1. 12 Nov, 2019 10 commits
    • Filippo Valsorda's avatar
      crypto/tls: take key size into account in signature algorithm selection · c2edcf4b
      Filippo Valsorda authored
      Fixes #29793
      
      Change-Id: I6e389d166c2d9a2ba8664a41f4b9569f2481b27f
      Reviewed-on: https://go-review.googlesource.com/c/go/+/205177
      Run-TryBot: Filippo Valsorda <filippo@golang.org>
      TryBot-Result: Gobot Gobot <gobot@golang.org>
      Reviewed-by: default avatarKatie Hockman <katie@golang.org>
      c2edcf4b
    • Filippo Valsorda's avatar
      crypto/tls: add CipherSuites, InsecureCipherSuites and CipherSuiteName · 0ee22d97
      Filippo Valsorda authored
      Fixes #30325
      
      Change-Id: I497110224bb73ecfcc4655698a794e7aa4a66925
      Reviewed-on: https://go-review.googlesource.com/c/go/+/175517
      Run-TryBot: Filippo Valsorda <filippo@golang.org>
      TryBot-Result: Gobot Gobot <gobot@golang.org>
      Reviewed-by: default avatarAdam Langley <agl@golang.org>
      0ee22d97
    • Filippo Valsorda's avatar
      crypto/tls: add correct names for CHACHA20_POLY1305 cipher suite constants · e2cac315
      Filippo Valsorda authored
      The cipher suites were apparently renamed late in the standardization
      process, and we picked up the legacy name. We can't remove the old
      constants, but add correctly named ones.
      
      Fixes #32061
      
      Change-Id: I65ee25c12c10934391af88b76b18565da67453fa
      Reviewed-on: https://go-review.googlesource.com/c/go/+/205068
      Run-TryBot: Filippo Valsorda <filippo@golang.org>
      TryBot-Result: Gobot Gobot <gobot@golang.org>
      Reviewed-by: default avatarAdam Langley <agl@golang.org>
      e2cac315
    • Filippo Valsorda's avatar
      crypto/tls: re-enable RSA-PSS in TLS 1.2 again · 52a5bf4d
      Filippo Valsorda authored
      TLS 1.3, which requires RSA-PSS, is now enabled without a GODEBUG
      opt-out, and with the introduction of
      Certificate.SupportedSignatureAlgorithms (#28660) there is a
      programmatic way to avoid RSA-PSS (disable TLS 1.3 with MaxVersion and
      use that field to specify only PKCS#1 v1.5 SignatureSchemes).
      
      This effectively reverts 0b3a57b5,
      although following CL 205061 all of the signing-side logic is
      conveniently centralized in signatureSchemesForCertificate.
      
      Fixes #32425
      
      Change-Id: I7c9a8893bb5d518d86eae7db82612b9b2cd257d7
      Reviewed-on: https://go-review.googlesource.com/c/go/+/205063
      Run-TryBot: Filippo Valsorda <filippo@golang.org>
      TryBot-Result: Gobot Gobot <gobot@golang.org>
      Reviewed-by: default avatarKatie Hockman <katie@golang.org>
      Reviewed-by: default avatarAdam Langley <agl@golang.org>
      52a5bf4d
    • Filippo Valsorda's avatar
      crypto/tls: implement Certificate.SupportedSignatureAlgorithms · 5b17b657
      Filippo Valsorda authored
      This will let applications stop crypto/tls from using a certificate key
      with an algorithm that is not supported by its crypto.Signer, like
      hardware backed keys that can't do RSA-PSS.
      
      Fixes #28660
      
      Change-Id: I294cc06bddf813fff35c5107540c4a1788e1dace
      Reviewed-on: https://go-review.googlesource.com/c/go/+/205062
      Run-TryBot: Filippo Valsorda <filippo@golang.org>
      TryBot-Result: Gobot Gobot <gobot@golang.org>
      Reviewed-by: default avatarAdam Langley <agl@golang.org>
      5b17b657
    • Filippo Valsorda's avatar
      crypto/tls: select only compatible chains from Certificates · eb93c684
      Filippo Valsorda authored
      Now that we have a full implementation of the logic to check certificate
      compatibility, we can let applications just list multiple chains in
      Certificates (for example, an RSA and an ECDSA one) and choose the most
      appropriate automatically.
      
      NameToCertificate only maps each name to one chain, so simply deprecate
      it, and while at it simplify its implementation by not stripping
      trailing dots from the SNI (which is specified not to have any, see RFC
      6066, Section 3) and by not supporting multi-level wildcards, which are
      not a thing in the WebPKI (and in crypto/x509).
      
      The performance of SupportsCertificate without Leaf is poor, but doesn't
      affect current users. For now document that, and address it properly in
      the next cycle. See #35504.
      
      While cleaning up the Certificates/GetCertificate/GetConfigForClient
      behavior, also support leaving Certificates/GetCertificate nil if
      GetConfigForClient is set, and send unrecognized_name when there are no
      available certificates.
      
      Fixes #29139
      Fixes #18377
      
      Change-Id: I26604db48806fe4d608388e55da52f34b7ca4566
      Reviewed-on: https://go-review.googlesource.com/c/go/+/205059
      Run-TryBot: Filippo Valsorda <filippo@golang.org>
      TryBot-Result: Gobot Gobot <gobot@golang.org>
      Reviewed-by: default avatarKatie Hockman <katie@golang.org>
      eb93c684
    • Filippo Valsorda's avatar
      crypto/tls: implement (*CertificateRequestInfo).SupportsCertificate · 4b216421
      Filippo Valsorda authored
      Also, add Version to CertificateRequestInfo, as the semantics of
      SignatureSchemes change based on version: the ECDSA SignatureSchemes are
      only constrained to a specific curve in TLS 1.3.
      
      Fixes #32426
      
      Change-Id: I7a551bea864799e98118349ac2476162893d1ffd
      Reviewed-on: https://go-review.googlesource.com/c/go/+/205058
      Run-TryBot: Filippo Valsorda <filippo@golang.org>
      TryBot-Result: Gobot Gobot <gobot@golang.org>
      Reviewed-by: default avatarAdam Langley <agl@golang.org>
      4b216421
    • Filippo Valsorda's avatar
      crypto/tls: implement (*ClientHelloInfo).SupportsCertificate · dd017384
      Filippo Valsorda authored
      We'll also use this function for a better selection logic from
      Config.Certificates in a later CL.
      
      Updates #32426
      
      Change-Id: Ie239574d02eb7fd2cf025ec36721c8c7e082d0bc
      Reviewed-on: https://go-review.googlesource.com/c/go/+/205057Reviewed-by: default avatarKatie Hockman <katie@golang.org>
      dd017384
    • Filippo Valsorda's avatar
      crypto/tls: refactor certificate and signature algorithm logic · ec732632
      Filippo Valsorda authored
      This refactors a lot of the certificate support logic to make it cleaner
      and reusable where possible. These changes will make the following CLs
      much simpler.
      
      In particular, the heavily overloaded pickSignatureAlgorithm is gone.
      That function used to cover both signing and verifying side, would work
      both for pre-signature_algorithms TLS 1.0/1.1 and TLS 1.2, and returned
      sigalg, type and hash.
      
      Now, TLS 1.0/1.1 and 1.2 are differentiated at the caller, as they have
      effectively completely different logic. TLS 1.0/1.1 simply use
      legacyTypeAndHashFromPublicKey as they employ a fixed hash function and
      signature algorithm for each public key type. TLS 1.2 is instead routed
      through selectSignatureScheme (on the signing side) or
      isSupportedSignatureAlgorithm (on the verifying side) and
      typeAndHashFromSignatureScheme, like TLS 1.3.
      
      On the signing side, signatureSchemesForCertificate was already version
      aware (for PKCS#1 v1.5 vs PSS support), so selectSignatureScheme just
      had to learn the Section 7.4.1.4.1 defaults for a missing
      signature_algorithms to replace pickSignatureAlgorithm.
      
      On the verifying side, pickSignatureAlgorithm was also checking the
      public key type, while isSupportedSignatureAlgorithm +
      typeAndHashFromSignatureScheme are not, but that check was redundant
      with the one in verifyHandshakeSignature.
      
      There should be no major change in behavior so far. A few minor changes
      came from the refactor: we now correctly require signature_algorithms in
      TLS 1.3 when using a certificate; we won't use Ed25519 in TLS 1.2 if the
      client didn't send signature_algorithms; and we don't send
      ec_points_format in the ServerHello (a compatibility measure) if we are
      not doing ECDHE anyway because there are no mutually supported curves.
      
      The tests also got simpler because they test simpler functions. The
      caller logic switching between TLS 1.0/1.1 and 1.2 is tested by the
      transcript tests.
      
      Updates #32426
      
      Change-Id: Ice9dcaea78d204718f661f8d60efdb408ba41577
      Reviewed-on: https://go-review.googlesource.com/c/go/+/205061Reviewed-by: default avatarKatie Hockman <katie@golang.org>
      ec732632
    • Dmitri Shuralyov's avatar
      go/doc: add NewFromFiles with support for classifying examples · 4faada90
      Dmitri Shuralyov authored
      This CL is based on work started by Joe Tsai in CL 94855.
      It's rebased on top of the latest master branch, and
      addresses various code review comments and findings
      from attempting to use the original CL in practice.
      
      The testing package documents a naming convention for examples
      so that documentation tools can associate them with:
      
      • a package (Example or Example_suffix)
      • a function F (ExampleF or ExampleF_suffix)
      • a type T (ExampleT or ExampleT_suffix)
      • a method T.M (ExampleT_M or ExampleT_M_suffix)
      
      This naming convention is in widespread use and enforced
      via existing go vet checks.
      
      This change adds first-class support for classifying examples
      to go/doc, the package responsible for computing package
      documentation from Go AST.
      
      There isn't a way to supply test files to New that works well.
      External test files may have a package name with "_test" suffix,
      so ast.NewPackage may end up using the wrong package name if given
      test files. A workaround is to add test files to *ast.Package.Files
      after it is returned from ast.NewPackage:
      
      	pkg, _ := ast.NewPackage(fset, goFiles, ...)
      	for name, f := range testGoFiles {
      		pkg.Files[name] = f
      	}
      	p := doc.New(pkg, ...)
      
      But that is not a good API.
      
      After nearly 8 years, a new entry-point is added to the go/doc
      package, the function NewFromFiles. It accepts a Go package in
      the form of a list of parsed Go files (including _test.go files)
      and an import path. The caller is responsible with filtering out
      files based on build constraints, as was the case before with New.
      NewFromFiles computes package documentation from .go files,
      extracts examples from _test.go files and classifies them.
      
      Examples fields are added to Package, Type, and Func. They are
      documented to only be populated with examples found in _test.go
      files provided to NewFromFiles.
      
      The new behavior is:
      
      1. NewFromFiles computes package documentation from provided
         parsed .go files. It extracts examples from _test.go files.
      2. It assigns each Example to corresponding Package, Type,
         or Func.
      3. It sets the Suffix field in each example to the suffix.
      4. Malformed examples are skipped.
      
      This change implements behavior that matches the current behavior
      of existing godoc-like tools, and will enable them to rely on the
      logic in go/doc instead of reimplementing it themselves.
      
      Fixes #23864
      
      Change-Id: Iae834f2ff92fbd1c93a9bb7c2bf47d619bee05cf
      Reviewed-on: https://go-review.googlesource.com/c/go/+/204830
      Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
      TryBot-Result: Gobot Gobot <gobot@golang.org>
      Reviewed-by: default avatarRobert Griesemer <gri@golang.org>
      4faada90
  2. 11 Nov, 2019 23 commits
  3. 10 Nov, 2019 7 commits