delta/go-git.git/src/crypto, branch dev.debug github.com: golang/go crypto/x509: load all trusted certs on darwin (nocgo) 2017-07-14T18:47:10+00:00 Nathaniel Caza mastercactapus@gmail.com 2017-02-14T03:00:06+00:00 4dbcacda961abb0ca3490dc06923fa7ab344d702 The current implementation ignores certificates that exist in the login and System keychains. This change adds the missing System and login keychain files to the `/usr/bin/security` command in `execSecurityRoots`. If the current user cannot be obtained, the login keychain is ignored. Refs #16532 Change-Id: I8594a6b8940c58df8a8015b274fa45c39e18862c Reviewed-on: https://go-review.googlesource.com/36941 Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> 
The current implementation ignores certificates that exist
in the login and System keychains.

This change adds the missing System and login keychain
files to the `/usr/bin/security` command in
`execSecurityRoots`. If the current user cannot be
obtained, the login keychain is ignored.

Refs #16532

Change-Id: I8594a6b8940c58df8a8015b274fa45c39e18862c
Reviewed-on: https://go-review.googlesource.com/36941
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
crypto/x509: improve internal comment 2017-06-29T05:50:37+00:00 Dmitri Shuralyov shurcooL@gmail.com 2017-06-29T04:38:38+00:00 d13d6b337826cc3b3a2da665b4bc0a33c5d300af Apply code review suggestion from CL 46715. The block is doing more than just checking len(r.certs) == len(tc.cns). It also verifies that certificate common names match. Change-Id: I28d6926a5da48bd8f6c80aa5e5a1ed6d4990f845 Reviewed-on: https://go-review.googlesource.com/47132 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> 
Apply code review suggestion from CL 46715.

The block is doing more than just checking len(r.certs) == len(tc.cns).
It also verifies that certificate common names match.

Change-Id: I28d6926a5da48bd8f6c80aa5e5a1ed6d4990f845
Reviewed-on: https://go-review.googlesource.com/47132
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
crypto/x509: fix panic in TestEnvVars, improve style 2017-06-27T01:26:25+00:00 Dmitri Shuralyov shurcooL@gmail.com 2017-06-26T18:32:55+00:00 441fd1338633c2aafa5b30121142ab24ee9dddcb This panic happens when the test fails due to the returned number of certificates (r.certs) being less than expected by test case (tc.cns). When i == len(r.certs) in the for loop, r.certs[i] will cause an index out of range panic. Also improve readability, consistency and style of the code. Use the more common "got x, want y" pattern. See https://golang.org/s/style#useful-test-failures for reference (and grep codebase for most common occurrences). Add a comment, and remove blank line separating two blocks that are both related to verifying that len(r.certs) == len(tc.cns). This should help with readability. Remove space after colon in call to t.Fatal, since it adds spaces between its arguments. Fixes #20801. Change-Id: I40476103f1b5a0fa74b05637c250926b571c92fd Reviewed-on: https://go-review.googlesource.com/46715 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> 
This panic happens when the test fails due to the returned number of
certificates (r.certs) being less than expected by test case (tc.cns).
When i == len(r.certs) in the for loop, r.certs[i] will cause an index
out of range panic.

Also improve readability, consistency and style of the code. Use the
more common "got x, want y" pattern. See https://golang.org/s/style#useful-test-failures
for reference (and grep codebase for most common occurrences). Add a
comment, and remove blank line separating two blocks that are both
related to verifying that len(r.certs) == len(tc.cns). This should
help with readability.

Remove space after colon in call to t.Fatal, since it adds spaces
between its arguments.

Fixes #20801.

Change-Id: I40476103f1b5a0fa74b05637c250926b571c92fd
Reviewed-on: https://go-review.googlesource.com/46715
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
all: gofmt 2017-06-21T03:14:30+00:00 Mikio Hara mikioh.mikioh@gmail.com 2017-06-20T08:25:07+00:00 7b659eb1552320f34ed687330e433153ee4c2266 Change-Id: I2d0439a9f068e726173afafe2ef1f5d62b7feb4d Reviewed-on: https://go-review.googlesource.com/46190 Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> 
Change-Id: I2d0439a9f068e726173afafe2ef1f5d62b7feb4d
Reviewed-on: https://go-review.googlesource.com/46190
Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
crypto/x509: update MaxPathLen & MaxPathLenZero docs 2017-06-20T23:40:07+00:00 Brad Fitzpatrick bradfitz@golang.org 2017-06-19T22:57:40+00:00 3ca8ee14d15d8fdf152c28e98812347419f8084c Fixes #19285 Change-Id: I11e864eff9980dec8247c47e4c600f76602e7ada Reviewed-on: https://go-review.googlesource.com/46092 Reviewed-by: Ian Lance Taylor <iant@golang.org> 
Fixes #19285

Change-Id: I11e864eff9980dec8247c47e4c600f76602e7ada
Reviewed-on: https://go-review.googlesource.com/46092
Reviewed-by: Ian Lance Taylor <iant@golang.org>
crypto/x509: support excluded domains in name constraints. 2017-06-13T18:33:29+00:00 Adam Langley agl@golang.org 2017-02-09T00:27:00+00:00 d1211b9a9f65ea3f184ceb34f1833d4d1a623f7c Change-Id: I4c2c82cb0354f843a3283a650ed2cd2b6aef5895 Reviewed-on: https://go-review.googlesource.com/36900 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> 
Change-Id: I4c2c82cb0354f843a3283a650ed2cd2b6aef5895
Reviewed-on: https://go-review.googlesource.com/36900
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
crypto/rand: only read necessary bytes for Int 2017-05-23T21:02:14+00:00 Wade Simmons wade@wades.im 2017-05-23T00:31:17+00:00 8a2553e380196dda556608e2fe79881004770eb9 We only need to read the number of bytes required to store the value "max - 1" to generate a random number in the range [0, max). Before, there was an off-by-one error where an extra byte was read from the io.Reader for inputs like "256" (right at the boundary for a byte). There was a similar off-by-one error in the logic for clearing bits and thus for any input that was a power of 2, there was a 50% chance the read would continue to be retried as the mask failed to remove a bit. Fixes #18165. Change-Id: I548c1368990e23e365591e77980e9086fafb6518 Reviewed-on: https://go-review.googlesource.com/43891 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> 
We only need to read the number of bytes required to store the value
"max - 1" to generate a random number in the range [0, max).

Before, there was an off-by-one error where an extra byte was read from
the io.Reader for inputs like "256" (right at the boundary for a byte).
There was a similar off-by-one error in the logic for clearing bits and
thus for any input that was a power of 2, there was a 50% chance the
read would continue to be retried as the mask failed to remove a bit.

Fixes #18165.

Change-Id: I548c1368990e23e365591e77980e9086fafb6518
Reviewed-on: https://go-review.googlesource.com/43891
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
crypto/rand: use blocking getrandom call on Linux when supported 2017-05-23T04:54:42+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-05-22T21:36:43+00:00 95d991d30c59edc4943bd8baf5c664c5f8b1cebe By changing getRandomLinux to immediately use the getrandom() syscall without GRND_NONBLOCK, we now only fall back to reading from /dev/urandom on Linux if the kernel does not support the getrandom() syscall. This means reads for crypto/rand will now block if the kernel has insufficient entropy on Linux kernels after v3.16. Before, if the kernel had insufficient entropy, it would fall back to reading from /dev/urandom. This would potentially return predictable data. Fixes #19274 Change-Id: I1cb081ce2f3096f18ad2820e52ecdbd993dc2afc Reviewed-on: https://go-review.googlesource.com/43852 Reviewed-by: Filippo Valsorda <hi@filippo.io> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> 
By changing getRandomLinux to immediately use the getrandom() syscall
without GRND_NONBLOCK, we now only fall back to reading from
/dev/urandom on Linux if the kernel does not support the getrandom()
syscall. This means reads for crypto/rand will now block if the kernel
has insufficient entropy on Linux kernels after v3.16.

Before, if the kernel had insufficient entropy, it would fall back to
reading from /dev/urandom. This would potentially return predictable
data.

Fixes #19274

Change-Id: I1cb081ce2f3096f18ad2820e52ecdbd993dc2afc
Reviewed-on: https://go-review.googlesource.com/43852
Reviewed-by: Filippo Valsorda <hi@filippo.io>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
crypto/tls: pass argument to serverInit rather than using a field in Config. 2017-05-16T18:23:28+00:00 Adam Langley agl@golang.org 2017-04-28T20:37:52+00:00 46f4bfb2d17a3ccb4b3207d086a90cac3c00ea2f Updates #20164. Change-Id: Ib900095e7885f25cd779750674a712c770603ca8 Reviewed-on: https://go-review.googlesource.com/42137 Reviewed-by: Russ Cox <rsc@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> 
Updates #20164.

Change-Id: Ib900095e7885f25cd779750674a712c770603ca8
Reviewed-on: https://go-review.googlesource.com/42137
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
internal/cpu: new package to detect cpu features 2017-05-10T17:02:21+00:00 Martin Möhrmann moehrmann@google.com 2017-04-03T20:38:09+00:00 69972aea74de6a0397a05281475d1ca006da7bb0 Implements detection of x86 cpu features that are used in the go standard library. Changes all standard library packages to use the new cpu package instead of using runtime internal variables to check x86 cpu features. Updates: #15403 Change-Id: I2999a10cb4d9ec4863ffbed72f4e021a1dbc4bb9 Reviewed-on: https://go-review.googlesource.com/41476 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Keith Randall <khr@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> 
Implements detection of x86 cpu features that
are used in the go standard library.

Changes all standard library packages to use the new cpu package
instead of using runtime internal variables to check x86 cpu features.

Updates: #15403

Change-Id: I2999a10cb4d9ec4863ffbed72f4e021a1dbc4bb9
Reviewed-on: https://go-review.googlesource.com/41476
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Keith Randall <khr@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>