Commit Graph

332 Commits

Author SHA1 Message Date
Adam Langley
4c6dfb2f88 crypto/tls: make the package description more accurate and less aspirational.
Fixes #3216.

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5755056
2012-03-06 12:49:29 -05:00
Mikkel Krautz
80cf6b1ae1 crypto/tls: force OS X target version to 10.6 for API compatibility
This is a band-aid until we can use weak imports with cgo.

Fixes #3131.

R=minux.ma, rsc
CC=golang-dev
https://golang.org/cl/5700083
2012-02-28 11:34:48 -05:00
Robert Griesemer
788245c9f6 go/printer, gofmt: improved comma placement
Not a Go 1 issue, but appeared to be fairly easy to fix.

- Note that a few existing test cases look slightly worse but
  those cases were not representative for real code. All real
  code looks better now.

- Manual move of the comment in go/scanner/example_test.go
  before applying gofmt.

- gofmt -w $GOROOT/src $GOROOT/misc

Fixes #3062.

R=rsc
CC=golang-dev
https://golang.org/cl/5674093
2012-02-22 11:27:45 -08:00
Russ Cox
7b88ead8c8 cmd/go: a raft of fixes
* add -work option to save temporary files (Fixes issue 2980)
* fix go test -i to work with cgo packages (Fixes issue 2936)
* do not overwrite/remove empty directories or non-object
  files during build (Fixes issue 2829)
* remove package main vs package non-main heuristic:
  a directory must contain only one package (Fixes issue 2864)
* to make last item workable, ignore +build tags for files
  named on command line: go build x.go builds x.go even
  if it says // +build ignore.
* add // +build ignore tags to helper programs

R=golang-dev, r, r
CC=golang-dev
https://golang.org/cl/5674043
2012-02-14 16:39:20 -05:00
Shenghou Ma
136907f44f all: update 'gotest' to 'go test'
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5645099
2012-02-13 13:58:17 -05:00
Adam Langley
b9f16c6d7d crypto/...: more fixes for bug 2841
1) Remove the Reset() member in crypto/aes and crypto/des (and
   document the change).
2) Turn several empty error structures into vars. Any remaining error
   structures are either non-empty, or will probably become so in the
   future.
3) Implement SetWriteDeadline for TLS sockets. At the moment, the TLS
   status cannot be reused after a Write error, which is probably fine
   for most uses.
4) Make crypto/aes and crypto/des return a cipher.Block.

R=rsc, r
CC=golang-dev
https://golang.org/cl/5625045
2012-02-13 12:38:45 -05:00
Adam Langley
afe534d19b crypto/...: changes to address some of bug 2841.
This change addresses a subset of the issues raised in bug 2841.

R=rsc
CC=golang-dev
https://golang.org/cl/5629044
2012-02-03 15:08:53 -05:00
Adam Langley
8ee5e4091a crypto/tls: better error message when connecting to SSLv3 servers.
We support SSLv3 as a server but not as a client (and we don't want to
support it as a client). This change fixes the error message when
connecting to an SSLv3 server since SSLv3 support on the server side
made mutualVersion accept SSLv3.

R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5545073
2012-01-31 11:22:47 -05:00
Russ Cox
96f8cd5397 build: remove Make.pkg, Make.tool
Consequently, remove many package Makefiles,
and shorten the few that remain.

gomake becomes 'go tool make'.

Turn off test phases of run.bash that do not work,
flagged with $BROKEN.  Future CLs will restore these,
but this seemed like a big enough CL already.

R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5601057
2012-01-30 23:43:46 -05:00
Russ Cox
cca5c9dba4 go/build: add BuildTags to Context, allow !tag
This lets the client of go/build specify additional tags that
can be recognized in a // +build directive.  For example,
a build for a custom environment like App Engine might
include "appengine" in the BuildTags list, so that packages
can be written with some files saying

        // +build appengine   (build only on app engine)

or

        // +build !appengine  (build only when NOT on app engine)

App Engine here is just a hypothetical context.  I plan to use
this in the cmd/go sources to distinguish the bootstrap version
of cmd/go (which will not use networking) from the full version
using a custom tag.  It might also be useful in App Engine.

Also, delete Build and Script, which we did not end up using for
cmd/go and which never got turned on for real in goinstall.

R=r, adg
CC=golang-dev
https://golang.org/cl/5554079
2012-01-23 15:16:38 -05:00
Luit van Drongelen
0464590bc2 crypto/hmac: Deprecate hmac.NewMD5, hmac.NewSHA1 and hmac.NewSHA256
Remove NewMD5, NewSHA1 and NewSHA256 in favor of using New and
explicitly importing the used hash-function. This way when using, for
example, HMAC with RIPEMD there's no md5, sha1 and sha256 linked in
through the hmac package.

A gofix rule is included, and applied to the standard library (3 files
altered).

This change is the result of a discussion at
https://golang.org/cl/5550043/ to pull the discussion about
deprecating these functions out of that issue.

R=golang-dev, agl
CC=golang-dev, r, rsc
https://golang.org/cl/5556058
2012-01-19 17:28:38 -05:00
Adam Langley
86824d5328 crypto/elliptic: add constant-time P224.
(Sending to r because of the API change.)

This change alters the API for crypto/elliptic to permit different
implementations in the future. This will allow us to add faster,
constant-time implementations of the standard curves without any more
API changes.

As a demonstration, it also adds a constant-time implementation of
P224. Since it's only 32-bit, it's actually only about 40% the speed
of the generic code on a 64-bit system.

R=r, rsc
CC=golang-dev
https://golang.org/cl/5528088
2012-01-19 08:39:03 -05:00
Brad Fitzpatrick
afedc6a568 net: change SetTimeout to SetDeadline
Previously, a timeout (in int64 nanoseconds) applied to a granularity
even smaller than one operation:  a 100 byte read with a 1 second timeout
could take 100 seconds, if the bytes all arrived on the network 1 second
apart.  This was confusing.

Rather than making the timeout granularity be per-Read/Write,
this CL makes callers set an absolute deadline (in time.Time)
after which operations will fail.  This makes it possible to
set deadlines at higher levels, without knowing exactly how
many read/write operations will happen in e.g. reading an HTTP
request.

Fixes #2723

R=r, rsc, dave
CC=golang-dev
https://golang.org/cl/5555048
2012-01-18 16:24:06 -08:00
Shenghou Ma
68c583995c crypto/tls: add FreeBSD root certificate location
Fixes #2721.

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5532090
2012-01-18 10:03:00 -08:00
Jeff R. Allen
5fa105421a crypto/tls: Improve TLS Client Authentication
Fix incorrect marshal/unmarshal of certificateRequest.
Add support for configuring client-auth on the server side.
Fix the certificate selection in the client side.
Update generate_cert.go to new time package

Fixes #2521.

R=krautz, agl, bradfitz
CC=golang-dev, mikkel
https://golang.org/cl/5448093
2012-01-05 12:05:38 -05:00
Adam Langley
9e8d625b7c crypto/tls: update generate_cert.go for new time package
Fixes #2635.

R=golang-dev, iant
CC=golang-dev
https://golang.org/cl/5512043
2012-01-04 14:56:16 -05:00
Russ Cox
1b80fdc11d go/build: add new +build tags 'cgo' and 'nocgo'
This lets us mark net's cgo_stub.go as only to be
built when cgo is disabled.

R=golang-dev, ality, mikioh.mikioh
CC=golang-dev
https://golang.org/cl/5489100
2011-12-21 08:51:18 -05:00
Adam Langley
b5b0822258 crypto/tls: don't assume an RSA private key in the API.
We still very much assume it in the code, but with this change in
place we can implement other things later without changing and users
of the package.

Fixes #2319.

R=golang-dev, bradfitz, r
CC=golang-dev
https://golang.org/cl/5489073
2011-12-19 10:39:30 -05:00
Russ Cox
0cd0abb180 crypto/tls: quiet build
On a Mac, all the useful functions are deprecated.

R=golang-dev, adg
CC=golang-dev
https://golang.org/cl/5493054
2011-12-15 18:37:31 -05:00
Russ Cox
d2e14db4d4 crypto/tls: make compatible with go/build
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5484073
2011-12-14 10:25:48 -05:00
Christopher Nielsen
09dd851f5e build: Changes to the build infrastructure for NetBSD.
R=golang-dev, rsc
CC=golang-dev
https://golang.org/cl/5476048
2011-12-12 15:42:06 -05:00
Adam Langley
ba3c11f6db crypto: allocate less.
The code in hash functions themselves could write directly into the
output buffer for a savings of about 50ns. But it's a little ugly so I
wasted a copy.

R=bradfitz
CC=golang-dev
https://golang.org/cl/5440111
2011-12-06 18:25:14 -05:00
Russ Cox
119592d80f use new strconv API
All but 3 cases (in gcimporter.go and hixie.go)
are automatic conversions using gofix.

No attempt is made to use the new Append functions
even though there are definitely opportunities.

R=golang-dev, gri
CC=golang-dev
https://golang.org/cl/5447069
2011-12-05 15:48:46 -05:00
Russ Cox
4e50d4e676 gofmt -s misc src
R=golang-dev, bradfitz, gri
CC=golang-dev
https://golang.org/cl/5451079
2011-12-02 14:14:25 -05:00
Alex Brainman
ba4d79c54f crypto/tls: cleanup certificate load on windows
- correct syscall.CertEnumCertificatesInStore so it returns error
- remove "reflect" dependency

R=hectorchu, agl, rsc
CC=golang-dev, krautz
https://golang.org/cl/5441052
2011-12-01 12:38:00 -05:00
Adam Langley
c08ab14bad Add a []byte argument to hash.Hash to allow an allocation to be saved.
This is the result of running `gofix -r hashsum` over the tree, changing
the hash function implementations by hand and then fixing a couple of
instances where gofix didn't catch something.

The changed implementations are as simple as possible while still
working: I'm not trying to optimise in this CL.

R=rsc, cw, rogpeppe
CC=golang-dev
https://golang.org/cl/5448065
2011-12-01 12:35:37 -05:00
Russ Cox
37bb6649e2 use new time API
R=bradfitz, gri, r, dsymonds
CC=golang-dev
https://golang.org/cl/5390042
2011-11-30 12:01:46 -05:00
Joel Sing
ff828b16dd crypto/tls: add openbsd root certificate location
R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5437079
2011-11-29 09:20:59 -05:00
Adam Langley
c9662b8656 crypto/tls: don't rely on map iteration order.
Previously we were using the map iteration order to set the order of
the cipher suites in the ClientHello.

R=bradfitz
CC=golang-dev
https://golang.org/cl/5440048
2011-11-28 15:34:16 -05:00
Adam Langley
82f6e24f53 crypto/x509, crypto/tls: support PKCS#8 private keys.
OpenSSL 1.0.0 has switched to generating PKCS#8 format private keys by
default. This change allows http.ListenAndServeTLS to work with either
types of keys.

See http://groups.google.com/group/golang-nuts/browse_thread/thread/84715b5f0c9e3c30/63a8a27b53e102a6

R=bradfitz
CC=golang-dev
https://golang.org/cl/5416059
2011-11-21 14:18:42 -05:00
Russ Cox
30373ac5f7 crypto/tls: fix handshake message test
This test breaks when I make reflect.DeepEqual
distinguish empty slices from nil slices.

R=agl
CC=golang-dev
https://golang.org/cl/5369110
2011-11-14 15:21:08 -05:00
Russ Cox
a070fcf2bd syscall: use error
- syscall (not os) now defines the Errno type.
- the low-level assembly functions Syscall, Syscall6, and so on
  return Errno, not uintptr
- syscall wrappers all return error, not uintptr.

R=golang-dev, mikioh.mikioh, r, alex.brainman
CC=golang-dev
https://golang.org/cl/5372080
2011-11-13 22:44:52 -05:00
Russ Cox
51b59f6a88 various: reduce overuse of os.EINVAL + others
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5372081
2011-11-13 22:42:42 -05:00
Rob Pike
1530d25d4f renaming_2: gofix -r go1pkgrename src/pkg/[a-l]*
R=rsc
CC=golang-dev
https://golang.org/cl/5358041
2011-11-08 15:40:58 -08:00
Vincent Vanackere
3d2f7f086e all: rename os.EOF to io.EOF in various non-code contexts
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5334050
2011-11-03 14:01:30 -07:00
Russ Cox
4fa24e9f66 all: sort imports
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/5319072
2011-11-02 15:54:16 -04:00
Russ Cox
da5cf2d336 all: rename os.Error to error in various non-code contexts
R=adg
CC=golang-dev
https://golang.org/cl/5328062
2011-11-01 22:58:09 -04:00
Russ Cox
107fb7400c src/pkg/[a-m]*: gofix -r error -force=error
R=golang-dev, iant
CC=golang-dev
https://golang.org/cl/5322051
2011-11-01 22:04:37 -04:00
Russ Cox
bc69be28e7 crypto/tls: add Error method to alert
alerts get used as both values and errors.
Rather than introduce an alertError wrapper,
this CL just adds an Error method, which will
satisfy the error interface when the time comes.

R=agl, bradfitz
CC=golang-dev
https://golang.org/cl/5294073
2011-10-27 19:42:32 -07:00
Adam Langley
dcbc7ee6c7 http, crypto/tls: fix read timeouts and closing.
tls.Conn.Close() didn't close the underlying connection and tried to
do a handshake in order to send the close notify alert.

http didn't look for errors from the TLS handshake.

Fixes #2281.

R=bradfitz
CC=golang-dev
https://golang.org/cl/5283045
2011-10-18 12:59:32 -04:00
Mikkel Krautz
0fef8ff181 crypto/tls: fix broken looping code in windows root CA fetcher
R=alex.brainman, hectorchu, rsc
CC=golang-dev
https://golang.org/cl/5263045
2011-10-14 12:26:38 -04:00
Alex Brainman
908d8ff498 crypto/tls: disable root cert fetching to fix windows build
R=golang-dev
CC=golang-dev
https://golang.org/cl/5267044
2011-10-14 17:53:01 +11:00
Mikkel Krautz
4b68d836de crypto/tls: fetch root CA from Windows store
R=rsc
CC=golang-dev
https://golang.org/cl/5281044
2011-10-13 22:58:19 -04:00
Russ Cox
382d395ebb crypto/tls: more Unix root certificate locations
Hard work done by
http://mercurial.selenic.com/wiki/CACertificates

R=golang-dev, gri
CC=golang-dev
https://golang.org/cl/5276043
2011-10-13 16:17:15 -04:00
Mikkel Krautz
7697013b51 crypto/tls: fetch root certificates using Mac OS API
Fixes #1009.

R=adg, rsc
CC=golang-dev
https://golang.org/cl/5262041
2011-10-13 13:59:13 -04:00
Louis Kruger
0d32935135 crypto/tls: add 3DES ciphersuites
The following ciphersuites are added:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
This change helps conform to the TLS1.1 standard because
the first ciphersuite is "mandatory" in RFC4346

R=golang-dev, agl, rsc
CC=golang-dev
https://golang.org/cl/5164042
2011-10-11 13:07:32 -04:00
Adam Langley
0078a89874 crypto/tls: forgot this file in the last change.
R=bradfitz
CC=golang-dev
https://golang.org/cl/5244042
2011-10-08 10:11:38 -04:00
Adam Langley
6f1dcf99be crypto/tls: add server side SNI support.
With this in place, a TLS server is capable of selecting the correct
certificate based on the client's ServerNameIndication extension.

The need to call Config.BuildNameToCertificate is unfortunate, but
adding a sync.Once to the Config structure made it uncopyable and I
felt that was too high a price to pay. Parsing the leaf certificates
in each handshake was too inefficient to consider.

R=bradfitz, rsc
CC=golang-dev
https://golang.org/cl/5151048
2011-10-08 10:06:53 -04:00
Adam Langley
76c2ff557a crypto/tls: support SSLv3
It would be nice not to have to support this since all the clients
that we care about support TLSv1 by now. However, due to buggy
implementations of SSLv3 on the Internet which can't do version
negotiation correctly, browsers will sometimes switch to SSLv3. Since
there's no good way for a browser tell a network problem from a buggy
server, this downgrade can occur even if the server in question is
actually working correctly.

So we need to support SSLv3 for robustness :(

Fixes #1703.

R=bradfitz
CC=golang-dev
https://golang.org/cl/5018045
2011-09-14 15:32:19 -04:00
Russ Cox
39082848cf crypto/tls: handle non-TLS more robustly
Fixes #2253.

R=agl
CC=golang-dev
https://golang.org/cl/4960066
2011-09-12 16:52:49 -04:00