From 6ebf22f9462a29cdc31665c2ea1760365446dade Mon Sep 17 00:00:00 2001 From: vinckr Date: Thu, 26 Aug 2021 10:59:02 +0000 Subject: [PATCH 1/5] crypto/tls: fix typo in PreferServerCipherSuites comment Fixing a typo, Deprected -> Deprecated. Change-Id: Ie0ccc9a57ae6a935b4f67154ac097dba4c3832ec GitHub-Last-Rev: 57337cc1bfa771111f229e7b899fdfdad3b1655e GitHub-Pull-Request: golang/go#47745 Reviewed-on: https://go-review.googlesource.com/c/go/+/342791 Trust: Dmitri Shuralyov Reviewed-by: Filippo Valsorda --- common.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common.go b/common.go index d561e61..610a516 100644 --- a/common.go +++ b/common.go @@ -659,7 +659,7 @@ type Config struct { // cipher suite based on logic that takes into account inferred client // hardware, server hardware, and security. // - // Deprected: PreferServerCipherSuites is ignored. + // Deprecated: PreferServerCipherSuites is ignored. PreferServerCipherSuites bool // SessionTicketsDisabled may be set to true to disable session ticket and From 3ada52a07ff90ede7535a1552a777b6f224ccbb8 Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Sat, 8 May 2021 01:07:30 -0400 Subject: [PATCH 2/5] crypto/tls: use cryptobyte.NewFixedBuilder Change-Id: Ia2a9465680e766336dae34f5d2b3cb412185bf1f Reviewed-on: https://go-review.googlesource.com/c/go/+/318131 Trust: Filippo Valsorda Run-TryBot: Filippo Valsorda TryBot-Result: Go Bot Reviewed-by: Roland Shoemaker --- handshake_messages.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/handshake_messages.go b/handshake_messages.go index b5f81e4..17cf859 100644 --- a/handshake_messages.go +++ b/handshake_messages.go @@ -329,8 +329,7 @@ func (m *clientHelloMsg) updateBinders(pskBinders [][]byte) { m.pskBinders = pskBinders if m.raw != nil { lenWithoutBinders := len(m.marshalWithoutBinders()) - // TODO(filippo): replace with NewFixedBuilder once CL 148882 is imported. - b := cryptobyte.NewBuilder(m.raw[:lenWithoutBinders]) + b := cryptobyte.NewFixedBuilder(m.raw[:lenWithoutBinders]) b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { for _, binder := range m.pskBinders { b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) { @@ -338,7 +337,7 @@ func (m *clientHelloMsg) updateBinders(pskBinders [][]byte) { }) } }) - if len(b.BytesOrPanic()) != len(m.raw) { + if out, err := b.Bytes(); err != nil || len(out) != len(m.raw) { panic("tls: internal error: failed to update binders") } } From b5419a1985503c363f568e97ad8187d504320e01 Mon Sep 17 00:00:00 2001 From: Russ Cox Date: Wed, 22 Sep 2021 10:46:32 -0400 Subject: [PATCH 3/5] all: use bytes.Cut, strings.Cut Many uses of Index/IndexByte/IndexRune/Split/SplitN can be written more clearly using the new Cut functions. Do that. Also rewrite to other functions if that's clearer. For #46336. Change-Id: I68d024716ace41a57a8bf74455c62279bde0f448 Reviewed-on: https://go-review.googlesource.com/c/go/+/351711 Trust: Russ Cox Run-TryBot: Russ Cox TryBot-Result: Go Bot Reviewed-by: Ian Lance Taylor --- handshake_client_test.go | 10 +++++----- handshake_test.go | 13 ++++++------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/handshake_client_test.go b/handshake_client_test.go index b6eb488..2158f32 100644 --- a/handshake_client_test.go +++ b/handshake_client_test.go @@ -97,18 +97,18 @@ func (o *opensslOutputSink) Write(data []byte) (n int, err error) { o.all = append(o.all, data...) for { - i := bytes.IndexByte(o.line, '\n') - if i < 0 { + line, next, ok := bytes.Cut(o.line, []byte("\n")) + if !ok { break } - if bytes.Equal([]byte(opensslEndOfHandshake), o.line[:i]) { + if bytes.Equal([]byte(opensslEndOfHandshake), line) { o.handshakeComplete <- struct{}{} } - if bytes.Equal([]byte(opensslReadKeyUpdate), o.line[:i]) { + if bytes.Equal([]byte(opensslReadKeyUpdate), line) { o.readKeyUpdate <- struct{}{} } - o.line = o.line[i+1:] + o.line = next } return len(data), nil diff --git a/handshake_test.go b/handshake_test.go index 9bfb117..90ac9bd 100644 --- a/handshake_test.go +++ b/handshake_test.go @@ -191,18 +191,17 @@ func parseTestData(r io.Reader) (flows [][]byte, err error) { // Otherwise the line is a line of hex dump that looks like: // 00000170 fc f5 06 bf (...) |.....X{&?......!| // (Some bytes have been omitted from the middle section.) - - if i := strings.IndexByte(line, ' '); i >= 0 { - line = line[i:] - } else { + _, after, ok := strings.Cut(line, " ") + if !ok { return nil, errors.New("invalid test data") } + line = after - if i := strings.IndexByte(line, '|'); i >= 0 { - line = line[:i] - } else { + before, _, ok := strings.Cut(line, "|") + if !ok { return nil, errors.New("invalid test data") } + line = before hexBytes := strings.Fields(line) for _, hexByte := range hexBytes { From e53ded954dfea99efe2d8f51a3ece7df090494b4 Mon Sep 17 00:00:00 2001 From: Agniva De Sarker Date: Sat, 5 Jun 2021 11:04:37 +0530 Subject: [PATCH 4/5] crypto/tls: add Conn.NetConn method NetConn method gives us access to the underlying net.Conn value. Fixes #29257 Change-Id: I68b2a92ed9dab4be9900807c94184f8c0aeb4f72 Reviewed-on: https://go-review.googlesource.com/c/go/+/325250 Reviewed-by: Filippo Valsorda Trust: Agniva De Sarker Trust: Katie Hockman --- conn.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/conn.go b/conn.go index 969f357..300e9a2 100644 --- a/conn.go +++ b/conn.go @@ -151,6 +151,13 @@ func (c *Conn) SetWriteDeadline(t time.Time) error { return c.conn.SetWriteDeadline(t) } +// NetConn returns the underlying connection that is wrapped by c. +// Note that writing to or reading from this connection directly will corrupt the +// TLS session. +func (c *Conn) NetConn() net.Conn { + return c.conn +} + // A halfConn represents one direction of the record layer // connection, either sending or receiving. type halfConn struct { From a316702d439c8e061a0df0d776b7e93f39728eaa Mon Sep 17 00:00:00 2001 From: Russ Cox Date: Wed, 25 Aug 2021 12:48:26 -0400 Subject: [PATCH 5/5] all: go fix -fix=buildtag std cmd (except for bootstrap deps, vendor) When these packages are released as part of Go 1.18, Go 1.16 will no longer be supported, so we can remove the +build tags in these files. Ran go fix -fix=buildtag std cmd and then reverted the bootstrapDirs as defined in src/cmd/dist/buildtool.go, which need to continue to build with Go 1.4 for now. Also reverted src/vendor and src/cmd/vendor, which will need to be updated in their own repos first. Manual changes in runtime/pprof/mprof_test.go to adjust line numbers. For #41184. Change-Id: Ic0f93f7091295b6abc76ed5cd6e6746e1280861e Reviewed-on: https://go-review.googlesource.com/c/go/+/344955 Trust: Russ Cox Run-TryBot: Russ Cox TryBot-Result: Go Bot Reviewed-by: Bryan C. Mills --- generate_cert.go | 1 - handshake_unix_test.go | 1 - 2 files changed, 2 deletions(-) diff --git a/generate_cert.go b/generate_cert.go index 7ea90f8..58fdd02 100644 --- a/generate_cert.go +++ b/generate_cert.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build ignore -// +build ignore // Generate a self-signed X.509 certificate for a TLS server. Outputs to // 'cert.pem' and 'key.pem' and will overwrite existing files. diff --git a/handshake_unix_test.go b/handshake_unix_test.go index 19fc698..b61e7c2 100644 --- a/handshake_unix_test.go +++ b/handshake_unix_test.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris -// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris package tls