From: Filippo Valsorda Date: Fri, 4 Dec 2020 00:46:59 +0000 (+0100) Subject: doc/go1.16: cleanup crypto release notes X-Git-Tag: go1.16beta1~81 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=4de4480dc34fbe4f7b0ed97eada26aef7a7e2337;p=gostls13.git doc/go1.16: cleanup crypto release notes For #40700 Fixes #42897 Change-Id: Id3b87841a899818d6939dcc3edbaaa0bc183e913 Reviewed-on: https://go-review.googlesource.com/c/go/+/275313 Trust: Filippo Valsorda Trust: Roland Shoemaker Reviewed-by: Roland Shoemaker --- diff --git a/doc/go1.16.html b/doc/go1.16.html index ce93ab349e..fb7022b354 100644 --- a/doc/go1.16.html +++ b/doc/go1.16.html @@ -440,9 +440,10 @@ Do not send CLs removing the interior tags from such phrases.
crypto/hmac

- New will now panic if separate calls to - the hash generation function fail to return new values. Previously, the - behavior was undefined and invalid outputs were sometimes generated. + New will now panic if + separate calls to the hash generation function fail to return new values. + Previously, the behavior was undefined and invalid outputs were sometimes + generated.

@@ -450,56 +451,49 @@ Do not send CLs removing the interior tags from such phrases.
crypto/tls

- I/O operations on closing or closed TLS connections can now be detected using - the new ErrClosed error. A typical use - would be errors.Is(err, net.ErrClosed). In earlier releases - the only way to reliably detect this case was to match the string returned - by the Error method with "tls: use of closed connection". + I/O operations on closing or closed TLS connections can now be detected + using the new net.ErrClosed + error. A typical use would be errors.Is(err, net.ErrClosed).

- A default deadline is set in Close - before sending the close notify alert, in order to prevent blocking + A default write deadline is now set in + Conn.Close + before sending the "close notify" alert, in order to prevent blocking indefinitely.

- (*Conn).HandshakeContext was added to - allow the user to control cancellation of an in-progress TLS Handshake. - The context provided is propagated into the - ClientHelloInfo - and CertificateRequestInfo - structs and accessible through the new - (*ClientHelloInfo).Context - and - - (*CertificateRequestInfo).Context - methods respectively. Canceling the context after the handshake has finished - has no effect. + The new Conn.HandshakeContext + method allows cancellation of an in-progress handshake. The provided + context is accessible through the new + ClientHelloInfo.Context + and + CertificateRequestInfo.Context methods. Canceling the + context after the handshake has finished has no effect.

- Clients now ensure that the server selects + Clients now return a handshake error if the server selects - an ALPN protocol from + an ALPN protocol that was not in the list advertised by the client.

- TLS servers will now prefer other AEAD cipher suites (such as ChaCha20Poly1305) + Servers will now prefer other available AEAD cipher suites (such as ChaCha20Poly1305) over AES-GCM cipher suites if either the client or server doesn't have AES hardware - support, unless the application set both - Config.PreferServerCipherSuites + support, unless both + Config.PreferServerCipherSuites and Config.CipherSuites - or there are no other AEAD cipher suites supported. - The client is assumed not to have AES hardware support if it does not signal a - preference for AES-GCM cipher suites. + are set. The client is assumed not to have AES hardware support if it does + not signal a preference for AES-GCM cipher suites.

- Config.Clone now returns - a nil *Config if the source is nil, rather than panicking. + Config.Clone now + returns nil if the receiver is nil, rather than panicking.

@@ -514,25 +508,26 @@ Do not send CLs removing the interior tags from such phrases.

- ParseCertificate and - CreateCertificate both - now enforce string encoding restrictions for the fields DNSNames, - EmailAddresses, and URIs. These fields can only - contain strings with characters within the ASCII range. + ParseCertificate and + CreateCertificate + now enforce string encoding restrictions for the DNSNames, + EmailAddresses, and URIs fields. These fields + can only contain strings with characters within the ASCII range.

- CreateCertificate now - verifies the generated certificate's signature using the signer's - public key. If the signature is invalid, an error is returned, instead - of a malformed certificate. + CreateCertificate + now verifies the generated certificate's signature using the signer's + public key. If the signature is invalid, an error is returned, instead of + a malformed certificate.

A number of additional fields have been added to the - CertificateRequest type. - These fields are now parsed in ParseCertificateRequest - and marshalled in CreateCertificateRequest. + CertificateRequest type. + These fields are now parsed in + ParseCertificateRequest and marshalled in + CreateCertificateRequest.

@@ -548,7 +543,9 @@ Do not send CLs removing the interior tags from such phrases.

- TODO: https://golang.org/cl/262343: add Unwrap to SystemRootsError + The new SystemRootsError.Unwrap + method allows accessing the Err + field through the errors package functions.

@@ -556,11 +553,11 @@ Do not send CLs removing the interior tags from such phrases.
encoding/asn1

- Unmarshal and - UnmarshalWithParams - now return an error instead of panic when the argument is not + Unmarshal and + UnmarshalWithParams + now return an error instead of panicking when the argument is not a pointer or is nil. This change matches the behavior of other - encoding packages such as encoding/json. + encoding packages such as encoding/json.

@@ -693,15 +690,16 @@ Do not send CLs removing the interior tags from such phrases.

- Cookies set with SameSiteDefaultMode now behave according to the current - spec (no attribute is set) instead of generating a SameSite key without a value. + Cookies set with SameSiteDefaultMode + now behave according to the current spec (no attribute is set) instead of + generating a SameSite key without a value.

- The net/http package now uses the new - (*tls.Conn).HandshakeContext - with the Request context - when performing TLS handshakes in the client or server. + The net/http package now passes the + Request context to + tls.Conn.HandshakeContext + when performing TLS handshakes.