I ran the new verification code against a large number of certificates
with a huge (>1000) number of intermediates.
I had previously convinced myself that a cycle in the certificate
graph implied a cycle in the hash graph (and thus, a contradiction).
This is bogus because the signatures don't cover each other.
Secondly, I managed to drive the verification into a time explosion
with a fully connected graph of certificates. The code would try to
walk the factorial number of paths.
This change switches the CertPool to dealing with indexes of
certificates rather than pointers: this makes equality easy. (I didn't
want to compare pointers because a reasonable gc could move objects
around over time.)
Secondly, verification now memorizes the chains from a given
certificate. This is dynamic programming for the lazy, but there's a
solid reason behind it: dynamic programming would ignore the Issuer
hints that we can exploit by walking up the chain rather than down.
R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4439070
The unexported version returns a sensible default when the user hasn't
set a value. The exported version crashes in that case.
R=bradfitzgo, rsc1
CC=golang-dev
https://golang.org/cl/4435070
With full multi-prime support we can support version 1 PKCS#1 private
keys. This means exporting all the members of rsa.PrivateKey, thus
making the API a little messy. However there has already been another
request to export this so it seems to be something that's needed.
Over time, rsa.GenerateMultiPrimeKey will replace rsa.GenerateKey, but
I need to work on the prime balance first because we're no longer
generating primes which are a multiples of 8 bits.
Fixes#987.
R=rsc
CC=golang-dev
https://golang.org/cl/4378046
* Accept armored private key blocks
* If an armored block is missing, return an InvalidArgumentError,
rather than ignoring it.
* If every key in a block is skipped due to being unsupported,
return the last unsupported error.
* Include the numeric type of unsupported public keys.
* Don't assume that the self-signature comes immediately after the
user id packet.
R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4434048
This pulls in changes that should have been in 3faf9d0c10c0, but
weren't because x509.go was part of another changelist.
TBR=bradfitzgo
R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4433056
People have a need to verify certificates in situations other than TLS
client handshaking. Thus this CL moves certificate verification into
x509 and expands its abilities.
R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4407046
We already had support on the client side. I also changed the name of
the flag in the ServerHello structure to match the name of the same
flag in the ClientHello (ocspStapling).
R=bradfitzgo
CC=golang-dev
https://golang.org/cl/4408044
It matches encoding/line exactly and the tests are copied from there.
If we land this, then encoding/line will get marked as deprecated then
deleted in time.
R=rsc, rog, peterGo
CC=golang-dev
https://golang.org/cl/4389046
The CRT is symmetrical in the case of two variables and I picked a
different form from PKCS#1.
R=golang-dev, rsc1
CC=golang-dev
https://golang.org/cl/4381041
We replace the current Open with:
OpenFile(name, flag, perm) // same as old Open
Open(name) // same as old Open(name, O_RDONLY, 0)
Create(name) // same as old Open(name, O_RDWR|O_TRUNC|O_CREAT, 0666)
This CL includes a gofix module and full code updates: all.bash passes.
(There may be a few comments I missed.)
The interesting packages are:
gofix
os
Everything else is automatically generated except for hand tweaks to:
src/pkg/io/ioutil/ioutil.go
src/pkg/io/ioutil/tempfile.go
src/pkg/crypto/tls/generate_cert.go
src/cmd/goyacc/goyacc.go
src/cmd/goyacc/units.y
R=golang-dev, bradfitzwork, rsc, r2
CC=golang-dev
https://golang.org/cl/4357052
This changeset makes it possible for crypto/x509 to parse
certificates that include the 'Extended Key Usage' extension
with the critical bit set.
R=agl1
CC=golang-dev
https://golang.org/cl/4277075
Drop laddr argument from Dial.
Drop cname return from LookupHost.
Add LookupIP, LookupCNAME, ParseCIDR, IP.Equal.
Export SplitHostPort, JoinHostPort.
Add AAAA (IPv6) support to host lookups.
Preparations for implementing some of the
lookups using cgo.
ParseCIDR and IP.Equal are logically new in this CL
but accidentally snuck into an earlier CL about unused
labels that was in the same client.
In crypto/tls, drop laddr from Dial to match net.
R=golang-dev, dsymonds, adg, rh
CC=golang-dev
https://golang.org/cl/4244055
New make target "testshort" runs "gotest -test.short" and is invoked
by run.bash, which is invoked by all.bash.
Use -test.short to make one package (crypto ecdsa) run much faster.
More changes to come.
Once this is in, I will update the long-running tests to use the new flag.
R=rsc
CC=golang-dev
https://golang.org/cl/4317043
There is some disagreement about how to deal with hash values larger
than the curve order size. We choose to follow OpenSSL's lead here.
R=bradfitzgo, r
CC=golang-dev
https://golang.org/cl/4273059
PKCS#1 v2.1 section 7.1.1 says that the result of an OAEP encryption
is "an octet string of length $k$". Since we didn't left-pad the
result it was previously possible for the result to be smaller when
the most-significant byte was zero.
Fixes#1519.
R=rsc
CC=golang-dev
https://golang.org/cl/4175059