OpenSSL requires that RSA signatures be exactly the same byte-length
as the modulus. Currently it'll reject ~1/256 of our signatures: those
that end up a byte shorter.
Fixes#3796.
R=golang-dev, edsrzf, r
CC=golang-dev
https://golang.org/cl/6352093
Previously, strings that didn't have an explicit ASN.1 string type
were taken to be ASN.1 PrintableStrings. This resulted in an error if
a unrepresentable charactor was included.
For compatibility reasons, I'm too afraid to switch the default string
type to UTF8String, but this patch causes untyped strings to become
UTF8Strings if they contain a charactor that's not valid in a
PrintableString.
Fixes#3791.
R=golang-dev, bradfitz, r, r
CC=golang-dev
https://golang.org/cl/6348074
Entrust have issued a root certificate that's not marked as valid for
signing certificates.
This results in Go programs failing to validate certificates that
chain up to this root (i.e. gateway.push.apple.com:2195).
Although this is clearly a mistake on Entrust's part, it seems that we
will have to bodge around it.
R=golang-dev, dave, r
CC=golang-dev
https://golang.org/cl/6346064
Ran 'double.pl' on the pkg tree to identify doubled words.
One change to an error string return in x509; the rest are in comments.
Thanks to Matt Jibson for the idea.
R=golang-dev, bsiegert
CC=golang-dev
https://golang.org/cl/6344089
Flame motivated me to get around to adding extended key usage support
so that code signing certificates can't be used for TLS server
authentication and vice versa.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/6304065
The speedup is a combination of unrolling/specializing
the actual code and also making the compiler generate better code.
Go 1.0.1 (size: 1239 code + 320 data = 1559 total)
md5.BenchmarkHash1K 1000000 7178 ns/op 142.64 MB/s
md5.BenchmarkHash8K 200000 56834 ns/op 144.14 MB/s
Partial unroll (size: 1115 code + 256 data = 1371 total)
md5.BenchmarkHash1K 5000000 2513 ns/op 407.37 MB/s
md5.BenchmarkHash8K 500000 19406 ns/op 422.13 MB/s
Complete unroll (size: 1900 code + 0 data = 1900 code)
md5.BenchmarkHash1K 5000000 2442 ns/op 419.18 MB/s
md5.BenchmarkHash8K 500000 18957 ns/op 432.13 MB/s
Comparing Go 1.0.1 and the complete unroll (this CL):
benchmark old MB/s new MB/s speedup
md5.BenchmarkHash1K 142.64 419.18 2.94x
md5.BenchmarkHash8K 144.14 432.13 3.00x
On the same machine, 'openssl speed md5' reports 441 MB/s
and 531 MB/s for our two cases, so this CL is at 90% and 80% of
those speeds, which is at least in the right ballpark.
OpenSSL is using carefully engineered assembly, so we are
unlikely to catch up completely.
Measurements on a Mid-2010 MacPro5,1.
R=golang-dev, bradfitz, agl
CC=golang-dev
https://golang.org/cl/6220046
This includes the NIST test suite for ECDSA and alters the test to
parse and evaluate it.
R=golang-dev, bradfitz, rsc, b
CC=golang-dev
https://golang.org/cl/6219058
http://www.rsa.com/rsalabs/node.asp?id=2125:
NOTE: A new OID has been defined for the combination
of the v1.5 signature scheme and the SHA-224 hash function:
sha224WithRSAEncryption OBJECT IDENTIFIER ::=
Like the other sha*WithRSAEncryption OIDs in PKCS #1 v2.1,
this OID has NULL parameters.
The DigestInfo encoding for SHA-224 (see Section 9.2, Note 1) is:
(0x)30 2d 30 0d 06 09 60 86 48 01 65 03 04 02 04 05 00 04 1c || H
R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6208076
crypto.Hash.New() changed to panicking when the hash function isn't
linked in, but crypto/x509 still expects it to return nil.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/6175047
On Solaris versions before Solaris 11, the kernel will not
return more than 1040 on a single read from /dev/urandom.
R=golang-dev, agl, bradfitz, rsc, iant, dchest
CC=golang-dev
https://golang.org/cl/6113046
When SNI based certificate selection is enabled, we previously used
the default private key even if we selected a non-default certificate.
Fixes#3367.
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5987058
crypto/tls is tested, in part, by replaying recorded TLS connections
and checking that the bytes sent by the Go code haven't changed.
Previously we used GnuTLS's debug output and extracted the bytes of
the TLS connection using a Python script. That wasn't great, and I
think GnuTLS removed that level of debugging in a more current
release.
This change records the connection with Go code and adds a test for
ECDHE-AES clients generating using this method.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5988048
Previously we checked that de ≡ 1 mod φ(n). Since φ(n) is a multiple
of |(ℤ/nℤ)*|, this encompassed the new check, but it was too strict as
keys generated by GnuTLS would be rejected when gcd(p-1,q-1)≠1.
(Also updated the error strings in crypto/rsa to contain the package name, which some were missing.)
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5867043
The existing code that tried to prevent ECC ciphersuites from being
selected when there were no mutual curves still left |suite| set.
This lead to a panic on a nil pointer when there were no acceptable
ciphersuites at all.
Thanks to George Kadianakis for pointing it out.
R=golang-dev, r, bradfitz
CC=golang-dev
https://golang.org/cl/5857043
If a CertificateRequest is received we have to reply with a
Certificate message, even if we don't have a certificate to offer.
Fixes#3339.
R=golang-dev, r, ality
CC=golang-dev
https://golang.org/cl/5845067
This moves the various CA root fetchers from crypto/tls into crypto/x509.
The move was brought about by issue 2997. Windows doesn't ship with all
its root certificates, but will instead download them as-needed when using
CryptoAPI for certificate verification.
This CL changes crypto/x509 to verify a certificate using the system root
CAs when VerifyOptions.RootCAs == nil. On Windows, this verification is
now implemented using Windows's CryptoAPI. All other root fetchers are
unchanged, and still use Go's own verification code.
The CL also fixes the hostname matching logic in crypto/tls/tls.go, in
order to be able to test whether hostname mismatches are honored by the
Windows verification code.
The move to crypto/x509 also allows other packages to use the OS-provided
root certificates, instead of hiding them inside the crypto/tls package.
Fixes#2997.
R=agl, golang-dev, alex.brainman, rsc, mikkel
CC=golang-dev
https://golang.org/cl/5700087
An X.509 path length constrains the number of certificate that may
follow in the chain. This is a little simplistic for a first pass as it
doesn't check self-signed certificates (which don't count towards the
length), but it's conservatively simplistic.
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5727057
asn1 didn't have an omitempty tag, so the list of additional primes in
an RSA private key was serialised as an empty SEQUENCE, even for
version 1 structures. This tripped up external code that didn't handle
v2.
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5729062
Not a Go 1 issue, but appeared to be fairly easy to fix.
- Note that a few existing test cases look slightly worse but
those cases were not representative for real code. All real
code looks better now.
- Manual move of the comment in go/scanner/example_test.go
before applying gofmt.
- gofmt -w $GOROOT/src $GOROOT/misc
Fixes#3062.
R=rsc
CC=golang-dev
https://golang.org/cl/5674093
* add -work option to save temporary files (Fixes issue 2980)
* fix go test -i to work with cgo packages (Fixes issue 2936)
* do not overwrite/remove empty directories or non-object
files during build (Fixes issue 2829)
* remove package main vs package non-main heuristic:
a directory must contain only one package (Fixes issue 2864)
* to make last item workable, ignore +build tags for files
named on command line: go build x.go builds x.go even
if it says // +build ignore.
* add // +build ignore tags to helper programs
R=golang-dev, r, r
CC=golang-dev
https://golang.org/cl/5674043
1) Remove the Reset() member in crypto/aes and crypto/des (and
document the change).
2) Turn several empty error structures into vars. Any remaining error
structures are either non-empty, or will probably become so in the
future.
3) Implement SetWriteDeadline for TLS sockets. At the moment, the TLS
status cannot be reused after a Write error, which is probably fine
for most uses.
4) Make crypto/aes and crypto/des return a cipher.Block.
R=rsc, r
CC=golang-dev
https://golang.org/cl/5625045
(*Writer, error) if they take a compression level, and *Writer otherwise.
Rename gzip's Compressor and Decompressor to Writer and Reader, similar to
flate and zlib.
Clarify commentary when writing gzip metadata that is not representable
as Latin-1, and fix io.EOF comment bug.
Also refactor gzip_test to be more straightforward.
Fixes#2839.
R=rsc, r, rsc, bradfitz
CC=golang-dev
https://golang.org/cl/5639057
Specifically, remove simply where it is claiming that the
code or the action to be carried out is simple, since the
reader might disagree.
R=golang-dev, bradfitz, gri
CC=golang-dev
https://golang.org/cl/5637048
I missed an overflow in contract because I suspected that the prime
elimination would take care of it. It didn't, and I forgot to get back
to the overflow. Because of this, p224Contract may have produced a
non-minimal representation, causing flakey failures ~0.02% of the
time.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5592045