boringssl/go.mod

module boringssl.googlesource.com/boringssl

go 1.19

require (
	golang.org/x/crypto v0.10.0
	golang.org/x/net v0.11.0
)

require (
	golang.org/x/sys v0.9.0 // indirect
	golang.org/x/term v0.9.0 // indirect
)
acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com> 4 years ago			`module boringssl.googlesource.com/boringssl`

Bump Go version in go.mod and run go mod tidy. I did a go mod tidy run because https://go.dev/doc/modules/gomod-ref#go mentions something about transitive dependencies being noted differently. Fixed: 544 Change-Id: Ie631d83b8bb5e94f4ab7d47ae5d4eb4cc0b4ac06 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55365 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> 2 years ago			`go 1.19`
Use golang.org/x/crypto in runner. The CI should be set up to retain the Go module and build caches, so we'll avoid downloading it multiple times. This avoids having to replicate some code. Update-Note: The tests now have a golang.org/x/crypto dependency. This should be fetched transparently with Go modules. Monorepos with different import path conventions may need to rewrite these imports. Change-Id: If5ba52e051f180536d72109c2e690bbd13d58e7c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42044 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> 4 years ago
Reland "Add util/fetch_ech_config_list.go" This is a reland of 160a8891ae9a1d03f29aec079a67d97bc773990e with go.mod and go.sum fixed. This updates golang.org/x/crypto, adds the latest golang.org/x/net as a direct dependency (it was previously an indirect dependency via x/crypto), and cleans up stale entries from go.sum with go mod tidy. Original change's description: > Add util/fetch_ech_config_list.go > > I wrote this tool to make it easier to test the ECH client against > real-world servers with the bssl client tool. I found that manually > extracting an ECHConfigList from a raw HTTPS record is unnecessarily > painful. > > The tool queries DNS over UDP for HTTPS records. If it finds any HTTPS > records in the response, it attempts to extract an ECHConfigList from > the "ech" SvcParam. It can write each extracted ECHConfigList to a file > in a given directory. Once the ECH client implementation lands, the bssl > client tool should have a new flag that that takes the path to an > ECHConfigList file. > > I am using golang.org/x/net/dns/dnsmessage to parse the DNS response. I > recently added the \|UnknownResource\| type to this library to enable > callers (like us) to extract the bytes of otherwise-unsupported records > (like HTTPS). I updated the dependency with `go get -u golang.org/x/net`. > > Although the bssl client tool knows how to resolve the address of its > "-connect" parameter, it is difficult to query HTTPS records in a > platform-agnostic way. If we decide the bssl client should directly > query HTTPS rather than leaning on fetch_ech_config_list.go, we should > look into libresolv. Specifically, the \|res_query\| function enables the > caller to query arbitrary record types. This may open its own can of > cross-platform worms; macOS and Linux typically ship with different > implementations and it is not available on Windows. For more info, see > `man 3 resolver`. > > Bug: 275 > Change-Id: I705591658921f60a958164a18b68ffb697c2ea4b > Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44104 > Reviewed-by: David Benjamin <davidben@google.com> Bug: 275 Change-Id: I9571e96c7a2ad7e239d86a353929a4e556d71287 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48106 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> 3 years ago			`require (`
Replace byteBuilder and byteReader with cryptobyte While I'm here, update x/crypto and x/net to their latest versions. byteReader is a straightforward port, except there doesn't seem to be a convenient way to read length-prefixed bytes without manually casting from cryptobyte.String to []byte, so I've done that. byteBuilder is a bit more involved because it's based on closures, but still a mechanical change. As part of this, I switched runner's ticket format to use u24 length prefixes instead of u32, because cryptobyte.String doesn't have u32 length prefixes. (Although, oddly, cryptobyte.Builder does.) Fixed: 374 Change-Id: If9bea0b41fe2b8bc48f040a667753b160da469bb Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/61186 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> 1 year ago			`golang.org/x/crypto v0.10.0`
			`golang.org/x/net v0.11.0`
Reland "Add util/fetch_ech_config_list.go" This is a reland of 160a8891ae9a1d03f29aec079a67d97bc773990e with go.mod and go.sum fixed. This updates golang.org/x/crypto, adds the latest golang.org/x/net as a direct dependency (it was previously an indirect dependency via x/crypto), and cleans up stale entries from go.sum with go mod tidy. Original change's description: > Add util/fetch_ech_config_list.go > > I wrote this tool to make it easier to test the ECH client against > real-world servers with the bssl client tool. I found that manually > extracting an ECHConfigList from a raw HTTPS record is unnecessarily > painful. > > The tool queries DNS over UDP for HTTPS records. If it finds any HTTPS > records in the response, it attempts to extract an ECHConfigList from > the "ech" SvcParam. It can write each extracted ECHConfigList to a file > in a given directory. Once the ECH client implementation lands, the bssl > client tool should have a new flag that that takes the path to an > ECHConfigList file. > > I am using golang.org/x/net/dns/dnsmessage to parse the DNS response. I > recently added the \|UnknownResource\| type to this library to enable > callers (like us) to extract the bytes of otherwise-unsupported records > (like HTTPS). I updated the dependency with `go get -u golang.org/x/net`. > > Although the bssl client tool knows how to resolve the address of its > "-connect" parameter, it is difficult to query HTTPS records in a > platform-agnostic way. If we decide the bssl client should directly > query HTTPS rather than leaning on fetch_ech_config_list.go, we should > look into libresolv. Specifically, the \|res_query\| function enables the > caller to query arbitrary record types. This may open its own can of > cross-platform worms; macOS and Linux typically ship with different > implementations and it is not available on Windows. For more info, see > `man 3 resolver`. > > Bug: 275 > Change-Id: I705591658921f60a958164a18b68ffb697c2ea4b > Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44104 > Reviewed-by: David Benjamin <davidben@google.com> Bug: 275 Change-Id: I9571e96c7a2ad7e239d86a353929a4e556d71287 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48106 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> 3 years ago			`)`
Bump Go version in go.mod and run go mod tidy. I did a go mod tidy run because https://go.dev/doc/modules/gomod-ref#go mentions something about transitive dependencies being noted differently. Fixed: 544 Change-Id: Ie631d83b8bb5e94f4ab7d47ae5d4eb4cc0b4ac06 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55365 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> 2 years ago
			`require (`
Replace byteBuilder and byteReader with cryptobyte While I'm here, update x/crypto and x/net to their latest versions. byteReader is a straightforward port, except there doesn't seem to be a convenient way to read length-prefixed bytes without manually casting from cryptobyte.String to []byte, so I've done that. byteBuilder is a bit more involved because it's based on closures, but still a mechanical change. As part of this, I switched runner's ticket format to use u24 length prefixes instead of u32, because cryptobyte.String doesn't have u32 length prefixes. (Although, oddly, cryptobyte.Builder does.) Fixed: 374 Change-Id: If9bea0b41fe2b8bc48f040a667753b160da469bb Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/61186 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> 1 year ago			`golang.org/x/sys v0.9.0 // indirect`
			`golang.org/x/term v0.9.0 // indirect`
Bump Go version in go.mod and run go mod tidy. I did a go mod tidy run because https://go.dev/doc/modules/gomod-ref#go mentions something about transitive dependencies being noted differently. Fixed: 544 Change-Id: Ie631d83b8bb5e94f4ab7d47ae5d4eb4cc0b4ac06 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55365 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> 2 years ago			`)`