delta/go-git.git/src/crypto/sha1, branch dev.debug github.com: golang/go internal/cpu: new package to detect cpu features 2017-05-10T17:02:21+00:00 Martin Möhrmann moehrmann@google.com 2017-04-03T20:38:09+00:00 69972aea74de6a0397a05281475d1ca006da7bb0 Implements detection of x86 cpu features that are used in the go standard library. Changes all standard library packages to use the new cpu package instead of using runtime internal variables to check x86 cpu features. Updates: #15403 Change-Id: I2999a10cb4d9ec4863ffbed72f4e021a1dbc4bb9 Reviewed-on: https://go-review.googlesource.com/41476 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Keith Randall <khr@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> 
Implements detection of x86 cpu features that
are used in the go standard library.

Changes all standard library packages to use the new cpu package
instead of using runtime internal variables to check x86 cpu features.

Updates: #15403

Change-Id: I2999a10cb4d9ec4863ffbed72f4e021a1dbc4bb9
Reviewed-on: https://go-review.googlesource.com/41476
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Keith Randall <khr@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
crypto: revise wording about cryptographically broken algorithms 2017-05-04T12:31:18+00:00 Brad Fitzpatrick bradfitz@golang.org 2017-05-04T02:49:23+00:00 ec0ee7d35737ef137175e92d563c8c4315820204 Updates text from https://golang.org/cl/42511 Updates #14395 Change-Id: I711100525e074ab360e577520280c37645db1c95 Reviewed-on: https://go-review.googlesource.com/42614 Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com> Reviewed-by: Rob Pike <r@golang.org> 
Updates text from https://golang.org/cl/42511

Updates #14395

Change-Id: I711100525e074ab360e577520280c37645db1c95
Reviewed-on: https://go-review.googlesource.com/42614
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Reviewed-by: Rob Pike <r@golang.org>
crypto: document insecure algorithms 2017-05-03T18:35:48+00:00 Andreas Auernhammer aead@mail.de 2017-05-02T23:08:31+00:00 25db5d1a872ed73c6c1d067c0023512732a1eab4 This change explicitly documents that DES, MD5, RC4 and SHA-1 are insecure / broken - at all or at least within a commonly used scenario. Fixes #14395 Change-Id: Id1d543c85d67968ba64ed7495313501953c3ef3a Reviewed-on: https://go-review.googlesource.com/42511 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> 
This change explicitly documents that DES, MD5, RC4 and SHA-1 are
insecure / broken - at all or at least within a commonly used scenario.

Fixes #14395

Change-Id: Id1d543c85d67968ba64ed7495313501953c3ef3a
Reviewed-on: https://go-review.googlesource.com/42511
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
crypto: detect BMI usability on AMD64 for sha1 and sha256 2017-01-05T15:37:37+00:00 Lion Yang lion@aosc.xyz 2017-01-04T21:13:53+00:00 a2b615d5270f0bc2ee1dfcdd7849bdd05ee76a14 The existing implementations on AMD64 only detects AVX2 usability, when they also contains BMI (bit-manipulation instructions). These instructions crash the running program as 'unknown instructions' on the architecture, e.g. i3-4000M, which supports AVX2 but not support BMI. This change added the detections for BMI1 and BMI2 to AMD64 runtime with two flags as the result, `support_bmi1` and `support_bmi2`, in runtime/runtime2.go. It also completed the condition to run AVX2 version in packages crypto/sha1 and crypto/sha256. Fixes #18512 Change-Id: I917bf0de365237740999de3e049d2e8f2a4385ad Reviewed-on: https://go-review.googlesource.com/34850 Reviewed-by: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> 
The existing implementations on AMD64 only detects AVX2 usability,
when they also contains BMI (bit-manipulation instructions).
These instructions crash the running program as 'unknown instructions'
on the architecture, e.g. i3-4000M, which supports AVX2 but not
support BMI.

This change added the detections for BMI1 and BMI2 to AMD64 runtime with
two flags as the result, `support_bmi1` and `support_bmi2`,
in runtime/runtime2.go. It also completed the condition to run AVX2 version
in packages crypto/sha1 and crypto/sha256.

Fixes #18512

Change-Id: I917bf0de365237740999de3e049d2e8f2a4385ad
Reviewed-on: https://go-review.googlesource.com/34850
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
all: make copyright headers consistent with one space after period 2016-11-04T20:46:25+00:00 Michael Munday munday@ca.ibm.com 2016-11-04T20:30:12+00:00 cfd89164bb6af2d1a660b75ded8c0801372924e2 Continuation of CL 20111. Change-Id: Ie2f62237e6ec316989c021de9b267cc9d6ee6676 Reviewed-on: https://go-review.googlesource.com/32830 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> 
Continuation of CL 20111.

Change-Id: Ie2f62237e6ec316989c021de9b267cc9d6ee6676
Reviewed-on: https://go-review.googlesource.com/32830
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
crypto/tls: implement countermeasures against CBC padding oracles 2016-10-04T13:21:02+00:00 Filippo Valsorda hi@filippo.io 2015-12-23T02:03:44+00:00 f28cf8346c4ce7cb74bf97c7c69da21c43a78034 The aim is to make the decrypt() timing profile constant, irrespective of the CBC padding length or correctness. The old algorithm, on valid padding, would only MAC bytes up to the padding length threshold, making CBC ciphersuites vulnerable to plaintext recovery attacks as presented in the "Lucky Thirteen" paper. The new algorithm Write()s to the MAC all supposed payload, performs a constant time Sum()---which required implementing a constant time Sum() in crypto/sha1, see the "Lucky Microseconds" paper---and then Write()s the rest of the data. This is performed whether the padding is good or not. This should have no explicit secret-dependent timings, but it does NOT attempt to normalize memory accesses to prevent cache timing leaks. Updates #13385 Change-Id: I15d91dc3cc6eefc1d44f317f72ff8feb0a9888f7 Reviewed-on: https://go-review.googlesource.com/18130 Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Russ Cox <rsc@golang.org> 
The aim is to make the decrypt() timing profile constant, irrespective of
the CBC padding length or correctness.  The old algorithm, on valid padding,
would only MAC bytes up to the padding length threshold, making CBC
ciphersuites vulnerable to plaintext recovery attacks as presented in the
"Lucky Thirteen" paper.

The new algorithm Write()s to the MAC all supposed payload, performs a
constant time Sum()---which required implementing a constant time Sum() in
crypto/sha1, see the "Lucky Microseconds" paper---and then Write()s the rest
of the data. This is performed whether the padding is good or not.

This should have no explicit secret-dependent timings, but it does NOT
attempt to normalize memory accesses to prevent cache timing leaks.

Updates #13385

Change-Id: I15d91dc3cc6eefc1d44f317f72ff8feb0a9888f7
Reviewed-on: https://go-review.googlesource.com/18130
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
crypto/md5, crypto/sha1, crypto/sha256: add examples for checksumming a file 2016-09-19T17:29:19+00:00 Emmanuel Odeke emm.odeke@gmail.com 2016-09-18T23:51:02+00:00 31ba855014c62ed8ea2a19208d43318d99948e5b Updates #16360. Change-Id: I75714d2b5f095fe39fd81edfa6dd9e44d7c44da1 Reviewed-on: https://go-review.googlesource.com/29375 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> 
Updates #16360.

Change-Id: I75714d2b5f095fe39fd81edfa6dd9e44d7c44da1
Reviewed-on: https://go-review.googlesource.com/29375
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
crypto/*, runtime: nacl asm fixes 2016-08-22T19:50:41+00:00 Josh Bleecher Snyder josharian@gmail.com 2016-08-07T21:14:47+00:00 e2103adb6cf4e7d7d0905e513852407355967638 Found by vet. Updates #11041 Change-Id: I5217b3e20c6af435d7500d6bb487b9895efe6605 Reviewed-on: https://go-review.googlesource.com/27493 Run-TryBot: Josh Bleecher Snyder <josharian@gmail.com> Reviewed-by: Ian Lance Taylor <iant@golang.org> 
Found by vet.

Updates #11041

Change-Id: I5217b3e20c6af435d7500d6bb487b9895efe6605
Reviewed-on: https://go-review.googlesource.com/27493
Run-TryBot: Josh Bleecher Snyder <josharian@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
crypto/sha1: fix AVX2 variant on AMD64 2016-05-26T11:34:32+00:00 Ilya Tocar ilya.tocar@intel.com 2016-05-17T17:55:55+00:00 805eaeef33a52778ba6ee624389c2cbfe6896f6f AVX2 variant reads next blocks while calculating current block. Avoid reading past the end of data, by switching back to original, for last blocks. Fixes #15617. Change-Id: I04fa2d83f1b47995117c77b4a3d403a7dff594d4 Reviewed-on: https://go-review.googlesource.com/23138 Reviewed-by: Keith Randall <khr@golang.org> Run-TryBot: Ilya Tocar <ilya.tocar@intel.com> TryBot-Result: Gobot Gobot <gobot@golang.org> 
AVX2 variant reads next blocks while calculating current block.
Avoid reading past the end of data, by switching back to original,
for last blocks.

Fixes #15617.

Change-Id: I04fa2d83f1b47995117c77b4a3d403a7dff594d4
Reviewed-on: https://go-review.googlesource.com/23138
Reviewed-by: Keith Randall <khr@golang.org>
Run-TryBot: Ilya Tocar <ilya.tocar@intel.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
crypto/sha1: disable crashing AVX2 optimizations for now 2016-05-10T16:44:53+00:00 Brad Fitzpatrick bradfitz@golang.org 2016-05-10T16:24:57+00:00 78ff74375930d5ae391beae562c91da40e5d92a4 Updates #15617 Change-Id: I2104776f8e789d987b4f2f7f08f2ebe979b747a1 Reviewed-on: https://go-review.googlesource.com/23001 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Dmitry Vyukov <dvyukov@google.com> Reviewed-by: Minux Ma <minux@golang.org> 
Updates #15617

Change-Id: I2104776f8e789d987b4f2f7f08f2ebe979b747a1
Reviewed-on: https://go-review.googlesource.com/23001
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Reviewed-by: Minux Ma <minux@golang.org>