diff options
author | Ian Lance Taylor <ian@gcc.gnu.org> | 2019-02-26 01:00:39 +0000 |
---|---|---|
committer | Ian Lance Taylor <ian@gcc.gnu.org> | 2019-02-26 01:00:39 +0000 |
commit | 99e20ba51d5b0785c7e98244d2901853d9fb3b41 (patch) | |
tree | d86fa5d601b8bc3629b3820df4d5e7042853453f | |
parent | e5e9b91bc61da0bdb58c6577c319e61a3ed04b17 (diff) | |
download | gcc-99e20ba51d5b0785c7e98244d2901853d9fb3b41.zip gcc-99e20ba51d5b0785c7e98244d2901853d9fb3b41.tar.gz gcc-99e20ba51d5b0785c7e98244d2901853d9fb3b41.tar.bz2 |
libgo: update to Go1.12rc1
Reviewed-on: https://go-review.googlesource.com/c/162881
From-SVN: r269202
68 files changed, 2058 insertions, 236 deletions
diff --git a/gcc/go/gofrontend/MERGE b/gcc/go/gofrontend/MERGE index a1cd924..fc7c178 100644 --- a/gcc/go/gofrontend/MERGE +++ b/gcc/go/gofrontend/MERGE @@ -1,4 +1,4 @@ -45a2e231958854fd945961f0335ac0805d502510 +51d2cb40a6475b126ed66cefa2aa6c8dbdc806d0 The first line of this file holds the git revision number of the last merge done from the gofrontend repository. diff --git a/libgo/MERGE b/libgo/MERGE index 4674467..bf071a3 100644 --- a/libgo/MERGE +++ b/libgo/MERGE @@ -1,4 +1,4 @@ -4b3f04c63b5b1a1bbc4dfd71c34341ea4e935115 +1af509d46e31a14e7ff17e23b1fd84250976b405 The first line of this file holds the git revision number of the last merge done from the master library sources. diff --git a/libgo/VERSION b/libgo/VERSION index b23185d..c13493b 100644 --- a/libgo/VERSION +++ b/libgo/VERSION @@ -1 +1 @@ -go1.12beta2 +go1.12rc1 diff --git a/libgo/go/cmd/cgo/gcc.go b/libgo/go/cmd/cgo/gcc.go index a842972..7db702f 100644 --- a/libgo/go/cmd/cgo/gcc.go +++ b/libgo/go/cmd/cgo/gcc.go @@ -1139,14 +1139,19 @@ func (p *Package) mangle(f *File, arg *ast.Expr) (ast.Expr, bool) { } // checkIndex checks whether arg has the form &a[i], possibly inside -// type conversions. If so, it writes +// type conversions. If so, then in the general case it writes // _cgoIndexNN := a // _cgoNN := &cgoIndexNN[i] // with type conversions, if any // to sb, and writes // _cgoCheckPointer(_cgoNN, _cgoIndexNN) -// to sbCheck, and returns true. This tells _cgoCheckPointer to check -// the complete contents of the slice or array being indexed, but no -// other part of the memory allocation. +// to sbCheck, and returns true. If a is a simple variable or field reference, +// it writes +// _cgoIndexNN := &a +// and dereferences the uses of _cgoIndexNN. Taking the address avoids +// making a copy of an array. +// +// This tells _cgoCheckPointer to check the complete contents of the +// slice or array being indexed, but no other part of the memory allocation. func (p *Package) checkIndex(sb, sbCheck *bytes.Buffer, arg ast.Expr, i int) bool { // Strip type conversions. x := arg @@ -1166,13 +1171,23 @@ func (p *Package) checkIndex(sb, sbCheck *bytes.Buffer, arg ast.Expr, i int) boo return false } - fmt.Fprintf(sb, "_cgoIndex%d := %s; ", i, gofmtPos(index.X, index.X.Pos())) + addr := "" + deref := "" + if p.isVariable(index.X) { + addr = "&" + deref = "*" + } + + fmt.Fprintf(sb, "_cgoIndex%d := %s%s; ", i, addr, gofmtPos(index.X, index.X.Pos())) origX := index.X index.X = ast.NewIdent(fmt.Sprintf("_cgoIndex%d", i)) + if deref == "*" { + index.X = &ast.StarExpr{X: index.X} + } fmt.Fprintf(sb, "_cgo%d := %s; ", i, gofmtPos(arg, arg.Pos())) index.X = origX - fmt.Fprintf(sbCheck, "_cgoCheckPointer(_cgo%d, _cgoIndex%d); ", i, i) + fmt.Fprintf(sbCheck, "_cgoCheckPointer(_cgo%d, %s_cgoIndex%d); ", i, deref, i) return true } @@ -1298,6 +1313,17 @@ func (p *Package) isConst(f *File, x ast.Expr) bool { return false } +// isVariable reports whether x is a variable, possibly with field references. +func (p *Package) isVariable(x ast.Expr) bool { + switch x := x.(type) { + case *ast.Ident: + return true + case *ast.SelectorExpr: + return p.isVariable(x.X) + } + return false +} + // rewriteUnsafe returns a version of t with references to unsafe.Pointer // rewritten to use _cgo_unsafe.Pointer instead. func (p *Package) rewriteUnsafe(t ast.Expr) ast.Expr { diff --git a/libgo/go/cmd/cgo/godefs.go b/libgo/go/cmd/cgo/godefs.go index 9c763a2..64384a6 100644 --- a/libgo/go/cmd/cgo/godefs.go +++ b/libgo/go/cmd/cgo/godefs.go @@ -127,8 +127,35 @@ func gofmt(n interface{}) string { return gofmtBuf.String() } +// gofmtLineReplacer is used to put a gofmt-formatted string for an +// AST expression onto a single line. The lexer normally inserts a +// semicolon at each newline, so we can replace newline with semicolon. +// However, we can't do that in cases where the lexer would not insert +// a semicolon. We only have to worry about cases that can occur in an +// expression passed through gofmt, which means composite literals and +// (due to the printer possibly inserting newlines because of position +// information) operators. +var gofmtLineReplacer = strings.NewReplacer( + "{\n", "{", + ",\n", ",", + "++\n", "++;", + "--\n", "--;", + "+\n", "+", + "-\n", "-", + "*\n", "*", + "/\n", "/", + "%\n", "%", + "&\n", "&", + "|\n", "|", + "^\n", "^", + "<\n", "<", + ">\n", ">", + "=\n", "=", + "\n", ";", +) + // gofmtLine returns the gofmt-formatted string for an AST node, // ensuring that it is on a single line. func gofmtLine(n interface{}) string { - return strings.Replace(gofmt(n), "\n", ";", -1) + return gofmtLineReplacer.Replace(gofmt(n)) } diff --git a/libgo/go/cmd/cgo/out.go b/libgo/go/cmd/cgo/out.go index f44da9c..9e6fe6f 100644 --- a/libgo/go/cmd/cgo/out.go +++ b/libgo/go/cmd/cgo/out.go @@ -781,6 +781,13 @@ func (p *Package) writeExports(fgo2, fm, fgcc, fgcch io.Writer) { fmt.Fprintf(fgcc, "#include <stdlib.h>\n") fmt.Fprintf(fgcc, "#include \"_cgo_export.h\"\n\n") + // We use packed structs, but they are always aligned. + // The pragmas and address-of-packed-member are not recognized as warning groups in clang 3.4.1, so ignore unknown pragmas first. + // remove as part of #27619 (all: drop support for FreeBSD 10). + fmt.Fprintf(fgcc, "#pragma GCC diagnostic ignored \"-Wunknown-pragmas\"\n") + fmt.Fprintf(fgcc, "#pragma GCC diagnostic ignored \"-Wpragmas\"\n") + fmt.Fprintf(fgcc, "#pragma GCC diagnostic ignored \"-Waddress-of-packed-member\"\n") + fmt.Fprintf(fgcc, "extern void crosscall2(void (*fn)(void *, int, __SIZE_TYPE__), void *, int, __SIZE_TYPE__);\n") fmt.Fprintf(fgcc, "extern __SIZE_TYPE__ _cgo_wait_runtime_init_done();\n") fmt.Fprintf(fgcc, "extern void _cgo_release_context(__SIZE_TYPE__);\n\n") @@ -1260,7 +1267,7 @@ func determineGccgoManglingScheme() bool { cmd := exec.Command(gccgocmd, "-S", "-o", "-", gofilename) buf, cerr := cmd.CombinedOutput() if cerr != nil { - fatalf("%s", err) + fatalf("%s", cerr) } // New mangling: expect go.l..u00e4ufer.Run @@ -1478,6 +1485,14 @@ __cgo_size_assert(double, 8) extern char* _cgo_topofstack(void); +/* We use packed structs, but they are always aligned. */ +/* The pragmas and address-of-packed-member are not recognized as warning groups in clang 3.4.1, so ignore unknown pragmas first. */ +/* remove as part of #27619 (all: drop support for FreeBSD 10). */ + +#pragma GCC diagnostic ignored "-Wunknown-pragmas" +#pragma GCC diagnostic ignored "-Wpragmas" +#pragma GCC diagnostic ignored "-Waddress-of-packed-member" + #include <errno.h> #include <string.h> ` diff --git a/libgo/go/cmd/go/alldocs.go b/libgo/go/cmd/go/alldocs.go index 9d9304a..186f421 100644 --- a/libgo/go/cmd/go/alldocs.go +++ b/libgo/go/cmd/go/alldocs.go @@ -442,11 +442,14 @@ // command alias, described below. // // To convey to humans and machine tools that code is generated, -// generated source should have a line early in the file that -// matches the following regular expression (in Go syntax): +// generated source should have a line that matches the following +// regular expression (in Go syntax): // // ^// Code generated .* DO NOT EDIT\.$ // +// The line may appear anywhere in the file, but is typically +// placed near the beginning so it is easy to find. +// // Note that go generate does not parse the file, so lines that look // like directives in comments or multiline strings will be treated // as directives. @@ -1397,7 +1400,6 @@ // in the standard user cache directory for the current operating system. // Setting the GOCACHE environment variable overrides this default, // and running 'go env GOCACHE' prints the current cache directory. -// You can set the variable to 'off' to disable the cache. // // The go command periodically deletes cached data that has not been // used recently. Running 'go clean -cache' deletes all cached data. @@ -1596,14 +1598,14 @@ // line comment. See the go/build package documentation for // more details. // -// Non-test Go source files can also include a //go:binary-only-package -// comment, indicating that the package sources are included -// for documentation only and must not be used to build the -// package binary. This enables distribution of Go packages in -// their compiled form alone. Even binary-only packages require -// accurate import blocks listing required dependencies, so that -// those dependencies can be supplied when linking the resulting -// command. +// Through the Go 1.12 release, non-test Go source files can also include +// a //go:binary-only-package comment, indicating that the package +// sources are included for documentation only and must not be used to +// build the package binary. This enables distribution of Go packages in +// their compiled form alone. Even binary-only packages require accurate +// import blocks listing required dependencies, so that those +// dependencies can be supplied when linking the resulting command. +// Note that this feature is scheduled to be removed after the Go 1.12 release. // // // The go.mod file @@ -2494,7 +2496,8 @@ // development module, then get will update the required version. // Specifying a version earlier than the current required version is valid and // downgrades the dependency. The version suffix @none indicates that the -// dependency should be removed entirely. +// dependency should be removed entirely, downgrading or removing modules +// depending on it as needed. // // Although get defaults to using the latest version of the module containing // a named package, it does not use the latest version of that module's diff --git a/libgo/go/cmd/go/go_test.go b/libgo/go/cmd/go/go_test.go index 10ff53f..d1166b1 100644 --- a/libgo/go/cmd/go/go_test.go +++ b/libgo/go/cmd/go/go_test.go @@ -894,12 +894,54 @@ func (tg *testgoData) failSSH() { func TestNewReleaseRebuildsStalePackagesInGOPATH(t *testing.T) { if testing.Short() { - t.Skip("don't rebuild the standard library in short mode") + t.Skip("skipping lengthy test in short mode") } tg := testgo(t) defer tg.cleanup() + // Copy the runtime packages into a temporary GOROOT + // so that we can change files. + for _, copydir := range []string{ + "src/runtime", + "src/internal/bytealg", + "src/internal/cpu", + "src/unsafe", + filepath.Join("pkg", runtime.GOOS+"_"+runtime.GOARCH), + filepath.Join("pkg/tool", runtime.GOOS+"_"+runtime.GOARCH), + "pkg/include", + } { + srcdir := filepath.Join(testGOROOT, copydir) + tg.tempDir(filepath.Join("goroot", copydir)) + err := filepath.Walk(srcdir, + func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if info.IsDir() { + return nil + } + srcrel, err := filepath.Rel(srcdir, path) + if err != nil { + return err + } + dest := filepath.Join("goroot", copydir, srcrel) + data, err := ioutil.ReadFile(path) + if err != nil { + return err + } + tg.tempFile(dest, string(data)) + if err := os.Chmod(tg.path(dest), info.Mode()); err != nil { + return err + } + return nil + }) + if err != nil { + t.Fatal(err) + } + } + tg.setenv("GOROOT", tg.path("goroot")) + addVar := func(name string, idx int) (restore func()) { data, err := ioutil.ReadFile(name) if err != nil { @@ -928,7 +970,7 @@ func TestNewReleaseRebuildsStalePackagesInGOPATH(t *testing.T) { // Changing mtime of runtime/internal/sys/sys.go // should have no effect: only the content matters. // In fact this should be true even outside a release branch. - sys := runtime.GOROOT() + "/src/runtime/internal/sys/sys.go" + sys := tg.path("goroot/src/runtime/internal/sys/sys.go") tg.sleep() restore := addVar(sys, 0) restore() @@ -943,7 +985,7 @@ func TestNewReleaseRebuildsStalePackagesInGOPATH(t *testing.T) { restore() tg.wantNotStale("p1", "", "./testgo list claims p1 is stale, incorrectly, after changing back to old release") addVar(sys, 2) - tg.wantStale("p1", "stale dependency: runtime/internal/sys", "./testgo list claims p1 is NOT stale, incorrectly, after changing sys.go again") + tg.wantStale("p1", "stale dependency: runtime", "./testgo list claims p1 is NOT stale, incorrectly, after changing sys.go again") tg.run("install", "-i", "p1") tg.wantNotStale("p1", "", "./testgo list claims p1 is stale after building with new release") @@ -952,9 +994,6 @@ func TestNewReleaseRebuildsStalePackagesInGOPATH(t *testing.T) { tg.wantStale("p1", "stale dependency: runtime/internal/sys", "./testgo list claims p1 is NOT stale, incorrectly, after restoring sys.go") tg.run("install", "-i", "p1") tg.wantNotStale("p1", "", "./testgo list claims p1 is stale after building with old release") - - // Everything is out of date. Rebuild to leave things in a better state. - tg.run("install", "std") } func testLocalRun(tg *testgoData, exepath, local, match string) { diff --git a/libgo/go/cmd/go/internal/clean/clean.go b/libgo/go/cmd/go/internal/clean/clean.go index 32cc807..27121ed 100644 --- a/libgo/go/cmd/go/internal/clean/clean.go +++ b/libgo/go/cmd/go/internal/clean/clean.go @@ -152,7 +152,9 @@ func runClean(cmd *base.Command, args []string) { prev, _ := strconv.ParseInt(strings.TrimSpace(string(buf)), 10, 64) if now > prev { if err = f.Truncate(0); err == nil { - _, err = fmt.Fprintf(f, "%d\n", now) + if _, err = f.Seek(0, 0); err == nil { + _, err = fmt.Fprintf(f, "%d\n", now) + } } } if closeErr := f.Close(); err == nil { diff --git a/libgo/go/cmd/go/internal/generate/generate.go b/libgo/go/cmd/go/internal/generate/generate.go index 7cbc448..124dbc0 100644 --- a/libgo/go/cmd/go/internal/generate/generate.go +++ b/libgo/go/cmd/go/internal/generate/generate.go @@ -49,11 +49,14 @@ that can be run locally. It must either be in the shell path command alias, described below. To convey to humans and machine tools that code is generated, -generated source should have a line early in the file that -matches the following regular expression (in Go syntax): +generated source should have a line that matches the following +regular expression (in Go syntax): ^// Code generated .* DO NOT EDIT\.$ +The line may appear anywhere in the file, but is typically +placed near the beginning so it is easy to find. + Note that go generate does not parse the file, so lines that look like directives in comments or multiline strings will be treated as directives. diff --git a/libgo/go/cmd/go/internal/help/helpdoc.go b/libgo/go/cmd/go/internal/help/helpdoc.go index 973bfbc..c219a45 100644 --- a/libgo/go/cmd/go/internal/help/helpdoc.go +++ b/libgo/go/cmd/go/internal/help/helpdoc.go @@ -636,14 +636,14 @@ at the first item in the file that is not a blank line or //-style line comment. See the go/build package documentation for more details. -Non-test Go source files can also include a //go:binary-only-package -comment, indicating that the package sources are included -for documentation only and must not be used to build the -package binary. This enables distribution of Go packages in -their compiled form alone. Even binary-only packages require -accurate import blocks listing required dependencies, so that -those dependencies can be supplied when linking the resulting -command. +Through the Go 1.12 release, non-test Go source files can also include +a //go:binary-only-package comment, indicating that the package +sources are included for documentation only and must not be used to +build the package binary. This enables distribution of Go packages in +their compiled form alone. Even binary-only packages require accurate +import blocks listing required dependencies, so that those +dependencies can be supplied when linking the resulting command. +Note that this feature is scheduled to be removed after the Go 1.12 release. `, } @@ -705,7 +705,6 @@ The default location for cache data is a subdirectory named go-build in the standard user cache directory for the current operating system. Setting the GOCACHE environment variable overrides this default, and running 'go env GOCACHE' prints the current cache directory. -You can set the variable to 'off' to disable the cache. The go command periodically deletes cached data that has not been used recently. Running 'go clean -cache' deletes all cached data. diff --git a/libgo/go/cmd/go/internal/modcmd/tidy.go b/libgo/go/cmd/go/internal/modcmd/tidy.go index 839c92a..789e936 100644 --- a/libgo/go/cmd/go/internal/modcmd/tidy.go +++ b/libgo/go/cmd/go/internal/modcmd/tidy.go @@ -75,6 +75,7 @@ func modTidyGoSum() { // we only have to tell modfetch what needs keeping. reqs := modload.Reqs() keep := make(map[module.Version]bool) + replaced := make(map[module.Version]bool) var walk func(module.Version) walk = func(m module.Version) { // If we build using a replacement module, keep the sum for the replacement, @@ -87,10 +88,11 @@ func modTidyGoSum() { keep[m] = true } else { keep[r] = true + replaced[m] = true } list, _ := reqs.Required(m) for _, r := range list { - if !keep[r] { + if !keep[r] && !replaced[r] { walk(r) } } diff --git a/libgo/go/cmd/go/internal/modget/get.go b/libgo/go/cmd/go/internal/modget/get.go index 2bfe6d3..17a0ed4 100644 --- a/libgo/go/cmd/go/internal/modget/get.go +++ b/libgo/go/cmd/go/internal/modget/get.go @@ -56,7 +56,8 @@ If a module under consideration is already a dependency of the current development module, then get will update the required version. Specifying a version earlier than the current required version is valid and downgrades the dependency. The version suffix @none indicates that the -dependency should be removed entirely. +dependency should be removed entirely, downgrading or removing modules +depending on it as needed. Although get defaults to using the latest version of the module containing a named package, it does not use the latest version of that module's diff --git a/libgo/go/cmd/go/internal/modload/build.go b/libgo/go/cmd/go/internal/modload/build.go index af89b19..6103545 100644 --- a/libgo/go/cmd/go/internal/modload/build.go +++ b/libgo/go/cmd/go/internal/modload/build.go @@ -250,6 +250,16 @@ func findModule(target, path string) module.Version { } func ModInfoProg(info string) []byte { + // Inject a variable with the debug information as runtime/debug.modinfo, + // but compile it in package main so that it is specific to the binary. + // + // The variable must be a literal so that it will have the correct value + // before the initializer for package main runs. + // + // We also want the value to be present even if runtime/debug.modinfo is + // otherwise unused in the rest of the program. Reading it in an init function + // suffices for now. + return []byte(fmt.Sprintf(`package main import _ "unsafe" //go:linkname __set_debug_modinfo__ runtime..z2fdebug.setmodinfo diff --git a/libgo/go/cmd/internal/objabi/funcid.go b/libgo/go/cmd/internal/objabi/funcid.go index 1792df7..a30bc3f 100644 --- a/libgo/go/cmd/internal/objabi/funcid.go +++ b/libgo/go/cmd/internal/objabi/funcid.go @@ -83,7 +83,7 @@ func GetFuncID(name, file string) FuncID { case "runtime.panicwrap": return FuncID_panicwrap } - if file == "<autogenerated>" && !strings.HasSuffix(name, ".init") { + if file == "<autogenerated>" { return FuncID_wrapper } if strings.HasPrefix(name, "runtime.call") { diff --git a/libgo/go/crypto/aes/block.go b/libgo/go/crypto/aes/block.go index 40bd0d3..53308ae 100644 --- a/libgo/go/crypto/aes/block.go +++ b/libgo/go/crypto/aes/block.go @@ -31,7 +31,7 @@ // // See FIPS 197 for specification, and see Daemen and Rijmen's Rijndael submission // for implementation details. -// https://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf +// https://csrc.nist.gov/csrc/media/publications/fips/197/final/documents/fips-197.pdf // https://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf package aes diff --git a/libgo/go/crypto/elliptic/elliptic.go b/libgo/go/crypto/elliptic/elliptic.go index 4fc2b5e..c84657c 100644 --- a/libgo/go/crypto/elliptic/elliptic.go +++ b/libgo/go/crypto/elliptic/elliptic.go @@ -210,8 +210,9 @@ func (curve *CurveParams) doubleJacobian(x, y, z *big.Int) (*big.Int, *big.Int, x3 := new(big.Int).Mul(alpha, alpha) beta8 := new(big.Int).Lsh(beta, 3) + beta8.Mod(beta8, curve.P) x3.Sub(x3, beta8) - for x3.Sign() == -1 { + if x3.Sign() == -1 { x3.Add(x3, curve.P) } x3.Mod(x3, curve.P) diff --git a/libgo/go/crypto/subtle/constant_time.go b/libgo/go/crypto/subtle/constant_time.go index 9f5fee8..7c3cf05 100644 --- a/libgo/go/crypto/subtle/constant_time.go +++ b/libgo/go/crypto/subtle/constant_time.go @@ -6,9 +6,9 @@ // code but require careful thought to use correctly. package subtle -// ConstantTimeCompare returns 1 if and only if the two slices, x -// and y, have equal contents. The time taken is a function of the length of -// the slices and is independent of the contents. +// ConstantTimeCompare returns 1 if the two slices, x and y, have equal contents +// and 0 otherwise. The time taken is a function of the length of the slices and +// is independent of the contents. func ConstantTimeCompare(x, y []byte) int { if len(x) != len(y) { return 0 @@ -23,7 +23,7 @@ func ConstantTimeCompare(x, y []byte) int { return ConstantTimeByteEq(v, 0) } -// ConstantTimeSelect returns x if v is 1 and y if v is 0. +// ConstantTimeSelect returns x if v == 1 and y if v == 0. // Its behavior is undefined if v takes any other value. func ConstantTimeSelect(v, x, y int) int { return ^(v-1)&x | (v-1)&y } diff --git a/libgo/go/crypto/tls/common.go b/libgo/go/crypto/tls/common.go index 0bc40ccf..f695528 100644 --- a/libgo/go/crypto/tls/common.go +++ b/libgo/go/crypto/tls/common.go @@ -16,6 +16,7 @@ import ( "io" "math/big" "net" + "os" "strings" "sync" "time" @@ -160,7 +161,7 @@ const ( ) // supportedSignatureAlgorithms contains the signature and hash algorithms that -// the code advertises as supported in a TLS 1.2 ClientHello and in a TLS 1.2 +// the code advertises as supported in a TLS 1.2+ ClientHello and in a TLS 1.2+ // CertificateRequest. The two fields are merged to match with TLS 1.3. // Note that in TLS 1.2, the ECDSA algorithms are not constrained to P-256, etc. var supportedSignatureAlgorithms = []SignatureScheme{ @@ -177,6 +178,9 @@ var supportedSignatureAlgorithms = []SignatureScheme{ ECDSAWithSHA1, } +// RSA-PSS is disabled in TLS 1.2 for Go 1.12. See Issue 30055. +var supportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithms[3:] + // helloRetryRequestRandom is set as the Random value of a ServerHello // to signal that the message is actually a HelloRetryRequest. var helloRetryRequestRandom = []byte{ // See RFC 8446, Section 4.1.3. @@ -199,7 +203,7 @@ type ConnectionState struct { Version uint16 // TLS version used by the connection (e.g. VersionTLS12) HandshakeComplete bool // TLS handshake is complete DidResume bool // connection resumes a previous TLS connection - CipherSuite uint16 // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...) + CipherSuite uint16 // cipher suite in use (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, ...) NegotiatedProtocol string // negotiated next protocol (not guaranteed to be from Config.NextProtos) NegotiatedProtocolIsMutual bool // negotiated protocol was advertised by server (client side only) ServerName string // server name requested by client, if any (server side only) @@ -315,7 +319,7 @@ const ( // guide certificate selection in the GetCertificate callback. type ClientHelloInfo struct { // CipherSuites lists the CipherSuites supported by the client (e.g. - // TLS_RSA_WITH_RC4_128_SHA). + // TLS_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256). CipherSuites []uint16 // ServerName indicates the name of the server requested by the client @@ -521,8 +525,11 @@ type Config struct { // This should be used only for testing. InsecureSkipVerify bool - // CipherSuites is a list of supported cipher suites. If CipherSuites - // is nil, TLS uses a list of suites supported by the implementation. + // CipherSuites is a list of supported cipher suites for TLS versions up to + // TLS 1.2. If CipherSuites is nil, a default list of secure cipher suites + // is used, with a preference order based on hardware performance. The + // default cipher suites might change over Go versions. Note that TLS 1.3 + // ciphersuites are not configurable. CipherSuites []uint16 // PreferServerCipherSuites controls whether the server selects the @@ -772,11 +779,53 @@ func (c *Config) supportedVersions(isClient bool) []uint16 { if isClient && v < VersionTLS10 { continue } + // TLS 1.3 is opt-in in Go 1.12. + if v == VersionTLS13 && !isTLS13Supported() { + continue + } versions = append(versions, v) } return versions } +// tls13Support caches the result for isTLS13Supported. +var tls13Support struct { + sync.Once + cached bool +} + +// isTLS13Supported returns whether the program opted into TLS 1.3 via +// GODEBUG=tls13=1. It's cached after the first execution. +func isTLS13Supported() bool { + tls13Support.Do(func() { + tls13Support.cached = goDebugString("tls13") == "1" + }) + return tls13Support.cached +} + +// goDebugString returns the value of the named GODEBUG key. +// GODEBUG is of the form "key=val,key2=val2". +func goDebugString(key string) string { + s := os.Getenv("GODEBUG") + for i := 0; i < len(s)-len(key)-1; i++ { + if i > 0 && s[i-1] != ',' { + continue + } + afterKey := s[i+len(key):] + if afterKey[0] != '=' || s[i:i+len(key)] != key { + continue + } + val := afterKey[1:] + for i, b := range val { + if b == ',' { + return val[:i] + } + } + return val + } + return "" +} + func (c *Config) maxSupportedVersion(isClient bool) uint16 { supportedVersions := c.supportedVersions(isClient) if len(supportedVersions) == 0 { diff --git a/libgo/go/crypto/tls/conn_test.go b/libgo/go/crypto/tls/conn_test.go index 76cef71..57f6105 100644 --- a/libgo/go/crypto/tls/conn_test.go +++ b/libgo/go/crypto/tls/conn_test.go @@ -142,6 +142,7 @@ func runDynamicRecordSizingTest(t *testing.T, config *Config) { handshakeDone := make(chan struct{}) recordSizesChan := make(chan []int, 1) + defer func() { <-recordSizesChan }() // wait for the goroutine to exit go func() { // This goroutine performs a TLS handshake over clientConn and // then reads TLS records until EOF. It writes a slice that diff --git a/libgo/go/crypto/tls/handshake_client_test.go b/libgo/go/crypto/tls/handshake_client_test.go index ececd7b..7441e5b 100644 --- a/libgo/go/crypto/tls/handshake_client_test.go +++ b/libgo/go/crypto/tls/handshake_client_test.go @@ -855,6 +855,30 @@ func TestHandshakeClientCertRSAPKCS1v15(t *testing.T) { runClientTestTLS12(t, test) } +func TestHandshakeClientCertPSSDisabled(t *testing.T) { + config := testConfig.Clone() + cert, _ := X509KeyPair([]byte(clientCertificatePEM), []byte(clientKeyPEM)) + config.Certificates = []Certificate{cert} + + test := &clientTest{ + name: "ClientCert-RSA-PSS-Disabled", + args: []string{"-cipher", "AES128", "-Verify", "1"}, + config: config, + } + + // Restore the default signature algorithms, disabling RSA-PSS in TLS 1.2, + // and check that handshakes still work. + testSupportedSignatureAlgorithmsTLS12 := supportedSignatureAlgorithmsTLS12 + defer func() { supportedSignatureAlgorithmsTLS12 = testSupportedSignatureAlgorithmsTLS12 }() + supportedSignatureAlgorithmsTLS12 = savedSupportedSignatureAlgorithmsTLS12 + + // Use t.Run to ensure the defer runs after all parallel tests end. + t.Run("", func(t *testing.T) { + runClientTestTLS12(t, test) + runClientTestTLS13(t, test) + }) +} + func TestClientKeyUpdate(t *testing.T) { test := &clientTest{ name: "KeyUpdate", diff --git a/libgo/go/crypto/tls/handshake_server.go b/libgo/go/crypto/tls/handshake_server.go index 2745f33..4f4b60a 100644 --- a/libgo/go/crypto/tls/handshake_server.go +++ b/libgo/go/crypto/tls/handshake_server.go @@ -463,7 +463,7 @@ func (hs *serverHandshakeState) doFullHandshake() error { } if c.vers >= VersionTLS12 { certReq.hasSignatureAlgorithm = true - certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms + certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithmsTLS12 } // An empty list of certificateAuthorities signals to @@ -559,7 +559,7 @@ func (hs *serverHandshakeState) doFullHandshake() error { } // Determine the signature type. - _, sigType, hashFunc, err := pickSignatureAlgorithm(pub, []SignatureScheme{certVerify.signatureAlgorithm}, supportedSignatureAlgorithms, c.vers) + _, sigType, hashFunc, err := pickSignatureAlgorithm(pub, []SignatureScheme{certVerify.signatureAlgorithm}, supportedSignatureAlgorithmsTLS12, c.vers) if err != nil { c.sendAlert(alertIllegalParameter) return err diff --git a/libgo/go/crypto/tls/handshake_server_test.go b/libgo/go/crypto/tls/handshake_server_test.go index a6240f2..c23f98f 100644 --- a/libgo/go/crypto/tls/handshake_server_test.go +++ b/libgo/go/crypto/tls/handshake_server_test.go @@ -1211,6 +1211,33 @@ func TestHandshakeServerRSAPSS(t *testing.T) { runServerTestTLS13(t, test) } +func TestHandshakeServerPSSDisabled(t *testing.T) { + test := &serverTest{ + name: "RSA-PSS-Disabled", + command: []string{"openssl", "s_client", "-no_ticket"}, + wait: true, + } + + // Restore the default signature algorithms, disabling RSA-PSS in TLS 1.2, + // and check that handshakes still work. + testSupportedSignatureAlgorithmsTLS12 := supportedSignatureAlgorithmsTLS12 + defer func() { supportedSignatureAlgorithmsTLS12 = testSupportedSignatureAlgorithmsTLS12 }() + supportedSignatureAlgorithmsTLS12 = savedSupportedSignatureAlgorithmsTLS12 + + runServerTestTLS12(t, test) + runServerTestTLS13(t, test) + + test = &serverTest{ + name: "RSA-PSS-Disabled-Required", + command: []string{"openssl", "s_client", "-no_ticket", "-sigalgs", "rsa_pss_rsae_sha256"}, + wait: true, + + expectHandshakeErrorIncluding: "peer doesn't support any common signature algorithms", + } + + runServerTestTLS12(t, test) +} + func benchmarkHandshakeServer(b *testing.B, version uint16, cipherSuite uint16, curve CurveID, cert []byte, key crypto.PrivateKey) { config := testConfig.Clone() config.CipherSuites = []uint16{cipherSuite} @@ -1390,49 +1417,82 @@ func TestClientAuth(t *testing.T) { defer os.Remove(ecdsaCertPath) ecdsaKeyPath = tempFile(clientECDSAKeyPEM) defer os.Remove(ecdsaKeyPath) - } else { - t.Parallel() } - config := testConfig.Clone() - config.ClientAuth = RequestClientCert + t.Run("Normal", func(t *testing.T) { + config := testConfig.Clone() + config.ClientAuth = RequestClientCert - test := &serverTest{ - name: "ClientAuthRequestedNotGiven", - command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA"}, - config: config, - } - runServerTestTLS12(t, test) - runServerTestTLS13(t, test) + test := &serverTest{ + name: "ClientAuthRequestedNotGiven", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA"}, + config: config, + } + runServerTestTLS12(t, test) + runServerTestTLS13(t, test) - test = &serverTest{ - name: "ClientAuthRequestedAndGiven", - command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", - "-cert", certPath, "-key", keyPath, "-sigalgs", "rsa_pss_rsae_sha256"}, - config: config, - expectedPeerCerts: []string{clientCertificatePEM}, - } - runServerTestTLS12(t, test) - runServerTestTLS13(t, test) + config.ClientAuth = RequireAnyClientCert - test = &serverTest{ - name: "ClientAuthRequestedAndECDSAGiven", - command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", - "-cert", ecdsaCertPath, "-key", ecdsaKeyPath}, - config: config, - expectedPeerCerts: []string{clientECDSACertificatePEM}, - } - runServerTestTLS12(t, test) - runServerTestTLS13(t, test) + test = &serverTest{ + name: "ClientAuthRequestedAndGiven", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", + "-cert", certPath, "-key", keyPath, "-sigalgs", "rsa_pss_rsae_sha256"}, + config: config, + expectedPeerCerts: []string{clientCertificatePEM}, + } + runServerTestTLS12(t, test) + runServerTestTLS13(t, test) + + test = &serverTest{ + name: "ClientAuthRequestedAndECDSAGiven", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", + "-cert", ecdsaCertPath, "-key", ecdsaKeyPath}, + config: config, + expectedPeerCerts: []string{clientECDSACertificatePEM}, + } + runServerTestTLS12(t, test) + runServerTestTLS13(t, test) + + test = &serverTest{ + name: "ClientAuthRequestedAndPKCS1v15Given", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", + "-cert", certPath, "-key", keyPath, "-sigalgs", "rsa_pkcs1_sha256"}, + config: config, + expectedPeerCerts: []string{clientCertificatePEM}, + } + runServerTestTLS12(t, test) + }) - test = &serverTest{ - name: "ClientAuthRequestedAndPKCS1v15Given", - command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", - "-cert", certPath, "-key", keyPath, "-sigalgs", "rsa_pkcs1_sha256"}, - config: config, - expectedPeerCerts: []string{clientCertificatePEM}, - } - runServerTestTLS12(t, test) + // Restore the default signature algorithms, disabling RSA-PSS in TLS 1.2, + // and check that handshakes still work. + testSupportedSignatureAlgorithmsTLS12 := supportedSignatureAlgorithmsTLS12 + defer func() { supportedSignatureAlgorithmsTLS12 = testSupportedSignatureAlgorithmsTLS12 }() + supportedSignatureAlgorithmsTLS12 = savedSupportedSignatureAlgorithmsTLS12 + + t.Run("PSSDisabled", func(t *testing.T) { + config := testConfig.Clone() + config.ClientAuth = RequireAnyClientCert + + test := &serverTest{ + name: "ClientAuthRequestedAndGiven-PSS-Disabled", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", + "-cert", certPath, "-key", keyPath}, + config: config, + expectedPeerCerts: []string{clientCertificatePEM}, + } + runServerTestTLS12(t, test) + runServerTestTLS13(t, test) + + test = &serverTest{ + name: "ClientAuthRequestedAndGiven-PSS-Disabled-Required", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", + "-cert", certPath, "-key", keyPath, "-client_sigalgs", "rsa_pss_rsae_sha256"}, + config: config, + + expectHandshakeErrorIncluding: "client didn't provide a certificate", + } + runServerTestTLS12(t, test) + }) } func TestSNIGivenOnFailure(t *testing.T) { @@ -1697,3 +1757,58 @@ func TestCloneHash(t *testing.T) { t.Error("cloned hash generated a different sum") } } + +func TestKeyTooSmallForRSAPSS(t *testing.T) { + clientConn, serverConn := localPipe(t) + client := Client(clientConn, testConfig) + cert, err := X509KeyPair([]byte(`-----BEGIN CERTIFICATE----- +MIIBcTCCARugAwIBAgIQGjQnkCFlUqaFlt6ixyz/tDANBgkqhkiG9w0BAQsFADAS +MRAwDgYDVQQKEwdBY21lIENvMB4XDTE5MDExODIzMjMyOFoXDTIwMDExODIzMjMy +OFowEjEQMA4GA1UEChMHQWNtZSBDbzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDd +ez1rFUDwax2HTxbcnFUP9AhcgEGMHVV2nn4VVEWFJB6I8C/Nkx0XyyQlrmFYBzEQ +nIPhKls4T0hFoLvjJnXpAgMBAAGjTTBLMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE +DDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBYGA1UdEQQPMA2CC2V4YW1wbGUu +Y29tMA0GCSqGSIb3DQEBCwUAA0EAxDuUS+BrrS3c+h+k+fQPOmOScy6yTX9mHw0Q +KbucGamXYEy0URIwOdO0tQ3LHPc1YGvYSPwkDjkjqECs2Vm/AA== +-----END CERTIFICATE-----`), []byte(`-----BEGIN RSA PRIVATE KEY----- +MIIBOgIBAAJBAN17PWsVQPBrHYdPFtycVQ/0CFyAQYwdVXaefhVURYUkHojwL82T +HRfLJCWuYVgHMRCcg+EqWzhPSEWgu+MmdekCAwEAAQJBALjQYNTdXF4CFBbXwUz/ +yt9QFDYT9B5WT/12jeGAe653gtYS6OOi/+eAkGmzg1GlRnw6fOfn+HYNFDORST7z +4j0CIQDn2xz9hVWQEu9ee3vecNT3f60huDGTNoRhtqgweQGX0wIhAPSLj1VcRZEz +nKpbtU22+PbIMSJ+e80fmY9LIPx5N4HTAiAthGSimMR9bloz0EY3GyuUEyqoDgMd +hXxjuno2WesoJQIgemilbcALXpxsLmZLgcQ2KSmaVr7jb5ECx9R+hYKTw1sCIG4s +T+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g +-----END RSA PRIVATE KEY-----`)) + if err != nil { + t.Fatal(err) + } + + done := make(chan struct{}) + go func() { + config := testConfig.Clone() + config.Certificates = []Certificate{cert} + config.MinVersion = VersionTLS13 + server := Server(serverConn, config) + err := server.Handshake() + if !strings.Contains(err.Error(), "key size too small for PSS signature") { + t.Errorf(`expected "key size too small for PSS signature", got %q`, err) + } + close(done) + }() + err = client.Handshake() + if !strings.Contains(err.Error(), "handshake failure") { + t.Errorf(`expected "handshake failure", got %q`, err) + } + <-done + + // With RSA-PSS disabled and TLS 1.2, this should work. + + testSupportedSignatureAlgorithmsTLS12 := supportedSignatureAlgorithmsTLS12 + defer func() { supportedSignatureAlgorithmsTLS12 = testSupportedSignatureAlgorithmsTLS12 }() + supportedSignatureAlgorithmsTLS12 = savedSupportedSignatureAlgorithmsTLS12 + + serverConfig := testConfig.Clone() + serverConfig.Certificates = []Certificate{cert} + serverConfig.MaxVersion = VersionTLS12 + testHandshake(t, testConfig, serverConfig) +} diff --git a/libgo/go/crypto/tls/handshake_server_tls13.go b/libgo/go/crypto/tls/handshake_server_tls13.go index 5f634b3..fd65ac1 100644 --- a/libgo/go/crypto/tls/handshake_server_tls13.go +++ b/libgo/go/crypto/tls/handshake_server_tls13.go @@ -635,7 +635,13 @@ func (hs *serverHandshakeStateTLS13) sendServerCertificate() error { } sig, err := hs.cert.PrivateKey.(crypto.Signer).Sign(c.config.rand(), h.Sum(nil), signOpts) if err != nil { - c.sendAlert(alertInternalError) + public := hs.cert.PrivateKey.(crypto.Signer).Public() + if rsaKey, ok := public.(*rsa.PublicKey); ok && sigType == signatureRSAPSS && + rsaKey.N.BitLen()/8 < sigHash.Size()*2+2 { // key too small for RSA-PSS + c.sendAlert(alertHandshakeFailure) + } else { + c.sendAlert(alertInternalError) + } return errors.New("tls: failed to sign handshake: " + err.Error()) } certVerifyMsg.signature = sig diff --git a/libgo/go/crypto/tls/key_agreement.go b/libgo/go/crypto/tls/key_agreement.go index 628e578..05fe77b 100644 --- a/libgo/go/crypto/tls/key_agreement.go +++ b/libgo/go/crypto/tls/key_agreement.go @@ -177,7 +177,7 @@ NextCandidate: return nil, errors.New("tls: certificate private key does not implement crypto.Signer") } - signatureAlgorithm, sigType, hashFunc, err := pickSignatureAlgorithm(priv.Public(), clientHello.supportedSignatureAlgorithms, supportedSignatureAlgorithms, ka.version) + signatureAlgorithm, sigType, hashFunc, err := pickSignatureAlgorithm(priv.Public(), clientHello.supportedSignatureAlgorithms, supportedSignatureAlgorithmsTLS12, ka.version) if err != nil { return nil, err } diff --git a/libgo/go/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled b/libgo/go/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled new file mode 100644 index 0000000..9d59cb1 --- /dev/null +++ b/libgo/go/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-PSS-Disabled @@ -0,0 +1,137 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................| +000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................| +000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........| +000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}| +000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..| +000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 33 ad 8d f8 90 |....Y...U..3....| +00000010 d1 72 5d ef e8 94 0f d7 58 15 59 9f 0b f9 ec 73 |.r].....X.Y....s| +00000020 99 53 f7 03 81 53 1a aa 05 f0 17 20 55 a1 9e 4e |.S...S..... U..N| +00000030 98 26 6b b8 d5 bc 2c 3e ca f6 a0 d9 bb f2 3b dd |.&k...,>......;.| +00000040 be 99 f1 35 de 1c f6 51 5b 19 4f 55 c0 2f 00 00 |...5...Q[.OU./..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 2d c8 0c d2 27 fc f9 |........ -...'..| +000002d0 79 71 c4 17 ea 45 ec 0b dd 66 ce af ec 49 96 7d |yq...E...f...I.}| +000002e0 43 ff 88 68 b1 a8 bb e1 38 08 04 00 80 5a ab 5b |C..h....8....Z.[| +000002f0 e6 b3 32 e2 98 ae c3 ed 7c f9 90 c4 a4 ea dd 70 |..2.....|......p| +00000300 fc a4 f8 ef d1 15 0d b7 ad b8 e3 1f 3e c0 e4 40 |............>..@| +00000310 0d 7b 50 36 8f 88 cb 88 59 7c 20 63 d1 7f 36 9e |.{P6....Y| c..6.| +00000320 de a7 cb 6a 49 fd 65 32 36 0b 10 6a df 58 ef fd |...jI.e26..j.X..| +00000330 f6 fc e6 65 e7 81 0e 73 25 87 c7 89 dc ec ae 7c |...e...s%......|| +00000340 e4 81 79 79 a2 b9 12 28 ab 3b d0 2e 5e 81 47 2a |..yy...(.;..^.G*| +00000350 79 1e 16 21 fa 64 78 24 33 24 f7 ac f1 11 a7 15 |y..!.dx$3$......| +00000360 98 f6 24 52 14 7c 1f 28 0c 24 b1 a9 8a 16 03 03 |..$R.|.(.$......| +00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......| +00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................| +000003a0 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................| +000003b0 04 0e 00 00 00 |.....| +>>> Flow 3 (client to server) +00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....| +00000230 88 0f 00 00 84 08 04 00 80 8b ad 4b 9a 7a 53 b8 |...........K.zS.| +00000240 6a 0a e7 71 6a 9b 8b 89 7d 3a 49 c9 af ce 3f e2 |j..qj...}:I...?.| +00000250 3e cc 0b da 57 9b 8c 2f 58 0f a9 05 4d e9 de 83 |>...W../X...M...| +00000260 60 e8 1c 77 ef 23 e4 aa 6b c3 15 64 98 f8 b1 72 |`..w.#..k..d...r| +00000270 b2 8a 9e a3 19 3d 73 84 05 53 59 e1 bb e1 db 51 |.....=s..SY....Q| +00000280 49 38 cf 8b ee 3c b6 05 0d ba 62 02 b3 36 dc c1 |I8...<....b..6..| +00000290 e1 52 4d bd 6a c1 3e 55 ff 82 5f e3 7c 84 1c 65 |.RM.j.>U.._.|..e| +000002a0 45 53 b9 c0 56 99 ac 56 d7 4a fa 72 3e 63 36 06 |ES..V..V.J.r>c6.| +000002b0 d3 60 ef 34 05 3f 57 20 79 14 03 03 00 01 01 16 |.`.4.?W y.......| +000002c0 03 03 00 28 00 00 00 00 00 00 00 00 00 26 b7 73 |...(.........&.s| +000002d0 b5 e9 b3 8a 63 00 9b 36 a0 cf 2a 60 0f 8a 59 75 |....c..6..*`..Yu| +000002e0 08 71 97 dc 66 73 15 04 08 b4 d3 91 |.q..fs......| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 d2 b2 3f a8 43 |..........(..?.C| +00000010 41 1a 85 20 9f ee 21 6a c5 96 cf 7c 01 8e f6 3a |A.. ..!j...|...:| +00000020 e3 29 14 68 ea 74 a3 ef 85 04 78 33 db c7 d4 c9 |.).h.t....x3....| +00000030 a2 fd 6a |..j| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 c3 3b 68 |..............;h| +00000010 b5 e9 4d 75 22 92 fb 19 85 88 38 97 12 3f ce ca |..Mu".....8..?..| +00000020 36 c0 d6 15 03 03 00 1a 00 00 00 00 00 00 00 02 |6...............| +00000030 c1 a9 03 81 61 04 7c 86 24 e9 90 22 59 6f c7 bc |....a.|.$.."Yo..| +00000040 c2 a1 |..| diff --git a/libgo/go/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-PSS-Disabled b/libgo/go/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-PSS-Disabled new file mode 100644 index 0000000..98d718b --- /dev/null +++ b/libgo/go/crypto/tls/testdata/Client-TLSv13-ClientCert-RSA-PSS-Disabled @@ -0,0 +1,138 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 f8 01 00 00 f4 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 32 cc a8 |.............2..| +00000050 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000060 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000070 c0 12 00 0a 00 05 c0 11 c0 07 13 01 13 03 13 02 |................| +00000080 01 00 00 79 00 05 00 05 01 00 00 00 00 00 0a 00 |...y............| +00000090 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +000000a0 00 00 0d 00 18 00 16 08 04 08 05 08 06 04 01 04 |................| +000000b0 03 05 01 05 03 06 01 06 03 02 01 02 03 ff 01 00 |................| +000000c0 01 00 00 12 00 00 00 2b 00 09 08 03 04 03 03 03 |.......+........| +000000d0 02 03 01 00 33 00 26 00 24 00 1d 00 20 2f e5 7d |....3.&.$... /.}| +000000e0 a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 |.G.bC.(.._.).0..| +000000f0 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |........_X.;t| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 e5 55 1c 7e bc |....z...v...U.~.| +00000010 05 a3 af 8b 02 03 6a 08 34 35 43 9f 35 c1 39 36 |......j.45C.5.96| +00000020 97 ab d9 4f 77 26 88 31 f8 1c a4 20 00 00 00 00 |...Ow&.1... ....| +00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000040 00 00 00 00 00 00 00 00 00 00 00 00 13 01 00 00 |................| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 63 |..+.....3.$... c| +00000060 74 2f 45 26 f4 7c cd d6 cb 8d 9f b5 6b 88 41 ef |t/E&.|......k.A.| +00000070 f4 cd 00 54 91 29 98 e4 a0 6b 6d b5 2f 39 01 14 |...T.)...km./9..| +00000080 03 03 00 01 01 17 03 03 00 17 e6 81 13 75 85 fe |.............u..| +00000090 7d c6 09 24 01 bf 44 78 65 4e 5f d0 37 b9 89 15 |}..$..DxeN_.7...| +000000a0 98 17 03 03 00 42 88 5c b3 19 ee 62 c0 2d 95 51 |.....B.\...b.-.Q| +000000b0 fd 88 e0 13 aa 53 e5 5a 45 be 0f 07 6f 46 c8 1b |.....S.ZE...oF..| +000000c0 a2 b5 2a 7c 46 5f b5 90 46 95 b9 a4 ce 44 a8 a7 |..*|F_..F....D..| +000000d0 3d 8e ce d2 76 57 44 e0 0e 83 af f3 2f 00 55 cb |=...vWD...../.U.| +000000e0 1f e7 d2 42 22 6f 78 0c 17 03 03 02 6d 45 f7 95 |...B"ox.....mE..| +000000f0 68 b9 ad 32 13 34 84 c2 dd 62 a7 f5 18 0f 0b a6 |h..2.4...b......| +00000100 b8 5c dd 06 69 0d 07 ea 6b ec ad ad a7 13 ea f3 |.\..i...k.......| +00000110 87 9b 74 a9 53 49 b3 a9 ff f3 eb 71 1b 25 63 8b |..t.SI.....q.%c.| +00000120 c6 0f 6a 21 bc f1 fb 4b 8e d4 07 6e c6 8e 9f bf |..j!...K...n....| +00000130 73 eb 1e a5 d7 e4 a1 cd 6e 7e de 45 a2 b4 6f 25 |s.......n~.E..o%| +00000140 fe c2 a1 84 b8 09 d1 65 90 6d ef 07 ea d0 25 01 |.......e.m....%.| +00000150 54 f2 8e f8 53 38 1e 35 a9 af be 2a 8d 81 9b 77 |T...S8.5...*...w| +00000160 38 22 42 b8 56 ea 72 ab c3 ac 9b 17 1a 0b 65 94 |8"B.V.r.......e.| +00000170 8a 81 6d 83 c6 f4 76 32 ed f7 84 4d ec 17 0e 45 |..m...v2...M...E| +00000180 74 e8 ba b0 46 92 62 8c 73 07 a8 1f d5 d3 44 d1 |t...F.b.s.....D.| +00000190 53 21 62 8b 02 c6 20 40 1d f1 75 2b 8a 6a 60 2a |S!b... @..u+.j`*| +000001a0 ee 04 5f c0 46 6d 74 7a 18 4a e0 ca d4 a6 6a a2 |.._.Fmtz.J....j.| +000001b0 11 21 20 4a 3e 57 3c 67 ff 61 3d 15 32 14 f2 01 |.! J>W<g.a=.2...| +000001c0 a2 cc 96 f6 d1 2d 4f ba 67 ed 02 ae a9 08 13 74 |.....-O.g......t| +000001d0 33 f6 b5 ad e3 e3 ee 0e 65 f6 89 db 80 d4 f5 23 |3.......e......#| +000001e0 7b 5d 7a af 5f c6 43 b7 87 f6 90 25 5a f0 f6 76 |{]z._.C....%Z..v| +000001f0 63 9c 93 d0 f3 94 9c 55 f7 e7 8f 2d cb 83 fb a1 |c......U...-....| +00000200 b3 db 11 d7 f9 f7 4b 66 50 55 64 31 3f fc 97 df |......KfPUd1?...| +00000210 65 f9 e0 eb a2 5e 4d 9d c7 35 fb 1c 22 79 b1 00 |e....^M..5.."y..| +00000220 28 e9 54 28 a9 e6 97 e8 33 92 ac 8e f7 c0 82 ac |(.T(....3.......| +00000230 99 04 f0 f0 cc e7 4f 04 ad fe dc 9f 25 82 93 12 |......O.....%...| +00000240 64 4a f6 34 da 41 8a f7 a9 3e fe 24 ae be 40 b7 |dJ.4.A...>.$..@.| +00000250 10 59 17 11 6f 3c 11 8b eb b2 42 e7 d5 b7 ee d2 |.Y..o<....B.....| +00000260 ae 95 9c 21 48 34 d9 5a 20 95 7c 72 35 05 5e 6c |...!H4.Z .|r5.^l| +00000270 a2 05 46 30 e6 33 d3 91 ac c8 17 4b b1 15 cc f0 |..F0.3.....K....| +00000280 af bb 7c 56 e0 5b 25 8e 35 e0 2e 35 91 0d e0 bc |..|V.[%.5..5....| +00000290 f6 9c 3b 15 f8 96 dc 4e 6c aa 57 c9 f0 1f 55 e2 |..;....Nl.W...U.| +000002a0 d9 5d 09 71 f9 af 17 69 29 d5 94 8a 5f fa b2 ad |.].q...i)..._...| +000002b0 1b b9 ce 90 e7 bd 02 1b ad 9d 91 19 7e f3 8f 2d |............~..-| +000002c0 70 d5 af 2c e7 29 b1 f9 3c 5a 7f 04 6f 73 88 da |p..,.)..<Z..os..| +000002d0 84 bd d7 ad 01 dd 35 b7 1f 64 79 89 ab cb 21 d1 |......5..dy...!.| +000002e0 20 c5 71 b7 78 fe 93 c0 41 33 d8 aa a2 ed a4 64 | .q.x...A3.....d| +000002f0 fb 5b c1 6e 0d 1e f7 ca f6 01 a1 9a fc 82 af 34 |.[.n...........4| +00000300 e3 45 d8 5a b9 81 e7 e4 c2 26 a7 79 b7 f4 87 9f |.E.Z.....&.y....| +00000310 2e 16 ab 96 21 e2 5f 1f c9 e0 30 3e 97 27 42 15 |....!._...0>.'B.| +00000320 6f 13 da a1 b2 b1 43 76 69 eb f1 c6 e2 b5 6c 57 |o.....Cvi.....lW| +00000330 e0 88 c9 0d 7d 37 1b 0b a0 b7 cd 6b ba 3a 52 55 |....}7.....k.:RU| +00000340 61 c6 5c 71 ce 1e 69 b9 ea b4 c6 a5 78 c5 b8 b6 |a.\q..i.....x...| +00000350 4e b1 94 84 a3 d4 31 d9 3b 15 17 03 03 00 99 6c |N.....1.;......l| +00000360 5d dd 43 24 9d 6e 5d 64 d3 54 30 aa 98 c3 7e 21 |].C$.n]d.T0...~!| +00000370 05 06 fc 3b eb 52 12 36 6b 2e e1 32 5a 59 30 a7 |...;.R.6k..2ZY0.| +00000380 b0 bb 52 1a 36 e6 78 20 84 8c cf 0d 90 da c7 88 |..R.6.x ........| +00000390 c4 2f bc b4 b6 03 1b 34 9b c8 12 db bc 87 95 d3 |./.....4........| +000003a0 84 4e 41 c1 de 2f 4c 66 d9 13 fc 78 31 05 6c 67 |.NA../Lf...x1.lg| +000003b0 e3 3d 28 36 0f fe 5f 45 29 d2 1b 4d a5 60 dc f7 |.=(6.._E)..M.`..| +000003c0 20 74 cf f5 7b 3f f7 58 53 0c 64 7d 3f c6 f1 ac | t..{?.XS.d}?...| +000003d0 a9 1b 60 d8 ea a5 32 11 23 6d 66 19 70 2b fa ce |..`...2.#mf.p+..| +000003e0 c8 f6 9d cc 12 83 a1 e1 4b be 98 d3 c2 56 65 34 |........K....Ve4| +000003f0 73 3a b3 6e d8 2c db 3b 17 03 03 00 35 e6 ce 17 |s:.n.,.;....5...| +00000400 e5 92 38 9e 00 2d 66 bf a9 e2 13 66 01 af 64 15 |..8..-f....f..d.| +00000410 8d da 6b f3 a7 f6 5c 76 e1 f4 c4 2f dc 93 c4 3c |..k...\v.../...<| +00000420 69 5a 30 e5 db 5a b5 0b 98 4e 43 a3 51 ba 41 9d |iZ0..Z...NC.Q.A.| +00000430 18 c0 |..| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 02 11 24 0f 0c cc 6a |...........$...j| +00000010 8e 07 9c d7 f9 84 55 cc 79 a7 c1 c5 fb 6e 29 5e |......U.y....n)^| +00000020 31 e1 b1 00 c0 c9 a8 94 59 75 f4 b5 86 7c a4 8c |1.......Yu...|..| +00000030 8d 79 dd 42 45 67 69 f5 fb f0 02 54 f5 8f 1a 86 |.y.BEgi....T....| +00000040 2f a0 4e 9b 68 e2 69 36 48 cb 8e cc 26 fa 1b 60 |/.N.h.i6H...&..`| +00000050 c8 f3 b7 7c 36 dd 59 71 a3 f8 9a 7a bc 8a e1 10 |...|6.Yq...z....| +00000060 8f 6d 69 60 07 b6 62 6d d3 2b fa a4 81 eb ae 3f |.mi`..bm.+.....?| +00000070 9d 7e 1d d7 d1 89 24 4e 7e 65 4b d2 37 58 b2 56 |.~....$N~eK.7X.V| +00000080 a1 8e 10 73 44 9c f1 c7 60 97 49 99 e2 82 74 58 |...sD...`.I...tX| +00000090 e3 1f 41 ec 1d 13 85 f1 95 98 39 cb d1 51 f7 0e |..A.......9..Q..| +000000a0 fe e4 fa 04 20 1a f2 c5 ae 64 9d eb f8 ff 03 ce |.... ....d......| +000000b0 ca 12 7c dd a6 b4 2c a3 eb 8e 83 2c cf 77 6b 82 |..|...,....,.wk.| +000000c0 68 77 58 5d 3e ef 01 0b 78 e9 37 b0 36 9c 62 44 |hwX]>...x.7.6.bD| +000000d0 88 ae f1 5a d7 93 81 0a 84 cf 4f 3b db 05 41 92 |...Z......O;..A.| +000000e0 4d 31 3d 06 9e 73 11 43 de 3e ec b8 b0 48 99 84 |M1=..s.C.>...H..| +000000f0 bc 0c 7c 86 93 03 d5 5f c5 21 34 a5 cc c7 d5 42 |..|...._.!4....B| +00000100 1d 69 94 53 39 d9 56 07 40 46 44 89 e6 95 8d e9 |.i.S9.V.@FD.....| +00000110 ca 6d f0 e0 2a 22 70 bc e7 7f 8e 15 0c 56 51 e3 |.m..*"p......VQ.| +00000120 46 5c b9 66 c5 8b 07 d3 f0 bb 84 fe 71 d6 a2 90 |F\.f........q...| +00000130 d9 ec 46 00 82 10 38 9c 8f 35 e5 48 d8 82 7f 65 |..F...8..5.H...e| +00000140 68 f5 42 48 74 6b 29 79 f3 32 b6 a1 aa 42 73 e3 |h.BHtk)y.2...Bs.| +00000150 c3 f6 fc 76 9e 32 59 26 a6 75 4a dc 65 23 73 10 |...v.2Y&.uJ.e#s.| +00000160 35 79 a5 41 7b 72 d5 cd 33 1f 7d 98 b3 39 4b f6 |5y.A{r..3.}..9K.| +00000170 e8 09 ed d6 62 a0 48 b5 76 47 2e 7e 1a 5d 75 6d |....b.H.vG.~.]um| +00000180 c2 98 22 17 b1 8f 2e a5 a2 b3 b3 5e d9 89 c5 a0 |.."........^....| +00000190 46 2a ac af 20 66 e9 f3 02 84 26 51 c0 0a 2e 0c |F*.. f....&Q....| +000001a0 d3 90 3c 9f 19 3f 25 3e 7d 3a 38 6f f3 ce 2f c4 |..<..?%>}:8o../.| +000001b0 7b 84 e4 d5 c2 c8 90 54 6d 2c 59 70 34 44 53 25 |{......Tm,Yp4DS%| +000001c0 ee ee d6 7e 13 30 1e 09 ff f2 79 bd 7c a1 af a9 |...~.0....y.|...| +000001d0 a9 7b 51 6a d8 17 41 22 f5 d0 5d 84 00 a7 5f 1a |.{Qj..A"..]..._.| +000001e0 b6 15 98 de f4 bd cd fe 70 38 5c 0f 44 60 5a 7d |........p8\.D`Z}| +000001f0 be df 6e 56 bb 83 0b 10 fa 5d 3a 2c 9e 4a 00 7f |..nV.....]:,.J..| +00000200 ec f4 42 52 52 95 5e e1 bd cc cf a0 45 c2 79 2c |..BRR.^.....E.y,| +00000210 10 4d 14 35 ad bd 18 d4 b1 aa 09 65 17 03 03 00 |.M.5.......e....| +00000220 99 a4 2c 7a c2 25 ba 3b a2 84 1f e8 a0 d1 5c c4 |..,z.%.;......\.| +00000230 bb c6 f8 fc eb 19 3e f5 e6 53 9f c3 35 d3 7a 00 |......>..S..5.z.| +00000240 68 e1 e0 2f 73 75 d7 2d df 44 aa 34 43 bf 66 c1 |h../su.-.D.4C.f.| +00000250 31 0d e6 86 f8 71 6b 71 ac 89 c5 26 cf d9 1e 43 |1....qkq...&...C| +00000260 33 c3 48 68 e0 4d f5 d5 69 ff fc 02 47 cc 91 41 |3.Hh.M..i...G..A| +00000270 83 41 58 04 2a 02 53 3c 3b 0a 4c 18 16 00 fd e8 |.AX.*.S<;.L.....| +00000280 64 54 0d 34 a1 3d a5 4b bd c2 54 17 c3 5a 82 7a |dT.4.=.K..T..Z.z| +00000290 55 5d a9 57 63 62 ef 8b 3a 75 f2 cd 34 ef d6 30 |U].Wcb..:u..4..0| +000002a0 08 7f 03 0b c3 eb 29 94 88 11 38 42 40 6f bf cc |......)...8B@o..| +000002b0 d4 01 3f 8a 90 11 f9 da fd 9e 17 03 03 00 35 7d |..?...........5}| +000002c0 2d 12 d7 58 d0 76 43 25 d1 8d 5c 5c b1 7f fa 48 |-..X.vC%..\\...H| +000002d0 a9 21 48 02 64 76 91 6c 79 7e b9 22 33 f7 32 cb |.!H.dv.ly~."3.2.| +000002e0 50 22 78 02 96 4e 2d f6 09 68 06 8e 44 e6 fd 7f |P"x..N-..h..D...| +000002f0 cf 0a 7e a3 17 03 03 00 17 84 cd d8 f2 e2 38 2e |..~...........8.| +00000300 57 e5 47 76 48 50 34 9e 65 d4 c6 1d 7d b3 4e 91 |W.GvHP4.e...}.N.| +00000310 17 03 03 00 13 e5 05 98 5b 87 5d db ae 89 38 2c |........[.]...8,| +00000320 35 89 31 14 73 cd 16 54 |5.1.s..T| diff --git a/libgo/go/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled b/libgo/go/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled new file mode 100644 index 0000000..cb626a1 --- /dev/null +++ b/libgo/go/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled @@ -0,0 +1,126 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 97 01 00 00 93 03 03 9e b1 2a 26 04 |.............*&.| +00000010 8d 66 df 43 cb 0a 85 80 4f f2 99 7d 80 20 64 7e |.f.C....O..}. d~| +00000020 30 a0 bb 60 ac 0e d4 ce f0 ae 98 00 00 04 00 2f |0..`.........../| +00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....| +00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................| +00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 1b 0d 00 00 17 02 01 40 |;..............@| +000002a0 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 |................| +000002b0 02 03 00 00 16 03 03 00 04 0e 00 00 00 |.............| +>>> Flow 3 (client to server) +00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 03 00 86 10 00 00 82 00 80 3f 1b ee |.5...........?..| +00000210 02 ec a5 9f 6e 38 69 2c b7 03 89 65 b4 92 79 a0 |....n8i,...e..y.| +00000220 b2 0b ab 9b 44 9c 68 d1 8e 5c 40 9c b5 1c a5 70 |....D.h..\@....p| +00000230 00 a2 2e fb 98 b7 45 7b 9c 63 46 68 1d 55 9e 01 |......E{.cFh.U..| +00000240 7f 84 31 62 07 c4 2f 20 5f 1a 94 8c 1f f4 3a 6d |..1b../ _.....:m| +00000250 a8 2b b8 08 5b ec 27 e3 49 9e 51 b3 66 98 09 ba |.+..[.'.I.Q.f...| +00000260 64 65 c8 3c 11 fb 14 4a c9 ea 3c 5e 52 10 a0 0b |de.<...J..<^R...| +00000270 a9 fc 10 13 c9 99 0c a0 8b b4 40 66 0e 11 5e 1d |..........@f..^.| +00000280 8b 45 5c 4d 0d 39 39 f6 0c 59 8f 06 99 16 03 03 |.E\M.99..Y......| +00000290 00 88 0f 00 00 84 04 01 00 80 71 1c 9c fd b2 c9 |..........q.....| +000002a0 b9 7f f3 51 e2 63 96 08 56 d2 bd 19 61 9f 3f be |...Q.c..V...a.?.| +000002b0 e5 4c 22 a8 3f 81 98 2d 67 56 4e 2d 61 6e 51 e5 |.L".?..-gVN-anQ.| +000002c0 11 24 bd 1b 38 ba dc 8c 76 51 1d 3c 6e 81 50 9a |.$..8...vQ.<n.P.| +000002d0 b5 24 9c d8 af f7 80 8a 51 43 ec b3 59 18 bd ea |.$......QC..Y...| +000002e0 8a be af 11 c8 ac 60 88 e3 67 a2 ae c2 95 16 47 |......`..g.....G| +000002f0 2b e2 ea 42 0a 0a 3f 2b 8b c8 ec 9d e7 b2 a6 ee |+..B..?+........| +00000300 f4 9b ba 28 47 e2 30 ae 05 89 09 65 3d b6 54 8a |...(G.0....e=.T.| +00000310 4a df d4 fa a5 4c 30 38 53 f2 14 03 03 00 01 01 |J....L08S.......| +00000320 16 03 03 00 40 97 50 23 88 56 0d d4 1b ba 6f 3e |....@.P#.V....o>| +00000330 8d 82 6c f3 04 55 2c 13 d9 5b 0a 73 88 4f 8b 3c |..l..U,..[.s.O.<| +00000340 cd ef 1a a7 15 7c 33 bb ff fa 01 c4 87 d7 df 47 |.....|3........G| +00000350 37 b6 fe 1d e6 82 c2 8a 33 b1 c9 ae 85 45 c8 0d |7.......3....E..| +00000360 38 47 69 2d 54 |8Gi-T| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 20 98 12 44 63 |........... ..Dc| +00000020 e7 77 e6 e8 c0 c7 d7 b6 f7 c4 4e 13 e3 79 af 33 |.w........N..y.3| +00000030 3b 6c 86 22 c5 9e dd 25 74 e5 7b 37 fb 24 c6 48 |;l."...%t.{7.$.H| +00000040 c9 74 a7 9b 9b 32 a7 c1 b9 bb e0 17 03 03 00 40 |.t...2.........@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 80 d7 ec 51 cf ae d4 1a af 11 59 d1 0c 62 a6 67 |...Q......Y..b.g| +00000070 2e 6f 18 23 29 75 92 07 b1 16 09 8f 2d f8 04 fe |.o.#)u......-...| +00000080 ce 71 2c b6 00 fd 7b 53 cb 6d 97 06 06 e6 af f4 |.q,...{S.m......| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 73 14 3a 87 3b ca 3a 2b b2 52 30 |.....s.:.;.:+.R0| +000000b0 98 62 88 1b a7 58 66 47 66 72 fd bb b6 b7 6b 99 |.b...XfGfr....k.| +000000c0 20 ab e9 22 62 | .."b| diff --git a/libgo/go/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled-Required b/libgo/go/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled-Required new file mode 100644 index 0000000..86d5415 --- /dev/null +++ b/libgo/go/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven-PSS-Disabled-Required @@ -0,0 +1,74 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 97 01 00 00 93 03 03 d7 9c de f8 62 |...............b| +00000010 7e 32 5b bc d5 12 35 89 42 37 be ca 55 74 24 61 |~2[...5.B7..Ut$a| +00000020 c0 50 91 0f 1b 42 29 9f c1 6a cb 00 00 04 00 2f |.P...B)..j...../| +00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000060 00 16 00 00 00 17 00 00 00 0d 00 30 00 2e 04 03 |...........0....| +00000070 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +00000080 08 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 |................| +00000090 02 01 03 02 02 02 04 02 05 02 06 02 |............| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 00 2f 00 00 |...DOWNGRD.../..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 1b 0d 00 00 17 02 01 40 |;..............@| +000002a0 00 10 04 01 04 03 05 01 05 03 06 01 06 03 02 01 |................| +000002b0 02 03 00 00 16 03 03 00 04 0e 00 00 00 |.............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 07 0b 00 00 03 00 00 00 16 03 03 00 |................| +00000010 86 10 00 00 82 00 80 1d c6 6c b0 b9 b3 41 06 80 |.........l...A..| +00000020 e0 f5 df 06 ae 0f 2f 5f 72 14 44 47 16 c4 f0 a6 |....../_r.DG....| +00000030 68 be fa ee ec 9b 38 b0 e4 bd a3 e9 ca 18 5b 25 |h.....8.......[%| +00000040 33 31 57 86 63 59 0e ce 10 77 f8 42 a6 5c ad 3f |31W.cY...w.B.\.?| +00000050 80 85 a5 c1 06 4c 36 aa f3 ee 62 39 66 69 76 51 |.....L6...b9fivQ| +00000060 57 cc a0 b1 35 81 d5 38 01 2d 83 0e 2e 6b a9 84 |W...5..8.-...k..| +00000070 0d 8b 29 93 90 78 2d 0d 33 5f 85 0d 00 0c e2 5f |..)..x-.3_....._| +00000080 83 21 28 27 83 ad 9d 19 2d 01 35 6d 85 2e 8d 6b |.!('....-.5m...k| +00000090 eb 7a cd 8a 3f 42 e2 14 03 03 00 01 01 16 03 03 |.z..?B..........| +000000a0 00 40 5e 19 0f d0 4c 17 e0 25 e6 6b a1 d9 ea 59 |.@^...L..%.k...Y| +000000b0 f4 3a 55 84 2c 50 1e 53 47 78 45 b8 97 f7 7f 3d |.:U.,P.SGxE....=| +000000c0 af d9 7a ad 30 30 77 1a 93 05 19 5b 9b 13 70 e0 |..z.00w....[..p.| +000000d0 e0 f8 ba 6a bd 74 c5 71 0d 5a 2c 3f 2d 98 1a 3c |...j.t.q.Z,?-..<| +000000e0 5a 7d |Z}| +>>> Flow 4 (server to client) +00000000 15 03 03 00 02 02 2a |......*| diff --git a/libgo/go/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled b/libgo/go/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled new file mode 100644 index 0000000..302e64e --- /dev/null +++ b/libgo/go/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled @@ -0,0 +1,84 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 cb 01 00 00 c7 03 03 ed 3d 3e 10 95 |............=>..| +00000010 8b 6f 6c be 5c b7 77 c0 79 91 f8 b3 6f 52 27 18 |.ol.\.w.y...oR'.| +00000020 0a b7 88 52 df 3c 6c 87 b4 5a 4c 00 00 38 c0 2c |...R.<l..ZL..8.,| +00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..| +00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....| +00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<| +00000060 00 35 00 2f 00 ff 01 00 00 66 00 00 00 0e 00 0c |.5./.....f......| +00000070 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| +00000080 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................| +00000090 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 30 |...............0| +000000a0 00 2e 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................| +000000b0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 |................| +000000c0 02 03 03 01 02 01 03 02 02 02 04 02 05 02 06 02 |................| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 |...DOWNGRD...0..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 1d |;...............| +000002a0 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 | /.}.G.bC.(.._.)| +000002b0 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b |.0.........._X.;| +000002c0 74 04 01 00 80 a5 a9 75 be 51 ff dc b3 bb 77 79 |t......u.Q....wy| +000002d0 ef 5b 9f d9 27 6c 76 ea ce 5c 66 20 03 2e 94 fd |.[..'lv..\f ....| +000002e0 28 94 69 ff 06 ab bd 34 43 51 72 fb 15 42 e6 38 |(.i....4CQr..B.8| +000002f0 c5 7a 5d 7f 35 a7 3c 85 ec df 95 23 0f 28 c7 dc |.z].5.<....#.(..| +00000300 0e a6 ec fe 5e 77 3f 95 1d a7 73 1d d8 7b 68 92 |....^w?...s..{h.| +00000310 5b a5 b8 ba f5 7c a5 60 2e 43 d6 60 64 3e 33 c7 |[....|.`.C.`d>3.| +00000320 8b c2 56 68 e3 28 2b 2e 8b 9a 85 29 77 73 24 3e |..Vh.(+....)ws$>| +00000330 2b 95 b8 40 a7 f1 60 b5 9e 85 3e 1d ae ab 7f 85 |+..@..`...>.....| +00000340 63 63 d1 cf 62 16 03 03 00 04 0e 00 00 00 |cc..b.........| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 43 dd 3e 28 34 9f |....%...! C.>(4.| +00000010 a9 0c 8e 14 66 01 a1 dd 15 8e 71 b4 05 83 d9 a3 |....f.....q.....| +00000020 5f 5c a3 31 ad 5c d5 5a ad 56 14 03 03 00 01 01 |_\.1.\.Z.V......| +00000030 16 03 03 00 28 f3 ad d2 ec 9e 1e 85 2d 96 5f bc |....(.......-._.| +00000040 70 cc 0a c2 22 ef 0a fe fb b0 77 f1 59 59 08 a6 |p...".....w.YY..| +00000050 57 39 16 00 82 0b 60 1e 9a 74 75 3a 8a |W9....`..tu:.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....| +00000010 00 00 00 cf 63 14 29 73 c7 7b 6c 98 50 db 5f 8e |....c.)s.{l.P._.| +00000020 f4 de 68 bc c0 60 2c db 9e 1f d9 48 55 51 05 47 |..h..`,....HUQ.G| +00000030 7e 43 37 17 03 03 00 25 00 00 00 00 00 00 00 01 |~C7....%........| +00000040 67 0a e7 77 dd 1a 30 87 27 90 b0 42 31 42 09 53 |g..w..0.'..B1B.S| +00000050 03 bf 0c 10 3a c3 a7 95 e9 6e 63 57 ad 15 03 03 |....:....ncW....| +00000060 00 1a 00 00 00 00 00 00 00 02 d5 1a ac 66 50 93 |.............fP.| +00000070 46 0a da 98 1f cc 30 40 c1 47 c7 88 |F.....0@.G..| diff --git a/libgo/go/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled-Required b/libgo/go/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled-Required new file mode 100644 index 0000000..9e9570f --- /dev/null +++ b/libgo/go/crypto/tls/testdata/Server-TLSv12-RSA-PSS-Disabled-Required @@ -0,0 +1,54 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 5a 8a 66 22 31 |...........Z.f"1| +00000010 69 92 30 d5 7b 7c 17 a7 7c 14 d6 3c a9 9e ba dd |i.0.{|..|..<....| +00000020 7c 73 fe b4 b4 dd d8 28 39 32 0d 00 00 2a c0 30 ||s.....(92...*.0| +00000030 00 9f cc a8 cc aa c0 2f 00 9e c0 28 00 6b c0 27 |......./...(.k.'| +00000040 00 67 c0 14 00 39 c0 13 00 33 00 9d 00 9c 00 3d |.g...9...3.....=| +00000050 00 3c 00 35 00 2f 00 ff 01 00 00 3a 00 00 00 0e |.<.5./.....:....| +00000060 00 0c 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b |.....127.0.0.1..| +00000070 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 |................| +00000080 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d |................| +00000090 00 04 00 02 08 04 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 |...DOWNGRD...0..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 15 03 03 00 02 02 28 |;.........(| diff --git a/libgo/go/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven-PSS-Disabled b/libgo/go/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven-PSS-Disabled new file mode 100644 index 0000000..89361f1 --- /dev/null +++ b/libgo/go/crypto/tls/testdata/Server-TLSv13-ClientAuthRequestedAndGiven-PSS-Disabled @@ -0,0 +1,182 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 e0 01 00 00 dc 03 03 32 03 2a b3 ed |...........2.*..| +00000010 c2 1a 71 f2 ff ea 0b 1c fa f9 c6 88 03 7c 84 89 |..q..........|..| +00000020 4e 45 60 81 d9 58 dc 9f 0a 60 d1 20 ce 4d 59 a5 |NE`..X...`. .MY.| +00000030 10 b1 76 53 f5 77 26 fd 17 08 f9 e5 14 03 c4 0a |..vS.w&.........| +00000040 65 fd 83 bb a9 3b 24 05 24 1b ef 00 00 08 13 02 |e....;$.$.......| +00000050 13 03 13 01 00 ff 01 00 00 8b 00 00 00 0e 00 0c |................| +00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| +00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................| +00000080 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 1e |................| +00000090 00 1c 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................| +000000a0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 00 2b |...............+| +000000b0 00 03 02 03 04 00 2d 00 02 01 01 00 33 00 26 00 |......-.....3.&.| +000000c0 24 00 1d 00 20 06 b0 03 80 81 d6 e7 f4 31 85 4c |$... ........1.L| +000000d0 e3 50 35 c1 df 6e 28 9f 38 ce c0 7b fc 71 00 8c |.P5..n(.8..{.q..| +000000e0 9a 25 07 95 57 |.%..W| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 ce 4d 59 a5 |........... .MY.| +00000030 10 b1 76 53 f5 77 26 fd 17 08 f9 e5 14 03 c4 0a |..vS.w&.........| +00000040 65 fd 83 bb a9 3b 24 05 24 1b ef 00 13 02 00 00 |e....;$.$.......| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 ad ce ff 21 b8 39 |.............!.9| +00000090 16 f6 10 6e 8d 6c 0f 46 2f 58 55 b3 e4 4f 2d 5c |...n.l.F/XU..O-\| +000000a0 26 17 03 03 00 3c fd 24 07 75 28 2b f2 ec d9 74 |&....<.$.u(+...t| +000000b0 f0 76 e4 02 e6 02 bd 47 58 0f 68 60 ac 6c 59 a8 |.v.....GX.h`.lY.| +000000c0 87 94 b9 cb c3 fa 41 15 4c 95 b8 58 da 8c d9 ea |......A.L..X....| +000000d0 3a ab 0c 06 83 a5 2b d1 39 6f 32 92 bf e1 c0 f4 |:.....+.9o2.....| +000000e0 49 51 17 03 03 02 6d 22 dc 8c fc ae 21 96 41 17 |IQ....m"....!.A.| +000000f0 45 93 6e 08 61 6b 46 b9 9a cf 2e 79 a8 1a 46 30 |E.n.akF....y..F0| +00000100 a4 de 3d 53 87 bf 57 3a 44 4f 5b 3f c9 b2 f0 0e |..=S..W:DO[?....| +00000110 56 5f 5a ee 5a 1f df cc fe f3 54 ab 87 d7 bb 00 |V_Z.Z.....T.....| +00000120 2c 61 de ad 31 9c d4 cf 43 bf e7 84 d1 1d 3c cb |,a..1...C.....<.| +00000130 82 d1 81 9d 13 90 6b c8 fd 01 53 4f 13 a5 91 a4 |......k...SO....| +00000140 fe 20 ce 2c 34 96 62 b7 6f f0 f0 65 f0 01 18 99 |. .,4.b.o..e....| +00000150 31 3d cb c6 72 6f 54 d6 ec fa a3 dd 94 67 6b b9 |1=..roT......gk.| +00000160 ff 2c 41 ba 00 d5 25 ba b1 7a e5 d2 1c 0b 37 ad |.,A...%..z....7.| +00000170 df 0b 62 be b3 69 5b 84 39 2d 72 c2 b9 ec 68 87 |..b..i[.9-r...h.| +00000180 32 23 92 4b a8 f0 17 25 0f d7 86 97 45 65 73 e1 |2#.K...%....Ees.| +00000190 49 c4 3c 8d 26 43 34 06 4c be 50 76 ae 63 6f 1d |I.<.&C4.L.Pv.co.| +000001a0 ed 57 93 5a 7f 98 e2 1e 5f 94 74 a2 54 59 63 12 |.W.Z...._.t.TYc.| +000001b0 bb 8b df 77 20 3a 9c ea c7 40 b0 cf 8e 7f f8 98 |...w :...@......| +000001c0 06 92 38 be 77 11 17 03 c2 ac af fc 8d 7d d5 6b |..8.w........}.k| +000001d0 f7 2b 7a f3 b8 dc b0 cf 3e f7 c5 f4 b3 34 4b 06 |.+z.....>....4K.| +000001e0 c6 ed b5 dc 0c 2d 4e bc 03 94 cc 03 f2 9f 5d c6 |.....-N.......].| +000001f0 57 36 5a 01 81 65 27 75 1d 4f 22 9f b5 da 7f e2 |W6Z..e'u.O".....| +00000200 7d 36 f3 4b 05 3f 40 47 c6 1b af e6 99 c0 ca 35 |}6.K.?@G.......5| +00000210 98 c8 30 60 7b 42 4e e7 5c 90 28 d7 4e db f3 78 |..0`{BN.\.(.N..x| +00000220 22 e2 a3 86 0c 9e 19 43 0e 89 d4 f6 78 38 21 16 |"......C....x8!.| +00000230 84 38 36 6a 2d a5 94 2c 52 2b 00 de 67 16 e8 89 |.86j-..,R+..g...| +00000240 32 21 0e fd b0 23 91 06 8b fa 82 70 21 bc 1f 29 |2!...#.....p!..)| +00000250 32 af f4 b9 15 7f aa 22 c1 e8 e3 2c 92 b4 d8 2a |2......"...,...*| +00000260 64 58 f4 f1 85 85 14 92 f3 16 8e 2d 5b a6 7e ef |dX.........-[.~.| +00000270 22 5a 58 bb 4c f1 36 70 2f ca 03 df fb 0a d0 03 |"ZX.L.6p/.......| +00000280 55 5d d9 6b 63 48 d2 75 82 d4 56 af 17 5a 60 4f |U].kcH.u..V..Z`O| +00000290 af 8b 17 d6 fd 96 be 3d 82 25 0e 73 2e 58 0e 0a |.......=.%.s.X..| +000002a0 5c 2d c8 f5 17 b0 ae 7d 39 90 cb 75 bb 4b 33 22 |\-.....}9..u.K3"| +000002b0 bd a2 02 00 70 43 a8 54 ee 7c 25 d5 d7 88 08 f6 |....pC.T.|%.....| +000002c0 3f 34 61 55 f5 d3 53 0c 8c b1 9b fd 4e d9 65 7a |?4aU..S.....N.ez| +000002d0 2b 6e b4 d5 37 34 18 f3 14 00 9f 56 40 d9 15 ea |+n..74.....V@...| +000002e0 59 5a 4b 4a bb f7 19 72 60 4a 08 8f 75 d6 7b a4 |YZKJ...r`J..u.{.| +000002f0 de 79 c5 21 1a cb 82 97 b3 88 d8 ae 65 30 cc 56 |.y.!........e0.V| +00000300 da a3 04 5c 63 f4 44 a5 eb 05 55 ad 78 46 44 ac |...\c.D...U.xFD.| +00000310 56 2e f6 f7 eb 47 f6 f1 62 8d df 27 7d 86 5e 58 |V....G..b..'}.^X| +00000320 5f 4c 34 6e f6 c0 fd 56 7d 46 82 5d 53 db 2a 84 |_L4n...V}F.]S.*.| +00000330 45 db e7 9c b9 23 32 59 cf 85 f7 12 c5 e8 9e 3c |E....#2Y.......<| +00000340 2d 3f 81 a5 24 cf 36 ad d6 65 02 35 84 de 43 f8 |-?..$.6..e.5..C.| +00000350 04 e2 8b ae 17 03 03 00 99 ce e8 48 a3 34 5e fb |...........H.4^.| +00000360 76 f1 e4 3b da 94 0a 25 ee 78 f6 31 24 10 05 25 |v..;...%.x.1$..%| +00000370 9c e5 ca fc ef c5 66 86 08 15 d8 69 75 d8 49 e9 |......f....iu.I.| +00000380 9b 86 71 3f 1f 41 ee f0 bc 8d 4e aa bc 30 f0 8f |..q?.A....N..0..| +00000390 7b b1 94 7e aa 74 3f eb 23 c5 c9 aa 9a c3 f7 12 |{..~.t?.#.......| +000003a0 23 30 95 2e e1 1b 9c fe 8b 50 b1 d9 17 cf af a1 |#0.......P......| +000003b0 ff ce 8d fa 7e bd 23 59 d0 7a fb 30 12 f4 8d 86 |....~.#Y.z.0....| +000003c0 0c 3c fd 03 50 d4 7f bb f6 fa ba 1d fc 32 cc 7e |.<..P........2.~| +000003d0 12 3a 33 90 c6 82 5d 6a 90 23 6d b8 e6 60 7d d3 |.:3...]j.#m..`}.| +000003e0 a8 f0 0c 75 bc b5 67 68 ed 58 ef 4d ac 91 47 c9 |...u..gh.X.M..G.| +000003f0 c4 bc 17 03 03 00 45 ae 0d 8d 76 8d 28 34 1b 09 |......E...v.(4..| +00000400 4d d5 df 2e aa f8 ff 71 b2 0e 60 a1 ce 8a 58 9c |M......q..`...X.| +00000410 45 64 31 6c 9b 46 66 64 27 98 e6 f3 93 e8 92 81 |Ed1l.Ffd'.......| +00000420 3d 4f db da 98 72 0d b7 71 27 ac 2b 61 81 97 0b |=O...r..q'.+a...| +00000430 e7 ae 32 d7 e2 66 4d 5d f7 01 d0 77 |..2..fM]...w| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 02 11 f6 03 90 9e bc |................| +00000010 dc 00 9b f9 dd 7b 65 dd b0 69 b4 b5 42 fc 25 f2 |.....{e..i..B.%.| +00000020 2b 7e be 52 1a 4b f1 e4 21 94 0d 88 4a 58 07 37 |+~.R.K..!...JX.7| +00000030 67 c7 e3 c4 62 eb 17 57 5d 52 d4 a9 03 39 0e 7d |g...b..W]R...9.}| +00000040 d0 c3 1a 8d ef ec b7 a8 9b 93 50 0d 7f fd a1 10 |..........P.....| +00000050 b6 82 99 21 3f e3 3d 3d 47 04 c3 cd a7 b3 ab e0 |...!?.==G.......| +00000060 f6 33 47 0e 1c 30 36 45 21 32 34 c2 2c 72 20 72 |.3G..06E!24.,r r| +00000070 b6 c7 5b 95 8a 97 84 54 2e d0 5f d5 80 e7 8f 7a |..[....T.._....z| +00000080 6f 50 96 8a 33 13 c6 97 85 25 47 6b 8a b2 a0 29 |oP..3....%Gk...)| +00000090 cd 7f 0e 38 94 53 08 8b c3 2f 89 a2 10 c2 22 5a |...8.S.../...."Z| +000000a0 95 42 a3 45 73 a8 d0 ac 6d ba 95 a4 51 63 b9 b4 |.B.Es...m...Qc..| +000000b0 79 61 be dd c6 ab 97 72 38 30 63 55 a7 7d 9a eb |ya.....r80cU.}..| +000000c0 bb 5a f6 d0 3d 05 81 5d 0e e5 7a 8b ae fe d2 3b |.Z..=..]..z....;| +000000d0 db 85 3a 13 81 ee 36 b3 ff 41 47 d1 67 bf 17 5e |..:...6..AG.g..^| +000000e0 9d a3 4c 92 51 a9 1b 4b ca 13 f6 ee 8a e5 b3 01 |..L.Q..K........| +000000f0 e7 87 ee 1e 2a 9e 56 3d 01 7e 0f cb e5 d6 ea 13 |....*.V=.~......| +00000100 05 3e 8c 5a 24 d0 36 6b 54 9f 8e 3f 07 73 a0 bf |.>.Z$.6kT..?.s..| +00000110 84 c2 90 72 ce 48 50 49 47 27 b3 14 56 5c c7 63 |...r.HPIG'..V\.c| +00000120 7e 7e b5 8f 9d 6d 70 32 6f 3f 4d 53 80 ae f6 2b |~~...mp2o?MS...+| +00000130 fb c9 7a de 76 aa 68 a3 9b a9 a7 47 55 d0 cb f8 |..z.v.h....GU...| +00000140 e8 c4 1c f5 0f 54 82 5b c5 45 18 41 05 da 72 ce |.....T.[.E.A..r.| +00000150 84 d1 8b 00 40 e9 f9 cf b5 d5 3e 71 ee 25 dc 7d |....@.....>q.%.}| +00000160 3b 00 67 68 9d 78 d2 c0 7b cb 5d 9e 79 2c b5 f4 |;.gh.x..{.].y,..| +00000170 1b ea b8 d8 de bd 36 71 2a 26 49 44 1b 5b 92 ad |......6q*&ID.[..| +00000180 1c 2d 2f ab 8e 15 d7 b3 96 89 da 58 77 75 42 32 |.-/........XwuB2| +00000190 c3 6b f1 5e 0b da 91 71 1e d5 f1 dd 32 d8 b6 a5 |.k.^...q....2...| +000001a0 21 a1 1d 5e b1 df 01 37 33 ac 93 11 94 6d b8 e6 |!..^...73....m..| +000001b0 3b be 86 31 da cf b6 ab cd f5 12 4f 85 45 24 06 |;..1.......O.E$.| +000001c0 34 40 7b c5 f8 5f c3 f9 3b cf 9d 2a b3 2e 65 e4 |4@{.._..;..*..e.| +000001d0 0e ed fc 7c b4 2b 32 bf 0e 8f b3 85 93 74 8b e8 |...|.+2......t..| +000001e0 25 e0 47 c0 d8 52 8e c9 ed 7f 16 41 3f b3 79 d8 |%.G..R.....A?.y.| +000001f0 d1 47 19 ae fb ab 97 a5 b2 42 7c a0 73 ad 4f 62 |.G.......B|.s.Ob| +00000200 cf 35 52 7c d6 47 b8 1f e9 65 b0 99 f7 67 e7 64 |.5R|.G...e...g.d| +00000210 14 83 46 c7 90 6e 4d 01 3a c2 e6 19 17 03 03 00 |..F..nM.:.......| +00000220 99 a5 e0 38 3a 91 4a 1d 87 9a eb a6 95 87 35 fc |...8:.J.......5.| +00000230 ae 42 8d 3a fe f6 39 f3 c2 c2 f0 9a f5 8f b5 75 |.B.:..9........u| +00000240 18 6b 84 c0 5b 96 6a 9c 0c aa 81 fc 9a 2e 01 f7 |.k..[.j.........| +00000250 d8 b1 5d 4a 54 cf 79 90 fb 79 57 ff d9 d1 46 59 |..]JT.y..yW...FY| +00000260 02 84 3d ee cc 68 ea 05 1d a2 79 fb 1d 1e d6 ad |..=..h....y.....| +00000270 5b 95 3b 6b 9a c9 07 e5 e4 20 07 6a a0 74 c8 1a |[.;k..... .j.t..| +00000280 31 53 a4 e6 bb bb 28 61 47 41 d5 f3 45 38 71 86 |1S....(aGA..E8q.| +00000290 35 12 f4 8a f2 e4 e9 ae 96 a9 14 ce 8a 1c 5d 59 |5.............]Y| +000002a0 3c d7 3a e7 93 35 c2 53 9f d8 4d cb 98 bd e1 72 |<.:..5.S..M....r| +000002b0 a8 80 55 a6 cd 9c 50 41 ec 50 17 03 03 00 45 2d |..U...PA.P....E-| +000002c0 90 3b 73 cc 24 52 ad 22 90 0e 7d bf 2a a2 44 09 |.;s.$R."..}.*.D.| +000002d0 e2 43 61 f2 48 9b 73 85 00 05 8b 0a 51 ad a0 c0 |.Ca.H.s.....Q...| +000002e0 64 ef 5e 11 86 37 b0 32 af 11 f7 98 7b 74 39 90 |d.^..7.2....{t9.| +000002f0 fa d0 32 f3 fe 4d 01 6b 78 75 31 7e 67 4f 61 0f |..2..M.kxu1~gOa.| +00000300 bb c6 3e c0 |..>.| +>>> Flow 4 (server to client) +00000000 17 03 03 02 9b f5 b2 d6 62 fe e0 c8 8d cc 7a cd |........b.....z.| +00000010 29 51 b2 77 0d 9a 54 fb 43 6d f6 9c e1 ff 28 be |)Q.w..T.Cm....(.| +00000020 fc 50 68 80 2f 1c 4f 50 44 95 64 49 0a 66 fe 79 |.Ph./.OPD.dI.f.y| +00000030 46 ba 88 e9 03 be 5c 91 60 84 78 03 a8 c6 21 90 |F.....\.`.x...!.| +00000040 cd 79 de 2d 2f 81 dd 08 1f 52 1a 0e d8 69 16 22 |.y.-/....R...i."| +00000050 a6 59 5b 2b 85 08 00 16 e7 85 bd 43 9a cc ce e6 |.Y[+.......C....| +00000060 3a ee 70 25 0b 95 90 4b c0 42 4a 48 25 d3 50 92 |:.p%...K.BJH%.P.| +00000070 19 e1 3e b8 72 c5 a1 e8 dd 9f a4 57 2d b0 a6 24 |..>.r......W-..$| +00000080 8b 8c 55 41 f3 26 45 dd dd 2b d3 15 8d d9 ca e4 |..UA.&E..+......| +00000090 15 6e b5 6d 99 79 ba 46 00 e6 5e 75 52 fd f9 26 |.n.m.y.F..^uR..&| +000000a0 cf cd 69 cf be 29 a7 b9 7d 1b 1d 6b ab 17 ee 4e |..i..)..}..k...N| +000000b0 f5 24 b0 89 0f b5 c7 41 4e ea cd 32 98 47 23 bc |.$.....AN..2.G#.| +000000c0 91 03 b1 23 e0 5c 5e 37 40 95 da 90 ef eb 95 81 |...#.\^7@.......| +000000d0 7b 2d c7 15 8f f8 2d ba 69 41 0e a9 eb 19 6c 6c |{-....-.iA....ll| +000000e0 73 b0 05 fc b9 f4 76 91 2b 6a 72 fa d6 e5 87 a9 |s.....v.+jr.....| +000000f0 90 49 81 8c d5 fa 78 a2 a1 8f 77 c7 35 78 1b ba |.I....x...w.5x..| +00000100 ac 3c 41 51 ce 4e 99 c9 74 a0 bc 51 12 b5 15 2c |.<AQ.N..t..Q...,| +00000110 8e 36 6e e1 c9 bb 0f d2 fd 00 97 56 de 66 a9 19 |.6n........V.f..| +00000120 c7 2f 18 e5 67 b4 34 73 9e b2 6f 68 26 8d 2f da |./..g.4s..oh&./.| +00000130 92 bd 52 13 32 3c 49 80 8c c7 3c 11 9d 9f 05 c0 |..R.2<I...<.....| +00000140 aa 5d 63 33 8e 07 60 20 6a 01 1f 5a 16 45 4d ba |.]c3..` j..Z.EM.| +00000150 b0 2a 5c 26 b1 ea 26 72 59 c5 b0 59 8a 1a cb 9a |.*\&..&rY..Y....| +00000160 6a 54 55 06 75 37 a0 c9 04 4e 2f 61 de ef b5 df |jTU.u7...N/a....| +00000170 68 ae 42 03 29 91 e3 1d a0 6b 18 4d 17 23 3d 61 |h.B.)....k.M.#=a| +00000180 87 72 06 9f 45 98 0d 1e f7 f1 f5 f3 f7 04 a5 98 |.r..E...........| +00000190 29 c2 2e 77 d9 2c 95 df 5d 3d 20 41 36 26 1b 46 |)..w.,..]= A6&.F| +000001a0 ea 54 9e a3 96 05 ba f7 33 01 85 b0 d1 9f 78 3c |.T......3.....x<| +000001b0 0f 73 0d 04 52 7f 02 f4 cb 79 f1 e2 d1 63 60 d6 |.s..R....y...c`.| +000001c0 e1 34 05 23 79 c3 37 eb d0 5b ea bc f4 f9 bb 7a |.4.#y.7..[.....z| +000001d0 85 9e 42 50 3c c8 f8 e6 f4 93 71 c2 6a 46 b9 26 |..BP<.....q.jF.&| +000001e0 8c 17 b4 c9 65 00 fb 9a d6 54 ab e6 71 c1 1b 5a |....e....T..q..Z| +000001f0 51 a2 6f df 0b 52 29 8c c3 ec 8e bf 31 36 93 7e |Q.o..R).....16.~| +00000200 59 cc ca 49 71 dc ce 84 40 7d 43 81 5c 96 ed ca |Y..Iq...@}C.\...| +00000210 d1 e6 15 40 cf 19 f4 ed 61 28 9a e3 6b e7 1c 9b |...@....a(..k...| +00000220 c1 71 d0 46 ef 79 3b d8 35 e3 7b 47 3f a2 78 76 |.q.F.y;.5.{G?.xv| +00000230 17 58 13 67 5f 4e f0 ed 2e e9 84 e1 92 0c a6 36 |.X.g_N.........6| +00000240 5c 5b de 8e 5c 04 ed d4 a4 75 10 fd 85 9c e5 8e |\[..\....u......| +00000250 ca 02 14 fb 91 8b 85 14 79 e5 97 1f 63 46 48 90 |........y...cFH.| +00000260 26 c7 2f a2 c0 18 71 d9 2e e3 81 78 7b 74 67 e0 |&./...q....x{tg.| +00000270 e1 ef 48 af 41 96 9f 1a 44 d8 6c 94 49 3e 9b 47 |..H.A...D.l.I>.G| +00000280 71 63 2f 0c 94 c9 42 ac bc 4c 0a 16 fe 9a 90 eb |qc/...B..L......| +00000290 02 75 16 1a 10 23 b2 75 67 c7 c5 17 55 9b cf 69 |.u...#.ug...U..i| +000002a0 17 03 03 00 1e 45 8c ed 99 0f 8a 83 d8 89 70 49 |.....E........pI| +000002b0 17 a8 fd 2b 6e ef ff 53 fa 99 52 89 ee 8b 19 f1 |...+n..S..R.....| +000002c0 41 09 30 17 03 03 00 13 14 f0 f6 ef c5 f9 52 15 |A.0...........R.| +000002d0 77 de 5e 46 63 8d 3b 2f 07 84 aa |w.^Fc.;/...| diff --git a/libgo/go/crypto/tls/testdata/Server-TLSv13-RSA-PSS-Disabled b/libgo/go/crypto/tls/testdata/Server-TLSv13-RSA-PSS-Disabled new file mode 100644 index 0000000..c13db8d --- /dev/null +++ b/libgo/go/crypto/tls/testdata/Server-TLSv13-RSA-PSS-Disabled @@ -0,0 +1,103 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 e0 01 00 00 dc 03 03 1e 9f 50 05 56 |.............P.V| +00000010 a7 21 c8 df 56 a8 f3 bb e4 15 3b b0 04 e5 f5 10 |.!..V.....;.....| +00000020 d8 5b 0e 68 d3 b4 39 64 b5 89 9c 20 5a 6b 29 6d |.[.h..9d... Zk)m| +00000030 22 a0 e0 fb 7f 2d 87 48 e7 b4 c9 b3 5a d0 2b c7 |"....-.H....Z.+.| +00000040 ad d8 e4 ad d5 eb 81 b3 1f 61 0e 65 00 08 13 02 |.........a.e....| +00000050 13 03 13 01 00 ff 01 00 00 8b 00 00 00 0e 00 0c |................| +00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| +00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................| +00000080 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 1e |................| +00000090 00 1c 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................| +000000a0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 00 2b |...............+| +000000b0 00 03 02 03 04 00 2d 00 02 01 01 00 33 00 26 00 |......-.....3.&.| +000000c0 24 00 1d 00 20 ba 67 99 b3 60 71 ed 6c bb 8d 7e |$... .g..`q.l..~| +000000d0 4c c3 ea 37 6d 90 b6 f8 91 67 71 2c 84 a7 32 3a |L..7m....gq,..2:| +000000e0 23 2a 90 13 35 |#*..5| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 5a 6b 29 6d |........... Zk)m| +00000030 22 a0 e0 fb 7f 2d 87 48 e7 b4 c9 b3 5a d0 2b c7 |"....-.H....Z.+.| +00000040 ad d8 e4 ad d5 eb 81 b3 1f 61 0e 65 13 02 00 00 |.........a.e....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.| +00000080 03 03 00 01 01 17 03 03 00 17 d9 74 68 ee e6 54 |...........th..T| +00000090 e3 7a 0e ee 86 c7 a8 bb c7 65 fc e4 c4 6c 58 7a |.z.......e...lXz| +000000a0 1e 17 03 03 02 6d 98 c3 0c cc 80 fe ea 70 13 4e |.....m.......p.N| +000000b0 2f f6 49 99 5f 27 0a f9 4d cf e5 1a 9a 37 fb e7 |/.I._'..M....7..| +000000c0 3b a4 60 82 43 df fb fa 47 15 6f d8 db d2 3e c3 |;.`.C...G.o...>.| +000000d0 dd a0 37 ca b2 b4 c9 1b 5c 86 4a e0 7e 06 1e 27 |..7.....\.J.~..'| +000000e0 73 c6 cd 54 37 df 95 b1 c6 d5 44 85 2c 67 7d a7 |s..T7.....D.,g}.| +000000f0 2a 7d 87 86 5e f3 e5 60 f8 7c de bf 78 89 35 9b |*}..^..`.|..x.5.| +00000100 d1 0b 8a dd 6f 40 d8 5a 55 10 e2 71 b0 7a 5e 4b |....o@.ZU..q.z^K| +00000110 86 18 be 18 a7 f8 8e c6 ae 8c 1e df bf 84 77 c5 |..............w.| +00000120 dc b1 17 26 72 ea bb 9b 28 6c bf 19 8d 1a 22 90 |...&r...(l....".| +00000130 0f 19 92 5b ff db 07 84 48 61 68 f0 50 20 76 a3 |...[....Hah.P v.| +00000140 d3 f2 4a 3b 60 f5 73 cb 61 f7 11 63 f2 a7 0e 18 |..J;`.s.a..c....| +00000150 30 96 d0 17 f1 2f 58 09 49 33 15 3e 31 e4 17 e8 |0..../X.I3.>1...| +00000160 07 48 b5 43 06 40 60 4f a0 78 0d 51 0c 3f 0f 1a |.H.C.@`O.x.Q.?..| +00000170 8c 95 7a 3e 36 66 36 22 dc 58 4e b7 3e 19 ad de |..z>6f6".XN.>...| +00000180 c9 f9 b0 76 e4 e2 8c 04 27 6f 67 8f fe 86 b9 41 |...v....'og....A| +00000190 53 7d 9f d1 e0 a6 0b ec fc c0 82 bf 00 36 28 4d |S}...........6(M| +000001a0 20 3a e3 42 67 87 16 64 6c 4f e2 54 23 d1 0f 32 | :.Bg..dlO.T#..2| +000001b0 e9 16 9a da 46 a6 39 18 d5 6e a6 93 25 de a1 77 |....F.9..n..%..w| +000001c0 d9 26 b5 7c b4 85 8a 69 48 90 11 a9 8c 42 ca b8 |.&.|...iH....B..| +000001d0 88 63 df ec 6c e3 9f 2c 29 75 9b 57 79 8b 69 66 |.c..l..,)u.Wy.if| +000001e0 16 9e 93 48 04 8a 41 e0 8b 0e fb a5 9c fd 68 f6 |...H..A.......h.| +000001f0 5f ab 89 11 e4 aa 4c 6c 92 df b3 a3 39 f0 38 d9 |_.....Ll....9.8.| +00000200 7d 1b 42 13 ee d1 83 e2 20 3f 60 81 96 d9 63 2c |}.B..... ?`...c,| +00000210 e8 54 a5 08 41 9b 1d 02 41 37 a2 ce 0c 9b 34 bf |.T..A...A7....4.| +00000220 43 c5 ac 90 67 cd 6b b6 55 31 36 b1 2b 0e ed 8c |C...g.k.U16.+...| +00000230 23 ae 71 b2 ab f3 94 68 f2 f6 87 d3 87 61 ca aa |#.q....h.....a..| +00000240 0b 65 63 a1 11 dc 6d 74 33 c8 24 a6 ae 40 27 c7 |.ec...mt3.$..@'.| +00000250 d4 06 51 89 15 35 66 21 b0 82 15 87 70 c5 b8 8d |..Q..5f!....p...| +00000260 34 48 ff 41 e0 1a b0 46 f7 38 47 53 64 f7 a3 a2 |4H.A...F.8GSd...| +00000270 61 96 72 ea 90 de 86 18 64 49 91 ed 97 05 e3 27 |a.r.....dI.....'| +00000280 47 df ea 06 c6 28 f9 79 51 5e 64 b6 de 52 75 8a |G....(.yQ^d..Ru.| +00000290 79 8d 8e a6 d5 b0 f1 a6 ab 76 44 25 4b 80 5e e4 |y........vD%K.^.| +000002a0 d4 aa c6 2d 77 1a 49 52 16 d6 73 6b 18 2d d1 a6 |...-w.IR..sk.-..| +000002b0 4c e1 be 4d f8 79 34 a1 4c 81 88 9c 4b 85 f3 28 |L..M.y4.L...K..(| +000002c0 97 fc 3a 7e cf d4 81 2c d3 57 df 09 f5 49 f5 cf |..:~...,.W...I..| +000002d0 c7 7c 22 b3 8e 95 0f 97 6d d1 56 e3 43 7e 52 0f |.|".....m.V.C~R.| +000002e0 d4 da 3f e0 4e 06 b9 84 18 7d 7c 56 49 e0 d7 4a |..?.N....}|VI..J| +000002f0 d6 df c4 70 0c 74 5b 1f 4d 76 28 cd 3b b0 9e 27 |...p.t[.Mv(.;..'| +00000300 cc 6b 1a 13 41 1a 6b bf 0d 2d 93 b2 d5 7e 7e 25 |.k..A.k..-...~~%| +00000310 0e 8a 9c 17 03 03 00 99 df 4b 8e 3e d0 14 be 76 |.........K.>...v| +00000320 f1 d3 ca b1 39 c0 7e 6c 4f 8c d9 0d b8 83 07 39 |....9.~lO......9| +00000330 08 55 13 1e 3d 68 0f 99 9f 9a 68 1f 57 6a aa 41 |.U..=h....h.Wj.A| +00000340 a4 40 2b 12 f2 4b 6c db 3c 59 fa 99 5c e2 c7 2d |.@+..Kl.<Y..\..-| +00000350 4b 55 4c 27 b1 6c bf 99 c3 36 1d 73 7a 8b fd bc |KUL'.l...6.sz...| +00000360 93 77 27 f5 9e cd 10 61 bc 8d b5 bf 7b bb 69 00 |.w'....a....{.i.| +00000370 f9 f0 d3 22 dd 4e 7d 12 5a 61 49 1d d4 29 14 43 |...".N}.ZaI..).C| +00000380 e5 62 ab d8 c6 78 75 80 4b 7a 6b 3f af 4b 92 2a |.b...xu.Kzk?.K.*| +00000390 23 29 da 85 c0 d7 35 03 9d ed 9c f7 83 39 cf cb |#)....5......9..| +000003a0 0f 85 5e 9f 29 61 d8 a2 d0 cb 14 2d 71 50 6f d5 |..^.)a.....-qPo.| +000003b0 c2 17 03 03 00 45 be 9b ee 5d e1 08 8a c2 d6 67 |.....E...].....g| +000003c0 df 3b 84 50 28 30 69 bd 11 89 6a ab 02 ad d7 79 |.;.P(0i...j....y| +000003d0 8b 2c 0a a9 9c ce e5 30 49 2d 59 82 e8 ee d3 03 |.,.....0I-Y.....| +000003e0 77 d3 fc 22 dd 81 be e6 f4 22 36 8d 8e b1 7c 4a |w.."....."6...|J| +000003f0 b9 9c 6a ea 3f f0 aa ac ec b6 c7 17 03 03 00 a3 |..j.?...........| +00000400 69 e0 19 38 57 54 62 6c 28 d9 54 94 79 6e 7b 48 |i..8WTbl(.T.yn{H| +00000410 25 55 7f 5f bb cc 91 07 30 47 55 9b f3 6e b9 ba |%U._....0GU..n..| +00000420 50 65 9b e9 81 5d 53 20 cd 27 5d ee 92 93 01 8f |Pe...]S .'].....| +00000430 5a d6 02 b9 26 1b 45 c3 40 26 6b 81 c3 ba 1e 3c |Z...&.E.@&k....<| +00000440 e6 03 93 b0 18 fe 2d be 07 97 b1 a1 a7 55 8f d8 |......-......U..| +00000450 96 7a 58 ad 7d c1 72 71 d9 25 07 56 22 9a 7a f9 |.zX.}.rq.%.V".z.| +00000460 4a 1b 82 30 e9 fb b0 26 81 45 d2 45 5b 1c 7d 97 |J..0...&.E.E[.}.| +00000470 89 6d 17 69 81 27 a6 4c be d0 78 1d b5 6c 3f 94 |.m.i.'.L..x..l?.| +00000480 ef e4 6b ec 02 63 8b bf f9 00 8a 8a 46 43 5d e0 |..k..c......FC].| +00000490 52 38 8c d5 76 d7 79 42 a3 6b 35 e2 45 f3 0f b5 |R8..v.yB.k5.E...| +000004a0 9f 22 f9 |.".| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 45 4b 7c c5 9e c6 |..........EK|...| +00000010 47 4a 90 d8 c2 c0 49 f7 3b c4 26 eb 15 18 9c bc |GJ....I.;.&.....| +00000020 c8 44 f0 53 94 2f 0f c8 d7 c1 86 42 ed b7 8f 63 |.D.S./.....B...c| +00000030 a0 97 5d 5b 15 01 3a 3d ca a6 d0 1a a4 77 cc 7e |..][..:=.....w.~| +00000040 88 fd 0b c9 a0 46 b7 40 25 8a 03 6e 99 66 bb 84 |.....F.@%..n.f..| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e 6a 41 80 ca 72 5f c3 ee e1 88 49 |.....jA..r_....I| +00000010 6d be a4 d9 26 07 5c 2b 2c a7 83 b5 c4 eb 4e 4b |m...&.\+,.....NK| +00000020 a1 29 98 17 03 03 00 13 2a f9 33 6c 46 f7 9a 51 |.)......*.3lF..Q| +00000030 1b 36 cd bc d8 5d 94 0d 9e 4b 72 |.6...]...Kr| diff --git a/libgo/go/crypto/tls/tls_test.go b/libgo/go/crypto/tls/tls_test.go index 00bb6e4..208c13c 100644 --- a/libgo/go/crypto/tls/tls_test.go +++ b/libgo/go/crypto/tls/tls_test.go @@ -18,10 +18,22 @@ import ( "os" "reflect" "strings" + "sync" "testing" "time" ) +var savedSupportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithmsTLS12 + +func init() { + // TLS 1.3 is opt-in for Go 1.12, and RSA-PSS is disabled in TLS 1.2, but we + // want to run most tests with both enabled. TestTLS13Switch below and the + // "PSS-Disabled" recordings test the disabled behavior. See Issue 30055. + tls13Support.Do(func() {}) // defuse the sync.Once + tls13Support.cached = true + supportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithms +} + var rsaCertPEM = `-----BEGIN CERTIFICATE----- MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX @@ -1076,18 +1088,47 @@ func TestEscapeRoute(t *testing.T) { VersionSSL30, } - ss, cs, err := testHandshake(t, testConfig, testConfig) + expectVersion(t, testConfig, testConfig, VersionTLS12) +} + +func expectVersion(t *testing.T, clientConfig, serverConfig *Config, v uint16) { + ss, cs, err := testHandshake(t, clientConfig, serverConfig) if err != nil { - t.Fatalf("Handshake failed when support for TLS 1.3 was dropped: %v", err) + t.Fatalf("Handshake failed: %v", err) } - if ss.Version != VersionTLS12 { - t.Errorf("Server negotiated version %x, expected %x", cs.Version, VersionTLS12) + if ss.Version != v { + t.Errorf("Server negotiated version %x, expected %x", cs.Version, v) } - if cs.Version != VersionTLS12 { - t.Errorf("Client negotiated version %x, expected %x", cs.Version, VersionTLS12) + if cs.Version != v { + t.Errorf("Client negotiated version %x, expected %x", cs.Version, v) } } +// TestTLS13Switch checks the behavior of GODEBUG=tls13=[0|1]. See Issue 30055. +func TestTLS13Switch(t *testing.T) { + defer func(savedGODEBUG string) { + os.Setenv("GODEBUG", savedGODEBUG) + }(os.Getenv("GODEBUG")) + + os.Setenv("GODEBUG", "tls13=0") + tls13Support.Once = sync.Once{} // reset the cache + + tls12Config := testConfig.Clone() + tls12Config.MaxVersion = VersionTLS12 + expectVersion(t, testConfig, testConfig, VersionTLS12) + expectVersion(t, tls12Config, testConfig, VersionTLS12) + expectVersion(t, testConfig, tls12Config, VersionTLS12) + expectVersion(t, tls12Config, tls12Config, VersionTLS12) + + os.Setenv("GODEBUG", "tls13=1") + tls13Support.Once = sync.Once{} // reset the cache + + expectVersion(t, testConfig, testConfig, VersionTLS13) + expectVersion(t, tls12Config, testConfig, VersionTLS12) + expectVersion(t, testConfig, tls12Config, VersionTLS12) + expectVersion(t, tls12Config, tls12Config, VersionTLS12) +} + // Issue 28744: Ensure that we don't modify memory // that Config doesn't own such as Certificates. func TestBuildNameToCertificate_doesntModifyCertificates(t *testing.T) { diff --git a/libgo/go/crypto/x509/cert_pool.go b/libgo/go/crypto/x509/cert_pool.go index 7c55c3b..3e1e5fb 100644 --- a/libgo/go/crypto/x509/cert_pool.go +++ b/libgo/go/crypto/x509/cert_pool.go @@ -71,10 +71,15 @@ func (s *CertPool) findPotentialParents(cert *Certificate) []int { if s == nil { return nil } + + var candidates []int if len(cert.AuthorityKeyId) > 0 { - return s.bySubjectKeyId[string(cert.AuthorityKeyId)] + candidates = s.bySubjectKeyId[string(cert.AuthorityKeyId)] + } + if len(candidates) == 0 { + candidates = s.byName[string(cert.RawIssuer)] } - return s.byName[string(cert.RawIssuer)] + return candidates } func (s *CertPool) contains(cert *Certificate) bool { diff --git a/libgo/go/crypto/x509/verify_test.go b/libgo/go/crypto/x509/verify_test.go index 85f4703..86fe76a 100644 --- a/libgo/go/crypto/x509/verify_test.go +++ b/libgo/go/crypto/x509/verify_test.go @@ -386,6 +386,19 @@ var verifyTests = []verifyTest{ errorCallback: expectHostnameError("not valid for any names"), }, + { + // A certificate with an AKID should still chain to a parent without SKID. + // See Issue 30079. + leaf: leafWithAKID, + roots: []string{rootWithoutSKID}, + currentTime: 1550000000, + dnsName: "example", + systemSkip: true, + + expectedChains: [][]string{ + {"Acme LLC", "Acme Co"}, + }, + }, } func expectHostnameError(msg string) func(*testing.T, int, error) bool { @@ -1679,6 +1692,109 @@ h7olHCpY9yMRiz0= -----END CERTIFICATE----- ` +const ( + rootWithoutSKID = ` +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 78:29:2a:dc:2f:12:39:7f:c9:33:93:ea:61:39:7d:70 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: O = Acme Co + Validity + Not Before: Feb 4 22:56:34 2019 GMT + Not After : Feb 1 22:56:34 2029 GMT + Subject: O = Acme Co + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:84:a6:8c:69:53:af:87:4b:39:64:fe:04:24:e6: + d8:fc:d6:46:39:35:0e:92:dc:48:08:7e:02:5f:1e: + 07:53:5c:d9:e0:56:c5:82:07:f6:a3:e2:ad:f6:ad: + be:a0:4e:03:87:39:67:0c:9c:46:91:68:6b:0e:8e: + f8:49:97:9d:5b + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Certificate Sign + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Alternative Name: + DNS:example + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:c6:81:61:61:42:8d:37:e7:d0:c3:72:43:44: + 17:bd:84:ff:88:81:68:9a:99:08:ab:3c:3a:c0:1e:ea:8c:ba: + c0:02:21:00:de:c9:fa:e5:5e:c6:e2:db:23:64:43:a9:37:42: + 72:92:7f:6e:89:38:ea:9e:2a:a7:fd:2f:ea:9a:ff:20:21:e7 +-----BEGIN CERTIFICATE----- +MIIBbzCCARSgAwIBAgIQeCkq3C8SOX/JM5PqYTl9cDAKBggqhkjOPQQDAjASMRAw +DgYDVQQKEwdBY21lIENvMB4XDTE5MDIwNDIyNTYzNFoXDTI5MDIwMTIyNTYzNFow +EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABISm +jGlTr4dLOWT+BCTm2PzWRjk1DpLcSAh+Al8eB1Nc2eBWxYIH9qPirfatvqBOA4c5 +ZwycRpFoaw6O+EmXnVujTDBKMA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggr +BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MBIGA1UdEQQLMAmCB2V4YW1wbGUwCgYI +KoZIzj0EAwIDSQAwRgIhAMaBYWFCjTfn0MNyQ0QXvYT/iIFompkIqzw6wB7qjLrA +AiEA3sn65V7G4tsjZEOpN0Jykn9uiTjqniqn/S/qmv8gIec= +-----END CERTIFICATE----- +` + leafWithAKID = ` + Certificate: + Data: + Version: 3 (0x2) + Serial Number: + f0:8a:62:f0:03:84:a2:cf:69:63:ad:71:3b:b6:5d:8c + Signature Algorithm: ecdsa-with-SHA256 + Issuer: O = Acme Co + Validity + Not Before: Feb 4 23:06:52 2019 GMT + Not After : Feb 1 23:06:52 2029 GMT + Subject: O = Acme LLC + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:5a:4e:4d:fb:ff:17:f7:b6:13:e8:29:45:34:81: + 39:ff:8c:9c:d9:8c:0a:9f:dd:b5:97:4c:2b:20:91: + 1c:4f:6b:be:53:27:66:ec:4a:ad:08:93:6d:66:36: + 0c:02:70:5d:01:ca:7f:c3:29:e9:4f:00:ba:b4:14: + ec:c5:c3:34:b3 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Authority Key Identifier: + keyid:C2:2B:5F:91:78:34:26:09:42:8D:6F:51:B2:C5:AF:4C:0B:DE:6A:42 + + X509v3 Subject Alternative Name: + DNS:example + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:64:e0:ba:56:89:63:ce:22:5e:4f:22:15:fd:3c: + 35:64:9a:3a:6b:7b:9a:32:a0:7f:f7:69:8c:06:f0:00:58:b8: + 02:20:09:e4:9f:6d:8b:9e:38:e1:b6:01:d5:ee:32:a4:94:65: + 93:2a:78:94:bb:26:57:4b:c7:dd:6c:3d:40:2b:63:90 +-----BEGIN CERTIFICATE----- +MIIBjTCCATSgAwIBAgIRAPCKYvADhKLPaWOtcTu2XYwwCgYIKoZIzj0EAwIwEjEQ +MA4GA1UEChMHQWNtZSBDbzAeFw0xOTAyMDQyMzA2NTJaFw0yOTAyMDEyMzA2NTJa +MBMxETAPBgNVBAoTCEFjbWUgTExDMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE +Wk5N+/8X97YT6ClFNIE5/4yc2YwKn921l0wrIJEcT2u+Uydm7EqtCJNtZjYMAnBd +Acp/wynpTwC6tBTsxcM0s6NqMGgwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoG +CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUwitfkXg0JglCjW9R +ssWvTAveakIwEgYDVR0RBAswCYIHZXhhbXBsZTAKBggqhkjOPQQDAgNHADBEAiBk +4LpWiWPOIl5PIhX9PDVkmjpre5oyoH/3aYwG8ABYuAIgCeSfbYueOOG2AdXuMqSU +ZZMqeJS7JldLx91sPUArY5A= +-----END CERTIFICATE----- +` +) + var unknownAuthorityErrorTests = []struct { cert string expected string diff --git a/libgo/go/crypto/x509/x509.go b/libgo/go/crypto/x509/x509.go index 08681a6..58098ad 100644 --- a/libgo/go/crypto/x509/x509.go +++ b/libgo/go/crypto/x509/x509.go @@ -2272,21 +2272,25 @@ type CertificateRequest struct { Subject pkix.Name - // Attributes is the dried husk of a bug and shouldn't be used. + // Attributes contains the CSR attributes that can parse as + // pkix.AttributeTypeAndValueSET. + // + // Deprecated: use Extensions and ExtraExtensions instead for parsing and + // generating the requestedExtensions attribute. Attributes []pkix.AttributeTypeAndValueSET - // Extensions contains raw X.509 extensions. When parsing CSRs, this - // can be used to extract extensions that are not parsed by this + // Extensions contains all requested extensions, in raw form. When parsing + // CSRs, this can be used to extract extensions that are not parsed by this // package. Extensions []pkix.Extension - // ExtraExtensions contains extensions to be copied, raw, into any - // marshaled CSR. Values override any extensions that would otherwise - // be produced based on the other fields but are overridden by any - // extensions specified in Attributes. + // ExtraExtensions contains extensions to be copied, raw, into any CSR + // marshaled by CreateCertificateRequest. Values override any extensions + // that would otherwise be produced based on the other fields but are + // overridden by any extensions specified in Attributes. // - // The ExtraExtensions field is not populated when parsing CSRs, see - // Extensions. + // The ExtraExtensions field is not populated by ParseCertificateRequest, + // see Extensions instead. ExtraExtensions []pkix.Extension // Subject Alternate Name values. @@ -2385,21 +2389,21 @@ func parseCSRExtensions(rawAttributes []asn1.RawValue) ([]pkix.Extension, error) // CreateCertificateRequest creates a new certificate request based on a // template. The following members of template are used: // -// - Attributes +// - SignatureAlgorithm +// - Subject // - DNSNames // - EmailAddresses -// - ExtraExtensions // - IPAddresses // - URIs -// - SignatureAlgorithm -// - Subject +// - ExtraExtensions +// - Attributes (deprecated) // -// The private key is the private key of the signer. +// priv is the private key to sign the CSR with, and the corresponding public +// key will be included in the CSR. It must implement crypto.Signer and its +// Public() method must return a *rsa.PublicKey or a *ecdsa.PublicKey. (A +// *rsa.PrivateKey or *ecdsa.PrivateKey satisfies this.) // // The returned slice is the certificate request in DER encoding. -// -// All keys types that are implemented via crypto.Signer are supported (This -// includes *rsa.PublicKey and *ecdsa.PublicKey.) func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error) { key, ok := priv.(crypto.Signer) if !ok { diff --git a/libgo/go/database/sql/sql.go b/libgo/go/database/sql/sql.go index b0353ab..8cdc903 100644 --- a/libgo/go/database/sql/sql.go +++ b/libgo/go/database/sql/sql.go @@ -1698,7 +1698,7 @@ func (db *DB) Conn(ctx context.Context) (*Conn, error) { } } if err == driver.ErrBadConn { - dc, err = db.conn(ctx, cachedOrNewConn) + dc, err = db.conn(ctx, alwaysNewConn) } if err != nil { return nil, err @@ -2256,6 +2256,13 @@ var ( // Stmt is a prepared statement. // A Stmt is safe for concurrent use by multiple goroutines. +// +// If a Stmt is prepared on a Tx or Conn, it will be bound to a single +// underlying connection forever. If the Tx or Conn closes, the Stmt will +// become unusable and all operations will return an error. +// If a Stmt is prepared on a DB, it will remain usable for the lifetime of the +// DB. When the Stmt needs to execute on a new underlying connection, it will +// prepare itself on the new connection automatically. type Stmt struct { // Immutable: db *DB // where we came from diff --git a/libgo/go/encoding/json/encode.go b/libgo/go/encoding/json/encode.go index f10124e..dea63f1 100644 --- a/libgo/go/encoding/json/encode.go +++ b/libgo/go/encoding/json/encode.go @@ -259,6 +259,7 @@ func (e *InvalidUTF8Error) Error() string { return "json: invalid UTF-8 in string: " + strconv.Quote(e.S) } +// A MarshalerError represents an error from calling a MarshalJSON or MarshalText method. type MarshalerError struct { Type reflect.Type Err error diff --git a/libgo/go/flag/flag.go b/libgo/go/flag/flag.go index 2eef9d6..c312c62 100644 --- a/libgo/go/flag/flag.go +++ b/libgo/go/flag/flag.go @@ -548,6 +548,8 @@ func (f *FlagSet) PrintDefaults() { // the output will be // -I directory // search directory for include files. +// +// To change the destination for flag messages, call CommandLine.SetOutput. func PrintDefaults() { CommandLine.PrintDefaults() } diff --git a/libgo/go/math/big/ratconv.go b/libgo/go/math/big/ratconv.go index 157d8d0..5656280 100644 --- a/libgo/go/math/big/ratconv.go +++ b/libgo/go/math/big/ratconv.go @@ -38,8 +38,8 @@ func (z *Rat) Scan(s fmt.ScanState, ch rune) error { } // SetString sets z to the value of s and returns z and a boolean indicating -// success. s can be given as a fraction "a/b" or as a floating-point number -// optionally followed by an exponent. The entire string (not just a prefix) +// success. s can be given as a fraction "a/b" or as a decimal floating-point +// number optionally followed by an exponent. The entire string (not just a prefix) // must be valid for success. If the operation failed, the value of z is // undefined but the returned value is nil. func (z *Rat) SetString(s string) (*Rat, bool) { @@ -78,6 +78,7 @@ func (z *Rat) SetString(s string) (*Rat, bool) { } // mantissa + // TODO(gri) allow other bases besides 10 for mantissa and exponent? (issue #29799) var ecorr int z.a.abs, _, ecorr, err = z.a.abs.scan(r, 10, true) if err != nil { diff --git a/libgo/go/net/http/client.go b/libgo/go/net/http/client.go index ea6c0719..921f86b 100644 --- a/libgo/go/net/http/client.go +++ b/libgo/go/net/http/client.go @@ -478,10 +478,10 @@ func urlErrorOp(method string) string { // error. // // If the returned error is nil, the Response will contain a non-nil -// Body which the user is expected to close. If the Body is not -// closed, the Client's underlying RoundTripper (typically Transport) -// may not be able to re-use a persistent TCP connection to the server -// for a subsequent "keep-alive" request. +// Body which the user is expected to close. If the Body is not both +// read to EOF and closed, the Client's underlying RoundTripper +// (typically Transport) may not be able to re-use a persistent TCP +// connection to the server for a subsequent "keep-alive" request. // // The request Body, if non-nil, will be closed by the underlying // Transport, even on errors. diff --git a/libgo/go/net/http/fs_test.go b/libgo/go/net/http/fs_test.go index 1d6380d..82e13a4 100644 --- a/libgo/go/net/http/fs_test.go +++ b/libgo/go/net/http/fs_test.go @@ -583,16 +583,23 @@ func TestFileServerZeroByte(t *testing.T) { ts := httptest.NewServer(FileServer(Dir("."))) defer ts.Close() - res, err := Get(ts.URL + "/..\x00") + c, err := net.Dial("tcp", ts.Listener.Addr().String()) if err != nil { t.Fatal(err) } - b, err := ioutil.ReadAll(res.Body) + defer c.Close() + _, err = fmt.Fprintf(c, "GET /..\x00 HTTP/1.0\r\n\r\n") + if err != nil { + t.Fatal(err) + } + var got bytes.Buffer + bufr := bufio.NewReader(io.TeeReader(c, &got)) + res, err := ReadResponse(bufr, nil) if err != nil { - t.Fatal("reading Body:", err) + t.Fatal("ReadResponse: ", err) } if res.StatusCode == 200 { - t.Errorf("got status 200; want an error. Body is:\n%s", string(b)) + t.Errorf("got status 200; want an error. Body is:\n%s", got.Bytes()) } } diff --git a/libgo/go/net/http/h2_bundle.go b/libgo/go/net/http/h2_bundle.go index 77c7eee..a848d68 100644 --- a/libgo/go/net/http/h2_bundle.go +++ b/libgo/go/net/http/h2_bundle.go @@ -4852,7 +4852,7 @@ func (sc *http2serverConn) resetStream(se http2StreamError) { // processFrameFromReader processes the serve loop's read from readFrameCh from the // frame-reading goroutine. -// processFrameFromReader reports whether the connection should be kept open. +// processFrameFromReader returns whether the connection should be kept open. func (sc *http2serverConn) processFrameFromReader(res http2readFrameResult) bool { sc.serveG.check() err := res.err @@ -5157,12 +5157,6 @@ func (sc *http2serverConn) processData(f *http2DataFrame) error { // type PROTOCOL_ERROR." return http2ConnectionError(http2ErrCodeProtocol) } - // RFC 7540, sec 6.1: If a DATA frame is received whose stream is not in - // "open" or "half-closed (local)" state, the recipient MUST respond with a - // stream error (Section 5.4.2) of type STREAM_CLOSED. - if state == http2stateClosed { - return http2streamError(id, http2ErrCodeStreamClosed) - } if st == nil || state != http2stateOpen || st.gotTrailerHeader || st.resetQueued { // This includes sending a RST_STREAM if the stream is // in stateHalfClosedLocal (which currently means that diff --git a/libgo/go/net/http/http.go b/libgo/go/net/http/http.go index 624b2cf..e5d59e1 100644 --- a/libgo/go/net/http/http.go +++ b/libgo/go/net/http/http.go @@ -59,6 +59,17 @@ func isASCII(s string) bool { return true } +// stringContainsCTLByte reports whether s contains any ASCII control character. +func stringContainsCTLByte(s string) bool { + for i := 0; i < len(s); i++ { + b := s[i] + if b < ' ' || b == 0x7f { + return true + } + } + return false +} + func hexEscapeNonASCII(s string) string { newLen := 0 for i := 0; i < len(s); i++ { diff --git a/libgo/go/net/http/request.go b/libgo/go/net/http/request.go index fb058f9..dcad2b6 100644 --- a/libgo/go/net/http/request.go +++ b/libgo/go/net/http/request.go @@ -550,7 +550,12 @@ func (r *Request) write(w io.Writer, usingProxy bool, extraHeaders Header, waitF ruri = r.URL.Opaque } } - // TODO(bradfitz): escape at least newlines in ruri? + if stringContainsCTLByte(ruri) { + return errors.New("net/http: can't write control character in Request.URL") + } + // TODO: validate r.Method too? At least it's less likely to + // come from an attacker (more likely to be a constant in + // code). // Wrap the writer in a bufio Writer if it's not already buffered. // Don't always call NewWriter, as that forces a bytes.Buffer diff --git a/libgo/go/net/http/requestwrite_test.go b/libgo/go/net/http/requestwrite_test.go index 7dbf0d4..b110b57 100644 --- a/libgo/go/net/http/requestwrite_test.go +++ b/libgo/go/net/http/requestwrite_test.go @@ -576,6 +576,17 @@ var reqWriteTests = []reqWriteTest{ "User-Agent: Go-http-client/1.1\r\n" + "X-Foo: X-Bar\r\n\r\n", }, + + 25: { + Req: Request{ + Method: "GET", + URL: &url.URL{ + Host: "www.example.com", + RawQuery: "new\nline", // or any CTL + }, + }, + WantError: errors.New("net/http: can't write control character in Request.URL"), + }, } func TestRequestWrite(t *testing.T) { diff --git a/libgo/go/net/lookup_test.go b/libgo/go/net/lookup_test.go index 1da0e49..85bcb2b 100644 --- a/libgo/go/net/lookup_test.go +++ b/libgo/go/net/lookup_test.go @@ -207,6 +207,9 @@ var lookupGmailTXTTests = []struct { } func TestLookupGmailTXT(t *testing.T) { + if runtime.GOOS == "plan9" { + t.Skip("skipping on plan9; see https://golang.org/issue/29722") + } t.Parallel() mustHaveExternalNetwork(t) @@ -237,11 +240,16 @@ func TestLookupGmailTXT(t *testing.T) { if len(txts) == 0 { t.Error("got no record") } + found := false for _, txt := range txts { - if !strings.Contains(txt, tt.txt) || (!strings.HasSuffix(txt, tt.host) && !strings.HasSuffix(txt, tt.host+".")) { - t.Errorf("got %s; want a record containing %s, %s", txt, tt.txt, tt.host) + if strings.Contains(txt, tt.txt) && (strings.HasSuffix(txt, tt.host) || strings.HasSuffix(txt, tt.host+".")) { + found = true + break } } + if !found { + t.Errorf("got %v; want a record containing %s, %s", txts, tt.txt, tt.host) + } } } diff --git a/libgo/go/net/net_test.go b/libgo/go/net/net_test.go index 692f269..2b5845b 100644 --- a/libgo/go/net/net_test.go +++ b/libgo/go/net/net_test.go @@ -529,7 +529,7 @@ func TestNotTemporaryRead(t *testing.T) { server := func(cs *TCPConn) error { cs.SetLinger(0) // Give the client time to get stuck in a Read. - time.Sleep(20 * time.Millisecond) + time.Sleep(50 * time.Millisecond) cs.Close() return nil } diff --git a/libgo/go/net/url/url.go b/libgo/go/net/url/url.go index d84c95a..64274a0 100644 --- a/libgo/go/net/url/url.go +++ b/libgo/go/net/url/url.go @@ -513,6 +513,10 @@ func parse(rawurl string, viaRequest bool) (*URL, error) { var rest string var err error + if stringContainsCTLByte(rawurl) { + return nil, errors.New("net/url: invalid control character in URL") + } + if rawurl == "" && viaRequest { return nil, errors.New("empty url") } @@ -1134,3 +1138,14 @@ func validUserinfo(s string) bool { } return true } + +// stringContainsCTLByte reports whether s contains any ASCII control character. +func stringContainsCTLByte(s string) bool { + for i := 0; i < len(s); i++ { + b := s[i] + if b < ' ' || b == 0x7f { + return true + } + } + return false +} diff --git a/libgo/go/net/url/url_test.go b/libgo/go/net/url/url_test.go index 7c4ada2..c5fc90d 100644 --- a/libgo/go/net/url/url_test.go +++ b/libgo/go/net/url/url_test.go @@ -1738,12 +1738,33 @@ func TestNilUser(t *testing.T) { } func TestInvalidUserPassword(t *testing.T) { - _, err := Parse("http://us\ner:pass\nword@foo.com/") + _, err := Parse("http://user^:passwo^rd@foo.com/") if got, wantsub := fmt.Sprint(err), "net/url: invalid userinfo"; !strings.Contains(got, wantsub) { t.Errorf("error = %q; want substring %q", got, wantsub) } } +func TestRejectControlCharacters(t *testing.T) { + tests := []string{ + "http://foo.com/?foo\nbar", + "http\r://foo.com/", + "http://foo\x7f.com/", + } + for _, s := range tests { + _, err := Parse(s) + const wantSub = "net/url: invalid control character in URL" + if got := fmt.Sprint(err); !strings.Contains(got, wantSub) { + t.Errorf("Parse(%q) error = %q; want substring %q", s, got, wantSub) + } + } + + // But don't reject non-ASCII CTLs, at least for now: + if _, err := Parse("http://foo.com/ctl\x80"); err != nil { + t.Errorf("error parsing URL with non-ASCII control byte: %v", err) + } + +} + var escapeBenchmarks = []struct { unescaped string query string diff --git a/libgo/go/os/file_unix.go b/libgo/go/os/file_unix.go index 5f7ab30..912ba5a 100644 --- a/libgo/go/os/file_unix.go +++ b/libgo/go/os/file_unix.go @@ -192,6 +192,7 @@ func epipecheck(file *File, e error) { const DevNull = "/dev/null" // openFileNolog is the Unix implementation of OpenFile. +// Changes here should be reflected in openFdAt, if relevant. func openFileNolog(name string, flag int, perm FileMode) (*File, error) { setSticky := false if !supportsCreateWithStickyBit && flag&O_CREATE != 0 && perm&ModeSticky != 0 { diff --git a/libgo/go/os/path.go b/libgo/go/os/path.go index 30cc6c8..104b7ce 100644 --- a/libgo/go/os/path.go +++ b/libgo/go/os/path.go @@ -58,6 +58,14 @@ func MkdirAll(path string, perm FileMode) error { return nil } +// RemoveAll removes path and any children it contains. +// It removes everything it can but returns the first error +// it encounters. If the path does not exist, RemoveAll +// returns nil (no error). +func RemoveAll(path string) error { + return removeAll(path) +} + // endsWithDot reports whether the final component of path is ".". func endsWithDot(path string) bool { if path == "." { diff --git a/libgo/go/os/removeall_at.go b/libgo/go/os/removeall_at.go index 5128de7..d1210ee 100644 --- a/libgo/go/os/removeall_at.go +++ b/libgo/go/os/removeall_at.go @@ -9,10 +9,11 @@ package os import ( "internal/syscall/unix" "io" + "runtime" "syscall" ) -func RemoveAll(path string) error { +func removeAll(path string) error { if path == "" { // fail silently to retain compatibility with previous behavior // of RemoveAll. See issue 28830. @@ -56,8 +57,13 @@ func removeAllFrom(parent *File, path string) error { return nil } - // If not a "is directory" error, we have a problem - if err != syscall.EISDIR && err != syscall.EPERM { + // EISDIR means that we have a directory, and we need to + // remove its contents. + // EPERM or EACCES means that we don't have write permission on + // the parent directory, but this entry might still be a directory + // whose contents need to be removed. + // Otherwise just return the error. + if err != syscall.EISDIR && err != syscall.EPERM && err != syscall.EACCES { return err } @@ -68,11 +74,11 @@ func removeAllFrom(parent *File, path string) error { return statErr } if statInfo.Mode&syscall.S_IFMT != syscall.S_IFDIR { - // Not a directory; return the error from the Remove + // Not a directory; return the error from the Remove. return err } - // Remove the directory's entries + // Remove the directory's entries. var recurseErr error for { const request = 1024 @@ -87,7 +93,7 @@ func removeAllFrom(parent *File, path string) error { } names, readErr := file.Readdirnames(request) - // Errors other than EOF should stop us from continuing + // Errors other than EOF should stop us from continuing. if readErr != nil && readErr != io.EOF { file.Close() if IsNotExist(readErr) { @@ -116,7 +122,7 @@ func removeAllFrom(parent *File, path string) error { } } - // Remove the directory itself + // Remove the directory itself. unlinkError := unix.Unlinkat(parentFd, path, unix.AT_REMOVEDIR) if unlinkError == nil || IsNotExist(unlinkError) { return nil @@ -128,11 +134,31 @@ func removeAllFrom(parent *File, path string) error { return unlinkError } -func openFdAt(fd int, path string) (*File, error) { - fd, err := unix.Openat(fd, path, O_RDONLY, 0) - if err != nil { - return nil, err +// openFdAt opens path relative to the directory in fd. +// Other than that this should act like openFileNolog. +// This acts like openFileNolog rather than OpenFile because +// we are going to (try to) remove the file. +// The contents of this file are not relevant for test caching. +func openFdAt(dirfd int, name string) (*File, error) { + var r int + for { + var e error + r, e = unix.Openat(dirfd, name, O_RDONLY, 0) + if e == nil { + break + } + + // See comment in openFileNolog. + if runtime.GOOS == "darwin" && e == syscall.EINTR { + continue + } + + return nil, &PathError{"openat", name, e} + } + + if !supportsCloseOnExec { + syscall.CloseOnExec(r) } - return NewFile(uintptr(fd), path), nil + return newFile(uintptr(r), name, kindOpenFile), nil } diff --git a/libgo/go/os/removeall_noat.go b/libgo/go/os/removeall_noat.go index 47fff42..7d9f73e 100644 --- a/libgo/go/os/removeall_noat.go +++ b/libgo/go/os/removeall_noat.go @@ -11,11 +11,7 @@ import ( "syscall" ) -// RemoveAll removes path and any children it contains. -// It removes everything it can but returns the first error -// it encounters. If the path does not exist, RemoveAll -// returns nil (no error). -func RemoveAll(path string) error { +func removeAll(path string) error { if path == "" { // fail silently to retain compatibility with previous behavior // of RemoveAll. See issue 28830. diff --git a/libgo/go/os/removeall_test.go b/libgo/go/os/removeall_test.go index 0f7dce0..9dab0d4 100644 --- a/libgo/go/os/removeall_test.go +++ b/libgo/go/os/removeall_test.go @@ -292,3 +292,83 @@ func TestRemoveReadOnlyDir(t *testing.T) { t.Error("subdirectory was not removed") } } + +// Issue #29983. +func TestRemoveAllButReadOnly(t *testing.T) { + switch runtime.GOOS { + case "nacl", "js", "windows": + t.Skipf("skipping test on %s", runtime.GOOS) + } + + if Getuid() == 0 { + t.Skip("skipping test when running as root") + } + + t.Parallel() + + tempDir, err := ioutil.TempDir("", "TestRemoveAllButReadOnly-") + if err != nil { + t.Fatal(err) + } + defer RemoveAll(tempDir) + + dirs := []string{ + "a", + "a/x", + "a/x/1", + "b", + "b/y", + "b/y/2", + "c", + "c/z", + "c/z/3", + } + readonly := []string{ + "b", + } + inReadonly := func(d string) bool { + for _, ro := range readonly { + if d == ro { + return true + } + dd, _ := filepath.Split(d) + if filepath.Clean(dd) == ro { + return true + } + } + return false + } + + for _, dir := range dirs { + if err := Mkdir(filepath.Join(tempDir, dir), 0777); err != nil { + t.Fatal(err) + } + } + for _, dir := range readonly { + d := filepath.Join(tempDir, dir) + if err := Chmod(d, 0555); err != nil { + t.Fatal(err) + } + + // Defer changing the mode back so that the deferred + // RemoveAll(tempDir) can succeed. + defer Chmod(d, 0777) + } + + if err := RemoveAll(tempDir); err == nil { + t.Fatal("RemoveAll succeeded unexpectedly") + } + + for _, dir := range dirs { + _, err := Stat(filepath.Join(tempDir, dir)) + if inReadonly(dir) { + if err != nil { + t.Errorf("file %q was deleted but should still exist", dir) + } + } else { + if err == nil { + t.Errorf("file %q still exists but should have been deleted", dir) + } + } + } +} diff --git a/libgo/go/path/filepath/path_test.go b/libgo/go/path/filepath/path_test.go index 4840f9d..deeb47e 100644 --- a/libgo/go/path/filepath/path_test.go +++ b/libgo/go/path/filepath/path_test.go @@ -1378,13 +1378,27 @@ func TestWalkSymlink(t *testing.T) { } func TestIssue29372(t *testing.T) { - f, err := ioutil.TempFile("", "issue29372") + tmpDir, err := ioutil.TempDir("", "TestIssue29372") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(tmpDir) + + if runtime.GOOS == "windows" { + // This test is broken on windows, if temporary directory + // is a symlink. See issue 29746. + // TODO(brainman): Remove this hack once issue #29746 is fixed. + tmpDir, err = filepath.EvalSymlinks(tmpDir) + if err != nil { + t.Fatal(err) + } + } + + path := filepath.Join(tmpDir, "file.txt") + err = ioutil.WriteFile(path, nil, 0644) if err != nil { t.Fatal(err) } - f.Close() - path := f.Name() - defer os.Remove(path) pathSeparator := string(filepath.Separator) tests := []string{ diff --git a/libgo/go/runtime/malloc.go b/libgo/go/runtime/malloc.go index 36417fb..d2d86995 100644 --- a/libgo/go/runtime/malloc.go +++ b/libgo/go/runtime/malloc.go @@ -1029,7 +1029,7 @@ func mallocgc(size uintptr, typ *_type, needzero bool) unsafe.Pointer { } if rate := MemProfileRate; rate > 0 { - if size < uintptr(rate) && int32(size) < c.next_sample { + if rate != 1 && int32(size) < c.next_sample { c.next_sample -= int32(size) } else { mp := acquirem() diff --git a/libgo/go/runtime/mheap.go b/libgo/go/runtime/mheap.go index 7139b0e..2332a2e 100644 --- a/libgo/go/runtime/mheap.go +++ b/libgo/go/runtime/mheap.go @@ -107,6 +107,14 @@ type mheap struct { // This is accessed atomically. reclaimCredit uintptr + // scavengeCredit is spare credit for extra bytes scavenged. + // Since the scavenging mechanisms operate on spans, it may + // scavenge more than requested. Any spare pages released + // go to this credit pool. + // + // This is protected by the mheap lock. + scavengeCredit uintptr + // Malloc stats. largealloc uint64 // bytes allocated for large objects nlargealloc uint64 // number of large object allocations @@ -165,7 +173,7 @@ type mheap struct { // simply blocking GC (by disabling preemption). sweepArenas []arenaIdx - _ uint32 // ensure 64-bit alignment of central + // _ uint32 // ensure 64-bit alignment of central // central free lists for small size classes. // the padding makes sure that the mcentrals are @@ -419,6 +427,115 @@ func (s *mspan) physPageBounds() (uintptr, uintptr) { return start, end } +func (h *mheap) coalesce(s *mspan) { + // We scavenge s at the end after coalescing if s or anything + // it merged with is marked scavenged. + needsScavenge := false + prescavenged := s.released() // number of bytes already scavenged. + + // merge is a helper which merges other into s, deletes references to other + // in heap metadata, and then discards it. other must be adjacent to s. + merge := func(other *mspan) { + // Adjust s via base and npages and also in heap metadata. + s.npages += other.npages + s.needzero |= other.needzero + if other.startAddr < s.startAddr { + s.startAddr = other.startAddr + h.setSpan(s.base(), s) + } else { + h.setSpan(s.base()+s.npages*pageSize-1, s) + } + + // If before or s are scavenged, then we need to scavenge the final coalesced span. + needsScavenge = needsScavenge || other.scavenged || s.scavenged + prescavenged += other.released() + + // The size is potentially changing so the treap needs to delete adjacent nodes and + // insert back as a combined node. + if other.scavenged { + h.scav.removeSpan(other) + } else { + h.free.removeSpan(other) + } + other.state = mSpanDead + h.spanalloc.free(unsafe.Pointer(other)) + } + + // realign is a helper which shrinks other and grows s such that their + // boundary is on a physical page boundary. + realign := func(a, b, other *mspan) { + // Caller must ensure a.startAddr < b.startAddr and that either a or + // b is s. a and b must be adjacent. other is whichever of the two is + // not s. + + // If pageSize <= physPageSize then spans are always aligned + // to physical page boundaries, so just exit. + if pageSize <= physPageSize { + return + } + // Since we're resizing other, we must remove it from the treap. + if other.scavenged { + h.scav.removeSpan(other) + } else { + h.free.removeSpan(other) + } + // Round boundary to the nearest physical page size, toward the + // scavenged span. + boundary := b.startAddr + if a.scavenged { + boundary &^= (physPageSize - 1) + } else { + boundary = (boundary + physPageSize - 1) &^ (physPageSize - 1) + } + a.npages = (boundary - a.startAddr) / pageSize + b.npages = (b.startAddr + b.npages*pageSize - boundary) / pageSize + b.startAddr = boundary + + h.setSpan(boundary-1, a) + h.setSpan(boundary, b) + + // Re-insert other now that it has a new size. + if other.scavenged { + h.scav.insert(other) + } else { + h.free.insert(other) + } + } + + // Coalesce with earlier, later spans. + if before := spanOf(s.base() - 1); before != nil && before.state == mSpanFree { + if s.scavenged == before.scavenged { + merge(before) + } else { + realign(before, s, before) + } + } + + // Now check to see if next (greater addresses) span is free and can be coalesced. + if after := spanOf(s.base() + s.npages*pageSize); after != nil && after.state == mSpanFree { + if s.scavenged == after.scavenged { + merge(after) + } else { + realign(s, after, after) + } + } + + if needsScavenge { + // When coalescing spans, some physical pages which + // were not returned to the OS previously because + // they were only partially covered by the span suddenly + // become available for scavenging. We want to make sure + // those holes are filled in, and the span is properly + // scavenged. Rather than trying to detect those holes + // directly, we collect how many bytes were already + // scavenged above and subtract that from heap_released + // before re-scavenging the entire newly-coalesced span, + // which will implicitly bump up heap_released. + memstats.heap_released -= uint64(prescavenged) + s.scavenge() + } +} + func (s *mspan) scavenge() uintptr { // start and end must be rounded in, otherwise madvise // will round them *out* and release more memory @@ -1081,6 +1198,16 @@ HaveSpan: // heap_released since we already did so earlier. sysUsed(unsafe.Pointer(s.base()), s.npages<<_PageShift) s.scavenged = false + + // Since we allocated out of a scavenged span, we just + // grew the RSS. Mitigate this by scavenging enough free + // space to make up for it. + // + // Also, scavengeLargest may cause coalescing, so prevent + // coalescing with s by temporarily changing its state. + s.state = mSpanManual + h.scavengeLargest(s.npages * pageSize) + s.state = mSpanFree } s.unusedsince = 0 @@ -1215,62 +1342,8 @@ func (h *mheap) freeSpanLocked(s *mspan, acctinuse, acctidle bool, unusedsince i s.unusedsince = nanotime() } - // We scavenge s at the end after coalescing if s or anything - // it merged with is marked scavenged. - needsScavenge := false - prescavenged := s.released() // number of bytes already scavenged. - - // Coalesce with earlier, later spans. - if before := spanOf(s.base() - 1); before != nil && before.state == mSpanFree { - // Now adjust s. - s.startAddr = before.startAddr - s.npages += before.npages - s.needzero |= before.needzero - h.setSpan(before.base(), s) - // If before or s are scavenged, then we need to scavenge the final coalesced span. - needsScavenge = needsScavenge || before.scavenged || s.scavenged - prescavenged += before.released() - // The size is potentially changing so the treap needs to delete adjacent nodes and - // insert back as a combined node. - if before.scavenged { - h.scav.removeSpan(before) - } else { - h.free.removeSpan(before) - } - before.state = mSpanDead - h.spanalloc.free(unsafe.Pointer(before)) - } - - // Now check to see if next (greater addresses) span is free and can be coalesced. - if after := spanOf(s.base() + s.npages*pageSize); after != nil && after.state == mSpanFree { - s.npages += after.npages - s.needzero |= after.needzero - h.setSpan(s.base()+s.npages*pageSize-1, s) - needsScavenge = needsScavenge || after.scavenged || s.scavenged - prescavenged += after.released() - if after.scavenged { - h.scav.removeSpan(after) - } else { - h.free.removeSpan(after) - } - after.state = mSpanDead - h.spanalloc.free(unsafe.Pointer(after)) - } - - if needsScavenge { - // When coalescing spans, some physical pages which - // were not returned to the OS previously because - // they were only partially covered by the span suddenly - // become available for scavenging. We want to make sure - // those holes are filled in, and the span is properly - // scavenged. Rather than trying to detect those holes - // directly, we collect how many bytes were already - // scavenged above and subtract that from heap_released - // before re-scavenging the entire newly-coalesced span, - // which will implicitly bump up heap_released. - memstats.heap_released -= uint64(prescavenged) - s.scavenge() - } + // Coalesce span with neighbors. + h.coalesce(s) // Insert s into the appropriate treap. if s.scavenged { @@ -1284,6 +1357,14 @@ func (h *mheap) freeSpanLocked(s *mspan, acctinuse, acctidle bool, unusedsince i // starting from the largest span and working down. It then takes those spans // and places them in scav. h must be locked. func (h *mheap) scavengeLargest(nbytes uintptr) { + // Use up scavenge credit if there's any available. + if nbytes > h.scavengeCredit { + nbytes -= h.scavengeCredit + h.scavengeCredit = 0 + } else { + h.scavengeCredit -= nbytes + return + } // Iterate over the treap backwards (from largest to smallest) scavenging spans // until we've reached our quota of nbytes. released := uintptr(0) @@ -1304,10 +1385,18 @@ func (h *mheap) scavengeLargest(nbytes uintptr) { } n := t.prev() h.free.erase(t) + // Now that s is scavenged, we must eagerly coalesce it + // with its neighbors to prevent having two spans with + // the same scavenged state adjacent to each other. + h.coalesce(s) t = n h.scav.insert(s) released += r } + // If we over-scavenged, turn that extra amount into credit. + if released > nbytes { + h.scavengeCredit += released - nbytes + } } // scavengeAll visits each node in the unscav treap and scavenges the @@ -1323,6 +1412,10 @@ func (h *mheap) scavengeAll(now, limit uint64) uintptr { r := s.scavenge() if r != 0 { h.free.erase(t) + // Now that s is scavenged, we must eagerly coalesce it + // with its neighbors to prevent having two spans with + // the same scavenged state adjacent to each other. + h.coalesce(s) h.scav.insert(s) released += r } diff --git a/libgo/go/runtime/testdata/testprog/memprof.go b/libgo/go/runtime/testdata/testprog/memprof.go index a22fee6..7b134bc 100644 --- a/libgo/go/runtime/testdata/testprog/memprof.go +++ b/libgo/go/runtime/testdata/testprog/memprof.go @@ -21,7 +21,10 @@ var memProfBuf bytes.Buffer var memProfStr string func MemProf() { - for i := 0; i < 1000; i++ { + // Force heap sampling for determinism. + runtime.MemProfileRate = 1 + + for i := 0; i < 10; i++ { fmt.Fprintf(&memProfBuf, "%*d\n", i, i) } memProfStr = memProfBuf.String() diff --git a/libgo/go/sort/sort.go b/libgo/go/sort/sort.go index 7282b26..dd5bb37 100644 --- a/libgo/go/sort/sort.go +++ b/libgo/go/sort/sort.go @@ -131,7 +131,7 @@ func doPivot(data Interface, lo, hi int) (midlo, midhi int) { c-- } // If hi-c<3 then there are duplicates (by property of median of nine). - // Let be a bit more conservative, and set border to 5. + // Let's be a bit more conservative, and set border to 5. protect := hi-c < 5 if !protect && hi-c < (hi-lo)/4 { // Lets test some points for equality to pivot diff --git a/libgo/go/sync/atomic/doc.go b/libgo/go/sync/atomic/doc.go index 7c007d7..108b76b 100644 --- a/libgo/go/sync/atomic/doc.go +++ b/libgo/go/sync/atomic/doc.go @@ -47,7 +47,8 @@ import ( // // On non-Linux ARM, the 64-bit functions use instructions unavailable before the ARMv6k core. // -// On both ARM and x86-32, it is the caller's responsibility to arrange for 64-bit +// On ARM, x86-32, and 32-bit MIPS, +// it is the caller's responsibility to arrange for 64-bit // alignment of 64-bit words accessed atomically. The first word in a // variable or in an allocated struct, array, or slice can be relied upon to be // 64-bit aligned. diff --git a/libgo/go/testing/sub_test.go b/libgo/go/testing/sub_test.go index 8c98971..5a6d51b 100644 --- a/libgo/go/testing/sub_test.go +++ b/libgo/go/testing/sub_test.go @@ -706,6 +706,55 @@ func TestRacyOutput(t *T) { } } +// The late log message did not include the test name. Issue 29388. +func TestLogAfterComplete(t *T) { + ctx := newTestContext(1, newMatcher(regexp.MatchString, "", "")) + var buf bytes.Buffer + t1 := &T{ + common: common{ + // Use a buffered channel so that tRunner can write + // to it although nothing is reading from it. + signal: make(chan bool, 1), + w: &buf, + }, + context: ctx, + } + + c1 := make(chan bool) + c2 := make(chan string) + tRunner(t1, func(t *T) { + t.Run("TestLateLog", func(t *T) { + go func() { + defer close(c2) + defer func() { + p := recover() + if p == nil { + c2 <- "subtest did not panic" + return + } + s, ok := p.(string) + if !ok { + c2 <- fmt.Sprintf("subtest panic with unexpected value %v", p) + return + } + const want = "Log in goroutine after TestLateLog has completed" + if !strings.Contains(s, want) { + c2 <- fmt.Sprintf("subtest panic %q does not contain %q", s, want) + } + }() + + <-c1 + t.Log("log after test") + }() + }) + }) + close(c1) + + if s := <-c2; s != "" { + t.Error(s) + } +} + func TestBenchmark(t *T) { res := Benchmark(func(b *B) { for i := 0; i < 5; i++ { diff --git a/libgo/go/testing/testing.go b/libgo/go/testing/testing.go index 0ac51b6..3068630 100644 --- a/libgo/go/testing/testing.go +++ b/libgo/go/testing/testing.go @@ -618,17 +618,20 @@ func (c *common) log(s string) { func (c *common) logDepth(s string, depth int) { c.mu.Lock() defer c.mu.Unlock() - // If this test has already finished try and log this message with our parent - // with this test name tagged so we know where it came from. - // If we don't have a parent panic. - if c.done { - if c.parent != nil { - c.parent.logDepth(s, depth+1) - } else { - panic("Log in goroutine after " + c.name + " has completed") - } - } else { + if !c.done { c.output = append(c.output, c.decorate(s, depth+1)...) + } else { + // This test has already finished. Try and log this message + // with our parent. If we don't have a parent, panic. + for parent := c.parent; parent != nil; parent = parent.parent { + parent.mu.Lock() + defer parent.mu.Unlock() + if !parent.done { + parent.output = append(parent.output, parent.decorate(s, depth+1)...) + return + } + } + panic("Log in goroutine after " + c.name + " has completed") } } diff --git a/libgo/misc/cgo/test/cgo_test.go b/libgo/misc/cgo/test/cgo_test.go index 242ba6c..2cb93d9 100644 --- a/libgo/misc/cgo/test/cgo_test.go +++ b/libgo/misc/cgo/test/cgo_test.go @@ -94,6 +94,7 @@ func Test26066(t *testing.T) { test26066(t) } func Test26213(t *testing.T) { test26213(t) } func Test27660(t *testing.T) { test27660(t) } func Test28896(t *testing.T) { test28896(t) } +func Test30065(t *testing.T) { test30065(t) } func BenchmarkCgoCall(b *testing.B) { benchCgoCall(b) } func BenchmarkGoString(b *testing.B) { benchGoString(b) } diff --git a/libgo/misc/cgo/test/issue29748.go b/libgo/misc/cgo/test/issue29748.go new file mode 100644 index 0000000..8229b3b --- /dev/null +++ b/libgo/misc/cgo/test/issue29748.go @@ -0,0 +1,22 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Error handling a struct initializer that requires pointer checking. +// Compilation test only, nothing to run. + +package cgotest + +// typedef struct { char **p; } S29748; +// static int f29748(S29748 *p) { return 0; } +import "C" + +var Vissue29748 = C.f29748(&C.S29748{ + nil, +}) + +func Fissue299748() { + C.f29748(&C.S29748{ + nil, + }) +} diff --git a/libgo/misc/cgo/test/issue29781.go b/libgo/misc/cgo/test/issue29781.go new file mode 100644 index 0000000..0fd8c08 --- /dev/null +++ b/libgo/misc/cgo/test/issue29781.go @@ -0,0 +1,17 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Error with newline inserted into constant expression. +// Compilation test only, nothing to run. + +package cgotest + +// static void issue29781F(char **p, int n) {} +// #define ISSUE29781C 0 +import "C" + +func issue29781G() { + var p *C.char + C.issue29781F(&p, C.ISSUE29781C+1) +} diff --git a/libgo/misc/cgo/test/issue30065.go b/libgo/misc/cgo/test/issue30065.go new file mode 100644 index 0000000..396d437 --- /dev/null +++ b/libgo/misc/cgo/test/issue30065.go @@ -0,0 +1,38 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Don't make a private copy of an array when taking the address of an +// element. + +package cgotest + +// #include <string.h> +import "C" + +import ( + "testing" + "unsafe" +) + +func test30065(t *testing.T) { + var a [256]byte + b := []byte("a") + C.memcpy(unsafe.Pointer(&a), unsafe.Pointer(&b[0]), 1) + if a[0] != 'a' { + t.Errorf("&a failed: got %c, want %c", a[0], 'a') + } + + b = []byte("b") + C.memcpy(unsafe.Pointer(&a[0]), unsafe.Pointer(&b[0]), 1) + if a[0] != 'b' { + t.Errorf("&a[0] failed: got %c, want %c", a[0], 'b') + } + + d := make([]byte, 256) + b = []byte("c") + C.memcpy(unsafe.Pointer(&d[0]), unsafe.Pointer(&b[0]), 1) + if d[0] != 'c' { + t.Errorf("&d[0] failed: got %c, want %c", d[0], 'c') + } +} |