Rewrite restls lib based on utls #2
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
uTLS: initial commit
This function is not needed anymore, since check for whether ciphersuite is supported is done against per-tls.Config, not against global variable. One of needed changes for fixing data races, see #5
This reverts commit 0af4975.
Makes sure that old cipher suite ids, added to global cipherSuites, are now disabled by default, and, thus, do not affect default Golang handshake.
The root cause of races is that global variables supportedSignatureAlgorithms and cipherSuites are used both to form handshake and to check whether or not peer responded with supported algorithm. In this patch I create separate variables for this purpose. Updated tests for kicks. Finally, go fmt.
Add utls.Write(). Fixes #3
Update README.md
…entHello raw bytes (#67)
SNIExtension was previously marshalling both ip addresses and empty strings, which are not allowed. See RFC 6066, Section 3. All of the utls specific testdata replays needed to be rebuilt to properly accomodate this change since they had previously been including empty server name extension values Addresses refraction-networking/utls#96
Fix invalid SNI handling which could be fingerprinted
Certificate compression is defined in RFC 8879: https://datatracker.ietf.org/doc/html/rfc8879 This implementation is client-side only, for server certificates. - Fixes #104.
* Document adding custom TLS extensions * Fix custom extension example
* Implement certificate compression Certificate compression is defined in RFC 8879: https://datatracker.ietf.org/doc/html/rfc8879 This implementation is client-side only, for server certificates. * Fix missing LOC * Add more fingerprints * Implement ALPS extension * Merge commit https://github.com/Noooste/utls/blob/fcaacdbbe7adfd23f754372a99cb162eb70e8d5f - At this commit, github.com/Noooste/utls remained at the original upstream LICENSE * added HelloChrome102 and HelloFirefox102 * Randomly include ALPS in HelloRandomized Co-authored-by: Harry Harpham <[email protected]> Co-authored-by: Sleeyax <[email protected]> Co-authored-by: Rod Hynes <[email protected]>
* Add new ClientHellos Also add faked support for token binding, ALPS, and delegated credentials * Remove FakeALPSExtension in favor of existing ApplicationSettingsExtension
* Fix Google Parrots - Move `HelloChrome_102` to the end of `HelloChrome_` fingerprints for consistency. - Fixed #123 by adjusting mismatching SupportedVersionsExtension value in `HelloChrome_100`. * Use same fp for Chrome 100 and 102 According to [TLSFingerprint.io: id e47eae8f8c4887b6](https://tlsfingerprint.io/id/e47eae8f8c4887b6), Chrome 100 may share this fp with 102.
* Merge Upstream (#4) * crypto/rand, internal/syscall/unix: add support for getrandom syscall on solaris The getrandom syscall is available on Solaris and Illumos, see https://docs.oracle.com/cd/E88353_01/html/E37841/getrandom-2.html and https://illumos.org/man/2/getrandom Change-Id: Id1c65d6a5b2fbc80d20b43d8b32dab137ca950ca Reviewed-on: https://go-review.googlesource.com/c/go/+/299134 Trust: Tobias Klauser <[email protected]> Run-TryBot: Tobias Klauser <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> * docs: clarify when APIs use context.Background. The Go standard library retrofitted context support onto existing APIs using context.Background and later offered variants that directly supported user-defined context value specification. This commit makes that behavior clear in documentation and suggests context-aware alternatives if the user is looking for one. An example motivation is supporting code for use in systems that expect APIs to be cancelable for lifecycle correctness or load shedding/management reasons, as alluded to in https://blog.golang.org/context-and-structs. Updates #44143 Change-Id: I2d7f954ddf9b48264d5ebc8d0007058ff9bddf14 Reviewed-on: https://go-review.googlesource.com/c/go/+/296152 Reviewed-by: Ian Lance Taylor <[email protected]> Reviewed-by: Jean de Klerk <[email protected]> Trust: Jean de Klerk <[email protected]> Run-TryBot: Jean de Klerk <[email protected]> TryBot-Result: Go Bot <[email protected]> * cmd: move GOEXPERIMENT knob from make.bash to cmd/go This CL changes GOEXPERIMENT to act like other GO[CONFIG] environment variables. Namely, that it can be set at make.bash time to provide a default value used by the toolchain, but then can be manually set when running either cmd/go or the individual tools (compiler, assembler, linker). For example, it's now possible to test rsc.io/tmp/fieldtrack by simply running: GOEXPERIMENT=fieldtrack go test -gcflags=-l rsc.io/tmp/fieldtrack \ -ldflags=-k=rsc.io/tmp/fieldtrack.tracked without needing to re-run make.bash. (-gcflags=-l is needed because the compiler's inlining abilities have improved, so calling a function with a for loop is no longer sufficient to suppress inlining.) Fixes #42681. Change-Id: I2cf8995d5d0d05f6785a2ee1d3b54b2cfb3331ca Reviewed-on: https://go-review.googlesource.com/c/go/+/300991 Trust: Matthew Dempsky <[email protected]> Run-TryBot: Matthew Dempsky <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Bryan C. Mills <[email protected]> * internal/poll: fix some grammar errors Change-Id: I25a6424bce9d372fa46e8bdd856095845d3397bf Reviewed-on: https://go-review.googlesource.com/c/go/+/300889 Reviewed-by: Ian Lance Taylor <[email protected]> Reviewed-by: Emmanuel Odeke <[email protected]> Run-TryBot: Ian Lance Taylor <[email protected]> TryBot-Result: Go Bot <[email protected]> * all: remove duplicate words Change-Id: Ib0469232a2b69a869e58d5d24990ad74ac96ea56 GitHub-Last-Rev: eb38e049ee1e773392ff3747e1eb2af20dd50dcd GitHub-Pull-Request: golang/go#44805 Reviewed-on: https://go-review.googlesource.com/c/go/+/299109 Trust: Emmanuel Odeke <[email protected]> Run-TryBot: Emmanuel Odeke <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Bryan C. Mills <[email protected]> * all: add internal/itoa package This replaces five implementations scattered across low level packages. (And I plan to use it in a sixth soon.) Three of the five were byte-for-byte identical. Change-Id: I3bbbeeac63723a487986c912b604e10ad1e042f4 Reviewed-on: https://go-review.googlesource.com/c/go/+/301549 Trust: Josh Bleecher Snyder <[email protected]> Run-TryBot: Josh Bleecher Snyder <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Emmanuel Odeke <[email protected]> * internal/poll: eliminate the redundant type conversions of FD.Sysfd Change-Id: Ib75662f717320510319c696520e645f54eec97f7 Reviewed-on: https://go-review.googlesource.com/c/go/+/301569 Reviewed-by: Emmanuel Odeke <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> * crypto/tls: add HandshakeContext method to Conn Adds the (*tls.Conn).HandshakeContext method. This allows us to pass the context provided down the call stack to eventually reach the tls.ClientHelloInfo and tls.CertificateRequestInfo structs. These contexts are exposed to the user as read-only via Context() methods. This allows users of (*tls.Config).GetCertificate and (*tls.Config).GetClientCertificate to use the context for request scoped parameters and cancellation. Replace uses of (*tls.Conn).Handshake with (*tls.Conn).HandshakeContext where appropriate, to propagate existing contexts. Fixes #32406 Change-Id: I259939c744bdc9b805bf51a845a8bc462c042483 Reviewed-on: https://go-review.googlesource.com/c/go/+/295370 Run-TryBot: Johan Brandhorst-Satzkorn <[email protected]> TryBot-Result: Go Bot <[email protected]> Trust: Katie Hockman <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: remove flaky cancellation test This will be reintroduced again once the source of the flakiness has been determined and fixed. Fixes #45084 Change-Id: I6677b27fcd71e8c9bb8edbe8e3be70e5a271ebd3 Reviewed-on: https://go-review.googlesource.com/c/go/+/302569 Trust: Johan Brandhorst-Satzkorn <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Johan Brandhorst-Satzkorn <[email protected]> Run-TryBot: Katie Hockman <[email protected]> Reviewed-by: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> * crypto/rand, internal/syscall/unix: add support for getentropy syscall on darwin The getentropy syscall is available on macOS since version 10.12, which is the minimum required version since Go 1.15. Change-Id: I294259af0b11df9669e4dc5fa891d2f2f039d91a Reviewed-on: https://go-review.googlesource.com/c/go/+/302489 Trust: Tobias Klauser <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Run-TryBot: Tobias Klauser <[email protected]> TryBot-Result: Go Bot <[email protected]> * [dev.fuzz] internal/fuzz: add minimization of []byte This works by minimizing for a maximum of one minute. We may consider making this customizable in the future. This only minimizes []byte inputs which caused a recoverable error. In the future, it should support minimizing other appopriate types, and minimizing types which caused non-recoverable errors (though this is much more expensive). The code in internal/fuzz/worker.go is copied from, or heavily inspired by, code originally authored by Dmitry Vyukov and Josh Bleecher Snyder as part of the go-fuzz project. Thanks to them for their contributions. See https://github.com/dvyukov/go-fuzz. Change-Id: I93dbac7ff874d6d0c1b9b9dda23930ae9921480c Reviewed-on: https://go-review.googlesource.com/c/go/+/298909 Trust: Katie Hockman <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * all: explode GOEXPERIMENT=regabi into 5 sub-experiments This separates GOEXPERIMENT=regabi into five sub-experiments: regabiwrappers, regabig, regabireflect, regabidefer, and regabiargs. Setting GOEXPERIMENT=regabi now implies the working subset of these (currently, regabiwrappers, regabig, and regabireflect). This simplifies testing, helps derisk the register ABI project, and will also help with performance comparisons. This replaces the -abiwrap flag to the compiler and linker with the regabiwrappers experiment. As part of this, regabiargs now enables registers for all calls in the compiler. Previously, this was statically disabled in regabiEnabledForAllCompilation, but now that we can control it independently, this isn't necessary. For #40724. Change-Id: I5171e60cda6789031f2ef034cc2e7c5d62459122 Reviewed-on: https://go-review.googlesource.com/c/go/+/302070 Trust: Austin Clements <[email protected]> Run-TryBot: Austin Clements <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Cherry Zhang <[email protected]> Reviewed-by: David Chase <[email protected]> * [dev.fuzz] testing: print logs and error messages when fuzzing Also improve the error messages for the use of testing.F functions inside the Fuzz function. Change-Id: I5fa48f8c7e0460a1da89a49a73e5af83c544e549 Reviewed-on: https://go-review.googlesource.com/c/go/+/298849 Trust: Katie Hockman <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * [dev.fuzz] internal/fuzz: reduce allocation in the mutator When mutating a byte slice, mutate in place, and only allocate once if the slice's capacity is less than the maximum size. mutateBytes already should not allocate; we check a post-condition that the slice's data pointer does not change. This speeds up the mutator from 4 ms per value to 200-600 ns. For example: goos: darwin goarch: amd64 pkg: internal/fuzz cpu: Intel(R) Core(TM) i7-8559U CPU @ 2.70GHz BenchmarkMutatorBytes/1-8 5908735 275.3 ns/op BenchmarkMutatorBytes/10-8 5198473 282.0 ns/op BenchmarkMutatorBytes/100-8 4304750 233.9 ns/op BenchmarkMutatorBytes/1000-8 4623988 295.2 ns/op BenchmarkMutatorBytes/10000-8 4252104 458.5 ns/op BenchmarkMutatorBytes/100000-8 1236751 950.8 ns/op PASS ok internal/fuzz 12.993s Change-Id: I4bf2a04be6c648ef440af2c62bf0ffa3d310172c Reviewed-on: https://go-review.googlesource.com/c/go/+/306675 Trust: Jay Conrod <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Jay Conrod <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * all: update references to symbols moved from io/ioutil to io Update references missed in CL 263142. For #41190 Change-Id: I778760a6a69bd0440fec0848bdef539c9ccb4ee1 GitHub-Last-Rev: dda42b09fff36dc08ec1cdec50cc19e3da5058e5 GitHub-Pull-Request: golang/go#42874 Reviewed-on: https://go-review.googlesource.com/c/go/+/273946 Run-TryBot: Ian Lance Taylor <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Trust: Cherry Zhang <[email protected]> * net: make ErrClosed and ParseError implement net.Error Fixes #45357 Change-Id: Iafd41fff232a89be4c88d4b1d66bc3c04d888bcc Reviewed-on: https://go-review.googlesource.com/c/go/+/307030 Trust: Ian Lance Taylor <[email protected]> Trust: Josh Bleecher Snyder <[email protected]> Run-TryBot: Ian Lance Taylor <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Josh Bleecher Snyder <[email protected]> * [dev.fuzz] internal/fuzz: small bug fixes and refactors to minimization This fixes a few issues that were being masked since log statements weren't being printed to stdout. Now that they are, fix the bugs, and update the tests. Also includes a few small refactors which will make minimizing non-recoverable errors easier. Change-Id: Ie2fd2e5534b3980317e1e1f3fd8e04750988c17f Reviewed-on: https://go-review.googlesource.com/c/go/+/307810 Trust: Katie Hockman <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * internal/goexperiment,cmd: consolidate GOEXPERIMENTs into a new package Currently there's knowledge about the list of GOEXPERIMENTs in a few different places. This CL introduces a new package and consolidates the list into one place: the internal/goexperiment.Flags struct type. This package gives us a central place to document the experiments as well as the GOEXPERIMENT environment variable itself. It will also give us a place to put built-time constants derived from the enabled experiments. Now the objabi package constructs experiment names by reflecting over this struct type rather than having a separate list of these names (this is similar to how the compiler handles command-line flags and debug options). We also expose a better-typed API to the toolchain for propagating enabled experiments. Change-Id: I06e026712b59fe2bd7cd11a869aedb48ffe5a4b7 Reviewed-on: https://go-review.googlesource.com/c/go/+/307817 Trust: Austin Clements <[email protected]> Run-TryBot: Austin Clements <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Matthew Dempsky <[email protected]> * internal/goexperiment: consolidate experiment-enabled constants Currently, we have boolean and integral constants for GOEXPERIMENTs in various places. Consolidate these into automatically generated constants in the internal/goexperiment package. Change-Id: I42a49aba2a3b4c722fedea23a613162cd8a67bee Reviewed-on: https://go-review.googlesource.com/c/go/+/307818 Trust: Austin Clements <[email protected]> Run-TryBot: Austin Clements <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Cherry Zhang <[email protected]> Reviewed-by: Matthew Dempsky <[email protected]> * cmd/internal/objabi: make GOEXPERIMENT be a diff from default experiments Right now the rules around handling default-on experiments are complicated and a bit inconsistent. Notably, objabi.GOEXPERIMENT is set to a comma-separated list of enabled experiments, but this may not be the string a user should set the GOEXPERIMENT environment variable to get that list of experiments: if an experiment is enabled by default but gets turned off by GOEXPERIMENT, then the string we report needs to include "no"+experiment to capture that default override. This complication also seeps into the version string we print for "go tool compile -V", etc. This logic is further complicated by the fact that it only wants to include an experiment string if the set of experiments varies from the default. This CL rethinks how we handle default-on experiments. Now that experiment state is all captured in a struct, we can simplify a lot of this logic. objabi.GOEXPERIMENT will be set based on the delta from the default set of experiments, which reflects what a user would actually need to pass on the command line. Likewise, we include this delta in the "-V" output, which simplifies this logic because if there's nothing to show in the version string, the delta will be empty. Change-Id: I7ed307329541fc2c9f90edd463fbaf8e0cc9e8ee Reviewed-on: https://go-review.googlesource.com/c/go/+/307819 Trust: Austin Clements <[email protected]> Run-TryBot: Austin Clements <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Matthew Dempsky <[email protected]> * runtime,cmd/link: include GOEXPERIMENTs in runtime.Version(), "go version X" This adds the set of GOEXPERIMENTs to the build version if it differs from the default set of experiments. This exposes the experiment settings via runtime.Version() and "go version <binary>". Change-Id: I143dbbc50f66a4cf175469199974e18848075af6 Reviewed-on: https://go-review.googlesource.com/c/go/+/307820 Trust: Austin Clements <[email protected]> Run-TryBot: Austin Clements <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Matthew Dempsky <[email protected]> * [dev.fuzz] internal/fuzz: add stub for coverage This change only includes a stub for the function which will hook into the runtime to expose coverage instrumentation while we're fuzzing. Previously, we discussed an exported API named FuzzCoverage, but since this is within the internal/fuzz package, simply naming it coverage seems appropriate. Change-Id: Iba3240e53e0c4c434e937aa9bb1711a44fec9975 Reviewed-on: https://go-review.googlesource.com/c/go/+/308191 Trust: Katie Hockman <[email protected]> Run-TryBot: Katie Hockman <[email protected]> Reviewed-by: Matthew Dempsky <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * [dev.fuzz] internal/fuzz: add mutator for int types Assuming this works, will follow up with another CL that mutates other types. Change-Id: Id61acaacd56ca41e3be52e400f8f768672313bbb Reviewed-on: https://go-review.googlesource.com/c/go/+/308169 Trust: Katie Hockman <[email protected]> Trust: Jay Conrod <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * [dev.fuzz] internal/fuzz: implement coverage and trace instrumentation This CL makes two main changes to allow internal/fuzz to support -d=libfuzzer instrumentation: 1. It extends cmd/link to define _counters and _ecounters symbols so internal/fuzz can find the coverage counters. 2. It adds "trace" stub functions that implement the ABI expected by cmd/compile for comparison instrumentation. N.B., that -tags=libfuzzer should *not* be set, so that internal/fuzz's trace routines will be used instead of runtime's libfuzzer trampolines. Also, the current implementation doesn't support multi-module builds (i.e., compiling a Go program that spans multiple .so/.dll files). Presumably this isn't an issue, since "go test -fuzz" will need to recompile the binary with instrumentation anyway so it can make sure to always use a single-module build. But we can revisit this if necessary. Change-Id: I9b1619119ab7477bebcfd5988b4b60499a7ab0d7 Reviewed-on: https://go-review.googlesource.com/c/go/+/308289 Trust: Matthew Dempsky <[email protected]> Trust: Katie Hockman <[email protected]> Reviewed-by: Katie Hockman <[email protected]> Reviewed-by: Jay Conrod <[email protected]> Reviewed-by: Cherry Zhang <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> * [dev.fuzz] internal/fuzz: don't count time spent loading corpus The -fuzztime flag tells us how much time to spend fuzzing, not counting time spent running the seed corpus. We shouldn't count time spent loading the cache either. If the cache is large, the time limit may be exceeded before the coordinator starts the workers. Change-Id: If00435faa5d24aabdb9003ebb9337fa2e47f22b6 Reviewed-on: https://go-review.googlesource.com/c/go/+/307310 Trust: Jay Conrod <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Jay Conrod <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * [dev.fuzz] internal/fuzz: improve cancellation in worker event loops worker.runFuzzing now accepts a Context, used for cancellation instead of doneC (which is removed). This is passed down through workerClient RPC methods (ping, fuzz). workerClient RPC methods now wrap the call method, which handles marshaling and cancellation. Both workerClient.call and workerServer.serve should return quickly when their contexts are cancelled. Turns out, closing the pipe won't actually unblock a read on all platforms. Instead, we were falling back to SIGKILL in worker.stop, which works but takes longer than necessary. Also fixed missing newline in log message. Change-Id: I7b5ae54d6eb9afd6361a07759f049f048952e0cc Reviewed-on: https://go-review.googlesource.com/c/go/+/303429 Trust: Jay Conrod <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Jay Conrod <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * [dev.fuzz] testing: let -fuzztime specify a number of executions -fuzztime now works similarly to -benchtime: if it's given a string with an "x" suffix (as opposed to "s" or some other unit of duration), the fuzzing system will generate and run a maximum number of values. This CL also implements tracking and printing counts, since most of the work was already done. Change-Id: I013007984b5adfc1a751c379dc98c8d46b4a97e9 Reviewed-on: https://go-review.googlesource.com/c/go/+/306909 Trust: Jay Conrod <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Jay Conrod <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * [dev.fuzz] testing: support T.Parallel in fuzz functions While running the seed corpus, T.Parallel acts like it does in subtests started with T.Run: it blocks until all other non-parallel subtests have finished, then unblocks when the barrier chan is closed. A semaphore (t.context.waitParallel) limits the number of tests that run concurrently (determined by -test.parallel). While fuzzing, T.Parallel has no effect, other than asserting that it can't be called multiple times. We already run different inputs in concurrent processes, but we can't run inputs concurrently in the same process if we want to attribute crashes to specific inputs. Change-Id: I2bac08e647e1d92ea410c83c3f3558a033fe3dd1 Reviewed-on: https://go-review.googlesource.com/c/go/+/300449 Trust: Jay Conrod <[email protected]> Run-TryBot: Jay Conrod <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * [dev.fuzz] internal/fuzz: move CoordinateFuzzing args into struct type This improves readability a bit, and it should help with compatibility for future clients when arguments are added or reordered. Unfortunately, testing still can't import internal/fuzz, so the interface there can't use this type. Change-Id: I4cda2347884defcbbfc2bd01ab5b4a901d91549c Reviewed-on: https://go-review.googlesource.com/c/go/+/308192 Trust: Jay Conrod <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Jay Conrod <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * all: fix spellings This follows the spelling choices that the Go project has made for English words. https://github.com/golang/go/wiki/Spelling Change-Id: Ie7c586d2cf23020cb492cfff58c0831d2d8d3a78 GitHub-Last-Rev: e16a32cd225a275f73d236bcb33703986d110ded GitHub-Pull-Request: golang/go#45442 Reviewed-on: https://go-review.googlesource.com/c/go/+/308291 Run-TryBot: Ian Lance Taylor <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Trust: Emmanuel Odeke <[email protected]> * internal/poll: fix the intermittent build failures with pipe pool Correlative CL 308089 Fixes #45059 Change-Id: I1ff9fbf64e6620d651f287ba2a28d40f964d78a3 Reviewed-on: https://go-review.googlesource.com/c/go/+/308329 Run-TryBot: Ian Lance Taylor <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Trust: Emmanuel Odeke <[email protected]> * internal/poll: ensure that newPoolPipe doesn't return a nil pointer The function could occasionally return a nil pointer as a non-nil interface, confusing the calling code. Fixes #45520 Change-Id: Ifd35613728efa2cee9903177e85d369155074804 Reviewed-on: https://go-review.googlesource.com/c/go/+/309429 Trust: Ian Lance Taylor <[email protected]> Run-TryBot: Ian Lance Taylor <[email protected]> Reviewed-by: Cuong Manh Le <[email protected]> Reviewed-by: Andy Pan <[email protected]> TryBot-Result: Go Bot <[email protected]> * [dev.fuzz] internal/fuzz: allow float types to be integer literals Previously, something like `float64(0)` would fail to decode since the 0 value is considered an integer literal, and the float64 parsing code required a float literal. Be more flexible here since an integer can always be converted to a float. Change-Id: Id1c53ef2e8a9748a4f71176b00b453a329af4ade Reviewed-on: https://go-review.googlesource.com/c/go/+/309032 Trust: Katie Hockman <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * [dev.fuzz] internal/fuzz: mutate other types Change-Id: I8042c17268aca0a9bb2f692317207bb864b18680 Reviewed-on: https://go-review.googlesource.com/c/go/+/309033 Trust: Katie Hockman <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * internal/execabs: replace ioutil.WriteFile with os.WriteFile Fixes #45532. Change-Id: I844acd50d6fa1ce918969bbb52f79dd7412d289f Reviewed-on: https://go-review.googlesource.com/c/go/+/309350 Run-TryBot: Ian Lance Taylor <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Trust: Tobias Klauser <[email protected]> * runtime: move next_gc and last_next_gc into gcControllerState This change moves next_gc and last_next_gc into gcControllerState under the names heapGoal and lastHeapGoal respectively. These are fundamentally GC pacer related values, and so it makes sense for them to live here. Partially generated by rf ' ex . { memstats.next_gc -> gcController.heapGoal memstats.last_next_gc -> gcController.lastHeapGoal } ' except for updates to comments and gcControllerState methods, where they're accessed through the receiver, and trace-related renames of NextGC -> HeapGoal, while we're here. For #44167. Change-Id: I1e871ad78a57b01be8d9f71bd662530c84853bed Reviewed-on: https://go-review.googlesource.com/c/go/+/306603 Trust: Michael Knyszek <[email protected]> Run-TryBot: Michael Knyszek <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Michael Pratt <[email protected]> * internal/bytealg: port more performance-critical functions to ABIInternal CL 308931 ported several runtime assembly functions to ABIInternal so that compiler-generated ABIInternal calls don't go through ABI wrappers, but it missed the runtime assembly functions that are actually defined in internal/bytealg. This eliminates the cost of wrappers for the BleveQuery and GopherLuaKNucleotide benchmarks, but there's still more to do for Tile38. 0-base 1-wrappers sec/op sec/op vs base BleveQuery 6.507 ± 0% 6.477 ± 0% -0.46% (p=0.004 n=20) GopherLuaKNucleotide 30.39 ± 1% 30.34 ± 0% ~ (p=0.301 n=20) Tile38IntersectsCircle100kmRequest 1.038m ± 1% 1.080m ± 2% +4.03% (p=0.000 n=20) For #40724. Change-Id: I0b722443f684fcb997b1d70802c5ed4b8d8f9829 Reviewed-on: https://go-review.googlesource.com/c/go/+/310184 Trust: Austin Clements <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Cherry Zhang <[email protected]> * bytes: add asm implementation for index on ppc64x This adds an asm implementation of index on ppc64le and ppc64. It results in a significant improvement in some of the benchmarks that use bytes.Index. The implementation is based on a port of the s390x asm implementation. Comments on the design are found with the code. The following improvements occurred on power8: Index/10 70.7ns ± 0% 18.8ns ± 0% -73.4 Index/32 165ns ± 0% 95ns ± 0% -42.6 Index/4K 9.23µs ± 0% 4.91µs ± 0% -46 Index/4M 9.52ms ± 0% 5.10ms ± 0% -46.4 Index/64M 155ms ± 0% 85ms ± 0% -45.1 Count/10 83.0ns ± 0% 32.1ns ± 0% -61.3 Count/32 178ns ± 0% 109ns ± 0% -38.8 Count/4K 9.24µs ± 0% 4.93µs ± 0% -46 Count/4M 9.52ms ± 0% 5.10ms ± 0% -46.4 Count/64M 155ms ± 0% 85ms ± 0% -45.1 IndexHard1 2.36ms ± 0% 0.13ms ± 0% -94.4 IndexHard2 2.36ms ± 0% 1.28ms ± 0% -45.8 IndexHard3 2.36ms ± 0% 1.19ms ± 0% -49.4 IndexHard4 2.36ms ± 0% 2.35ms ± 0% -0.1 CountHard1 2.36ms ± 0% 0.13ms ± 0% -94.4 CountHard2 2.36ms ± 0% 1.28ms ± 0% -45.8 CountHard3 2.36ms ± 0% 1.19ms ± 0% -49.4 IndexPeriodic/IndexPeriodic2 146µs ± 0% 8µs ± 0% -94 IndexPeriodic/IndexPeriodic4 146µs ± 0% 8µs ± 0% -94 Change-Id: I7dd2bb7e278726e27f51825ca8b2f8317d460e60 Reviewed-on: https://go-review.googlesource.com/c/go/+/309730 Run-TryBot: Lynn Boger <[email protected]> Reviewed-by: Paul Murphy <[email protected]> Reviewed-by: Carlos Eduardo Seo <[email protected]> Trust: Carlos Eduardo Seo <[email protected]> Trust: Lynn Boger <[email protected]> * internal/goexperiment: move baseline configuration to objabi We need to adjust baseline experiment configuration based on the configured GOOS and GOARCH, so it can't live in goexperiment. Move it to objabi. Change-Id: I65f4ce56902c6c1a82735050773c58f2d1320cc6 Reviewed-on: https://go-review.googlesource.com/c/go/+/310169 Trust: Austin Clements <[email protected]> Run-TryBot: Austin Clements <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Russ Cox <[email protected]> * internal/buildcfg: move build configuration out of cmd/internal/objabi The go/build package needs access to this configuration, so move it into a new package available to the standard library. Change-Id: I868a94148b52350c76116451f4ad9191246adcff Reviewed-on: https://go-review.googlesource.com/c/go/+/310731 Trust: Russ Cox <[email protected]> Run-TryBot: Russ Cox <[email protected]> Reviewed-by: Austin Clements <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * crypto/tls: fix flaky handshake cancellation tests Simplified both tests significantly by removing logic for writing the client/server side messages. The flake was likely because of a race between the closing of the local pipe from inside the test and closing of the pipe from within the handshakeContext goroutine. Wait to close the local pipe in the test until after the test has finished running. Fixes #45106 Fixes #45299 Change-Id: If7ca75aeff7df70cda03c934fa9d8513276d465d Reviewed-on: https://go-review.googlesource.com/c/go/+/305250 Trust: Johan Brandhorst-Satzkorn <[email protected]> Trust: Katie Hockman <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * [dev.fuzz] internal/fuzz: minimize non-recoverable errors Assuming that this works for non-recoverable errors, there will likely be a follow-up CL which refactors the minimization for recoverable errors to use the same RPC flow (since that more easily allows the worker to tell the coordinator that it's minimizing and shouldn't send more inputs to other workers to fuzz). Change-Id: I32ac7cec4abe2d4c345c0ee77315233047efb1fb Reviewed-on: https://go-review.googlesource.com/c/go/+/309509 Trust: Katie Hockman <[email protected]> Run-TryBot: Katie Hockman <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * internal/buildcfg: make regabi an alias for regabi sub-experiments Currently, specifying GOEXPERIMENT=regabi will turn on all regabi sub-experiments, but GOEXPERIMENT=noregabi won't turn anything off. Regabi also isn't a "real" experiment in the sense that nothing in the code base should depend on it as an experiment flag (it should depend on the appropriate sub-experiments). Hence, drop Regabi from goexperiment.Flags and make "regabi" in GOEXPERIMENT be a real alias for all of the sub-flags, so regabi will turn on all of the sub-flags and noregabi will turn off all of the sub-flags. This way, once we enable the sub-experiments in the baseline configuration, it will be easy to turn off with "noregabi". For #40724. Change-Id: I0fb95be42f756d412e729a396be607d629ae2bab Reviewed-on: https://go-review.googlesource.com/c/go/+/310609 Trust: Austin Clements <[email protected]> Run-TryBot: Austin Clements <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Russ Cox <[email protected]> Reviewed-by: Cherry Zhang <[email protected]> * internal/buildcfg: make regabi enable regabiargs For #40724. Change-Id: I6e9d7eb91883857479699972a974a39ce3d9d2cc Reviewed-on: https://go-review.googlesource.com/c/go/+/310849 Trust: Austin Clements <[email protected]> Run-TryBot: Austin Clements <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Than McIntosh <[email protected]> Reviewed-by: Cherry Zhang <[email protected]> * internal/buildcfg: enable regabiwrappers by default For #40724. Change-Id: I75d6ba2d3e4e2d858eea8053efd0f3fd4439dab7 Reviewed-on: https://go-review.googlesource.com/c/go/+/310172 Trust: Austin Clements <[email protected]> Trust: Russ Cox <[email protected]> Run-TryBot: Austin Clements <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Cherry Zhang <[email protected]> * internal/buildcfg: enable regabig by default For #40724. Change-Id: Ibf4ff8b24b501813839657ac195b909682ac7d0b Reviewed-on: https://go-review.googlesource.com/c/go/+/310173 Trust: Austin Clements <[email protected]> Trust: Russ Cox <[email protected]> Run-TryBot: Austin Clements <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Cherry Zhang <[email protected]> * net: pass MSG_CMSG_CLOEXEC flag in ReadMsgUnix As mentioned in #42765, calling "recvmsg" syscall on Linux should come with "MSG_CMSG_CLOEXEC" flag. For other systems which not supports "MSG_CMSG_CLOEXEC". ReadMsgUnix() would check the header. If the header type is "syscall.SCM_RIGHTS", then ReadMsgUnix() would parse the SocketControlMessage and call each fd with "syscall.CloseOnExec" Fixes #42765 Change-Id: I74347db72b465685d7684bf0f32415d285845ebb GitHub-Last-Rev: ca59e2c9e0e8de1ae590e9b6dc165cb768a574f5 GitHub-Pull-Request: golang/go#42768 Reviewed-on: https://go-review.googlesource.com/c/go/+/272226 Trust: Emmanuel Odeke <[email protected]> Run-TryBot: Emmanuel Odeke <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Reviewed-by: Tobias Klauser <[email protected]> * internal/buildcfg: enable regabireflect by default For #40724. Change-Id: Ib3e4a67c3826176f0d51619754270022344ee194 Reviewed-on: https://go-review.googlesource.com/c/go/+/310174 Trust: Austin Clements <[email protected]> Trust: Russ Cox <[email protected]> Run-TryBot: Austin Clements <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Cherry Zhang <[email protected]> * internal/buildcfg: enable regabidefer by default For #40724. Change-Id: If3a66c0e29cb20dd29ac13c8d00aa46ee279ab97 Reviewed-on: https://go-review.googlesource.com/c/go/+/310175 Trust: Austin Clements <[email protected]> Trust: Russ Cox <[email protected]> Run-TryBot: Austin Clements <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Cherry Zhang <[email protected]> * internal/buildcfg: enable regabiargs by default For #40724. Change-Id: I7509668478d20dd625f210e5a33f5d896a76d6b5 Reviewed-on: https://go-review.googlesource.com/c/go/+/310176 Trust: Austin Clements <[email protected]> Trust: Russ Cox <[email protected]> Run-TryBot: Austin Clements <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Cherry Zhang <[email protected]> * internal/poll, net: fix comments regarding accept and sysSocket The implementation of accept was moved from package net to internal/poll in CL 36799. Change-Id: I6e5964e0ee22e9c84bc444860cdd497817451fec Reviewed-on: https://go-review.googlesource.com/c/go/+/311571 Trust: Tobias Klauser <[email protected]> Run-TryBot: Tobias Klauser <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> * internal/bytealg: add power9 version of bytes index This adds a power9 version of the bytes.Index function for little endian. Here is the improvement on power9 for some of the Index benchmarks: Index/10 -0.14% Index/32 -3.19% Index/4K -12.66% Index/4M -13.34% Index/64M -13.17% Count/10 -0.59% Count/32 -2.88% Count/4K -12.63% Count/4M -13.35% Count/64M -13.17% IndexHard1 -23.03% IndexHard2 -13.01% IndexHard3 -22.12% IndexHard4 +0.16% CountHard1 -23.02% CountHard2 -13.01% CountHard3 -22.12% IndexPeriodic/IndexPeriodic2 -22.85% IndexPeriodic/IndexPeriodic4 -23.15% Change-Id: Id72353e2771eba2efbb1544d5f0be65f8a9f0433 Reviewed-on: https://go-review.googlesource.com/c/go/+/311380 Run-TryBot: Carlos Eduardo Seo <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Carlos Eduardo Seo <[email protected]> Trust: Lynn Boger <[email protected]> * cmd/compile, internal/abi: add FuncPCABIxxx intrinsics When ABI wrappers are used, there are cases where in Go code we need the PC of the defined function instead of the ABI wrapper. Currently we work around this by define such functions as ABIInternal, even if they do not actually follow the internal ABI. This CL introduces internal/abi.FuncPCABIxxx functions as compiler intrinsics, which return the underlying defined function's entry PC if the argument is a direct reference of a function of the expected ABI, and reject it if it is of a different ABI. As a proof of concept, change runtime.goexit back to ABI0 and use internal/abi.FuncPCABI0 to retrieve its PC. Updates #44065. Change-Id: I02286f0f9d99e6a3090f9e8169dbafc6804a2da6 Reviewed-on: https://go-review.googlesource.com/c/go/+/304232 Trust: Cherry Zhang <[email protected]> Run-TryBot: Cherry Zhang <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Than McIntosh <[email protected]> * [dev.fuzz] internal/fuzz: allow setting pcg seed via GODEBUG Format is "fuzzseed=123". Change-Id: Idb314270c8fd4307149c8503e13424b653ec4b0a Reviewed-on: https://go-review.googlesource.com/c/go/+/313651 Trust: Roland Shoemaker <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Roland Shoemaker <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * [dev.fuzz] internal/fuzz: add extra []byte mutators Adds four []byte mutators which: * insert a chunk of constant bytes * overwirtes a chunk with constant bytes * shuffle a range of bytes * swaps two chunks Also updates the 'set byte to random value' mutator to use XOR in order to avoid a no-op. Additionally updates the rng call which chooses the []byte mutators so all the available mutators are used. Change-Id: I0703518922952f4b1c81b19b196ee91c73b0d5f8 Reviewed-on: https://go-review.googlesource.com/c/go/+/313270 Trust: Roland Shoemaker <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Roland Shoemaker <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * internal/buildcfg: enable regabi for Android This will permit us to write ABIInternal assembler code for linux-amd64. For #40724 Change-Id: I681866651554eda4229d6faa7f0c1ba42d07e57d Reviewed-on: https://go-review.googlesource.com/c/go/+/315390 Trust: Ian Lance Taylor <[email protected]> Run-TryBot: Ian Lance Taylor <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Cherry Zhang <[email protected]> * internal/syscall/unix: use internal/abi.FuncPC for syscall wrapper Following CL 313230, this is for internal/syscall/unix package. Updates #45702. Change-Id: Ie6d8c1923dfeae56896212393c5c2a6e257648d2 Reviewed-on: https://go-review.googlesource.com/c/go/+/316649 Trust: Cherry Zhang <[email protected]> Run-TryBot: Cherry Zhang <[email protected]> Reviewed-by: Than McIntosh <[email protected]> TryBot-Result: Go Bot <[email protected]> * internal/buildcfg: set Error instead of panicking All build environment validation sets Error except for the GOEXPERIMENT parser, which panics. Change it to also set Error so that a bad GOEXPERIMENT doesn't cause everything that imports internal/buildcfg to panic on init. Change-Id: Ie9a506ef0978ecb410f2dcd784638f2167354175 Reviewed-on: https://go-review.googlesource.com/c/go/+/310970 Trust: Austin Clements <[email protected]> Run-TryBot: Austin Clements <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * [dev.fuzz] internal/fuzz: don't panic if types change There was a bug where if the types to fuzz were different from the types in a file in the on-disk corpus, then the code would panic. We thought this case was handled, but the final `continue` in the nested loop still allowed the invalid entry to be added to the corpus. Pulling the validation into a helper function makes this less brittle. Change-Id: I401346f890ea30ab7cff9640cb555da2e3ff8cc6 Reviewed-on: https://go-review.googlesource.com/c/go/+/313810 Trust: Katie Hockman <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * crypto/tls: enforce ALPN overlap when negotiated on both sides During the TLS handshake if the server doesn't support any of the application protocols requested by the client, send the no_application_protocol alert and abort the handshake on the server side. This enforces the requirements of RFC 7301. Change-Id: Iced2bb5c6efc607497de1c40ee3de9c2b393fa5d Reviewed-on: https://go-review.googlesource.com/c/go/+/289209 Trust: Roland Shoemaker <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Roland Shoemaker <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * internal/poll: cast off the last reference of SplicePipe in test Updates #45059 Change-Id: I9f377abcc7b77136ae6cf4896b968f73c758b559 Reviewed-on: https://go-review.googlesource.com/c/go/+/317510 Reviewed-by: Bryan C. Mills <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Run-TryBot: Ian Lance Taylor <[email protected]> TryBot-Result: Go Bot <[email protected]> * [dev.fuzz] testing,internal/fuzz: prevent unbounded memory growth Usage of f.testContext.match.fullName to generate the test name causes unbounded memory growth, eventually causing the fuzzer to slow down as memory pressure increases. Each time fuzzFn is invoked it generates a unique string and stores it in a map. With the fuzzer running at around 100k executions per second this consumed around ~30GB of memory in a handful of minutes. Instead just use the base name of the test for mutated inputs, a special name for seeded inputs, and the filename for inputs from the input corpus. Change-Id: I083f47df7e82f0c6b0bda244f158233784a13029 Reviewed-on: https://go-review.googlesource.com/c/go/+/316030 Trust: Roland Shoemaker <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Roland Shoemaker <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: make cipher suite preference ordering automatic We now have a (well, two, depending on AES hardware support) universal cipher suite preference order, based on their security and performance. Peer and application lists are now treated as filters (and AES hardware support hints) that are applied to this universal order. This removes a complex and nuanced decision from the application's responsibilities, one which we are better equipped to make and which applications usually don't need to have an opinion about. It also lets us worry less about what suites we support or enable, because we can be confident that bad ones won't be selected over good ones. This also moves 3DES suites to InsecureCipherSuites(), even if they are not disabled by default. Just because we can keep them as a last resort it doesn't mean they are secure. Thankfully we had not promised that Insecure means disabled by default. Notable test changes: - TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the right certificate regardless of CipherSuite ordering, which is now completely ignored, as tested by TestCipherSuitePreference. Removed. - The openssl command of TestHandshakeServerExportKeyingMaterial was broken for TLS 1.0 in CL 262857, but its golden file was not regenerated, so the test kept passing. It now broke because the selected suite from the ones in the golden file changed. - In TestAESCipherReordering, "server strongly prefers AES-GCM" is removed because there is no way for a server to express a strong preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha" switched to ChaCha20 when the server lacks AES hardware; and finally "client supports multiple AES-GCM" changed to always prefer AES-128 per the universal preference list. * this is going back on an explicit decision from CL 262857, and while that client order is weird and does suggest a strong dislike for ChaCha20, we have a strong dislike for software AES, so it didn't feel worth making the logic more complex - All Client-* golden files had to be regenerated because the ClientHello cipher suites have changed. (Even when Config.CipherSuites was limited to one suite, the TLS 1.3 default order changed.) Fixes #45430 Fixes #41476 (as 3DES is now always the last resort) Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5 Reviewed-on: https://go-review.googlesource.com/c/go/+/314609 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Trust: Filippo Valsorda <[email protected]> * cmd/compile,reflect: allow longer type names Encode the length of type names and tags in a varint encoding instead of a fixed 2-byte encoding. This allows lengths longer than 65535 (which can happen for large unnamed structs). Removed the alignment check for #14962, it isn't relevant any more since we're no longer reading pointers directly out of this data (it is encoded as an offset which is copied out bytewise). Fixes #44155 Update #14962 Change-Id: I6084f6027e5955dc16777c87b0dd5ea2baa49629 Reviewed-on: https://go-review.googlesource.com/c/go/+/318249 Trust: Keith Randall <[email protected]> Run-TryBot: Keith Randall <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> * [dev.fuzz] internal/fuzz: use coverage instrumentation while fuzzing This change updates the go command behavior when fuzzing to instrument the binary for code coverage, and uses this coverage in the fuzzing engine to determine if an input is interesting. Unfortunately, we can't store and use the coverage data for a given run of `go test` and re-use it the next time we fuzz, since the edges could have changed between builds. Instead, every entry in the seed corpus and the on-disk corpus is run by the workers before fuzzing begins, so that the coordinator can get the baseline coverage for what the fuzzing engine has already found (or what the developers have already provided). Users should run `go clean -fuzzcache` before using this change, to clear out any existing "interesting" values that were in the cache. Previously, every single non-crashing input was written to the on-disk corpus. Now, only inputs that actually expand coverage are written. This change includes a small hack in cmd/go/internal/load/pkg.go which ensures that the Gcflags that were explicitly set in cmd/go/internal/test/test.go don't get cleared out. Tests will be added in a follow-up change, since they will be a bit more involved. Change-Id: Ie659222d44475c6d68fa4a35d37c37cab3619d71 Reviewed-on: https://go-review.googlesource.com/c/go/+/312009 Trust: Katie Hockman <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * all: add //go:build lines to assembly files Don't add them to files in vendor and cmd/vendor though. These will be pulled in by updating the respective dependencies. For #41184 Change-Id: Icc57458c9b3033c347124323f33084c85b224c70 Reviewed-on: https://go-review.googlesource.com/c/go/+/319389 Trust: Tobias Klauser <[email protected]> Run-TryBot: Tobias Klauser <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Russ Cox <[email protected]> * [dev.fuzz] internal/fuzz: include coverage in logged stats Change-Id: I51ec70b69e802fd0d962ba9544e96e29b1627fef Reviewed-on: https://go-review.googlesource.com/c/go/+/319590 Trust: Roland Shoemaker <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Roland Shoemaker <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * [dev.fuzz] internal/fuzz: move coverage capture closer to function When instrumented packages intersect with the packages used by the testing or internal/fuzz packages the coverage counters become noisier, as counters will be triggered by non-fuzzed harness code. Ideally counters would be deterministic, as there are many advanced fuzzing strategies that require mutating the input while maintaining static coverage. The simplest way to mitigate this noise is to capture the coverage counters as closely as possible to the invocation of the fuzz target in the testing package. In order to do this add a new function which captures the current values of the counters, SnapshotCoverage. This function copies the current counters into a static buffer, coverageSnapshot, which workerServer.fuzz can then inspect when it comes time to check if new coverage has been found. This method is not foolproof. As the fuzz target is called in a goroutine, harness code can still cause counters to be incremented while the target is being executed. Despite this we do see significant reduction in churn via this approach. For example, running a basic target that causes strconv to be instrumented for 500,000 iterations causes ~800 unique sets of coverage counters, whereas by capturing the counters closer to the target we get ~40 unique sets. It may be possible to make counters completely deterministic, but likely this would require rewriting testing/F.Fuzz to not use tRunner in a goroutine, and instead use it in a blocking manner (which I couldn't figure out an obvious way to do), or by doing something even more complex. Change-Id: I95c2f3b1d7089c3e6885fc7628a0d3a8ac1a99cf Reviewed-on: https://go-review.googlesource.com/c/go/+/320329 Trust: Roland Shoemaker <[email protected]> Trust: Katie Hockman <[email protected]> Reviewed-by: Jay Conrod <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * [dev.fuzz] internal/fuzz: make minimization tests more reliable * Introduced -fuzzminimizetime flag to control the number of time or the number of calls to spend minimizing. Defaults to 60s. Only works for unrecoverable crashes for now. * Moved the count (used by -fuzztime=1000x) into shared memory. Calling workerClient.fuzz resets it, but it will remain after the worker processes crashes. workerClient.minimize resets it once before restarting the worker the first time, but the total number of runs should still be limited during minimization, even after multiple terminations and restarts. * Renamed fuzzArgs.Count to Limit to avoid confusion. * Several other small fixes and refactorings. Change-Id: I03faa4c94405041f6dfe48568e5ead502f8dbbd2 Reviewed-on: https://go-review.googlesource.com/c/go/+/320171 Trust: Jay Conrod <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Jay Conrod <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * [dev.typeparams] internal/buildcfg: turn on register ABI on all AMD64 platforms Register ABI is already enabled by default on AMD64 on Linux (including Android), macOS, and Windows. This CL enables it on the rest, specifically, on FreeBSD, OpenBSD, NetBSD, DragonflyBSD, Solaris (including Illumos), iOS (simulator), and Plan 9. Change-Id: I80fa20c8bbc8d67b16a19f71b65422e890210ab5 Reviewed-on: https://go-review.googlesource.com/c/go/+/321332 Trust: Cherry Mui <[email protected]> Run-TryBot: Cherry Mui <[email protected]> Reviewed-by: Than McIntosh <[email protected]> Reviewed-by: David Chase <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> * [dev.fuzz] internal/fuzz: remove old TODO Change-Id: I997934ebcde0dee9017c85a0572597855d73cf64 Reviewed-on: https://go-review.googlesource.com/c/go/+/321569 Trust: Katie Hockman <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * [dev.typeparams] internal/buildcfg: enable defer/go wrapping everywhere For register ABI, we wrap deferred/go'd function with arguments or results in an argumentless closure, so the runtime can call the function without knowing how to marshal the arguments, or reserving frame for arguments and results. The wrapping mechanism works everywhere, regardless of whether the register ABI is used. And wrapping will simplify the compiler and runtime's implementation for defer and go calls. For example, the compiler will not need to marshal arguments for defer/go calls, the opendefer metadata will not need to contain argument information, and _defer record will be fixed-sized. Enable wrapping everywhere. Change-Id: I2032ba87249ceb686310dc640fb00696669ae912 Reviewed-on: https://go-review.googlesource.com/c/go/+/321958 Trust: Cherry Mui <[email protected]> Run-TryBot: Cherry Mui <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> TryBot-Result: Go Bot <[email protected]> * Revert "[dev.fuzz] internal/fuzz: include coverage in logged stats" This reverts commit 54f067812dd870c305daabd22ca190b0f48e672e. Reason for revert: While this is helpful for the engineering team when we're debugging, it might lead to users feeling like the fuzzer is stuck and that there are a lot of edges that are still yet to be reached. In reality, it's very likely that the compiler will instrument more lines of code than are actually reachable by the fuzz target, so showing the ratio between number of edges hit vs. all edges can be misleading. In the future, we may want to consider making this information viewable by a debug flag or something similar. Change-Id: Ied696f8bf644445bad22c872b64daa7add605ac6 Reviewed-on: https://go-review.googlesource.com/c/go/+/322632 Trust: Katie Hockman <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * [dev.fuzz] internal/fuzz,testing: treat panics as recoverable And only log the last panic, not all of them, during minimization. This change makes the worker processes quiet, so now the only process that logs anything is the coordinator. This hides all of the panics caused during minimization of an input which causes a panic. This change also alters the usage of tRunner such that we now recover from recoverable panics instead of terminating the process. This results in larger stack traces, since we include a bit more of the trace within testing. There is a TODO to see if it's possible to slice the stack up so that it is somewhat more informative. Change-Id: Ic85eabd2e70b078412fbb88adf424a8da25af876 Reviewed-on: https://go-review.googlesource.com/c/go/+/321230 Trust: Roland Shoemaker <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Roland Shoemaker <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * [dev.fuzz] internal/fuzz: support minimization of strings, integers, and floats Adds support for minimizing strings using the same logic as byte slices as well as minimizing both signed and unsigned integers and floats using extremely basic logic. A more complex approach is probably warranted in the future, but for now this should be _good enough_. Change-Id: Ibc6c3d6ae82685998f571aa2c1ecea2f85c2708b Reviewed-on: https://go-review.googlesource.com/c/go/+/320669 Trust: Roland Shoemaker <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Roland Shoemaker <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> Reviewed-by: Jay Conrod <[email protected]> * [dev.typeparams] internal/abi: define ARM64 register ABI constants Change-Id: I9cdf0f2b6c1739f13a859a8e37351f8ecd77804a Reviewed-on: https://go-review.googlesource.com/c/go/+/323932 Trust: Cherry Mui <[email protected]> Run-TryBot: Cherry Mui <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> * [dev.typeparams] internal/buildcfg: allow regabi GOEXPERIMENTs on ARM64 It is not working yet, but allow enabling the experiments so we can develop. Change-Id: I957eb05acb4d80b2858ff1f8c16bbfb24e0f6e56 Reviewed-on: https://go-review.googlesource.com/c/go/+/323933 Trust: Cherry Mui <[email protected]> Run-TryBot: Cherry Mui <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: David Chase <[email protected]> * [dev.fuzz] internal/fuzz: notify coordinator for minimization When a worker process finds a crasher, it now sends that result directly to the coordinator without attempting to minimize it first. The coordinator stops sending new inputs and sends the unminimized crasher back to a worker (any worker) for minimization. This prevents wasted work during minimization and will help us implement -keepfuzzing later on. We may also be able to minimize interesting inputs with this approach later. Since panics are recoverable errors (they don't terminate worker processes), we no longer attempt to minimize non-recoverable errors. This didn't work too well before: we lost too much state. Change-Id: Id142c7e91a33f64584170b0d42d22cb1f22a92d7 Reviewed-on: https://go-review.googlesource.com/c/go/+/321835 Trust: Jay Conrod <[email protected]> Trust: Katie Hockman <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * [dev.typeparams] internal/bytealg: call memeqbody directly in memequal_varlen on ARM64 Currently, memequal_varlen opens up a frame and call memequal, which then tail-calls memeqbody. This CL changes memequal_varlen tail-calls memeqbody directly. This makes it simpler to switch to the register ABI in the next CL. Change-Id: Ia1367c0abb7f4755fe736c404411793fb9e5c04f Reviewed-on: https://go-review.googlesource.com/c/go/+/324399 Trust: Cherry Mui <[email protected]> Run-TryBot: Cherry Mui <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> * [dev.typeparams] runtime, internal/bytealg: port performance-critical functions to register ABI on ARM64 This CL ports a few performance-critical assembly functions to use register arguments directly. This is similar to CL 308931 and CL 310184. Change-Id: I6e30dfff17f76b8578ce8cfd51de21b66610fdb0 Reviewed-on: https://go-review.googlesource.com/c/go/+/324400 Trust: Cherry Mui <[email protected]> Run-TryBot: Cherry Mui <[email protected]> Reviewed-by: Than McIntosh <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> TryBot-Result: Go Bot <[email protected]> * [dev.typeparams] internal/buildcfg: turn on regabiwrappers by default on ARM64 Change-Id: I8db0a797a745630ec35af3e56406fcb250ea59fe Reviewed-on: https://go-review.googlesource.com/c/go/+/324768 Trust: Cherry Mui <[email protected]> Run-TryBot: Cherry Mui <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Than McIntosh <[email protected]> * [dev.typeparams] internal/buildcfg: turn on regabireflect by default on ARM64 Change-Id: I4a0a093b07a287cc3a3e0ee939e7ee82d8e9b1aa Reviewed-on: https://go-review.googlesource.com/c/go/+/324889 Trust: Cherry Mui <[email protected]> Run-TryBot: Cherry Mui <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Than McIntosh <[email protected]> TryBot-Result: Go Bot <[email protected]> * [dev.typeparams] internal/buildcfg: turn on register ABI by default on ARM64 This CL enables all regabi experiments on ARM64 by default. regabiwrappers and regabireflect are enabled in the previous CLs. regabidefer is already enabled everywhere. regabig is no-op on ARM64 as it already has a G register. regabiargs is enabled in this CL. Go1 benchmarks results (GOEXPERIMENT=regabi vs. none, on macOS/ARM64): name old time/op new time/op delta BinaryTree17-8 1.20s ± 1% 1.02s ± 0% -15.08% (p=0.000 n=9+9) Fannkuch11-8 1.55s ± 0% 1.57s ± 0% +1.53% (p=0.000 n=9+8) FmtFprintfEmpty-8 22.5ns ± 3% 14.7ns ± 1% -34.47% (p=0.000 n=10+8) FmtFprintfString-8 38.4ns ± 0% 28.8ns ± 0% -24.99% (p=0.000 n=9+9) FmtFprintfInt-8 38.7ns ± 2% 34.5ns ± 0% -10.79% (p=0.000 n=10+7) FmtFprintfIntInt-8 61.1ns ± 1% 57.9ns ± 0% -5.23% (p=0.000 n=10+8) FmtFprintfPrefixedInt-8 69.9ns ± 0% 64.4ns ± 0% -7.78% (p=0.000 n=8+8) FmtFprintfFloat-8 106ns ± 0% 76ns ± 0% -28.12% (p=0.000 n=7+10) FmtManyArgs-8 273ns ± 0% 236ns ± 1% -13.57% (p=0.000 n=9+10) GobDecode-8 3.09ms ± 1% 2.02ms ± 0% -34.70% (p=0.000 n=9+10) GobEncode-8 2.45ms ± 1% 1.44ms ± 1% -41.26% (p=0.000 n=10+10) Gzip-8 128ms ± 0% 124ms ± 0% -2.89% (p=0.000 n=7+8) Gunzip-8 23.6ms ± 1% 19.8ms ± 0% -16.15% (p=0.000 n=10+9) HTTPClientServer-8 27.4µs ± 1% 26.3µs ± 0% -4.05% (p=0.000 n=10+10) JSONEncode-8 4.47ms ± 1% 3.45ms ± 1% -22.73% (p=0.000 n=10+9) JSONDecode-8 21.5ms ± 0% 17.2ms ± 0% -19.78% (p=0.000 n=9+9) Mandelbrot200-8 2.33ms ± 1% 2.33ms ± 1% ~ (p=0.842 n=9+10) GoParse-8 1.62ms ± 1% 1.32ms ± 1% -18.67% (p=0.000 n=10+10) RegexpMatchEasy0_32-8 33.1ns ± 0% 26.3ns ± 0% -20.50% (p=0.000 n=8+10) RegexpMatchEasy0_1K-8 121ns ± 6% 121ns ± 8% ~ (p=0.926 n=10+10) RegexpMatchEasy1_32-8 31.4ns ± 0% 24.7ns ± 0% -21.50% (p=0.000 n=9+10) RegexpMatchEasy1_1K-8 177ns ± 0% 140ns ± 0% -20.70% (p=0.000 n=10+9) RegexpMatchMedium_32-8 3.02ns ± 3% 2.12ns ± 0% -29.73% (p=0.000 n=10+10) RegexpMatchMedium_1K-8 19.8µs ± 2% 17.1µs ± 0% -13.50% (p=0.000 n=9+9) RegexpMatchHard_32-8 940ns ± 0% 872ns ± 0% -7.20% (p=0.000 n=9+8) RegexpMatchHard_1K-8 28.5µs ± 1% 26.5µs ± 0% -7.06% (p=0.000 n=10+10) Revcomp-8 186ms ± 1% 179ms ± 1% -3.66% (p=0.000 n=10+10) Template-8 30.3ms ± 0% 22.3ms ± 0% -26.58% (p=0.000 n=8+9) TimeParse-8 133ns ± 0% 117ns ± 0% -12.40% (p=0.000 n=10+10) TimeFormat-8 176ns ± 0% 141ns ± 0% -19.92% (p=0.000 n=8+9) [Geo mean] 21.4µs 17.8µs -16.81% name old speed new speed delta GobDecode-8 249MB/s ± 1% 381MB/s ± 0% +53.13% (p=0.000 n=9+10) GobEncode-8 314MB/s ± 1% 534MB/s ± 1% +70.25% (p=0.000 n=10+10) Gzip-8 152MB/s ± 0% 156MB/s ± 0% +2.97% (p=0.000 n=7+8) Gunzip-8 822MB/s ± 1% 981MB/s ± 0% +19.26% (p=0.000 n=10+9) JSONEncode-8 434MB/s ± 1% 562MB/s ± 1% +29.41% (p=0.000 n=10+9) JSONDecode-8 90.3MB/s ± 0% 112.5MB/s ± 0% +24.66% (p=0.000 n=9+9) GoParse-8 35.7MB/s ± 1% 43.9MB/s ± 1% +22.96% (p=0.000 n=10+10) RegexpMatchEasy0_32-8 967MB/s ± 0% 1216MB/s ± 0% +25.78% (p=0.000 n=8+10) RegexpMatchEasy0_1K-8 8.46GB/s ± 6% 8.45GB/s ± 7% ~ (p=0.912 n=10+10) RegexpMatchEasy1_32-8 1.02GB/s ± 0% 1.30GB/s ± 0% +27.40% (p=0.000 n=9+10) RegexpMatchEasy1_1K-8 5.78GB/s ± 0% 7.29GB/s ± 0% +26.10% (p=0.000 n=10+9) RegexpMatchMedium_32-8 331MB/s ± 2% 471MB/s ± 0% +42.29% (p=0.000 n=10+10) RegexpMatchMedium…
* fix loong64 support * fix cacheLineSize to CacheLineSize Co-authored-by: Xi Zhang <[email protected]>
* Merging upstream changes into sync branch (#6) * [dev.boringcrypto] crypto/sha1,sha256,sha512: use BoringCrypto Change-Id: I80a764971b41f75c3b699797bfed71f509e3407d Reviewed-on: https://go-review.googlesource.com/55474 Run-TryBot: Russ Cox <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Adam Langley <[email protected]> * [dev.boringcrypto] crypto/aes: use BoringCrypto Change-Id: If83fdeac31f65aba818bbc7edd2f215b16814021 Reviewed-on: https://go-review.googlesource.com/55476 Run-TryBot: Russ Cox <[email protected]> Reviewed-by: Adam Langley <[email protected]> * [dev.boringcrypto] crypto/tls: use TLS-specific AES-GCM mode if available Change-Id: Ide00c40c0ca8d486f3bd8968e1d301c8b0ed6d05 Reviewed-on: https://go-review.googlesource.com/56011 Run-TryBot: Russ Cox <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Adam Langley <[email protected]> * [dev.boringcrypto] crypto/tls/fipsonly: new package to force FIPS-allowed TLS settings Change-Id: I3268cab2de8aed9e2424e9c3bc7667083bc5e1ce Reviewed-on: https://go-review.googlesource.com/65250 Run-TryBot: Russ Cox <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Adam Langley <[email protected]> * [dev.boringcrypto] crypto/tls: restore AES-GCM priority when BoringCrypto is enabled This patch used to be in crypto/internal/cipherhw.AESGCMSupport which was removed from the tree. It was meant and documented to affect only crypto/tls, so move the logic there. Change-Id: I36ed4f08a5fe2abaab18907910899ae0297d1611 Reviewed-on: https://go-review.googlesource.com/114816 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Adam Langley <[email protected]> * [dev.boringcrypto] crypto/tls: test for TLS 1.3 to be disabled in FIPS mode Change-Id: I32b3e29a3e34f20cccc51666905fd36744ef00b2 Reviewed-on: https://go-review.googlesource.com/c/149602 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Adam Langley <[email protected]> * crypto/tls: add support for Ed25519 certificates in TLS 1.2 and 1.3 Support for Ed25519 certificates was added in CL 175478, this wires them up into the TLS stack according to RFC 8422 (TLS 1.2) and RFC 8446 (TLS 1.3). RFC 8422 also specifies support for TLS 1.0 and 1.1, and I initially implemented that, but even OpenSSL doesn't take the complexity, so I just dropped it. It would have required keeping a buffer of the handshake transcript in order to do the direct Ed25519 signatures. We effectively need to support TLS 1.2 because it shares ClientHello signature algorithms with TLS 1.3. While at it, reordered the advertised signature algorithms in the rough order we would want to use them, also based on what curves have fast constant-time implementations. Client and client auth tests changed because of the change in advertised signature algorithms in ClientHello and CertificateRequest. Fixes #25355 Change-Id: I9fdd839afde4fd6b13fcbc5cc7017fd8c35085ee Reviewed-on: https://go-review.googlesource.com/c/go/+/177698 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Adam Langley <[email protected]> * crypto/tls: fix TestVerifyHostnameResumed In TLS 1.3 session tickets are delivered after the handshake, and it looks like now the Google servers wait until the first flight of data to send them (or our timeout is too low). Cause some data to be sent so we can avoid the guessing game. Fixes #32090 Change-Id: I54af4acb3a89cc70c9e14a5dfe18a44c29a841a7 Reviewed-on: https://go-review.googlesource.com/c/go/+/177877 Reviewed-by: Brad Fitzpatrick <[email protected]> * all: remove PEM-encoded private keys from tests Gerrit is complaining about pushes that affect these files and forcing people to use -o nokeycheck, which defeats the point of the check. Hide the keys from this kind of scan by marking them explicitly as testing keys. This is a little annoying but better than training everyone who ever edits one of these test files to reflexively override the Gerrit check. The only remaining keys explicitly marked as private instead of testing are in examples, and there's not much to do about those. Hopefully they are not edited as much. Change-Id: I4431592b5266cb39fe6a80b40e742d97da803a0b Reviewed-on: https://go-review.googlesource.com/c/go/+/178178 Run-TryBot: Russ Cox <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Brad Fitzpatrick <[email protected]> * all: shorten some tests Shorten some of the longest tests that run during all.bash. Removes 7r 50u 21s from all.bash. After this change, all.bash is under 5 minutes again on my laptop. For #26473. Change-Id: Ie0460aa935808d65460408feaed210fbaa1d5d79 Reviewed-on: https://go-review.googlesource.com/c/go/+/177559 Run-TryBot: Russ Cox <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> * [dev.boringcrypto] crypto: move crypto/internal/boring imports to reduce merge conflicts As suggested by dmitshur@, move them to their own block so they don't conflict with changes in the upstream imports. Change-Id: Id46fb7c766066c406023b0355f4c3c860166f0fe Reviewed-on: https://go-review.googlesource.com/c/go/+/181277 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> * crypto/tls: disable RSA-PSS in TLS 1.2 again Signing with RSA-PSS can uncover faulty crypto.Signer implementations, and it can fail for (broken) small keys. We'll have to take that breakage eventually, but it would be nice for it to be opt-out at first. TLS 1.3 requires RSA-PSS and is opt-out in Go 1.13. Instead of making a TLS 1.3 opt-out influence a TLS 1.2 behavior, let's wait to add RSA-PSS to TLS 1.2 until TLS 1.3 is on without opt-out. Note that since the Client Hello is sent before a protocol version is selected, we have to advertise RSA-PSS there to support TLS 1.3. That means that we still support RSA-PSS on the client in TLS 1.2 for verifying server certificates, which is fine, as all issues arise on the signing side. We have to be careful not to pick (or consider available) RSA-PSS on the client for client certificates, though. We'd expect tests to change only in TLS 1.2: * the server won't pick PSS to sign the key exchange (Server-TLSv12-* w/ RSA, TestHandshakeServerRSAPSS); * the server won't advertise PSS in CertificateRequest (Server-TLSv12-ClientAuthRequested*, TestClientAuth); * and the client won't pick PSS for its CertificateVerify (Client-TLSv12-ClientCert-RSA-*, TestHandshakeClientCertRSAPSS, Client-TLSv12-Renegotiate* because "R" requests a client cert). Client-TLSv13-ClientCert-RSA-RSAPSS was updated because of a fix in the test. This effectively reverts 88343530720a52c96b21f2bd5488c8fb607605d7. Testing was made more complex by the undocumented semantics of OpenSSL's -[client_]sigalgs (see openssl/openssl#9172). Updates #32425 Change-Id: Iaddeb2df1f5c75cd090cc8321df2ac8e8e7db349 Reviewed-on: https://go-review.googlesource.com/c/go/+/182339 Reviewed-by: Adam Langley <[email protected]> * crypto/tls: move shared code and resources to handshake_test.go Removed cross-dependencies between handshake_server_test.go and handshake_client_test.go; moved all initialization to TestMain; replaced SSLKEYLOGFILE environment variable with -keylog flag. Change-Id: Ida6712daa44e01a2c00658e8a1896087ee88bcb0 Reviewed-on: https://go-review.googlesource.com/c/go/+/183057 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Adam Langley <[email protected]> * crypto/tls: reject low-order Curve25519 points The RFC recommends checking the X25519 output to ensure it's not the zero value, to guard against peers trying to remove contributory behavior. In TLS there should be enough transcript involvement to mitigate any attack, and the RSA key exchange would suffer from the same issues by design, so not proposing a backport. See #31846 Change-Id: I8e657f8ee8aa72c3f8ca3b124555202638c53f5e Reviewed-on: https://go-review.googlesource.com/c/go/+/183039 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Adam Langley <[email protected]> * crypto/tls: deflake localPipe in tests The localPipe implementation assumes that every successful net.Dial results in exactly one successful listener.Accept. I don't believe this is guaranteed by essentially any operating system. For this test, we're seeing flakes on dragonfly (#29583). But see also #19519, flakes due to the same assumption on FreeBSD and macOS in package net's own tests. This CL rewrites localPipe to try a few times to get a matching pair of connections on the dial and accept side. Fixes #29583. Change-Id: Idb045b18c404eae457f091df20456c5ae879a291 Reviewed-on: https://go-review.googlesource.com/c/go/+/184157 Run-TryBot: Russ Cox <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Bryan C. Mills <[email protected]> * crypto/tls: remove TestVerifyHostnameResumed Session resumption is not a reliable TLS behavior: the server can decide to reject a session ticket for a number of reasons, or no reason at all. This makes this non-hermetic test extremely brittle. It's currently broken on the builders for both TLS 1.2 and TLS 1.3, and I could reproduce the issue for TLS 1.3 only. As I was debugging it, it started passing entirely on my machine. In practice, it doesn't get us any coverage as resumption is already tested with the recorded exchange tests, and TestVerifyHostname still provides a smoke test checking that we can in fact talk TLS. Fixes #32978 Change-Id: I63505e22ff7704f25ad700d46e4ff14850ba5d3c Reviewed-on: https://go-review.googlesource.com/c/go/+/186239 Run-TryBot: Filippo Valsorda <[email protected]> Reviewed-by: Bryan C. Mills <[email protected]> * crypto/tls: deprecate SSLv3 support Updates #32716 Change-Id: Ia0c03918e8f2da4d9824c49c6d4cfca1b0787b0a Reviewed-on: https://go-review.googlesource.com/c/go/+/184102 Reviewed-by: Andrew Bonventre <[email protected]> * crypto/tls: make SSLv3 again disabled by default It was mistakenly re-enabled in CL 146217. Fixes #33837 Change-Id: I8c0e1787114c6232df5888e51e355906622295bc Reviewed-on: https://go-review.googlesource.com/c/go/+/191877 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> * crypto/tls: remove SSLv3 support SSLv3 has been irreparably broken since the POODLE attack 5 years ago and RFC 7568 (f.k.a. draft-ietf-tls-sslv3-diediedie) prohibits its use in no uncertain terms. As announced in the Go 1.13 release notes, remove support for it entirely in Go 1.14. Updates #32716 Change-Id: Id653557961d8f75f484a01e6afd2e104a4ccceaf Reviewed-on: https://go-review.googlesource.com/c/go/+/191976 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Brad Fitzpatrick <[email protected]> * crypto/tls: remove TLS 1.3 opt-out Fixes #30055 Change-Id: If757c43b52fc7bf62b0afb1c720615329fb5569d Reviewed-on: https://go-review.googlesource.com/c/go/+/191999 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Brad Fitzpatrick <[email protected]> * all: fix typos Use the following (suboptimal) script to obtain a list of possible typos: #!/usr/bin/env sh set -x git ls-files |\ grep -e '\.\(c\|cc\|go\)$' |\ xargs -n 1\ awk\ '/\/\// { gsub(/.*\/\//, ""); print; } /\/\*/, /\*\// { gsub(/.*\/\*/, ""); gsub(/\*\/.*/, ""); }' |\ hunspell -d en_US -l |\ grep '^[[:upper:]]\{0,1\}[[:lower:]]\{1,\}$' |\ grep -v -e '^.\{1,4\}$' -e '^.\{16,\}$' |\ sort -f |\ uniq -c |\ awk '$1 == 1 { print $2; }' Then, go through the results manually and fix the most obvious typos in the non-vendored code. Change-Id: I3cb5830a176850e1a0584b8a40b47bde7b260eae Reviewed-on: https://go-review.googlesource.com/c/go/+/193848 Reviewed-by: Robert Griesemer <[email protected]> * crypto/tls: remove NPN support RELNOTE=yes Fixes #28362 Change-Id: I43813c0c17bbe6c4cbb4d1f121518c434b3f5aa8 Reviewed-on: https://go-review.googlesource.com/c/go/+/174329 Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: consistently use %v for error formatting We should keep a consistent way of formatting errors in this file. Fixes #34848 Change-Id: Ibb75908504f381fccab0281a42e788ef8c716b6f Reviewed-on: https://go-review.googlesource.com/c/go/+/200679 Run-TryBot: Johan Brandhorst <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Daniel Martí <[email protected]> * crypto/tls: retry net.Dial flakes on Dragonfly localPipe currently flakes in various crypto/tls tests. Since that function doesn't seem to flake anywhere else, I suspect a kernel bug. To make the test less flaky, retry the Dial if we suspect that it is affected. (Worst case, we delay the test by a few seconds before erroring out as usual.) Fixes #29583 Change-Id: I357990ffa316edb471bd7d46d6404fa0884da646 Reviewed-on: https://go-review.googlesource.com/c/go/+/202557 Run-TryBot: Bryan C. Mills <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Brad Fitzpatrick <[email protected]> * crypto/tls: move a defer out of a loop Rhys Hiltner noted in #14939 that this defer was syntactically inside a loop, but was only ever executed once. Now that defer in a loop is significantly slower, pull this one out. name old time/op new time/op delta Throughput/MaxPacket/1MB/TLSv12-8 3.94ms ± 8% 3.93ms ±13% ~ (p=0.967 n=15+15) Throughput/MaxPacket/1MB/TLSv13-8 4.33ms ± 3% 4.51ms ± 7% +4.00% (p=0.000 n=14+14) Throughput/MaxPacket/2MB/TLSv12-8 6.80ms ± 6% 7.01ms ± 4% +3.15% (p=0.000 n=14+14) Throughput/MaxPacket/2MB/TLSv13-8 6.96ms ± 5% 6.80ms ± 5% -2.43% (p=0.006 n=15+14) Throughput/MaxPacket/4MB/TLSv12-8 12.0ms ± 3% 11.7ms ± 2% -2.88% (p=0.000 n=15+13) Throughput/MaxPacket/4MB/TLSv13-8 12.1ms ± 3% 11.7ms ± 2% -3.54% (p=0.000 n=13+13) Throughput/MaxPacket/8MB/TLSv12-8 22.2ms ± 3% 21.6ms ± 3% -2.97% (p=0.000 n=15+15) Throughput/MaxPacket/8MB/TLSv13-8 22.5ms ± 5% 22.0ms ± 3% -2.34% (p=0.004 n=15+15) Throughput/MaxPacket/16MB/TLSv12-8 42.4ms ± 3% 41.3ms ± 3% -2.49% (p=0.001 n=15+15) Throughput/MaxPacket/16MB/TLSv13-8 43.4ms ± 5% 42.3ms ± 3% -2.33% (p=0.006 n=15+14) Throughput/MaxPacket/32MB/TLSv12-8 83.1ms ± 4% 80.6ms ± 3% -2.98% (p=0.000 n=15+15) Throughput/MaxPacket/32MB/TLSv13-8 85.2ms ± 8% 82.6ms ± 4% -3.02% (p=0.005 n=15+15) Throughput/MaxPacket/64MB/TLSv12-8 167ms ± 7% 158ms ± 2% -5.21% (p=0.000 n=15+15) Throughput/MaxPacket/64MB/TLSv13-8 170ms ± 4% 162ms ± 3% -4.83% (p=0.000 n=15+15) Throughput/DynamicPacket/1MB/TLSv12-8 4.13ms ± 7% 4.00ms ± 8% ~ (p=0.061 n=15+15) Throughput/DynamicPacket/1MB/TLSv13-8 4.72ms ± 6% 4.64ms ± 7% ~ (p=0.377 n=14+15) Throughput/DynamicPacket/2MB/TLSv12-8 7.29ms ± 7% 7.09ms ± 7% ~ (p=0.070 n=15+14) Throughput/DynamicPacket/2MB/TLSv13-8 7.18ms ± 5% 6.59ms ± 4% -8.34% (p=0.000 n=15+15) Throughput/DynamicPacket/4MB/TLSv12-8 12.3ms ± 3% 11.9ms ± 4% -3.31% (p=0.000 n=15+14) Throughput/DynamicPacket/4MB/TLSv13-8 12.2ms ± 4% 12.0ms ± 4% -1.91% (p=0.019 n=15+15) Throughput/DynamicPacket/8MB/TLSv12-8 22.4ms ± 3% 21.9ms ± 3% -2.18% (p=0.000 n=15+15) Throughput/DynamicPacket/8MB/TLSv13-8 22.7ms ± 3% 22.2ms ± 3% -2.35% (p=0.000 n=15+15) Throughput/DynamicPacket/16MB/TLSv12-8 42.3ms ± 3% 42.1ms ± 3% ~ (p=0.505 n=14+15) Throughput/DynamicPacket/16MB/TLSv13-8 42.7ms ± 3% 43.3ms ± 7% ~ (p=0.123 n=15+14) Throughput/DynamicPacket/32MB/TLSv12-8 82.8ms ± 3% 81.9ms ± 3% ~ (p=0.112 n=14+15) Throughput/DynamicPacket/32MB/TLSv13-8 84.6ms ± 6% 83.9ms ± 4% ~ (p=0.624 n=15+15) Throughput/DynamicPacket/64MB/TLSv12-8 166ms ± 4% 163ms ± 6% ~ (p=0.081 n=15+15) Throughput/DynamicPacket/64MB/TLSv13-8 165ms ± 3% 168ms ± 3% +1.56% (p=0.029 n=15+15) Change-Id: I22409b05afe761b8ed1912b15c67fc03f88d3d1f Reviewed-on: https://go-review.googlesource.com/c/go/+/203481 Run-TryBot: Josh Bleecher Snyder <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Brad Fitzpatrick <[email protected]> * crypto/tls: improve error messages for invalid certificates and signatures Also, fix the alert value sent when a signature by a client certificate is invalid in TLS 1.0-1.2. Fixes #35190 Change-Id: I2ae1d5593dfd5ee2b4d979664aec74aab4a8a704 Reviewed-on: https://go-review.googlesource.com/c/go/+/204157 Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: send ec_points_format extension in ServerHello Follow the recommandation from RFC 8422, section 5.1.2 of sending back the ec_points_format extension when requested by the client. This is to fix some clients declining the handshake if omitted. Fixes #31943 Change-Id: I7b04dbac6f9af75cda094073defe081e1e9a295d Reviewed-on: https://go-review.googlesource.com/c/go/+/176418 Run-TryBot: Filippo Valsorda <[email protected]> Reviewed-by: Olivier Poitrey <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> * crypto/tls: make -update only regenerate transcripts for failing tests Change-Id: Ie68fd4fe2879e6b5417a1a4240971e3d837bf115 Reviewed-on: https://go-review.googlesource.com/c/go/+/204377 Run-TryBot: Filippo Valsorda <[email protected]> Run-TryBot: Katie Hockman <[email protected]> Reviewed-by: Katie Hockman <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> * crypto/tls: add ExampleConfig_VerifyPeerCertificate Setting InsecureSkipVerify and VerifyPeerCertificate is the recommended way to customize and override certificate validation. However, there is boilerplate involved and it usually requires first reimplementing the default validation strategy to then customize it. Provide an example that does the same thing as the default as a starting point. Examples of where we directed users to do something similar are in issues #35467, #31791, #28754, #21971, and #24151. Fixes #31792 Change-Id: Id033e9fa3cac9dff1f7be05c72dfb34b4f973fd4 Reviewed-on: https://go-review.googlesource.com/c/go/+/193620 Reviewed-by: Adam Langley <[email protected]> * crypto/tls: refactor certificate and signature algorithm logic This refactors a lot of the certificate support logic to make it cleaner and reusable where possible. These changes will make the following CLs much simpler. In particular, the heavily overloaded pickSignatureAlgorithm is gone. That function used to cover both signing and verifying side, would work both for pre-signature_algorithms TLS 1.0/1.1 and TLS 1.2, and returned sigalg, type and hash. Now, TLS 1.0/1.1 and 1.2 are differentiated at the caller, as they have effectively completely different logic. TLS 1.0/1.1 simply use legacyTypeAndHashFromPublicKey as they employ a fixed hash function and signature algorithm for each public key type. TLS 1.2 is instead routed through selectSignatureScheme (on the signing side) or isSupportedSignatureAlgorithm (on the verifying side) and typeAndHashFromSignatureScheme, like TLS 1.3. On the signing side, signatureSchemesForCertificate was already version aware (for PKCS#1 v1.5 vs PSS support), so selectSignatureScheme just had to learn the Section 7.4.1.4.1 defaults for a missing signature_algorithms to replace pickSignatureAlgorithm. On the verifying side, pickSignatureAlgorithm was also checking the public key type, while isSupportedSignatureAlgorithm + typeAndHashFromSignatureScheme are not, but that check was redundant with the one in verifyHandshakeSignature. There should be no major change in behavior so far. A few minor changes came from the refactor: we now correctly require signature_algorithms in TLS 1.3 when using a certificate; we won't use Ed25519 in TLS 1.2 if the client didn't send signature_algorithms; and we don't send ec_points_format in the ServerHello (a compatibility measure) if we are not doing ECDHE anyway because there are no mutually supported curves. The tests also got simpler because they test simpler functions. The caller logic switching between TLS 1.0/1.1 and 1.2 is tested by the transcript tests. Updates #32426 Change-Id: Ice9dcaea78d204718f661f8d60efdb408ba41577 Reviewed-on: https://go-review.googlesource.com/c/go/+/205061 Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: implement (*ClientHelloInfo).SupportsCertificate We'll also use this function for a better selection logic from Config.Certificates in a later CL. Updates #32426 Change-Id: Ie239574d02eb7fd2cf025ec36721c8c7e082d0bc Reviewed-on: https://go-review.googlesource.com/c/go/+/205057 Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: implement (*CertificateRequestInfo).SupportsCertificate Also, add Version to CertificateRequestInfo, as the semantics of SignatureSchemes change based on version: the ECDSA SignatureSchemes are only constrained to a specific curve in TLS 1.3. Fixes #32426 Change-Id: I7a551bea864799e98118349ac2476162893d1ffd Reviewed-on: https://go-review.googlesource.com/c/go/+/205058 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Adam Langley <[email protected]> * crypto/tls: select only compatible chains from Certificates Now that we have a full implementation of the logic to check certificate compatibility, we can let applications just list multiple chains in Certificates (for example, an RSA and an ECDSA one) and choose the most appropriate automatically. NameToCertificate only maps each name to one chain, so simply deprecate it, and while at it simplify its implementation by not stripping trailing dots from the SNI (which is specified not to have any, see RFC 6066, Section 3) and by not supporting multi-level wildcards, which are not a thing in the WebPKI (and in crypto/x509). The performance of SupportsCertificate without Leaf is poor, but doesn't affect current users. For now document that, and address it properly in the next cycle. See #35504. While cleaning up the Certificates/GetCertificate/GetConfigForClient behavior, also support leaving Certificates/GetCertificate nil if GetConfigForClient is set, and send unrecognized_name when there are no available certificates. Fixes #29139 Fixes #18377 Change-Id: I26604db48806fe4d608388e55da52f34b7ca4566 Reviewed-on: https://go-review.googlesource.com/c/go/+/205059 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: implement Certificate.SupportedSignatureAlgorithms This will let applications stop crypto/tls from using a certificate key with an algorithm that is not supported by its crypto.Signer, like hardware backed keys that can't do RSA-PSS. Fixes #28660 Change-Id: I294cc06bddf813fff35c5107540c4a1788e1dace Reviewed-on: https://go-review.googlesource.com/c/go/+/205062 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Adam Langley <[email protected]> * crypto/tls: re-enable RSA-PSS in TLS 1.2 again TLS 1.3, which requires RSA-PSS, is now enabled without a GODEBUG opt-out, and with the introduction of Certificate.SupportedSignatureAlgorithms (#28660) there is a programmatic way to avoid RSA-PSS (disable TLS 1.3 with MaxVersion and use that field to specify only PKCS#1 v1.5 SignatureSchemes). This effectively reverts 0b3a57b5374bba3fdf88258e2be4c8be65e6a5de, although following CL 205061 all of the signing-side logic is conveniently centralized in signatureSchemesForCertificate. Fixes #32425 Change-Id: I7c9a8893bb5d518d86eae7db82612b9b2cd257d7 Reviewed-on: https://go-review.googlesource.com/c/go/+/205063 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> Reviewed-by: Adam Langley <[email protected]> * crypto/tls: add correct names for CHACHA20_POLY1305 cipher suite constants The cipher suites were apparently renamed late in the standardization process, and we picked up the legacy name. We can't remove the old constants, but add correctly named ones. Fixes #32061 Change-Id: I65ee25c12c10934391af88b76b18565da67453fa Reviewed-on: https://go-review.googlesource.com/c/go/+/205068 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Adam Langley <[email protected]> * crypto/tls: add CipherSuites, InsecureCipherSuites and CipherSuiteName Fixes #30325 Change-Id: I497110224bb73ecfcc4655698a794e7aa4a66925 Reviewed-on: https://go-review.googlesource.com/c/go/+/175517 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Adam Langley <[email protected]> * crypto/tls: take key size into account in signature algorithm selection Fixes #29793 Change-Id: I6e389d166c2d9a2ba8664a41f4b9569f2481b27f Reviewed-on: https://go-review.googlesource.com/c/go/+/205177 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: retry ETIMEDOUT flakes in localPipe on dragonfly Fixes #29583 Change-Id: Ia89433bddd4c9f67ec1f0150b730cde8a7e973ee Reviewed-on: https://go-review.googlesource.com/c/go/+/206759 Run-TryBot: Bryan C. Mills <[email protected]> Reviewed-by: Brad Fitzpatrick <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> * src/vendor,crypto/tls: update to latest x/crypto and use new X25519 API Change-Id: Icd5006e37861d892a5f3d4397c3826179c1b12ad Reviewed-on: https://go-review.googlesource.com/c/go/+/206657 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * all: fix a bunch of misspellings Change-Id: I5b909df0fd048cd66c5a27fca1b06466d3bcaac7 GitHub-Last-Rev: 778c5d21311abee09a5fbda2e4005a5fd4cc3f9f GitHub-Pull-Request: golang/go#35624 Reviewed-on: https://go-review.googlesource.com/c/go/+/207421 Run-TryBot: Ian Lance Taylor <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> * crypto/tls: remove leftover extensionNextProtoNeg constant NPN was removed in CL 174329. Change-Id: Ic63ad53e7e24872e28673d590727e0300f435619 Reviewed-on: https://go-review.googlesource.com/c/go/+/208224 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Brad Fitzpatrick <[email protected]> * crypto/tls: fix a typo in TLS handshake comment Fix a minor typo in the TLS handshake comment. Change-Id: I0fd243e5440f6c77c97e844e6669a7974a2c8798 GitHub-Last-Rev: 21e91a1a48e8a9200e6fca89a988e1383ded7bb2 GitHub-Pull-Request: golang/go#36030 Reviewed-on: https://go-review.googlesource.com/c/go/+/210289 Reviewed-by: Brad Fitzpatrick <[email protected]> * crypto/tls: stop a timeout timer I noticed this leak while writing CL 214977. Change-Id: I7566952b8e4bc58939d23435aea86576fc58ddca Reviewed-on: https://go-review.googlesource.com/c/go/+/214978 Run-TryBot: Brad Fitzpatrick <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> * crypto/tls: clarify TLS 1.0/1.1 CertificateRequestInfo.SignatureSchemes This CL should not change the logic at all, but it took me a while to figure out why we use these specific SignatureSchemes, so reformulate the comment. Change-Id: If519a58264209e6575417be07668e92ead0e772f Reviewed-on: https://go-review.googlesource.com/c/go/+/208225 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: update ExampleDial with a valid root When run as a separate program, the code in ExampleDial panicked due to an expired certificate. Fixed this problem by replacing the expired certificate with a valid one. Also added a comment in the certificate to give a hint about why it might fail in the future. Fixes #35706 Change-Id: I3d300f7bccae050e4b73ded28b8029aa04b480bd Reviewed-on: https://go-review.googlesource.com/c/go/+/212601 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: use new ecdsa.VerifyASN1 API Change-Id: I2a233190bda78ca022ff4074b4553788847d7583 Reviewed-on: https://go-review.googlesource.com/c/go/+/220720 Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * all: fix incorrect channel and API usage in some unit tests This CL changes some unit test functions, making sure that these tests (and goroutines spawned during test) won't block. Since they are just test functions, I use one CL to fix them all. I hope this won't cause trouble to reviewers and can save time for us. There are three main categories of incorrect logic fixed by this CL: 1. Use testing.Fatal()/Fatalf() in spawned goroutines, which is forbidden by Go's document. 2. Channels are used in such a way that, when errors or timeout happen, the test will be blocked and never return. 3. Channels are used in such a way that, when errors or timeout happen, the test can return but some spawned goroutines will be leaked, occupying resource until all other tests return and the process is killed. Change-Id: I3df931ec380794a0cf1404e632c1dd57c65d63e8 Reviewed-on: https://go-review.googlesource.com/c/go/+/219380 Run-TryBot: Ian Lance Taylor <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> * crypto/tls: add {SignatureScheme,CurveID,ClientAuthType}.String() Fixes #35499 Change-Id: Ieb487782f389f6d80e8f68ee980e584d906cb4da Reviewed-on: https://go-review.googlesource.com/c/go/+/208226 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: update the MITM reference to "machine-in-the-middle" Changing "man-in-the-middle" references to "machine-in-the-middle", it's a more inclusive term and still aligns with the MITM acronym. Change-Id: I81f954cff3d252433443f159ff9edaf59a28ab9d GitHub-Last-Rev: 3e8f91424a207233b537984747ae90cbc1f03755 GitHub-Pull-Request: golang/go#37918 Reviewed-on: https://go-review.googlesource.com/c/go/+/223897 Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: add missing alert values Fixes #35911 Change-Id: I093d25aa169963769b51c37d2481bce71bd0fd2f Reviewed-on: https://go-review.googlesource.com/c/go/+/226858 Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: failed tls.Conn.Write returns a permanent error Fixes #29971 Change-Id: I2f1653640c88fafe0ec17a75dcf41d5896c4cb8e Reviewed-on: https://go-review.googlesource.com/c/go/+/227840 Run-TryBot: Katie Hockman <[email protected]> Run-TryBot: Filippo Valsorda <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> * crypto/tls: help linker remove code when only Client or Server is used This saves 166 KiB for a tls.Dial hello world program (5382441 to 5212356 to bytes), by permitting the linker to remove TLS server code. Change-Id: I16610b836bb0802b7d84995ff881d79ec03b6a84 Reviewed-on: https://go-review.googlesource.com/c/go/+/228111 Reviewed-by: Ian Lance Taylor <[email protected]> * crypto/tls: add Dialer Fixes #18482 Change-Id: I99d65dc5d824c00093ea61e7445fc121314af87f Reviewed-on: https://go-review.googlesource.com/c/go/+/214977 Run-TryBot: Brad Fitzpatrick <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> * math/big: add (*Int).FillBytes Replaced almost every use of Bytes with FillBytes. Note that the approved proposal was for func (*Int) FillBytes(buf []byte) while this implements func (*Int) FillBytes(buf []byte) []byte because the latter was far nicer to use in all callsites. Fixes #35833 Change-Id: Ia912df123e5d79b763845312ea3d9a8051343c0a Reviewed-on: https://go-review.googlesource.com/c/go/+/230397 Reviewed-by: Robert Griesemer <[email protected]> * crypto/tls: enforce TLS 1.3 (and TLS 1.2) downgrade protection checks Fixes #37763 Change-Id: Ic6bcc9af0d164966f4ae31087998e5b546540038 Reviewed-on: https://go-review.googlesource.com/c/go/+/231038 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: marshal sessionState using cryptobyte Change-Id: I95a60b837e19d0c4bf45ea74baa5843a8244a186 Reviewed-on: https://go-review.googlesource.com/c/go/+/231218 Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: accept HelloRetryRequest messages with only a cookie Clients have to reject any HelloRetryRequest message that doesn't lead to a change in the ClientHello. Instead, we were rejecting any HRR that didn't select an alternative group, even if it sent a cookie, which would change the CH. The good news is that I know of no TLS servers that use or need HRRs exclusively for cookies (which are mostly useful in DTLS as a way to verify the source address). The bad news is that we poisoned the ecosystem as Go 1.12 to 1.14 will reject such HRRs. Oops, hopefully no one needed this. No tests because neither Go nor s_server support cookies. This would presumably get covered once we integrate BoGo. Fixes #30149 Change-Id: I760fb1ded81148ac3096cf201cbc1e941374b83d Reviewed-on: https://go-review.googlesource.com/c/go/+/231039 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: fix sessionState marshaling Change-Id: I2910f322256c521dd03b1dc23d117defdcd0aa54 Reviewed-on: https://go-review.googlesource.com/c/go/+/232662 Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: rotate session keys in older TLS versions Also encode the certificates in a way that's more consistent with TLS 1.3 (with a 24 byte length prefix). Note that this will have an additional performance cost requiring clients to do a full handshake every 7 days where previously they were able to use the same ticket indefinitely. Updates #25256 Change-Id: Ic4d1ba0d92773c490b33b5f6c1320d557cc7347d Reviewed-on: https://go-review.googlesource.com/c/go/+/231317 Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: rotate session ticket keys Automatically rotate session ticket keys for servers that don't already have sessionTicketKeys and that haven't called SetSessionTicketKeys. Now, session ticket keys will be rotated every 24 hours with a lifetime of 7 days. This adds a small performance cost to existing clients that don't provide a session ticket encrypted with a fresh enough session ticket key, which would require a full handshake. Updates #25256 Change-Id: I15b46af7a82aab9a108bceb706bbf66243a1510f Reviewed-on: https://go-review.googlesource.com/c/go/+/230679 Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: add Config.VerifyConnection callback Since the ConnectionState will now be available during verification, some code was moved around in order to initialize and make available as much of the fields on Conn as possible before the ConnectionState is verified. Fixes #36736 Change-Id: I0e3efa97565ead7de5c48bb8a87e3ea54fbde140 Reviewed-on: https://go-review.googlesource.com/c/go/+/229122 Run-TryBot: Katie Hockman <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> * crypto/tls: persist the createdAt time when re-wrapping session tickets Change-Id: I33fcde2d544943fb04c2599810cf7fb773aeba1f Reviewed-on: https://go-review.googlesource.com/c/go/+/234483 Run-TryBot: Katie Hockman <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> * crypto/tls: remove version check when unmarshaling sessionState This was causing issues when fuzzing with TestMarshalUnmarshal since the test would occassionally set the version to VersionTLS13, which would fail when unmarshaling. The check doesn't add much in practice, and there is no harm in removing it to de-flake the test. Fixes #38902 Change-Id: I0906c570e9ed69c85fdd2c15f1b52f9e372c62e3 Reviewed-on: https://go-review.googlesource.com/c/go/+/234486 Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: fix duplicate calls to VerifyConnection Also add a test that could reproduce this error and ensure it doesn't occur in other configurations. Fixes #39012 Change-Id: If792b5131f312c269fd2c5f08c9ed5c00188d1af Reviewed-on: https://go-review.googlesource.com/c/go/+/233957 Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: test that Clone copies session ticket key fields Updates #25256 Change-Id: If16c42581f1cf3500fd7fd01c915e487f8025e55 Reviewed-on: https://go-review.googlesource.com/c/go/+/235922 Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: set CipherSuite for VerifyConnection The ConnectionState's CipherSuite was not set prior to the VerifyConnection callback in TLS 1.2 servers, both for full handshakes and resumptions. Change-Id: Iab91783eff84d1b42ca09c8df08e07861e18da30 Reviewed-on: https://go-review.googlesource.com/c/go/+/236558 Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: restore OCSP and SCTs during session resumption Restore previously sent SCTs and stapled OCSP response during session resumption for both TLS 1.2 and 1.3. This behavior is somewhat complicated for TLS 1.2 as SCTs are sent during the server hello, so they override what is saved in ClientSessionState. It is likely that if the server is sending a different set of SCTs there is probably a reason for doing so, such as a log being retired, or SCT validation requirements changing, so it makes sense to defer to the server in that case. Fixes #39075 Change-Id: I3c0fa2f69c6bf0247a447c48a1b4c733a882a233 Reviewed-on: https://go-review.googlesource.com/c/go/+/234237 Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: fix DialContext docs Change-Id: I58e3febbf63049bebb4f8ed8893288183c8aaccd Reviewed-on: https://go-review.googlesource.com/c/go/+/239745 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: expand the ConnectionState docs Fixes #37572 Change-Id: I493392f535a979ee16609861041da2ecfe21cf77 Reviewed-on: https://go-review.googlesource.com/c/go/+/239744 Run-TryBot: Filippo Valsorda <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: replace VerifyPeerCertificate example with VerifyConnection Look at how much better it is! Updates #36736 Change-Id: I53a314a103a42dd869c05823fa50f37d70f9d283 Reviewed-on: https://go-review.googlesource.com/c/go/+/239560 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: create certs w/o KeyEncipherment KU for non-RSA keys in generate_cert.go Summary The crypto/tls/generate_cert.go utility should only set the template x509.Certificate's KeyUsage field to a value with the x509.KeyUsageKeyEncipherment bits set when the certificate subject public key is an RSA public key, not an ECDSA or ED25519 public key. Background RFC 5480 describes the usage of ECDSA elliptic curve subject keys with X.509. Unfortunately while Section 3 "Key Usages Bits" indicates which key usage bits MAY be used with a certificate that indicates id-ecPublicKey in the SubjectPublicKeyInfo field it doesn't provide guidance on which usages should *not* be included (e.g. the keyEncipherment bit, which is particular to RSA key exchange). The same problem is present in RFC 8410 Section 5 describing Key Usage Bits for ED25519 elliptic curve subject keys. There's an update to RFC 5480 in last call stage within the IETF LAMPS WG, draft-ietf-lamps-5480-ku-clarifications-00. This update is meant to clarify the allowed Key Usages extension values for certificates with ECDSA subject public keys by adding: > If the keyUsage extension is present in a certificate that indicates > id-ecPublicKey as algorithm of AlgorithmIdentifier [RFC2986] in > SubjectPublicKeyInfo, then following values MUST NOT be present: > > keyEncipherment; and > dataEncipherment. I don't believe there is an update for RFC 8410 in the works but I suspect it will be clarified similarly in the future. This commit updates generate_cert.go to ensure when the certificate public key is ECDSA or ED25519 the generated certificate has the x509.Certificate.KeyUsage field set to a value that doesn't include KUs specific to RSA. For ECDSA keys this will adhere to the updated RFC 5480 language. Fixes #36499 Change-Id: Ib1b0757c039b7fe97fc6d1e826fe6b88856c1964 GitHub-Last-Rev: a8f34fb33dde90e09b6f9a27b2598a82b3023abb GitHub-Pull-Request: golang/go#36500 Reviewed-on: https://go-review.googlesource.com/c/go/+/214337 Reviewed-by: Filippo Valsorda <[email protected]> Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> * crypto/tls: relax the docs of InsecureSkipVerify Fixes #39074 Change-Id: I72ec95f4b190253bb82d52a03a769b0399170b93 Reviewed-on: https://go-review.googlesource.com/c/go/+/239746 Reviewed-by: Katie Hockman <[email protected]> * crypto: fix PKCS space in docs Change-Id: Iee53acb963a889410f8c6daaa9a7841f1b12c6fb Reviewed-on: https://go-review.googlesource.com/c/go/+/241497 Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Gobot Gobot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: replace errClosed with net.ErrClosed CL 250357 exported net.ErrClosed to allow more reliable detection of closed network connection errors. Use that error in crypto/tls as well. The error message is changed from "tls: use of closed connection" to "use of closed network connection", so the code that detected such errors by looking for that text in the error message will need to be updated to use errors.Is(err, net.ErrClosed) instead. Fixes #41066 Change-Id: Ic05c0ed6a4f57af2a0302d53b00851a59200be2e Reviewed-on: https://go-review.googlesource.com/c/go/+/256897 Reviewed-by: Katie Hockman <[email protected]> Trust: Katie Hockman <[email protected]> Trust: Ian Lance Taylor <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> * crypto/tls: make config.Clone return nil if the source is nil Fixes #40565 Change-Id: I13a67be193f8cd68df02b8729529e627a73d364b GitHub-Last-Rev: b03d2c04fd88db909b40dfd7bd08fe13d8994ab9 GitHub-Pull-Request: golang/go#40566 Reviewed-on: https://go-review.googlesource.com/c/go/+/246637 Run-TryBot: Emmanuel Odeke <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> Reviewed-by: Emmanuel Odeke <[email protected]> Trust: Emmanuel Odeke <[email protected]> * crypto/tls: fix TestLinkerGC test A test that checks if "tls.(*Conn)" appears in any symbol's name. tls.Conn is a type, so the string "tls.(*Conn)" can only appear in the name of a method of Conn. But the test code doesn't use any of the methods. Not sure why this needs to be live. In particular, the linker is now able to prune all methods of Conn. Remove this requirement. In fact, just drop the only_conn test case, as simply allocating a type doesn't necessarily bring anything live. Change-Id: I754291b75d38e1465b5291b4dea20806615d21b3 Reviewed-on: https://go-review.googlesource.com/c/go/+/257973 Trust: Cherry Zhang <[email protected]> Trust: Tobias Klauser <[email protected]> Run-TryBot: Cherry Zhang <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> Reviewed-by: Than McIntosh <[email protected]> Reviewed-by: Jeremy Faller <[email protected]> * crypto/tls: fix typo in spelling of permanentError Change-Id: I819c121ff388460ec348af773ef94b44416a2ea9 GitHub-Last-Rev: 98dd8fb25cecb73e88d107e0a35e3e63a53dfd09 GitHub-Pull-Request: golang/go#41785 Reviewed-on: https://go-review.googlesource.com/c/go/+/259517 Run-TryBot: Emmanuel Odeke <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Emmanuel Odeke <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> Trust: Emmanuel Odeke <[email protected]> * all: update references to symbols moved from io/ioutil to io The old ioutil references are still valid, but update our code to reflect best practices and get used to the new locations. Code compiled with the bootstrap toolchain (cmd/asm, cmd/dist, cmd/compile, debug/elf) must remain Go 1.4-compatible and is excluded. Also excluded vendored code. For #41190. Change-Id: I6d86f2bf7bc37a9d904b6cee3fe0c7af6d94d5b1 Reviewed-on: https://go-review.googlesource.com/c/go/+/263142 Trust: Russ Cox <[email protected]> Run-TryBot: Russ Cox <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Emmanuel Odeke <[email protected]> * crypto/tls: add no-shared to openssl build instructions This prevents the custom-built version of openssl prefering the system libraries over the ones compiled with the specified (weak crypto) options necessary to generate the updates. This difference can lead to confusing failures when updating the tests. Fixes #31809 Change-Id: I2dd257f3121d6c6c62c6aeba52e1c74046b3c584 GitHub-Last-Rev: 6d4eeafadf0b4671b7e17c6810f1a66a9fda7d3c GitHub-Pull-Request: golang/go#41630 Reviewed-on: https://go-review.googlesource.com/c/go/+/257517 Trust: Emmanuel Odeke <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: document the ClientAuthType consts Fixes #34023 Change-Id: Ib7552a8873a79a91e8d971f906c6d7283da7a80c Reviewed-on: https://go-review.googlesource.com/c/go/+/264027 Trust: Roland Shoemaker <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: set Deadline before sending close notify alert This change also documents the need to set a Deadline before calling Read or Write. Fixes #31224 Change-Id: I89d6fe3ecb0a0076b4c61765f61c88056f951406 Reviewed-on: https://go-review.googlesource.com/c/go/+/266037 Trust: Katie Hockman <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: pool Conn's outBuf to reduce memory cost of idle connections Derived from CL 263277, which includes benchmarks. Fixes #42035 Co-authored-by: Filippo Valsorda <[email protected]> Change-Id: I5f28673f95d4568b7d13dbc20e9d4b48d481a93d Reviewed-on: https://go-review.googlesource.com/c/go/+/267957 Run-TryBot: Dmitri Shuralyov <[email protected]> TryBot-Result: Go Bot <[email protected]> Trust: Filippo Valsorda <[email protected]> Trust: Roland Shoemaker <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Roberto Clapis <[email protected]> * crypto/tls: don't use CN in BuildNameToCertificate if SANs are present Change-Id: I18d5b9fc392a6a52fbdd240254d6d9db838073a4 Reviewed-on: https://go-review.googlesource.com/c/go/+/266540 Trust: Filippo Valsorda <[email protected]> Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> * crypto/tls: add HandshakeContext method to Conn Adds the (*tls.Conn).HandshakeContext method. This allows us to pass the context provided down the call stack to eventually reach the tls.ClientHelloInfo and tls.CertificateRequestInfo structs. These contexts are exposed to the user as read-only via Context() methods. This allows users of (*tls.Config).GetCertificate and (*tls.Config).GetClientCertificate to use the context for request scoped parameters and cancellation. Replace uses of (*tls.Conn).Handshake with (*tls.Conn).HandshakeContext where appropriate, to propagate existing contexts. Fixes #32406 Change-Id: I33c228904fe82dcf57683b63627497d3eb841ff2 Reviewed-on: https://go-review.googlesource.com/c/go/+/246338 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Go Bot <[email protected]> Trust: Roland Shoemaker <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: drop macFunction abstraction Since we dropped SSLv3, there is only one MAC scheme, and it doesn't need any state beyond a keyed HMAC, so we can replace the macFunction with the hash.Hash it wraps. Pointed out by mtp@. Change-Id: I5545be0e6ccb34a3055fad7f6cb5f628ff748e9f Reviewed-on: https://go-review.googlesource.com/c/go/+/251859 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Trust: Roland Shoemaker <[email protected]> Trust: Filippo Valsorda <[email protected]> * crypto/tls: ensure the server picked an advertised ALPN protocol This is a SHALL in RFC 7301, Section 3.2. Also some more cleanup after NPN, which worked the other way around (with the possibility that the client could pick a protocol the server did not suggest). Change-Id: I83cc43ca1b3c686dfece8315436441c077065d82 Reviewed-on: https://go-review.googlesource.com/c/go/+/239748 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Go Bot <[email protected]> Trust: Filippo Valsorda <[email protected]> Trust: Roland Shoemaker <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> * crypto/tls: de-prioritize AES-GCM ciphers when lacking hardware support When either the server or client are lacking hardware support for AES-GCM ciphers, indicated by the server lacking the relevant instructions and by the client not putting AES-GCM ciphers at the top of its preference list, reorder the preference list to de-prioritize AES-GCM based ciphers when they are adjacent to other AEAD ciphers. Also updates a number of recorded openssl TLS tests which previously only specified TLS 1.2 cipher preferences (using -cipher), but not TLS 1.3 cipher preferences (using -ciphersuites), to specify both preferences, making these tests more predictable. Fixes #41181. Change-Id: Ied896c96c095481e755aaff9ff0746fb4cb9568e Reviewed-on: https://go-review.googlesource.com/c/go/+/262857 Run-TryBot: Roland Shoemaker <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> Trust: Roland Shoemaker <[email protected]> Trust: Katie Hockman <[email protected]> * all: update to use os.ReadFile, os.WriteFile, os.CreateTemp, os.MkdirTemp As part of #42026, these helpers from io/ioutil were moved to os. (ioutil.TempFile and TempDir became os.CreateTemp and MkdirTemp.) Update the Go tree to use the preferred names. As usual, code compiled with the Go 1.4 bootstrap toolchain and code vendored from other sources is excluded. ReadDir changes are in a separate CL, because they are not a simple search and replace. For #42026. Change-Id: If318df0216d57e95ea0c4093b89f65e5b0ababb3 Reviewed-on: https://go-review.googlesource.com/c/go/+/266365 Trust: Russ Cox <[email protected]> Run-TryBot: Russ Cox <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> * crypto/tls: revert "add HandshakeContext method to Conn" This reverts CL 246338. Reason for revert: waiting for 1.17 release cycle Updates #32406 Change-Id: I074379039041e086c62271d689b4b7f442281663 Reviewed-on: https://go-review.googlesource.com/c/go/+/269697 Run-TryBot: Johan Brandhorst-Satzkorn <[email protected]> Run-TryBot: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Katie Hockman <[email protected]> Trust: Katie Hockman <[email protected]> Trust: Roland Shoemaker <[email protected]> * all: go fmt std cmd (but revert vendor) Make all our package sources use Go 1.17 gofmt format (adding //go:build lines). Part of //go:build change (#41184). See https://golang.org/design/draft-gobuild Change-Id: Ia0534360e4957e58cd9a18429c39d0e32a6addb4 Reviewed-on: https://go-review.googlesource.com/c/go/+/294430 Trust: Russ Cox <[email protected]> Run-TryBot: Russ Cox <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Jason A. Donenfeld <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> * docs: fix spelling Change-Id: Ib689e5793d9cb372e759c4f34af71f004010c822 GitHub-Last-Rev: d63798388e5dcccb984689b0ae39b87453b97393 GitHub-Pull-Request: golang/go#44259 Reviewed-on: https://go-review.googlesource.com/c/go/+/291949 Reviewed-by: Emmanuel Odeke <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Trust: Matthew Dempsky <[email protected]> Trust: Robert Griesemer <[email protected]> * docs: clarify when APIs use context.Background. The Go standard library retrofitted context support onto existing APIs using context.Background and later offered variants that directly supported user-defined context value specification. This commit makes that behavior clear in documentation and suggests context-aware alternatives if the user is looking for one. An example motivation is supporting code for use in systems that expect APIs to be cancelable for lifecycle correctness or load shedding/management reasons, as alluded to in https://blog.golang.org/context-and-structs. Updates #44143 Change-Id: I2d7f954ddf9b48264d5ebc8d0007058ff9bddf14 Reviewed-on: https://go-review.googlesource.com/c/go/+/296152 Reviewed-by: Ian Lance Taylor <[email protected]> Reviewed-by: Jean de Klerk <[email protected]> Trust: Jean de Klerk <[email protected]> Run-TryBot: Jean de Klerk <[email protected]> TryBot-Result: Go Bot <[email protected]> * all: remove duplicate words Change-Id: Ib0469232a2b69a869e58d5d24990ad74ac96ea56 GitHub-Last-Rev: eb38e049ee1e773392ff3747e1eb2af20dd50dcd GitHub-Pull-Request: golang/go#44805 Reviewed-on: https://go-review.googlesource.com/c/go/+/299109 Trust: Emmanuel Odeke <[email protected]> Run-TryBot: Emmanuel Odeke <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Bryan C. Mills <[email protected]> * crypto/tls: add HandshakeContext method to Conn Adds the (*tls.Conn).HandshakeContext method. This allows us to pass the context provided down the call stack to eventually reach the tls.ClientHelloInfo and tls.CertificateRequestInfo structs. These contexts are exposed to the user as read-only via Context() methods. This allows users of (*tls.Config).GetCertificate and (*tls.Config).GetClientCertificate to use the context for request scoped parameters and cancellation. Replace uses of (*tls.Conn).Handshake with (*tls.Conn).HandshakeContext where appropriate, to propagate existing contexts. Fixes #32406 Change-Id: I259939c744bdc9b805bf51a845a8bc462c042483 Reviewed-on: https://go-review.googlesource.com/c/go/+/295370 Run-TryBot: Johan Brandhorst-Satzkorn <[email protected]> TryBot-Result: Go Bot <[email protected]> Trust: Katie Hockman <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: remove flaky cancellation test This will be reintroduced again once the source of the flakiness has been determined and fixed. Fixes #45084 Change-Id: I6677b27fcd71e8c9bb8edbe8e3be70e5a271ebd3 Reviewed-on: https://go-review.googlesource.com/c/go/+/302569 Trust: Johan Brandhorst-Satzkorn <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Johan Brandhorst-Satzkorn <[email protected]> Run-TryBot: Katie Hockman <[email protected]> Reviewed-by: Katie Hockman <[email protected]> TryBot-Result: Go Bot <[email protected]> * all: fix spellings This follows the spelling choices that the Go project has made for English words. https://github.com/golang/go/wiki/Spelling Change-Id: Ie7c586d2cf23020cb492cfff58c0831d2d8d3a78 GitHub-Last-Rev: e16a32cd225a275f73d236bcb33703986d110ded GitHub-Pull-Request: golang/go#45442 Reviewed-on: https://go-review.googlesource.com/c/go/+/308291 Run-TryBot: Ian Lance Taylor <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Trust: Emmanuel Odeke <[email protected]> * crypto/tls: fix flaky handshake cancellation tests Simplified both tests significantly by removing logic for writing the client/server side messages. The flake was likely because of a race between the closing of the local pipe from inside the test and closing of the pipe from within the handshakeContext goroutine. Wait to close the local pipe in the test until after the test has finished running. Fixes #45106 Fixes #45299 Change-Id: If7ca75aeff7df70cda03c934fa9d8513276d465d Reviewed-on: https://go-review.googlesource.com/c/go/+/305250 Trust: Johan Brandhorst-Satzkorn <[email protected]> Trust: Katie Hockman <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: enforce ALPN overlap when negotiated on both sides During the TLS handshake if the server doesn't support any of the application protocols requested by the client, send the no_application_protocol alert and abort the handshake on the server side. This enforces the requirements of RFC 7301. Change-Id: Iced2bb5c6efc607497de1c40ee3de9c2b393fa5d Reviewed-on: https://go-review.googlesource.com/c/go/+/289209 Trust: Roland Shoemaker <[email protected]> Trust: Katie Hockman <[email protected]> Run-TryBot: Roland Shoemaker <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * crypto/tls: make cipher suite preference ordering automatic We now have a (well, two, depending on AES hardware support) universal cipher suite preference order, based on their security and performance. Peer and application lists are now treated as filters (and AES hardware support hints) that are applied to this universal order. This removes a complex and nuanced decision from the application's responsibilities, one which we are better equipped to make and which applications usually don't need to have an opinion about. It also lets us worry less about what suites we support or enable, because we can be confident that bad ones won't be selected over good ones. This also moves 3DES suites to InsecureCipherSuites(), even if they are not disabled by default. Just because we can keep them as a last resort it doesn't mean they are secure. Thankfully we had not promised that Insecure means disabled by default. Notable test changes: - TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the right certificate regardless of CipherSuite ordering, which is now completely ignored, as tested by TestCipherSuitePreference. Removed. - The openssl command of TestHandshakeServerExportKeyingMaterial was broken for TLS 1.0 in CL 262857, but its golden file was not regenerated, so the test kept passing. It now broke because the selected suite from the ones in the golden file changed. - In TestAESCipherReordering, "server strongly prefers AES-GCM" is removed because there is no way for a server to express a strong preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha" switched to ChaCha20 when the server lacks AES hardware; and finally "client supports multiple AES-GCM" changed to always prefer AES-128 per the universal preference list. * this is going back on an explicit decision from CL 262857, and while that client order is weird and does suggest a strong dislike for ChaCha20, we have a strong dislike for software AES, so it didn't feel worth making the logic more complex - All Client-* golden files had to be regenerated because the ClientHello cipher suites have changed. (Even when Config.CipherSuites was limited to one suite, the TLS 1.3 default order changed.) Fixes #45430 Fixes #41476 (as 3DES is now always the last resort) Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5 Reviewed-on: https://go-review.googlesource.com/c/go/+/314609 Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Trust: Filippo Valsorda <[email protected]> * crypto/tls: fix typo in Config.NextProtos docs Change-Id: I916df584859595067e5e86c35607869397dbbd8c Reviewed-on: https://go-review.googlesource.com/c/go/+/325651 Trust: Filippo Valsorda <[email protected]> Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> * crypto/tls: let HTTP/1.1 clients connect to servers with NextProtos "h2" Fixes #46310 Change-Id: Idd5e30f05c439f736ae6f3904cbb9cc2ba772315 Reviewed-on: https://go-review.googlesource.com/c/go/+/325432 Trust: Filippo Valsorda <[email protected]> Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> * crypto/tls: test key type when casting When casting the certificate public key in generateClientKeyExchange, check the type is appropriate. This prevents a panic when a server agrees to a RSA based key exchange, but then sends an ECDSA (or other) certificate. Fixes #47143 Fixes CVE-2021-34558 Thanks to Imre Rad for reporting this issue. Change-Id: Iabccacca6052769a605cccefa1216a9f7b7f6aea Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1116723 Reviewed-by: Filippo Valsorda <[email protected]> Reviewed-by: Katie Hockman <[email protected]> Reviewed-on: https://go-review.googlesource.com/c/go/+/334031 Trust: Filippo Valsorda <[email protected]> Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> * crypto/tls: fix typo in PreferServerCipherSuites comment Fixing a typo, Deprected -> Deprecated. Change-Id: Ie0ccc9a57ae6a935b4f67154ac097dba4c3832ec GitHub-Last-Rev: 57337cc1bfa771111f229e7b899fdfdad3b1655e GitHub-Pull-Request: golang/go#47745 Reviewed-on: https://go-review.googlesource.com/c/go/+/342791 Trust: Dmitri Shuralyov <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> * [dev.boringcrypto] crypto/tls: use correct config in TestBoringClientHello The existing implementation sets the ClientConfig to s…
* Create go.yml * adding Build Status badge
* feat: UtlsIdToSpec exported `utlsIdToSpec()` function per request. * chore: func naming and comments Fixed typo in comments.
* feat: Chrome 107 fp with shuffler - added `HelloChrome_107` (not used by `HelloChrome_Auto`) - added `shuffleExtensions()` to shuffle the order of extensions in a `ClientHelloSpec` * fix: rename for chronologically accuracy - Renamed `HelloChrome_107` to `HelloChrome_106_Shuffle` to match the versioning info from https://groups.google.com/a/chromium.org/g/blink-dev/c/zdmNs2rTyVI/m/MAiQwQkwCAAJ
* refactor: split `CompressCertExtension` changes - Split most of changes for `CompressCertExtension` made to `crypto/tls` files out and moved them to `u_` files. - Edited some `crypto/tls` files to achieve better programmability for uTLS. - Minor styling fix. * feat: implement ALPS Extension draft - Made necessary modifications to existing types to support ALPS. - Ported `ApplicationSettingsExtension` implementation from `ulixee/utls` by @blakebyrnes with some adaptation. Co-Authored-By: Blake Byrnes <[email protected]> * feat: utlsFakeCustomExtension in ALPS - Introducing `utlsFakeCustomExtension` to enable implementation for custom extensions to be exchanged via ALPS. - currently it doesn't do anything. Co-Authored-By: Blake Byrnes <[email protected]> * fix: magic number in `StatusRequestV2Extension` - Fixed magic number `17` in `StatusRequestV2Extension` with pre-defined enum `extensionStatusRequestV2`. Co-authored-by: Blake Byrnes <[email protected]>
… client's greeting and subsequent frames. Lack of subsequent frames should not lead to inoperability of FingerprintClientHello. (#121)
Co-authored-by: f.gruzdev <[email protected]>
* add InsecureSkipServerNameVerify to tls.Config * Support clone InsecureSkipServerNameVerify, update error message
…(#161) * Replace InsecureSkipServerNameVerify with InsecureServerNameToVerify * Replace "any" with "*"
* update go.mod * update to latest dependencies
use the shuffled Chrome fp `HelloChrome_106_Shuffle`
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.5.0 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](golang/net@v0.5.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.