[dev.boringcrypto] all: merge master into dev.boringcrypto

author Filippo Valsorda <filippo@golang.org>

Fri, 8 Jun 2018 22:28:11 +0000 (18:28 -0400)

committer Filippo Valsorda <filippo@golang.org>

Fri, 8 Jun 2018 22:43:33 +0000 (18:43 -0400)
author Filippo Valsorda <filippo@golang.org>
Fri, 8 Jun 2018 22:28:11 +0000 (18:28 -0400)
committer Filippo Valsorda <filippo@golang.org>
Fri, 8 Jun 2018 22:43:33 +0000 (18:43 -0400)
diff --cc src/cmd/go/go_test.go
Simple merge
diff --cc src/cmd/go/internal/load/pkg.go
Simple merge
diff --cc src/cmd/link/internal/ld/lib.go
Simple merge
diff --cc src/crypto/ecdsa/ecdsa.go

index 6a47cc7d98d062e3d702f0817acbf22e2f1168e9,2bab14cbb9e268057175841d306c1d0c2ccfaa38..bae3f03e5d716976da6d2981a4786b131bc16b65
--- 1/src/crypto/ecdsa/ecdsa.go
--- 2/src/crypto/ecdsa/ecdsa.go
+++ b/src/crypto/ecdsa/ecdsa.go
@@@ -27,7 -26,8 +27,9 @@@ import 
         "errors"
         "io"
         "math/big"
+ +      "unsafe"
+ 
+       "crypto/internal/randutil"
   )
   
   // A invertible implements fast inverse mod Curve.Params().N
@@@ -176,15 -154,8 +178,17 @@@ var errZeroParam = errors.New("zero par
   // returns the signature as a pair of integers. The security of the private key
   // depends on the entropy of rand.
   func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error) {
+       randutil.MaybeReadByte(rand)
+ 
+ +      if boring.Enabled && rand == boring.RandReader {
+ +              b, err := boringPrivateKey(priv)
+ +              if err != nil {
+ +                      return nil, nil, err
+ +              }
+ +              return boring.SignECDSA(b, hash)
+ +      }
+ +      boring.UnreachableExceptTests()
+ +
         // Get min(log2(q) / 2, 256) bits of entropy from rand.
         entropylen := (priv.Curve.Params().BitSize + 7) / 16
         if entropylen > 32 {
diff --cc src/crypto/hmac/hmac.go
Simple merge
diff --cc src/crypto/hmac/hmac_test.go
Simple merge
diff --cc src/crypto/rsa/pkcs1v15.go

index f77fc007617265eaf62a9ad02d701a7a52481bc6,37790acb9860a236a0331dd6a5ab8c93a000a5fc..b617840c798330fefe8623f50d6d63b323a11859
--- 1/src/crypto/rsa/pkcs1v15.go
--- 2/src/crypto/rsa/pkcs1v15.go
+++ b/src/crypto/rsa/pkcs1v15.go
@@@ -35,7 -36,9 +37,9 @@@ type PKCS1v15DecryptOptions struct 
   //
   // WARNING: use of this function to encrypt plaintexts other than
   // session keys is dangerous. Use RSA OAEP in new protocols.
- -func EncryptPKCS1v15(rand io.Reader, pub *PublicKey, msg []byte) ([]byte, error) {
- -      randutil.MaybeReadByte(rand)
+ +func EncryptPKCS1v15(random io.Reader, pub *PublicKey, msg []byte) ([]byte, error) {
++      randutil.MaybeReadByte(random)
+ 
         if err := checkPub(pub); err != nil {
                 return nil, err
         }
diff --cc src/crypto/rsa/rsa.go

index 9302ea8535c6528c5ddfdc21c3dac92396509c0c,ad32d3e3add0fc44cfbac9921a708030c041e6a4..6cbcfe5449cc40319a7b8b4e6a062cb037adb3ae
--- 1/src/crypto/rsa/rsa.go
--- 2/src/crypto/rsa/rsa.go
+++ b/src/crypto/rsa/rsa.go
@@@ -32,7 -31,8 +32,9 @@@ import 
         "io"
         "math"
         "math/big"
+ +      "unsafe"
+ 
+       "crypto/internal/randutil"
   )
   
   var bigZero = big.NewInt(0)
@@@ -224,32 -220,8 +226,34 @@@ func GenerateKey(random io.Reader, bit
   // [1] US patent 4405829 (1972, expired)
   // [2] http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf
   func GenerateMultiPrimeKey(random io.Reader, nprimes int, bits int) (*PrivateKey, error) {
+       randutil.MaybeReadByte(random)
+ 
+ +      if boring.Enabled && random == boring.RandReader && nprimes == 2 && (bits == 2048 || bits == 3072) {
+ +              N, E, D, P, Q, Dp, Dq, Qinv, err := boring.GenerateKeyRSA(bits)
+ +              if err != nil {
+ +                      return nil, err
+ +              }
+ +              e64 := E.Int64()
+ +              if !E.IsInt64() || int64(int(e64)) != e64 {
+ +                      return nil, errors.New("crypto/rsa: generated key exponent too large")
+ +              }
+ +              key := &PrivateKey{
+ +                      PublicKey: PublicKey{
+ +                              N: N,
+ +                              E: int(e64),
+ +                      },
+ +                      D:      D,
+ +                      Primes: []*big.Int{P, Q},
+ +                      Precomputed: PrecomputedValues{
+ +                              Dp:        Dp,
+ +                              Dq:        Dq,
+ +                              Qinv:      Qinv,
+ +                              CRTValues: make([]CRTValue, 0), // non-nil, to match Precompute
+ +                      },
+ +              }
+ +              return key, nil
+ +      }
+ +
         priv := new(PrivateKey)
         priv.E = 65537
   
diff --cc src/crypto/tls/common.go
Simple merge
diff --cc src/crypto/tls/key_agreement.go
Simple merge
diff --cc src/crypto/tls/prf.go
Simple merge
diff --cc src/go/build/deps_test.go
Simple merge
author	Filippo Valsorda <filippo@golang.org>
	Fri, 8 Jun 2018 22:28:11 +0000 (18:28 -0400)
committer	Filippo Valsorda <filippo@golang.org>
	Fri, 8 Jun 2018 22:43:33 +0000 (18:43 -0400)
		1	2
src/cmd/go/go_test.go	patch \|	diff1 \|	diff2 \|	blob \| history
src/cmd/go/internal/load/pkg.go	patch \|	diff1 \|	diff2 \|	blob \| history
src/cmd/link/internal/ld/lib.go	patch \|	diff1 \|	diff2 \|	blob \| history
src/crypto/ecdsa/ecdsa.go	patch \|	diff1 \|	diff2 \|	blob \| history
src/crypto/hmac/hmac.go	patch \|	diff1 \|	diff2 \|	blob \| history
src/crypto/hmac/hmac_test.go	patch \|	diff1 \|	diff2 \|	blob \| history
src/crypto/rsa/pkcs1v15.go	patch \|	diff1 \|	diff2 \|	blob \| history
src/crypto/rsa/rsa.go	patch \|	diff1 \|	diff2 \|	blob \| history
src/crypto/tls/common.go	patch \|	diff1 \|	diff2 \|	blob \| history
src/crypto/tls/key_agreement.go	patch \|	diff1 \|	diff2 \|	blob \| history
src/crypto/tls/prf.go	patch \|	diff1 \|	diff2 \|	blob \| history
src/go/build/deps_test.go	patch \|	diff1 \|	diff2 \|	blob \| history