Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: golang/crypto
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: e3cc52e
Choose a base ref
...
head repository: golang/crypto
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: eb61739
Choose a head ref
  • 10 commits
  • 87 files changed
  • 6 contributors

Commits on Oct 11, 2023

  1. ssh: add support for SSH_AGENT_CONSTRAIN_EXTENSION with id 255 

    it was changed in the following draft

https://datatracker.ietf.org/doc/html/draft-miller-ssh-agent-03

The id 3 is now used for SSH_AGENT_CONSTRAIN_MAXSIGN key constraint,
an OpenSSH extension to the protocol that we do not currently support.
Instead, we added a compatibility layer for
SSH_AGENT_CONSTRAIN_EXTENSION with ID 3.

Fixes golang/go#62311

Change-Id: I421aee92aee9e693e43f66e6a5515c055333cb9b
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/525355
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
    @drakkan @FiloSottile
    drakkan authored and FiloSottile committed Oct 11, 2023
    Configuration menu
    Copy the full SHA
    2aeefc3 View commit details
    Browse the repository at this point in the history

  2. all: update go directive to 1.18 

    Done with:

go get go@1.18
go mod tidy
go fix ./...

Using go1.21.3.

Also update avo to v0.5.0 in the curve25519/internal/field/_asm module.
It's newer and produces no diff in the generated code.

For golang/go#60268.

Change-Id: I9bd771ee8561595d7f68aaca76df6e3e33d35013
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/534141
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
    @dmitshur @gopherbot
    dmitshur authored and gopherbot committed Oct 11, 2023
    1 Configuration menu
    Copy the full SHA
    8779cbd View commit details
    Browse the repository at this point in the history

Commits on Oct 21, 2023

  1. x509roots: check HTTP response status code and media type 

    The HTTP response status code is expected to be 200 OK, and
the certdata.txt file media type is expected to be plain text.
Check that it is before proceeding with parsing it.

Might help avoid repeats of CL 535735.

Change-Id: I1a7896b3e20d33a23fdc53c572ae9700c9eae1ef
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/536717
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Commit-Queue: Roland Shoemaker <roland@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
    @dmitshur @gopherbot
    dmitshur authored and gopherbot committed Oct 21, 2023
    Configuration menu
    Copy the full SHA
    1d57292 View commit details
    Browse the repository at this point in the history

Commits on Oct 23, 2023

  1. x509roots: catch the zero-roots case when generating the bundle 

    If the parser returns zero roots, don't attempt to completely remove
the bundle. This may happen if, i.e., the HTTP response is 200 but has
no content. An example of this may be http://go.dev/cl/535735.

Change-Id: I81fc2b49c8ec813cca17fd1c807296bfb053d992
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/536136
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
    @rolandshoemaker @gopherbot
    rolandshoemaker authored and gopherbot committed Oct 23, 2023
    Configuration menu
    Copy the full SHA
    4f30245 View commit details
    Browse the repository at this point in the history

Commits on Oct 24, 2023

  1. ssh: add test case against ssh CLI 

    These tests try to ensure better compatibility of our server implementation
with the ssh CLI.

With these tests in place:

1) before merging CL 447757 we would have noticed that our server
   implementation was broken with OpenSSH 8.8+
2) after merging CL 447757 we would have noticed that our server
   implementation was broken with OpenSSH 7.2-7.7

The ssh CLI from $PATH is used by default, but can be overridden using
the SSH_CLI_PATH environment variable.

Change-Id: I93d64be41c7613132b0364afac8397f57c2dcbca
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/506837
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Benny Siegert <bsiegert@gmail.com>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
    @drakkan @bsiegert
    drakkan authored and bsiegert committed Oct 24, 2023
    Configuration menu
    Copy the full SHA
    cf8dcb0 View commit details
    Browse the repository at this point in the history

Commits on Oct 30, 2023

  1. crypto/hkdf: remove useless call to Reset 

    HKDF is commonly used to read keys that are the the same length (or
smaller) than the size of the hash digest, which means the loop inside
Read only runs once.

In that case, calling Reset is unnecesssary overhead.

name                  old time/op    new time/op    delta
16ByteMD5Single-8       1.39µs ± 1%    1.22µs ± 0%  -11.95%  (p=0.000 n=10+9)
20ByteSHA1Single-8       826ns ± 0%     746ns ± 0%   -9.70%  (p=0.000 n=9+10)
32ByteSHA256Single-8     838ns ± 1%     744ns ± 0%  -11.29%  (p=0.000 n=10+10)
64ByteSHA512Single-8    5.12µs ± 0%    4.57µs ± 0%  -10.78%  (p=0.000 n=8+10)
8ByteMD5Stream-8         137ns ± 0%     138ns ± 0%   +0.27%  (p=0.009 n=9+6)
16ByteMD5Stream-8        264ns ± 0%     265ns ± 0%   +0.29%  (p=0.000 n=10+10)
8ByteSHA1Stream-8       64.1ns ± 0%    64.4ns ± 0%   +0.60%  (p=0.000 n=9+9)
20ByteSHA1Stream-8       145ns ± 0%     146ns ± 1%   +0.69%  (p=0.000 n=9+10)
8ByteSHA256Stream-8     42.9ns ± 1%    43.1ns ± 0%   +0.48%  (p=0.005 n=10+10)
32ByteSHA256Stream-8     151ns ± 0%     152ns ± 0%   +0.35%  (p=0.006 n=10+8)
8ByteSHA512Stream-8      139ns ± 0%     139ns ± 0%   +0.08%  (p=0.035 n=9+10)
64ByteSHA512Stream-8    1.07µs ± 0%    1.07µs ± 0%   +0.33%  (p=0.000 n=9+10)

name                  old speed      new speed      delta
16ByteMD5Single-8     11.6MB/s ± 0%  13.1MB/s ± 0%  +13.50%  (p=0.000 n=9+9)
20ByteSHA1Single-8    24.2MB/s ± 0%  26.8MB/s ± 0%  +10.75%  (p=0.000 n=9+10)
32ByteSHA256Single-8  38.2MB/s ± 1%  43.0MB/s ± 0%  +12.72%  (p=0.000 n=10+10)
64ByteSHA512Single-8  12.5MB/s ± 0%  14.0MB/s ± 0%  +12.06%  (p=0.000 n=8+10)
8ByteMD5Stream-8      58.2MB/s ± 0%  58.1MB/s ± 0%   -0.27%  (p=0.004 n=9+9)
16ByteMD5Stream-8     60.6MB/s ± 0%  60.5MB/s ± 0%   -0.27%  (p=0.000 n=9+10)
8ByteSHA1Stream-8      125MB/s ± 0%   124MB/s ± 0%   -0.59%  (p=0.000 n=9+9)
20ByteSHA1Stream-8     138MB/s ± 0%   137MB/s ± 1%   -0.69%  (p=0.000 n=9+10)
8ByteSHA256Stream-8    186MB/s ± 1%   185MB/s ± 0%   -0.47%  (p=0.005 n=10+10)
32ByteSHA256Stream-8   211MB/s ± 0%   211MB/s ± 0%   -0.37%  (p=0.003 n=10+8)
8ByteSHA512Stream-8   57.4MB/s ± 1%  57.4MB/s ± 0%     ~     (p=0.137 n=10+10)
64ByteSHA512Stream-8  59.9MB/s ± 0%  59.7MB/s ± 0%   -0.33%  (p=0.000 n=9+10)

name                  old alloc/op   new alloc/op   delta
16ByteMD5Single-8       1.17kB ± 0%    0.98kB ± 0%  -16.42%  (p=0.000 n=10+10)
20ByteSHA1Single-8      1.25kB ± 0%    1.06kB ± 0%  -15.37%  (p=0.000 n=10+10)
32ByteSHA256Single-8    1.36kB ± 0%    1.14kB ± 0%  -16.46%  (p=0.000 n=10+10)
64ByteSHA512Single-8    2.26kB ± 0%    1.84kB ± 0%  -18.43%  (p=0.000 n=10+10)
8ByteMD5Stream-8         2.00B ± 0%     2.00B ± 0%     ~     (all equal)
16ByteMD5Stream-8        5.00B ± 0%     5.00B ± 0%     ~     (all equal)
8ByteSHA1Stream-8        2.00B ± 0%     2.00B ± 0%     ~     (all equal)
20ByteSHA1Stream-8       5.00B ± 0%     5.00B ± 0%     ~     (all equal)
8ByteSHA256Stream-8      1.00B ± 0%     1.00B ± 0%     ~     (all equal)
32ByteSHA256Stream-8     6.00B ± 0%     6.00B ± 0%     ~     (all equal)
8ByteSHA512Stream-8      1.00B ± 0%     1.00B ± 0%     ~     (all equal)
64ByteSHA512Stream-8     9.00B ± 0%     9.00B ± 0%     ~     (all equal)

name                  old allocs/op  new allocs/op  delta
16ByteMD5Single-8         16.0 ± 0%      14.0 ± 0%  -12.50%  (p=0.000 n=10+10)
20ByteSHA1Single-8        16.0 ± 0%      14.0 ± 0%  -12.50%  (p=0.000 n=10+10)
32ByteSHA256Single-8      16.0 ± 0%      14.0 ± 0%  -12.50%  (p=0.000 n=10+10)
64ByteSHA512Single-8      16.0 ± 0%      14.0 ± 0%  -12.50%  (p=0.000 n=10+10)
8ByteMD5Stream-8          0.00           0.00          ~     (all equal)
16ByteMD5Stream-8         1.00 ± 0%      1.00 ± 0%     ~     (all equal)
8ByteSHA1Stream-8         0.00           0.00          ~     (all equal)
20ByteSHA1Stream-8        1.00 ± 0%      1.00 ± 0%     ~     (all equal)
8ByteSHA256Stream-8       0.00           0.00          ~     (all equal)
32ByteSHA256Stream-8      1.00 ± 0%      1.00 ± 0%     ~     (all equal)
8ByteSHA512Stream-8       0.00           0.00          ~     (all equal)
64ByteSHA512Stream-8      1.00 ± 0%      1.00 ± 0%     ~     (all equal)

Change-Id: I08e5deb7045ce9aa63428e0ac7ae6140226414b4
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/423414
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
    @ericlagergren @rolandshoemaker
    ericlagergren authored and rolandshoemaker committed Oct 30, 2023
    Configuration menu
    Copy the full SHA
    74c2ba9 View commit details
    Browse the repository at this point in the history

Commits on Nov 7, 2023

  1. chacha20poly1305: guard PSHUFB usage with GOAMD64_v2 

    The PSHUFB instruction is part of SSE which is only v2+ but it is being
used without the GOAMD64_v2 guard.

The ROL macros were copied from CL 516859 that adds internal/chacha8rand.

Fixes golang/go#63871

Change-Id: I3c8ba75ff284cda4fc788885643246936e617b85
GitHub-Last-Rev: e235e8e
GitHub-Pull-Request: #275
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/538786
Reviewed-by: Keith Randall <khr@google.com>
Run-TryBot: Mauri de Souza Meneguzzo <mauri870@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Keith Randall <khr@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
    @mauri870 @rsc
    mauri870 authored and rsc committed Nov 7, 2023
    Configuration menu
    Copy the full SHA
    df0bc9e View commit details
    Browse the repository at this point in the history

Commits on Nov 8, 2023

  1. go.mod: update golang.org/x dependencies 

    Update golang.org/x dependencies to their latest tagged versions.

Change-Id: Ie3a6928d78080ff7d75d6813b1760f1317baa081
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/540537
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
    @gopherbot
    gopherbot committed Nov 8, 2023
    Configuration menu
    Copy the full SHA
    e668aa9 View commit details
    Browse the repository at this point in the history

  2. ssh: try harder to detect incorrect passwords for legacy PEM encryption 

    Because of deficiencies in the format, DecryptPEMBlock does not always
detect an incorrect password. In these cases decrypted DER bytes is
random noise. If the parsing of the key returns an asn1.StructuralError
we return x509.IncorrectPasswordError.

Fixes golang/go#62265

Change-Id: Ib8b845f2bd01662c1f1421d35859a32ac5b78da7
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/538835
Reviewed-by: Heschi Kreinick <heschi@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
    @drakkan @gopherbot
    drakkan authored and gopherbot committed Nov 8, 2023
    Configuration menu
    Copy the full SHA
    42c83ff View commit details
    Browse the repository at this point in the history

  3. ssh: allow to configure public key auth algorithms on the server side 

    Fixes golang/go#61244

Change-Id: I29b43e379cf0cdb07b0d6935666491b997157e73
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/510775
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Commit-Queue: Nicola Murino <nicola.murino@gmail.com>
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
    @drakkan @gopherbot
    drakkan authored and gopherbot committed Nov 8, 2023
    Configuration menu
    Copy the full SHA
    eb61739 View commit details
    Browse the repository at this point in the history
Loading