mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
87 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Mingye Chen
|
a99feacec2 | sync: merge changes from go 1.24.0 | ||
|
Mingye Chen
|
cefe226467 | sync: merge changes from go 1.23.4 | ||
Alec Bakholdin
|
c75d0ae38e |
crypto/mlkem: swap order of return values of Encapsulate
Per FIPS 203 (https://csrc.nist.gov/pubs/fips/203/final), the order of return values should be sharedKey, ciphertext. This commit simply swaps those return values and updates any consumers of the Encapsulate() method to respect the new order. Fixes #70950 Change-Id: I2a0d605e3baf7fe69510d60d3d35bbac18f883c9 Reviewed-on: https://go-review.googlesource.com/c/go/+/638376 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Austin Clements <austin@google.com> Auto-Submit: Ian Lance Taylor <iant@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> |
||
Filippo Valsorda
|
77ea502eee |
crypto/tls: implement X25519MLKEM768
This makes three related changes that work particularly well together and would require significant extra work to do separately: it replaces X25519Kyber768Draft00 with X25519MLKEM768, it makes CurvePreferences ordering crypto/tls-selected, and applies a preference to PQ key exchange methods over key shares (to mitigate downgrades). TestHandshakeServerUnsupportedKeyShare was removed because we are not rejecting unsupported key shares anymore (nor do we select them, and rejecting them actively is a MAY). It would have been nice to keep the test to check we still continue successfully, but testClientHelloFailure is broken in the face of any server-side behavior which requires writing any other messages back to the client, or reading them. Updates #69985 Fixes #69393 Change-Id: I58de76f5b8742a9bd4543fd7907c48e038507b19 Reviewed-on: https://go-review.googlesource.com/c/go/+/630775 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> |
||
Roland Shoemaker
|
212bbb2c77 |
crypto/tls: add server-side ECH
Adds support for server-side ECH. We make a couple of implementation decisions that are not completely in-line with the spec. In particular, we don't enforce that the SNI matches the ECHConfig public_name, and we implement a hybrid shared/backend mode (rather than shared or split mode, as described in Section 7). Both of these match the behavior of BoringSSL. The hybrid server mode will either act as a shared mode server, where-in the server accepts "outer" client hellos and unwraps them before processing the "inner" hello, or accepts bare "inner" hellos initially. This lets the server operate either transparently as a shared mode server, or a backend server, in Section 7 terminology. This seems like the best implementation choice for a TLS library. Fixes #68500 Change-Id: Ife69db7c1886610742e95e76b0ca92587e6d7ed4 Reviewed-on: https://go-review.googlesource.com/c/go/+/623576 Reviewed-by: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> |
||
Daniel McCarney
|
9abc9d7132 |
crypto/tls: FIPS 140-3 mode
Consolidates handling of FIPS 140-3 considerations for the tls package. Considerations specific to certificates are now handled in tls instead of x509 to limit the area-of-effect of FIPS as much as possible. Boringcrypto specific prefixes are renamed as appropriate. For #69536 Co-authored-by: Filippo Valsorda <filippo@golang.org> Change-Id: I1b1fef83c3599e4c9b98ad81db582ac93253030b Reviewed-on: https://go-review.googlesource.com/c/go/+/629675 Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Russ Cox <rsc@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> |
||
Russ Cox
|
f37765f45c |
internal/byteorder: use canonical Go casing in names
If Be and Le stand for big-endian and little-endian, then they should be BE and LE. Change-Id: I723e3962b8918da84791783d3c547638f1c9e8a9 Reviewed-on: https://go-review.googlesource.com/c/go/+/627376 Reviewed-by: Robert Griesemer <gri@google.com> Auto-Submit: Russ Cox <rsc@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> |
||
|
Russ Cox
|
0d5c2fe3a1 |
all: rename crypto/internal/fips to crypto/internal/fips140
Sometimes we've used the 140 suffix (GOFIPS140, crypto/fips140) and sometimes not (crypto/internal/fips, cmd/go/internal/fips). Use it always, to avoid having to remember which is which. Also, there are other FIPS standards, like AES (FIPS 197), SHA-2 (FIPS 180), and so on, which have nothing to do with FIPS 140. Best to be clear. For #70123. Change-Id: I33b29dabd9e8b2703d2af25e428f88bc81c7c307 Reviewed-on: https://go-review.googlesource.com/c/go/+/630115 Reviewed-by: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Russ Cox <rsc@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> |
||
|
Filippo Valsorda
|
0eeabaa9d7 |
crypto/internal/mlkem768: move to crypto/internal/fips/mlkem
In the process, replace out-of-module imports with their FIPS versions. For #69536 Change-Id: I83e900b7c38ecf760382e5dca7fd0b1eaa5a5589 Reviewed-on: https://go-review.googlesource.com/c/go/+/626879 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Russ Cox <rsc@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Michael Knyszek <mknyszek@google.com> |
||
|
Filippo Valsorda
|
d1f74ada56 |
crypto/internal/mlkem768: add -768 suffix to all exported identifiers
In preparation for introducing ML-KEM-1024. Aside from the constants at the top, all other changes were automated. Change-Id: I0fafce9a776c7b0b9179be1c858709cabf60e80f Reviewed-on: https://go-review.googlesource.com/c/go/+/621981 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Russ Cox <rsc@golang.org> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> |
||
|
Filippo Valsorda
|
80b8ff4aa9 |
crypto/internal/fips/tls13: implement TLS 1.3 KDF
The new implementation encodes the key schedule into the type system, which is actually nicer than what we had before. For #69536 Change-Id: Iddab62c2aae40bc2425a155443576bb9b7aafe03 Reviewed-on: https://go-review.googlesource.com/c/go/+/626836 Reviewed-by: Russ Cox <rsc@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Commit-Queue: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> |
||
|
Filippo Valsorda
|
309a3593cd |
crypto/tls: align FIPS-only mode with BoringSSL policy
This enables TLS 1.3, disables P-521, and disables non-ECDHE suites. Reapplies CL 549975. Updates #64717 Updates #62372 Change-Id: I6c608704638d59a063a657fbd4eb1126027112dd Reviewed-on: https://go-review.googlesource.com/c/go/+/603376 Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com> |
||
Damien Neil
|
8b177082b2 |
crypto/tls: apply QUIC session event flag to QUICResumeSession events
Go 1.23 adds two new events to QUICConns: QUICStoreSessionEvent and QUICResumeSessionEvent. We added a QUICConfig.EnableStoreSessionEvent flag to control whether the store-session event is provided or not, because receiving this event requires additional action from the caller: the session must be explicitly stored with QUICConn.StoreSession. We did not add a control for whether the resume-session event is provided, because this event requires no action and the caller is expected to ignore unknown events. However, we never documented the expectation that callers ignore unknown events, and quic-go produces an error when receiving an unexpected event. So change the EnableStoreSessionEvent flag to apply to both new events. Fixes #68124 For #63691 Change-Id: I84af487e52b3815f7b648e09884608f8915cd645 Reviewed-on: https://go-review.googlesource.com/c/go/+/594475 Reviewed-by: Marten Seemann <martenseemann@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> |
||
|
Damien Neil
|
833bba2d07 |
crypto/tls: improved 0-RTT QUIC API
Add synchronous management of stored sessions to QUICConn. This adds QUICStoreSession and QUICResumeSession events, permitting a QUIC implementation to handle session resumption as part of its regular event loop processing. Fixes #63691 Change-Id: I9fe16207cc1986eac084869675bc36e227cbf3f0 Reviewed-on: https://go-review.googlesource.com/c/go/+/536935 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Marten Seemann <martenseemann@gmail.com> Reviewed-by: Roland Shoemaker <roland@golang.org> |
||
|
Filippo Valsorda
|
a81de4f2e0 |
crypto/tls: implement X25519Kyber768Draft00
Forced the testConfig CurvePreferences to exclude X25519Kyber768Draft00 to avoid bloating the transcripts, but I manually tested it and the tests all update and pass successfully, causing 7436 insertions(+), 3251 deletions(-). Fixes #67061 Change-Id: If6f13bca561835777ab0889a490487b7c2366c3c Reviewed-on: https://go-review.googlesource.com/c/go/+/586656 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> |
||
|
Filippo Valsorda
|
245de0a13b |
crypto/tls: clarify group selection logic
I initially thought the logic was broken, but writing the test I
realized it was actually very clever (derogative). It was relying on the
outer loop continuing after a supported match without a key share,
allowing a later key share to override it (but not a later supported
match because of the "if selectedGroup != 0 { continue }").
Replaced the clever loop with two hopefully more understandable loops,
and added a test (which was already passing).
We were however not checking that the selected group is in the supported
list if we found it in key shares first. (This was only a MAY.) Fixed.
Fixes #65686
Change-Id: I09ea44f90167ffa36809deb78255ed039a217b6d
Reviewed-on: https://go-review.googlesource.com/c/go/+/586655
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
|
||
Mateusz Poliwczak
|
5197ef4589 |
crypto: replace encoding/binary in favour of internal/byteorder
Updates #54097 Change-Id: I827a5efd1736ce057b76f079466f2d9ead225898 GitHub-Last-Rev: 40af10469d85ce9f4bef4b40025589d9e44f43d6 GitHub-Pull-Request: golang/go#67321 Reviewed-on: https://go-review.googlesource.com/c/go/+/585017 Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@google.com> Auto-Submit: Keith Randall <khr@golang.org> Commit-Queue: Ian Lance Taylor <iant@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com> |
||
Daniel Martí
|
8d53a491d1 |
crypto/tls,regexp: remove always-nil error results
These were harmless, but added unnecessary verbosity to the code. This can happen as a result of refactors: for example, the method sessionState used to return errors in some cases. Change-Id: I4e6dacc01ae6a49b528c672979f95cbb86795a85 Reviewed-on: https://go-review.googlesource.com/c/go/+/528995 Reviewed-by: Leo Isla <islaleo93@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: Olivier Mengué <olivier.mengue@gmail.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: qiulaidongfeng <2645477756@qq.com> Reviewed-by: Quim Muntal <quimmuntal@gmail.com> |
||
|
Filippo Valsorda
|
c3aeef03b3 |
Revert "crypto/internal/boring: upgrade module to fips-20220613" +1
This reverts commit 7383b2a4db5dc93c9b875b42d5add73d27cc4b9f
("crypto/internal/boring: upgrade module to fips-20220613") and commit
4106de901a8efe914cda6f6c4e8d45ff8c115da4 ("crypto/tls: align FIPS-only
mode with BoringSSL policy").
Fixes #65321
Updates #64717
Updates #62372
Change-Id: I0938b97e5b4904e6532448b8ae76e920d03d0508
Reviewed-on: https://go-review.googlesource.com/c/go/+/558796
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
||
Gaukas Wang
|
5796f9738a
|
🚑 fix: code broken after merging
Signed-off-by: Gaukas Wang <i@gaukas.wang> |
||
|
Gaukas Wang
|
bd8fe35ca1
|
🔀 update: Merge 'upstream:release-branch.go1.22'
Merge upstream using a real merge commit. Signed-off-by: Gaukas Wang <i@gaukas.wang> |
||
|
Filippo Valsorda
|
035b9d2bbf |
crypto/tls: align FIPS-only mode with BoringSSL policy
This enables TLS 1.3, disables P-521, and disables non-ECDHE suites. Fixes #64717 Updates #62372 Change-Id: I3a65b239ef0198bbdbe5e55e0810e7128f90a091 Reviewed-on: https://go-review.googlesource.com/c/go/+/549975 Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Than McIntosh <thanm@google.com> |
||
Marten Seemann
|
f20bc39fcb |
crypto/tls: check client's supported versions when using QUIC
According to RFC 9001 Section 4.2, the client MUST NOT offer any TLS version older than 1.3. Fixes #63723. Change-Id: Ia92f98274ca784e2bc151faf236380af51f699c1 Reviewed-on: https://go-review.googlesource.com/c/go/+/537576 Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> |
||
Gaukas Wang
|
6c1a910019 |
uTLS: X25519Kyber768Draft00 hybrid post-quantum key agreement by cloudflare/go (#222)
* crypto/tls: Add hybrid post-quantum key agreement (#13) * import: client-side KEM from cloudflare/go * import: server-side KEM from cloudflare/go * fix: modify test to get rid of CFEvents. Note: uTLS does not promise any server-side functionality, and this change is made to be able to conduct unit tests which requires both side to be able to handle KEM Curves. Co-authored-by: Christopher Wood <caw@heapingbits.net> Co-Authored-By: Bas Westerbaan <bas@westerbaan.name> ---- Based on: * crypto/tls: Add hybrid post-quantum key agreement Adds X25519Kyber512Draft00, X25519Kyber768Draft00, and P256Kyber768Draft00 hybrid post-quantum key agreements with temporary group identifiers. The hybrid post-quantum key exchanges uses plain X{25519,448} instead of HPKE, which we assume will be more likely to be adopted. The order is chosen to match CECPQ2. Not enabled by default. Adds CFEvents to detect `HelloRetryRequest`s and to signal which key agreement was used. Co-authored-by: Christopher Wood <caw@heapingbits.net> [bas, 1.20.1: also adds P256Kyber768Draft00] [pwu, 1.20.4: updated circl to v1.3.3, moved code to cfevent.go] * crypto: add support for CIRCL signature schemes * only partially port the commit from cloudflare/go. We would stick to the official x509 at the cost of incompatibility. Co-Authored-By: Bas Westerbaan <bas@westerbaan.name> Co-Authored-By: Christopher Patton <3453007+cjpatton@users.noreply.github.com> Co-Authored-By: Peter Wu <peter@lekensteyn.nl> * crypto/tls: add new X25519Kyber768Draft00 code point Ported from cloudflare/go to support the upcoming new post-quantum keyshare. ---- * Point tls.X25519Kyber768Draft00 to the new 0x6399 identifier while the old 0xfe31 identifier is available as tls.X25519Kyber768Draft00Old. * Make sure that the kem.PrivateKey can always be mapped to the CurveID that was linked to it. This is needed since we now have two ID aliasing to the same scheme, and clients need to be able to detect whether the key share presented by the server actually matches the key share that the client originally sent. * Update tests, add the new identifier and remove unnecessary code. Link: https://mailarchive.ietf.org/arch/msg/tls/HAWpNpgptl--UZNSYuvsjB-Pc2k/ Link: https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/02/ Co-Authored-By: Peter Wu <peter@lekensteyn.nl> Co-Authored-By: Bas Westerbaan <bas@westerbaan.name> --------- Co-authored-by: Bas Westerbaan <bas@westerbaan.name> Co-authored-by: Christopher Patton <3453007+cjpatton@users.noreply.github.com> Co-authored-by: Peter Wu <peter@lekensteyn.nl> |
||
|
Gaukas Wang
|
86e9b69fdd
|
sync: Go 1.21 with QUIC support (#208)
* sync: Go 1.21rc3, QUIC support added (#207) * sync: merge with upstream tag/go-1.21rc3 (#11) * fix: all tests pass * impl: UQUIC Transport * deps: bump up min Go version * new: uquic * fix: add QUICTransportParameter * deprecated: Go 1.19 no longer supported Go 1.19 will fail to build or pass the test once we bump up to the new version. * sync: crypto/tls: restrict RSA keys in certificates to <= 8192 bits (#209) * [release-branch.go1.21] crypto/tls: restrict RSA keys in certificates to <= 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Thanks to Mateusz Poliwczak for reporting this issue. Fixes CVE-2023-29409 * build: [ci skip] boring not included * fix: typo [ci skip] * docs: replenish readme [ci skip] replace old build status badge with new ones, bump up required version noted in docs, update developer contact to reflect current status. |
||
|
Filippo Valsorda
|
5ca720fc5e |
crypto/tls: don't reverify but check certificate expiration on resumption
We used to inconsistently run certificate verification on the server on resumption, but not on the client. This made TLS 1.3 resumption pretty much useless, as it didn't save bytes, CPU, or round-trips. This requires serializing the verified chains into the session ticket, so it's a tradeoff making the ticket bigger to save computation (and for consistency). The previous behavior also had a "stickyness" issue: if a ticket contained invalid certificates, they would be used even if the client had in the meantime configured valid certificates for a full handshake. We also didn't check expiration on the client side on resumption if InsecureSkipVerify was set. Again for consistency, we do that now. Also, we used to run VerifyPeerCertificates on resumption even if NoClientCerts was set. Fixes #31641 Change-Id: Icc88269ea4adb544fa81158114aae76f3c91a15f Reviewed-on: https://go-review.googlesource.com/c/go/+/497895 Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> |
||
|
Filippo Valsorda
|
1143de0f03 |
crypto/tls: add QUIC 0-RTT APIs
Fixes #60107 Change-Id: I158b1c2d80d8ebb5ed7a8e6f313f69060754e220 Reviewed-on: https://go-review.googlesource.com/c/go/+/496995 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> |
||
|
Filippo Valsorda
|
7147979294 |
crypto/tls: add WrapSession and UnwrapSession
There was a bug in TestResumption: the first ExpiredSessionTicket was inserting a ticket far in the future, so the second ExpiredSessionTicket wasn't actually supposed to fail. However, there was a bug in checkForResumption->sendSessionTicket, too: if a session was not resumed because it was too old, its createdAt was still persisted in the next ticket. The two bugs used to cancel each other out. For #60105 Fixes #19199 Change-Id: Ic9b2aab943dcbf0de62b8758a6195319dc286e2f Reviewed-on: https://go-review.googlesource.com/c/go/+/496821 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com> |
||
|
Filippo Valsorda
|
e911b27e23 |
crypto/tls: use SessionState on the client side
Another internal change, that allows exposing the new APIs easily in following CLs. For #60105 Change-Id: I9c61b9f6e9d29af633f952444f514bcbbe82fe4e Reviewed-on: https://go-review.googlesource.com/c/go/+/496819 Reviewed-by: Matthew Dempsky <mdempsky@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Filippo Valsorda <filippo@golang.org> |
||
|
Filippo Valsorda
|
b838c1c320 |
crypto/tls: add SessionState and use it on the server side
This change by itself is useless, because the application has no way to access or provide SessionStates to crypto/tls, but they will be provided in following CLs. For #60105 Change-Id: I8d5de79b1eda0a778420134cf6f346246a1bb296 Reviewed-on: https://go-review.googlesource.com/c/go/+/496818 Reviewed-by: Marten Seemann <martenseemann@gmail.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Matthew Dempsky <mdempsky@google.com> Run-TryBot: Filippo Valsorda <filippo@golang.org> |
||
|
Filippo Valsorda
|
65b9e15fc2 |
crypto/tls: reduce session ticket linkability
Ever since session ticket key rotation was introduced in CL 9072, we've been including a prefix in every ticket to identify what key it's encrypted with. It's a small privacy gain, but the cost of trial decryptions is also small, especially since the first key is probably the most frequently used. Also reissue tickets on every resumption so that the next connection can't be linked to all the previous ones. Again the privacy gain is small but the performance cost is small and it comes with a reduction in complexity. For #60105 Change-Id: I852f297162d2b79a3d9bf61f6171e8ce94b2537a Reviewed-on: https://go-review.googlesource.com/c/go/+/496817 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Matthew Dempsky <mdempsky@google.com> Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> |
||
|
Damien Neil
|
b7691e8126 |
crypto/tls: support QUIC as a transport
Add a QUICConn type for use by QUIC implementations. A QUICConn provides unencrypted handshake bytes and connection secrets to the QUIC layer, and receives handshake bytes. For #44886 Change-Id: I859dda4cc6d466a1df2fb863a69d3a2a069110d5 Reviewed-on: https://go-review.googlesource.com/c/go/+/493655 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Matthew Dempsky <mdempsky@google.com> Reviewed-by: Marten Seemann <martenseemann@gmail.com> |
||
|
Gaukas Wang
|
71b4ad3909
|
Sync with upstream: Go 1.19.6 (no new change in 1.19.7) (#172)
* Adding all changes from Go 1.19.6 w/ Conflict Unresolved (#10)
* [dev.boringcrypto] crypto/sha1,sha256,sha512: use BoringCrypto
Change-Id: I80a764971b41f75c3b699797bfed71f509e3407d
Reviewed-on: https://go-review.googlesource.com/55474
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* [dev.boringcrypto] crypto/aes: use BoringCrypto
Change-Id: If83fdeac31f65aba818bbc7edd2f215b16814021
Reviewed-on: https://go-review.googlesource.com/55476
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* [dev.boringcrypto] crypto/tls: use TLS-specific AES-GCM mode if available
Change-Id: Ide00c40c0ca8d486f3bd8968e1d301c8b0ed6d05
Reviewed-on: https://go-review.googlesource.com/56011
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* [dev.boringcrypto] crypto/tls/fipsonly: new package to force FIPS-allowed TLS settings
Change-Id: I3268cab2de8aed9e2424e9c3bc7667083bc5e1ce
Reviewed-on: https://go-review.googlesource.com/65250
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* [dev.boringcrypto] crypto/tls: restore AES-GCM priority when BoringCrypto is enabled
This patch used to be in crypto/internal/cipherhw.AESGCMSupport which
was removed from the tree. It was meant and documented to affect only
crypto/tls, so move the logic there.
Change-Id: I36ed4f08a5fe2abaab18907910899ae0297d1611
Reviewed-on: https://go-review.googlesource.com/114816
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* [dev.boringcrypto] crypto/tls: test for TLS 1.3 to be disabled in FIPS mode
Change-Id: I32b3e29a3e34f20cccc51666905fd36744ef00b2
Reviewed-on: https://go-review.googlesource.com/c/149602
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: add support for Ed25519 certificates in TLS 1.2 and 1.3
Support for Ed25519 certificates was added in CL 175478, this wires them
up into the TLS stack according to RFC 8422 (TLS 1.2) and RFC 8446 (TLS 1.3).
RFC 8422 also specifies support for TLS 1.0 and 1.1, and I initially
implemented that, but even OpenSSL doesn't take the complexity, so I
just dropped it. It would have required keeping a buffer of the
handshake transcript in order to do the direct Ed25519 signatures. We
effectively need to support TLS 1.2 because it shares ClientHello
signature algorithms with TLS 1.3.
While at it, reordered the advertised signature algorithms in the rough
order we would want to use them, also based on what curves have fast
constant-time implementations.
Client and client auth tests changed because of the change in advertised
signature algorithms in ClientHello and CertificateRequest.
Fixes #25355
Change-Id: I9fdd839afde4fd6b13fcbc5cc7017fd8c35085ee
Reviewed-on: https://go-review.googlesource.com/c/go/+/177698
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: fix TestVerifyHostnameResumed
In TLS 1.3 session tickets are delivered after the handshake, and it
looks like now the Google servers wait until the first flight of data to
send them (or our timeout is too low). Cause some data to be sent so we
can avoid the guessing game.
Fixes #32090
Change-Id: I54af4acb3a89cc70c9e14a5dfe18a44c29a841a7
Reviewed-on: https://go-review.googlesource.com/c/go/+/177877
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* all: remove PEM-encoded private keys from tests
Gerrit is complaining about pushes that affect these files
and forcing people to use -o nokeycheck, which defeats
the point of the check. Hide the keys from this kind of scan
by marking them explicitly as testing keys.
This is a little annoying but better than training everyone
who ever edits one of these test files to reflexively override
the Gerrit check.
The only remaining keys explicitly marked as private instead
of testing are in examples, and there's not much to do
about those. Hopefully they are not edited as much.
Change-Id: I4431592b5266cb39fe6a80b40e742d97da803a0b
Reviewed-on: https://go-review.googlesource.com/c/go/+/178178
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* all: shorten some tests
Shorten some of the longest tests that run during all.bash.
Removes 7r 50u 21s from all.bash.
After this change, all.bash is under 5 minutes again on my laptop.
For #26473.
Change-Id: Ie0460aa935808d65460408feaed210fbaa1d5d79
Reviewed-on: https://go-review.googlesource.com/c/go/+/177559
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* [dev.boringcrypto] crypto: move crypto/internal/boring imports to reduce merge conflicts
As suggested by dmitshur@, move them to their own block so they don't
conflict with changes in the upstream imports.
Change-Id: Id46fb7c766066c406023b0355f4c3c860166f0fe
Reviewed-on: https://go-review.googlesource.com/c/go/+/181277
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
* crypto/tls: disable RSA-PSS in TLS 1.2 again
Signing with RSA-PSS can uncover faulty crypto.Signer implementations,
and it can fail for (broken) small keys. We'll have to take that
breakage eventually, but it would be nice for it to be opt-out at first.
TLS 1.3 requires RSA-PSS and is opt-out in Go 1.13. Instead of making a
TLS 1.3 opt-out influence a TLS 1.2 behavior, let's wait to add RSA-PSS
to TLS 1.2 until TLS 1.3 is on without opt-out.
Note that since the Client Hello is sent before a protocol version is
selected, we have to advertise RSA-PSS there to support TLS 1.3.
That means that we still support RSA-PSS on the client in TLS 1.2 for
verifying server certificates, which is fine, as all issues arise on the
signing side. We have to be careful not to pick (or consider available)
RSA-PSS on the client for client certificates, though.
We'd expect tests to change only in TLS 1.2:
* the server won't pick PSS to sign the key exchange
(Server-TLSv12-* w/ RSA, TestHandshakeServerRSAPSS);
* the server won't advertise PSS in CertificateRequest
(Server-TLSv12-ClientAuthRequested*, TestClientAuth);
* and the client won't pick PSS for its CertificateVerify
(Client-TLSv12-ClientCert-RSA-*, TestHandshakeClientCertRSAPSS,
Client-TLSv12-Renegotiate* because "R" requests a client cert).
Client-TLSv13-ClientCert-RSA-RSAPSS was updated because of a fix in the test.
This effectively reverts 88343530720a52c96b21f2bd5488c8fb607605d7.
Testing was made more complex by the undocumented semantics of OpenSSL's
-[client_]sigalgs (see openssl/openssl#9172).
Updates #32425
Change-Id: Iaddeb2df1f5c75cd090cc8321df2ac8e8e7db349
Reviewed-on: https://go-review.googlesource.com/c/go/+/182339
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: move shared code and resources to handshake_test.go
Removed cross-dependencies between handshake_server_test.go and
handshake_client_test.go; moved all initialization to TestMain; replaced
SSLKEYLOGFILE environment variable with -keylog flag.
Change-Id: Ida6712daa44e01a2c00658e8a1896087ee88bcb0
Reviewed-on: https://go-review.googlesource.com/c/go/+/183057
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: reject low-order Curve25519 points
The RFC recommends checking the X25519 output to ensure it's not the
zero value, to guard against peers trying to remove contributory
behavior.
In TLS there should be enough transcript involvement to mitigate any
attack, and the RSA key exchange would suffer from the same issues by
design, so not proposing a backport.
See #31846
Change-Id: I8e657f8ee8aa72c3f8ca3b124555202638c53f5e
Reviewed-on: https://go-review.googlesource.com/c/go/+/183039
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: deflake localPipe in tests
The localPipe implementation assumes that every successful net.Dial
results in exactly one successful listener.Accept. I don't believe this
is guaranteed by essentially any operating system. For this test, we're
seeing flakes on dragonfly (#29583).
But see also #19519, flakes due to the same assumption on FreeBSD
and macOS in package net's own tests.
This CL rewrites localPipe to try a few times to get a matching pair
of connections on the dial and accept side.
Fixes #29583.
Change-Id: Idb045b18c404eae457f091df20456c5ae879a291
Reviewed-on: https://go-review.googlesource.com/c/go/+/184157
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
* crypto/tls: remove TestVerifyHostnameResumed
Session resumption is not a reliable TLS behavior: the server can decide
to reject a session ticket for a number of reasons, or no reason at all.
This makes this non-hermetic test extremely brittle.
It's currently broken on the builders for both TLS 1.2 and TLS 1.3, and
I could reproduce the issue for TLS 1.3 only. As I was debugging it, it
started passing entirely on my machine.
In practice, it doesn't get us any coverage as resumption is already
tested with the recorded exchange tests, and TestVerifyHostname still
provides a smoke test checking that we can in fact talk TLS.
Fixes #32978
Change-Id: I63505e22ff7704f25ad700d46e4ff14850ba5d3c
Reviewed-on: https://go-review.googlesource.com/c/go/+/186239
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
* crypto/tls: deprecate SSLv3 support
Updates #32716
Change-Id: Ia0c03918e8f2da4d9824c49c6d4cfca1b0787b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/184102
Reviewed-by: Andrew Bonventre <andybons@golang.org>
* crypto/tls: make SSLv3 again disabled by default
It was mistakenly re-enabled in CL 146217.
Fixes #33837
Change-Id: I8c0e1787114c6232df5888e51e355906622295bc
Reviewed-on: https://go-review.googlesource.com/c/go/+/191877
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
* crypto/tls: remove SSLv3 support
SSLv3 has been irreparably broken since the POODLE attack 5 years ago
and RFC 7568 (f.k.a. draft-ietf-tls-sslv3-diediedie) prohibits its use
in no uncertain terms.
As announced in the Go 1.13 release notes, remove support for it
entirely in Go 1.14.
Updates #32716
Change-Id: Id653557961d8f75f484a01e6afd2e104a4ccceaf
Reviewed-on: https://go-review.googlesource.com/c/go/+/191976
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* crypto/tls: remove TLS 1.3 opt-out
Fixes #30055
Change-Id: If757c43b52fc7bf62b0afb1c720615329fb5569d
Reviewed-on: https://go-review.googlesource.com/c/go/+/191999
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* all: fix typos
Use the following (suboptimal) script to obtain a list of possible
typos:
#!/usr/bin/env sh
set -x
git ls-files |\
grep -e '\.\(c\|cc\|go\)$' |\
xargs -n 1\
awk\
'/\/\// { gsub(/.*\/\//, ""); print; } /\/\*/, /\*\// { gsub(/.*\/\*/, ""); gsub(/\*\/.*/, ""); }' |\
hunspell -d en_US -l |\
grep '^[[:upper:]]\{0,1\}[[:lower:]]\{1,\}$' |\
grep -v -e '^.\{1,4\}$' -e '^.\{16,\}$' |\
sort -f |\
uniq -c |\
awk '$1 == 1 { print $2; }'
Then, go through the results manually and fix the most obvious typos in
the non-vendored code.
Change-Id: I3cb5830a176850e1a0584b8a40b47bde7b260eae
Reviewed-on: https://go-review.googlesource.com/c/go/+/193848
Reviewed-by: Robert Griesemer <gri@golang.org>
* crypto/tls: remove NPN support
RELNOTE=yes
Fixes #28362
Change-Id: I43813c0c17bbe6c4cbb4d1f121518c434b3f5aa8
Reviewed-on: https://go-review.googlesource.com/c/go/+/174329
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: consistently use %v for error formatting
We should keep a consistent way of formatting errors
in this file.
Fixes #34848
Change-Id: Ibb75908504f381fccab0281a42e788ef8c716b6f
Reviewed-on: https://go-review.googlesource.com/c/go/+/200679
Run-TryBot: Johan Brandhorst <johan.brandhorst@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
* crypto/tls: retry net.Dial flakes on Dragonfly
localPipe currently flakes in various crypto/tls tests. Since that
function doesn't seem to flake anywhere else, I suspect a kernel bug.
To make the test less flaky, retry the Dial if we suspect that it is
affected. (Worst case, we delay the test by a few seconds before
erroring out as usual.)
Fixes #29583
Change-Id: I357990ffa316edb471bd7d46d6404fa0884da646
Reviewed-on: https://go-review.googlesource.com/c/go/+/202557
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* crypto/tls: move a defer out of a loop
Rhys Hiltner noted in #14939 that this defer was
syntactically inside a loop, but was only ever
executed once. Now that defer in a loop
is significantly slower, pull this one out.
name old time/op new time/op delta
Throughput/MaxPacket/1MB/TLSv12-8 3.94ms ± 8% 3.93ms ±13% ~ (p=0.967 n=15+15)
Throughput/MaxPacket/1MB/TLSv13-8 4.33ms ± 3% 4.51ms ± 7% +4.00% (p=0.000 n=14+14)
Throughput/MaxPacket/2MB/TLSv12-8 6.80ms ± 6% 7.01ms ± 4% +3.15% (p=0.000 n=14+14)
Throughput/MaxPacket/2MB/TLSv13-8 6.96ms ± 5% 6.80ms ± 5% -2.43% (p=0.006 n=15+14)
Throughput/MaxPacket/4MB/TLSv12-8 12.0ms ± 3% 11.7ms ± 2% -2.88% (p=0.000 n=15+13)
Throughput/MaxPacket/4MB/TLSv13-8 12.1ms ± 3% 11.7ms ± 2% -3.54% (p=0.000 n=13+13)
Throughput/MaxPacket/8MB/TLSv12-8 22.2ms ± 3% 21.6ms ± 3% -2.97% (p=0.000 n=15+15)
Throughput/MaxPacket/8MB/TLSv13-8 22.5ms ± 5% 22.0ms ± 3% -2.34% (p=0.004 n=15+15)
Throughput/MaxPacket/16MB/TLSv12-8 42.4ms ± 3% 41.3ms ± 3% -2.49% (p=0.001 n=15+15)
Throughput/MaxPacket/16MB/TLSv13-8 43.4ms ± 5% 42.3ms ± 3% -2.33% (p=0.006 n=15+14)
Throughput/MaxPacket/32MB/TLSv12-8 83.1ms ± 4% 80.6ms ± 3% -2.98% (p=0.000 n=15+15)
Throughput/MaxPacket/32MB/TLSv13-8 85.2ms ± 8% 82.6ms ± 4% -3.02% (p=0.005 n=15+15)
Throughput/MaxPacket/64MB/TLSv12-8 167ms ± 7% 158ms ± 2% -5.21% (p=0.000 n=15+15)
Throughput/MaxPacket/64MB/TLSv13-8 170ms ± 4% 162ms ± 3% -4.83% (p=0.000 n=15+15)
Throughput/DynamicPacket/1MB/TLSv12-8 4.13ms ± 7% 4.00ms ± 8% ~ (p=0.061 n=15+15)
Throughput/DynamicPacket/1MB/TLSv13-8 4.72ms ± 6% 4.64ms ± 7% ~ (p=0.377 n=14+15)
Throughput/DynamicPacket/2MB/TLSv12-8 7.29ms ± 7% 7.09ms ± 7% ~ (p=0.070 n=15+14)
Throughput/DynamicPacket/2MB/TLSv13-8 7.18ms ± 5% 6.59ms ± 4% -8.34% (p=0.000 n=15+15)
Throughput/DynamicPacket/4MB/TLSv12-8 12.3ms ± 3% 11.9ms ± 4% -3.31% (p=0.000 n=15+14)
Throughput/DynamicPacket/4MB/TLSv13-8 12.2ms ± 4% 12.0ms ± 4% -1.91% (p=0.019 n=15+15)
Throughput/DynamicPacket/8MB/TLSv12-8 22.4ms ± 3% 21.9ms ± 3% -2.18% (p=0.000 n=15+15)
Throughput/DynamicPacket/8MB/TLSv13-8 22.7ms ± 3% 22.2ms ± 3% -2.35% (p=0.000 n=15+15)
Throughput/DynamicPacket/16MB/TLSv12-8 42.3ms ± 3% 42.1ms ± 3% ~ (p=0.505 n=14+15)
Throughput/DynamicPacket/16MB/TLSv13-8 42.7ms ± 3% 43.3ms ± 7% ~ (p=0.123 n=15+14)
Throughput/DynamicPacket/32MB/TLSv12-8 82.8ms ± 3% 81.9ms ± 3% ~ (p=0.112 n=14+15)
Throughput/DynamicPacket/32MB/TLSv13-8 84.6ms ± 6% 83.9ms ± 4% ~ (p=0.624 n=15+15)
Throughput/DynamicPacket/64MB/TLSv12-8 166ms ± 4% 163ms ± 6% ~ (p=0.081 n=15+15)
Throughput/DynamicPacket/64MB/TLSv13-8 165ms ± 3% 168ms ± 3% +1.56% (p=0.029 n=15+15)
Change-Id: I22409b05afe761b8ed1912b15c67fc03f88d3d1f
Reviewed-on: https://go-review.googlesource.com/c/go/+/203481
Run-TryBot: Josh Bleecher Snyder <josharian@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* crypto/tls: improve error messages for invalid certificates and signatures
Also, fix the alert value sent when a signature by a client certificate
is invalid in TLS 1.0-1.2.
Fixes #35190
Change-Id: I2ae1d5593dfd5ee2b4d979664aec74aab4a8a704
Reviewed-on: https://go-review.googlesource.com/c/go/+/204157
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: send ec_points_format extension in ServerHello
Follow the recommandation from RFC 8422, section 5.1.2 of sending back the
ec_points_format extension when requested by the client. This is to fix
some clients declining the handshake if omitted.
Fixes #31943
Change-Id: I7b04dbac6f9af75cda094073defe081e1e9a295d
Reviewed-on: https://go-review.googlesource.com/c/go/+/176418
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Olivier Poitrey <rs@rhapsodyk.net>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
* crypto/tls: make -update only regenerate transcripts for failing tests
Change-Id: Ie68fd4fe2879e6b5417a1a4240971e3d837bf115
Reviewed-on: https://go-review.googlesource.com/c/go/+/204377
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
* crypto/tls: add ExampleConfig_VerifyPeerCertificate
Setting InsecureSkipVerify and VerifyPeerCertificate is the recommended
way to customize and override certificate validation.
However, there is boilerplate involved and it usually requires first
reimplementing the default validation strategy to then customize it.
Provide an example that does the same thing as the default as a starting
point.
Examples of where we directed users to do something similar are in
issues #35467, #31791, #28754, #21971, and #24151.
Fixes #31792
Change-Id: Id033e9fa3cac9dff1f7be05c72dfb34b4f973fd4
Reviewed-on: https://go-review.googlesource.com/c/go/+/193620
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: refactor certificate and signature algorithm logic
This refactors a lot of the certificate support logic to make it cleaner
and reusable where possible. These changes will make the following CLs
much simpler.
In particular, the heavily overloaded pickSignatureAlgorithm is gone.
That function used to cover both signing and verifying side, would work
both for pre-signature_algorithms TLS 1.0/1.1 and TLS 1.2, and returned
sigalg, type and hash.
Now, TLS 1.0/1.1 and 1.2 are differentiated at the caller, as they have
effectively completely different logic. TLS 1.0/1.1 simply use
legacyTypeAndHashFromPublicKey as they employ a fixed hash function and
signature algorithm for each public key type. TLS 1.2 is instead routed
through selectSignatureScheme (on the signing side) or
isSupportedSignatureAlgorithm (on the verifying side) and
typeAndHashFromSignatureScheme, like TLS 1.3.
On the signing side, signatureSchemesForCertificate was already version
aware (for PKCS#1 v1.5 vs PSS support), so selectSignatureScheme just
had to learn the Section 7.4.1.4.1 defaults for a missing
signature_algorithms to replace pickSignatureAlgorithm.
On the verifying side, pickSignatureAlgorithm was also checking the
public key type, while isSupportedSignatureAlgorithm +
typeAndHashFromSignatureScheme are not, but that check was redundant
with the one in verifyHandshakeSignature.
There should be no major change in behavior so far. A few minor changes
came from the refactor: we now correctly require signature_algorithms in
TLS 1.3 when using a certificate; we won't use Ed25519 in TLS 1.2 if the
client didn't send signature_algorithms; and we don't send
ec_points_format in the ServerHello (a compatibility measure) if we are
not doing ECDHE anyway because there are no mutually supported curves.
The tests also got simpler because they test simpler functions. The
caller logic switching between TLS 1.0/1.1 and 1.2 is tested by the
transcript tests.
Updates #32426
Change-Id: Ice9dcaea78d204718f661f8d60efdb408ba41577
Reviewed-on: https://go-review.googlesource.com/c/go/+/205061
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: implement (*ClientHelloInfo).SupportsCertificate
We'll also use this function for a better selection logic from
Config.Certificates in a later CL.
Updates #32426
Change-Id: Ie239574d02eb7fd2cf025ec36721c8c7e082d0bc
Reviewed-on: https://go-review.googlesource.com/c/go/+/205057
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: implement (*CertificateRequestInfo).SupportsCertificate
Also, add Version to CertificateRequestInfo, as the semantics of
SignatureSchemes change based on version: the ECDSA SignatureSchemes are
only constrained to a specific curve in TLS 1.3.
Fixes #32426
Change-Id: I7a551bea864799e98118349ac2476162893d1ffd
Reviewed-on: https://go-review.googlesource.com/c/go/+/205058
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: select only compatible chains from Certificates
Now that we have a full implementation of the logic to check certificate
compatibility, we can let applications just list multiple chains in
Certificates (for example, an RSA and an ECDSA one) and choose the most
appropriate automatically.
NameToCertificate only maps each name to one chain, so simply deprecate
it, and while at it simplify its implementation by not stripping
trailing dots from the SNI (which is specified not to have any, see RFC
6066, Section 3) and by not supporting multi-level wildcards, which are
not a thing in the WebPKI (and in crypto/x509).
The performance of SupportsCertificate without Leaf is poor, but doesn't
affect current users. For now document that, and address it properly in
the next cycle. See #35504.
While cleaning up the Certificates/GetCertificate/GetConfigForClient
behavior, also support leaving Certificates/GetCertificate nil if
GetConfigForClient is set, and send unrecognized_name when there are no
available certificates.
Fixes #29139
Fixes #18377
Change-Id: I26604db48806fe4d608388e55da52f34b7ca4566
Reviewed-on: https://go-review.googlesource.com/c/go/+/205059
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: implement Certificate.SupportedSignatureAlgorithms
This will let applications stop crypto/tls from using a certificate key
with an algorithm that is not supported by its crypto.Signer, like
hardware backed keys that can't do RSA-PSS.
Fixes #28660
Change-Id: I294cc06bddf813fff35c5107540c4a1788e1dace
Reviewed-on: https://go-review.googlesource.com/c/go/+/205062
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: re-enable RSA-PSS in TLS 1.2 again
TLS 1.3, which requires RSA-PSS, is now enabled without a GODEBUG
opt-out, and with the introduction of
Certificate.SupportedSignatureAlgorithms (#28660) there is a
programmatic way to avoid RSA-PSS (disable TLS 1.3 with MaxVersion and
use that field to specify only PKCS#1 v1.5 SignatureSchemes).
This effectively reverts 0b3a57b5374bba3fdf88258e2be4c8be65e6a5de,
although following CL 205061 all of the signing-side logic is
conveniently centralized in signatureSchemesForCertificate.
Fixes #32425
Change-Id: I7c9a8893bb5d518d86eae7db82612b9b2cd257d7
Reviewed-on: https://go-review.googlesource.com/c/go/+/205063
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: add correct names for CHACHA20_POLY1305 cipher suite constants
The cipher suites were apparently renamed late in the standardization
process, and we picked up the legacy name. We can't remove the old
constants, but add correctly named ones.
Fixes #32061
Change-Id: I65ee25c12c10934391af88b76b18565da67453fa
Reviewed-on: https://go-review.googlesource.com/c/go/+/205068
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: add CipherSuites, InsecureCipherSuites and CipherSuiteName
Fixes #30325
Change-Id: I497110224bb73ecfcc4655698a794e7aa4a66925
Reviewed-on: https://go-review.googlesource.com/c/go/+/175517
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: take key size into account in signature algorithm selection
Fixes #29793
Change-Id: I6e389d166c2d9a2ba8664a41f4b9569f2481b27f
Reviewed-on: https://go-review.googlesource.com/c/go/+/205177
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: retry ETIMEDOUT flakes in localPipe on dragonfly
Fixes #29583
Change-Id: Ia89433bddd4c9f67ec1f0150b730cde8a7e973ee
Reviewed-on: https://go-review.googlesource.com/c/go/+/206759
Run-TryBot: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
* src/vendor,crypto/tls: update to latest x/crypto and use new X25519 API
Change-Id: Icd5006e37861d892a5f3d4397c3826179c1b12ad
Reviewed-on: https://go-review.googlesource.com/c/go/+/206657
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* all: fix a bunch of misspellings
Change-Id: I5b909df0fd048cd66c5a27fca1b06466d3bcaac7
GitHub-Last-Rev: 778c5d21311abee09a5fbda2e4005a5fd4cc3f9f
GitHub-Pull-Request: golang/go#35624
Reviewed-on: https://go-review.googlesource.com/c/go/+/207421
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* crypto/tls: remove leftover extensionNextProtoNeg constant
NPN was removed in CL 174329.
Change-Id: Ic63ad53e7e24872e28673d590727e0300f435619
Reviewed-on: https://go-review.googlesource.com/c/go/+/208224
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* crypto/tls: fix a typo in TLS handshake comment
Fix a minor typo in the TLS handshake comment.
Change-Id: I0fd243e5440f6c77c97e844e6669a7974a2c8798
GitHub-Last-Rev: 21e91a1a48e8a9200e6fca89a988e1383ded7bb2
GitHub-Pull-Request: golang/go#36030
Reviewed-on: https://go-review.googlesource.com/c/go/+/210289
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* crypto/tls: stop a timeout timer
I noticed this leak while writing CL 214977.
Change-Id: I7566952b8e4bc58939d23435aea86576fc58ddca
Reviewed-on: https://go-review.googlesource.com/c/go/+/214978
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* crypto/tls: clarify TLS 1.0/1.1 CertificateRequestInfo.SignatureSchemes
This CL should not change the logic at all, but it took me a while to
figure out why we use these specific SignatureSchemes, so reformulate
the comment.
Change-Id: If519a58264209e6575417be07668e92ead0e772f
Reviewed-on: https://go-review.googlesource.com/c/go/+/208225
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: update ExampleDial with a valid root
When run as a separate program, the code in ExampleDial panicked due to
an expired certificate. Fixed this problem by replacing the expired
certificate with a valid one.
Also added a comment in the certificate to give a hint about why it
might fail in the future.
Fixes #35706
Change-Id: I3d300f7bccae050e4b73ded28b8029aa04b480bd
Reviewed-on: https://go-review.googlesource.com/c/go/+/212601
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: use new ecdsa.VerifyASN1 API
Change-Id: I2a233190bda78ca022ff4074b4553788847d7583
Reviewed-on: https://go-review.googlesource.com/c/go/+/220720
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* all: fix incorrect channel and API usage in some unit tests
This CL changes some unit test functions, making sure that these tests (and goroutines spawned during test) won't block.
Since they are just test functions, I use one CL to fix them all. I hope this won't cause trouble to reviewers and can save time for us.
There are three main categories of incorrect logic fixed by this CL:
1. Use testing.Fatal()/Fatalf() in spawned goroutines, which is forbidden by Go's document.
2. Channels are used in such a way that, when errors or timeout happen, the test will be blocked and never return.
3. Channels are used in such a way that, when errors or timeout happen, the test can return but some spawned goroutines will be leaked, occupying resource until all other tests return and the process is killed.
Change-Id: I3df931ec380794a0cf1404e632c1dd57c65d63e8
Reviewed-on: https://go-review.googlesource.com/c/go/+/219380
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* crypto/tls: add {SignatureScheme,CurveID,ClientAuthType}.String()
Fixes #35499
Change-Id: Ieb487782f389f6d80e8f68ee980e584d906cb4da
Reviewed-on: https://go-review.googlesource.com/c/go/+/208226
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: update the MITM reference to "machine-in-the-middle"
Changing "man-in-the-middle" references to "machine-in-the-middle",
it's a more inclusive term and still aligns with the MITM acronym.
Change-Id: I81f954cff3d252433443f159ff9edaf59a28ab9d
GitHub-Last-Rev: 3e8f91424a207233b537984747ae90cbc1f03755
GitHub-Pull-Request: golang/go#37918
Reviewed-on: https://go-review.googlesource.com/c/go/+/223897
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: add missing alert values
Fixes #35911
Change-Id: I093d25aa169963769b51c37d2481bce71bd0fd2f
Reviewed-on: https://go-review.googlesource.com/c/go/+/226858
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: failed tls.Conn.Write returns a permanent error
Fixes #29971
Change-Id: I2f1653640c88fafe0ec17a75dcf41d5896c4cb8e
Reviewed-on: https://go-review.googlesource.com/c/go/+/227840
Run-TryBot: Katie Hockman <katie@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
* crypto/tls: help linker remove code when only Client or Server is used
This saves 166 KiB for a tls.Dial hello world program (5382441 to
5212356 to bytes), by permitting the linker to remove TLS server code.
Change-Id: I16610b836bb0802b7d84995ff881d79ec03b6a84
Reviewed-on: https://go-review.googlesource.com/c/go/+/228111
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* crypto/tls: add Dialer
Fixes #18482
Change-Id: I99d65dc5d824c00093ea61e7445fc121314af87f
Reviewed-on: https://go-review.googlesource.com/c/go/+/214977
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* math/big: add (*Int).FillBytes
Replaced almost every use of Bytes with FillBytes.
Note that the approved proposal was for
func (*Int) FillBytes(buf []byte)
while this implements
func (*Int) FillBytes(buf []byte) []byte
because the latter was far nicer to use in all callsites.
Fixes #35833
Change-Id: Ia912df123e5d79b763845312ea3d9a8051343c0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/230397
Reviewed-by: Robert Griesemer <gri@golang.org>
* crypto/tls: enforce TLS 1.3 (and TLS 1.2) downgrade protection checks
Fixes #37763
Change-Id: Ic6bcc9af0d164966f4ae31087998e5b546540038
Reviewed-on: https://go-review.googlesource.com/c/go/+/231038
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: marshal sessionState using cryptobyte
Change-Id: I95a60b837e19d0c4bf45ea74baa5843a8244a186
Reviewed-on: https://go-review.googlesource.com/c/go/+/231218
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: accept HelloRetryRequest messages with only a cookie
Clients have to reject any HelloRetryRequest message that doesn't lead
to a change in the ClientHello. Instead, we were rejecting any HRR that
didn't select an alternative group, even if it sent a cookie, which
would change the CH.
The good news is that I know of no TLS servers that use or need HRRs
exclusively for cookies (which are mostly useful in DTLS as a way to
verify the source address). The bad news is that we poisoned the
ecosystem as Go 1.12 to 1.14 will reject such HRRs. Oops, hopefully no
one needed this.
No tests because neither Go nor s_server support cookies. This would
presumably get covered once we integrate BoGo.
Fixes #30149
Change-Id: I760fb1ded81148ac3096cf201cbc1e941374b83d
Reviewed-on: https://go-review.googlesource.com/c/go/+/231039
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: fix sessionState marshaling
Change-Id: I2910f322256c521dd03b1dc23d117defdcd0aa54
Reviewed-on: https://go-review.googlesource.com/c/go/+/232662
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: rotate session keys in older TLS versions
Also encode the certificates in a way that's more
consistent with TLS 1.3 (with a 24 byte length prefix).
Note that this will have an additional performance cost
requiring clients to do a full handshake every 7 days
where previously they were able to use the same ticket
indefinitely.
Updates #25256
Change-Id: Ic4d1ba0d92773c490b33b5f6c1320d557cc7347d
Reviewed-on: https://go-review.googlesource.com/c/go/+/231317
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: rotate session ticket keys
Automatically rotate session ticket keys for servers
that don't already have sessionTicketKeys and that
haven't called SetSessionTicketKeys.
Now, session ticket keys will be rotated every 24 hours
with a lifetime of 7 days. This adds a small performance
cost to existing clients that don't provide a session
ticket encrypted with a fresh enough session ticket key,
which would require a full handshake.
Updates #25256
Change-Id: I15b46af7a82aab9a108bceb706bbf66243a1510f
Reviewed-on: https://go-review.googlesource.com/c/go/+/230679
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: add Config.VerifyConnection callback
Since the ConnectionState will now be available during
verification, some code was moved around in order to
initialize and make available as much of the fields on
Conn as possible before the ConnectionState is verified.
Fixes #36736
Change-Id: I0e3efa97565ead7de5c48bb8a87e3ea54fbde140
Reviewed-on: https://go-review.googlesource.com/c/go/+/229122
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
* crypto/tls: persist the createdAt time when re-wrapping session tickets
Change-Id: I33fcde2d544943fb04c2599810cf7fb773aeba1f
Reviewed-on: https://go-review.googlesource.com/c/go/+/234483
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
* crypto/tls: remove version check when unmarshaling sessionState
This was causing issues when fuzzing with
TestMarshalUnmarshal since the test would
occassionally set the version to VersionTLS13,
which would fail when unmarshaling. The check
doesn't add much in practice, and there is no
harm in removing it to de-flake the test.
Fixes #38902
Change-Id: I0906c570e9ed69c85fdd2c15f1b52f9e372c62e3
Reviewed-on: https://go-review.googlesource.com/c/go/+/234486
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: fix duplicate calls to VerifyConnection
Also add a test that could reproduce this error and
ensure it doesn't occur in other configurations.
Fixes #39012
Change-Id: If792b5131f312c269fd2c5f08c9ed5c00188d1af
Reviewed-on: https://go-review.googlesource.com/c/go/+/233957
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: test that Clone copies session ticket key fields
Updates #25256
Change-Id: If16c42581f1cf3500fd7fd01c915e487f8025e55
Reviewed-on: https://go-review.googlesource.com/c/go/+/235922
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: set CipherSuite for VerifyConnection
The ConnectionState's CipherSuite was not set prior
to the VerifyConnection callback in TLS 1.2 servers,
both for full handshakes and resumptions.
Change-Id: Iab91783eff84d1b42ca09c8df08e07861e18da30
Reviewed-on: https://go-review.googlesource.com/c/go/+/236558
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: restore OCSP and SCTs during session resumption
Restore previously sent SCTs and stapled OCSP response during session
resumption for both TLS 1.2 and 1.3. This behavior is somewhat
complicated for TLS 1.2 as SCTs are sent during the server hello,
so they override what is saved in ClientSessionState. It is likely
that if the server is sending a different set of SCTs there is probably
a reason for doing so, such as a log being retired, or SCT validation
requirements changing, so it makes sense to defer to the server in
that case.
Fixes #39075
Change-Id: I3c0fa2f69c6bf0247a447c48a1b4c733a882a233
Reviewed-on: https://go-review.googlesource.com/c/go/+/234237
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: fix DialContext docs
Change-Id: I58e3febbf63049bebb4f8ed8893288183c8aaccd
Reviewed-on: https://go-review.googlesource.com/c/go/+/239745
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: expand the ConnectionState docs
Fixes #37572
Change-Id: I493392f535a979ee16609861041da2ecfe21cf77
Reviewed-on: https://go-review.googlesource.com/c/go/+/239744
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: replace VerifyPeerCertificate example with VerifyConnection
Look at how much better it is!
Updates #36736
Change-Id: I53a314a103a42dd869c05823fa50f37d70f9d283
Reviewed-on: https://go-review.googlesource.com/c/go/+/239560
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: create certs w/o KeyEncipherment KU for non-RSA keys in generate_cert.go
Summary
The crypto/tls/generate_cert.go utility should only set the template
x509.Certificate's KeyUsage field to a value with the
x509.KeyUsageKeyEncipherment bits set when the certificate subject
public key is an RSA public key, not an ECDSA or ED25519 public key.
Background
RFC 5480 describes the usage of ECDSA elliptic curve subject keys with
X.509. Unfortunately while Section 3 "Key Usages Bits" indicates which
key usage bits MAY be used with a certificate that indicates
id-ecPublicKey in the SubjectPublicKeyInfo field it doesn't provide
guidance on which usages should *not* be included (e.g. the
keyEncipherment bit, which is particular to RSA key exchange). The same
problem is present in RFC 8410 Section 5 describing Key Usage Bits for
ED25519 elliptic curve subject keys.
There's an update to RFC 5480 in last call stage within the IETF LAMPS
WG, draft-ietf-lamps-5480-ku-clarifications-00. This update is meant
to clarify the allowed Key Usages extension values for certificates with
ECDSA subject public keys by adding:
> If the keyUsage extension is present in a certificate that indicates
> id-ecPublicKey as algorithm of AlgorithmIdentifier [RFC2986] in
> SubjectPublicKeyInfo, then following values MUST NOT be present:
>
> keyEncipherment; and
> dataEncipherment.
I don't believe there is an update for RFC 8410 in the works but I
suspect it will be clarified similarly in the future.
This commit updates generate_cert.go to ensure when the certificate
public key is ECDSA or ED25519 the generated certificate has the
x509.Certificate.KeyUsage field set to a value that doesn't include KUs
specific to RSA. For ECDSA keys this will adhere to the updated RFC 5480
language.
Fixes #36499
Change-Id: Ib1b0757c039b7fe97fc6d1e826fe6b88856c1964
GitHub-Last-Rev: a8f34fb33dde90e09b6f9a27b2598a82b3023abb
GitHub-Pull-Request: golang/go#36500
Reviewed-on: https://go-review.googlesource.com/c/go/+/214337
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
* crypto/tls: relax the docs of InsecureSkipVerify
Fixes #39074
Change-Id: I72ec95f4b190253bb82d52a03a769b0399170b93
Reviewed-on: https://go-review.googlesource.com/c/go/+/239746
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto: fix PKCS space in docs
Change-Id: Iee53acb963a889410f8c6daaa9a7841f1b12c6fb
Reviewed-on: https://go-review.googlesource.com/c/go/+/241497
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: replace errClosed with net.ErrClosed
CL 250357 exported net.ErrClosed to allow more reliable detection
of closed network connection errors. Use that error in crypto/tls
as well.
The error message is changed from "tls: use of closed connection"
to "use of closed network connection", so the code that detected such
errors by looking for that text in the error message will need to be
updated to use errors.Is(err, net.ErrClosed) instead.
Fixes #41066
Change-Id: Ic05c0ed6a4f57af2a0302d53b00851a59200be2e
Reviewed-on: https://go-review.googlesource.com/c/go/+/256897
Reviewed-by: Katie Hockman <katie@golang.org>
Trust: Katie Hockman <katie@golang.org>
Trust: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
* crypto/tls: make config.Clone return nil if the source is nil
Fixes #40565
Change-Id: I13a67be193f8cd68df02b8729529e627a73d364b
GitHub-Last-Rev: b03d2c04fd88db909b40dfd7bd08fe13d8994ab9
GitHub-Pull-Request: golang/go#40566
Reviewed-on: https://go-review.googlesource.com/c/go/+/246637
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Trust: Emmanuel Odeke <emm.odeke@gmail.com>
* crypto/tls: fix TestLinkerGC test
A test that checks if "tls.(*Conn)" appears in any symbol's name.
tls.Conn is a type, so the string "tls.(*Conn)" can only appear
in the name of a method of Conn. But the test code doesn't use
any of the methods. Not sure why this needs to be live. In
particular, the linker is now able to prune all methods of Conn.
Remove this requirement. In fact, just drop the only_conn test
case, as simply allocating a type doesn't necessarily bring
anything live.
Change-Id: I754291b75d38e1465b5291b4dea20806615d21b3
Reviewed-on: https://go-review.googlesource.com/c/go/+/257973
Trust: Cherry Zhang <cherryyz@google.com>
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Cherry Zhang <cherryyz@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Jeremy Faller <jeremy@golang.org>
* crypto/tls: fix typo in spelling of permanentError
Change-Id: I819c121ff388460ec348af773ef94b44416a2ea9
GitHub-Last-Rev: 98dd8fb25cecb73e88d107e0a35e3e63a53dfd09
GitHub-Pull-Request: golang/go#41785
Reviewed-on: https://go-review.googlesource.com/c/go/+/259517
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Trust: Emmanuel Odeke <emm.odeke@gmail.com>
* all: update references to symbols moved from io/ioutil to io
The old ioutil references are still valid, but update our code
to reflect best practices and get used to the new locations.
Code compiled with the bootstrap toolchain
(cmd/asm, cmd/dist, cmd/compile, debug/elf)
must remain Go 1.4-compatible and is excluded.
Also excluded vendored code.
For #41190.
Change-Id: I6d86f2bf7bc37a9d904b6cee3fe0c7af6d94d5b1
Reviewed-on: https://go-review.googlesource.com/c/go/+/263142
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
* crypto/tls: add no-shared to openssl build instructions
This prevents the custom-built version of openssl prefering the system
libraries over the ones compiled with the specified (weak crypto)
options necessary to generate the updates. This difference can lead to
confusing failures when updating the tests.
Fixes #31809
Change-Id: I2dd257f3121d6c6c62c6aeba52e1c74046b3c584
GitHub-Last-Rev: 6d4eeafadf0b4671b7e17c6810f1a66a9fda7d3c
GitHub-Pull-Request: golang/go#41630
Reviewed-on: https://go-review.googlesource.com/c/go/+/257517
Trust: Emmanuel Odeke <emm.odeke@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: document the ClientAuthType consts
Fixes #34023
Change-Id: Ib7552a8873a79a91e8d971f906c6d7283da7a80c
Reviewed-on: https://go-review.googlesource.com/c/go/+/264027
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: set Deadline before sending close notify alert
This change also documents the need to set a Deadline before
calling Read or Write.
Fixes #31224
Change-Id: I89d6fe3ecb0a0076b4c61765f61c88056f951406
Reviewed-on: https://go-review.googlesource.com/c/go/+/266037
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: pool Conn's outBuf to reduce memory cost of idle connections
Derived from CL 263277, which includes benchmarks.
Fixes #42035
Co-authored-by: Filippo Valsorda <filippo@golang.org>
Change-Id: I5f28673f95d4568b7d13dbc20e9d4b48d481a93d
Reviewed-on: https://go-review.googlesource.com/c/go/+/267957
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Roberto Clapis <roberto@golang.org>
* crypto/tls: don't use CN in BuildNameToCertificate if SANs are present
Change-Id: I18d5b9fc392a6a52fbdd240254d6d9db838073a4
Reviewed-on: https://go-review.googlesource.com/c/go/+/266540
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: add HandshakeContext method to Conn
Adds the (*tls.Conn).HandshakeContext method. This allows
us to pass the context provided down the call stack to
eventually reach the tls.ClientHelloInfo and
tls.CertificateRequestInfo structs.
These contexts are exposed to the user as read-only via Context()
methods.
This allows users of (*tls.Config).GetCertificate and
(*tls.Config).GetClientCertificate to use the context for
request scoped parameters and cancellation.
Replace uses of (*tls.Conn).Handshake with (*tls.Conn).HandshakeContext
where appropriate, to propagate existing contexts.
Fixes #32406
Change-Id: I33c228904fe82dcf57683b63627497d3eb841ff2
Reviewed-on: https://go-review.googlesource.com/c/go/+/246338
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: drop macFunction abstraction
Since we dropped SSLv3, there is only one MAC scheme, and it doesn't
need any state beyond a keyed HMAC, so we can replace the macFunction
with the hash.Hash it wraps.
Pointed out by mtp@.
Change-Id: I5545be0e6ccb34a3055fad7f6cb5f628ff748e9f
Reviewed-on: https://go-review.googlesource.com/c/go/+/251859
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
* crypto/tls: ensure the server picked an advertised ALPN protocol
This is a SHALL in RFC 7301, Section 3.2.
Also some more cleanup after NPN, which worked the other way around
(with the possibility that the client could pick a protocol the server
did not suggest).
Change-Id: I83cc43ca1b3c686dfece8315436441c077065d82
Reviewed-on: https://go-review.googlesource.com/c/go/+/239748
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
* crypto/tls: de-prioritize AES-GCM ciphers when lacking hardware support
When either the server or client are lacking hardware support for
AES-GCM ciphers, indicated by the server lacking the relevant
instructions and by the client not putting AES-GCM ciphers at the top
of its preference list, reorder the preference list to de-prioritize
AES-GCM based ciphers when they are adjacent to other AEAD ciphers.
Also updates a number of recorded openssl TLS tests which previously
only specified TLS 1.2 cipher preferences (using -cipher), but not
TLS 1.3 cipher preferences (using -ciphersuites), to specify both
preferences, making these tests more predictable.
Fixes #41181.
Change-Id: Ied896c96c095481e755aaff9ff0746fb4cb9568e
Reviewed-on: https://go-review.googlesource.com/c/go/+/262857
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
* all: update to use os.ReadFile, os.WriteFile, os.CreateTemp, os.MkdirTemp
As part of #42026, these helpers from io/ioutil were moved to os.
(ioutil.TempFile and TempDir became os.CreateTemp and MkdirTemp.)
Update the Go tree to use the preferred names.
As usual, code compiled with the Go 1.4 bootstrap toolchain
and code vendored from other sources is excluded.
ReadDir changes are in a separate CL, because they are not a
simple search and replace.
For #42026.
Change-Id: If318df0216d57e95ea0c4093b89f65e5b0ababb3
Reviewed-on: https://go-review.googlesource.com/c/go/+/266365
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* crypto/tls: revert "add HandshakeContext method to Conn"
This reverts CL 246338.
Reason for revert: waiting for 1.17 release cycle
Updates #32406
Change-Id: I074379039041e086c62271d689b4b7f442281663
Reviewed-on: https://go-review.googlesource.com/c/go/+/269697
Run-TryBot: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Trust: Katie Hockman <katie@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
* all: go fmt std cmd (but revert vendor)
Make all our package sources use Go 1.17 gofmt format
(adding //go:build lines).
Part of //go:build change (#41184).
See https://golang.org/design/draft-gobuild
Change-Id: Ia0534360e4957e58cd9a18429c39d0e32a6addb4
Reviewed-on: https://go-review.googlesource.com/c/go/+/294430
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* docs: fix spelling
Change-Id: Ib689e5793d9cb372e759c4f34af71f004010c822
GitHub-Last-Rev: d63798388e5dcccb984689b0ae39b87453b97393
GitHub-Pull-Request: golang/go#44259
Reviewed-on: https://go-review.googlesource.com/c/go/+/291949
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Trust: Matthew Dempsky <mdempsky@google.com>
Trust: Robert Griesemer <gri@golang.org>
* docs: clarify when APIs use context.Background.
The Go standard library retrofitted context support onto existing APIs
using context.Background and later offered variants that directly
supported user-defined context value specification. This commit makes
that behavior clear in documentation and suggests context-aware
alternatives if the user is looking for one.
An example motivation is supporting code for use in systems that expect
APIs to be cancelable for lifecycle correctness or load
shedding/management reasons, as alluded to in
https://blog.golang.org/context-and-structs.
Updates #44143
Change-Id: I2d7f954ddf9b48264d5ebc8d0007058ff9bddf14
Reviewed-on: https://go-review.googlesource.com/c/go/+/296152
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Jean de Klerk <deklerk@google.com>
Trust: Jean de Klerk <deklerk@google.com>
Run-TryBot: Jean de Klerk <deklerk@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
* all: remove duplicate words
Change-Id: Ib0469232a2b69a869e58d5d24990ad74ac96ea56
GitHub-Last-Rev: eb38e049ee1e773392ff3747e1eb2af20dd50dcd
GitHub-Pull-Request: golang/go#44805
Reviewed-on: https://go-review.googlesource.com/c/go/+/299109
Trust: Emmanuel Odeke <emmanuel@orijtech.com>
Run-TryBot: Emmanuel Odeke <emmanuel@orijtech.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
* crypto/tls: add HandshakeContext method to Conn
Adds the (*tls.Conn).HandshakeContext method. This allows
us to pass the context provided down the call stack to
eventually reach the tls.ClientHelloInfo and
tls.CertificateRequestInfo structs.
These contexts are exposed to the user as read-only via Context()
methods.
This allows users of (*tls.Config).GetCertificate and
(*tls.Config).GetClientCertificate to use the context for
request scoped parameters and cancellation.
Replace uses of (*tls.Conn).Handshake with (*tls.Conn).HandshakeContext
where appropriate, to propagate existing contexts.
Fixes #32406
Change-Id: I259939c744bdc9b805bf51a845a8bc462c042483
Reviewed-on: https://go-review.googlesource.com/c/go/+/295370
Run-TryBot: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Katie Hockman <katie@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: remove flaky cancellation test
This will be reintroduced again once the source of the
flakiness has been determined and fixed.
Fixes #45084
Change-Id: I6677b27fcd71e8c9bb8edbe8e3be70e5a271ebd3
Reviewed-on: https://go-review.googlesource.com/c/go/+/302569
Trust: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
* all: fix spellings
This follows the spelling choices that the Go project has made for English words.
https://github.com/golang/go/wiki/Spelling
Change-Id: Ie7c586d2cf23020cb492cfff58c0831d2d8d3a78
GitHub-Last-Rev: e16a32cd225a275f73d236bcb33703986d110ded
GitHub-Pull-Request: golang/go#45442
Reviewed-on: https://go-review.googlesource.com/c/go/+/308291
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Trust: Emmanuel Odeke <emmanuel@orijtech.com>
* crypto/tls: fix flaky handshake cancellation tests
Simplified both tests significantly by removing logic for writing
the client/server side messages. The flake was likely because of a
race between the closing of the local pipe from inside the test
and closing of the pipe from within the handshakeContext goroutine.
Wait to close the local pipe in the test until after the test
has finished running.
Fixes #45106
Fixes #45299
Change-Id: If7ca75aeff7df70cda03c934fa9d8513276d465d
Reviewed-on: https://go-review.googlesource.com/c/go/+/305250
Trust: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>
Trust: Katie Hockman <katie@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: enforce ALPN overlap when negotiated on both sides
During the TLS handshake if the server doesn't support any of the
application protocols requested by the client, send the
no_application_protocol alert and abort the handshake on the server
side. This enforces the requirements of RFC 7301.
Change-Id: Iced2bb5c6efc607497de1c40ee3de9c2b393fa5d
Reviewed-on: https://go-review.googlesource.com/c/go/+/289209
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: make cipher suite preference ordering automatic
We now have a (well, two, depending on AES hardware support) universal
cipher suite preference order, based on their security and performance.
Peer and application lists are now treated as filters (and AES hardware
support hints) that are applied to this universal order.
This removes a complex and nuanced decision from the application's
responsibilities, one which we are better equipped to make and which
applications usually don't need to have an opinion about. It also lets
us worry less about what suites we support or enable, because we can be
confident that bad ones won't be selected over good ones.
This also moves 3DES suites to InsecureCipherSuites(), even if they are
not disabled by default. Just because we can keep them as a last resort
it doesn't mean they are secure. Thankfully we had not promised that
Insecure means disabled by default.
Notable test changes:
- TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the
right certificate regardless of CipherSuite ordering, which is now
completely ignored, as tested by TestCipherSuitePreference. Removed.
- The openssl command of TestHandshakeServerExportKeyingMaterial was
broken for TLS 1.0 in CL 262857, but its golden file was not
regenerated, so the test kept passing. It now broke because the
selected suite from the ones in the golden file changed.
- In TestAESCipherReordering, "server strongly prefers AES-GCM" is
removed because there is no way for a server to express a strong
preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha"
switched to ChaCha20 when the server lacks AES hardware; and finally
"client supports multiple AES-GCM" changed to always prefer AES-128
per the universal preference list.
* this is going back on an explicit decision from CL 262857, and
while that client order is weird and does suggest a strong dislike
for ChaCha20, we have a strong dislike for software AES, so it
didn't feel worth making the logic more complex
- All Client-* golden files had to be regenerated because the
ClientHello cipher suites have changed.
(Even when Config.CipherSuites was limited to one suite, the TLS 1.3
default order changed.)
Fixes #45430
Fixes #41476 (as 3DES is now always the last resort)
Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5
Reviewed-on: https://go-review.googlesource.com/c/go/+/314609
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
* crypto/tls: fix typo in Config.NextProtos docs
Change-Id: I916df584859595067e5e86c35607869397dbbd8c
Reviewed-on: https://go-review.googlesource.com/c/go/+/325651
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
* crypto/tls: let HTTP/1.1 clients connect to servers with NextProtos "h2"
Fixes #46310
Change-Id: Idd5e30f05c439f736ae6f3904cbb9cc2ba772315
Reviewed-on: https://go-review.googlesource.com/c/go/+/325432
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
* crypto/tls: test key type when casting
When casting the certificate public key in generateClientKeyExchange,
check the type is appropriate. This prevents a panic when a server
agrees to a RSA based key exchange, but then sends an ECDSA (or
other) certificate.
Fixes #47143
Fixes CVE-2021-34558
Thanks to Imre Rad for reporting this issue.
Change-Id: Iabccacca6052769a605cccefa1216a9f7b7f6aea
Reviewed-on:
|
||
|
Roland Shoemaker
|
ba1a41d66f |
crypto/tls: replace all usages of BytesOrPanic
Message marshalling makes use of BytesOrPanic a lot, under the
assumption that it will never panic. This assumption was incorrect, and
specifically crafted handshakes could trigger panics. Rather than just
surgically replacing the usages of BytesOrPanic in paths that could
panic, replace all usages of it with proper error returns in case there
are other ways of triggering panics which we didn't find.
In one specific case, the tree routed by expandLabel, we replace the
usage of BytesOrPanic, but retain a panic. This function already
explicitly panicked elsewhere, and returning an error from it becomes
rather painful because it requires changing a large number of APIs.
The marshalling is unlikely to ever panic, as the inputs are all either
fixed length, or already limited to the sizes required. If it were to
panic, it'd likely only be during development. A close inspection shows
no paths for a user to cause a panic currently.
This patches ends up being rather large, since it requires routing
errors back through functions which previously had no error returns.
Where possible I've tried to use helpers that reduce the verbosity
of frequently repeated stanzas, and to make the diffs as minimal as
possible.
Thanks to Marten Seemann for reporting this issue.
Fixes #58001
Fixes CVE-2022-41724
Change-Id: Ieb55867ef0a3e1e867b33f09421932510cb58851
Reviewed-on:
|
||
|
Filippo Valsorda
|
2180046329 |
crypto/ecdh: move ECDH method to PrivateKey
Fixes #56052 Change-Id: Icacba0ed0f77519bca2140c8af68407af97f9734 Reviewed-on: https://go-review.googlesource.com/c/go/+/450335 Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Joedian Reid <joedian@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> |
||
|
Gaukas Wang
|
87abfdb24a
|
Sync upstream: go 1.19.2 (#130)
* Merging upstream changes into sync branch (#6)
* [dev.boringcrypto] crypto/sha1,sha256,sha512: use BoringCrypto
Change-Id: I80a764971b41f75c3b699797bfed71f509e3407d
Reviewed-on: https://go-review.googlesource.com/55474
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* [dev.boringcrypto] crypto/aes: use BoringCrypto
Change-Id: If83fdeac31f65aba818bbc7edd2f215b16814021
Reviewed-on: https://go-review.googlesource.com/55476
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* [dev.boringcrypto] crypto/tls: use TLS-specific AES-GCM mode if available
Change-Id: Ide00c40c0ca8d486f3bd8968e1d301c8b0ed6d05
Reviewed-on: https://go-review.googlesource.com/56011
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* [dev.boringcrypto] crypto/tls/fipsonly: new package to force FIPS-allowed TLS settings
Change-Id: I3268cab2de8aed9e2424e9c3bc7667083bc5e1ce
Reviewed-on: https://go-review.googlesource.com/65250
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* [dev.boringcrypto] crypto/tls: restore AES-GCM priority when BoringCrypto is enabled
This patch used to be in crypto/internal/cipherhw.AESGCMSupport which
was removed from the tree. It was meant and documented to affect only
crypto/tls, so move the logic there.
Change-Id: I36ed4f08a5fe2abaab18907910899ae0297d1611
Reviewed-on: https://go-review.googlesource.com/114816
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* [dev.boringcrypto] crypto/tls: test for TLS 1.3 to be disabled in FIPS mode
Change-Id: I32b3e29a3e34f20cccc51666905fd36744ef00b2
Reviewed-on: https://go-review.googlesource.com/c/149602
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: add support for Ed25519 certificates in TLS 1.2 and 1.3
Support for Ed25519 certificates was added in CL 175478, this wires them
up into the TLS stack according to RFC 8422 (TLS 1.2) and RFC 8446 (TLS 1.3).
RFC 8422 also specifies support for TLS 1.0 and 1.1, and I initially
implemented that, but even OpenSSL doesn't take the complexity, so I
just dropped it. It would have required keeping a buffer of the
handshake transcript in order to do the direct Ed25519 signatures. We
effectively need to support TLS 1.2 because it shares ClientHello
signature algorithms with TLS 1.3.
While at it, reordered the advertised signature algorithms in the rough
order we would want to use them, also based on what curves have fast
constant-time implementations.
Client and client auth tests changed because of the change in advertised
signature algorithms in ClientHello and CertificateRequest.
Fixes #25355
Change-Id: I9fdd839afde4fd6b13fcbc5cc7017fd8c35085ee
Reviewed-on: https://go-review.googlesource.com/c/go/+/177698
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: fix TestVerifyHostnameResumed
In TLS 1.3 session tickets are delivered after the handshake, and it
looks like now the Google servers wait until the first flight of data to
send them (or our timeout is too low). Cause some data to be sent so we
can avoid the guessing game.
Fixes #32090
Change-Id: I54af4acb3a89cc70c9e14a5dfe18a44c29a841a7
Reviewed-on: https://go-review.googlesource.com/c/go/+/177877
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* all: remove PEM-encoded private keys from tests
Gerrit is complaining about pushes that affect these files
and forcing people to use -o nokeycheck, which defeats
the point of the check. Hide the keys from this kind of scan
by marking them explicitly as testing keys.
This is a little annoying but better than training everyone
who ever edits one of these test files to reflexively override
the Gerrit check.
The only remaining keys explicitly marked as private instead
of testing are in examples, and there's not much to do
about those. Hopefully they are not edited as much.
Change-Id: I4431592b5266cb39fe6a80b40e742d97da803a0b
Reviewed-on: https://go-review.googlesource.com/c/go/+/178178
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* all: shorten some tests
Shorten some of the longest tests that run during all.bash.
Removes 7r 50u 21s from all.bash.
After this change, all.bash is under 5 minutes again on my laptop.
For #26473.
Change-Id: Ie0460aa935808d65460408feaed210fbaa1d5d79
Reviewed-on: https://go-review.googlesource.com/c/go/+/177559
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* [dev.boringcrypto] crypto: move crypto/internal/boring imports to reduce merge conflicts
As suggested by dmitshur@, move them to their own block so they don't
conflict with changes in the upstream imports.
Change-Id: Id46fb7c766066c406023b0355f4c3c860166f0fe
Reviewed-on: https://go-review.googlesource.com/c/go/+/181277
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
* crypto/tls: disable RSA-PSS in TLS 1.2 again
Signing with RSA-PSS can uncover faulty crypto.Signer implementations,
and it can fail for (broken) small keys. We'll have to take that
breakage eventually, but it would be nice for it to be opt-out at first.
TLS 1.3 requires RSA-PSS and is opt-out in Go 1.13. Instead of making a
TLS 1.3 opt-out influence a TLS 1.2 behavior, let's wait to add RSA-PSS
to TLS 1.2 until TLS 1.3 is on without opt-out.
Note that since the Client Hello is sent before a protocol version is
selected, we have to advertise RSA-PSS there to support TLS 1.3.
That means that we still support RSA-PSS on the client in TLS 1.2 for
verifying server certificates, which is fine, as all issues arise on the
signing side. We have to be careful not to pick (or consider available)
RSA-PSS on the client for client certificates, though.
We'd expect tests to change only in TLS 1.2:
* the server won't pick PSS to sign the key exchange
(Server-TLSv12-* w/ RSA, TestHandshakeServerRSAPSS);
* the server won't advertise PSS in CertificateRequest
(Server-TLSv12-ClientAuthRequested*, TestClientAuth);
* and the client won't pick PSS for its CertificateVerify
(Client-TLSv12-ClientCert-RSA-*, TestHandshakeClientCertRSAPSS,
Client-TLSv12-Renegotiate* because "R" requests a client cert).
Client-TLSv13-ClientCert-RSA-RSAPSS was updated because of a fix in the test.
This effectively reverts 88343530720a52c96b21f2bd5488c8fb607605d7.
Testing was made more complex by the undocumented semantics of OpenSSL's
-[client_]sigalgs (see openssl/openssl#9172).
Updates #32425
Change-Id: Iaddeb2df1f5c75cd090cc8321df2ac8e8e7db349
Reviewed-on: https://go-review.googlesource.com/c/go/+/182339
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: move shared code and resources to handshake_test.go
Removed cross-dependencies between handshake_server_test.go and
handshake_client_test.go; moved all initialization to TestMain; replaced
SSLKEYLOGFILE environment variable with -keylog flag.
Change-Id: Ida6712daa44e01a2c00658e8a1896087ee88bcb0
Reviewed-on: https://go-review.googlesource.com/c/go/+/183057
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: reject low-order Curve25519 points
The RFC recommends checking the X25519 output to ensure it's not the
zero value, to guard against peers trying to remove contributory
behavior.
In TLS there should be enough transcript involvement to mitigate any
attack, and the RSA key exchange would suffer from the same issues by
design, so not proposing a backport.
See #31846
Change-Id: I8e657f8ee8aa72c3f8ca3b124555202638c53f5e
Reviewed-on: https://go-review.googlesource.com/c/go/+/183039
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: deflake localPipe in tests
The localPipe implementation assumes that every successful net.Dial
results in exactly one successful listener.Accept. I don't believe this
is guaranteed by essentially any operating system. For this test, we're
seeing flakes on dragonfly (#29583).
But see also #19519, flakes due to the same assumption on FreeBSD
and macOS in package net's own tests.
This CL rewrites localPipe to try a few times to get a matching pair
of connections on the dial and accept side.
Fixes #29583.
Change-Id: Idb045b18c404eae457f091df20456c5ae879a291
Reviewed-on: https://go-review.googlesource.com/c/go/+/184157
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
* crypto/tls: remove TestVerifyHostnameResumed
Session resumption is not a reliable TLS behavior: the server can decide
to reject a session ticket for a number of reasons, or no reason at all.
This makes this non-hermetic test extremely brittle.
It's currently broken on the builders for both TLS 1.2 and TLS 1.3, and
I could reproduce the issue for TLS 1.3 only. As I was debugging it, it
started passing entirely on my machine.
In practice, it doesn't get us any coverage as resumption is already
tested with the recorded exchange tests, and TestVerifyHostname still
provides a smoke test checking that we can in fact talk TLS.
Fixes #32978
Change-Id: I63505e22ff7704f25ad700d46e4ff14850ba5d3c
Reviewed-on: https://go-review.googlesource.com/c/go/+/186239
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
* crypto/tls: deprecate SSLv3 support
Updates #32716
Change-Id: Ia0c03918e8f2da4d9824c49c6d4cfca1b0787b0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/184102
Reviewed-by: Andrew Bonventre <andybons@golang.org>
* crypto/tls: make SSLv3 again disabled by default
It was mistakenly re-enabled in CL 146217.
Fixes #33837
Change-Id: I8c0e1787114c6232df5888e51e355906622295bc
Reviewed-on: https://go-review.googlesource.com/c/go/+/191877
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
* crypto/tls: remove SSLv3 support
SSLv3 has been irreparably broken since the POODLE attack 5 years ago
and RFC 7568 (f.k.a. draft-ietf-tls-sslv3-diediedie) prohibits its use
in no uncertain terms.
As announced in the Go 1.13 release notes, remove support for it
entirely in Go 1.14.
Updates #32716
Change-Id: Id653557961d8f75f484a01e6afd2e104a4ccceaf
Reviewed-on: https://go-review.googlesource.com/c/go/+/191976
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* crypto/tls: remove TLS 1.3 opt-out
Fixes #30055
Change-Id: If757c43b52fc7bf62b0afb1c720615329fb5569d
Reviewed-on: https://go-review.googlesource.com/c/go/+/191999
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* all: fix typos
Use the following (suboptimal) script to obtain a list of possible
typos:
#!/usr/bin/env sh
set -x
git ls-files |\
grep -e '\.\(c\|cc\|go\)$' |\
xargs -n 1\
awk\
'/\/\// { gsub(/.*\/\//, ""); print; } /\/\*/, /\*\// { gsub(/.*\/\*/, ""); gsub(/\*\/.*/, ""); }' |\
hunspell -d en_US -l |\
grep '^[[:upper:]]\{0,1\}[[:lower:]]\{1,\}$' |\
grep -v -e '^.\{1,4\}$' -e '^.\{16,\}$' |\
sort -f |\
uniq -c |\
awk '$1 == 1 { print $2; }'
Then, go through the results manually and fix the most obvious typos in
the non-vendored code.
Change-Id: I3cb5830a176850e1a0584b8a40b47bde7b260eae
Reviewed-on: https://go-review.googlesource.com/c/go/+/193848
Reviewed-by: Robert Griesemer <gri@golang.org>
* crypto/tls: remove NPN support
RELNOTE=yes
Fixes #28362
Change-Id: I43813c0c17bbe6c4cbb4d1f121518c434b3f5aa8
Reviewed-on: https://go-review.googlesource.com/c/go/+/174329
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: consistently use %v for error formatting
We should keep a consistent way of formatting errors
in this file.
Fixes #34848
Change-Id: Ibb75908504f381fccab0281a42e788ef8c716b6f
Reviewed-on: https://go-review.googlesource.com/c/go/+/200679
Run-TryBot: Johan Brandhorst <johan.brandhorst@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
* crypto/tls: retry net.Dial flakes on Dragonfly
localPipe currently flakes in various crypto/tls tests. Since that
function doesn't seem to flake anywhere else, I suspect a kernel bug.
To make the test less flaky, retry the Dial if we suspect that it is
affected. (Worst case, we delay the test by a few seconds before
erroring out as usual.)
Fixes #29583
Change-Id: I357990ffa316edb471bd7d46d6404fa0884da646
Reviewed-on: https://go-review.googlesource.com/c/go/+/202557
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* crypto/tls: move a defer out of a loop
Rhys Hiltner noted in #14939 that this defer was
syntactically inside a loop, but was only ever
executed once. Now that defer in a loop
is significantly slower, pull this one out.
name old time/op new time/op delta
Throughput/MaxPacket/1MB/TLSv12-8 3.94ms ± 8% 3.93ms ±13% ~ (p=0.967 n=15+15)
Throughput/MaxPacket/1MB/TLSv13-8 4.33ms ± 3% 4.51ms ± 7% +4.00% (p=0.000 n=14+14)
Throughput/MaxPacket/2MB/TLSv12-8 6.80ms ± 6% 7.01ms ± 4% +3.15% (p=0.000 n=14+14)
Throughput/MaxPacket/2MB/TLSv13-8 6.96ms ± 5% 6.80ms ± 5% -2.43% (p=0.006 n=15+14)
Throughput/MaxPacket/4MB/TLSv12-8 12.0ms ± 3% 11.7ms ± 2% -2.88% (p=0.000 n=15+13)
Throughput/MaxPacket/4MB/TLSv13-8 12.1ms ± 3% 11.7ms ± 2% -3.54% (p=0.000 n=13+13)
Throughput/MaxPacket/8MB/TLSv12-8 22.2ms ± 3% 21.6ms ± 3% -2.97% (p=0.000 n=15+15)
Throughput/MaxPacket/8MB/TLSv13-8 22.5ms ± 5% 22.0ms ± 3% -2.34% (p=0.004 n=15+15)
Throughput/MaxPacket/16MB/TLSv12-8 42.4ms ± 3% 41.3ms ± 3% -2.49% (p=0.001 n=15+15)
Throughput/MaxPacket/16MB/TLSv13-8 43.4ms ± 5% 42.3ms ± 3% -2.33% (p=0.006 n=15+14)
Throughput/MaxPacket/32MB/TLSv12-8 83.1ms ± 4% 80.6ms ± 3% -2.98% (p=0.000 n=15+15)
Throughput/MaxPacket/32MB/TLSv13-8 85.2ms ± 8% 82.6ms ± 4% -3.02% (p=0.005 n=15+15)
Throughput/MaxPacket/64MB/TLSv12-8 167ms ± 7% 158ms ± 2% -5.21% (p=0.000 n=15+15)
Throughput/MaxPacket/64MB/TLSv13-8 170ms ± 4% 162ms ± 3% -4.83% (p=0.000 n=15+15)
Throughput/DynamicPacket/1MB/TLSv12-8 4.13ms ± 7% 4.00ms ± 8% ~ (p=0.061 n=15+15)
Throughput/DynamicPacket/1MB/TLSv13-8 4.72ms ± 6% 4.64ms ± 7% ~ (p=0.377 n=14+15)
Throughput/DynamicPacket/2MB/TLSv12-8 7.29ms ± 7% 7.09ms ± 7% ~ (p=0.070 n=15+14)
Throughput/DynamicPacket/2MB/TLSv13-8 7.18ms ± 5% 6.59ms ± 4% -8.34% (p=0.000 n=15+15)
Throughput/DynamicPacket/4MB/TLSv12-8 12.3ms ± 3% 11.9ms ± 4% -3.31% (p=0.000 n=15+14)
Throughput/DynamicPacket/4MB/TLSv13-8 12.2ms ± 4% 12.0ms ± 4% -1.91% (p=0.019 n=15+15)
Throughput/DynamicPacket/8MB/TLSv12-8 22.4ms ± 3% 21.9ms ± 3% -2.18% (p=0.000 n=15+15)
Throughput/DynamicPacket/8MB/TLSv13-8 22.7ms ± 3% 22.2ms ± 3% -2.35% (p=0.000 n=15+15)
Throughput/DynamicPacket/16MB/TLSv12-8 42.3ms ± 3% 42.1ms ± 3% ~ (p=0.505 n=14+15)
Throughput/DynamicPacket/16MB/TLSv13-8 42.7ms ± 3% 43.3ms ± 7% ~ (p=0.123 n=15+14)
Throughput/DynamicPacket/32MB/TLSv12-8 82.8ms ± 3% 81.9ms ± 3% ~ (p=0.112 n=14+15)
Throughput/DynamicPacket/32MB/TLSv13-8 84.6ms ± 6% 83.9ms ± 4% ~ (p=0.624 n=15+15)
Throughput/DynamicPacket/64MB/TLSv12-8 166ms ± 4% 163ms ± 6% ~ (p=0.081 n=15+15)
Throughput/DynamicPacket/64MB/TLSv13-8 165ms ± 3% 168ms ± 3% +1.56% (p=0.029 n=15+15)
Change-Id: I22409b05afe761b8ed1912b15c67fc03f88d3d1f
Reviewed-on: https://go-review.googlesource.com/c/go/+/203481
Run-TryBot: Josh Bleecher Snyder <josharian@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* crypto/tls: improve error messages for invalid certificates and signatures
Also, fix the alert value sent when a signature by a client certificate
is invalid in TLS 1.0-1.2.
Fixes #35190
Change-Id: I2ae1d5593dfd5ee2b4d979664aec74aab4a8a704
Reviewed-on: https://go-review.googlesource.com/c/go/+/204157
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: send ec_points_format extension in ServerHello
Follow the recommandation from RFC 8422, section 5.1.2 of sending back the
ec_points_format extension when requested by the client. This is to fix
some clients declining the handshake if omitted.
Fixes #31943
Change-Id: I7b04dbac6f9af75cda094073defe081e1e9a295d
Reviewed-on: https://go-review.googlesource.com/c/go/+/176418
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Olivier Poitrey <rs@rhapsodyk.net>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
* crypto/tls: make -update only regenerate transcripts for failing tests
Change-Id: Ie68fd4fe2879e6b5417a1a4240971e3d837bf115
Reviewed-on: https://go-review.googlesource.com/c/go/+/204377
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
* crypto/tls: add ExampleConfig_VerifyPeerCertificate
Setting InsecureSkipVerify and VerifyPeerCertificate is the recommended
way to customize and override certificate validation.
However, there is boilerplate involved and it usually requires first
reimplementing the default validation strategy to then customize it.
Provide an example that does the same thing as the default as a starting
point.
Examples of where we directed users to do something similar are in
issues #35467, #31791, #28754, #21971, and #24151.
Fixes #31792
Change-Id: Id033e9fa3cac9dff1f7be05c72dfb34b4f973fd4
Reviewed-on: https://go-review.googlesource.com/c/go/+/193620
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: refactor certificate and signature algorithm logic
This refactors a lot of the certificate support logic to make it cleaner
and reusable where possible. These changes will make the following CLs
much simpler.
In particular, the heavily overloaded pickSignatureAlgorithm is gone.
That function used to cover both signing and verifying side, would work
both for pre-signature_algorithms TLS 1.0/1.1 and TLS 1.2, and returned
sigalg, type and hash.
Now, TLS 1.0/1.1 and 1.2 are differentiated at the caller, as they have
effectively completely different logic. TLS 1.0/1.1 simply use
legacyTypeAndHashFromPublicKey as they employ a fixed hash function and
signature algorithm for each public key type. TLS 1.2 is instead routed
through selectSignatureScheme (on the signing side) or
isSupportedSignatureAlgorithm (on the verifying side) and
typeAndHashFromSignatureScheme, like TLS 1.3.
On the signing side, signatureSchemesForCertificate was already version
aware (for PKCS#1 v1.5 vs PSS support), so selectSignatureScheme just
had to learn the Section 7.4.1.4.1 defaults for a missing
signature_algorithms to replace pickSignatureAlgorithm.
On the verifying side, pickSignatureAlgorithm was also checking the
public key type, while isSupportedSignatureAlgorithm +
typeAndHashFromSignatureScheme are not, but that check was redundant
with the one in verifyHandshakeSignature.
There should be no major change in behavior so far. A few minor changes
came from the refactor: we now correctly require signature_algorithms in
TLS 1.3 when using a certificate; we won't use Ed25519 in TLS 1.2 if the
client didn't send signature_algorithms; and we don't send
ec_points_format in the ServerHello (a compatibility measure) if we are
not doing ECDHE anyway because there are no mutually supported curves.
The tests also got simpler because they test simpler functions. The
caller logic switching between TLS 1.0/1.1 and 1.2 is tested by the
transcript tests.
Updates #32426
Change-Id: Ice9dcaea78d204718f661f8d60efdb408ba41577
Reviewed-on: https://go-review.googlesource.com/c/go/+/205061
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: implement (*ClientHelloInfo).SupportsCertificate
We'll also use this function for a better selection logic from
Config.Certificates in a later CL.
Updates #32426
Change-Id: Ie239574d02eb7fd2cf025ec36721c8c7e082d0bc
Reviewed-on: https://go-review.googlesource.com/c/go/+/205057
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: implement (*CertificateRequestInfo).SupportsCertificate
Also, add Version to CertificateRequestInfo, as the semantics of
SignatureSchemes change based on version: the ECDSA SignatureSchemes are
only constrained to a specific curve in TLS 1.3.
Fixes #32426
Change-Id: I7a551bea864799e98118349ac2476162893d1ffd
Reviewed-on: https://go-review.googlesource.com/c/go/+/205058
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: select only compatible chains from Certificates
Now that we have a full implementation of the logic to check certificate
compatibility, we can let applications just list multiple chains in
Certificates (for example, an RSA and an ECDSA one) and choose the most
appropriate automatically.
NameToCertificate only maps each name to one chain, so simply deprecate
it, and while at it simplify its implementation by not stripping
trailing dots from the SNI (which is specified not to have any, see RFC
6066, Section 3) and by not supporting multi-level wildcards, which are
not a thing in the WebPKI (and in crypto/x509).
The performance of SupportsCertificate without Leaf is poor, but doesn't
affect current users. For now document that, and address it properly in
the next cycle. See #35504.
While cleaning up the Certificates/GetCertificate/GetConfigForClient
behavior, also support leaving Certificates/GetCertificate nil if
GetConfigForClient is set, and send unrecognized_name when there are no
available certificates.
Fixes #29139
Fixes #18377
Change-Id: I26604db48806fe4d608388e55da52f34b7ca4566
Reviewed-on: https://go-review.googlesource.com/c/go/+/205059
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: implement Certificate.SupportedSignatureAlgorithms
This will let applications stop crypto/tls from using a certificate key
with an algorithm that is not supported by its crypto.Signer, like
hardware backed keys that can't do RSA-PSS.
Fixes #28660
Change-Id: I294cc06bddf813fff35c5107540c4a1788e1dace
Reviewed-on: https://go-review.googlesource.com/c/go/+/205062
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: re-enable RSA-PSS in TLS 1.2 again
TLS 1.3, which requires RSA-PSS, is now enabled without a GODEBUG
opt-out, and with the introduction of
Certificate.SupportedSignatureAlgorithms (#28660) there is a
programmatic way to avoid RSA-PSS (disable TLS 1.3 with MaxVersion and
use that field to specify only PKCS#1 v1.5 SignatureSchemes).
This effectively reverts 0b3a57b5374bba3fdf88258e2be4c8be65e6a5de,
although following CL 205061 all of the signing-side logic is
conveniently centralized in signatureSchemesForCertificate.
Fixes #32425
Change-Id: I7c9a8893bb5d518d86eae7db82612b9b2cd257d7
Reviewed-on: https://go-review.googlesource.com/c/go/+/205063
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: add correct names for CHACHA20_POLY1305 cipher suite constants
The cipher suites were apparently renamed late in the standardization
process, and we picked up the legacy name. We can't remove the old
constants, but add correctly named ones.
Fixes #32061
Change-Id: I65ee25c12c10934391af88b76b18565da67453fa
Reviewed-on: https://go-review.googlesource.com/c/go/+/205068
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: add CipherSuites, InsecureCipherSuites and CipherSuiteName
Fixes #30325
Change-Id: I497110224bb73ecfcc4655698a794e7aa4a66925
Reviewed-on: https://go-review.googlesource.com/c/go/+/175517
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
* crypto/tls: take key size into account in signature algorithm selection
Fixes #29793
Change-Id: I6e389d166c2d9a2ba8664a41f4b9569f2481b27f
Reviewed-on: https://go-review.googlesource.com/c/go/+/205177
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: retry ETIMEDOUT flakes in localPipe on dragonfly
Fixes #29583
Change-Id: Ia89433bddd4c9f67ec1f0150b730cde8a7e973ee
Reviewed-on: https://go-review.googlesource.com/c/go/+/206759
Run-TryBot: Bryan C. Mills <bcmills@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
* src/vendor,crypto/tls: update to latest x/crypto and use new X25519 API
Change-Id: Icd5006e37861d892a5f3d4397c3826179c1b12ad
Reviewed-on: https://go-review.googlesource.com/c/go/+/206657
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* all: fix a bunch of misspellings
Change-Id: I5b909df0fd048cd66c5a27fca1b06466d3bcaac7
GitHub-Last-Rev: 778c5d21311abee09a5fbda2e4005a5fd4cc3f9f
GitHub-Pull-Request: golang/go#35624
Reviewed-on: https://go-review.googlesource.com/c/go/+/207421
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* crypto/tls: remove leftover extensionNextProtoNeg constant
NPN was removed in CL 174329.
Change-Id: Ic63ad53e7e24872e28673d590727e0300f435619
Reviewed-on: https://go-review.googlesource.com/c/go/+/208224
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* crypto/tls: fix a typo in TLS handshake comment
Fix a minor typo in the TLS handshake comment.
Change-Id: I0fd243e5440f6c77c97e844e6669a7974a2c8798
GitHub-Last-Rev: 21e91a1a48e8a9200e6fca89a988e1383ded7bb2
GitHub-Pull-Request: golang/go#36030
Reviewed-on: https://go-review.googlesource.com/c/go/+/210289
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
* crypto/tls: stop a timeout timer
I noticed this leak while writing CL 214977.
Change-Id: I7566952b8e4bc58939d23435aea86576fc58ddca
Reviewed-on: https://go-review.googlesource.com/c/go/+/214978
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* crypto/tls: clarify TLS 1.0/1.1 CertificateRequestInfo.SignatureSchemes
This CL should not change the logic at all, but it took me a while to
figure out why we use these specific SignatureSchemes, so reformulate
the comment.
Change-Id: If519a58264209e6575417be07668e92ead0e772f
Reviewed-on: https://go-review.googlesource.com/c/go/+/208225
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: update ExampleDial with a valid root
When run as a separate program, the code in ExampleDial panicked due to
an expired certificate. Fixed this problem by replacing the expired
certificate with a valid one.
Also added a comment in the certificate to give a hint about why it
might fail in the future.
Fixes #35706
Change-Id: I3d300f7bccae050e4b73ded28b8029aa04b480bd
Reviewed-on: https://go-review.googlesource.com/c/go/+/212601
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: use new ecdsa.VerifyASN1 API
Change-Id: I2a233190bda78ca022ff4074b4553788847d7583
Reviewed-on: https://go-review.googlesource.com/c/go/+/220720
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* all: fix incorrect channel and API usage in some unit tests
This CL changes some unit test functions, making sure that these tests (and goroutines spawned during test) won't block.
Since they are just test functions, I use one CL to fix them all. I hope this won't cause trouble to reviewers and can save time for us.
There are three main categories of incorrect logic fixed by this CL:
1. Use testing.Fatal()/Fatalf() in spawned goroutines, which is forbidden by Go's document.
2. Channels are used in such a way that, when errors or timeout happen, the test will be blocked and never return.
3. Channels are used in such a way that, when errors or timeout happen, the test can return but some spawned goroutines will be leaked, occupying resource until all other tests return and the process is killed.
Change-Id: I3df931ec380794a0cf1404e632c1dd57c65d63e8
Reviewed-on: https://go-review.googlesource.com/c/go/+/219380
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* crypto/tls: add {SignatureScheme,CurveID,ClientAuthType}.String()
Fixes #35499
Change-Id: Ieb487782f389f6d80e8f68ee980e584d906cb4da
Reviewed-on: https://go-review.googlesource.com/c/go/+/208226
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: update the MITM reference to "machine-in-the-middle"
Changing "man-in-the-middle" references to "machine-in-the-middle",
it's a more inclusive term and still aligns with the MITM acronym.
Change-Id: I81f954cff3d252433443f159ff9edaf59a28ab9d
GitHub-Last-Rev: 3e8f91424a207233b537984747ae90cbc1f03755
GitHub-Pull-Request: golang/go#37918
Reviewed-on: https://go-review.googlesource.com/c/go/+/223897
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: add missing alert values
Fixes #35911
Change-Id: I093d25aa169963769b51c37d2481bce71bd0fd2f
Reviewed-on: https://go-review.googlesource.com/c/go/+/226858
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: failed tls.Conn.Write returns a permanent error
Fixes #29971
Change-Id: I2f1653640c88fafe0ec17a75dcf41d5896c4cb8e
Reviewed-on: https://go-review.googlesource.com/c/go/+/227840
Run-TryBot: Katie Hockman <katie@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
* crypto/tls: help linker remove code when only Client or Server is used
This saves 166 KiB for a tls.Dial hello world program (5382441 to
5212356 to bytes), by permitting the linker to remove TLS server code.
Change-Id: I16610b836bb0802b7d84995ff881d79ec03b6a84
Reviewed-on: https://go-review.googlesource.com/c/go/+/228111
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* crypto/tls: add Dialer
Fixes #18482
Change-Id: I99d65dc5d824c00093ea61e7445fc121314af87f
Reviewed-on: https://go-review.googlesource.com/c/go/+/214977
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* math/big: add (*Int).FillBytes
Replaced almost every use of Bytes with FillBytes.
Note that the approved proposal was for
func (*Int) FillBytes(buf []byte)
while this implements
func (*Int) FillBytes(buf []byte) []byte
because the latter was far nicer to use in all callsites.
Fixes #35833
Change-Id: Ia912df123e5d79b763845312ea3d9a8051343c0a
Reviewed-on: https://go-review.googlesource.com/c/go/+/230397
Reviewed-by: Robert Griesemer <gri@golang.org>
* crypto/tls: enforce TLS 1.3 (and TLS 1.2) downgrade protection checks
Fixes #37763
Change-Id: Ic6bcc9af0d164966f4ae31087998e5b546540038
Reviewed-on: https://go-review.googlesource.com/c/go/+/231038
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: marshal sessionState using cryptobyte
Change-Id: I95a60b837e19d0c4bf45ea74baa5843a8244a186
Reviewed-on: https://go-review.googlesource.com/c/go/+/231218
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: accept HelloRetryRequest messages with only a cookie
Clients have to reject any HelloRetryRequest message that doesn't lead
to a change in the ClientHello. Instead, we were rejecting any HRR that
didn't select an alternative group, even if it sent a cookie, which
would change the CH.
The good news is that I know of no TLS servers that use or need HRRs
exclusively for cookies (which are mostly useful in DTLS as a way to
verify the source address). The bad news is that we poisoned the
ecosystem as Go 1.12 to 1.14 will reject such HRRs. Oops, hopefully no
one needed this.
No tests because neither Go nor s_server support cookies. This would
presumably get covered once we integrate BoGo.
Fixes #30149
Change-Id: I760fb1ded81148ac3096cf201cbc1e941374b83d
Reviewed-on: https://go-review.googlesource.com/c/go/+/231039
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: fix sessionState marshaling
Change-Id: I2910f322256c521dd03b1dc23d117defdcd0aa54
Reviewed-on: https://go-review.googlesource.com/c/go/+/232662
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: rotate session keys in older TLS versions
Also encode the certificates in a way that's more
consistent with TLS 1.3 (with a 24 byte length prefix).
Note that this will have an additional performance cost
requiring clients to do a full handshake every 7 days
where previously they were able to use the same ticket
indefinitely.
Updates #25256
Change-Id: Ic4d1ba0d92773c490b33b5f6c1320d557cc7347d
Reviewed-on: https://go-review.googlesource.com/c/go/+/231317
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: rotate session ticket keys
Automatically rotate session ticket keys for servers
that don't already have sessionTicketKeys and that
haven't called SetSessionTicketKeys.
Now, session ticket keys will be rotated every 24 hours
with a lifetime of 7 days. This adds a small performance
cost to existing clients that don't provide a session
ticket encrypted with a fresh enough session ticket key,
which would require a full handshake.
Updates #25256
Change-Id: I15b46af7a82aab9a108bceb706bbf66243a1510f
Reviewed-on: https://go-review.googlesource.com/c/go/+/230679
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: add Config.VerifyConnection callback
Since the ConnectionState will now be available during
verification, some code was moved around in order to
initialize and make available as much of the fields on
Conn as possible before the ConnectionState is verified.
Fixes #36736
Change-Id: I0e3efa97565ead7de5c48bb8a87e3ea54fbde140
Reviewed-on: https://go-review.googlesource.com/c/go/+/229122
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
* crypto/tls: persist the createdAt time when re-wrapping session tickets
Change-Id: I33fcde2d544943fb04c2599810cf7fb773aeba1f
Reviewed-on: https://go-review.googlesource.com/c/go/+/234483
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
* crypto/tls: remove version check when unmarshaling sessionState
This was causing issues when fuzzing with
TestMarshalUnmarshal since the test would
occassionally set the version to VersionTLS13,
which would fail when unmarshaling. The check
doesn't add much in practice, and there is no
harm in removing it to de-flake the test.
Fixes #38902
Change-Id: I0906c570e9ed69c85fdd2c15f1b52f9e372c62e3
Reviewed-on: https://go-review.googlesource.com/c/go/+/234486
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: fix duplicate calls to VerifyConnection
Also add a test that could reproduce this error and
ensure it doesn't occur in other configurations.
Fixes #39012
Change-Id: If792b5131f312c269fd2c5f08c9ed5c00188d1af
Reviewed-on: https://go-review.googlesource.com/c/go/+/233957
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: test that Clone copies session ticket key fields
Updates #25256
Change-Id: If16c42581f1cf3500fd7fd01c915e487f8025e55
Reviewed-on: https://go-review.googlesource.com/c/go/+/235922
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: set CipherSuite for VerifyConnection
The ConnectionState's CipherSuite was not set prior
to the VerifyConnection callback in TLS 1.2 servers,
both for full handshakes and resumptions.
Change-Id: Iab91783eff84d1b42ca09c8df08e07861e18da30
Reviewed-on: https://go-review.googlesource.com/c/go/+/236558
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: restore OCSP and SCTs during session resumption
Restore previously sent SCTs and stapled OCSP response during session
resumption for both TLS 1.2 and 1.3. This behavior is somewhat
complicated for TLS 1.2 as SCTs are sent during the server hello,
so they override what is saved in ClientSessionState. It is likely
that if the server is sending a different set of SCTs there is probably
a reason for doing so, such as a log being retired, or SCT validation
requirements changing, so it makes sense to defer to the server in
that case.
Fixes #39075
Change-Id: I3c0fa2f69c6bf0247a447c48a1b4c733a882a233
Reviewed-on: https://go-review.googlesource.com/c/go/+/234237
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: fix DialContext docs
Change-Id: I58e3febbf63049bebb4f8ed8893288183c8aaccd
Reviewed-on: https://go-review.googlesource.com/c/go/+/239745
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: expand the ConnectionState docs
Fixes #37572
Change-Id: I493392f535a979ee16609861041da2ecfe21cf77
Reviewed-on: https://go-review.googlesource.com/c/go/+/239744
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: replace VerifyPeerCertificate example with VerifyConnection
Look at how much better it is!
Updates #36736
Change-Id: I53a314a103a42dd869c05823fa50f37d70f9d283
Reviewed-on: https://go-review.googlesource.com/c/go/+/239560
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: create certs w/o KeyEncipherment KU for non-RSA keys in generate_cert.go
Summary
The crypto/tls/generate_cert.go utility should only set the template
x509.Certificate's KeyUsage field to a value with the
x509.KeyUsageKeyEncipherment bits set when the certificate subject
public key is an RSA public key, not an ECDSA or ED25519 public key.
Background
RFC 5480 describes the usage of ECDSA elliptic curve subject keys with
X.509. Unfortunately while Section 3 "Key Usages Bits" indicates which
key usage bits MAY be used with a certificate that indicates
id-ecPublicKey in the SubjectPublicKeyInfo field it doesn't provide
guidance on which usages should *not* be included (e.g. the
keyEncipherment bit, which is particular to RSA key exchange). The same
problem is present in RFC 8410 Section 5 describing Key Usage Bits for
ED25519 elliptic curve subject keys.
There's an update to RFC 5480 in last call stage within the IETF LAMPS
WG, draft-ietf-lamps-5480-ku-clarifications-00. This update is meant
to clarify the allowed Key Usages extension values for certificates with
ECDSA subject public keys by adding:
> If the keyUsage extension is present in a certificate that indicates
> id-ecPublicKey as algorithm of AlgorithmIdentifier [RFC2986] in
> SubjectPublicKeyInfo, then following values MUST NOT be present:
>
> keyEncipherment; and
> dataEncipherment.
I don't believe there is an update for RFC 8410 in the works but I
suspect it will be clarified similarly in the future.
This commit updates generate_cert.go to ensure when the certificate
public key is ECDSA or ED25519 the generated certificate has the
x509.Certificate.KeyUsage field set to a value that doesn't include KUs
specific to RSA. For ECDSA keys this will adhere to the updated RFC 5480
language.
Fixes #36499
Change-Id: Ib1b0757c039b7fe97fc6d1e826fe6b88856c1964
GitHub-Last-Rev: a8f34fb33dde90e09b6f9a27b2598a82b3023abb
GitHub-Pull-Request: golang/go#36500
Reviewed-on: https://go-review.googlesource.com/c/go/+/214337
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
* crypto/tls: relax the docs of InsecureSkipVerify
Fixes #39074
Change-Id: I72ec95f4b190253bb82d52a03a769b0399170b93
Reviewed-on: https://go-review.googlesource.com/c/go/+/239746
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto: fix PKCS space in docs
Change-Id: Iee53acb963a889410f8c6daaa9a7841f1b12c6fb
Reviewed-on: https://go-review.googlesource.com/c/go/+/241497
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: replace errClosed with net.ErrClosed
CL 250357 exported net.ErrClosed to allow more reliable detection
of closed network connection errors. Use that error in crypto/tls
as well.
The error message is changed from "tls: use of closed connection"
to "use of closed network connection", so the code that detected such
errors by looking for that text in the error message will need to be
updated to use errors.Is(err, net.ErrClosed) instead.
Fixes #41066
Change-Id: Ic05c0ed6a4f57af2a0302d53b00851a59200be2e
Reviewed-on: https://go-review.googlesource.com/c/go/+/256897
Reviewed-by: Katie Hockman <katie@golang.org>
Trust: Katie Hockman <katie@golang.org>
Trust: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
* crypto/tls: make config.Clone return nil if the source is nil
Fixes #40565
Change-Id: I13a67be193f8cd68df02b8729529e627a73d364b
GitHub-Last-Rev: b03d2c04fd88db909b40dfd7bd08fe13d8994ab9
GitHub-Pull-Request: golang/go#40566
Reviewed-on: https://go-review.googlesource.com/c/go/+/246637
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Trust: Emmanuel Odeke <emm.odeke@gmail.com>
* crypto/tls: fix TestLinkerGC test
A test that checks if "tls.(*Conn)" appears in any symbol's name.
tls.Conn is a type, so the string "tls.(*Conn)" can only appear
in the name of a method of Conn. But the test code doesn't use
any of the methods. Not sure why this needs to be live. In
particular, the linker is now able to prune all methods of Conn.
Remove this requirement. In fact, just drop the only_conn test
case, as simply allocating a type doesn't necessarily bring
anything live.
Change-Id: I754291b75d38e1465b5291b4dea20806615d21b3
Reviewed-on: https://go-review.googlesource.com/c/go/+/257973
Trust: Cherry Zhang <cherryyz@google.com>
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Cherry Zhang <cherryyz@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Jeremy Faller <jeremy@golang.org>
* crypto/tls: fix typo in spelling of permanentError
Change-Id: I819c121ff388460ec348af773ef94b44416a2ea9
GitHub-Last-Rev: 98dd8fb25cecb73e88d107e0a35e3e63a53dfd09
GitHub-Pull-Request: golang/go#41785
Reviewed-on: https://go-review.googlesource.com/c/go/+/259517
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Trust: Emmanuel Odeke <emm.odeke@gmail.com>
* all: update references to symbols moved from io/ioutil to io
The old ioutil references are still valid, but update our code
to reflect best practices and get used to the new locations.
Code compiled with the bootstrap toolchain
(cmd/asm, cmd/dist, cmd/compile, debug/elf)
must remain Go 1.4-compatible and is excluded.
Also excluded vendored code.
For #41190.
Change-Id: I6d86f2bf7bc37a9d904b6cee3fe0c7af6d94d5b1
Reviewed-on: https://go-review.googlesource.com/c/go/+/263142
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
* crypto/tls: add no-shared to openssl build instructions
This prevents the custom-built version of openssl prefering the system
libraries over the ones compiled with the specified (weak crypto)
options necessary to generate the updates. This difference can lead to
confusing failures when updating the tests.
Fixes #31809
Change-Id: I2dd257f3121d6c6c62c6aeba52e1c74046b3c584
GitHub-Last-Rev: 6d4eeafadf0b4671b7e17c6810f1a66a9fda7d3c
GitHub-Pull-Request: golang/go#41630
Reviewed-on: https://go-review.googlesource.com/c/go/+/257517
Trust: Emmanuel Odeke <emm.odeke@gmail.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: document the ClientAuthType consts
Fixes #34023
Change-Id: Ib7552a8873a79a91e8d971f906c6d7283da7a80c
Reviewed-on: https://go-review.googlesource.com/c/go/+/264027
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: set Deadline before sending close notify alert
This change also documents the need to set a Deadline before
calling Read or Write.
Fixes #31224
Change-Id: I89d6fe3ecb0a0076b4c61765f61c88056f951406
Reviewed-on: https://go-review.googlesource.com/c/go/+/266037
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: pool Conn's outBuf to reduce memory cost of idle connections
Derived from CL 263277, which includes benchmarks.
Fixes #42035
Co-authored-by: Filippo Valsorda <filippo@golang.org>
Change-Id: I5f28673f95d4568b7d13dbc20e9d4b48d481a93d
Reviewed-on: https://go-review.googlesource.com/c/go/+/267957
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Roberto Clapis <roberto@golang.org>
* crypto/tls: don't use CN in BuildNameToCertificate if SANs are present
Change-Id: I18d5b9fc392a6a52fbdd240254d6d9db838073a4
Reviewed-on: https://go-review.googlesource.com/c/go/+/266540
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
* crypto/tls: add HandshakeContext method to Conn
Adds the (*tls.Conn).HandshakeContext method. This allows
us to pass the context provided down the call stack to
eventually reach the tls.ClientHelloInfo and
tls.CertificateRequestInfo structs.
These contexts are exposed to the user as read-only via Context()
methods.
This allows users of (*tls.Config).GetCertificate and
(*tls.Config).GetClientCertificate to use the context for
request scoped parameters and cancellation.
Replace uses of (*tls.Conn).Handshake with (*tls.Conn).HandshakeContext
where appropriate, to propagate existing contexts.
Fixes #32406
Change-Id: I33c228904fe82dcf57683b63627497d3eb841ff2
Reviewed-on: https://go-review.googlesource.com/c/go/+/246338
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: drop macFunction abstraction
Since we dropped SSLv3, there is only one MAC scheme, and it doesn't
need any state beyond a keyed HMAC, so we can replace the macFunction
with the hash.Hash it wraps.
Pointed out by mtp@.
Change-Id: I5545be0e6ccb34a3055fad7f6cb5f628ff748e9f
Reviewed-on: https://go-review.googlesource.com/c/go/+/251859
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
* crypto/tls: ensure the server picked an advertised ALPN protocol
This is a SHALL in RFC 7301, Section 3.2.
Also some more cleanup after NPN, which worked the other way around
(with the possibility that the client could pick a protocol the server
did not suggest).
Change-Id: I83cc43ca1b3c686dfece8315436441c077065d82
Reviewed-on: https://go-review.googlesource.com/c/go/+/239748
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
* crypto/tls: de-prioritize AES-GCM ciphers when lacking hardware support
When either the server or client are lacking hardware support for
AES-GCM ciphers, indicated by the server lacking the relevant
instructions and by the client not putting AES-GCM ciphers at the top
of its preference list, reorder the preference list to de-prioritize
AES-GCM based ciphers when they are adjacent to other AEAD ciphers.
Also updates a number of recorded openssl TLS tests which previously
only specified TLS 1.2 cipher preferences (using -cipher), but not
TLS 1.3 cipher preferences (using -ciphersuites), to specify both
preferences, making these tests more predictable.
Fixes #41181.
Change-Id: Ied896c96c095481e755aaff9ff0746fb4cb9568e
Reviewed-on: https://go-review.googlesource.com/c/go/+/262857
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
* all: update to use os.ReadFile, os.WriteFile, os.CreateTemp, os.MkdirTemp
As part of #42026, these helpers from io/ioutil were moved to os.
(ioutil.TempFile and TempDir became os.CreateTemp and MkdirTemp.)
Update the Go tree to use the preferred names.
As usual, code compiled with the Go 1.4 bootstrap toolchain
and code vendored from other sources is excluded.
ReadDir changes are in a separate CL, because they are not a
simple search and replace.
For #42026.
Change-Id: If318df0216d57e95ea0c4093b89f65e5b0ababb3
Reviewed-on: https://go-review.googlesource.com/c/go/+/266365
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* crypto/tls: revert "add HandshakeContext method to Conn"
This reverts CL 246338.
Reason for revert: waiting for 1.17 release cycle
Updates #32406
Change-Id: I074379039041e086c62271d689b4b7f442281663
Reviewed-on: https://go-review.googlesource.com/c/go/+/269697
Run-TryBot: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>
Run-TryBot: Katie Hockman <katie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Trust: Katie Hockman <katie@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
* all: go fmt std cmd (but revert vendor)
Make all our package sources use Go 1.17 gofmt format
(adding //go:build lines).
Part of //go:build change (#41184).
See https://golang.org/design/draft-gobuild
Change-Id: Ia0534360e4957e58cd9a18429c39d0e32a6addb4
Reviewed-on: https://go-review.googlesource.com/c/go/+/294430
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
* docs: fix spelling
Change-Id: Ib689e5793d9cb372e759c4f34af71f004010c822
GitHub-Last-Rev: d63798388e5dcccb984689b0ae39b87453b97393
GitHub-Pull-Request: golang/go#44259
Reviewed-on: https://go-review.googlesource.com/c/go/+/291949
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Trust: Matthew Dempsky <mdempsky@google.com>
Trust: Robert Griesemer <gri@golang.org>
* docs: clarify when APIs use context.Background.
The Go standard library retrofitted context support onto existing APIs
using context.Background and later offered variants that directly
supported user-defined context value specification. This commit makes
that behavior clear in documentation and suggests context-aware
alternatives if the user is looking for one.
An example motivation is supporting code for use in systems that expect
APIs to be cancelable for lifecycle correctness or load
shedding/management reasons, as alluded to in
https://blog.golang.org/context-and-structs.
Updates #44143
Change-Id: I2d7f954ddf9b48264d5ebc8d0007058ff9bddf14
Reviewed-on: https://go-review.googlesource.com/c/go/+/296152
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Jean de Klerk <deklerk@google.com>
Trust: Jean de Klerk <deklerk@google.com>
Run-TryBot: Jean de Klerk <deklerk@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
* all: remove duplicate words
Change-Id: Ib0469232a2b69a869e58d5d24990ad74ac96ea56
GitHub-Last-Rev: eb38e049ee1e773392ff3747e1eb2af20dd50dcd
GitHub-Pull-Request: golang/go#44805
Reviewed-on: https://go-review.googlesource.com/c/go/+/299109
Trust: Emmanuel Odeke <emmanuel@orijtech.com>
Run-TryBot: Emmanuel Odeke <emmanuel@orijtech.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
* crypto/tls: add HandshakeContext method to Conn
Adds the (*tls.Conn).HandshakeContext method. This allows
us to pass the context provided down the call stack to
eventually reach the tls.ClientHelloInfo and
tls.CertificateRequestInfo structs.
These contexts are exposed to the user as read-only via Context()
methods.
This allows users of (*tls.Config).GetCertificate and
(*tls.Config).GetClientCertificate to use the context for
request scoped parameters and cancellation.
Replace uses of (*tls.Conn).Handshake with (*tls.Conn).HandshakeContext
where appropriate, to propagate existing contexts.
Fixes #32406
Change-Id: I259939c744bdc9b805bf51a845a8bc462c042483
Reviewed-on: https://go-review.googlesource.com/c/go/+/295370
Run-TryBot: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Katie Hockman <katie@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: remove flaky cancellation test
This will be reintroduced again once the source of the
flakiness has been determined and fixed.
Fixes #45084
Change-Id: I6677b27fcd71e8c9bb8edbe8e3be70e5a271ebd3
Reviewed-on: https://go-review.googlesource.com/c/go/+/302569
Trust: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>
Run-TryBot: Katie Hockman <katie@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
* all: fix spellings
This follows the spelling choices that the Go project has made for English words.
https://github.com/golang/go/wiki/Spelling
Change-Id: Ie7c586d2cf23020cb492cfff58c0831d2d8d3a78
GitHub-Last-Rev: e16a32cd225a275f73d236bcb33703986d110ded
GitHub-Pull-Request: golang/go#45442
Reviewed-on: https://go-review.googlesource.com/c/go/+/308291
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Trust: Emmanuel Odeke <emmanuel@orijtech.com>
* crypto/tls: fix flaky handshake cancellation tests
Simplified both tests significantly by removing logic for writing
the client/server side messages. The flake was likely because of a
race between the closing of the local pipe from inside the test
and closing of the pipe from within the handshakeContext goroutine.
Wait to close the local pipe in the test until after the test
has finished running.
Fixes #45106
Fixes #45299
Change-Id: If7ca75aeff7df70cda03c934fa9d8513276d465d
Reviewed-on: https://go-review.googlesource.com/c/go/+/305250
Trust: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>
Trust: Katie Hockman <katie@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: enforce ALPN overlap when negotiated on both sides
During the TLS handshake if the server doesn't support any of the
application protocols requested by the client, send the
no_application_protocol alert and abort the handshake on the server
side. This enforces the requirements of RFC 7301.
Change-Id: Iced2bb5c6efc607497de1c40ee3de9c2b393fa5d
Reviewed-on: https://go-review.googlesource.com/c/go/+/289209
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
* crypto/tls: make cipher suite preference ordering automatic
We now have a (well, two, depending on AES hardware support) universal
cipher suite preference order, based on their security and performance.
Peer and application lists are now treated as filters (and AES hardware
support hints) that are applied to this universal order.
This removes a complex and nuanced decision from the application's
responsibilities, one which we are better equipped to make and which
applications usually don't need to have an opinion about. It also lets
us worry less about what suites we support or enable, because we can be
confident that bad ones won't be selected over good ones.
This also moves 3DES suites to InsecureCipherSuites(), even if they are
not disabled by default. Just because we can keep them as a last resort
it doesn't mean they are secure. Thankfully we had not promised that
Insecure means disabled by default.
Notable test changes:
- TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the
right certificate regardless of CipherSuite ordering, which is now
completely ignored, as tested by TestCipherSuitePreference. Removed.
- The openssl command of TestHandshakeServerExportKeyingMaterial was
broken for TLS 1.0 in CL 262857, but its golden file was not
regenerated, so the test kept passing. It now broke because the
selected suite from the ones in the golden file changed.
- In TestAESCipherReordering, "server strongly prefers AES-GCM" is
removed because there is no way for a server to express a strong
preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha"
switched to ChaCha20 when the server lacks AES hardware; and finally
"client supports multiple AES-GCM" changed to always prefer AES-128
per the universal preference list.
* this is going back on an explicit decision from CL 262857, and
while that client order is weird and does suggest a strong dislike
for ChaCha20, we have a strong dislike for software AES, so it
didn't feel worth making the logic more complex
- All Client-* golden files had to be regenerated because the
ClientHello cipher suites have changed.
(Even when Config.CipherSuites was limited to one suite, the TLS 1.3
default order changed.)
Fixes #45430
Fixes #41476 (as 3DES is now always the last resort)
Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5
Reviewed-on: https://go-review.googlesource.com/c/go/+/314609
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
* crypto/tls: fix typo in Config.NextProtos docs
Change-Id: I916df584859595067e5e86c35607869397dbbd8c
Reviewed-on: https://go-review.googlesource.com/c/go/+/325651
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
* crypto/tls: let HTTP/1.1 clients connect to servers with NextProtos "h2"
Fixes #46310
Change-Id: Idd5e30f05c439f736ae6f3904cbb9cc2ba772315
Reviewed-on: https://go-review.googlesource.com/c/go/+/325432
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
* crypto/tls: test key type when casting
When casting the certificate public key in generateClientKeyExchange,
check the type is appropriate. This prevents a panic when a server
agrees to a RSA based key exchange, but then sends an ECDSA (or
other) certificate.
Fixes #47143
Fixes CVE-2021-34558
Thanks to Imre Rad for reporting this issue.
Change-Id: Iabccacca6052769a605cccefa1216a9f7b7f6aea
Reviewed-on:
|
||
|
Gaukas Wang
|
54f1f4e2f9
|
Sync upstream crypto/tls (#120)
* Merge Upstream (#4) * crypto/rand, internal/syscall/unix: add support for getrandom syscall on solaris The getrandom syscall is available on Solaris and Illumos, see https://docs.oracle.com/cd/E88353_01/html/E37841/getrandom-2.html and https://illumos.org/man/2/getrandom Change-Id: Id1c65d6a5b2fbc80d20b43d8b32dab137ca950ca Reviewed-on: https://go-review.googlesource.com/c/go/+/299134 Trust: Tobias Klauser <tobias.klauser@gmail.com> Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> * docs: clarify when APIs use context.Background. The Go standard library retrofitted context support onto existing APIs using context.Background and later offered variants that directly supported user-defined context value specification. This commit makes that behavior clear in documentation and suggests context-aware alternatives if the user is looking for one. An example motivation is supporting code for use in systems that expect APIs to be cancelable for lifecycle correctness or load shedding/management reasons, as alluded to in https://blog.golang.org/context-and-structs. Updates #44143 Change-Id: I2d7f954ddf9b48264d5ebc8d0007058ff9bddf14 Reviewed-on: https://go-review.googlesource.com/c/go/+/296152 Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Jean de Klerk <deklerk@google.com> Trust: Jean de Klerk <deklerk@google.com> Run-TryBot: Jean de Klerk <deklerk@google.com> TryBot-Result: Go Bot <gobot@golang.org> * cmd: move GOEXPERIMENT knob from make.bash to cmd/go This CL changes GOEXPERIMENT to act like other GO[CONFIG] environment variables. Namely, that it can be set at make.bash time to provide a default value used by the toolchain, but then can be manually set when running either cmd/go or the individual tools (compiler, assembler, linker). For example, it's now possible to test rsc.io/tmp/fieldtrack by simply running: GOEXPERIMENT=fieldtrack go test -gcflags=-l rsc.io/tmp/fieldtrack \ -ldflags=-k=rsc.io/tmp/fieldtrack.tracked without needing to re-run make.bash. (-gcflags=-l is needed because the compiler's inlining abilities have improved, so calling a function with a for loop is no longer sufficient to suppress inlining.) Fixes #42681. Change-Id: I2cf8995d5d0d05f6785a2ee1d3b54b2cfb3331ca Reviewed-on: https://go-review.googlesource.com/c/go/+/300991 Trust: Matthew Dempsky <mdempsky@google.com> Run-TryBot: Matthew Dempsky <mdempsky@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Bryan C. Mills <bcmills@google.com> * internal/poll: fix some grammar errors Change-Id: I25a6424bce9d372fa46e8bdd856095845d3397bf Reviewed-on: https://go-review.googlesource.com/c/go/+/300889 Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> * all: remove duplicate words Change-Id: Ib0469232a2b69a869e58d5d24990ad74ac96ea56 GitHub-Last-Rev: eb38e049ee1e773392ff3747e1eb2af20dd50dcd GitHub-Pull-Request: golang/go#44805 Reviewed-on: https://go-review.googlesource.com/c/go/+/299109 Trust: Emmanuel Odeke <emmanuel@orijtech.com> Run-TryBot: Emmanuel Odeke <emmanuel@orijtech.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Bryan C. Mills <bcmills@google.com> * all: add internal/itoa package This replaces five implementations scattered across low level packages. (And I plan to use it in a sixth soon.) Three of the five were byte-for-byte identical. Change-Id: I3bbbeeac63723a487986c912b604e10ad1e042f4 Reviewed-on: https://go-review.googlesource.com/c/go/+/301549 Trust: Josh Bleecher Snyder <josharian@gmail.com> Run-TryBot: Josh Bleecher Snyder <josharian@gmail.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> * internal/poll: eliminate the redundant type conversions of FD.Sysfd Change-Id: Ib75662f717320510319c696520e645f54eec97f7 Reviewed-on: https://go-review.googlesource.com/c/go/+/301569 Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> Reviewed-by: Ian Lance Taylor <iant@golang.org> * crypto/tls: add HandshakeContext method to Conn Adds the (*tls.Conn).HandshakeContext method. This allows us to pass the context provided down the call stack to eventually reach the tls.ClientHelloInfo and tls.CertificateRequestInfo structs. These contexts are exposed to the user as read-only via Context() methods. This allows users of (*tls.Config).GetCertificate and (*tls.Config).GetClientCertificate to use the context for request scoped parameters and cancellation. Replace uses of (*tls.Conn).Handshake with (*tls.Conn).HandshakeContext where appropriate, to propagate existing contexts. Fixes #32406 Change-Id: I259939c744bdc9b805bf51a845a8bc462c042483 Reviewed-on: https://go-review.googlesource.com/c/go/+/295370 Run-TryBot: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com> TryBot-Result: Go Bot <gobot@golang.org> Trust: Katie Hockman <katie@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> * crypto/tls: remove flaky cancellation test This will be reintroduced again once the source of the flakiness has been determined and fixed. Fixes #45084 Change-Id: I6677b27fcd71e8c9bb8edbe8e3be70e5a271ebd3 Reviewed-on: https://go-review.googlesource.com/c/go/+/302569 Trust: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com> Run-TryBot: Katie Hockman <katie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> * crypto/rand, internal/syscall/unix: add support for getentropy syscall on darwin The getentropy syscall is available on macOS since version 10.12, which is the minimum required version since Go 1.15. Change-Id: I294259af0b11df9669e4dc5fa891d2f2f039d91a Reviewed-on: https://go-review.googlesource.com/c/go/+/302489 Trust: Tobias Klauser <tobias.klauser@gmail.com> Reviewed-by: Ian Lance Taylor <iant@golang.org> Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> TryBot-Result: Go Bot <gobot@golang.org> * [dev.fuzz] internal/fuzz: add minimization of []byte This works by minimizing for a maximum of one minute. We may consider making this customizable in the future. This only minimizes []byte inputs which caused a recoverable error. In the future, it should support minimizing other appopriate types, and minimizing types which caused non-recoverable errors (though this is much more expensive). The code in internal/fuzz/worker.go is copied from, or heavily inspired by, code originally authored by Dmitry Vyukov and Josh Bleecher Snyder as part of the go-fuzz project. Thanks to them for their contributions. See https://github.com/dvyukov/go-fuzz. Change-Id: I93dbac7ff874d6d0c1b9b9dda23930ae9921480c Reviewed-on: https://go-review.googlesource.com/c/go/+/298909 Trust: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> * all: explode GOEXPERIMENT=regabi into 5 sub-experiments This separates GOEXPERIMENT=regabi into five sub-experiments: regabiwrappers, regabig, regabireflect, regabidefer, and regabiargs. Setting GOEXPERIMENT=regabi now implies the working subset of these (currently, regabiwrappers, regabig, and regabireflect). This simplifies testing, helps derisk the register ABI project, and will also help with performance comparisons. This replaces the -abiwrap flag to the compiler and linker with the regabiwrappers experiment. As part of this, regabiargs now enables registers for all calls in the compiler. Previously, this was statically disabled in regabiEnabledForAllCompilation, but now that we can control it independently, this isn't necessary. For #40724. Change-Id: I5171e60cda6789031f2ef034cc2e7c5d62459122 Reviewed-on: https://go-review.googlesource.com/c/go/+/302070 Trust: Austin Clements <austin@google.com> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Cherry Zhang <cherryyz@google.com> Reviewed-by: David Chase <drchase@google.com> * [dev.fuzz] testing: print logs and error messages when fuzzing Also improve the error messages for the use of testing.F functions inside the Fuzz function. Change-Id: I5fa48f8c7e0460a1da89a49a73e5af83c544e549 Reviewed-on: https://go-review.googlesource.com/c/go/+/298849 Trust: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> * [dev.fuzz] internal/fuzz: reduce allocation in the mutator When mutating a byte slice, mutate in place, and only allocate once if the slice's capacity is less than the maximum size. mutateBytes already should not allocate; we check a post-condition that the slice's data pointer does not change. This speeds up the mutator from 4 ms per value to 200-600 ns. For example: goos: darwin goarch: amd64 pkg: internal/fuzz cpu: Intel(R) Core(TM) i7-8559U CPU @ 2.70GHz BenchmarkMutatorBytes/1-8 5908735 275.3 ns/op BenchmarkMutatorBytes/10-8 5198473 282.0 ns/op BenchmarkMutatorBytes/100-8 4304750 233.9 ns/op BenchmarkMutatorBytes/1000-8 4623988 295.2 ns/op BenchmarkMutatorBytes/10000-8 4252104 458.5 ns/op BenchmarkMutatorBytes/100000-8 1236751 950.8 ns/op PASS ok internal/fuzz 12.993s Change-Id: I4bf2a04be6c648ef440af2c62bf0ffa3d310172c Reviewed-on: https://go-review.googlesource.com/c/go/+/306675 Trust: Jay Conrod <jayconrod@google.com> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Jay Conrod <jayconrod@google.com> Reviewed-by: Katie Hockman <katie@golang.org> * all: update references to symbols moved from io/ioutil to io Update references missed in CL 263142. For #41190 Change-Id: I778760a6a69bd0440fec0848bdef539c9ccb4ee1 GitHub-Last-Rev: dda42b09fff36dc08ec1cdec50cc19e3da5058e5 GitHub-Pull-Request: golang/go#42874 Reviewed-on: https://go-review.googlesource.com/c/go/+/273946 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> Trust: Cherry Zhang <cherryyz@google.com> * net: make ErrClosed and ParseError implement net.Error Fixes #45357 Change-Id: Iafd41fff232a89be4c88d4b1d66bc3c04d888bcc Reviewed-on: https://go-review.googlesource.com/c/go/+/307030 Trust: Ian Lance Taylor <iant@golang.org> Trust: Josh Bleecher Snyder <josharian@gmail.com> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Josh Bleecher Snyder <josharian@gmail.com> * [dev.fuzz] internal/fuzz: small bug fixes and refactors to minimization This fixes a few issues that were being masked since log statements weren't being printed to stdout. Now that they are, fix the bugs, and update the tests. Also includes a few small refactors which will make minimizing non-recoverable errors easier. Change-Id: Ie2fd2e5534b3980317e1e1f3fd8e04750988c17f Reviewed-on: https://go-review.googlesource.com/c/go/+/307810 Trust: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> * internal/goexperiment,cmd: consolidate GOEXPERIMENTs into a new package Currently there's knowledge about the list of GOEXPERIMENTs in a few different places. This CL introduces a new package and consolidates the list into one place: the internal/goexperiment.Flags struct type. This package gives us a central place to document the experiments as well as the GOEXPERIMENT environment variable itself. It will also give us a place to put built-time constants derived from the enabled experiments. Now the objabi package constructs experiment names by reflecting over this struct type rather than having a separate list of these names (this is similar to how the compiler handles command-line flags and debug options). We also expose a better-typed API to the toolchain for propagating enabled experiments. Change-Id: I06e026712b59fe2bd7cd11a869aedb48ffe5a4b7 Reviewed-on: https://go-review.googlesource.com/c/go/+/307817 Trust: Austin Clements <austin@google.com> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Matthew Dempsky <mdempsky@google.com> * internal/goexperiment: consolidate experiment-enabled constants Currently, we have boolean and integral constants for GOEXPERIMENTs in various places. Consolidate these into automatically generated constants in the internal/goexperiment package. Change-Id: I42a49aba2a3b4c722fedea23a613162cd8a67bee Reviewed-on: https://go-review.googlesource.com/c/go/+/307818 Trust: Austin Clements <austin@google.com> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Cherry Zhang <cherryyz@google.com> Reviewed-by: Matthew Dempsky <mdempsky@google.com> * cmd/internal/objabi: make GOEXPERIMENT be a diff from default experiments Right now the rules around handling default-on experiments are complicated and a bit inconsistent. Notably, objabi.GOEXPERIMENT is set to a comma-separated list of enabled experiments, but this may not be the string a user should set the GOEXPERIMENT environment variable to get that list of experiments: if an experiment is enabled by default but gets turned off by GOEXPERIMENT, then the string we report needs to include "no"+experiment to capture that default override. This complication also seeps into the version string we print for "go tool compile -V", etc. This logic is further complicated by the fact that it only wants to include an experiment string if the set of experiments varies from the default. This CL rethinks how we handle default-on experiments. Now that experiment state is all captured in a struct, we can simplify a lot of this logic. objabi.GOEXPERIMENT will be set based on the delta from the default set of experiments, which reflects what a user would actually need to pass on the command line. Likewise, we include this delta in the "-V" output, which simplifies this logic because if there's nothing to show in the version string, the delta will be empty. Change-Id: I7ed307329541fc2c9f90edd463fbaf8e0cc9e8ee Reviewed-on: https://go-review.googlesource.com/c/go/+/307819 Trust: Austin Clements <austin@google.com> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Matthew Dempsky <mdempsky@google.com> * runtime,cmd/link: include GOEXPERIMENTs in runtime.Version(), "go version X" This adds the set of GOEXPERIMENTs to the build version if it differs from the default set of experiments. This exposes the experiment settings via runtime.Version() and "go version <binary>". Change-Id: I143dbbc50f66a4cf175469199974e18848075af6 Reviewed-on: https://go-review.googlesource.com/c/go/+/307820 Trust: Austin Clements <austin@google.com> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Matthew Dempsky <mdempsky@google.com> * [dev.fuzz] internal/fuzz: add stub for coverage This change only includes a stub for the function which will hook into the runtime to expose coverage instrumentation while we're fuzzing. Previously, we discussed an exported API named FuzzCoverage, but since this is within the internal/fuzz package, simply naming it coverage seems appropriate. Change-Id: Iba3240e53e0c4c434e937aa9bb1711a44fec9975 Reviewed-on: https://go-review.googlesource.com/c/go/+/308191 Trust: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> Reviewed-by: Matthew Dempsky <mdempsky@google.com> Reviewed-by: Jay Conrod <jayconrod@google.com> * [dev.fuzz] internal/fuzz: add mutator for int types Assuming this works, will follow up with another CL that mutates other types. Change-Id: Id61acaacd56ca41e3be52e400f8f768672313bbb Reviewed-on: https://go-review.googlesource.com/c/go/+/308169 Trust: Katie Hockman <katie@golang.org> Trust: Jay Conrod <jayconrod@google.com> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> * [dev.fuzz] internal/fuzz: implement coverage and trace instrumentation This CL makes two main changes to allow internal/fuzz to support -d=libfuzzer instrumentation: 1. It extends cmd/link to define _counters and _ecounters symbols so internal/fuzz can find the coverage counters. 2. It adds "trace" stub functions that implement the ABI expected by cmd/compile for comparison instrumentation. N.B., that -tags=libfuzzer should *not* be set, so that internal/fuzz's trace routines will be used instead of runtime's libfuzzer trampolines. Also, the current implementation doesn't support multi-module builds (i.e., compiling a Go program that spans multiple .so/.dll files). Presumably this isn't an issue, since "go test -fuzz" will need to recompile the binary with instrumentation anyway so it can make sure to always use a single-module build. But we can revisit this if necessary. Change-Id: I9b1619119ab7477bebcfd5988b4b60499a7ab0d7 Reviewed-on: https://go-review.googlesource.com/c/go/+/308289 Trust: Matthew Dempsky <mdempsky@google.com> Trust: Katie Hockman <katie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> Reviewed-by: Cherry Zhang <cherryyz@google.com> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> * [dev.fuzz] internal/fuzz: don't count time spent loading corpus The -fuzztime flag tells us how much time to spend fuzzing, not counting time spent running the seed corpus. We shouldn't count time spent loading the cache either. If the cache is large, the time limit may be exceeded before the coordinator starts the workers. Change-Id: If00435faa5d24aabdb9003ebb9337fa2e47f22b6 Reviewed-on: https://go-review.googlesource.com/c/go/+/307310 Trust: Jay Conrod <jayconrod@google.com> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Jay Conrod <jayconrod@google.com> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> * [dev.fuzz] internal/fuzz: improve cancellation in worker event loops worker.runFuzzing now accepts a Context, used for cancellation instead of doneC (which is removed). This is passed down through workerClient RPC methods (ping, fuzz). workerClient RPC methods now wrap the call method, which handles marshaling and cancellation. Both workerClient.call and workerServer.serve should return quickly when their contexts are cancelled. Turns out, closing the pipe won't actually unblock a read on all platforms. Instead, we were falling back to SIGKILL in worker.stop, which works but takes longer than necessary. Also fixed missing newline in log message. Change-Id: I7b5ae54d6eb9afd6361a07759f049f048952e0cc Reviewed-on: https://go-review.googlesource.com/c/go/+/303429 Trust: Jay Conrod <jayconrod@google.com> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Jay Conrod <jayconrod@google.com> Reviewed-by: Katie Hockman <katie@golang.org> * [dev.fuzz] testing: let -fuzztime specify a number of executions -fuzztime now works similarly to -benchtime: if it's given a string with an "x" suffix (as opposed to "s" or some other unit of duration), the fuzzing system will generate and run a maximum number of values. This CL also implements tracking and printing counts, since most of the work was already done. Change-Id: I013007984b5adfc1a751c379dc98c8d46b4a97e9 Reviewed-on: https://go-review.googlesource.com/c/go/+/306909 Trust: Jay Conrod <jayconrod@google.com> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Jay Conrod <jayconrod@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> * [dev.fuzz] testing: support T.Parallel in fuzz functions While running the seed corpus, T.Parallel acts like it does in subtests started with T.Run: it blocks until all other non-parallel subtests have finished, then unblocks when the barrier chan is closed. A semaphore (t.context.waitParallel) limits the number of tests that run concurrently (determined by -test.parallel). While fuzzing, T.Parallel has no effect, other than asserting that it can't be called multiple times. We already run different inputs in concurrent processes, but we can't run inputs concurrently in the same process if we want to attribute crashes to specific inputs. Change-Id: I2bac08e647e1d92ea410c83c3f3558a033fe3dd1 Reviewed-on: https://go-review.googlesource.com/c/go/+/300449 Trust: Jay Conrod <jayconrod@google.com> Run-TryBot: Jay Conrod <jayconrod@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> * [dev.fuzz] internal/fuzz: move CoordinateFuzzing args into struct type This improves readability a bit, and it should help with compatibility for future clients when arguments are added or reordered. Unfortunately, testing still can't import internal/fuzz, so the interface there can't use this type. Change-Id: I4cda2347884defcbbfc2bd01ab5b4a901d91549c Reviewed-on: https://go-review.googlesource.com/c/go/+/308192 Trust: Jay Conrod <jayconrod@google.com> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Jay Conrod <jayconrod@google.com> Reviewed-by: Katie Hockman <katie@golang.org> * all: fix spellings This follows the spelling choices that the Go project has made for English words. https://github.com/golang/go/wiki/Spelling Change-Id: Ie7c586d2cf23020cb492cfff58c0831d2d8d3a78 GitHub-Last-Rev: e16a32cd225a275f73d236bcb33703986d110ded GitHub-Pull-Request: golang/go#45442 Reviewed-on: https://go-review.googlesource.com/c/go/+/308291 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> Trust: Emmanuel Odeke <emmanuel@orijtech.com> * internal/poll: fix the intermittent build failures with pipe pool Correlative CL 308089 Fixes #45059 Change-Id: I1ff9fbf64e6620d651f287ba2a28d40f964d78a3 Reviewed-on: https://go-review.googlesource.com/c/go/+/308329 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> Trust: Emmanuel Odeke <emmanuel@orijtech.com> * internal/poll: ensure that newPoolPipe doesn't return a nil pointer The function could occasionally return a nil pointer as a non-nil interface, confusing the calling code. Fixes #45520 Change-Id: Ifd35613728efa2cee9903177e85d369155074804 Reviewed-on: https://go-review.googlesource.com/c/go/+/309429 Trust: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com> Reviewed-by: Andy Pan <panjf2000@gmail.com> TryBot-Result: Go Bot <gobot@golang.org> * [dev.fuzz] internal/fuzz: allow float types to be integer literals Previously, something like `float64(0)` would fail to decode since the 0 value is considered an integer literal, and the float64 parsing code required a float literal. Be more flexible here since an integer can always be converted to a float. Change-Id: Id1c53ef2e8a9748a4f71176b00b453a329af4ade Reviewed-on: https://go-review.googlesource.com/c/go/+/309032 Trust: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> * [dev.fuzz] internal/fuzz: mutate other types Change-Id: I8042c17268aca0a9bb2f692317207bb864b18680 Reviewed-on: https://go-review.googlesource.com/c/go/+/309033 Trust: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> * internal/execabs: replace ioutil.WriteFile with os.WriteFile Fixes #45532. Change-Id: I844acd50d6fa1ce918969bbb52f79dd7412d289f Reviewed-on: https://go-review.googlesource.com/c/go/+/309350 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> Trust: Tobias Klauser <tobias.klauser@gmail.com> * runtime: move next_gc and last_next_gc into gcControllerState This change moves next_gc and last_next_gc into gcControllerState under the names heapGoal and lastHeapGoal respectively. These are fundamentally GC pacer related values, and so it makes sense for them to live here. Partially generated by rf ' ex . { memstats.next_gc -> gcController.heapGoal memstats.last_next_gc -> gcController.lastHeapGoal } ' except for updates to comments and gcControllerState methods, where they're accessed through the receiver, and trace-related renames of NextGC -> HeapGoal, while we're here. For #44167. Change-Id: I1e871ad78a57b01be8d9f71bd662530c84853bed Reviewed-on: https://go-review.googlesource.com/c/go/+/306603 Trust: Michael Knyszek <mknyszek@google.com> Run-TryBot: Michael Knyszek <mknyszek@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Michael Pratt <mpratt@google.com> * internal/bytealg: port more performance-critical functions to ABIInternal CL 308931 ported several runtime assembly functions to ABIInternal so that compiler-generated ABIInternal calls don't go through ABI wrappers, but it missed the runtime assembly functions that are actually defined in internal/bytealg. This eliminates the cost of wrappers for the BleveQuery and GopherLuaKNucleotide benchmarks, but there's still more to do for Tile38. 0-base 1-wrappers sec/op sec/op vs base BleveQuery 6.507 ± 0% 6.477 ± 0% -0.46% (p=0.004 n=20) GopherLuaKNucleotide 30.39 ± 1% 30.34 ± 0% ~ (p=0.301 n=20) Tile38IntersectsCircle100kmRequest 1.038m ± 1% 1.080m ± 2% +4.03% (p=0.000 n=20) For #40724. Change-Id: I0b722443f684fcb997b1d70802c5ed4b8d8f9829 Reviewed-on: https://go-review.googlesource.com/c/go/+/310184 Trust: Austin Clements <austin@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Cherry Zhang <cherryyz@google.com> * bytes: add asm implementation for index on ppc64x This adds an asm implementation of index on ppc64le and ppc64. It results in a significant improvement in some of the benchmarks that use bytes.Index. The implementation is based on a port of the s390x asm implementation. Comments on the design are found with the code. The following improvements occurred on power8: Index/10 70.7ns ± 0% 18.8ns ± 0% -73.4 Index/32 165ns ± 0% 95ns ± 0% -42.6 Index/4K 9.23µs ± 0% 4.91µs ± 0% -46 Index/4M 9.52ms ± 0% 5.10ms ± 0% -46.4 Index/64M 155ms ± 0% 85ms ± 0% -45.1 Count/10 83.0ns ± 0% 32.1ns ± 0% -61.3 Count/32 178ns ± 0% 109ns ± 0% -38.8 Count/4K 9.24µs ± 0% 4.93µs ± 0% -46 Count/4M 9.52ms ± 0% 5.10ms ± 0% -46.4 Count/64M 155ms ± 0% 85ms ± 0% -45.1 IndexHard1 2.36ms ± 0% 0.13ms ± 0% -94.4 IndexHard2 2.36ms ± 0% 1.28ms ± 0% -45.8 IndexHard3 2.36ms ± 0% 1.19ms ± 0% -49.4 IndexHard4 2.36ms ± 0% 2.35ms ± 0% -0.1 CountHard1 2.36ms ± 0% 0.13ms ± 0% -94.4 CountHard2 2.36ms ± 0% 1.28ms ± 0% -45.8 CountHard3 2.36ms ± 0% 1.19ms ± 0% -49.4 IndexPeriodic/IndexPeriodic2 146µs ± 0% 8µs ± 0% -94 IndexPeriodic/IndexPeriodic4 146µs ± 0% 8µs ± 0% -94 Change-Id: I7dd2bb7e278726e27f51825ca8b2f8317d460e60 Reviewed-on: https://go-review.googlesource.com/c/go/+/309730 Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com> Reviewed-by: Paul Murphy <murp@ibm.com> Reviewed-by: Carlos Eduardo Seo <carlos.seo@linaro.org> Trust: Carlos Eduardo Seo <carlos.seo@linaro.org> Trust: Lynn Boger <laboger@linux.vnet.ibm.com> * internal/goexperiment: move baseline configuration to objabi We need to adjust baseline experiment configuration based on the configured GOOS and GOARCH, so it can't live in goexperiment. Move it to objabi. Change-Id: I65f4ce56902c6c1a82735050773c58f2d1320cc6 Reviewed-on: https://go-review.googlesource.com/c/go/+/310169 Trust: Austin Clements <austin@google.com> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Russ Cox <rsc@golang.org> * internal/buildcfg: move build configuration out of cmd/internal/objabi The go/build package needs access to this configuration, so move it into a new package available to the standard library. Change-Id: I868a94148b52350c76116451f4ad9191246adcff Reviewed-on: https://go-review.googlesource.com/c/go/+/310731 Trust: Russ Cox <rsc@golang.org> Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Austin Clements <austin@google.com> Reviewed-by: Jay Conrod <jayconrod@google.com> * crypto/tls: fix flaky handshake cancellation tests Simplified both tests significantly by removing logic for writing the client/server side messages. The flake was likely because of a race between the closing of the local pipe from inside the test and closing of the pipe from within the handshakeContext goroutine. Wait to close the local pipe in the test until after the test has finished running. Fixes #45106 Fixes #45299 Change-Id: If7ca75aeff7df70cda03c934fa9d8513276d465d Reviewed-on: https://go-review.googlesource.com/c/go/+/305250 Trust: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com> Trust: Katie Hockman <katie@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> * [dev.fuzz] internal/fuzz: minimize non-recoverable errors Assuming that this works for non-recoverable errors, there will likely be a follow-up CL which refactors the minimization for recoverable errors to use the same RPC flow (since that more easily allows the worker to tell the coordinator that it's minimizing and shouldn't send more inputs to other workers to fuzz). Change-Id: I32ac7cec4abe2d4c345c0ee77315233047efb1fb Reviewed-on: https://go-review.googlesource.com/c/go/+/309509 Trust: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> * internal/buildcfg: make regabi an alias for regabi sub-experiments Currently, specifying GOEXPERIMENT=regabi will turn on all regabi sub-experiments, but GOEXPERIMENT=noregabi won't turn anything off. Regabi also isn't a "real" experiment in the sense that nothing in the code base should depend on it as an experiment flag (it should depend on the appropriate sub-experiments). Hence, drop Regabi from goexperiment.Flags and make "regabi" in GOEXPERIMENT be a real alias for all of the sub-flags, so regabi will turn on all of the sub-flags and noregabi will turn off all of the sub-flags. This way, once we enable the sub-experiments in the baseline configuration, it will be easy to turn off with "noregabi". For #40724. Change-Id: I0fb95be42f756d412e729a396be607d629ae2bab Reviewed-on: https://go-review.googlesource.com/c/go/+/310609 Trust: Austin Clements <austin@google.com> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Russ Cox <rsc@golang.org> Reviewed-by: Cherry Zhang <cherryyz@google.com> * internal/buildcfg: make regabi enable regabiargs For #40724. Change-Id: I6e9d7eb91883857479699972a974a39ce3d9d2cc Reviewed-on: https://go-review.googlesource.com/c/go/+/310849 Trust: Austin Clements <austin@google.com> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: Cherry Zhang <cherryyz@google.com> * internal/buildcfg: enable regabiwrappers by default For #40724. Change-Id: I75d6ba2d3e4e2d858eea8053efd0f3fd4439dab7 Reviewed-on: https://go-review.googlesource.com/c/go/+/310172 Trust: Austin Clements <austin@google.com> Trust: Russ Cox <rsc@golang.org> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Cherry Zhang <cherryyz@google.com> * internal/buildcfg: enable regabig by default For #40724. Change-Id: Ibf4ff8b24b501813839657ac195b909682ac7d0b Reviewed-on: https://go-review.googlesource.com/c/go/+/310173 Trust: Austin Clements <austin@google.com> Trust: Russ Cox <rsc@golang.org> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Cherry Zhang <cherryyz@google.com> * net: pass MSG_CMSG_CLOEXEC flag in ReadMsgUnix As mentioned in #42765, calling "recvmsg" syscall on Linux should come with "MSG_CMSG_CLOEXEC" flag. For other systems which not supports "MSG_CMSG_CLOEXEC". ReadMsgUnix() would check the header. If the header type is "syscall.SCM_RIGHTS", then ReadMsgUnix() would parse the SocketControlMessage and call each fd with "syscall.CloseOnExec" Fixes #42765 Change-Id: I74347db72b465685d7684bf0f32415d285845ebb GitHub-Last-Rev: ca59e2c9e0e8de1ae590e9b6dc165cb768a574f5 GitHub-Pull-Request: golang/go#42768 Reviewed-on: https://go-review.googlesource.com/c/go/+/272226 Trust: Emmanuel Odeke <emmanuel@orijtech.com> Run-TryBot: Emmanuel Odeke <emmanuel@orijtech.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com> * internal/buildcfg: enable regabireflect by default For #40724. Change-Id: Ib3e4a67c3826176f0d51619754270022344ee194 Reviewed-on: https://go-review.googlesource.com/c/go/+/310174 Trust: Austin Clements <austin@google.com> Trust: Russ Cox <rsc@golang.org> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Cherry Zhang <cherryyz@google.com> * internal/buildcfg: enable regabidefer by default For #40724. Change-Id: If3a66c0e29cb20dd29ac13c8d00aa46ee279ab97 Reviewed-on: https://go-review.googlesource.com/c/go/+/310175 Trust: Austin Clements <austin@google.com> Trust: Russ Cox <rsc@golang.org> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Cherry Zhang <cherryyz@google.com> * internal/buildcfg: enable regabiargs by default For #40724. Change-Id: I7509668478d20dd625f210e5a33f5d896a76d6b5 Reviewed-on: https://go-review.googlesource.com/c/go/+/310176 Trust: Austin Clements <austin@google.com> Trust: Russ Cox <rsc@golang.org> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Cherry Zhang <cherryyz@google.com> * internal/poll, net: fix comments regarding accept and sysSocket The implementation of accept was moved from package net to internal/poll in CL 36799. Change-Id: I6e5964e0ee22e9c84bc444860cdd497817451fec Reviewed-on: https://go-review.googlesource.com/c/go/+/311571 Trust: Tobias Klauser <tobias.klauser@gmail.com> Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> * internal/bytealg: add power9 version of bytes index This adds a power9 version of the bytes.Index function for little endian. Here is the improvement on power9 for some of the Index benchmarks: Index/10 -0.14% Index/32 -3.19% Index/4K -12.66% Index/4M -13.34% Index/64M -13.17% Count/10 -0.59% Count/32 -2.88% Count/4K -12.63% Count/4M -13.35% Count/64M -13.17% IndexHard1 -23.03% IndexHard2 -13.01% IndexHard3 -22.12% IndexHard4 +0.16% CountHard1 -23.02% CountHard2 -13.01% CountHard3 -22.12% IndexPeriodic/IndexPeriodic2 -22.85% IndexPeriodic/IndexPeriodic4 -23.15% Change-Id: Id72353e2771eba2efbb1544d5f0be65f8a9f0433 Reviewed-on: https://go-review.googlesource.com/c/go/+/311380 Run-TryBot: Carlos Eduardo Seo <carlos.seo@linaro.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Carlos Eduardo Seo <carlos.seo@linaro.org> Trust: Lynn Boger <laboger@linux.vnet.ibm.com> * cmd/compile, internal/abi: add FuncPCABIxxx intrinsics When ABI wrappers are used, there are cases where in Go code we need the PC of the defined function instead of the ABI wrapper. Currently we work around this by define such functions as ABIInternal, even if they do not actually follow the internal ABI. This CL introduces internal/abi.FuncPCABIxxx functions as compiler intrinsics, which return the underlying defined function's entry PC if the argument is a direct reference of a function of the expected ABI, and reject it if it is of a different ABI. As a proof of concept, change runtime.goexit back to ABI0 and use internal/abi.FuncPCABI0 to retrieve its PC. Updates #44065. Change-Id: I02286f0f9d99e6a3090f9e8169dbafc6804a2da6 Reviewed-on: https://go-review.googlesource.com/c/go/+/304232 Trust: Cherry Zhang <cherryyz@google.com> Run-TryBot: Cherry Zhang <cherryyz@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Than McIntosh <thanm@google.com> * [dev.fuzz] internal/fuzz: allow setting pcg seed via GODEBUG Format is "fuzzseed=123". Change-Id: Idb314270c8fd4307149c8503e13424b653ec4b0a Reviewed-on: https://go-review.googlesource.com/c/go/+/313651 Trust: Roland Shoemaker <roland@golang.org> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> * [dev.fuzz] internal/fuzz: add extra []byte mutators Adds four []byte mutators which: * insert a chunk of constant bytes * overwirtes a chunk with constant bytes * shuffle a range of bytes * swaps two chunks Also updates the 'set byte to random value' mutator to use XOR in order to avoid a no-op. Additionally updates the rng call which chooses the []byte mutators so all the available mutators are used. Change-Id: I0703518922952f4b1c81b19b196ee91c73b0d5f8 Reviewed-on: https://go-review.googlesource.com/c/go/+/313270 Trust: Roland Shoemaker <roland@golang.org> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> * internal/buildcfg: enable regabi for Android This will permit us to write ABIInternal assembler code for linux-amd64. For #40724 Change-Id: I681866651554eda4229d6faa7f0c1ba42d07e57d Reviewed-on: https://go-review.googlesource.com/c/go/+/315390 Trust: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Cherry Zhang <cherryyz@google.com> * internal/syscall/unix: use internal/abi.FuncPC for syscall wrapper Following CL 313230, this is for internal/syscall/unix package. Updates #45702. Change-Id: Ie6d8c1923dfeae56896212393c5c2a6e257648d2 Reviewed-on: https://go-review.googlesource.com/c/go/+/316649 Trust: Cherry Zhang <cherryyz@google.com> Run-TryBot: Cherry Zhang <cherryyz@google.com> Reviewed-by: Than McIntosh <thanm@google.com> TryBot-Result: Go Bot <gobot@golang.org> * internal/buildcfg: set Error instead of panicking All build environment validation sets Error except for the GOEXPERIMENT parser, which panics. Change it to also set Error so that a bad GOEXPERIMENT doesn't cause everything that imports internal/buildcfg to panic on init. Change-Id: Ie9a506ef0978ecb410f2dcd784638f2167354175 Reviewed-on: https://go-review.googlesource.com/c/go/+/310970 Trust: Austin Clements <austin@google.com> Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> * [dev.fuzz] internal/fuzz: don't panic if types change There was a bug where if the types to fuzz were different from the types in a file in the on-disk corpus, then the code would panic. We thought this case was handled, but the final `continue` in the nested loop still allowed the invalid entry to be added to the corpus. Pulling the validation into a helper function makes this less brittle. Change-Id: I401346f890ea30ab7cff9640cb555da2e3ff8cc6 Reviewed-on: https://go-review.googlesource.com/c/go/+/313810 Trust: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> * crypto/tls: enforce ALPN overlap when negotiated on both sides During the TLS handshake if the server doesn't support any of the application protocols requested by the client, send the no_application_protocol alert and abort the handshake on the server side. This enforces the requirements of RFC 7301. Change-Id: Iced2bb5c6efc607497de1c40ee3de9c2b393fa5d Reviewed-on: https://go-review.googlesource.com/c/go/+/289209 Trust: Roland Shoemaker <roland@golang.org> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> * internal/poll: cast off the last reference of SplicePipe in test Updates #45059 Change-Id: I9f377abcc7b77136ae6cf4896b968f73c758b559 Reviewed-on: https://go-review.googlesource.com/c/go/+/317510 Reviewed-by: Bryan C. Mills <bcmills@google.com> Reviewed-by: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Go Bot <gobot@golang.org> * [dev.fuzz] testing,internal/fuzz: prevent unbounded memory growth Usage of f.testContext.match.fullName to generate the test name causes unbounded memory growth, eventually causing the fuzzer to slow down as memory pressure increases. Each time fuzzFn is invoked it generates a unique string and stores it in a map. With the fuzzer running at around 100k executions per second this consumed around ~30GB of memory in a handful of minutes. Instead just use the base name of the test for mutated inputs, a special name for seeded inputs, and the filename for inputs from the input corpus. Change-Id: I083f47df7e82f0c6b0bda244f158233784a13029 Reviewed-on: https://go-review.googlesource.com/c/go/+/316030 Trust: Roland Shoemaker <roland@golang.org> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> * crypto/tls: make cipher suite preference ordering automatic We now have a (well, two, depending on AES hardware support) universal cipher suite preference order, based on their security and performance. Peer and application lists are now treated as filters (and AES hardware support hints) that are applied to this universal order. This removes a complex and nuanced decision from the application's responsibilities, one which we are better equipped to make and which applications usually don't need to have an opinion about. It also lets us worry less about what suites we support or enable, because we can be confident that bad ones won't be selected over good ones. This also moves 3DES suites to InsecureCipherSuites(), even if they are not disabled by default. Just because we can keep them as a last resort it doesn't mean they are secure. Thankfully we had not promised that Insecure means disabled by default. Notable test changes: - TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the right certificate regardless of CipherSuite ordering, which is now completely ignored, as tested by TestCipherSuitePreference. Removed. - The openssl command of TestHandshakeServerExportKeyingMaterial was broken for TLS 1.0 in CL 262857, but its golden file was not regenerated, so the test kept passing. It now broke because the selected suite from the ones in the golden file changed. - In TestAESCipherReordering, "server strongly prefers AES-GCM" is removed because there is no way for a server to express a strong preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha" switched to ChaCha20 when the server lacks AES hardware; and finally "client supports multiple AES-GCM" changed to always prefer AES-128 per the universal preference list. * this is going back on an explicit decision from CL 262857, and while that client order is weird and does suggest a strong dislike for ChaCha20, we have a strong dislike for software AES, so it didn't feel worth making the logic more complex - All Client-* golden files had to be regenerated because the ClientHello cipher suites have changed. (Even when Config.CipherSuites was limited to one suite, the TLS 1.3 default order changed.) Fixes #45430 Fixes #41476 (as 3DES is now always the last resort) Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5 Reviewed-on: https://go-review.googlesource.com/c/go/+/314609 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Trust: Filippo Valsorda <filippo@golang.org> * cmd/compile,reflect: allow longer type names Encode the length of type names and tags in a varint encoding instead of a fixed 2-byte encoding. This allows lengths longer than 65535 (which can happen for large unnamed structs). Removed the alignment check for #14962, it isn't relevant any more since we're no longer reading pointers directly out of this data (it is encoded as an offset which is copied out bytewise). Fixes #44155 Update #14962 Change-Id: I6084f6027e5955dc16777c87b0dd5ea2baa49629 Reviewed-on: https://go-review.googlesource.com/c/go/+/318249 Trust: Keith Randall <khr@golang.org> Run-TryBot: Keith Randall <khr@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> * [dev.fuzz] internal/fuzz: use coverage instrumentation while fuzzing This change updates the go command behavior when fuzzing to instrument the binary for code coverage, and uses this coverage in the fuzzing engine to determine if an input is interesting. Unfortunately, we can't store and use the coverage data for a given run of `go test` and re-use it the next time we fuzz, since the edges could have changed between builds. Instead, every entry in the seed corpus and the on-disk corpus is run by the workers before fuzzing begins, so that the coordinator can get the baseline coverage for what the fuzzing engine has already found (or what the developers have already provided). Users should run `go clean -fuzzcache` before using this change, to clear out any existing "interesting" values that were in the cache. Previously, every single non-crashing input was written to the on-disk corpus. Now, only inputs that actually expand coverage are written. This change includes a small hack in cmd/go/internal/load/pkg.go which ensures that the Gcflags that were explicitly set in cmd/go/internal/test/test.go don't get cleared out. Tests will be added in a follow-up change, since they will be a bit more involved. Change-Id: Ie659222d44475c6d68fa4a35d37c37cab3619d71 Reviewed-on: https://go-review.googlesource.com/c/go/+/312009 Trust: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> * all: add //go:build lines to assembly files Don't add them to files in vendor and cmd/vendor though. These will be pulled in by updating the respective dependencies. For #41184 Change-Id: Icc57458c9b3033c347124323f33084c85b224c70 Reviewed-on: https://go-review.googlesource.com/c/go/+/319389 Trust: Tobias Klauser <tobias.klauser@gmail.com> Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Russ Cox <rsc@golang.org> * [dev.fuzz] internal/fuzz: include coverage in logged stats Change-Id: I51ec70b69e802fd0d962ba9544e96e29b1627fef Reviewed-on: https://go-review.googlesource.com/c/go/+/319590 Trust: Roland Shoemaker <roland@golang.org> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> * [dev.fuzz] internal/fuzz: move coverage capture closer to function When instrumented packages intersect with the packages used by the testing or internal/fuzz packages the coverage counters become noisier, as counters will be triggered by non-fuzzed harness code. Ideally counters would be deterministic, as there are many advanced fuzzing strategies that require mutating the input while maintaining static coverage. The simplest way to mitigate this noise is to capture the coverage counters as closely as possible to the invocation of the fuzz target in the testing package. In order to do this add a new function which captures the current values of the counters, SnapshotCoverage. This function copies the current counters into a static buffer, coverageSnapshot, which workerServer.fuzz can then inspect when it comes time to check if new coverage has been found. This method is not foolproof. As the fuzz target is called in a goroutine, harness code can still cause counters to be incremented while the target is being executed. Despite this we do see significant reduction in churn via this approach. For example, running a basic target that causes strconv to be instrumented for 500,000 iterations causes ~800 unique sets of coverage counters, whereas by capturing the counters closer to the target we get ~40 unique sets. It may be possible to make counters completely deterministic, but likely this would require rewriting testing/F.Fuzz to not use tRunner in a goroutine, and instead use it in a blocking manner (which I couldn't figure out an obvious way to do), or by doing something even more complex. Change-Id: I95c2f3b1d7089c3e6885fc7628a0d3a8ac1a99cf Reviewed-on: https://go-review.googlesource.com/c/go/+/320329 Trust: Roland Shoemaker <roland@golang.org> Trust: Katie Hockman <katie@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> Reviewed-by: Katie Hockman <katie@golang.org> * [dev.fuzz] internal/fuzz: make minimization tests more reliable * Introduced -fuzzminimizetime flag to control the number of time or the number of calls to spend minimizing. Defaults to 60s. Only works for unrecoverable crashes for now. * Moved the count (used by -fuzztime=1000x) into shared memory. Calling workerClient.fuzz resets it, but it will remain after the worker processes crashes. workerClient.minimize resets it once before restarting the worker the first time, but the total number of runs should still be limited during minimization, even after multiple terminations and restarts. * Renamed fuzzArgs.Count to Limit to avoid confusion. * Several other small fixes and refactorings. Change-Id: I03faa4c94405041f6dfe48568e5ead502f8dbbd2 Reviewed-on: https://go-review.googlesource.com/c/go/+/320171 Trust: Jay Conrod <jayconrod@google.com> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Jay Conrod <jayconrod@google.com> Reviewed-by: Katie Hockman <katie@golang.org> * [dev.typeparams] internal/buildcfg: turn on register ABI on all AMD64 platforms Register ABI is already enabled by default on AMD64 on Linux (including Android), macOS, and Windows. This CL enables it on the rest, specifically, on FreeBSD, OpenBSD, NetBSD, DragonflyBSD, Solaris (including Illumos), iOS (simulator), and Plan 9. Change-Id: I80fa20c8bbc8d67b16a19f71b65422e890210ab5 Reviewed-on: https://go-review.googlesource.com/c/go/+/321332 Trust: Cherry Mui <cherryyz@google.com> Run-TryBot: Cherry Mui <cherryyz@google.com> Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> * [dev.fuzz] internal/fuzz: remove old TODO Change-Id: I997934ebcde0dee9017c85a0572597855d73cf64 Reviewed-on: https://go-review.googlesource.com/c/go/+/321569 Trust: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> * [dev.typeparams] internal/buildcfg: enable defer/go wrapping everywhere For register ABI, we wrap deferred/go'd function with arguments or results in an argumentless closure, so the runtime can call the function without knowing how to marshal the arguments, or reserving frame for arguments and results. The wrapping mechanism works everywhere, regardless of whether the register ABI is used. And wrapping will simplify the compiler and runtime's implementation for defer and go calls. For example, the compiler will not need to marshal arguments for defer/go calls, the opendefer metadata will not need to contain argument information, and _defer record will be fixed-sized. Enable wrapping everywhere. Change-Id: I2032ba87249ceb686310dc640fb00696669ae912 Reviewed-on: https://go-review.googlesource.com/c/go/+/321958 Trust: Cherry Mui <cherryyz@google.com> Run-TryBot: Cherry Mui <cherryyz@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> TryBot-Result: Go Bot <gobot@golang.org> * Revert "[dev.fuzz] internal/fuzz: include coverage in logged stats" This reverts commit 54f067812dd870c305daabd22ca190b0f48e672e. Reason for revert: While this is helpful for the engineering team when we're debugging, it might lead to users feeling like the fuzzer is stuck and that there are a lot of edges that are still yet to be reached. In reality, it's very likely that the compiler will instrument more lines of code than are actually reachable by the fuzz target, so showing the ratio between number of edges hit vs. all edges can be misleading. In the future, we may want to consider making this information viewable by a debug flag or something similar. Change-Id: Ied696f8bf644445bad22c872b64daa7add605ac6 Reviewed-on: https://go-review.googlesource.com/c/go/+/322632 Trust: Katie Hockman <katie@golang.org> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> * [dev.fuzz] internal/fuzz,testing: treat panics as recoverable And only log the last panic, not all of them, during minimization. This change makes the worker processes quiet, so now the only process that logs anything is the coordinator. This hides all of the panics caused during minimization of an input which causes a panic. This change also alters the usage of tRunner such that we now recover from recoverable panics instead of terminating the process. This results in larger stack traces, since we include a bit more of the trace within testing. There is a TODO to see if it's possible to slice the stack up so that it is somewhat more informative. Change-Id: Ic85eabd2e70b078412fbb88adf424a8da25af876 Reviewed-on: https://go-review.googlesource.com/c/go/+/321230 Trust: Roland Shoemaker <roland@golang.org> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> * [dev.fuzz] internal/fuzz: support minimization of strings, integers, and floats Adds support for minimizing strings using the same logic as byte slices as well as minimizing both signed and unsigned integers and floats using extremely basic logic. A more complex approach is probably warranted in the future, but for now this should be _good enough_. Change-Id: Ibc6c3d6ae82685998f571aa2c1ecea2f85c2708b Reviewed-on: https://go-review.googlesource.com/c/go/+/320669 Trust: Roland Shoemaker <roland@golang.org> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> * [dev.typeparams] internal/abi: define ARM64 register ABI constants Change-Id: I9cdf0f2b6c1739f13a859a8e37351f8ecd77804a Reviewed-on: https://go-review.googlesource.com/c/go/+/323932 Trust: Cherry Mui <cherryyz@google.com> Run-TryBot: Cherry Mui <cherryyz@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com> * [dev.typeparams] internal/buildcfg: allow regabi GOEXPERIMENTs on ARM64 It is not working yet, but allow enabling the experiments so we can develop. Change-Id: I957eb05acb4d80b2858ff1f8c16bbfb24e0f6e56 Reviewed-on: https://go-review.googlesource.com/c/go/+/323933 Trust: Cherry Mui <cherryyz@google.com> Run-TryBot: Cherry Mui <cherryyz@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: David Chase <drchase@google.com> * [dev.fuzz] internal/fuzz: notify coordinator for minimization When a worker process finds a crasher, it now sends that result directly to the coordinator without attempting to minimize it first. The coordinator stops sending new inputs and sends the unminimized crasher back to a worker (any worker) for minimization. This prevents wasted work during minimization and will help us implement -keepfuzzing later on. We may also be able to minimize interesting inputs with this approach later. Since panics are recoverable errors (they don't terminate worker processes), we no longer attempt to minimize non-recoverable errors. This didn't work too well before: we lost too much state. Change-Id: Id142c7e91a33f64584170b0d42d22cb1f22a92d7 Reviewed-on: https://go-review.googlesource.com/c/go/+/321835 Trust: Jay Conrod <jayconrod@google.com> Trust: Katie Hockman <katie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> * [dev.typeparams] internal/bytealg: call memeqbody directly in memequal_varlen on ARM64 Currently, memequal_varlen opens up a frame and call memequal, which then tail-calls memeqbody. This CL changes memequal_varlen tail-calls memeqbody directly. This makes it simpler to switch to the register ABI in the next CL. Change-Id: Ia1367c0abb7f4755fe736c404411793fb9e5c04f Reviewed-on: https://go-review.googlesource.com/c/go/+/324399 Trust: Cherry Mui <cherryyz@google.com> Run-TryBot: Cherry Mui <cherryyz@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com> * [dev.typeparams] runtime, internal/bytealg: port performance-critical functions to register ABI on ARM64 This CL ports a few performance-critical assembly functions to use register arguments directly. This is similar to CL 308931 and CL 310184. Change-Id: I6e30dfff17f76b8578ce8cfd51de21b66610fdb0 Reviewed-on: https://go-review.googlesource.com/c/go/+/324400 Trust: Cherry Mui <cherryyz@google.com> Run-TryBot: Cherry Mui <cherryyz@google.com> Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> TryBot-Result: Go Bot <gobot@golang.org> * [dev.typeparams] internal/buildcfg: turn on regabiwrappers by default on ARM64 Change-Id: I8db0a797a745630ec35af3e56406fcb250ea59fe Reviewed-on: https://go-review.googlesource.com/c/go/+/324768 Trust: Cherry Mui <cherryyz@google.com> Run-TryBot: Cherry Mui <cherryyz@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Than McIntosh <thanm@google.com> * [dev.typeparams] internal/buildcfg: turn on regabireflect by default on ARM64 Change-Id: I4a0a093b07a287cc3a3e0ee939e7ee82d8e9b1aa Reviewed-on: https://go-review.googlesource.com/c/go/+/324889 Trust: Cherry Mui <cherryyz@google.com> Run-TryBot: Cherry Mui <cherryyz@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Than McIntosh <thanm@google.com> TryBot-Result: Go Bot <gobot@golang.org> * [dev.typeparams] internal/buildcfg: turn on register ABI by default on ARM64 This CL enables all regabi experiments on ARM64 by default. regabiwrappers and regabireflect are enabled in the previous CLs. regabidefer is already enabled everywhere. regabig is no-op on ARM64 as it already has a G register. regabiargs is enabled in this CL. Go1 benchmarks results (GOEXPERIMENT=regabi vs. none, on macOS/ARM64): name old time/op new time/op delta BinaryTree17-8 1.20s ± 1% 1.02s ± 0% -15.08% (p=0.000 n=9+9) Fannkuch11-8 1.55s ± 0% 1.57s ± 0% +1.53% (p=0.000 n=9+8) FmtFprintfEmpty-8 22.5ns ± 3% 14.7ns ± 1% -34.47% (p=0.000 n=10+8) FmtFprintfString-8 38.4ns ± 0% 28.8ns ± 0% -24.99% (p=0.000 n=9+9) FmtFprintfInt-8 38.7ns ± 2% 34.5ns ± 0% -10.79% (p=0.000 n=10+7) FmtFprintfIntInt-8 61.1ns ± 1% 57.9ns ± 0% -5.23% (p=0.000 n=10+8) FmtFprintfPrefixedInt-8 69.9ns ± 0% 64.4ns ± 0% -7.78% (p=0.000 n=8+8) FmtFprintfFloat-8 106ns ± 0% 76ns ± 0% -28.12% (p=0.000 n=7+10) FmtManyArgs-8 273ns ± 0% 236ns ± 1% -13.57% (p=0.000 n=9+10) GobDecode-8 3.09ms ± 1% 2.02ms ± 0% -34.70% (p=0.000 n=9+10) GobEncode-8 2.45ms ± 1% 1.44ms ± 1% -41.26% (p=0.000 n=10+10) Gzip-8 128ms ± 0% 124ms ± 0% -2.89% (p=0.000 n=7+8) Gunzip-8 23.6ms ± 1% 19.8ms ± 0% -16.15% (p=0.000 n=10+9) HTTPClientServer-8 27.4µs ± 1% 26.3µs ± 0% -4.05% (p=0.000 n=10+10) JSONEncode-8 4.47ms ± 1% 3.45ms ± 1% -22.73% (p=0.000 n=10+9) JSONDecode-8 21.5ms ± 0% 17.2ms ± 0% -19.78% (p=0.000 n=9+9) Mandelbrot200-8 2.33ms ± 1% 2.33ms ± 1% ~ (p=0.842 n=9+10) GoParse-8 1.62ms ± 1% 1.32ms ± 1% -18.67% (p=0.000 n=10+10) RegexpMatchEasy0_32-8 33.1ns ± 0% 26.3ns ± 0% -20.50% (p=0.000 n=8+10) RegexpMatchEasy0_1K-8 121ns ± 6% 121ns ± 8% ~ (p=0.926 n=10+10) RegexpMatchEasy1_32-8 31.4ns ± 0% 24.7ns ± 0% -21.50% (p=0.000 n=9+10) RegexpMatchEasy1_1K-8 177ns ± 0% 140ns ± 0% -20.70% (p=0.000 n=10+9) RegexpMatchMedium_32-8 3.02ns ± 3% 2.12ns ± 0% -29.73% (p=0.000 n=10+10) RegexpMatchMedium_1K-8 19.8µs ± 2% 17.1µs ± 0% -13.50% (p=0.000 n=9+9) RegexpMatchHard_32-8 940ns ± 0% 872ns ± 0% -7.20% (p=0.000 n=9+8) RegexpMatchHard_1K-8 28.5µs ± 1% 26.5µs ± 0% -7.06% (p=0.000 n=10+10) Revcomp-8 186ms ± 1% 179ms ± 1% -3.66% (p=0.000 n=10+10) Template-8 30.3ms ± 0% 22.3ms ± 0% -26.58% (p=0.000 n=8+9) TimeParse-8 133ns ± 0% 117ns ± 0% -12.40% (p=0.000 n=10+10) TimeFormat-8 176ns ± 0% 141ns ± 0% -19.92% (p=0.000 n=8+9) [Geo mean] 21.4µs 17.8µs -16.81% name old speed new speed delta GobDecode-8 249MB/s ± 1% 381MB/s ± 0% +53.13% (p=0.000 n=9+10) GobEncode-8 314MB/s ± 1% 534MB/s ± 1% +70.25% (p=0.000 n=10+10) Gzip-8 152MB/s ± 0% 156MB/s ± 0% +2.97% (p=0.000 n=7+8) Gunzip-8 822MB/s ± 1% 981MB/s ± 0% +19.26% (p=0.000 n=10+9) JSONEncode-8 434MB/s ± 1% 562MB/s ± 1% +29.41% (p=0.000 n=10+9) JSONDecode-8 90.3MB/s ± 0% 112.5MB/s ± 0% +24.66% (p=0.000 n=9+9) GoParse-8 35.7MB/s ± 1% 43.9MB/s ± 1% +22.96% (p=0.000 n=10+10) RegexpMatchEasy0_32-8 967MB/s ± 0% 1216MB/s ± 0% +25.78% (p=0.000 n=8+10) RegexpMatchEasy0_1K-8 8.46GB/s ± 6% 8.45GB/s ± 7% ~ (p=0.912 n=10+10) RegexpMatchEasy1_32-8 1.02GB/s ± 0% 1.30GB/s ± 0% +27.40% (p=0.000 n=9+10) RegexpMatchEasy1_1K-8 5.78GB/s ± 0% 7.29GB/s ± 0% +26.10% (p=0.000 n=10+9) RegexpMatchMedium_32-8 331MB/s ± 2% 471MB/s ± 0% +42.29% (p=0.000 n=10+10) RegexpMatchMedium_1K-8 51.7MB/s ± 2% 59.8MB/s ± 0%… * Fix conflicts - Resolve compilation errors caused by undefined type or conflicting type - Remove unsupported keyword used - Replace internal package with local package - Support Go 1.16 with fixed build flags on cpu and testenv - Disable broken tests - Remove unsupported suites * uncomment broken tests - uncomment broken tests - skipped for now, a patch may require extensive work to come Co-authored-by: Tobias Klauser <tklauser@distanz.ch> Co-authored-by: Matt T. Proud <matt.proud@gmail.com> Co-authored-by: Matthew Dempsky <mdempsky@google.com> Co-authored-by: Andy Pan <panjf2000@gmail.com> Co-authored-by: John Bampton <jbampton@gmail.com> Co-authored-by: Josh Bleecher Snyder <josharian@gmail.com> Co-authored-by: Johan Brandhorst <johan.brandhorst@gmail.com> Co-authored-by: Katie Hockman <katie@golang.org> Co-authored-by: Austin Clements <austin@google.com> Co-authored-by: Jay Conrod <jayconrod@google.com> Co-authored-by: KimMachineGun <geon0250@gmail.com> Co-authored-by: Ian Lance Taylor <iant@golang.org> Co-authored-by: Naman Gera <namangera15@gmail.com> Co-authored-by: Manlio Perillo <manlio.perillo@gmail.com> Co-authored-by: Michael Anthony Knyszek <mknyszek@google.com> Co-authored-by: Lynn Boger <laboger@linux.vnet.ibm.com> Co-authored-by: Russ Cox <rsc@golang.org> Co-authored-by: HowJMay <vulxj0j8j8@gmail.com> Co-authored-by: Cherry Zhang <cherryyz@google.com> Co-authored-by: Roland Shoemaker <roland@golang.org> Co-authored-by: Filippo Valsorda <filippo@golang.org> Co-authored-by: Keith Randall <khr@golang.org> Co-authored-by: cuishuang <imcusg@gmail.com> Co-authored-by: Cuong Manh Le <cuong.manhle.vn@gmail.com> Co-authored-by: makdon <makdon@makdon.me> Co-authored-by: Carlos Amedee <carlos@golang.org> Co-authored-by: Dmitri Shuralyov <dmitshur@golang.org> Co-authored-by: Matt Layher <mdlayher@gmail.com> Co-authored-by: Martin Möhrmann <martin@golang.org> Co-authored-by: vinckr <vincent@ory.sh> Co-authored-by: Brad Fitzpatrick <bradfitz@golang.org> Co-authored-by: nimelehin <nimelehin@gmail.com> Co-authored-by: Amelia Downs <adowns@vmware.com> Co-authored-by: nicksherron <nsherron90@gmail.com> Co-authored-by: Koichi Shiraishi <zchee.io@gmail.com> Co-authored-by: Archana R <aravind5@in.ibm.com> Co-authored-by: Agniva De Sarker <agnivade@yahoo.co.in> Co-authored-by: Bryan C. Mills <bcmills@google.com> Co-authored-by: David Crawshaw <crawshaw@golang.org> Co-authored-by: Dan Kortschak <dan@kortschak.io> Co-authored-by: Ayan George <ayan@ayan.net> Co-authored-by: Kevin Burke <kevin@burke.dev> Co-authored-by: Michael Matloob <matloob@golang.org> Co-authored-by: Steven Johnstone <steven.james.johnstone@gmail.com> Co-authored-by: Tatiana Bradley <tatiana@golang.org> Co-authored-by: David Taylor <tinystatemachine@gmail.com> |
||
|
Filippo Valsorda
|
f80ca9c941 |
crypto/ecdh: new package
We use crypto/internal/edwards25519/field to implement X25519 directly, so that golang.org/x/crypto/curve25519 can be dropped from the src module dependencies, and eventually replaced with a crypto/ecdh wrapper, removing the need to keep golang.org/x/crypto/curve25519/internal/field in sync with crypto/internal/edwards25519/field. In crypto/internal/nistec, we add BytesX to serialize only the x coordinate, which we'll need for the horrible ECDSA x-coord-to-scalar operation, too. In crypto/tls, we replace the ECDHE implementation with crypto/ecdh, dropping the X25519 special cases and related scaffolding. Finally, FINALLY, we deprecate the ~white whale~ big.Int-based APIs of the crypto/elliptic package. •_•) ( •_•)>⌐■-■ (⌐■_■) Fixes #52182 Fixes #34648 Fixes #52221 Change-Id: Iccdda210319cc892e96bb28a0e7b7123551982c7 Reviewed-on: https://go-review.googlesource.com/c/go/+/398914 Reviewed-by: Fernando Lobato Meeser <felobato@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> |
||
Ludi Rehak
|
8011ffeccb |
crypto/tls: change Conn.handshakeStatus type to atomic.Bool
Change the type of Conn.handshakeStatus from an atomically accessed uint32 to an atomic.Bool. Change its name to Conn.isHandshakeComplete to indicate it is a boolean value. Eliminate the handshakeComplete() helper function, which checks for equality with 1, in favor of the simpler c.isHandshakeComplete.Load(). Change-Id: I084c83956fff266e2145847e8645372bef6ae9df Reviewed-on: https://go-review.googlesource.com/c/go/+/422296 Auto-Submit: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> |
||
Tatiana Bradley
|
0c843da247 |
crypto/tls: randomly generate ticket_age_add
As required by RFC 8446, section 4.6.1, ticket_age_add now holds a random 32-bit value. Before this change, this value was always set to 0. This change also documents the reasoning for always setting ticket_nonce to 0. The value ticket_nonce must be unique per connection, but we only ever send one ticket per connection. Fixes #52814 Fixes CVE-2022-30629 Change-Id: I6c2fc6ca0376b7b968abd59d6d3d3854c1ab68bb Reviewed-on: https://go-review.googlesource.com/c/go/+/405994 Reviewed-by: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> |
||
Heschi Kreinick
|
8cd6f83334 |
[dev.boringcrypto] all: merge master into dev.boringcrypto
Change-Id: If0a6a3d0abf15d9584ce572510b5bb31872d432f |
||
|
Filippo Valsorda
|
b0a9ca52e9 |
crypto/tls: set default minimum client version to TLS 1.2
Updates #45428 Change-Id: I5d70066d4091196ec6f8bfc2edf3d78fdc0520c1 Reviewed-on: https://go-review.googlesource.com/c/go/+/359779 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Trust: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> |
||
|
Roland Shoemaker
|
e552a734b1 |
[dev.boringcrypto] all: merge commit 57c115e1 into dev.boringcrypto
Change-Id: I9e2b83c8356372034e4e3bfc6539b813e73611c9 |
||
|
Filippo Valsorda
|
3c6b6127c0 |
crypto/tls: let HTTP/1.1 clients connect to servers with NextProtos "h2"
Fixes #46310 Change-Id: Idd5e30f05c439f736ae6f3904cbb9cc2ba772315 Reviewed-on: https://go-review.googlesource.com/c/go/+/325432 Trust: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> |
||
|
Filippo Valsorda
|
91c310694c |
[dev.boringcrypto] all: merge commit 9d0819b27c (CL 314609) into dev.boringcrypto
There used to be two BoringCrypto-specific behaviors related to cipher suites in crypto/tls: 1. in FIPS-only mode, only a restricted set of AES ciphers is allowed 2. NOT in FIPS-only mode, AES would be prioritized over ChaCha20 even if AES hardware was not available The motivation of (2) is unclear, and BoringSSL doesn't have equivalent logic. This merge drops (2), and keeps (1). Note that the list of FIPS-only ciphers does not have priority semantics anymore, but the default logic still sorts them the same way as they used to be. Change-Id: I50544011085cfa2b087f323aebf5338c0bd2dd33 |
||
|
Filippo Valsorda
|
89df05a1c4 |
crypto/tls: make cipher suite preference ordering automatic
We now have a (well, two, depending on AES hardware support) universal
cipher suite preference order, based on their security and performance.
Peer and application lists are now treated as filters (and AES hardware
support hints) that are applied to this universal order.
This removes a complex and nuanced decision from the application's
responsibilities, one which we are better equipped to make and which
applications usually don't need to have an opinion about. It also lets
us worry less about what suites we support or enable, because we can be
confident that bad ones won't be selected over good ones.
This also moves 3DES suites to InsecureCipherSuites(), even if they are
not disabled by default. Just because we can keep them as a last resort
it doesn't mean they are secure. Thankfully we had not promised that
Insecure means disabled by default.
Notable test changes:
- TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the
right certificate regardless of CipherSuite ordering, which is now
completely ignored, as tested by TestCipherSuitePreference. Removed.
- The openssl command of TestHandshakeServerExportKeyingMaterial was
broken for TLS 1.0 in CL 262857, but its golden file was not
regenerated, so the test kept passing. It now broke because the
selected suite from the ones in the golden file changed.
- In TestAESCipherReordering, "server strongly prefers AES-GCM" is
removed because there is no way for a server to express a strong
preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha"
switched to ChaCha20 when the server lacks AES hardware; and finally
"client supports multiple AES-GCM" changed to always prefer AES-128
per the universal preference list.
* this is going back on an explicit decision from CL 262857, and
while that client order is weird and does suggest a strong dislike
for ChaCha20, we have a strong dislike for software AES, so it
didn't feel worth making the logic more complex
- All Client-* golden files had to be regenerated because the
ClientHello cipher suites have changed.
(Even when Config.CipherSuites was limited to one suite, the TLS 1.3
default order changed.)
Fixes #45430
Fixes #41476 (as 3DES is now always the last resort)
Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5
Reviewed-on: https://go-review.googlesource.com/c/go/+/314609
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
|
||
|
Roland Shoemaker
|
7d3285645e |
crypto/tls: enforce ALPN overlap when negotiated on both sides
During the TLS handshake if the server doesn't support any of the application protocols requested by the client, send the no_application_protocol alert and abort the handshake on the server side. This enforces the requirements of RFC 7301. Change-Id: Iced2bb5c6efc607497de1c40ee3de9c2b393fa5d Reviewed-on: https://go-review.googlesource.com/c/go/+/289209 Trust: Roland Shoemaker <roland@golang.org> Trust: Katie Hockman <katie@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> |
||
Johan Brandhorst
|
93cad92f83 |
crypto/tls: add HandshakeContext method to Conn
Adds the (*tls.Conn).HandshakeContext method. This allows us to pass the context provided down the call stack to eventually reach the tls.ClientHelloInfo and tls.CertificateRequestInfo structs. These contexts are exposed to the user as read-only via Context() methods. This allows users of (*tls.Config).GetCertificate and (*tls.Config).GetClientCertificate to use the context for request scoped parameters and cancellation. Replace uses of (*tls.Conn).Handshake with (*tls.Conn).HandshakeContext where appropriate, to propagate existing contexts. Fixes #32406 Change-Id: I259939c744bdc9b805bf51a845a8bc462c042483 Reviewed-on: https://go-review.googlesource.com/c/go/+/295370 Run-TryBot: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com> TryBot-Result: Go Bot <gobot@golang.org> Trust: Katie Hockman <katie@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> |
||
|
Russ Cox
|
6995b23916 |
[dev.boringcrypto] all: merge master (2f0da6d) into dev.boringcrypto
Manual edits in src/cmd/compile/internal/reflectdata/reflect.go to keep build working. Merge List: + 2021-02-17 2f0da6d9e2 go/types: revert "no 'declared but not used' errors for invalid var decls" + 2021-02-17 70c37ee7d0 cmd/compile/internal/test: gofmt abiutils_test.go + 2021-02-16 84825599dc all: merge branch dev.regabi (d3cd4830ad) into master + 2021-02-16 d3cd4830ad [dev.regabi] test: run abi/regabipragma test with -c=1 + 2021-02-16 03cea563d1 [dev.regabi] all: merge master (5faf941) into dev.regabi + 2021-02-16 b8fb049c7a [dev.regabi] cmd/go: copy internal/abi in TestNewReleaseRebuildsStalePackagesInGOPATH + 2021-02-16 5faf941df0 internal/goversion: update Version to 1.17 + 2021-02-16 ed55da46ab [dev.regabi] go/types: overlapping embedded interfaces requires go1.14 + 2021-02-16 7696c94334 [dev.regabi] go/types: type alias decl requires go1.9 + 2021-02-16 c2358a1ae7 [dev.regabi] runtime: stub out spillArgs and unspillArgs + 2021-02-16 8cfbf34dd9 internal/abi: set register count constants to zero for regabi experiment + 2021-02-16 6f3da9d2f6 README: pull gopher image from website + 2021-02-16 d28aae26b0 [dev.regabi] cmd/link: recognize internal/abi as runtime package + 2021-02-16 098504c73f cmd/link: generate trampoline for inter-dependent packages + 2021-02-16 1004a7cb31 runtime/metrics: update documentation to current interface + 2021-02-16 6530f2617f doc/go1.16: remove draft notice + 2021-02-16 353e111455 doc/go1.16: fix mismatched id attribute + 2021-02-16 e0215315f5 [dev.regabi] reflect: support for register ABI on amd64 for reflect.(Value).Call + 2021-02-16 f0d23c9dbb internal/poll: netpollcheckerr before sendfile + 2021-02-16 0cb3415154 doc: remove all docs not tied to distribution + 2021-02-16 626ef08127 doc: remove install.html and install-source.html + 2021-02-16 30641e36aa internal/poll: if copy_file_range returns 0, assume it failed + 2021-02-15 33d72fd412 doc/faq: update generics entry to reflect accepted proposal + 2021-02-15 852ce7c212 cmd/go: provide a more helpful suggestion for "go vet -?" + 2021-02-13 66c27093d0 cmd/link: fix typo in link_test.go + 2021-02-13 b81efb7ec4 [dev.regabi] go/types: add support for language version checking + 2021-02-13 a7e9b4b948 [dev.regabi] go/types: untyped shift counts must fit into uint + 2021-02-13 060fa49bd2 [dev.regabi] go/types: refuse excessively long constants + 2021-02-12 baa6c75dce [dev.regabi] internal/abi: add new internal/abi package for ABI constants + 2021-02-12 d1fd9a8863 [dev.regabi] all: merge master (ff0e93e) into dev.regabi + 2021-02-12 ff0e93ea31 doc/go1.16: note that package path elements beginning with '.' are disallowed + 2021-02-11 249da7ec02 CONTRIBUTORS: update for the Go 1.16 release + 2021-02-11 864d4f1c6b cmd/go: multiple small 'go help' fixes + 2021-02-11 26ceae85a8 spec: More precise wording in section on function calls. + 2021-02-11 930c2c9a68 cmd/go: reject embedded files that can't be packed into modules + 2021-02-11 e5b08e6d5c io/fs: allow backslash in ValidPath, reject in os.DirFS.Open + 2021-02-10 ed8079096f cmd/compile: mark concrete call of reflect.(*rtype).Method as REFLECTMETHOD + 2021-02-10 59703d53e2 [dev.regabi] cmd/link: stop using ABI aliases if wrapper is enabled + 2021-02-09 e9c9683597 cmd/go: suppress errors from 'go get -d' for packages that only conditionally exist + 2021-02-09 168d6a49a5 [dev.regabi] go/types: use 512 bits as max. integer precision + 2021-02-09 0a62067708 [dev.regabi] go/types: adjust importer to match compiler importer + 2021-02-09 1c58fcf7ed [dev.regabi] go/types: handle untyped constant arithmetic overflow + 2021-02-09 493363ccff [dev.regabi] go/types: must not import a package called "init" + 2021-02-09 e0ac989cf3 archive/tar: detect out of bounds accesses in PAX records resulting from padded lengths + 2021-02-09 c48d1503ba [dev.regabi] go/types: report unused packages in source order + 2021-02-09 813958f13c [dev.regabi] go/types: factor out sorting of methods + 2021-02-09 11d15c171b [dev.regabi] go/types: convert untyped arguments to delete + 2021-02-09 c9d6f45fec runtime/metrics: fix a couple of documentation typpos + 2021-02-09 cea4e21b52 io/fs: backslash is always a glob meta character + 2021-02-08 dc725bfb3c doc/go1.16: mention new vet check for asn1.Unmarshal + 2021-02-08 618e3c15bd [dev.regabi] go/types: consistently report nil type as "untyped nil" + 2021-02-08 50449de66a [dev.regabi] all: merge master (1901853) into dev.regabi + 2021-02-08 7b0dfb177f [dev.regabi] runtime: use g register in some assembly functions on AMD64 + 2021-02-08 2e60c00f56 [dev.regabi] cmd/internal/obj/x86: use g register in stack bounds check + 2021-02-08 22f9e1ccbc [dev.regabi] runtime: initialize special registers before sigpanic + 2021-02-08 5d7dc53888 [dev.regabi] cmd/compile, runtime: reserve R14 as g registers on AMD64 + 2021-02-08 1901853098 runtime/metrics: fix panic in readingAllMetric example + 2021-02-08 ed3e4afa12 syscall/plan9: remove spooky fd action at a distance + 2021-02-08 a21de9ec73 [dev.regabi] cmd/link: resolve symbol ABI in shared linkage + 2021-02-05 724d0720b3 doc/go1.16: add missed heading tag in vet section + 2021-02-05 b54cd94d47 embed, io/fs: clarify that leading and trailing slashes are disallowed + 2021-02-05 4516afebed testing/fstest: avoid symlink-induced failures in tester + 2021-02-05 8fa84772ba [dev.regabi] runtime: delete gosave function + 2021-02-05 946351d5a2 [dev.regabi] runtime: zero X15 in racecall + 2021-02-05 397a46a10a [dev.regabi] cmd/asm: define g register on AMD64 + 2021-02-05 e79c2fd428 [dev.regabi] runtime: mark racecallbackthunk as ABIInternal + 2021-02-05 7cc6de59f2 [dev.regabi] runtime: don't mark rt0_go ABIInternal + 2021-02-05 63de211014 [dev.regabi] runtime/cgo: call setg_gcc in crosscall_amd64 + 2021-02-04 120b819f45 [dev.regabi] go/types: report error for invalid main function signature + 2021-02-04 52d5cb2822 [dev.regabi] cmd/internal/obj: access Attribute atomically + 2021-02-04 bc451b5770 [dev.regabi] go/types: port check_test.go ergonomics from dev.typeparams + 2021-02-04 afd67f3334 [dev.regabi] go/types: no "declared but not used" errors for invalid var decls + 2021-02-04 8869086d8f runtime: fix typo in histogram.go + 2021-02-03 401d7e5a24 [dev.regabi] cmd/compile: reserve X15 as zero register on AMD64 + 2021-02-03 bfc7418e6d [dev.regabi] runtime, syscall, etc.: mark Darwin syscall wrappers as ABIInternal + 2021-02-03 e491c6eea9 math/big: fix comment in divRecursiveStep + 2021-02-02 23b0c1f76e [dev.regabi] all: merge master (fca94ab) into dev.regabi + 2021-02-02 fca94ab3ab spec: improve the example in Type assertions section + 2021-02-02 98f8454a73 cmd/link: don't decode type symbol in shared library in deadcode + 2021-02-02 1426a571b7 cmd/link: fix off-by-1 error in findShlibSection + 2021-02-01 32e789f4fb test: fix incorrectly laid out instructions in issue11656.go + 2021-02-01 ca6999e27c [dev.regabi] test: add a test for inlining closures + 2021-02-01 0b6cfea634 doc/go1.16: document that on OpenBSD syscalls are now made through libc + 2021-02-01 26e29aa15a cmd/link: disable TestPIESize if CGO isn't enabled + 2021-02-01 6ac91e460c doc/go1.16: minor markup fixes + 2021-01-29 44361140c0 embed: update docs for proposal tweaks + 2021-01-29 68058edc39 runtime: document pointer write atomicity for memclrNoHeapPointers + 2021-01-28 c8bd8010ff syscall: generate readlen/writelen for openbsd libc + 2021-01-28 41bb49b878 cmd/go: revert TestScript/build_trimpath to use ioutil.ReadFile + 2021-01-28 725a642c2d runtime: correct syscall10/syscall10X on openbsd/amd64 + 2021-01-28 4b068cafb5 doc/go1.16: document go/build/constraint package + 2021-01-28 376518d77f runtime,syscall: convert syscall on openbsd/arm64 to libc + 2021-01-27 aca22bddf2 [dev.regabi] cmd/compile: remove nested functions from expands_calls.go + 2021-01-27 667e08ba8c [dev.regabi] cmd/go: Use GOMAXPROCS to limit default build, compile parallelism + 2021-01-27 00f2ff5c94 api/go1.16: add go/build/constraint APIs + 2021-01-27 35334caf18 crypto/x509: remove leftover CertificateRequest field + 2021-01-27 a5a5e2c968 runtime: make sure to remove open-coded defer entries in all cases after a recover + 2021-01-27 8cfa01943a runtime: block console ctrlhandler when the signal is handled + 2021-01-27 ff9e8364c6 cmd/go: skip issue33139 when the 'cc' script command is unavailable + 2021-01-27 cd176b3615 runtime: switch runtime to libc for openbsd/arm64 + 2021-01-27 6c8fbfbdcf runtime: convert openbsd/arm64 locking to libc + 2021-01-27 5cdf0da1bf syscall: clean up mkasm related changes + 2021-01-27 210f70e298 doc/go1.16: fix closing brace in .Export format + 2021-01-27 0f797f168d math: fix typo in sqrt.go code comment + 2021-01-26 9b636feafe [dev.regabi] cmd/compile: missing last patch set for cl286013 + 2021-01-26 f7dad5eae4 [dev.regabi] cmd/compile: remove leftover code form late call lowering work + 2021-01-26 8634a234df runtime,syscall: convert syscall on openbsd/amd64 to libc + 2021-01-26 1d5e14632e os: further document limitations around naked file descriptors + 2021-01-25 5e4a0cdde3 [dev.regabi] all: merge master (bf0f7c9) into dev.regabi + 2021-01-26 cf263e9f77 os: correct names in CreateTemp and MkdirTemp doc comments + 2021-01-26 ce8b318624 net/http/fcgi: remove locking added to prevent a test-only race + 2021-01-25 bf0f7c9d78 doc/go1.16: mention os.DirFS in os section + 2021-01-25 deaf29a8a8 cmd/compile: fix order-of-assignment issue w/ defers + 2021-01-25 ad2ca26a52 doc/go1.16: mention os.DirEntry and types moved from os to io/fs + 2021-01-25 a51921fa5b doc/go1.16: mention new testing/iotest functions + 2021-01-25 e6b6d107f7 doc/go1.16: mention deprecation of io/ioutil + 2021-01-25 7eaaf28cae [dev.regabi] cmd/compile: disallow taking address of SSA'd values + 2021-01-25 96a276363b doc/go1.16: mention go/build changes + 2021-01-25 3d85c69a0b html/template: revert "avoid race when escaping updates template" + 2021-01-25 54514c6b28 cmd/go: fix TestScript/cgo_path, cgo_path_space when CC set + 2021-01-25 6f5e79f470 [dev.regabi] cmd/compile/internal: specify memory layout + 2021-01-25 cabffc199d [dev.regabi] cmd/compile/internal: add internal ABI specification + 2021-01-25 6de8443f3b doc/asm: add a section on go_asm.h, clean up go_tls.h section + 2021-01-25 6a4739ccc5 [dev.regabi] cmd/compile: enable rational constant arithmetic + 2021-01-25 be9612a832 [dev.regabi] os: disable TestDirFS until #42637 is fixed + 2021-01-25 8ee3d39838 [dev.regabi] cmd/go: workaround -race issue on ppc64le + 2021-01-25 54b251f542 lib/time, time/tzdata: update tzdata to 2021a + 2021-01-25 5a76c3d548 [dev.regabi] cmd/compile: modify abiutils for recently updated ABI + 2021-01-25 ff82cc971a os: force consistent mtime before running fstest on directory on Windows + 2021-01-25 044f937a73 doc/go1.16: fix WalkDir and Walk links + 2021-01-25 063c72f06d [dev.regabi] cmd/compile: backport changes from dev.typeparams (9456804) + 2021-01-23 b634f5d97a doc/go1.16: add crypto/x509 memory optimization + 2021-01-23 9897655c61 doc/go1.16: reword ambiguously parsable sentence + 2021-01-23 cd99385ff4 cmd/internal/obj/arm64: fix VMOVQ instruction encoding error + 2021-01-23 d05d6fab32 [dev.regabi] cmd/compile: replace ir.Name map with ir.NameSet for SSA 2 + 2021-01-23 66ee8b158f runtime: restore cgo_import_dynamic for libc.so on openbsd + 2021-01-23 48badc5fa8 [dev.regabi] cmd/compile: fix escape analysis problem with closures + 2021-01-23 51e1819a8d [dev.regabi] cmd/compile: scan body of closure in tooHairy to check for disallowed nodes + 2021-01-22 25c39e4fb5 io/ioutil: fix example test for WriteFile to allow it to run in the playground + 2021-01-22 eb21b31e48 runtime: define dummy msanmove + 2021-01-22 3a778ff50f runtime: check for g0 stack last in signal handler + 2021-01-22 a2cef9b544 cmd/go: don't lookup the path for CC when invoking cgo + 2021-01-22 7e0a81d280 [dev.regabi] all: merge master (dab3e5a) into dev.regabi + 2021-01-22 dab3e5affe runtime: switch runtime to libc for openbsd/amd64 + 2021-01-22 a1b53d85da cmd/go: add documentation for test and xtest fields output by go list + 2021-01-22 b268b60774 runtime: remove pthread_kill/pthread_self for openbsd + 2021-01-22 ec4051763d runtime: fix typo in mgcscavenge.go + 2021-01-22 7ece3a7b17 net/http: fix flaky TestDisableKeepAliveUpgrade + 2021-01-22 50cba0506f time: clarify Timer.Reset behavior on AfterFunc Timers + 2021-01-22 cf10e69f17 doc/go1.16: mention net/http.Transport.GetProxyConnectHeader + 2021-01-22 ec1b945265 doc/go1.16: mention path/filepath.WalkDir + 2021-01-22 11def3d40b doc/go1.16: mention syscall.AllThreadsSyscall + 2021-01-21 07b0235609 doc/go1.16: add notes about package-specific fs.FS changes + 2021-01-21 e2b4f1fea5 doc/go1.16: minor formatting fix + 2021-01-21 9f43a9e07b doc/go1.16: mention new debug/elf constants + 2021-01-21 3c2f11ba5b cmd/go: overwrite program name with full path + 2021-01-21 953d1feca9 all: introduce and use internal/execabs + 2021-01-21 b186e4d70d cmd/go: add test case for cgo CC setting + 2021-01-21 5a8a2265fb cmd/cgo: report exec errors a bit more clearly + 2021-01-21 46e2e2e9d9 cmd/go: pass resolved CC, GCCGO to cgo + 2021-01-21 3d40895e36 runtime: switch openbsd/arm64 to pthreads + 2021-01-21 d95ca91380 crypto/elliptic: fix P-224 field reduction + 2021-01-21 d7e71c01ad [dev.regabi] cmd/compile: replace ir.Name map with ir.NameSet for dwarf + 2021-01-21 5248f59a22 [dev.regabi] cmd/compile: replace ir.Name map with ir.NameSet for SSA + 2021-01-21 970d8b6cb2 [dev.regabi] cmd/compile: replace ir.Name map with ir.NameSet in inlining + 2021-01-21 68a4664475 [dev.regabi] cmd/compile: remove tempAssigns in walkCall1 + 2021-01-21 fd9a391cdd [dev.regabi] cmd/compile: remove CallExpr.Rargs + 2021-01-21 19a6db6b63 [dev.regabi] cmd/compile: make sure mkcall* passed non-nil init + 2021-01-21 9f036844db [dev.regabi] cmd/compile: use ir.DoChildren directly in inlining + 2021-01-21 213c3905e9 [dev.regabi] cmd/compile: use node walked flag to prevent double walk for walkSelect + 2021-01-20 1760d736f6 [dev.regabi] cmd/compile: exporting, importing, and inlining functions with OCLOSURE + 2021-01-20 ecf4ebf100 cmd/internal/moddeps: check content of all modules in GOROOT + 2021-01-20 92cb157cf3 [dev.regabi] cmd/compile: late expansion of return values + 2021-01-20 d2d155d1ae runtime: don't adjust timer pp field in timerWaiting status + 2021-01-20 803d18fc6c cmd/go: set Incomplete field on go list output if no files match embed + 2021-01-20 6e243ce71d cmd/go: have go mod vendor copy embedded files in subdirs + 2021-01-20 be28e5abc5 cmd/go: fix mod_get_fallback test + 2021-01-20 928bda4f4a runtime: convert openbsd/amd64 locking to libc + 2021-01-19 824f2d635c cmd/go: allow go fmt to complete when embedded file is missing + 2021-01-19 0575e35e50 cmd/compile: require 'go 1.16' go.mod line for //go:embed + 2021-01-19 9423d50d53 [dev.regabi] cmd/compile: use '%q' for printing rune values less than 128 + 2021-01-19 ccb2e90688 cmd/link: exit before Asmb2 if error + 2021-01-19 ca5774a5a5 embed: treat uninitialized FS as empty + 2021-01-19 d047c91a6c cmd/link,runtime: switch openbsd/amd64 to pthreads + 2021-01-19 61debffd97 runtime: factor out usesLibcall + 2021-01-19 9fed39d281 runtime: factor out mStackIsSystemAllocated + 2021-01-19 a2f825c542 [dev.regabi] cmd/compile: directly create go.map and go.track symbols + 2021-01-19 4a4212c0e5 [dev.regabi] cmd/compile: refactor Linksym creation + 2021-01-19 4f5c603c0f [dev.regabi] cmd/compile: cleanup callTargetLSym + 2021-01-18 dbab079835 runtime: free Windows event handles after last lock is dropped + 2021-01-18 5a8fbb0d2d os: do not close syscall.Stdin in TestReadStdin + 2021-01-18 422f38fb6c [dev.regabi] cmd/compile: move stack objects to liveness + 2021-01-18 6113db0bb4 [dev.regabi] cmd/compile: convert OPANIC argument to interface{} during typecheck + 2021-01-18 4c835f9169 [dev.regabi] cmd/compile: use LinksymOffsetExpr in TypePtr/ItabAddr + 2021-01-18 0ffa1ead6e [dev.regabi] cmd/compile: use *obj.LSym instead of *ir.Name for staticdata functions + 2021-01-17 7e0fa38aad [dev.regabi] cmd/compile: remove unneeded packages from ir.Pkgs + 2021-01-17 99a5db11ac [dev.regabi] cmd/compile: use LinksymOffsetExpr in walkConvInterface + 2021-01-17 87845d14f9 [dev.regabi] cmd/compile: add ir.TailCallStmt + 2021-01-17 e3027c6828 [dev.regabi] cmd/compile: fix linux-amd64-noopt builder + 2021-01-17 59ff93fe64 [dev.regabi] cmd/compile: rename NameOffsetExpr to LinksymOffsetExpr + 2021-01-17 82b9cae700 [dev.regabi] cmd/compile: change ir.NameOffsetExpr to use *obj.LSym instead of *Name + 2021-01-17 88956fc4b1 [dev.regabi] cmd/compile: stop analyze NameOffsetExpr.Name_ in escape analysis + 2021-01-17 7ce2a8383d [dev.regabi] cmd/compile: simplify stack temp initialization + 2021-01-17 ba0e8a92fa [dev.regabi] cmd/compile: refactor temp construction in walk + 2021-01-17 78e5aabcdb [dev.regabi] cmd/compile: replace Node.HasCall with walk.mayCall + 2021-01-16 6de9423445 [dev.regabi] cmd/compile: cleanup OAS2FUNC ordering + 2021-01-16 a956a0e909 [dev.regabi] cmd/compile, runtime: fix up comments/error messages from recent renames + 2021-01-16 ab3b67abfd [dev.regabi] cmd/compile: remove ONEWOBJ + 2021-01-16 c9b1445ac8 [dev.regabi] cmd/compile: remove TypeAssertExpr {Src,Dst}Type fields + 2021-01-15 682a1d2176 runtime: detect errors in DuplicateHandle + 2021-01-15 9f83418b83 cmd/link: remove GOROOT write in TestBuildForTvOS + 2021-01-15 ec9470162f cmd/compile: allow embed into any string or byte slice type + 2021-01-15 54198b04db cmd/compile: disallow embed of var inside func + 2021-01-15 b386c735e7 cmd/go: fix go generate docs + 2021-01-15 bb5075a525 syscall: remove RtlGenRandom and move it into internal/syscall + 2021-01-15 1deae0b597 os: invoke processKiller synchronously in testKillProcess + 2021-01-15 03a875137f [dev.regabi] cmd/compile: unexport reflectdata.WriteType + 2021-01-15 14537e6e54 [dev.regabi] cmd/compile: move stkobj symbol generation to SSA + 2021-01-15 ab523fc510 [dev.regabi] cmd/compile: don't promote Byval CaptureVars if Addrtaken + 2021-01-15 ff196c3e84 crypto/x509: update iOS bundled roots to version 55188.40.9 + 2021-01-15 b7a698c73f [dev.regabi] test: disable test on windows because expected contains path separators. + 2021-01-15 4be7af23f9 [dev.regabi] cmd/compile: fix ICE during ir.Dump + 2021-01-14 e125ccd10e cmd/go: in 'go mod edit', validate versions given to -retract and -exclude + 2021-01-14 eb330020dc cmd/dist, cmd/go: pass -arch for C compilation on Darwin + 2021-01-14 84e8a06f62 cmd/cgo: remove unnecessary space in cgo export header + 2021-01-14 0c86b999c3 cmd/test2json: document passing -test.paniconexit0 + 2021-01-14 9135795891 cmd/go/internal/load: report positions for embed errors + 2021-01-14 35b9c66601 [dev.regabi] cmd/compile,cmd/link: additional code review suggestions for CL 270863 + 2021-01-14 d9b79e53bb cmd/compile: fix wrong complement for arm64 floating-point comparisons + 2021-01-14 c73232d08f cmd/go/internal/load: refactor setErrorPos to PackageError.setPos + 2021-01-14 6aa28d3e06 go/build: report positions for go:embed directives + 2021-01-14 9734fd482d [dev.regabi] cmd/compile: use node walked flag to prevent double walk for walkSwitch + 2021-01-14 f97983249a [dev.regabi] cmd/compile: move more PAUTOHEAP to SSA construction + 2021-01-14 4476300425 [dev.regabi] cmd/compile: use byte for CallExpr.Use + 2021-01-14 5a5ab24689 [dev.regabi] cmd/compile: do not rely on CallExpr.Rargs for detect already walked calls + 2021-01-14 983ac4b086 [dev.regabi] cmd/compile: fix ICE when initializing blank vars + 2021-01-13 7eb31d999c cmd/go: add hints to more missing sum error messages + 2021-01-13 d6d4673728 [dev.regabi] cmd/compile: fix GOEXPERIMENT=regabi builder + 2021-01-13 c41b999ad4 [dev.regabi] cmd/compile: refactor abiutils from "gc" into new "abi" + 2021-01-13 861707a8c8 [dev.regabi] cmd/compile: added limited //go:registerparams pragma for new ABI dev + 2021-01-13 c1370e918f [dev.regabi] cmd/compile: add code to support register ABI spills around morestack calls + 2021-01-13 2abd24f3b7 [dev.regabi] test: make run.go error messages slightly more informative + 2021-01-13 9a19481acb [dev.regabi] cmd/compile: make ordering for InvertFlags more stable + 2021-01-12 d9acf6f3a3 [dev.regabi] cmd/compile: remove Func.ClosureType + 2021-01-12 41352fd401 [dev.regabi] cmd/compile: transform closures during walk + 2021-01-12 d6ad88b4db [dev.regabi] cmd/compile: compile functions before closures + 2021-01-12 432f9ffb11 [dev.regabi] cmd/compile: unindent compileFunctions + 2021-01-12 cc90e7a51e [dev.regabi] cmd/compile: always use the compile queue + 2021-01-12 cd5b74d2df [dev.regabi] cmd/compile: call NeedFuncSym in InitLSym + 2021-01-12 ba76567bc2 cmd/go/internal/modload: delete unused *mvsReqs.next method + 2021-01-12 665def2c11 encoding/asn1: document unmarshaling behavior for IMPLICIT string fields + 2021-01-12 95acd8121b [dev.regabi] cmd/compile: remove Name.Typegen + 2021-01-12 12ee55ba7b [dev.regabi] cmd/compile: stop using Vargen for import/export + 2021-01-12 b4d2a0445b [dev.regabi] cmd/compile: refactor closure var setup/teardown + 2021-01-12 f57f484053 [dev.regabi] cmd/compile: decouple escape analysis from Name.Vargen + 2021-01-11 81ea89adf3 cmd/go: fix non-script staleness checks interacting badly with GOFLAGS + 2021-01-11 759309029f doc: update editors.html for Go 1.16 + 2021-01-11 c3b4c7093a cmd/internal/objfile: don't require runtime.symtab symbol for XCOFF + 2021-01-10 7fd84c6e46 [dev.regabi] cmd/compile: remove OCLOSUREREAD + 2021-01-10 c9c26d7ffb [dev.regabi] cmd/compile: use ClosureVars for method value wrappers + 2021-01-10 950cf4d46c [dev.regabi] cmd/compile: bind closure vars during SSA constructions + 2021-01-10 8b2efa990b [dev.regabi] cmd/compile: deref PAUTOHEAPs during SSA construction + 2021-01-08 59bfc18e34 cmd/go: add hint to read 'go help vcs' to GOVCS errors + 2021-01-08 6ee9b118a2 [dev.regabi] cmd/compile: remove fmt_test code; it has outlived its usefulness + 2021-01-08 cd6f3a54e4 cmd/go: revise 'go help' documentation for modules + 2021-01-08 6192b98751 cmd/go: make hints in error messages more consistent + 2021-01-08 25886cf4bd cmd/go: preserve sums for indirect deps fetched by 'go mod download' + 2021-01-08 6250833911 runtime/metrics: mark histogram metrics as cumulative + 2021-01-08 8f6a9acbb3 runtime/metrics: remove unused StopTheWorld Description field + 2021-01-08 6598c65646 cmd/compile: fix exponential-time init-cycle reporting + 2021-01-08 fefad1dc85 test: fix timeout code for invoking compiler + 2021-01-08 6728118e0a cmd/go: pass signals forward during "go tool" + 2021-01-08 e65c543f3c go/build/constraint: add parser for build tag constraint expressions + 2021-01-08 0c5afc4fb7 testing/fstest,os: clarify racy behavior of TestFS + 2021-01-08 32afcc9436 runtime/metrics: change unit on *-by-size metrics to match bucket unit + 2021-01-08 c6513bca5a io/fs: minor corrections to Glob doc + 2021-01-08 b241938e04 [dev.regabi] cmd/compile: fix some methods error text + 2021-01-08 304f769ffc cmd/compile: don't short-circuit copies whose source is volatile + 2021-01-08 ae97717133 runtime,runtime/metrics: use explicit histogram boundaries + 2021-01-08 a9ccd2d795 go/build: skip string literal while findEmbed + 2021-01-08 d92f8add32 archive/tar: fix typo in comment + 2021-01-08 cab1202183 cmd/link: accept extra blocks in TestFallocate + 2021-01-08 ee4d32249b io/fs: minor corrections to Glob release date + 2021-01-08 54bd1ccce2 cmd: update to latest golang.org/x/tools + 2021-01-07 9ec21a8f34 Revert "reflect: support multiple keys in struct tags" + 2021-01-07 091414b5b7 io/fs: correct WalkDirFunc documentation + 2021-01-07 9b55088d6b doc/go1.16: add release note for disallowing non-ASCII import paths + 2021-01-07 fa90aaca7d cmd/compile: fix late expand_calls leaf type for OpStructSelect/OpArraySelect + 2021-01-07 7cee66d4cb cmd/go: add documentation for Embed fields in go list output + 2021-01-07 e60cffa4ca html/template: attach functions to namespace + 2021-01-07 6da2d3b7d7 cmd/link: fix typo in asm.go + 2021-01-07 df81a15819 runtime: check mips64 VDSO clock_gettime return code + 2021-01-06 4787e906cf crypto/x509: rollback new CertificateRequest fields + 2021-01-06 c9658bee93 cmd/go: make module suggestion more friendly + 2021-01-06 4c668b25c6 runtime/metrics: fix panic message for Float64Histogram + 2021-01-06 d2131704a6 net/http/httputil: fix deadlock in DumpRequestOut + 2021-01-05 3e1e13ce6d cmd/go: set cfg.BuildMod to "readonly" by default with no module root + 2021-01-05 0b0d004983 cmd/go: pass embedcfg to gccgo if supported + 2021-01-05 cb05a0aa6a [dev.regabi] cmd/compile: remove toolstash scaffolding + 2021-01-05 9821838832 [dev.regabi] cmd/compile: remove CaptureVars + 2021-01-05 fd43831f44 [dev.regabi] cmd/compile: reimplement capture analysis + 2021-01-05 fb69c67cad [dev.regabi] test: enable finalizer tests on !amd64 + 2021-01-05 1b85e7c057 cmd/go: don't scan gccgo standard library packages for imports + 2021-01-05 81f4f0e912 [dev.regabi] cmd/compile: remove race-y check in Name.Canonical + 2021-01-05 6b37b15d95 runtime: don't take allglock in tracebackothers + 2021-01-05 4a9d9adea4 [dev.regabi] cmd/compile: remove initname function + 2021-01-05 77365c5ed7 [dev.regabi] cmd/compile: add Name.Canonical and move Byval + 2021-01-05 e09783cbc0 [dev.regabi] cmd/compile: make ir.StaticValue safer + 2021-01-05 9aa950c407 [dev.regabi] cmd/compile: make ir.OuterValue safer + 2021-01-05 eb626409d1 [dev.regabi] cmd/compile: simplify CaptureVars + 2021-01-05 c28ca67a96 [dev.regabi] cmd/compile: fix ir.Dump for []*CaseClause, etc + 2021-01-04 9eef49cfa6 math/rand: fix typo in comment + 2021-01-04 b01fb2af9e testing/fstest: fix typo in error message + 2021-01-04 f24e40c14a [dev.regabi] cmd/compile: remove Name.Class_ accessors + 2021-01-04 d89705e087 [dev.regabi] cmd/compile: fix re-export of parameters + 2021-01-04 290b4154b7 [dev.regabi] cmd/compile: fix ICE due to large uint64 constants + 2021-01-04 a30fd52884 [dev.regabi] cmd/compile: use ir.NewNameAt in SubstArgTypes + 2021-01-03 8fc44cf0fa [dev.regabi] cmd/compile: remove a couple CloneName calls + 2021-01-03 907a4bfdc7 [dev.regabi] cmd/compile: fix map assignment order + 2021-01-03 f2e6dab048 [dev.regabi] cmd/compile: remove walkReturn "common case" path + 2021-01-03 d36a6bf44d [dev.regabi] cmd/compile: improve walkReturn common case + 2021-01-03 a317067d65 [dev.regabi] cmd/compile: improve ascompatee + 2021-01-03 5d80a590a2 [dev.regabi] cmd/compile: simplify walkReturn + 2021-01-03 bb1b6c95c2 [dev.regabi] cmd/compile: remove Node.{,Set}Walkdef + 2021-01-03 57c426c9a5 [dev.regabi] cmd/compile: tighten typecheckdef to *ir.Name + 2021-01-03 b1747756e3 [dev.regabi] cmd/compile: reorganize escape analysis somewhat + 2021-01-02 f2538033c0 [dev.regabi] cmd/compile: remove Nodes.Set [generated] + 2021-01-02 2f2d4b4e68 [dev.regabi] cmd/compile: remove {Ptr,Set}Init from Node interface + 2021-01-01 3dd5867605 doc: 2021 is the Year of the Gopher + 2021-01-01 1544a03198 [dev.regabi] cmd/compile: refactor redundant type conversion [generated] + 2021-01-01 7958a23ea3 [dev.regabi] cmd/compile: use *ir.Name where possible in inl.go + 2021-01-01 bfa97ba48f [dev.regabi] test: add another closure test case + 2021-01-01 67ad695416 [dev.regabi] cmd/compile: split escape analysis state + 2021-01-01 fad9a8b528 [dev.regabi] cmd/compile: simplify inlining of closures + 2021-01-01 7d55669847 [dev.regabi] cmd/compile: simplify dwarfgen.declPos + 2021-01-01 9ed1577779 [dev.regabi] cmd/compile: remove Func.ClosureEnter + 2021-01-01 ece345aa69 [dev.regabi] cmd/compile: expand documentation for Func.Closure{Vars,Enter} + 2021-01-01 6ddbc75efd [dev.regabi] cmd/compile: earlier deadcode removal + 2021-01-01 68e6fa4f68 [dev.regabi] cmd/compile: fix package-initialization order + 2021-01-01 3a4474cdfd [dev.regabi] cmd/compile: some more manual shuffling + 2021-01-01 0f1d2129c4 [dev.regabi] cmd/compile: reshuffle type-checking code [generated] + 2021-01-01 b8fd3440cd [dev.regabi] cmd/compile: report unused variables during typecheck + 2021-01-01 fd22df9905 [dev.regabi] cmd/compile: remove idempotent Name() calls [generated] + 2020-12-31 dfbcff80c6 [dev.regabi] cmd/compile: make copyExpr return *ir.Name directly + 2020-12-31 77fd81a3e6 [dev.regabi] cmd/compile: use names for keep alive variables in function call + 2020-12-31 8fe1197654 [dev.regabi] cmd/compile: remove Name.orig + 2020-12-31 477b049060 [dev.regabi] cmd/compile: fix printing of method expressions + 2020-12-31 95ce805d14 io/fs: remove darwin/arm64 special condition + 2020-12-30 20d0991b86 lib/time, time/tzdata: update tzdata to 2020f + 2020-12-30 ed301733bb misc/cgo/testcarchive: remove special flags for Darwin/ARM + 2020-12-30 0ae2e032f2 misc/cgo/test: enable TestCrossPackageTests on darwin/arm64 + 2020-12-30 178c667db2 [dev.regabi] cmd/compile: fix OSLICEARR comments + 2020-12-30 f0d99def5b [dev.regabi] cmd/compile: add newline to ir.Dump + 2020-12-30 451693af71 [dev.regabi] cmd/compile: simplify typecheckdef + 2020-12-30 0c1a899a6c [dev.regabi] cmd/compile: fix defined-pointer method call check + 2020-12-30 f9b67f76a5 [dev.regabi] cmd/compile: change ir.DoChildren to use bool result type + 2020-12-30 499851bac8 [dev.regabi] cmd/compile: generalize ir/mknode.go + 2020-12-30 82ab3d1448 [dev.regabi] cmd/compile: use *ir.Name for Decl.X + 2020-12-30 9958b7ed3e [dev.regabi] cmd/compile: unexport ir.FmtNode + 2020-12-29 780b4de16b misc/ios: fix wording for command line instructions + 2020-12-29 b4a71c95d2 doc/go1.16: reference misc/ios/README for how to build iOS programs + 2020-12-29 f83e0f6616 misc/ios: add to README how to build ios executables + 2020-12-29 f5816624cd [dev.regabi] cmd/compile: change AddrExpr.Alloc to AddrExpr.Prealloc + 2020-12-29 850aa7c60c [dev.regabi] cmd/compile: use *ir.Name instead of ir.Node for CaseClause.Var + 2020-12-29 37babc97bb [dev.regabi] cmd/compile: allow visitor visits *ir.Name + 2020-12-29 5cf3c87fa6 [dev.regabi] cmd/compile: generate case/comm clause functions in mknode.go + 2020-12-29 b3e1ec97fd [dev.regabi] cmd/compile: move new addrtaken bit back to the old name + 2020-12-29 0620c674dd [dev.regabi] cmd/compile: remove original addrtaken bit + 2020-12-29 0523d525ae [dev.regabi] cmd/compile: separate out address taken computation from typechecker + 2020-12-29 9ea272e5ec [dev.regabi] cmd/compile: simplify ir.Func somewhat + 2020-12-29 e40cb4d4ae [dev.regabi] cmd/compile: remove more unused code + 2020-12-29 6f30c95048 [dev.regabi] cmd/compile: remove unneeded indirection + 2020-12-29 171fc6f223 [dev.regabi] cmd/compile: remove workarounds for go/constant issues + 2020-12-29 33801cdc62 [dev.regabi] cmd/compile: use Ntype where possible + 2020-12-29 82ad3083f8 [dev.regabi] cmd/compile: remove typ from AssignOpStmt + 2020-12-29 e34c44a7c4 [dev.regabi] cmd/compile: refactoring typecheck arith + 2020-12-29 a5ec920160 [dev.regabi] cmd/compile: more Linksym cleanup + 2020-12-29 ec59b197d5 [dev.regabi] cmd/compile: rewrite to use linksym helpers [generated] + 2020-12-29 25c613c02d [dev.regabi] cmd/compile: add Linksym helpers + 2020-12-29 289da2b33e [dev.regabi] cmd/compile: move Node.Opt to Name + 2020-12-29 6acbae4fcc [dev.regabi] cmd/compile: address some ir TODOs + 2020-12-29 4629f6a51d [dev.regabi] cmd/compile: merge {Selector,CallPart,Method}Expr + 2020-12-29 e563715b30 [dev.regabi] cmd/compile: remove Sym.Importdef + 2020-12-29 3f370b75fb [dev.regabi] cmd/compile: cleanup //go:generate directives + 2020-12-28 4fd9455882 io/fs: fix typo in comment + 2020-12-28 07569dac4e [dev.regabi] all: merge master (1d78139) into dev.regabi + 2020-12-28 76136be027 [dev.regabi] cmd/compile: check for recursive import in ImportBody + 2020-12-28 fda7ec3a3f [dev.regabi] cmd/compile: remove Name.IsDDD, etc + 2020-12-28 098a6490b9 [dev.regabi] cmd/compile: remove Declare in makepartialcall + 2020-12-28 137f0d2e06 [dev.regabi] cmd/compile: remove unnecessary Name.Sym call + 2020-12-28 3383b5c74a [dev.regabi] cmd/compile: flatten dependency graph [generated] + 2020-12-28 f8afb8216a [dev.regabi] cmd/compile: rename CommStmt and CaseStmt [generated] + 2020-12-28 5f3bd59a0d [dev.regabi] cmd/compile: remove some unneeded code in package ir + 2020-12-28 3bdafb0d82 [dev.regabi] cmd/compile: remove CommStmt.List + 2020-12-28 2ecf52b841 [dev.regabi] cmd/compile: separate CommStmt from CaseStmt + 2020-12-28 ed9772e130 [dev.regabi] cmd/compile: add explicit file name in types generation + 2020-12-28 a59d26603f [dev.regabi] cmd/compile: use []*CaseStmt in {Select,Switch}Stmt + 2020-12-28 fbc4458c06 [dev.regabi] cmd/compile: simplify some tree traversal code + 2020-12-28 6c67677541 [dev.regabi] cmd/compile: simplify FuncName and PkgFuncName + 2020-12-28 676d794b81 [dev.regabi] cmd/compile: remove refersToCommonName + 2020-12-28 c98548e110 [dev.regabi] cmd/compile: merge ascompatee, ascompatee1, and reorder3 + 2020-12-28 4c215c4fa9 [dev.regabi] cmd/compile: simplify and optimize reorder3 + 2020-12-28 e6c973198d [dev.regabi] cmd/compile: stop mangling SelectorExpr.Sel for ODOTMETH + 2020-12-28 135ce1c485 [dev.regabi] cmd/compile: desugar OMETHEXPR into ONAME during walk + 2020-12-28 0f732f8c91 [dev.regabi] cmd/compile: minor walkExpr cleanups + 2020-12-28 0de8eafd98 [dev.regabi] cmd/compile: remove SelectorExpr.Offset field + 2020-12-28 a4f335f420 [dev.regabi] cmd/compile: always use a Field for ODOTPTR expressions + 2020-12-26 1d78139128 runtime/cgo: fix Android build with NDK 22 + 2020-12-25 2018b68a65 net/mail: don't use MDT in test + 2020-12-25 e4f293d853 [dev.regabi] cmd/compile: fix OCALLMETH desugaring + 2020-12-25 1d9a1f67d5 [dev.regabi] cmd/compile: don't emit reflect data for method types + 2020-12-25 396b6c2e7c [dev.regabi] cmd/compile: cleanup assignment typechecking + 2020-12-25 e24d2f3d05 [dev.regabi] cmd/compile: remove typ from RangeStmt + 2020-12-25 2785c691c2 [dev.regabi] cmd/compile: cleanup devirtualization docs + 2020-12-25 4b1d0fe66f [dev.regabi] cmd/compile: new devirtualization pkg [generated] + 2020-12-24 082cc8b7d9 [dev.regabi] cmd/compile: change ir.IsAssignable -> ir.IsAddressable + 2020-12-24 27b248b307 [dev.regabi] cmd/compile: separate range stmt Vars to Key, Value nodes + 2020-12-23 40818038bf [dev.regabi] cmd/compile: change CaseStmt.Vars to Var + 2020-12-23 b116404444 runtime: shift timeHistogram buckets and allow negative durations + 2020-12-23 8db7e2fecd runtime: fix allocs-by-size and frees-by-size buckets + 2020-12-23 fb96f07e1a runtime: fix nStackRoots comment about stack roots + 2020-12-23 d1502b3c72 lib/time, time/tzdata: update tzdata to 2020e + 2020-12-23 30c99cbb7a cmd/go: add the Retract field to 'go help mod edit' definition of the GoMod struct + 2020-12-23 49d0b239cb doc: fix a typo in contribute.html + 2020-12-23 9eeed291bc [dev.regabi] cmd/compile: eliminate usage of ir.Node in liveness + 2020-12-23 d1d64e4cea [dev.regabi] cmd/compile: split SliceExpr.List into separate fields + 2020-12-23 98a73030b0 cmd/go: in 'go get', promote named implicit dependencies to explicit + 2020-12-23 d19018e8f1 [dev.regabi] cmd/compile: split SliceHeaderExpr.LenCap into separate fields + 2020-12-23 53f082b0ee [dev.regabi] cmd/compile: cleanup export code further + 2020-12-23 31267f82e1 [dev.regabi] cmd/compile: simplify function/interface/struct typechecking + 2020-12-23 addade2cce [dev.regabi] cmd/compile: prefer types constructors over typecheck + 2020-12-23 18ebfb49e9 [dev.regabi] cmd/compile: cleanup noder + 2020-12-23 87a592b356 [dev.regabi] cmd/compile: cleanup import/export code + 2020-12-23 5898025026 [dev.regabi] cmd/compile: update mkbuiltin.go to use new type constructors + 2020-12-23 63c96c2ee7 [dev.regabi] cmd/compile: update mkbuiltin.go and re-enable TestBuiltin + 2020-12-23 37f138df6b [dev.regabi] cmd/compile: split out package test [generated] + 2020-12-23 3d8a3cb06b [dev.regabi] cmd/compile: split out package pkginit [generated] + 2020-12-23 3f04d964ab [dev.regabi] cmd/compile: split up walkexpr1, walkstmt [generated] + 2020-12-23 e4895ab4c0 [dev.regabi] cmd/compile: split out package walk [generated] + 2020-12-23 01fd2d05c8 [dev.regabi] cmd/compile: split out package dwarfgen [generated] + 2020-12-23 6c34d2f420 [dev.regabi] cmd/compile: split out package ssagen [generated] + 2020-12-23 de65151e50 [dev.regabi] cmd/compile: split out package reflectdata [generated] + 2020-12-23 4dfb5d91a8 [dev.regabi] cmd/compile: split out package staticdata [generated] + 2020-12-23 fbc82f03b1 [dev.regabi] cmd/compile: split out package noder [generated] + 2020-12-23 de454eef5f [dev.regabi] cmd/compile: split out package escape [generated] + 2020-12-23 071ab0a14c [dev.regabi] cmd/compile: split out package liveness [generated] + 2020-12-23 0ced54062e [dev.regabi] cmd/compile: split out package objw [generated] + 2020-12-23 575fd6ff0a [dev.regabi] cmd/compile: split out package inline [generated] + 2020-12-23 0256ba99a8 [dev.regabi] cmd/compile: split up typecheck1 [generated] + 2020-12-23 b9693d7627 [dev.regabi] cmd/compile: split out package typecheck [generated] + 2020-12-23 dac0de3748 [dev.regabi] cmd/compile: move type size calculations into package types [generated] + 2020-12-23 527a1895d6 [dev.regabi] cmd/compile: move helpers into package ir [generated] + 2020-12-23 65c4c6dfb2 [dev.regabi] cmd/compile: group known symbols, packages, names [generated] + 2020-12-23 9ee309255a [dev.regabi] cmd/compile: move helpers into package types [generated] + 2020-12-23 ead4957892 [dev.regabi] cmd/compile: move helpers into package base [generated] + 2020-12-23 440308ffd7 [dev.regabi] cmd/compile: simplify Nodes usage [generated] + 2020-12-23 f9d373720e [dev.regabi] cmd/compile: remove Left, Right etc methods [generated] + 2020-12-23 14d667341f [dev.regabi] cmd/compile: remove Node.Left etc [generated] + 2020-12-23 6f27d29be0 [dev.regabi] cmd/compile: remove ir.Nod [generated] + 2020-12-23 fd6ba1c8a2 os/signal: fix a deadlock with syscall.AllThreadsSyscall() use + 2020-12-23 69cf39089f [dev.regabi] cmd/compile: do not die in early base.FlushErrors + 2020-12-23 6d03cde88a [dev.regabi] cmd/dist: automatically bootstrap cmd subdirs + 2020-12-23 b0b0d98283 runtime: linux iscgo support for not blocking nptl signals + 2020-12-23 d1d1099c91 [dev.regabi] cmd/compile: fixes for big rewrite + 2020-12-22 223331fc0c cmd/go/internal/modload: add hint for missing implicit dependency + 2020-12-22 ec741b0447 [dev.regabi] all: merge master (c9fb4eb) into dev.regabi + 2020-12-22 acc32ea124 [dev.regabi] codereview.cfg: add config for dev.regabi + 2020-12-22 c9fb4eb0a2 cmd/link: handle grouped resource sections + 2020-12-22 c40934b33d [dev.regabi] cmd/compile: adjust one case in walkexpr + 2020-12-22 280e7fd1ee [dev.regabi] cmd/compile: only access Func method on concrete types + 2020-12-22 51ba53f5c2 [dev.regabi] cmd/compile: separate misc for gc split + 2020-12-22 572f168ed2 [dev.regabi] cmd/compile: separate various from Main + 2020-12-22 3b12c6dc08 [dev.regabi] cmd/compile: separate typecheck more cleanly + 2020-12-22 7c8f5356ab [dev.regabi] cmd/compile: separate dowidth better + 2020-12-22 c06a354bcc test: trigger SIGSEGV instead of SIGTRAP in issue11656.go + 2020-12-22 0aa9b4709a cmd/pack: r command create output file if not exist + 2020-12-22 cb28c96be8 [dev.regabi] cmd/compile,cmd/link: initial support for ABI wrappers + 2020-12-22 c8610e4700 [dev.regabi] cmd/compile: add ir.BasicLit to represent literals + 2020-12-22 3512cde10a [dev.regabi] cmd/compile: stop reusing Ntype for OSLICELIT length + 2020-12-22 2755361e6a [dev.regabi] cmd/compile: change noder.declNames to returns ir.Names + 2020-12-22 301af2cb71 [dev.regabi] runtime/race: adjust test pattern match for ABI wrapper + 2020-12-22 4d27c4c223 runtime: correct error handling in several FreeBSD syscall wrappers + 2020-12-22 9b6147120a cmd/pack: treat compiler's -linkobj output as "compiler object" + 2020-12-22 306b2451c8 [dev.regabi] runtime: fix ABI targets in runtime.panic{Index,Slice} shims + 2020-12-21 bc7e4d9257 syscall: don't generate ptrace on iOS + 2020-12-21 94cfeca0a5 [dev.regabi] cmd/compile: stop using ONONAME with Name + 2020-12-21 cb4898a77d [dev.regabi] cmd/compile: simplify declaration importing + 2020-12-21 06915ac14d [dev.regabi] cmd/compile: move itabname call out of implements + 2020-12-21 6cff874c47 runtime/metrics: add Read examples + 2020-12-21 4e8f681eff Merge "[dev.regabi] all: merge master into dev.regabi" into dev.regabi + 2020-12-21 1a523c8ab0 [dev.regabi] cmd/compile: separate nowritebarrierrec from main + 2020-12-21 e999c17022 [dev.regabi] cmd/compile: separate ssa from other phases + 2020-12-21 4836e28ac0 [dev.regabi] cmd/compile: separate noder more cleanly + 2020-12-21 85ce6ecfe3 [dev.regabi] cmd/compile: separate exportsym more cleanly + 2020-12-21 1a3b036b83 [dev.regabi] cmd/compile: collect global compilation state + 2020-12-21 2153a99914 [dev.regabi] cmd/compile: setup to move Addrconst, Patch into cmd/internal/obj + 2020-12-21 0bb0baf683 [dev.regabi] cmd/compile: cleanup for concrete types - more + 2020-12-21 ca8e17164e [dev.regabi] all: merge master into dev.regabi + 2020-12-21 8438a5779b runtime: use _exit on darwin + 2020-12-21 cb95819cf6 runtime: detect netbsd netpoll overrun in sysmon + 2020-12-21 53c984d976 runtime: skip wakep call in wakeNetPoller on Plan 9 + 2020-12-21 9abbe27710 test: skip issue11656.go on mips/mips64/ppc64 + 2020-12-20 89b44b4e2b cmd/compile: recognize reassignments involving receives + 2020-12-19 55b58018f4 test: for issue11656 try to execute trap, not call it + 2020-12-18 626cc7c02d test: permit "exponent too large" error + 2020-12-18 139cd0e12f go/build: make TestDependencies work again + 2020-12-18 2de7866470 os: remove dependency on strings package + 2020-12-18 c45313bf45 [dev.regabi] cmd/compile: remove prealloc map + 2020-12-18 ffb0cb7044 [dev.regabi] cmd/compile: remove uses of Name.Offset, Name.copy + 2020-12-18 c76be2a24e [dev.regabi] cmd/compile: add ONAMEOFFSET, delete to-be-deleted fields + 2020-12-18 4e8f1e139f [dev.regabi] cmd/compile: cleanup for concrete types - sinit + 2020-12-18 27aba22651 [dev.regabi] cmd/compile: cleanup for concrete types - walk + 2020-12-18 0b9cb63b8d [dev.regabi] cmd/compile: rename ir.Find to ir.Any and update uses + 2020-12-18 ae652a4ac9 os/signal: fix flaky tests for NotifyContext. + 2020-12-18 740851baca cmd/link: avoid use of -T when linking with lld + 2020-12-18 f1778c28a9 test: recognize and use gc build tag + 2020-12-17 8fcf318123 api/go1.16: remove crypto/tls APIs that are moved to Go 1.17 + 2020-12-17 520f3b72db crypto/tls: revert "add HandshakeContext method to Conn" + 2020-12-17 2ff33f5e44 api: promote next to go1.16 + 2020-12-17 aeedc9f804 [dev.regabi] cmd/compile: remove OSELRECV + 2020-12-17 0328c3b660 [dev.regabi] cmd/compile: use OSELRECV2 for all <-c variants + 2020-12-17 88e1415d08 [dev.regabi] cmd/compile: add type assertion in regabi test + 2020-12-17 9c384e881e [dev.regabi] cmd/compile: cleanup for concrete types - mop-up + 2020-12-17 be64c8bece [dev.regabi] cmd/compile: cleanup for concrete types - noder + 2020-12-17 5024396563 [dev.regabi] cmd/compile: cleanup for concrete types - subr + 2020-12-17 dd67b13d07 [dev.regabi] cmd/compile: cleanup for concrete types - range, select, swt + 2020-12-17 42fec2ded4 [dev.regabi] cmd/compile: cleanup for concrete types - const + 2020-12-17 389ae3d5ba [dev.regabi] cmd/compile: cleanup for concrete types - inl + 2020-12-17 5fe64298a4 [dev.regabi] cmd/compile: cleanup for concrete types - import/export + 2020-12-17 aa55d4e54b [dev.regabi] cmd/compile: cleanup for concrete types - escape + 2020-12-17 846740c17f [dev.regabi] cmd/compile: cleanup for concrete types - ssa + 2020-12-17 bf9bbbd6ed [dev.regabi] cmd/compile: cleanup for concrete types - order + 2020-12-17 4ac6a6317b [dev.regabi] cmd/compile: cleanup for concrete types - typecheck + 2020-12-17 f6efa3d4a4 [dev.regabi] cmd/compile: simplify ir.Find, replace ir.Inspect with ir.Visit + 2020-12-17 f6d2834f8f [dev.regabi] cmd/compile: limit Implicit method to nodes where it is defined + 2020-12-17 7fde0d2b50 [dev.regabi] cmd/compile: remove use of Initorder, Offset Node fields for initorder + 2020-12-17 114af2a044 [dev.regabi] cmd/compile: change Nodes to be a slice + 2020-12-17 4dfc7333f4 [dev.regabi] cmd/compile: update ir/fmt for concrete types + 2020-12-17 a997543292 [dev.regabi] cmd/compile: fix potential closure waste in Order + 2020-12-17 578fbbe3aa [dev.regabi] cmd/compile: rewrite some generic ir.Nod calls + 2020-12-17 5ae70b85c6 [dev.regabi] cmd/compile: cleanup preparing for concrete types, 2 + 2020-12-17 fa06894b36 [dev.regabi] cmd/compile: cleanup preparing for concrete types + 2020-12-17 5a4db102b2 html/template: avoid race when escaping updates template + 2020-12-16 b0f01e17f8 go/types: report error for invalid (but empty) expr switch + 2020-12-16 5abda2618b cmd/link: handle large relocation addend on darwin/arm64 + 2020-12-16 a318d56c1e cmd/link: pass arch-specific flags to external linker when testing supported flag + 2020-12-16 f4e7a6b905 cmd/internal/goobj: fix buglet in object file reader + 2020-12-16 75e16f5127 doc/go1.16: add link to reflect.StructTag + 2020-12-16 08b5091d03 net: close connection in localServer teardown + 2020-12-16 8981092d71 cmd/link: ignore SEH marking on PE objects + 2020-12-15 731bb54038 test: update for gofrontend error message changes + 2020-12-15 129bb1917b doc/go1.15: mention 1.15.3 cgo restriction on empty structs + 2020-12-15 685a322fe4 test: match gofrontend error messages + 2020-12-15 3d6467824c test: only require issue11674 errors with gc compiler + 2020-12-15 7cdc84a15b test: remove bug429 (duplicates runtime.TestSimpleDeadlock) + 2020-12-15 412dc2f4d3 test: adjust issue11371 to fit in required precision + 2020-12-15 8e2d74b705 test: only check for issue11362 error with gc + 2020-12-15 f8ac237032 test: import file name for issue19028 + 2020-12-15 a508840c67 doc/go1.16: fix path, path/filepath release notes + 2020-12-15 5046cb8a6e doc/go1.16: fix formatting in net, net/http and net/http/httputil sections + 2020-12-15 3298300ddf text/template: error on range over send channel + 2020-12-15 4c2d66f642 [dev.regabi] cmd/compile: use ir.Ident for imported identifiers + 2020-12-15 305d93ef84 [dev.regabi] cmd/compile: type check externdcl earlier + 2020-12-15 9f16620f46 [dev.regabi] cmd/compile: fix latent Sym.SetPkgDef issue + 2020-12-15 5a25a3fd1d test: recognize gofrontend error messages + 2020-12-14 fea898a4b0 [dev.regabi] cmd/compile: intercept the making of OADDR nodes + 2020-12-14 663cd862ed cmd/link: do not mark resource section as writable + 2020-12-14 48dfa2b2dc cmd/link: deal with ADDR32NB relocations the same way as ADDR32 on arm + 2020-12-14 033390d9ad cmd/link: recognize arm header of PE objects + 2020-12-14 48906a6d57 net/http/pprof: don't treat os.Args as format string in Cmdline handler + 2020-12-14 6e3cc5c56f go/types: report invalid ... in conversions + 2020-12-14 278b9a8a4a io/fs: fix package reference in FS godoc + 2020-12-14 617383377f [dev.regabi] cmd/compile: reorg generated array hash loop + 2020-12-14 d06794da4a doc/go1.16: add missing <code> tag + 2020-12-14 dea6d94a44 math/big: add test for recursive division panic + 2020-12-14 2f5b1a3974 test: make a race detector test robust to timing variations + 2020-12-14 c81343ce3a net/http: attempt deadlock fix in TestDisableKeepAliveUpgrade + 2020-12-14 828746ec57 debug/dwarf: don't try to parse addr/rnglists header + 2020-12-14 be10af7c4e test: match gofrontend error messages + 2020-12-14 89f38323fa [dev.regabi] cmd/compile: add register ABI analysis utilities + 2020-12-14 ce61ccca8f test: match gofrontend error messages + 2020-12-14 a58be734ea cmd/compile: fix incorrect shift count type with s390x rules + 2020-12-14 8ce37e4110 [dev.regabi] cmd/compile: fix noopt builder + 2020-12-14 7e17b46c58 [dev.regabi] cmd/compile/internal/types: add IsScalar query method + 2020-12-14 2b76429eb0 [dev.regabi] cmd/compile: refactor type initialization code into helper + 2020-12-14 9c5241e520 [dev.regabi] cmd/compile: remove unnecessary String methods + 2020-12-14 267975dc47 Merge branch 'master' into dev.regabi + 2020-12-14 64d8846aae cmd/go: print hint when 'go install' run without version outside module + 2020-12-14 451b6b38fd cmd/go: refactor error reporting in internal/load + 2020-12-14 0a02371b05 cmd/compile: set correct type for OpIData + 2020-12-11 41d8e61a6b doc: make clear that Go 1.4 is not required for bootstrap + 2020-12-11 14305527f6 cmd/compile: fix select statement evaluation order corner case + 2020-12-11 1341a3decd cmd/go: add documentation for the -overlay flag + 2020-12-11 e508c1c67b cmd/link/internal/loadelf: support additional ELF relocations on mips64 + 2020-12-11 58e381b0b2 cmd/vet: vendor in x/tools, update structtag vet check + 2020-12-10 e012d0dc34 syscall: drop references to Unix epoch in Timeval/Timespec docs + 2020-12-10 1fe891a937 doc/go1.16: add vet release note for CL 235677 + 2020-12-10 6d3d3fb37f doc/go1.16: address some remaining high-level TODOs + 2020-12-10 6a64f6dc31 cmd/go: encode backslash and newline in response files + 2020-12-10 985d91666c runtime/metrics: add a note about floating-point values to package docs + 2020-12-10 e0d20e52ee runtime/metrics: expand Read documention with caveats + 2020-12-10 d0f40d2922 runtime/metrics: add ordering line to supported metrics docs + 2020-12-10 6d2b3351f6 test: match gofrontend error messages + 2020-12-10 e5522c882d std: update golang.org/x/net to 20201209123823-ac852fbbde11 + 2020-12-10 422dc83baa database/sql: fix typo in comment + 2020-12-10 56b783ad94 cmd/go, cmd/asm: pass -linkshared to assembler for shared linkage builds + 2020-12-10 b110733327 cmd/link: reject too-large relocation addend on darwin/arm64 + 2020-12-10 0aba8f24cb cmd/link: truncate file after code signature + 2020-12-10 6c64b6db68 cmd/compile: don't constant fold divide by zero + 2020-12-09 89f465c2b5 go/types: avoid endless recursion in the Comparable predicate + 2020-12-09 f1980efb92 all: update to use os.ReadDir where appropriate + 2020-12-09 4f1b0a44cb all: update to use os.ReadFile, os.WriteFile, os.CreateTemp, os.MkdirTemp + 2020-12-09 63bc23b545 [dev.regabi] cmd/compile: first start towards using Ident + 2020-12-09 eae8fd519b [dev.regabi] cmd/compile: iexport debug crumbs for toolstash + 2020-12-09 837b35cc55 [dev.regabi] cmd/compile: adjust IR representations + 2020-12-09 0c49440664 [dev.regabi] cmd/compile: arrange for walkstmt, walkexpr, to return from switch cases + 2020-12-09 4090af83c5 [dev.regabi] cmd/compile: use reflection in ir.Dump + 2020-12-09 e2d278bfeb [dev.regabi] cmd/compile: two small fixes + 2020-12-09 5627a4dc30 runtime/metrics: simplify test to support more environments + 2020-12-09 db6032dd0c cmd/compile: fix message typo + 2020-12-09 854a2f8e01 net/http: add connections back that haven't been canceled + 2020-12-09 6fa06d960b runtime: prevent stack growth after fork in runtime.sigfillset + 2020-12-09 ae9b442df2 doc: add description of new framepointer vet check + 2020-12-08 31496cfde5 cmd/vet: vendor in x/tools, enable framepointer vet check + 2020-12-08 01b76d5fbc go/types: correct error position for inherited const init expressions + 2020-12-08 48d6275952 doc/go1.16: improve channel race detector changes description + 2020-12-08 dbf2fc8cff [dev.regabi] cmd/compile: replace many uses of ir.Node with *ir.Name + 2020-12-08 bb31c75343 [dev.regabi] cmd/compile: ir.Node is no longer an ssa.Aux + 2020-12-08 6db970e20a [dev.regabi] cmd/compile: rewrite Aux uses of ir.Node to *ir.Name [generated] + 2020-12-08 1c8943a6ad [dev.regabi] cmd/compile: introduce FwdRefAux for wrapping ir.Node as ssa.Aux + 2020-12-08 9c91cab0da runtime: correct sigfwd on openbsd/mips64 + 2020-12-08 dcec658f6c [dev.regabi] cmd/compile: change LocalSlot.N to *ir.Name + 2020-12-08 1a98ab0e2d [dev.regabi] cmd/compile: add ssa.Aux tag interface for Value.Aux + 2020-12-07 6362d01c15 doc/go1.16: update linker stats + 2020-12-07 9b8c272558 reflect: document multiple keys in struct tags + 2020-12-07 63722da46b [dev.regabi] cmd/compile: fix comment + 2020-12-07 7ad6596c47 io/fs: fix Sub method error text + 2020-12-07 6d783e7440 [dev.regabi] cmd/compile: export all Node fields [generated] + 2020-12-07 2de0af3b1b [dev.regabi] cmd/compile: prepare mknode for rename of Func.body + 2020-12-07 724374f859 [dev.regabi] cmd/compile: rewrite stale format strings + 2020-12-07 61889ba680 [dev.regabi] cmd/compile: simplify fmtmap + 2020-12-07 6ea2b8c54c [dev.regabi] cmd/compile: clean up and document formatting + 2020-12-07 bb4a37bd93 [dev.regabi] cmd/compile: move Type, Sym printing to package types [generated] + 2020-12-07 70155cca81 [dev.regabi] cmd/compile: untangle FmtFlag, FmtMode + 2020-12-07 3904a62829 [dev.regabi] cmd/compile: remove mode.Sprintf etc in printer + 2020-12-07 fb17dfa43d [dev.regabi] cmd/compile: narrow interface between ir and types + 2020-12-07 3b25f3c150 [dev.regabi] cmd/compile: simplify Op, Node, Nodes printing + 2020-12-07 8ce2605c5b [dev.regabi] cmd/compile: untangle ir.Dump printing + 2020-12-07 158c9dd131 [dev.regabi] cmd/compile: reorganize ir/fmt.go + 2020-12-07 a79742f39a [dev.regabi] cmd/compile: remove "short" node header mode + 2020-12-07 ef5964dd6b [dev.regabi] cmd/compile: arrange for typecheck1 to end in switch + 2020-12-07 dcc640e839 [dev.regabi] test: add exhaustive test of evaluated but not used + 2020-12-07 2cec6c4a8c [dev.regabi] cmd/compile: generate Node methods using program + 2020-12-07 50cdb2d8e9 runtime/cgo: fix building on musl + 2020-12-07 8d34585171 doc/go1.16: announce openbsd/mips64 port + 2020-12-07 9c0e2db051 test: add new test that gofrontend failed to handle + 2020-12-07 7f9a2bc2bc doc/go1.16: fix typo + 2020-12-07 ac0ba6707c doc/go1.16: add missing </a> tag + 2020-12-07 c155931974 internal/cpu: add darwin/arm64 CPU feature detection support + 2020-12-07 d90b199e9c [dev.regabi] cmd/compile: silence errors about missing blank methods + 2020-12-07 e10c94af26 doc/go1.16: document riscv64 port changes + 2020-12-06 e885df2731 [dev.regabi] cmd/compile: change iexport to avoid map[ir.Node] + 2020-12-06 2d4c95565a [dev.regabi] cmd/compile: change nowritebarrierrec to use map[*ir.Func] + 2020-12-06 1b5eed8982 [dev.regabi] cmd/compile: replace NodeQueue with NameQueue + 2020-12-06 6c5967e528 [dev.regabi] cmd/compile: change NodeSet to NameSet + 2020-12-05 3b2a578166 internal/cpu: fix typo in cpu_arm64.go + 2020-12-05 be9379f8a8 syscall: correct CertOpenStore to expect a 0 return value on failure + 2020-12-04 4de4480dc3 doc/go1.16: cleanup crypto release notes + 2020-12-04 0b99ea3b16 cmd/vendor: sync pprof@v0.0.0-20201203190320-1bf35d6f28c2 + 2020-12-04 46b6e70e3b [dev.regabi] cmd/compile: replace ir.Node with *ir.Name in Order + 2020-12-04 b75f51c645 [dev.regabi] cmd/compile: replace ir.Node with *ir.Name in Liveness + 2020-12-04 133b03e1c3 [dev.regabi] cmd/compile: rewrite code to use DeclaredBy + 2020-12-04 d9cb84c84b [dev.regabi] cmd/compile: add SameSource, Uses, and DeclaredBy helpers + 2020-12-04 edf60be151 doc/go1.16: document no language changes + 2020-12-04 5dbd2e8e44 [dev.regabi] cmd/compile: remove DeepCopyNode interface + 2020-12-04 9ab3d854ad [dev.regabi] cmd/compile: avoid general traversal in deadcode + 2020-12-04 bb5aa2b664 [dev.regabi] cmd/compile: implement editChildren for nodes + 2020-12-04 4725c3ffd1 [dev.regabi] cmd/compile: implement doChildren for nodes + 2020-12-04 18f2df7e81 [dev.regabi] cmd/compile: implement copy for nodes + 2020-12-04 d855b30fe4 [dev.regabi] cmd/compile: use ir.EditChildren for inline rewriting + 2020-12-04 b9df26d7a8 [dev.regabi] cmd/compile: use ir.Find for "search" traversals + 2020-12-04 0d1b44c645 [dev.regabi] cmd/compile: introduce IR visitors + 2020-12-04 7fcf5b994c [dev.regabi] cmd/compile: replace inlcopy with ir.DeepCopy + 2020-12-04 989a3f5041 [dev.regabi] cmd/compile: adjustments to Copy and DeepCopy + 2020-12-04 99ecfcae31 [dev.regabi] cmd/compile: swap inlining order of if then vs else blocks + 2020-12-04 478bde3a43 io/fs: add Sub + 2020-12-04 5d4569197e cmd/go/internal/modload: fix minor errors in comments + 2020-12-04 21cfadf0dc runtime: avoid receiving preemotion signal while exec'ing + 2020-12-04 7358064508 doc/go1.16: preannounce dropping macOS 10.12 support + 2020-12-04 37588ffcb2 cmd/go, embed: exclude .* and _* from embedded directory trees + 2020-12-04 b67b7ddabc doc/go1.16: add reflect changes to release notes + 2020-12-04 cc386bd05a doc/go1.16: fix broken <code> tag + 2020-12-04 84cb51d7d7 [dev.regabi] cmd/compile: eliminate more SetOrig + 2020-12-04 2c2980aa0c doc/go1.16: pre-announce GODEBUG=x509ignoreCN=0 removal in Go 1.17 + 2020-12-03 37a32a1833 cmd/compile: make sure address of offset(SP) is rematerializeable + 2020-12-03 b78b427be5 runtime, time: strictly enforce when, period constraints + 2020-12-03 b635e4b808 time, runtime: don't set timer when = 0 + 2020-12-03 4eb7ceba06 doc/go1.16: update runtime and compiler sections + 2020-12-03 bacb307b80 test: match gofrontend error messages + 2020-12-03 7f5a3196c9 cmd/go/internal/modload: rename constants to reflect that lazy loading is not yet implemented + 2020-12-03 351bc2f38c [dev.regabi] cmd/compile: store types.Field on {Selector,CallPart}Expr + 2020-12-03 bdc9a837e9 doc/go1.16: add path, path/filepath changes to release notes + 2020-12-03 9b0e8a2c95 doc/go1.16: tidy darwin/arm64 port section + 2020-12-03 b1369d5862 math/big: remove the s390x assembly for shlVU and shrVU + 2020-12-03 a2058bac21 [dev.regabi] cmd/compile: add ConstExpr + 2020-12-03 beb5e05404 [dev.regabi] cmd/compile: refactoring prep for ConstExpr + 2020-12-03 7e81135be7 [dev.regabi] cmd/compile: rename addinit(n, init) to initExpr(init, n) + 2020-12-03 6e30fc10fc [dev.regabi] all: merge master (d0c0dc682c1f) into dev.regabi + 2020-12-03 dda2991c2e internal/cpu: disable FMA when OSXSAVE is not enabled on x86 + 2020-12-03 58768ae15b test: match gccgo error messages + 2020-12-03 59b8916d48 [dev.regabi] cmd/compile: handle OCONVNOP better in ssa + 2020-12-03 932733d421 doc/go1.16: document embed, io/fs, runtime/metrics + 2020-12-03 c519b156fc doc/go1.16: more release notes + 2020-12-03 5246fa5e75 mime/multipart: handle ReadForm(math.MaxInt64) better + 2020-12-03 07cba70d57 cmd/compile, runtime: use __msan_memmove for moving data, split msanread to fields + 2020-12-03 d0c0dc682c doc/go1.16: document os package changes + 2020-12-03 00e5727790 [dev.regabi] cmd/compile: remove okAs + 2020-12-03 5a3b6796cd [dev.regabi] cmd/compile: remove extra typ field in Name struct + 2020-12-03 da54dfb6a1 doc/go1.16: document new behavior of asn1.Unmarshal on invalid argument + 2020-12-03 78e442ea79 doc/go1.16: add encoding/json note for tag change + 2020-12-02 f26f227f66 doc/go1.16: add crypto/tls Config.Clone note + 2020-12-02 64bc656aed [dev.regabi] cmd/compile: use explicit block statements for init + 2020-12-02 48838c35dc go/parser: ignore subdirectories in ParseDir + 2020-12-02 2d0258d495 crypto/ed25519/internal/edwards25519: fix typo in comments + 2020-12-02 ecc8d15bc5 [dev.regabi] cmd/compile: delete OEMPTY + 2020-12-02 ec5f349b22 [dev.regabi] cmd/compile: merge OBLOCK and OEMPTY + 2020-12-02 05ddb879c7 cmd/go: fix TestNewReleaseRebuildsStalePackagesInGOPATH + 2020-12-02 ac38af2f3d cmd/go: stop tests from using network during -short + 2020-12-02 3d913a9266 os: add ReadFile, WriteFile, CreateTemp (was TempFile), MkdirTemp (was TempDir) from io/ioutil + 2020-12-02 5984ea7197 doc: update signal.Notify example to use buffered channel + 2020-12-02 10240b9d6b cmd/go: fix unbuffered channel passed to signal.Notify + 2020-12-02 c32140fa94 all: update to use filepath.WalkDir instead of filepath.Walk + 2020-12-02 0433845ad1 cmd/asm, cmd/internal/obj/riscv: fix branch pseudo-instructions + 2020-12-02 c769d393de [dev.regabi] cmd/compile: add ir.NewDeclNameAt + 2020-12-02 c10b0ad628 [dev.regabi] cmd/compile: add Pkg parameter to type constructors + 2020-12-02 42e46f4ae0 [dev.regabi] cmd/compile: comment out //go:linkname warning + 2020-12-02 77a71e0057 [dev.regabi] cmd/compile: add Interface, Signature, and Struct constructors + 2020-12-02 15085f8974 [dev.regabi] cmd/compile: tweak hash bucket type descriptor + 2020-12-02 73e796cb00 test: match gofrontend error messages + 2020-12-01 cf7aa585ac cmd/link: invalidate kernel cache on darwin + 2020-12-01 8cd35e00bd cmd/internal/buildid: update Mach-O code signature when rewriting buildid + 2020-12-01 6f84993e90 cmd/link: code-sign on darwin/arm64 + 2020-12-01 4826abb6c2 cmd/compile: do not assume TST and TEQ set V on arm + 2020-12-01 283d65413d encoding/json: revert "add "json: " prefix to SyntaxError messages" + 2020-12-01 1408d26ccc [dev.regabi] cmd/compile: cleanup some leftover cruft + 2020-12-01 7fca39aa05 cmd/internal/buildid: exclude Mach-O code signature in hash calculation + 2020-12-01 7430266af4 cmd/internal/codesign: new package + 2020-12-01 20e251864b cmd: update golang.org/x/mod to v0.4.0 + 2020-12-01 933ce97bba cmd/go: don't print deprecation notice for 'go get exe' + 2020-12-01 50b16f9de5 net/http: allow upgrading non keepalive connections + 2020-12-01 212d385a2f net/http: ignore connection closes once done with the connection + 2020-12-01 4ef78b09c9 doc/go1.16: add runtime/debug changes to release notes + 2020-12-01 ae3bfba626 doc/go1.16: add text/template changes to release notes + 2020-12-01 5ffa275f3c [dev.regabi] cmd/compile: first pass at abstracting Type + 2020-12-01 dd4a52c2a5 doc/go1.16: add multiple release notes for the go command + 2020-12-01 6ca23a45fe [dev.regabi] cmd/compile: only save ONAMEs on Curfn.Dcl + 2020-12-01 a17c5e2fce [dev.regabi] cmd/compile: add NewBasic and cleanup universe + 2020-12-01 f37aa5e4e2 [dev.regabi] cmd/compile: add NewNamed + 2020-12-01 63a6f08b39 [dev.regabi] cmd/compile: move setUnderlying to package types + 2020-12-01 f2311462ab [dev.regabi] cmd/compile: cleanup type-checking of defined types + 2020-12-01 2d6ff998ed [dev.regabi] cmd/compile: process //go:linknames after declarations + 2020-12-01 ecff7628ea [dev.regabi] cmd/compile: unexport Node.RawCopy + 2020-12-01 4da41fb3f8 [dev.regabi] cmd/compile: use ir.Copy instead of direct use of RawCopy + 2020-12-01 dadfc80bc1 [dev.regabi] cmd/compile: improve findTypeLoop + 2020-12-01 f5978a0958 cmd/internal/obj/riscv: add tests for BGE/BGEU/BLT/BLTU + 2020-12-01 a36ba090fd cmd/link/internal/amd64: always generate R_X86_64_PLT32 for SDYNIMPORT calls + 2020-12-01 f3741bdf7c doc/go1.16: add crypto/x509 note about Verify on Windows + 2020-12-01 45f3b646d4 [dev.regabi] cmd/compile: add OSTMTEXPR Op + 2020-12-01 9a5a11adfa [dev.regabi] cmd/compile: add custom expression Node implementations + 2020-12-01 0ecf769633 cmd/compile: do not mark OpSP, OpSB pos for debugging + 2020-12-01 0f9f27287b [dev.regabi] cmd/compile: remove types.InitSyms + 2020-11-30 41ad4dec99 [dev.regabi] cmd/compile: fix -h + 2020-11-30 ffa68716a0 [dev.regabi] cmd/compile: add custom statement Node implementations + 2020-11-30 2bc814cd18 [dev.regabi] cmd/compile: clean up ONEW node + 2020-11-30 b7f67b75d2 [dev.regabi] cmd/compile: clean up in preparation for expression Nodes + 2020-11-30 5fc192af56 [dev.regabi] cmd/compile: clean up Order.copyExpr TODO + 2020-11-30 7c9b6b1ca2 [dev.regabi] cmd/compile: clean up in preparation for statement Nodes + 2020-11-30 7f688d18c0 runtime: mlock signal stack on macOS/ARM64 + 2020-11-30 c6de5d8d1f [dev.regabi] cmd/compile: simplify export data representation of nil + 2020-11-30 d2b436d95d cmd/go: fix infinite loop in modload.keepSums + 2020-11-30 4f42a9b76b net: add note about disabling loopback in ListenMulticastUDP() + 2020-11-30 7b192f33cf cmd/go: remove trailing whitespace from test script + 2020-11-30 848dff6dda test: update gofrontend expected errors + 2020-11-30 a45e12fd4b test: recognize gofrontend error messages + 2020-11-30 d6abf298cf test: recognize new gofrontend error message + 2020-11-30 ae1a337809 [dev.regabi] cmd/compile: remove ODCLFIELD and ODDD ops + 2020-11-30 4e7685ef1a [dev.regabi] cmd/compile: add custom type syntax Node implementations + 2020-11-30 d40869fced [dev.regabi] cmd/compile: move gc.treecopy to ir.DeepCopy + 2020-11-30 f0001e8867 [dev.regabi] cmd/compile: add OTSLICE Op + 2020-11-30 1b84aabb01 [dev.regabi] cmd/compile: move typenod, typenodl to ir.TypeNode, ir.TypeNodeAt [generated] + 2020-11-30 e5c6463e20 [dev.regabi] cmd/compile: add ir.CallPartExpr + 2020-11-30 4eaef981b5 [dev.regabi] cmd/compile: add ir.Closure, ir.ClosureRead + 2020-11-30 e84b27bec5 [dev.regabi] cmd/compile: clean up Name and Func uses + 2020-11-30 c4bd0b7474 [dev.regabi] cmd/compile: make ir.Func the ODCLFUNC Node implementation + 2020-11-30 65ae15ac5d [dev.regabi] cmd/compile: move func code from node.go to func.go + 2020-11-30 862f638a89 [dev.regabi] cmd/compile: make ir.Name the ONAME Node implementation + 2020-11-30 f6106d195d [dev.regabi] cmd/compile: add ir.PkgName + 2020-11-30 420809ab08 [dev.regabi] cmd/compile: move name code from node.go to name.go + 2020-11-30 be3d8b40b5 [dev.regabi] cmd/compile: ir.BranchStmt, add ir.EmptyStmt, ir.LabelStmt + 2020-11-30 b09dbc6913 [dev.regabi] cmd/compile: remove SetOp(OEMPTY) calls + 2020-11-30 171787efcd [dev.regabi] cmd/compile: remove Orig, SetOrig from Node interface + 2020-11-30 79a3d5ce15 [dev.regabi] cmd/compile: setup for new Node implementations + 2020-11-30 0c65a2f317 [dev.regabi] cmd/compile: drop Node.HasOpt method + 2020-11-30 65f4ec2fae [dev.regabi] cmd/compile: cleanup label handling + 2020-11-30 c193279e2c os: return proper user directories on iOS + 2020-11-30 294c214cca runtime: gofmt + 2020-11-30 e5da18df52 os/exec: constrain thread usage in leaked descriptor test on illumos + 2020-11-28 4ce0a7cea6 runtime/pprof: ignore test failures on windows/arm + 2020-11-28 358d35455d bufio: make string(int) conversion safer + 2020-11-28 b94346e69b test: match gofrontend error messages + 2020-11-27 cb84d831c9 cmd/link: mark windows/arm as all PIE + 2020-11-27 0252cfd84d runtime: adjust address calculation in identifying abort on windows/arm + 2020-11-27 91f77ca2f8 runtime: return 0 from C function in test + 2020-11-26 926994fd7c log: make Default doc comment consistent with package doc + 2020-11-26 f0ff6d4a67 reflect: fix Value.Convert for int-to-string conversions (regression) + 2020-11-25 88e33f6ecb [dev.regabi] cmd/compile: fix latent import/export issue with break/continue + 2020-11-25 40f5bc4d55 [dev.regabi] merge master 4481ad6eb6 into dev.regabi + 2020-11-25 4481ad6eb6 doc/go1.16: consolidate stdlib changes in "Minor changes" section + 2020-11-25 ef603bead5 cmd/dist: restore GOARM=7 default for android/arm + 2020-11-25 41f3af9d04 [dev.regabi] cmd/compile: replace *Node type with an interface Node [generated] + 2020-11-25 4d0d9c2c5c [dev.regabi] cmd/compile: introduce ir.INode interface for *ir.Node + 2020-11-25 c26aead50c [dev.regabi] cmd/compile: convert types.Node (a pointer) to types.IRNode (an interface) + 2020-11-25 acb4d1cef1 [dev.regabi] cmd/compile: use Node getters and setters [generated] + 2020-11-25 41ab6689ed [dev.regabi] cmd/compile: rewrite a few ++/--/+=/-= to prep for getters/setters [generated] + 2020-11-25 048debb224 [dev.regabi] cmd/compile: remove gc ↔ ssa cycle hacks + 2020-11-25 84e2bd611f [dev.regabi] cmd/compile: introduce cmd/compile/internal/ir [generated] + 2020-11-25 331b8b4797 [dev.regabi] cmd/compile: move okforconst into its own declaration + 2020-11-25 26b66fd60b [dev.regabi] cmd/compile: introduce cmd/compile/internal/base [generated] + 2020-11-25 eb3086e5a8 [dev.regabi] cmd/compile: finish cleanup of Debug parsing + 2020-11-25 3c240f5d17 [dev.regabi] cmd/compile: clean up debug flag (-d) handling [generated] + 2020-11-25 9dc2350d8c doc/go1.16: add time/tzdata release note for CL 261877 + 2020-11-25 756661c82a [dev.regabi] cmd/compile: finish cleanup of Flag initialization + 2020-11-25 b9365488f0 cmd/internal/objabi: assume GOARM=7 on Android + 2020-11-25 df68e01b68 runtime: check channel's elemsize before calling race detector + 2020-11-25 259fd8adbb [dev.regabi] cmd/compile: fix reporting of overflow + 2020-11-25 1d3baf20dc regexp/syntax: add note about Unicode character classes + 2020-11-25 18573aea3c [dev.regabi] cmd/compile: clean up flag handling [generated] + 2020-11-25 6e583d65ab [dev.regabi] cmd/compile: simplify fmt handling of Nodes + 2020-11-25 d166ef6876 [dev.regabi] cmd/compile: add Node field getters and setters + 2020-11-25 750b3729dc go/constant: MakeFloat64(0) must return a value of Float kind + 2020-11-25 9262909764 [dev.regabi] cmd/compile: rewrite problematic use of Node fields + 2020-11-25 9e0e43d84d [dev.regabi] cmd/compile: remove uses of dummy + 2020-11-25 4a6b4fd139 [dev.regabi] add FatalfAt and fix Fatalf docs + 2020-11-25 484449c641 [dev.regabi] cmd/compile: remove file mistakenly added by CL 272248 + 2020-11-25 1308f11897 cmd/link: add relocation type R_AARCH64_LDST16_ABS_LO12_NC for arm64 + 2020-11-25 f6dcc975f7 go/constant: make constant.Make produce "smallest" const representation + 2020-11-25 7d72951229 [dev.regabi] cmd/compile: replace Val with go/constant.Value + 2020-11-24 e8de596f04 runtime: use inlined function name for traceback elision + 2020-11-24 ba2adc21e8 runtime/testdata/testprogcgo: refactor CrashTraceback + 2020-11-24 6826287c6b [dev.regabi] cmd/compile: replace evconst with non-mutating version + 2020-11-24 c22bc745c3 [dev.regabi] cmd/compile: delete n.List after collapsing OADDSTR to OLITERAL + 2020-11-24 ee6132a698 [dev.regabi] cmd/compile: introduce OMETHEXPR instead of overloading ONAME + 2020-11-24 4f9d54e41d [dev.regabi] cmd/compile: add OMETHEXPR + 2020-11-24 fd11a32c92 [dev.regabi] cmd/compile: clean up Node.Func + 2020-11-24 8e2106327c [dev.regabi] cmd/compile: clean up tests to know less about Node + 2020-11-24 65dcd15c72 doc/go1.16: fill in Go 1.16 release note TODOs using relnote + 2020-11-24 742c05e3bc [dev.regabi] cmd/compile: prep refactoring for switching to go/constant + 2020-11-24 015423a15b [dev.regabi] strconv: add to bootstrap packages + 2020-11-24 c767d73227 [dev.regabi] cmd/compile: remove CTRUNE + 2020-11-24 6dae48fb0b [dev.regabi] cmd/compile: refactor type/value assertions + 2020-11-24 88a9e2f9ad [dev.regabi] cmd/compile: replace CTNIL with ONIL + 2020-11-24 4af2decf30 [dev.regabi] cmd/compile: add (unused) ONIL constant + 2020-11-24 668e3a598f [dev.regabi] cmd/compile: cleanup type switch typechecking + 2020-11-24 96f3fb7244 [dev.regabi] go/constant: avoid heap allocations in match + 2020-11-24 1abb12fc97 [dev.regabi] go/constant: optimize BitLen + 2020-11-24 228b732ad9 [dev.regabi] cmd/compile: prepare for package ir + 2020-11-24 e37597f7f0 [dev.regabi] cmd/compile: rename a few 'base' identifiers + 2020-11-24 357c576878 [dev.regabi] cmd/compile: clean up error API + 2020-11-24 5fd949e4bd [dev.regabi] cmd/compile: initialize importMap lazily + 2020-11-24 7b144ed4f7 [dev.regabi] cmd/compile: rewrite concurrentFlagOk to be clearer + 2020-11-24 6965b01ea2 runtime: allow for usleep2HighRes to run without TLS setup + 2020-11-24 7dc5d909fb cmd/compile: set OpLoad argument type interface{} correctly + 2020-11-24 c754f25241 [dev.regabi] cmd/compile/internal/types: remove Func.Nname + 2020-11-24 c50c7a8c06 [dev.regabi] cmd/compile/internal/gc: refactor to use stop using Func.Nname + 2020-11-24 d5928847de [dev.regabi] cmd/compile/internal/gc: prep for Func.Nname removal refactoring + 2020-11-24 b30c7a8044 [dev.regabi] cmd/compile/internal/gc: add MethodName for getting referenced method + 2020-11-24 e1047302bd [dev.regabi] cmd/compile/internal/types: add pos/sym/typ params to NewField + 2020-11-24 762eda346a go/types: fix incorrect string(int) conversion (regression) + 2020-11-23 48a1a51898 runtime/metrics: tweak wording of stack and unused memory metrics + 2020-11-23 d902791b50 sync: use 386 instead of x86-32 to refer to the 32 bit x86 architecture + 2020-11-21 9ea6364a5e cmd/compile: add test for 42753 + 2020-11-21 f7342596da syscall: add DLLError.Unwrap function + 2020-11-21 f93ef07b11 cmd/go/internal/modload: remove the Reqs function + 2020-11-21 3f5a97514b cmd/go/internal/modload: remove a stale comment for EditBuildList + 2020-11-20 78e59bb1f7 cmd/go: support the -overlay flag for go mod commands + 2020-11-20 c47eac7db0 cmd/cgo, cmd/internal/pkgpath: support gofrontend mangler v3 + 2020-11-20 3fd4917472 doc: fix misspelling of “initialization” in diagnostics.html + 2020-11-20 676f0a45ed cmd/go: support overlaying go.mod files + 2020-11-20 a19c925eda cmd/go: recommend 'go get' command to switch from retracted versions + 2020-11-20 c306fd6d0b cmd/compile: allow loading single field of typed-interface{} OpIData + 2020-11-20 5e58ae43be cmd/go: report changes and resolved versions in 'go get' + 2020-11-20 012efc67f2 cmd/go/internal/modload: ignore selected version in checkRetractions + 2020-11-20 9264067a41 cmd/go: remove ListModules call in runGet + 2020-11-20 cb3f84ad25 cmd/go/internal/modload: eliminate LoadedModules + 2020-11-20 8bbd8294d0 cmd/go/internal/work: remove a redundant call to modload.LoadedModules + 2020-11-20 66c0264506 net, internal/poll: reset value before adding in minor kernel version + 2020-11-20 0dcc7d6ea8 go/types: use correct error position + 2020-11-20 c72a448881 go/types: fix error message for consistency + 2020-11-20 7eed73f36f go/types, go/constant: handle infinities as unknown values + 2020-11-19 f3ce010b33 io/fs: make WalkDirFunc parameter name consistent with doc comment + 2020-11-19 59f5fdac5d runtime/metrics: clarify Read's documentation + 2020-11-19 add45938b5 runtime/metrics: clarify memory and GC metrics documentation + 2020-11-19 498d8d5371 cmd/go/internal/work: avoid modload.Selected in 'go install pkg@version' + 2020-11-19 e73697b710 cmd/go: fix failing gccgo cases in TestScript/build_overlay + 2020-11-19 cb674b5c13 cmd/compile,cmd/asm: fix function pointer call perf regression on ppc64 + 2020-11-19 c31540364c cmd/compile: flag "-d=dumpptrs" to print Node ptrs in Dump output + 2020-11-19 4d048194cd runtime: support new callbackasm1 calling convention on windows/arm + 2020-11-19 5ba1c3f290 cmd/go/internal/modload: remove SetBuildList + 2020-11-19 ff2824d4b3 cmd/go/internal/modcmd: eliminate a call to modload.LoadedModules + 2020-11-19 0bb6115dd6 internal/fmtsort: sort the unsafe pointers in map + 2020-11-19 96b943a483 go/types: report an error for invalid constant values + 2020-11-18 35693d037f cmd/compile: fix miscompilation during inlining + 2020-11-18 5b0ec1a6ac cmd/compile: fix panic in field tracking logic + 2020-11-18 b4f3d52f6a sync: document RWMutex race semantics + 2020-11-18 b63db7f724 runtime: give test child time to block + 2020-11-18 ae76f6e962 runtime: use clock_gettime instead of gettimeofday on darwin + 2020-11-18 ee1b51294a runtime: use pipe2 syscall for Pipe in tests + 2020-11-18 d3072b8383 cmd/go: in 'go get', only load retractions for resolved versions + 2020-11-18 b194b5151f cmd/link: recompute heapPos after copyHeap + 2020-11-18 64ef84881f cmd/go: fix retract interval syntax in 'go help mod edit' + 2020-11-18 399b5d14d4 cmd/compile: stop MOVW-ing -1 as SRA shift amount in mips + 2020-11-18 a14e7bf6d4 go/ast: document invalid comment end positions with CRLF line endings + 2020-11-18 bcfaeca58c time: in NewTicker, document that the 1st tick comes after d + 2020-11-17 041a4e4c34 go/types: add test case for incorrect map index expression + 2020-11-17 05082c90d5 cmd/compile: clean up buggy DWARF inlined info PC ranges + 2020-11-17 01df2febf5 cmd/go: allow querying other versions of the main module + 2020-11-17 0968d2d599 cmd/go/internal/modget: clarify error for 'go get' without arguments + 2020-11-17 3e56bad13b cmd/go: revert "in 'go get', only load retractions for resolved versions" + 2020-11-17 0ae3b7cb74 cmd/compile: fix rules regression with shifts on PPC64 + 2020-11-16 869e2957b9 cmd/go: update 'go help mod init' + 2020-11-16 97700baf8b cmd/go: in 'go get', only load retractions for resolved versions + 2020-11-16 38367d098e cmd/link/internal/ld: dedup shared libraries on openbsd + 2020-11-16 d834ecec86 runtime/race: reject runtime fatal error in tests + 2020-11-16 0932dc2118 runtime: declare arg size/map for race version of sync/atomic functions + 2020-11-16 d70a33a40b cmd/go/internal/work: add missing newline to go version note + 2020-11-16 c7233dd063 cmd/go: permit wrongly rejected -Wl,-O... linker flags + 2020-11-16 f2eea4c1dc cmd/compile: mask SLL,SRL,SRAconst shift amount + 2020-11-14 92c732e901 cmd/compile: fix load of interface{}-typed OpIData in expand_calls + 2020-11-14 782cf560db cmd/go: permit CGO_LDFLAGS to appear in //go:ldflag + 2020-11-13 4f63e0a1f8 cmd/compile: update comments only for Node types and some functions + 2020-11-13 86954d5246 cmd/compile: mark plugin-exported types as used in interface + 2020-11-13 f423d616b1 cmd/cgo: fix initialization of empty argument types + 2020-11-13 35455fff0e runtime: swap the order of raceacquire() and racerelease() + 2020-11-13 31f71506d7 syscall: use correct type for TIOCSPGRP/TIOCGPGRP + 2020-11-12 30ba798093 cmd/go: use overlaid path contents in build cache + 2020-11-12 f016172dbe cmd/go: pass in overlaid paths for .s files + 2020-11-12 60b1253293 cmd/go: pass in overlaid file paths to C compiler + 2020-11-12 062e0e5ce6 cmd/go, cmd/cgo: don't let bogus symbol set cgo_ldflag + 2020-11-12 1e1fa5903b math/big: fix shift for recursive division + 2020-11-12 b34b0aaf69 cmd/go: skip TestScript/build_plugin_non_main on platforms that do not support -buildmode=plugin + 2020-11-12 c167635a6e cmd/compile: gofmt + 2020-11-12 e75aef80ca cmd/go: migrate away from semver.Max + 2020-11-12 9ef65ff137 cmd/compile: do not emit an extra debug_line entry for the end of seq addr + 2020-11-12 4bc5f6f45f cmd/link: put DYLD_INFO at beginning of LINKEDIT segment on darwin + 2020-11-12 d7974c31d0 os: gofmt + 2020-11-11 141fa337ad bytes: add example for (*Buffer).Bytes + 2020-11-11 f2e58c6d42 syscall: improve TestSetuidEtc() /proc/ parsing against races + 2020-11-11 4c174a7ba6 testing: reduce memory allocation in Helper + 2020-11-11 b641f0dcf4 os: clarify that IsExist and friends do not use errors.Is + 2020-11-11 26a860706a doc/go1.16: add crypto/x509 CSR release note + 2020-11-11 28437546f4 cmd/go: don't copy cgo files to objdir when overlay is present + 2020-11-11 c906608406 io/fs: fix reference to WalkFunc + 2020-11-11 f2e186b877 all: update vendored dependencies for Go 1.16 release + 2020-11-10 8f2db14cd3 cmd/go: release note for -mod=readonly by default + 2020-11-10 b2ef159db2 cmd/go: introduce the GOVERSION env variable + 2020-11-10 1948c00b6e doc/go1.16: add release notes for darwin ports + 2020-11-10 da3957ad0d Revert "cmd/go: don't copy cgo files to objdir when overlay is present" + 2020-11-10 0e0a872a76 runtime: add lock rank partial order edge pollDesc -> spanSetSpine + 2020-11-10 c68745b130 runtime: add lock rank partial order edge sweep -> mspanSpecial + 2020-11-10 e3de852f3e cmd/go: don't copy cgo files to objdir when overlay is present + 2020-11-10 189931296f cmd/internal/obj/s390x: fix SYNC instruction encoding + 2020-11-10 81322b9191 runtime/race: remove race from TestNoRaceAfterFunc2 + 2020-11-10 1c7650aa93 internal/poll: use copy_file_range only on Linux kernel >= 5.3 + 2020-11-10 1642cd78b5 cmd/go: update test_race_install expected output for CL 266368 Change-Id: I7ce5350ac9d0647236f1061a540c6751fb9faae9 |
||
|
Johan Brandhorst
|
8649b4ade4 |
crypto/tls: revert "add HandshakeContext method to Conn"
This reverts CL 246338. Reason for revert: waiting for 1.17 release cycle Updates #32406 Change-Id: I074379039041e086c62271d689b4b7f442281663 Reviewed-on: https://go-review.googlesource.com/c/go/+/269697 Run-TryBot: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com> Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Trust: Katie Hockman <katie@golang.org> Trust: Roland Shoemaker <roland@golang.org> |