
Reviewed-on: https://go-review.googlesource.com/40730
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
2017-08-15 18:43:32 +00:00
Sergey Frolov
e085a891f0 crypto/tls: split clientHandshake into multiple methods
Change-Id: I23bfaa7e03a21aad4e85baa3bf52bb00c09b75d0
Reviewed-on: https://go-review.googlesource.com/44354
Reviewed-by: Adam Langley <agl@golang.org>
2017-08-09 22:24:19 +00:00
Michael McLoughlin
d401c427b2 crypto/rand: batch large calls to linux getrandom
The linux getrandom system call returns at most 33554431 = 2^25-1 bytes per
call. The existing behavior for larger reads is to report a failure, because
there appears to have been an unexpected short read. In this case the system
falls back to reading from "/dev/urandom".

This change performs reads of 2^25 bytes or more with multiple calls to
getrandom.

Fixes #20877

Change-Id: I618855bdedafd86cd11219fe453af1d6fa2c88a7
Reviewed-on: https://go-review.googlesource.com/49170
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-08-09 19:29:14 +00:00
Brian Kessler
60b9ae4cf3 crypto/rsa: drop uneeded parameter in modInverse
The current modInverse implementation allocates a big.Int
for the second parameter of GCD, while only the first is needed.
This is unnecessary and can lead to a speed up for optimizations
of GCD where the second parameter is not calculated at all.

Change-Id: I3f042e140ff643311bc3d0b8d192992d4d2c4c70
Reviewed-on: https://go-review.googlesource.com/50531
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filosottile.wiki@gmail.com>
Reviewed-by: Adam Langley <agl@golang.org>
2017-08-09 19:28:40 +00:00
Wei Congrui
254f8ea9ea crypto/{aes,cipher,rc4}: fix out of bounds write in stream ciphers
Functions XORKeyStream should panic if len(dst) < len(src), but it
write to dst before bounds checking. In asm routines and fastXORBytes,
this is an out of bounds write.

Fixes #21104

Change-Id: I354346cda8d63910f3bb619416ffd54cd0a04a0b
Reviewed-on: https://go-review.googlesource.com/52050
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-08-09 04:17:51 +00:00
Nathaniel Caza
4dbcacda96 crypto/x509: load all trusted certs on darwin (nocgo)
The current implementation ignores certificates that exist
in the login and System keychains.

This change adds the missing System and login keychain
files to the `/usr/bin/security` command in
`execSecurityRoots`. If the current user cannot be
obtained, the login keychain is ignored.

Refs #16532

Change-Id: I8594a6b8940c58df8a8015b274fa45c39e18862c
Reviewed-on: https://go-review.googlesource.com/36941
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-07-14 18:47:10 +00:00
Dmitri Shuralyov
d13d6b3378 crypto/x509: improve internal comment
Apply code review suggestion from CL 46715.

The block is doing more than just checking len(r.certs) == len(tc.cns).
It also verifies that certificate common names match.

Change-Id: I28d6926a5da48bd8f6c80aa5e5a1ed6d4990f845
Reviewed-on: https://go-review.googlesource.com/47132
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-06-29 05:50:37 +00:00
Dmitri Shuralyov
441fd13386 crypto/x509: fix panic in TestEnvVars, improve style
This panic happens when the test fails due to the returned number of
certificates (r.certs) being less than expected by test case (tc.cns).
When i == len(r.certs) in the for loop, r.certs[i] will cause an index
out of range panic.

Also improve readability, consistency and style of the code. Use the
more common "got x, want y" pattern. See https://golang.org/s/style#useful-test-failures
for reference (and grep codebase for most common occurrences). Add a
comment, and remove blank line separating two blocks that are both
related to verifying that len(r.certs) == len(tc.cns). This should
help with readability.

Remove space after colon in call to t.Fatal, since it adds spaces
between its arguments.

Fixes #20801.

Change-Id: I40476103f1b5a0fa74b05637c250926b571c92fd
Reviewed-on: https://go-review.googlesource.com/46715
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-06-27 01:26:25 +00:00
Mikio Hara
7b659eb155 all: gofmt
Change-Id: I2d0439a9f068e726173afafe2ef1f5d62b7feb4d
Reviewed-on: https://go-review.googlesource.com/46190
Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-06-21 03:14:30 +00:00
Brad Fitzpatrick
3ca8ee14d1 crypto/x509: update MaxPathLen & MaxPathLenZero docs
Fixes #19285

Change-Id: I11e864eff9980dec8247c47e4c600f76602e7ada
Reviewed-on: https://go-review.googlesource.com/46092
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2017-06-20 23:40:07 +00:00
Adam Langley
d1211b9a9f crypto/x509: support excluded domains in name constraints.
Change-Id: I4c2c82cb0354f843a3283a650ed2cd2b6aef5895
Reviewed-on: https://go-review.googlesource.com/36900
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-06-13 18:33:29 +00:00
Wade Simmons
8a2553e380 crypto/rand: only read necessary bytes for Int
We only need to read the number of bytes required to store the value
"max - 1" to generate a random number in the range [0, max).

Before, there was an off-by-one error where an extra byte was read from
the io.Reader for inputs like "256" (right at the boundary for a byte).
There was a similar off-by-one error in the logic for clearing bits and
thus for any input that was a power of 2, there was a 50% chance the
read would continue to be retried as the mask failed to remove a bit.

Fixes #18165.

Change-Id: I548c1368990e23e365591e77980e9086fafb6518
Reviewed-on: https://go-review.googlesource.com/43891
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-05-23 21:02:14 +00:00
Joe Richey joerichey@google.com
95d991d30c crypto/rand: use blocking getrandom call on Linux when supported
By changing getRandomLinux to immediately use the getrandom() syscall
without GRND_NONBLOCK, we now only fall back to reading from
/dev/urandom on Linux if the kernel does not support the getrandom()
syscall. This means reads for crypto/rand will now block if the kernel
has insufficient entropy on Linux kernels after v3.16.

Before, if the kernel had insufficient entropy, it would fall back to
reading from /dev/urandom. This would potentially return predictable
data.

Fixes #19274

Change-Id: I1cb081ce2f3096f18ad2820e52ecdbd993dc2afc
Reviewed-on: https://go-review.googlesource.com/43852
Reviewed-by: Filippo Valsorda <hi@filippo.io>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-05-23 04:54:42 +00:00
Adam Langley
46f4bfb2d1 crypto/tls: pass argument to serverInit rather than using a field in Config.
Updates #20164.

Change-Id: Ib900095e7885f25cd779750674a712c770603ca8
Reviewed-on: https://go-review.googlesource.com/42137
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-05-16 18:23:28 +00:00
Martin Möhrmann
69972aea74 internal/cpu: new package to detect cpu features
Implements detection of x86 cpu features that
are used in the go standard library.

Changes all standard library packages to use the new cpu package
instead of using runtime internal variables to check x86 cpu features.

Updates: #15403

Change-Id: I2999a10cb4d9ec4863ffbed72f4e021a1dbc4bb9
Reviewed-on: https://go-review.googlesource.com/41476
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Keith Randall <khr@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-05-10 17:02:21 +00:00
Brad Fitzpatrick
ec0ee7d357 crypto: revise wording about cryptographically broken algorithms
Updates text from https://golang.org/cl/42511

Updates #14395

Change-Id: I711100525e074ab360e577520280c37645db1c95
Reviewed-on: https://go-review.googlesource.com/42614
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Reviewed-by: Rob Pike <r@golang.org>
2017-05-04 12:31:18 +00:00
Andreas Auernhammer
25db5d1a87 crypto: document insecure algorithms
This change explicitly documents that DES, MD5, RC4 and SHA-1 are
insecure / broken - at all or at least within a commonly used scenario.

Fixes #14395

Change-Id: Id1d543c85d67968ba64ed7495313501953c3ef3a
Reviewed-on: https://go-review.googlesource.com/42511
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-05-03 18:35:48 +00:00
Steven Hartland
e83bcd95a4 crypto/x509: load certs from env vars + extra locations
Add the ability to override the default file and directory from
which certificates are loaded by setting the OpenSSL compatible
environment variables: SSL_CERT_FILE, SSL_CERT_DIR.

If the variables are set the default locations are not checked.

Added new default file "/usr/local/etc/ssl/cert.pem" for FreeBSD.

Certificates in the first valid location found for both file and
directory are added, instead of only the first file location if
a valid one was found, which is consistent with OpenSSL.

Fixes #3905
Fixes #14022
Fixes #14311
Fixes #16920
Fixes #18813 - If user sets SSL_CERT_FILE.

Change-Id: Ia24fb7c1c2ffff4338b4cf214bd040326ce27bb0
Reviewed-on: https://go-review.googlesource.com/36093
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-05-03 15:39:29 +00:00
Mike Strosaker
48582e1524 crypto/sha256,crypto/sha512: improve performance for sha{256,512}.block on ppc64le
This updates sha256.block and sha512.block to use vector instructions.  While
each round must still be performed independently, this allows for the use of
the vshasigma{w,d} crypto acceleration instructions.

For crypto/sha256:

benchmark               old ns/op     new ns/op     delta
BenchmarkHash8Bytes     570           300           -47.37%
BenchmarkHash1K         7529          3018          -59.91%
BenchmarkHash8K         55308         21938         -60.33%

benchmark               old MB/s     new MB/s     speedup
BenchmarkHash8Bytes     14.01        26.58        1.90x
BenchmarkHash1K         136.00       339.23       2.49x
BenchmarkHash8K         148.11       373.40       2.52x

For crypto/sha512:

benchmark               old ns/op     new ns/op     delta
BenchmarkHash8Bytes     725           394           -45.66%
BenchmarkHash1K         5062          2107          -58.38%
BenchmarkHash8K         34711         13918         -59.90%

benchmark               old MB/s     new MB/s     speedup
BenchmarkHash8Bytes     11.03        20.29        1.84x
BenchmarkHash1K         202.28       485.84       2.40x
BenchmarkHash8K         236.00       588.56       2.49x

Fixes #20069

Change-Id: I28bffe6e9eb484a83a004116fce84acb4942abca
Reviewed-on: https://go-review.googlesource.com/41391
Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Carlos Eduardo Seo <cseo@linux.vnet.ibm.com>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Lynn Boger <laboger@linux.vnet.ibm.com>
2017-04-26 12:34:03 +00:00
Andrew Benton
d9b1f9e85e encoding/asn1: add NullBytes and NullRawValue for working with ASN.1 NULL
There were a number of places in crypto/x509 that used hardcoded
representations of the ASN.1 NULL type, in both byte slice and
RawValue struct forms. This change adds two new exported vars to
the asn1 package for working with ASN.1 NULL in both its forms, and
converts all usages from the x509 package.

In addition, tests were added to exercise Marshal and Unmarshal on
both vars.

See #19446 for discussion.

Change-Id: I63dbd0835841ccbc810bd6ec794360a84e933f1e
Reviewed-on: https://go-review.googlesource.com/38660
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
2017-04-24 22:23:56 +00:00
xufei_Alex
db8437eb58 crypto/x509: use native compare in test instead of strings.Compare
Change-Id: I24c824edd8af6311a4eff44ef4bb28d73a91c68e
Reviewed-on: https://go-review.googlesource.com/41295
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-04-21 02:49:21 +00:00
Adam Langley
9294fa2749 crypto/elliptic: fix carry bug in x86-64 P-256 implementation.
Patch from Vlad Krasnov and confirmed to be under CLA.

Fixes #20040.

Change-Id: Ieb8436c4dcb6669a1620f1e0d257efd047b1b87c
Reviewed-on: https://go-review.googlesource.com/41070
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-04-19 18:07:31 +00:00
Carlos Eduardo Seo
d6dd7ce1c5 crypto/aes: fix wrong instruction on ppc64le implementation
In the newest AES implementation in asm for ppc64le, this part

MOVW $·rcon(SB), PTR

should be

MOVD $·rcon(SB), PTR

since it is loading a doubleword value into PTR.

Change-Id: I7e3d6ad87a2237015aeeb30c68fb409a18f2801c
Reviewed-on: https://go-review.googlesource.com/40298
Reviewed-by: Lynn Boger <laboger@linux.vnet.ibm.com>
2017-04-11 20:10:08 +00:00
Kevin Burke
26c2926f64 crypto/tls: recommend P256 elliptic curve
Users (like myself) may be tempted to think the higher-numbered curve
is somehow better or more secure, but P256 is currently the best
ECDSA implementation, due to its better support in TLS clients, and a
constant time implementation.

For example, sites that present a certificate signed with P521
currently fail to load in Chrome stable, and the error on the Go side
says simply "remote error: tls: illegal parameter".

Fixes #19901.

Change-Id: Ia5e689e7027ec423624627420e33029c56f0bd82
Reviewed-on: https://go-review.googlesource.com/40211
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-04-10 17:40:01 +00:00
Martin Lindhe
d80166ebbe crypto/*: fix spelling of 'below'
Change-Id: Ic9d65206ec27f6d54bb71395802929e9c769e80a
Reviewed-on: https://go-review.googlesource.com/38355
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-03-20 16:03:18 +00:00
Andrew Benton
2a26f5809e crypto/x509: rename and reposition rsaPublicKey struct declaration
For consistency with the other named types in this package, this
change renames the unexported rsaPublicKey struct to pkcs1PublicKey
and positions the declaration up with the other similarly-named
types in pkcs1.go.

See the final comment of #19355 for discussion.

Change-Id: I1fa0366a8efa01602b81bc69287ef747abce84f5
Reviewed-on: https://go-review.googlesource.com/37885
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-03-07 16:49:28 +00:00
Mike Danese
87649d32ad crypto/tls: make Config.Clone also clone the GetClientCertificate field
Using GetClientCertificate with the http client is currently completely
broken because inside the transport we clone the tls.Config and pass it
off to the tls.Client. Since tls.Config.Clone() does not pass forward
the GetClientCertificate field, GetClientCertificate is ignored in this
context.

Fixes #19264

Change-Id: Ie214f9f0039ac7c3a2dab8ffd14d30668bdb4c71
Signed-off-by: Mike Danese <mikedanese@google.com>
Reviewed-on: https://go-review.googlesource.com/37541
Reviewed-by: Filippo Valsorda <hi@filippo.io>
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2017-03-02 19:43:07 +00:00
Andreas Auernhammer
a6a0b1903d crypto: add BLAKE2b and BLAKE2s hash constants
Fixes golang/go#19060
Change-Id: I1844edc3dcccc8d83a11d1145b60b2b92f2658ca
Reviewed-on: https://go-review.googlesource.com/36876
Reviewed-by: Adam Langley <agl@golang.org>
2017-03-01 19:26:16 +00:00