Conversation
This reverts commit 7383b2a4db5dc93c9b875b42d5add73d27cc4b9f
("crypto/internal/boring: upgrade module to fips-20220613") and commit
4106de901a8efe914cda6f6c4e8d45ff8c115da4 ("crypto/tls: align FIPS-only
mode with BoringSSL policy").
Fixes #65321
Updates #64717
Updates #62372
Change-Id: I0938b97e5b4904e6532448b8ae76e920d03d0508
Reviewed-on: https://go-review.googlesource.com/c/go/+/558796
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Change-Id: I77371ef99797e2b53f1292c9d6a4eb157f116f88 GitHub-Last-Rev: 7ce7d014c0c46b320f9e4b742ae9360d1b5cf4dc GitHub-Pull-Request: golang/go#65836 Reviewed-on: https://go-review.googlesource.com/c/go/+/565440 Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: qiulaidongfeng <2645477756@qq.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Carlos Amedee <carlos@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Partial typo corrections, following https://go.dev/wiki/Spelling Change-Id: I2357906ff2ea04305c6357418e4e9556e20375d1 Reviewed-on: https://go-review.googlesource.com/c/go/+/573776 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Than McIntosh <thanm@google.com> Run-TryBot: shuang cui <imcusg@gmail.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com>
Change-Id: I1df0685c75fc1044ba46003a69ecc7dfc53bbc2b Reviewed-on: https://go-review.googlesource.com/c/go/+/574675 Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Than McIntosh <thanm@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Ian Lance Taylor <iant@google.com>
These were harmless, but added unnecessary verbosity to the code. This can happen as a result of refactors: for example, the method sessionState used to return errors in some cases. Change-Id: I4e6dacc01ae6a49b528c672979f95cbb86795a85 Reviewed-on: https://go-review.googlesource.com/c/go/+/528995 Reviewed-by: Leo Isla <islaleo93@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: Olivier Mengué <olivier.mengue@gmail.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: qiulaidongfeng <2645477756@qq.com> Reviewed-by: Quim Muntal <quimmuntal@gmail.com>
Run the BoGo test suite. For now a number of tests are disabled, so that we can land the shim. Once the shim is in the tree I'll work on fixing tests, and aligning the TLS stack with the boringssl stack. Eventually we should also remove the --loose-errors flag. Fixes #51434 Change-Id: Ic8339fc34552936b798acf834011a129e375750e Reviewed-on: https://go-review.googlesource.com/c/go/+/486495 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com>
Only cache the wire representation for clientHelloMsg and serverHelloMsg during unmarshal, which are the only places we actually need to hold onto them. For everything else, remove the raw field. This appears to have zero performance impact: name old time/op new time/op delta CertCache/0-10 177µs ± 2% 189µs ±11% ~ (p=0.700 n=3+3) CertCache/1-10 184µs ± 3% 182µs ± 6% ~ (p=1.000 n=3+3) CertCache/2-10 187µs ±12% 187µs ± 2% ~ (p=1.000 n=3+3) CertCache/3-10 204µs ±21% 187µs ± 1% ~ (p=0.700 n=3+3) HandshakeServer/RSA-10 410µs ± 2% 410µs ± 3% ~ (p=1.000 n=3+3) HandshakeServer/ECDHE-P256-RSA/TLSv13-10 473µs ± 3% 460µs ± 2% ~ (p=0.200 n=3+3) HandshakeServer/ECDHE-P256-RSA/TLSv12-10 498µs ± 3% 489µs ± 2% ~ (p=0.700 n=3+3) HandshakeServer/ECDHE-P256-ECDSA-P256/TLSv13-10 140µs ± 5% 138µs ± 5% ~ (p=1.000 n=3+3) HandshakeServer/ECDHE-P256-ECDSA-P256/TLSv12-10 132µs ± 1% 133µs ± 2% ~ (p=0.400 n=3+3) HandshakeServer/ECDHE-X25519-ECDSA-P256/TLSv13-10 168µs ± 1% 171µs ± 4% ~ (p=1.000 n=3+3) HandshakeServer/ECDHE-X25519-ECDSA-P256/TLSv12-10 166µs ± 3% 163µs ± 0% ~ (p=0.700 n=3+3) HandshakeServer/ECDHE-P521-ECDSA-P521/TLSv13-10 1.87ms ± 2% 1.81ms ± 0% ~ (p=0.100 n=3+3) HandshakeServer/ECDHE-P521-ECDSA-P521/TLSv12-10 1.86ms ± 0% 1.86ms ± 1% ~ (p=1.000 n=3+3) Throughput/MaxPacket/1MB/TLSv12-10 6.79ms ± 3% 6.73ms ± 0% ~ (p=1.000 n=3+3) Throughput/MaxPacket/1MB/TLSv13-10 6.73ms ± 1% 6.75ms ± 0% ~ (p=0.700 n=3+3) Throughput/MaxPacket/2MB/TLSv12-10 12.8ms ± 2% 12.7ms ± 0% ~ (p=0.700 n=3+3) Throughput/MaxPacket/2MB/TLSv13-10 13.1ms ± 3% 12.8ms ± 1% ~ (p=0.400 n=3+3) Throughput/MaxPacket/4MB/TLSv12-10 24.9ms ± 2% 24.7ms ± 1% ~ (p=1.000 n=3+3) Throughput/MaxPacket/4MB/TLSv13-10 26.0ms ± 4% 24.9ms ± 1% ~ (p=0.100 n=3+3) Throughput/MaxPacket/8MB/TLSv12-10 50.0ms ± 3% 48.9ms ± 0% ~ (p=0.200 n=3+3) Throughput/MaxPacket/8MB/TLSv13-10 49.8ms ± 2% 49.3ms ± 1% ~ (p=0.400 n=3+3) Throughput/MaxPacket/16MB/TLSv12-10 97.3ms ± 1% 97.4ms ± 0% ~ (p=0.700 n=3+3) Throughput/MaxPacket/16MB/TLSv13-10 97.9ms ± 0% 97.9ms ± 1% ~ (p=1.000 n=3+3) Throughput/MaxPacket/32MB/TLSv12-10 195ms ± 0% 194ms ± 1% ~ (p=0.400 n=3+3) Throughput/MaxPacket/32MB/TLSv13-10 196ms ± 0% 196ms ± 1% ~ (p=0.700 n=3+3) Throughput/MaxPacket/64MB/TLSv12-10 405ms ± 3% 385ms ± 0% ~ (p=0.100 n=3+3) Throughput/MaxPacket/64MB/TLSv13-10 391ms ± 1% 388ms ± 1% ~ (p=0.200 n=3+3) Throughput/DynamicPacket/1MB/TLSv12-10 6.75ms ± 0% 6.75ms ± 1% ~ (p=0.700 n=3+3) Throughput/DynamicPacket/1MB/TLSv13-10 6.84ms ± 1% 6.77ms ± 0% ~ (p=0.100 n=3+3) Throughput/DynamicPacket/2MB/TLSv12-10 12.8ms ± 1% 12.8ms ± 1% ~ (p=0.400 n=3+3) Throughput/DynamicPacket/2MB/TLSv13-10 12.8ms ± 1% 13.0ms ± 1% ~ (p=0.200 n=3+3) Throughput/DynamicPacket/4MB/TLSv12-10 24.8ms ± 1% 24.8ms ± 0% ~ (p=1.000 n=3+3) Throughput/DynamicPacket/4MB/TLSv13-10 25.1ms ± 2% 25.1ms ± 1% ~ (p=1.000 n=3+3) Throughput/DynamicPacket/8MB/TLSv12-10 49.2ms ± 2% 48.9ms ± 0% ~ (p=0.700 n=3+3) Throughput/DynamicPacket/8MB/TLSv13-10 49.3ms ± 1% 49.4ms ± 1% ~ (p=0.700 n=3+3) Throughput/DynamicPacket/16MB/TLSv12-10 97.1ms ± 0% 98.0ms ± 1% ~ (p=0.200 n=3+3) Throughput/DynamicPacket/16MB/TLSv13-10 98.8ms ± 1% 98.4ms ± 1% ~ (p=0.700 n=3+3) Throughput/DynamicPacket/32MB/TLSv12-10 192ms ± 0% 198ms ± 5% ~ (p=0.100 n=3+3) Throughput/DynamicPacket/32MB/TLSv13-10 194ms ± 0% 196ms ± 1% ~ (p=0.400 n=3+3) Throughput/DynamicPacket/64MB/TLSv12-10 385ms ± 1% 384ms ± 0% ~ (p=0.700 n=3+3) Throughput/DynamicPacket/64MB/TLSv13-10 387ms ± 0% 388ms ± 0% ~ (p=0.400 n=3+3) Latency/MaxPacket/200kbps/TLSv12-10 694ms ± 0% 694ms ± 0% ~ (p=0.700 n=3+3) Latency/MaxPacket/200kbps/TLSv13-10 699ms ± 0% 699ms ± 0% ~ (p=0.700 n=3+3) Latency/MaxPacket/500kbps/TLSv12-10 278ms ± 0% 278ms ± 0% ~ (p=0.400 n=3+3) Latency/MaxPacket/500kbps/TLSv13-10 280ms ± 0% 280ms ± 0% ~ (p=1.000 n=3+3) Latency/MaxPacket/1000kbps/TLSv12-10 140ms ± 1% 140ms ± 0% ~ (p=0.700 n=3+3) Latency/MaxPacket/1000kbps/TLSv13-10 141ms ± 0% 141ms ± 0% ~ (p=1.000 n=3+3) Latency/MaxPacket/2000kbps/TLSv12-10 70.5ms ± 0% 70.4ms ± 0% ~ (p=0.700 n=3+3) Latency/MaxPacket/2000kbps/TLSv13-10 70.7ms ± 0% 70.7ms ± 0% ~ (p=0.700 n=3+3) Latency/MaxPacket/5000kbps/TLSv12-10 28.8ms ± 0% 28.8ms ± 0% ~ (p=0.700 n=3+3) Latency/MaxPacket/5000kbps/TLSv13-10 28.9ms ± 0% 28.9ms ± 0% ~ (p=0.700 n=3+3) Latency/DynamicPacket/200kbps/TLSv12-10 134ms ± 0% 134ms ± 0% ~ (p=0.700 n=3+3) Latency/DynamicPacket/200kbps/TLSv13-10 138ms ± 0% 138ms ± 0% ~ (p=1.000 n=3+3) Latency/DynamicPacket/500kbps/TLSv12-10 54.1ms ± 0% 54.1ms ± 0% ~ (p=1.000 n=3+3) Latency/DynamicPacket/500kbps/TLSv13-10 55.7ms ± 0% 55.7ms ± 0% ~ (p=0.100 n=3+3) Latency/DynamicPacket/1000kbps/TLSv12-10 27.6ms ± 0% 27.6ms ± 0% ~ (p=0.200 n=3+3) Latency/DynamicPacket/1000kbps/TLSv13-10 28.4ms ± 0% 28.4ms ± 0% ~ (p=0.200 n=3+3) Latency/DynamicPacket/2000kbps/TLSv12-10 14.4ms ± 0% 14.4ms ± 0% ~ (p=1.000 n=3+3) Latency/DynamicPacket/2000kbps/TLSv13-10 14.6ms ± 0% 14.6ms ± 0% ~ (p=1.000 n=3+3) Latency/DynamicPacket/5000kbps/TLSv12-10 6.44ms ± 0% 6.45ms ± 0% ~ (p=0.100 n=3+3) Latency/DynamicPacket/5000kbps/TLSv13-10 6.49ms ± 0% 6.49ms ± 0% ~ (p=0.700 n=3+3) name old speed new speed delta Throughput/MaxPacket/1MB/TLSv12-10 155MB/s ± 3% 156MB/s ± 0% ~ (p=1.000 n=3+3) Throughput/MaxPacket/1MB/TLSv13-10 156MB/s ± 1% 155MB/s ± 0% ~ (p=0.700 n=3+3) Throughput/MaxPacket/2MB/TLSv12-10 163MB/s ± 2% 165MB/s ± 0% ~ (p=0.700 n=3+3) Throughput/MaxPacket/2MB/TLSv13-10 160MB/s ± 3% 164MB/s ± 1% ~ (p=0.400 n=3+3) Throughput/MaxPacket/4MB/TLSv12-10 168MB/s ± 2% 170MB/s ± 1% ~ (p=1.000 n=3+3) Throughput/MaxPacket/4MB/TLSv13-10 162MB/s ± 4% 168MB/s ± 1% ~ (p=0.100 n=3+3) Throughput/MaxPacket/8MB/TLSv12-10 168MB/s ± 3% 172MB/s ± 0% ~ (p=0.200 n=3+3) Throughput/MaxPacket/8MB/TLSv13-10 168MB/s ± 2% 170MB/s ± 1% ~ (p=0.400 n=3+3) Throughput/MaxPacket/16MB/TLSv12-10 172MB/s ± 1% 172MB/s ± 0% ~ (p=0.700 n=3+3) Throughput/MaxPacket/16MB/TLSv13-10 171MB/s ± 0% 171MB/s ± 1% ~ (p=1.000 n=3+3) Throughput/MaxPacket/32MB/TLSv12-10 172MB/s ± 0% 173MB/s ± 1% ~ (p=0.400 n=3+3) Throughput/MaxPacket/32MB/TLSv13-10 171MB/s ± 0% 172MB/s ± 1% ~ (p=0.700 n=3+3) Throughput/MaxPacket/64MB/TLSv12-10 166MB/s ± 3% 174MB/s ± 0% ~ (p=0.100 n=3+3) Throughput/MaxPacket/64MB/TLSv13-10 171MB/s ± 1% 173MB/s ± 1% ~ (p=0.200 n=3+3) Throughput/DynamicPacket/1MB/TLSv12-10 155MB/s ± 0% 155MB/s ± 1% ~ (p=0.700 n=3+3) Throughput/DynamicPacket/1MB/TLSv13-10 153MB/s ± 1% 155MB/s ± 0% ~ (p=0.100 n=3+3) Throughput/DynamicPacket/2MB/TLSv12-10 164MB/s ± 1% 164MB/s ± 1% ~ (p=0.400 n=3+3) Throughput/DynamicPacket/2MB/TLSv13-10 163MB/s ± 1% 162MB/s ± 1% ~ (p=0.200 n=3+3) Throughput/DynamicPacket/4MB/TLSv12-10 169MB/s ± 1% 169MB/s ± 0% ~ (p=1.000 n=3+3) Throughput/DynamicPacket/4MB/TLSv13-10 167MB/s ± 1% 167MB/s ± 1% ~ (p=1.000 n=3+3) Throughput/DynamicPacket/8MB/TLSv12-10 170MB/s ± 2% 171MB/s ± 0% ~ (p=0.700 n=3+3) Throughput/DynamicPacket/8MB/TLSv13-10 170MB/s ± 1% 170MB/s ± 1% ~ (p=0.700 n=3+3) Throughput/DynamicPacket/16MB/TLSv12-10 173MB/s ± 0% 171MB/s ± 1% ~ (p=0.200 n=3+3) Throughput/DynamicPacket/16MB/TLSv13-10 170MB/s ± 1% 170MB/s ± 1% ~ (p=0.700 n=3+3) Throughput/DynamicPacket/32MB/TLSv12-10 175MB/s ± 0% 170MB/s ± 5% ~ (p=0.100 n=3+3) Throughput/DynamicPacket/32MB/TLSv13-10 173MB/s ± 0% 171MB/s ± 1% ~ (p=0.300 n=3+3) Throughput/DynamicPacket/64MB/TLSv12-10 174MB/s ± 1% 175MB/s ± 0% ~ (p=0.700 n=3+3) Throughput/DynamicPacket/64MB/TLSv13-10 174MB/s ± 0% 173MB/s ± 0% ~ (p=0.400 n=3+3) Change-Id: Ifa79cce002011850ed8b2835edd34f60e014eea8 Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest,gotip-linux-arm64-longtest Reviewed-on: https://go-review.googlesource.com/c/go/+/580215 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org>
Updates #66913 Change-Id: Ie6bb262ee95593d23a93ef06656a561a7b1006ba Reviewed-on: https://go-review.googlesource.com/c/go/+/581515 Auto-Submit: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Matloob <matloob@golang.org>
Updates #54097 Change-Id: I827a5efd1736ce057b76f079466f2d9ead225898 GitHub-Last-Rev: 40af10469d85ce9f4bef4b40025589d9e44f43d6 GitHub-Pull-Request: golang/go#67321 Reviewed-on: https://go-review.googlesource.com/c/go/+/585017 Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@google.com> Auto-Submit: Keith Randall <khr@golang.org> Commit-Queue: Ian Lance Taylor <iant@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
We haven't called tlsrsakex.Value() yet at this point if we're using FIPS, like if CipherSuites != nil. This adds needFIPS as a gate next to CipherSuites != nil. FIPS specifies suites that would be skipped if tlsarsakex were set. Fixes #65991 Change-Id: I8070d8f43f27c04067490af8cc7ec5e787f2b9bd Reviewed-on: https://go-review.googlesource.com/c/go/+/582315 Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> TryBot-Bypass: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
CL 585358 adds restrictions to disallow pull-only linknames (currently off by default). Currently, there are quite some pull- only linknames in user code in the wild. In order not to break those, we add push linknames to allow them to be pulled. This CL includes linknames found in a large code corpus (thanks Matthew Dempsky and Michael Pratt for the analysis!), that are not currently linknamed. Updates #67401. Change-Id: I32f5fc0c7a6abbd7a11359a025cfa2bf458fe767 Reviewed-on: https://go-review.googlesource.com/c/go/+/586137 Reviewed-by: Russ Cox <rsc@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
I initially thought the logic was broken, but writing the test I
realized it was actually very clever (derogative). It was relying on the
outer loop continuing after a supported match without a key share,
allowing a later key share to override it (but not a later supported
match because of the "if selectedGroup != 0 { continue }").
Replaced the clever loop with two hopefully more understandable loops,
and added a test (which was already passing).
We were however not checking that the selected group is in the supported
list if we found it in key shares first. (This was only a MAY.) Fixed.
Fixes #65686
Change-Id: I09ea44f90167ffa36809deb78255ed039a217b6d
Reviewed-on: https://go-review.googlesource.com/c/go/+/586655
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
IncNonDefault panics if Value was not called. That's too much DoS risk in crypto/tls, when the call to Value is distant from the call to IncNonDefault (see #65991). Value is cheap, though, so we can just call it before each isolated IncNonDefault. Change-Id: I6dbed345381e60e029b0a5ef2232e846aa089736 Reviewed-on: https://go-review.googlesource.com/c/go/+/586755 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Forced the testConfig CurvePreferences to exclude X25519Kyber768Draft00 to avoid bloating the transcripts, but I manually tested it and the tests all update and pass successfully, causing 7436 insertions(+), 3251 deletions(-). Fixes #67061 Change-Id: If6f13bca561835777ab0889a490487b7c2366c3c Reviewed-on: https://go-review.googlesource.com/c/go/+/586656 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Add synchronous management of stored sessions to QUICConn. This adds QUICStoreSession and QUICResumeSession events, permitting a QUIC implementation to handle session resumption as part of its regular event loop processing. Fixes #63691 Change-Id: I9fe16207cc1986eac084869675bc36e227cbf3f0 Reviewed-on: https://go-review.googlesource.com/c/go/+/536935 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Marten Seemann <martenseemann@gmail.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
Was this strictly necessary? No. Did this deserve its own CL? Maybe not. But I have a personal vendetta against NPN. Change-Id: Ide1ad1092259dc23e3ead5c1d5269fc5cb2793d7 Reviewed-on: https://go-review.googlesource.com/c/go/+/587275 Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fixes #66214 Change-Id: Iba8006a17fc7cd33c7485ab1a1ef8f56531c0ed1 Reviewed-on: https://go-review.googlesource.com/c/go/+/587295 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org>
Fixes #65265 Updates #60790 Change-Id: Iaa5f475d614d3ed87f091c93a3f888b7eb3433f2 Reviewed-on: https://go-review.googlesource.com/c/go/+/587296 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Derek Parker <parkerderek86@gmail.com>
This sets us up for ECH, which need compressible extensions to be contiguous. Put them at the end to make things easier for everyone. Change-Id: I2a51f76d5fcd1b6d82325f5a4a8cde6d75f1be0c Reviewed-on: https://go-review.googlesource.com/c/go/+/585437 Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Fixes #67065 Change-Id: I189e194de8aa94523eb64e1dd294a70cb81cbdf6 Reviewed-on: https://go-review.googlesource.com/c/go/+/585856 Auto-Submit: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Damien Neil <dneil@google.com>
During handshake, lift the message length limit, but only for certificate messages. Fixes #50773 Change-Id: Ida9d83f4219c4386ca71ed3ef72b22259665a187 Reviewed-on: https://go-review.googlesource.com/c/go/+/585402 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com>
Doing this because the slices functions are slightly faster and slightly easier to use. It also removes one dependency layer. This CL does not change packages that are used during bootstrap, as the bootstrap compiler does not have the required slices functions. It does not change the go/scanner package because the ErrorList Len, Swap, and Less methods are part of the Go 1 API. Change-Id: If52899be791c829198e11d2408727720b91ebe8a Reviewed-on: https://go-review.googlesource.com/c/go/+/587655 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Ian Lance Taylor <iant@google.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Commit-Queue: Ian Lance Taylor <iant@google.com> Reviewed-by: Damien Neil <dneil@google.com>
For #67401. Change-Id: Ifea84af92017b405466937f50fb8f28e6893c8cb Reviewed-on: https://go-review.googlesource.com/c/go/+/587220 Reviewed-by: Cherry Mui <cherryyz@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Russ Cox <rsc@golang.org>
Ignored these linknames which have not worked for a while: github.com/xtls/xray-core: context.newCancelCtx removed in CL 463999 (Feb 2023) github.com/u-root/u-root: funcPC removed in CL 513837 (Jul 2023) tinygo.org/x/drivers: net.useNetdev never existed For #67401. Change-Id: I9293f4ef197bb5552b431de8939fa94988a060ce Reviewed-on: https://go-review.googlesource.com/c/go/+/587576 Auto-Submit: Russ Cox <rsc@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This CL adds a (very opinionated) client-side ECH implementation. In particular, if a user configures a ECHConfigList, by setting the Config.EncryptedClientHelloConfigList, but we determine that none of the configs are appropriate, we will not fallback to plaintext SNI, and will instead return an error. It is then up to the user to decide if they wish to fallback to plaintext themselves (by removing the config list). Additionally if Config.EncryptedClientHelloConfigList is provided, we will not offer TLS support lower than 1.3, since negotiating any other version, while offering ECH, is a hard error anyway. Similarly, if a user wishes to fallback to plaintext SNI by using 1.2, they may do so by removing the config list. With regard to PSK GREASE, we match the boringssl behavior, which does not include PSK identities/binders in the outer hello when doing ECH. If the server rejects ECH, we will return a ECHRejectionError error, which, if provided by the server, will contain a ECHConfigList in the RetryConfigList field containing configs that should be used if the user wishes to retry. It is up to the user to replace their existing Config.EncryptedClientHelloConfigList with the retry config list. Fixes #63369 Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest Change-Id: I9bc373c044064221a647a388ac61624efd6bbdbf Reviewed-on: https://go-review.googlesource.com/c/go/+/578575 Reviewed-by: Ian Lance Taylor <iant@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Than McIntosh <thanm@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
A bad merge syncing before the submit of CL 587220 dropped these. (I forgot to write the file out.) For #67401. Change-Id: I6f2ba69f388907f3d24eeef55c80cbb2cf51f580 Reviewed-on: https://go-review.googlesource.com/c/go/+/587755 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Marten Seemann <martenseemann@gmail.com>
Add linknames for most modules with ≥50 dependents. Add linknames for a few other modules that we know are important but are below 50. Remove linknames from badlinkname.go that do not merit inclusion (very small number of dependents). We can add them back later if the need arises. Fixes #67401. (For now.) Change-Id: I1e49fec0292265256044d64b1841d366c4106002 Reviewed-on: https://go-review.googlesource.com/c/go/+/587756 Auto-Submit: Russ Cox <rsc@golang.org> TryBot-Bypass: Russ Cox <rsc@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com>
Change-Id: Ideb9ef00e7bc660b005fc080973fd9f3d36c5a1f Reviewed-on: https://go-review.googlesource.com/c/go/+/589536 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com> Run-TryBot: shuang cui <imcusg@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Ian Lance Taylor <iant@google.com> Reviewed-by: Ian Lance Taylor <iant@google.com>
Use the bogo JSON output format to make the test output more readable. Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest Change-Id: Ie1a67c6a031bc1d5d8b2cdfaf78d094a0967bc2a Reviewed-on: https://go-review.googlesource.com/c/go/+/587955 Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Use a stat to tell the test caching infrastructure that we care about the bogo config file. Change-Id: Iae2336bfc45cd6a9e73cb83a3b68ade8b4f23927 Reviewed-on: https://go-review.googlesource.com/c/go/+/589155 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com> Auto-Submit: Roland Shoemaker <roland@golang.org>
Just like for tls.Config.GetCertificate the http.Server.ServeTLS method should be checking tls.Config.GetConfigForClient before trying top open the specified certFile/keyFile. This was previously fixed for crypto/tls when using tls.Listen in CL205059, but the same change for net/http was missed. I've added a comment src/crypto/tls/tls.go in the relevant section in the hope that any future changes of a similar nature consider will consider updating net/http as needed as well. Change-Id: I312303bc497d92aa2f4627fe2620c70779cbcc99 GitHub-Last-Rev: 6ed29a900816a13690a9f3e26476d9bc1055a6f7 GitHub-Pull-Request: golang/go#66795 Reviewed-on: https://go-review.googlesource.com/c/go/+/578396 Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com>
The existing implementation logs some errors to the results file created in TestBogoSuite. This change would additionally log json errors to the results file. Change-Id: Ib1a6f612ed83f6c5046531ee259c4e85dd71402a Reviewed-on: https://go-review.googlesource.com/c/go/+/591379 Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Michael Pratt <mpratt@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
The existing implementation of bogo_shim_test does not support tests that use the expect-version flag. This change adds support for this flag. Updates #51434. Change-Id: Ie23fdb06d15ec0593ca58f28144e83f93ef7f200 Reviewed-on: https://go-review.googlesource.com/c/go/+/592635 Auto-Submit: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: David Chase <drchase@google.com>
There is no reason to go across a pipe when replaying a conn recording. This avoids the complexity of using localPipe and goroutines, and makes handshake benchmarks more accurate, as we don't measure network overhead. Also note how it removes the need for -fast: operating locally we know when the flow is over and can error out immediately, without waiting for a read from the feeder on the other side of the pipe to timeout. Avoids some noise in #67979, but doesn't fix the two root causes: localPipe flakes and testing.B races. Updates #67979 Change-Id: I153d3fa5a24847f3947823e8c3a7bc639f89bc1d Reviewed-on: https://go-review.googlesource.com/c/go/+/594255 Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Joedian Reid <joedian@google.com>
Go 1.23 adds two new events to QUICConns: QUICStoreSessionEvent and QUICResumeSessionEvent. We added a QUICConfig.EnableStoreSessionEvent flag to control whether the store-session event is provided or not, because receiving this event requires additional action from the caller: the session must be explicitly stored with QUICConn.StoreSession. We did not add a control for whether the resume-session event is provided, because this event requires no action and the caller is expected to ignore unknown events. However, we never documented the expectation that callers ignore unknown events, and quic-go produces an error when receiving an unexpected event. So change the EnableStoreSessionEvent flag to apply to both new events. Fixes #68124 For #63691 Change-Id: I84af487e52b3815f7b648e09884608f8915cd645 Reviewed-on: https://go-review.googlesource.com/c/go/+/594475 Reviewed-by: Marten Seemann <martenseemann@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
…ogo_shim_test The existing implementation of bogo_shim_test does not support tests which use the reject-alpn or the decline-alpn flag. This change adds support for these flags in bogo_shim_test. Updates #51434 Updates #46310 Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest Change-Id: I3ff23ff4edd8f4c6c37ee6c9f2ee4689066c4e00 Reviewed-on: https://go-review.googlesource.com/c/go/+/592198 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: David Chase <drchase@google.com> Auto-Submit: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
The existing implementation of bogo_shim_test does not support tests that use the expect-no-hrr flag. This change adds support for this flag. Updates #51434 Change-Id: Iadb38fc2262783cab144a7b52904d0443e7fc2c2 Reviewed-on: https://go-review.googlesource.com/c/go/+/594835 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Russell Webb <russell.webb@protonmail.com> Reviewed-by: Carlos Amedee <carlos@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org>
The existing implementation of bogo_shim_test does not support tests that use the -no-tls1, -no-tls11, or -no-tls12 flags. This change adds support for these flags. Updates #51434 Change-Id: I43eaea9f5ec6da6811b150630a7dde24d108017e Reviewed-on: https://go-review.googlesource.com/c/go/+/595775 Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Russell Webb <russell.webb@protonmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
The flakes were introduced by me in CL 586655. It's unclear why only FreeBSD seems affected, maybe other TCP stacks handle sending on a half-closed connection differently, or aren't as quick to propagate the RST over localhost. Updates #68155 Change-Id: I32a1b474a7d6531dbab93910c23568b867629e8c Reviewed-on: https://go-review.googlesource.com/c/go/+/602635 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>
Member
Author
|
990f526 changed the way clientHelloMsg caches. It will no longer update the cache throughout its functions and will not simply return the cached bytes when calling clientHelloMsg.marshal(). We depended on these to integrate our changes with upstream. I added back some of the affected functionalities for now, but as the changes diverge more in the future we may need to handle this differently. |
|
They also added ECH for client (I think server implementation coming in 1.24) 😃 |
Member
Author
|
@noorjs Thank you for pointing this out. I think utls should support ECH due to its relevance in censorship circumvention. I took a look and I think I'll break this up to a separate PR for ECH because it requires more substantial changes in our client hello marshaller. For now I have made sure it at least works using the |
|
@mingyech no problem and separate PR definitely makes sense here. ECH is becoming more relevant as its usage becomes more widespread, I was working on an ECH fork before I saw this PR, so if you need any help, feel free to reach out. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Go 1.23 added native support for X25519Kyber768Draft00. This PR replaces kyber implemented by cloudflare/go to standard library.