From: Dmitri Shuralyov Date: Fri, 8 May 2020 03:27:25 +0000 (-0400) Subject: [dev.boringcrypto] all: merge master into dev.boringcrypto X-Git-Tag: go1.19beta1~484^2~80 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=dd98c0ca3f19a8de7a8422c92839ff985f9827e4;p=gostls13.git [dev.boringcrypto] all: merge master into dev.boringcrypto Change-Id: I083d1e4e997b30d9fab10940401eaf160e36f6c1 --- dd98c0ca3f19a8de7a8422c92839ff985f9827e4 diff --cc src/crypto/ecdsa/ecdsa.go index 08a0533aa7,ccce873859..04738cdbd7 --- a/src/crypto/ecdsa/ecdsa.go +++ b/src/crypto/ecdsa/ecdsa.go @@@ -65,10 -60,11 +65,13 @@@ const type PublicKey struct { elliptic.Curve X, Y *big.Int + + boring unsafe.Pointer } + // Any methods implemented on PublicKey might need to also be implemented on + // PrivateKey, as the latter embeds the former and will expose its methods. + // Equal reports whether pub and x have the same value. // // Two keys are only considered to have the same value if they have the same Curve value. diff --cc src/crypto/rsa/rsa.go index 4c67644ccb,b414b44148..94a66216a5 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go @@@ -47,10 -42,11 +47,13 @@@ var bigOne = big.NewInt(1 type PublicKey struct { N *big.Int // modulus E int // public exponent + + boring unsafe.Pointer } + // Any methods implemented on PublicKey might need to also be implemented on + // PrivateKey, as the latter embeds the former and will expose its methods. + // Size returns the modulus size in bytes. Raw signatures and ciphertexts // for or by this public key will have the same size. func (pub *PublicKey) Size() int { diff --cc src/crypto/x509/verify.go index df7aadeeb6,05936f2e35..e01f55733c --- a/src/crypto/x509/verify.go +++ b/src/crypto/x509/verify.go @@@ -185,18 -185,24 +185,29 @@@ func (se SystemRootsError) Error() stri // verified. Platform-specific verification needs the ASN.1 contents. var errNotParsed = errors.New("x509: missing ASN.1 contents; use ParseCertificate") - // VerifyOptions contains parameters for Certificate.Verify. It's a structure - // because other PKIX verification APIs have ended up needing many options. + // VerifyOptions contains parameters for Certificate.Verify. type VerifyOptions struct { + // IsBoring is a validity check for BoringCrypto. + // If not nil, it will be called to check whether a given certificate + // can be used for constructing verification chains. + IsBoring func(*Certificate) bool + - DNSName string + // DNSName, if set, is checked against the leaf certificate with + // Certificate.VerifyHostname. + DNSName string + + // Intermediates is an optional pool of certificates that are not trust + // anchors, but can be used to form a chain from the leaf certificate to a + // root certificate. Intermediates *CertPool - Roots *CertPool // if nil, the system roots are used - CurrentTime time.Time // if zero, the current time is used + // Roots is the set of trusted root certificates the leaf certificate needs + // to chain up to. If nil, the system roots or the platform verifier are used. + Roots *CertPool + + // CurrentTime is used to check the validity of all certificates in the + // chain. If zero, the current time is used. + CurrentTime time.Time + // KeyUsage specifies which Extended Key Usage values are acceptable. A leaf // certificate is accepted if it contains any of the listed values. An empty // list means ExtKeyUsageServerAuth. To accept any key usage, include