[dev.boringcrypto] all: merge master into dev.boringcrypto

Change-Id: I1aa33cabd0c55fe64994b08f8a3f7b6bbfb3282c

common.go

@@ -659,7 +659,7 @@ type Config struct {
 	// cipher suite based on logic that takes into account inferred client
 	// hardware, server hardware, and security.
 	//
-	// Deprected: PreferServerCipherSuites is ignored.
+	// Deprecated: PreferServerCipherSuites is ignored.
 	PreferServerCipherSuites bool
 
 	// SessionTicketsDisabled may be set to true to disable session ticket and

conn.go

@@ -151,6 +151,13 @@ func (c *Conn) SetWriteDeadline(t time.Time) error {
 	return c.conn.SetWriteDeadline(t)
 }
 
+// NetConn returns the underlying connection that is wrapped by c.
+// Note that writing to or reading from this connection directly will corrupt the
+// TLS session.
+func (c *Conn) NetConn() net.Conn {
+	return c.conn
+}
+
 // A halfConn represents one direction of the record layer
 // connection, either sending or receiving.
 type halfConn struct {

generate_cert.go

@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ignore
-// +build ignore
 
 // Generate a self-signed X.509 certificate for a TLS server. Outputs to
 // 'cert.pem' and 'key.pem' and will overwrite existing files.

handshake_client_test.go

@@ -97,18 +97,18 @@ func (o *opensslOutputSink) Write(data []byte) (n int, err error) {
 	o.all = append(o.all, data...)
 
 	for {
-		i := bytes.IndexByte(o.line, '\n')
+		line, next, ok := bytes.Cut(o.line, []byte("\n"))
-		if i < 0 {
+		if !ok {
 			break
 		}
 
-		if bytes.Equal([]byte(opensslEndOfHandshake), o.line[:i]) {
+		if bytes.Equal([]byte(opensslEndOfHandshake), line) {
 			o.handshakeComplete <- struct{}{}
 		}
-		if bytes.Equal([]byte(opensslReadKeyUpdate), o.line[:i]) {
+		if bytes.Equal([]byte(opensslReadKeyUpdate), line) {
 			o.readKeyUpdate <- struct{}{}
 		}
-		o.line = o.line[i+1:]
+		o.line = next
 	}
 
 	return len(data), nil

handshake_messages.go

@@ -329,8 +329,7 @@ func (m *clientHelloMsg) updateBinders(pskBinders [][]byte) {
 	m.pskBinders = pskBinders
 	if m.raw != nil {
 		lenWithoutBinders := len(m.marshalWithoutBinders())
-		// TODO(filippo): replace with NewFixedBuilder once CL 148882 is imported.
+		b := cryptobyte.NewFixedBuilder(m.raw[:lenWithoutBinders])
-		b := cryptobyte.NewBuilder(m.raw[:lenWithoutBinders])
 		b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
 			for _, binder := range m.pskBinders {
 				b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
@@ -338,7 +337,7 @@ func (m *clientHelloMsg) updateBinders(pskBinders [][]byte) {
 				})
 			}
 		})
-		if len(b.BytesOrPanic()) != len(m.raw) {
+		if out, err := b.Bytes(); err != nil || len(out) != len(m.raw) {
 			panic("tls: internal error: failed to update binders")
 		}
 	}

handshake_test.go

@@ -191,18 +191,17 @@ func parseTestData(r io.Reader) (flows [][]byte, err error) {
 		// Otherwise the line is a line of hex dump that looks like:
 		// 00000170  fc f5 06 bf (...)  |.....X{&?......!|
 		// (Some bytes have been omitted from the middle section.)
-
+		_, after, ok := strings.Cut(line, " ")
-		if i := strings.IndexByte(line, ' '); i >= 0 {
+		if !ok {
-			line = line[i:]
-		} else {
 			return nil, errors.New("invalid test data")
 		}
+		line = after
 
-		if i := strings.IndexByte(line, '|'); i >= 0 {
+		before, _, ok := strings.Cut(line, "|")
-			line = line[:i]
+		if !ok {
-		} else {
 			return nil, errors.New("invalid test data")
 		}
+		line = before
 
 		hexBytes := strings.Fields(line)
 		for _, hexByte := range hexBytes {

handshake_unix_test.go

@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 package tls