go - Fork of Go programming language with my patches.

Age	Commit message (Collapse)	Author
2023-02-14	crypto/tls: replace all usages of BytesOrPanic	Roland Shoemaker
	Message marshalling makes use of BytesOrPanic a lot, under the assumption that it will never panic. This assumption was incorrect, and specifically crafted handshakes could trigger panics. Rather than just surgically replacing the usages of BytesOrPanic in paths that could panic, replace all usages of it with proper error returns in case there are other ways of triggering panics which we didn't find. In one specific case, the tree routed by expandLabel, we replace the usage of BytesOrPanic, but retain a panic. This function already explicitly panicked elsewhere, and returning an error from it becomes rather painful because it requires changing a large number of APIs. The marshalling is unlikely to ever panic, as the inputs are all either fixed length, or already limited to the sizes required. If it were to panic, it'd likely only be during development. A close inspection shows no paths for a user to cause a panic currently. This patches ends up being rather large, since it requires routing errors back through functions which previously had no error returns. Where possible I've tried to use helpers that reduce the verbosity of frequently repeated stanzas, and to make the diffs as minimal as possible. Thanks to Marten Seemann for reporting this issue. Fixes #58001 Fixes CVE-2022-41724 Change-Id: Ieb55867ef0a3e1e867b33f09421932510cb58851 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1679436 Reviewed-by: Julie Qiu <julieqiu@google.com> TryBot-Result: Security TryBots <security-trybots@go-security-trybots.iam.gserviceaccount.com> Run-TryBot: Roland Shoemaker <bracewell@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/468125 Run-TryBot: Michael Pratt <mpratt@google.com> Reviewed-by: Than McIntosh <thanm@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Michael Pratt <mpratt@google.com>
2022-11-09	crypto/x509: allow BoringCrypto to use 4096-bit keys	Russ Cox
	FIPS-140 has been updated to allow 4096-bit RSA keys. Allow them in certificate processing. Fixes #41147. Change-Id: I4c6bcb1b137a200dfe70cebc605ae57f49871184 Reviewed-on: https://go-review.googlesource.com/c/go/+/447655 Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Russ Cox <rsc@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>
2022-04-29	[dev.boringcrypto] crypto/x509: remove VerifyOptions.IsBoring	Russ Cox
	This API was added only for BoringCrypto, never shipped in standard Go. This API is also not compatible with the expected future evolution of crypto/x509, as we move closer to host verifiers on macOS and Windows. If we want to merge BoringCrypto into the main tree, it is best not to have differing API. So instead of a hook set by crypto/tls, move the actual check directly into crypto/x509, eliminating the need for exposed API. For #51940. Change-Id: Ia2ae98c745de818d39501777014ea8166cab0b03 Reviewed-on: https://go-review.googlesource.com/c/go/+/395878 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>
2022-04-29	[dev.boringcrypto] all: add boringcrypto build tags	Russ Cox
	A plain make.bash in this tree will produce a working, standard Go toolchain, not a BoringCrypto-enabled one. The BoringCrypto-enabled one will be created with: GOEXPERIMENT=boringcrypto ./make.bash For #51940. Change-Id: Ia9102ed993242eb1cb7f9b93eca97e81986a27b3 Reviewed-on: https://go-review.googlesource.com/c/go/+/395881 Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
2021-08-26	[dev.boringcrypto] crypto/tls: use correct config in TestBoringClientHello	Sofía Celi
	The existing implementation sets the ClientConfig to specific values to check, but does not uses it in the actual testing. This commit make the test to actually use it, which can be used to flag bugs in the future. Change-Id: I8d883c11675169705771af3fcca11a303cfeb30f GitHub-Last-Rev: 37841fd3561c95c8c9143c9fa4fff81268e18cdc GitHub-Pull-Request: golang/go#47959 Reviewed-on: https://go-review.googlesource.com/c/go/+/345029 Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Trust: Dmitri Shuralyov <dmitshur@golang.org>
2019-11-20	[dev.boringcrypto] all: merge master into dev.boringcrypto	Filippo Valsorda
	Updated TestBoringServerSignatureAndHash to expect RSA-PSS to work with TLS 1.2, and hence with FIPS mode. Change-Id: I358271b2e4804733cf61dc132fa0c5f39c2bff19
2019-11-19	[dev.boringcrypto] all: merge master into dev.boringcrypto	Filippo Valsorda
	Signing-side signature algorithm selection moved to selectSignatureScheme, so add FIPS logic there. Change-Id: I827e7296d01ecfd36072e2139e74603ef42c6b24
2019-09-04	[dev.boringcrypto] all: merge master into dev.boringcrypto	Katie Hockman
	Change-Id: Iae3a3e1ab8819967548e91edc5ba4e8fb07ec856
2019-06-27	[dev.boringcrypto] all: merge master into dev.boringcrypto	Filippo Valsorda
	Change-Id: Ic1d89215bb3e37a722d3d3bc7698edea940a83d9
2019-05-28	[dev.boringcrypto] all: merge master into dev.boringcrypto	Filippo Valsorda
	Change-Id: I0f610a900fcd5575ca12b34bc74fa63c2146b10b
2018-11-14	[dev.boringcrypto] crypto/tls: test for TLS 1.3 to be disabled in FIPS mode	Filippo Valsorda
	Change-Id: I32b3e29a3e34f20cccc51666905fd36744ef00b2 Reviewed-on: https://go-review.googlesource.com/c/149602 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2018-11-14	[dev.boringcrypto] all: merge master into dev.boringcrypto	Filippo Valsorda
	Change-Id: I429a190472368dd88a2bf2f1be5adefa459d3087
2018-11-14	[dev.boringcrypto] all: merge master into dev.boringcrypto	Filippo Valsorda
	Change-Id: I78c733872cb99657ebe5c48fe0ea6b316a4b5380
2018-11-14	[dev.boringcrypto] all: merge master into dev.boringcrypto	Filippo Valsorda
	Change-Id: Ia068dac1677bfc44c41e35d1f46e6499911cfae0
2018-11-13	[dev.boringcrypto] all: merge master into dev.boringcrypto	Filippo Valsorda
	Change-Id: Ice4172e2058a45b1a24da561fd420244ab2a97bd
2018-07-03	[dev.boringcrypto] all: merge master into dev.boringcrypto	Filippo Valsorda
	Add a couple of skips for slow js/wasm tests. Change-Id: Ic95256b1d3c6e5e2f0cc536fad51e914d31cda9e
2017-12-06	[dev.boringcrypto] all: merge master (nearly Go 1.10 beta 1) into ↵	Russ Cox
	dev.boringcrypto This is a git merge of master into dev.boringcrypto. The branch was previously based on release-branch.go1.9, so there are a handful of spurious conflicts that would also arise if trying to merge master into release-branch.go1.9 (which we never do). Those have all been resolved by taking the original file from master, discarding any Go 1.9-specific edits. all.bash passes on darwin/amd64, which is to say without actually using BoringCrypto. Go 1.10-related fixes to BoringCrypto itself will be in a followup CL. This CL is just the merge. Change-Id: I4c97711fec0fb86761913dcde28d25c001246c35
2017-09-22	[dev.boringcrypto] crypto/tls/fipsonly: new package to force FIPS-allowed ↵	Russ Cox
	TLS settings Change-Id: I3268cab2de8aed9e2424e9c3bc7667083bc5e1ce Reviewed-on: https://go-review.googlesource.com/65250 Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>