| Age | Commit message (Collapse) | Author |
|---|
|
This lets us surface an error message instead of panicking if running
in fips140=only mode, where ECDH on X25519 returns an error.
Updates golang/go#75061
Change-Id: I6a6a6964c0591f3dca2dc946c99d44364314a3ab
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/696995
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
|
|
By now Go 1.25.0 has been released, and Go 1.23 is no longer supported
per the Go Release Policy (see https://go.dev/doc/devel/release#policy).
For golang/go#69095.
[git-generate]
(cd . && go get go@1.24.0 && go mod tidy && go fix ./... && go mod edit -toolchain=none)
(cd x509roots/fallback && go get go@1.24.0 && go mod tidy && go fix ./... && go mod edit -toolchain=none)
Change-Id: Ia4c201e9611a2c13489e16d4ae81d7e3e32bf455
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/695715
Auto-Submit: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: David Chase <drchase@google.com>
|
|
Update golang.org/x dependencies to their latest tagged versions.
Change-Id: I93de641462a54b0ae565bb60e2a0e6e7c2c3b883
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/693999
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: David Chase <drchase@google.com>
|
|
Wait for process completion before reading stdout/stderr buffers
to eliminate race between I/O Go routines and test cleanup.
Updates golang/go#74437
Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest-race
Change-Id: I2e650c04db5be0d7a1e858ce40e25f13ad12223c
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/693596
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
goos: linux
goarch: amd64
pkg: golang.org/x/crypto/x509roots/fallback
cpu: AMD Ryzen 5 4600G with Radeon Graphics
│ /tmp/before │ /tmp/after │
│ sec/op │ sec/op vs base │
InitTime-12 1.726m ± 0% 1.101m ± 1% -36.20% (p=0.000 n=30)
│ /tmp/before │ /tmp/after │
│ B/op │ B/op vs base │
InitTime-12 1178.2Ki ± 0% 779.8Ki ± 0% -33.81% (p=0.000 n=30)
│ /tmp/before │ /tmp/after │
│ allocs/op │ allocs/op vs base │
InitTime-12 11.35k ± 0% 10.64k ± 0% -6.32% (p=0.000 n=30)
Updates golang/go#73691
Change-Id: Ic33f2fdfc65001c41afeb3b6af8a383288d10de6
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/676217
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Mark Freeman <mark@golang.org>
|
|
In CI it seems that occasionally we can't connect to the test servers
within 10 tries, and the test flakes. Let's give the process more
attempts.
Updates golang/go#74437
Change-Id: I74d6cea83468a3a572ec4b52ff7314c778c664cf
Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/692075
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Mark Freeman <mark@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
This is an automated CL which updates the NSS root bundle.
[git-generate]
go generate ./x509roots
Change-Id: Ib30b702d41dedacce835628a9dab456098be0703
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/687895
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Gopher Robot <gobot@golang.org>
|
|
When spawning the pebble and pebble-challtestserv processes redirect
stdout/stderr to bytes.Buffer instances and print their content at test
end as appropriate.
The stdout/stderr content for each process is printed if the test
failed, or if testing is being done in verbose mode. Otherwise the
output is swallowed.
This makes debugging test failures much easier as output from the
subprocesses from independent tests isn't intermingled.
Updates golang/go#74437
Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest
Change-Id: Ia79a3609ce3522ef6248442de247554c39367162
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/686935
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Update golang.org/x dependencies to their latest tagged versions.
Change-Id: I3a89b1890ad2f7d2b2c23e1efce60c19e43dd381
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/687017
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: David Chase <drchase@google.com>
|
|
Fixes golang/go#61536
Change-Id: Id38cc6d46879dbe2bdea04dec061596387ec6cfe
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/559056
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
|
|
When creating a TLS-ALPN-01 challenge response certificate for an IP
address identifier we need to configure the template IPAddresses field,
not the DNSNames/Subject.CommonName.
Along the way we can do some small tidying:
* Updating the draft TLS-ALPN-01 reference to the finalized RFC
* Adding a reference to the IP address identifier ACME RFC
* Adding a mention of the form the challenge validation request's SNI
will take when verifying an IP address identifier
* Tidying the private tlsChallengeCert() function to take a single
identifier as arg since the only call-sites provide singular values
since the removal of the TLS-SNI-[01|02] challenge helpers.
This allows enabling an IP address identifier in the Pebble integration
tests that otherwise caused a validation failure for TLS-ALPN-01
challenge types because the IP address was used as a DNS SAN.
Updates golang/go#73914
Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest
Change-Id: Ic671e41b585f424f821db65206c7ffcc6dd386a0
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/677576
Reviewed-by: Ian Stapleton Cordasco <graffatcolmingov@gmail.com>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
This commit adds integration test coverage for a complete TLS-ALPN-01
and HTTP-01 based issuance flow.
For each tested challenge type we:
* Spin up a pebble/pebble-challtestsrv environment
* Spin up a small challenge response server
* Create an ACME account
* Create an order for multiple DNS type identifiers
* Provision challenge responses based on the challenge type under test
* Wait for the order to become ready for issuance
* Finalize the order, issuing a certificate
* Check the newly issued certificate chain validates with the Pebble
trust anchor, and that the certificate is valid for each of the names
from our initial order
These tests are skipped in short mode (Pebble has variable delays for
validation requests).
The Pebble source is fetched through the Go module proxy (unless
a local directory is specified to aid development), similar to how the
stdlib crypto packages fetch BoGo tooling.
More test coverage for various other parts of the protocol (key
rollover, account/authz deactivation, revocation, etc) can be added as
follow-up work now that the groundwork for integration testing is laid.
Fixes golang/go#73914
Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-linux-amd64-longtest
Change-Id: I4e79f4858f31ef290a0c91d345e15fbdc510e9ab
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/677575
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Ian Stapleton Cordasco <graffatcolmingov@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Fixes golang/go#69518
Change-Id: Id9989ac9b28262df77017e97f985f67c1571c3ce
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/644255
Reviewed-by: Austin Clements <austin@google.com>
Auto-Submit: Austin Clements <austin@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
This is an automated CL which updates the NSS root bundle.
[git-generate]
go generate ./x509roots
Change-Id: Icb71f9f7c509dc6f49ad4385aa287bd6a8966523
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/681915
Auto-Submit: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
According to draft-miller-ssh-cert-01, Section 2.1.1, certificates with
certificate keys as signature keys are invalid
Change-Id: I474524ea444deb78f2fa7c2682e47c0fd057f0b8
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/678716
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
As specified in draft-miller-ssh-cert-01, Section 2.1.1:
Implementations MUST NOT accept certificate keys as CA keys.
Change-Id: I2e559a8a58b7bceccd0d8c6b80803abdbe281067
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/678715
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: David Chase <drchase@google.com>
|
|
Skip the key exchange test when using the system's ssh CLI if the
required KEX algorithm (e.g., mlkem768x25519-sha256) is not supported.
This is determined by running ssh -Q kex and checking for the presence
of the target algorithm.
Prevents false test failures in CI environments with older or limited
SSH implementations.
Cq-Include-Trybots: luci.golang.try:x_crypto-gotip-darwin-amd64-longtest,x_crypto-gotip-linux-amd64-longtest,x_crypto-gotip-windows-amd64-longtest
Change-Id: I3fac703ec70559e18b30d5fff88274335a7c3952
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/679195
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
|
|
Update golang.org/x dependencies to their latest tagged versions.
Change-Id: Icbe0bf922207aefa5ee047a35dfb71843ec75306
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/679135
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Gopher Robot <gobot@golang.org>
|
|
goos: linux
goarch: amd64
pkg: golang.org/x/crypto/x509roots/fallback
cpu: AMD Ryzen 5 4600G with Radeon Graphics
│ /tmp/before │
│ sec/op │
InitTime-12 1.726m ± 0%
│ /tmp/before │
│ B/op │
InitTime-12 1.151Mi ± 0%
│ /tmp/before │
│ allocs/op │
InitTime-12 11.35k ± 0%
For golang/go#73691
Change-Id: Ic932bd7835e50dd5c6adbdf684644afa49bddebc
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/676216
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Sean Liao <sean@liao.dev>
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
|
|
For golang/go#73691
Change-Id: I3e2b09055c39286d863fe70ca3bd72a839e25d0a
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/676215
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Sean Liao <sean@liao.dev>
Auto-Submit: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
The TLSSNI01ChallengeCert and TLSSNI02ChallengeCert functions have been
marked deprecated since 2022. The package documentation indicates
pre-RFC 8555 functionality is retained for compilation success, but will
return errors. This commit makes these two deprecated functions match
that description.
No meaningful support for these draft standard challenge types exists
in the ACME ecosystem, and they are insecure for use in shared hosting
environments.
Change-Id: I1c17980a0630092c70eb971b3453a0f115834be0
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/676835
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
|
|
The private encodePem() and unique() functions under the acme package
had no call-sites and so can be removed.
Change-Id: Ic617392e7cc9b9e795456626a623ba02df108694
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/676875
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
|
|
We add this support for the following reasons:
- We are planning to expose recommended (secure) vs. supported (works,
not necessarily recommended) algorithms. The DHGEX kex is currently
only exposed as a client-side kex. To simplify the calling convention
for this follow-on, we expose the server side too.
- Some clients are quite inflexible with reference to kex algorithms
choice, for example they offer:
diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1,
diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
therefore DHGEX helps interoperability.
We do not recommend the DHGEX kex as a whole:
- the negotiation requires an extra round trip
- the server must generate parameters (slow) or hardcode them, which
defeats the security benefit over traditional DH.
In this implementation we hardcode sending Oakley Group 14, Oakley
Group 15 or Oakley Group 16 based on the requested max size.
Users that are concerned with security of classical DH kex should
migrate to kex based on EC or Ed25519.
Fixes golang/go#54743
Change-Id: I127822e90efc36821af4aca679931f40a2023021
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/532415
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Fixes golang/go#58523
Fixes golang/go#46638
Change-Id: Ic64bd2fdd6e9ec96acac3ed4be842e2fbb15231d
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/538235
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
If the key exchange method curve25519-sha256 is configured, automatically
add the curve25519-sha256@libssh.org alias to ensure compatibility with
OpenSSH versions up to 7.2, which recognize only the older vendor-specific
name.
Change-Id: If50ab2c49179db949ba1b986f7bb0e153cc7f897
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/669716
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Fixes golang/go#61537
Change-Id: If3478121e3ae445391e3faeceeb889d75e9e3214
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/531935
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
Change InvalidCostError string to explicitly state cost bounds
range as inclusive, rather than using parentheses that might
imply an exclusive range.
Change-Id: Ie5e7d53ef4217c8560e6a7fe23e3d65ecc24a2a3
GitHub-Last-Rev: b49002b6b2cff0939858553a28e3f255bde397b6
GitHub-Pull-Request: golang/crypto#300
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/609455
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
|
|
This is an automated CL which updates the NSS root bundle.
[git-generate]
go generate ./x509roots
Change-Id: If1970af8da68ead595dc3fa7dd79a8555a5f09c5
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/668576
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Gopher Robot <gobot@golang.org>
|
|
Update golang.org/x dependencies to their latest tagged versions.
Change-Id: I06b2bb01f1557af02a8bf172ee85973695506906
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/670095
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: David Chase <drchase@google.com>
|
|
If a recording file exists but is invalid for any reason, the random
source may have already been used, resulting in a recording that
cannot be replayed.
Change-Id: Ib81aaf163f5783fede2c14a0ac10a8d2af6019c6
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/664917
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
|
|
starting with OpenSSH 10, all Diffie-Hellman key exchange algorithms
are disabled by default. To generate recordings, we must explicitly
enable them.
Change-Id: Icfbf46b30478f36d7040991e0f6324b9b4766aaf
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/665115
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
|
|
Check the directory's AuthzURL to see if the server supports
pre-authorization. If it's empty, then the server is not advertising
support and we can encounter other bugs. Better to return early and give
a clear error to the caller.
From https://www.rfc-editor.org/rfc/rfc8555#section-7.4.1
If a CA wishes to allow pre-authorization within ACME, it can offer a
"new authorization" resource in its directory by adding the field
"newAuthz" with a URL for the newAuthz resource.
Fixes golang/go#40839
Change-Id: Id3e92e8e2ae3c57285183d37544dd59b4988b3be
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/661675
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
|
|
This fixes the build on the js/wasm builder.
Change-Id: Icd891cd38b9da07279b9afaa168f7c64c81e13fe
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/665095
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
acme/autocert currently has ad-hoc logic to find a reasonable default
for a cache directory.
Since that logic was written (in 2017), new functions were added to the
os package to provide that functionality (in Go 1.13, 2019-09):
`os.UserCacheDir` and `os.UserHomeDir`.
This patch replaces the ad-hoc logic with a call to `os.UserCacheDir`.
The fallback to `/` is kept, since it may be relied upon in some
environments.
Change-Id: I3bf692ca670b87bf3d329e5d3684eee15ed374aa
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/440195
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
|
|
This reverts CL 636257.
Reason for revert: Does not build on 1.23 or 1.24
For golang/go#73354.
Change-Id: Ie28d5c45930a8eacd5cabed64390ef674b3fb446
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/665536
Reviewed-by: abner chenc <chenguoqi@loongson.cn>
Auto-Submit: Michael Pratt <mpratt@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
This reverts CL 663375.
Reason for revert: Does not build on 1.23 or 1.24
For golang/go#73354.
Change-Id: I251d598423b83c01cc2e04ddf6f49ae14095fa7c
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/665535
Auto-Submit: Michael Pratt <mpratt@google.com>
Reviewed-by: abner chenc <chenguoqi@loongson.cn>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
This reverts CL 657795.
Reason for revert: Does not build on 1.23 or 1.24
For golang/go#73354.
Change-Id: I69498f24b57bd6650c9d1f4c755922cfaaba4a84
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/665555
Reviewed-by: abner chenc <chenguoqi@loongson.cn>
Auto-Submit: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
This reverts CL 661215.
Reason for revert: Does not build on 1.23 or 1.24
Fixes #73354.
Change-Id: I90abd8a3dabf5c0d9fd1062de3ba3e78ecb2f2e8
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/664796
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
The performance gains on Loongson 3A6000 and 3A5000 are as follows:
goos: linux
goarch: loong64
pkg: golang.org/x/crypto/argon2
cpu: Loongson-3A6000-HV @ 2500.00MHz
| bench.old | bench.new |
| sec/op | sec/op vs base |
Argon2i/_Time:_3_Memory:_32_MB,_Threads:_1 131.23m ± 0% 67.56m ± 1% -48.52% (p=0.000 n=10)
Argon2i/_Time:_4_Memory:_32_MB,_Threads:_1 171.28m ± 2% 90.20m ± 0% -47.34% (p=0.000 n=10)
Argon2i/_Time:_5_Memory:_32_MB,_Threads:_1 213.3m ± 0% 112.6m ± 0% -47.21% (p=0.000 n=10)
Argon2i/_Time:_3_Memory:_64_MB,_Threads:_4 269.5m ± 0% 147.2m ± 0% -45.37% (p=0.000 n=10)
Argon2i/_Time:_4_Memory:_64_MB,_Threads:_4 357.7m ± 0% 195.4m ± 0% -45.36% (p=0.000 n=10)
Argon2i/_Time:_5_Memory:_64_MB,_Threads:_4 449.8m ± 0% 243.8m ± 0% -45.79% (p=0.000 n=10)
Argon2d/_Time:_3,_Memory:_32_MB,_Threads:_1 126.56m ± 0% 67.43m ± 0% -46.72% (p=0.000 n=10)
Argon2d/_Time:_4,_Memory:_32_MB,_Threads:_1 168.57m ± 0% 90.04m ± 0% -46.58% (p=0.000 n=10)
Argon2d/_Time:_5,_Memory:_32_MB,_Threads:_1 210.5m ± 0% 112.7m ± 0% -46.45% (p=0.000 n=10)
Argon2d/_Time:_3,_Memory:_64_MB,_Threads:_4 264.8m ± 0% 145.0m ± 1% -45.23% (p=0.000 n=10)
Argon2d/_Time:_4,_Memory:_64_MB,_Threads:_4 353.8m ± 0% 193.7m ± 0% -45.26% (p=0.000 n=10)
Argon2d/_Time:_5,_Memory:_64_MB,_Threads:_4 444.4m ± 0% 242.3m ± 0% -45.49% (p=0.000 n=10)
Argon2id/_Time:_3,_Memory:_32_MB,_Threads:_1 126.89m ± 0% 66.62m ± 0% -47.50% (p=0.000 n=10)
Argon2id/_Time:_4,_Memory:_32_MB,_Threads:_1 169.02m ± 0% 89.07m ± 0% -47.30% (p=0.000 n=10)
Argon2id/_Time:_5,_Memory:_32_MB,_Threads:_1 210.7m ± 0% 111.0m ± 0% -47.34% (p=0.000 n=10)
Argon2id/_Time:_3,_Memory:_64_MB,_Threads:_4 267.6m ± 1% 145.8m ± 0% -45.51% (p=0.000 n=10)
Argon2id/_Time:_4,_Memory:_64_MB,_Threads:_4 355.1m ± 0% 194.1m ± 0% -45.34% (p=0.000 n=10)
Argon2id/_Time:_5,_Memory:_64_MB,_Threads:_4 443.6m ± 0% 242.5m ± 0% -45.33% (p=0.000 n=10)
geomean 240.8m 129.3m -46.32%
goos: linux
goarch: loong64
pkg: golang.org/x/crypto/argon2
cpu: Loongson-3A5000 @ 2500.00MHz
| bench.old | bench.new |
| sec/op | sec/op vs base |
Argon2i/_Time:_3_Memory:_32_MB,_Threads:_1 209.9m ± 1% 109.7m ± 2% -47.75% (p=0.000 n=10)
Argon2i/_Time:_4_Memory:_32_MB,_Threads:_1 278.1m ± 0% 143.7m ± 0% -48.34% (p=0.000 n=10)
Argon2i/_Time:_5_Memory:_32_MB,_Threads:_1 346.7m ± 0% 178.1m ± 0% -48.63% (p=0.000 n=10)
Argon2i/_Time:_3_Memory:_64_MB,_Threads:_4 455.3m ± 0% 240.8m ± 0% -47.12% (p=0.000 n=10)
Argon2i/_Time:_4_Memory:_64_MB,_Threads:_4 604.6m ± 0% 317.7m ± 0% -47.45% (p=0.000 n=10)
Argon2i/_Time:_5_Memory:_64_MB,_Threads:_4 754.8m ± 0% 395.4m ± 0% -47.61% (p=0.000 n=10)
Argon2d/_Time:_3,_Memory:_32_MB,_Threads:_1 206.9m ± 1% 107.6m ± 0% -48.00% (p=0.000 n=10)
Argon2d/_Time:_4,_Memory:_32_MB,_Threads:_1 274.3m ± 0% 141.8m ± 1% -48.32% (p=0.000 n=10)
Argon2d/_Time:_5,_Memory:_32_MB,_Threads:_1 342.4m ± 0% 175.6m ± 0% -48.71% (p=0.000 n=10)
Argon2d/_Time:_3,_Memory:_64_MB,_Threads:_4 450.2m ± 0% 237.9m ± 0% -47.15% (p=0.000 n=10)
Argon2d/_Time:_4,_Memory:_64_MB,_Threads:_4 597.7m ± 0% 314.0m ± 0% -47.46% (p=0.000 n=10)
Argon2d/_Time:_5,_Memory:_64_MB,_Threads:_4 745.8m ± 0% 390.7m ± 1% -47.61% (p=0.000 n=10)
Argon2id/_Time:_3,_Memory:_32_MB,_Threads:_1 207.6m ± 0% 107.9m ± 0% -48.05% (p=0.000 n=10)
Argon2id/_Time:_4,_Memory:_32_MB,_Threads:_1 275.0m ± 0% 142.0m ± 0% -48.34% (p=0.000 n=10)
Argon2id/_Time:_5,_Memory:_32_MB,_Threads:_1 342.9m ± 1% 176.0m ± 0% -48.66% (p=0.000 n=10)
Argon2id/_Time:_3,_Memory:_64_MB,_Threads:_4 450.6m ± 1% 238.5m ± 0% -47.07% (p=0.000 n=10)
Argon2id/_Time:_4,_Memory:_64_MB,_Threads:_4 598.5m ± 1% 314.6m ± 0% -47.44% (p=0.000 n=10)
Argon2id/_Time:_5,_Memory:_64_MB,_Threads:_4 746.4m ± 0% 391.0m ± 0% -47.61% (p=0.000 n=10)
geomean 398.6m 207.9m -47.86%
Change-Id: Iaa9d134d68dd2f0972fc5768d7e66f7b1ff0ebd3
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/657795
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: abner chenc <chenguoqi@loongson.cn>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
|
|
The performance of chacha20 has been greatly improved on 3A6000 and 3A5000.
goos: linux
goarch: loong64
pkg: golang.org/x/crypto/chacha20
cpu: Loongson-3A6000 @ 2500.00MHz
| bench.old | bench.new |
| sec/op | sec/op vs base |
ChaCha20/64 171.9n ± 0% 159.3n ± 0% -7.33% (p=0.000 n=20)
ChaCha20/256 592.2n ± 0% 142.8n ± 0% -75.89% (p=0.000 n=20)
ChaCha20/10x25 981.5n ± 0% 518.8n ± 0% -47.14% (p=0.000 n=20)
ChaCha20/4096 8.991µ ± 0% 1.732µ ± 0% -80.74% (p=0.000 n=20)
ChaCha20/100x40 10.651µ ± 0% 5.135µ ± 0% -51.79% (p=0.000 n=20)
ChaCha20/65536 143.43µ ± 0% 28.76µ ± 0% -79.95% (p=0.000 n=20)
ChaCha20/1000x65 146.17µ ± 0% 37.13µ ± 0% -74.60% (p=0.000 n=20)
geomean 5.721µ 1.962µ -65.70%
| bench.old | bench.new |
| B/s | B/s vs base |
ChaCha20/64 355.1Mi ± 0% 383.1Mi ± 0% +7.89% (p=0.000 n=20)
ChaCha20/256 412.2Mi ± 0% 1710.2Mi ± 0% +314.86% (p=0.000 n=20)
ChaCha20/10x25 242.9Mi ± 0% 459.6Mi ± 0% +89.19% (p=0.000 n=20)
ChaCha20/4096 434.5Mi ± 0% 2255.8Mi ± 0% +419.22% (p=0.000 n=20)
ChaCha20/100x40 358.1Mi ± 0% 742.9Mi ± 0% +107.44% (p=0.000 n=20)
ChaCha20/65536 435.8Mi ± 0% 2173.2Mi ± 0% +398.72% (p=0.000 n=20)
ChaCha20/1000x65 424.1Mi ± 0% 1669.4Mi ± 0% +293.64% (p=0.000 n=20)
geomean 373.9Mi 1.065Gi +191.55%
goos: linux
goarch: loong64
pkg: golang.org/x/crypto/chacha20
cpu: Loongson-3A5000 @ 2500.00MHz
| bench.old | bench.new |
| sec/op | sec/op vs base |
ChaCha20/64 234.5n ± 0% 295.8n ± 0% +26.14% (p=0.000 n=20)
ChaCha20/256 782.0n ± 0% 274.6n ± 0% -64.88% (p=0.000 n=20)
ChaCha20/10x25 1340.0n ± 0% 752.7n ± 0% -43.83% (p=0.000 n=20)
ChaCha20/4096 11.744µ ± 0% 3.455µ ± 0% -70.58% (p=0.000 n=20)
ChaCha20/100x40 14.151µ ± 0% 7.435µ ± 0% -47.46% (p=0.000 n=20)
ChaCha20/65536 188.05µ ± 0% 54.33µ ± 0% -71.11% (p=0.000 n=20)
ChaCha20/1000x65 191.44µ ± 0% 66.29µ ± 0% -65.37% (p=0.000 n=20)
geomean 7.604µ 3.436µ -54.81%
| bench.old | bench.new |
| B/s | B/s vs base |
ChaCha20/64 260.3Mi ± 0% 206.3Mi ± 0% -20.73% (p=0.000 n=20)
ChaCha20/256 312.2Mi ± 0% 888.9Mi ± 0% +184.75% (p=0.000 n=20)
ChaCha20/10x25 177.9Mi ± 0% 316.8Mi ± 0% +78.08% (p=0.000 n=20)
ChaCha20/4096 332.6Mi ± 0% 1130.8Mi ± 0% +239.95% (p=0.000 n=20)
ChaCha20/100x40 269.6Mi ± 0% 513.1Mi ± 0% +90.34% (p=0.000 n=20)
ChaCha20/65536 332.4Mi ± 0% 1150.5Mi ± 0% +246.16% (p=0.000 n=20)
ChaCha20/1000x65 323.8Mi ± 0% 935.2Mi ± 0% +188.81% (p=0.000 n=20)
geomean 281.3Mi 622.6Mi +121.31%
Change-Id: I5386f2029122076c1d22a04610567e3df23877cd
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/636257
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: abner chenc <chenguoqi@loongson.cn>
Reviewed-by: Carlos Amedee <carlos@golang.org>
|
|
The performance gains on Loongson 3A6000 and 3A5000 are as follows:
goos: linux
goarch: loong64
pkg: golang.org/x/crypto/salsa20
cpu: Loongson-3A6000-HV @ 2500.00MHz
| bench.old | bench.new |
| sec/op | sec/op vs base |
XOR1K 3175.0n ± 0% 435.4n ± 0% -86.29% (p=0.000 n=20)
| bench.old | bench.new |
| B/s | B/s vs base |
XOR1K 307.6Mi ± 0% 2242.7Mi ± 0% +629.13% (p=0.000 n=20)
goos: linux
goarch: loong64
pkg: golang.org/x/crypto/salsa20
cpu: Loongson-3A5000 @ 2500.00MHz
| bench.old | bench.new |
| sec/op | sec/op vs base |
XOR1K 4125.0n ± 0% 864.0n ± 0% -79.05% (p=0.000 n=20)
| bench.old | bench.new |
| B/s | B/s vs base |
XOR1K 236.7Mi ± 0% 1130.3Mi ± 0% +377.41% (p=0.000 n=20)
Change-Id: Ib37f603e6654f1e3837985fad4b6dee10b5af993
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/663375
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: abner chenc <chenguoqi@loongson.cn>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Carlos Amedee <carlos@golang.org>
|
|
The performance gains on Loongson 3A6000 and 3A5000 are as follows:
goos: linux
goarch: loong64
pkg: golang.org/x/crypto/blake2s
cpu: Loongson-3A6000-HV @ 2500.00MHz
| bench.old | bench.new |
| sec/op | sec/op vs base |
Write64 277.8n ± 0% 113.5n ± 0% -59.14% (p=0.000 n=10)
Write1K 4.246µ ± 0% 1.736µ ± 0% -59.11% (p=0.000 n=10)
Sum64 289.9n ± 0% 137.7n ± 0% -52.51% (p=0.000 n=10)
Sum1K 4.265µ ± 0% 1.758µ ± 0% -58.78% (p=0.000 n=10)
geomean 1.099µ 467.3n -57.48%
| bench.old | bench.new |
| B/s | B/s vs base |
Write64 219.7Mi ± 0% 537.9Mi ± 0% +144.86% (p=0.000 n=10)
Write1K 230.0Mi ± 0% 562.6Mi ± 0% +144.62% (p=0.000 n=10)
Sum64 210.5Mi ± 0% 443.3Mi ± 0% +110.59% (p=0.000 n=10)
Sum1K 229.0Mi ± 0% 555.5Mi ± 0% +142.64% (p=0.000 n=10)
geomean 222.1Mi 522.5Mi +135.21%
goos: linux
goarch: loong64
pkg: golang.org/x/crypto/blake2s
cpu: Loongson-3A5000 @ 2500.00MHz
| bench.old | bench.new |
| sec/op | sec/op vs base |
Write64 373.8n ± 0% 175.0n ± 0% -53.18% (p=0.000 n=10)
Write1K 5.763µ ± 0% 2.595µ ± 0% -54.97% (p=0.000 n=10)
Sum64 397.8n ± 0% 205.7n ± 0% -48.29% (p=0.000 n=10)
Sum1K 5.787µ ± 0% 2.627µ ± 0% -54.61% (p=0.000 n=10)
geomean 1.492µ 703.8n -52.83%
| bench.old | bench.new |
| B/s | B/s vs base |
Write64 163.3Mi ± 0% 348.9Mi ± 0% +113.62% (p=0.000 n=10)
Write1K 169.5Mi ± 0% 376.3Mi ± 0% +122.09% (p=0.000 n=10)
Sum64 153.4Mi ± 0% 296.7Mi ± 0% +93.37% (p=0.000 n=10)
Sum1K 168.7Mi ± 0% 371.8Mi ± 0% +120.33% (p=0.000 n=10)
geomean 163.6Mi 346.9Mi +112.03%
Change-Id: Id91ffbefc538bce294875d72e6cde72fea43afbf
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/661215
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Carlos Amedee <carlos@golang.org>
Reviewed-by: abner chenc <chenguoqi@loongson.cn>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Change-Id: I6ba8d07b9e53b01f25f4c1c8eac629aaa47de3a1
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/664836
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
mlkem768x25519-sha256 requires the crypto/mlkem package introduced in
Go 1.24.
Thanks to Damien Miller for posting an early version to the OpenSSH
mailing list.
Co-authored-by: Damien Miller <djm@mindrot.org>
Change-Id: I4235cf906903524a9a97283834cc8f43b5f76f91
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/646075
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
As in crypto/tls, we record the connection against a reference
implementation, OpenSSH in our case, and run part of our integration
tests by replaying these recorded SSH connections.
Change-Id: If042b5f650b267bd3ede34a05ec3a6fa6d1a86b3
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/644436
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
|
|
Update golang.org/x dependencies to their latest tagged versions.
Change-Id: I1e9480e5897a08cac746309acdc8bbdf0bce8060
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/663256
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Change-Id: I4f89c395886b9dd07b584d1fcf1a0f2df215b91b
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/644435
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Carlos Amedee <carlos@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
|
|
This typo ends up into lots of executables that trigger 'codespell'-style linter checks.
Change-Id: I2a7e3a6597272ca7c97ebddc54c5eef4cb5cab88
GitHub-Last-Rev: e42f734f00aa575030b72dd1e328d2acefb02625
GitHub-Pull-Request: golang/crypto#310
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/646375
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
|
Change-Id: Iddbe6bcb7a5487678c48df65903571b4625fc9f9
GitHub-Last-Rev: 2552a8d99c7472f029d7da270fa814398793b564
GitHub-Pull-Request: golang/crypto#243
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/456438
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Auto-Submit: Sean Liao <sean@liao.dev>
|
|
Adds support for roots with the distrust-after bit set. The constraint
function construction is a little funky, but I couldn't think of an
obvious better way to do it.
Fixes golang/go#70777
Fixes golang/go#70623
Change-Id: I780f866416b626360eaee9368185768da7bc75ef
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/652996
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
